Skip to content

Commit

Permalink
jwe: remove odd doubling/halving
Browse files Browse the repository at this point in the history
The aescbc implementation already reports an appropriate key size to
take the HMAC into account. This doubling can, in some cases, cause a
64-byte AES cipher to be requested. Remove it.

This allows jose interop to work in the previously commented out case.
Add some more in as well to cover some of the options.
  • Loading branch information
imirkin committed Dec 15, 2020
1 parent c305fbf commit a1e4993
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 23 deletions.
8 changes: 1 addition & 7 deletions jwe/internal/content_crypt/content_crypt.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,16 +48,10 @@ func NewGeneric(alg jwa.ContentEncryptionAlgorithm) (*Generic, error) {
pdebug.Printf("AES Crypt: cipher.keysize = %d", c.KeySize())
}

keysize := c.KeySize()
switch alg {
case jwa.A128GCM, jwa.A192GCM, jwa.A256GCM:
case jwa.A128CBC_HS256, jwa.A192CBC_HS384, jwa.A256CBC_HS512:
keysize = keysize * 2
}
return &Generic{
alg: alg,
cipher: c,
keysize: keysize,
keysize: c.KeySize(),
tagsize: 16,
}, nil
}
Expand Down
4 changes: 2 additions & 2 deletions jwe/jwe.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ func Encrypt(payload []byte, keyalg jwa.KeyEncryptionAlgorithm, key interface{},
if err != nil {
return nil, errors.Wrap(err, "failed to create RSA PKCS encrypter")
}
keysize = contentcrypt.KeySize() / 2
keysize = contentcrypt.KeySize()
case jwa.RSA_OAEP, jwa.RSA_OAEP_256:
var pubkey rsa.PublicKey
if err := keyconv.RSAPublicKey(&pubkey, key); err != nil {
Expand All @@ -56,7 +56,7 @@ func Encrypt(payload []byte, keyalg jwa.KeyEncryptionAlgorithm, key interface{},
if err != nil {
return nil, errors.Wrap(err, "failed to create RSA OAEP encrypter")
}
keysize = contentcrypt.KeySize() / 2
keysize = contentcrypt.KeySize()
case jwa.A128KW, jwa.A192KW, jwa.A256KW,
jwa.A128GCMKW, jwa.A192GCMKW, jwa.A256GCMKW,
jwa.PBES2_HS256_A128KW, jwa.PBES2_HS384_A192KW, jwa.PBES2_HS512_A256KW:
Expand Down
12 changes: 0 additions & 12 deletions jwe/jwe_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -416,18 +416,6 @@ func TestEncode_ECDH(t *testing.T) {
}
}

func Test_A256KW_A256CBC_HS512(t *testing.T) {
var keysize = 32
var key = make([]byte, keysize)
for i := 0; i < keysize; i++ {
key[i] = byte(i)
}
_, err := jwe.Encrypt([]byte(examplePayload), jwa.A256KW, key, jwa.A256CBC_HS512, jwa.NoCompress)
if !assert.Error(t, err, "should fail to encrypt payload") {
return
}
}

func Test_GHIssue207(t *testing.T) {
// XXX for ECDH-ES
// Remove the t.SkipNow()
Expand Down
11 changes: 9 additions & 2 deletions jwx_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -160,9 +160,16 @@ func TestJoseCompatibility(t *testing.T) {
})
t.Run("jwe", func(t *testing.T) {
tests := []interopTest{
// interopTest{jwa.RSA_OAEP, jwa.A128GCM},
{jwa.RSA1_5, jwa.A128GCM},
{jwa.RSA1_5, jwa.A128CBC_HS256},
{jwa.RSA1_5, jwa.A256CBC_HS512},
{jwa.RSA_OAEP, jwa.A128GCM},
{jwa.RSA_OAEP, jwa.A128CBC_HS256},
// interopTest{jwa.ECDH_ES, jwa.A256CBC_HS512},
{jwa.RSA_OAEP, jwa.A256CBC_HS512},
{jwa.RSA_OAEP_256, jwa.A128GCM},
{jwa.RSA_OAEP_256, jwa.A128CBC_HS256},
{jwa.RSA_OAEP_256, jwa.A256CBC_HS512},
// {jwa.ECDH_ES, jwa.A256CBC_HS512},
{jwa.ECDH_ES_A128KW, jwa.A128GCM},
{jwa.A256GCMKW, jwa.A256GCM},
{jwa.PBES2_HS512_A256KW, jwa.A256GCM},
Expand Down

0 comments on commit a1e4993

Please sign in to comment.