Skip to content

Commit

Permalink
jwe: fix A*GCMKW to check the key iv/tag rather than content
Browse files Browse the repository at this point in the history
This was an oversight in the initial implementation -- originally I did
not have the separate iv/keyiv, and when I added keyiv, forgot to update
the checks.
  • Loading branch information
imirkin committed Dec 15, 2020
1 parent 8c6eb7a commit 71483b1
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 6 deletions.
8 changes: 4 additions & 4 deletions jwe/decrypt.go
Original file line number Diff line number Diff line change
Expand Up @@ -224,11 +224,11 @@ func (d *Decrypter) decryptSymmetricKey(recipientKey, cek []byte) ([]byte, error
if pdebug.Enabled {
pdebug.Printf("cek len = %d", len(cek))
}
if len(d.iv) != 12 {
return nil, errors.Errorf("GCM requires 96-bit iv, got %d", len(d.iv)*8)
if len(d.keyiv) != 12 {
return nil, errors.Errorf("GCM requires 96-bit iv, got %d", len(d.keyiv)*8)
}
if len(d.tag) != 16 {
return nil, errors.Errorf("GCM requires 128-bit tag, got %d", len(d.tag)*8)
if len(d.keytag) != 16 {
return nil, errors.Errorf("GCM requires 128-bit tag, got %d", len(d.keytag)*8)
}
block, err := aes.NewCipher(cek)
if err != nil {
Expand Down
4 changes: 2 additions & 2 deletions jwx_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -179,9 +179,9 @@ func TestJoseCompatibility(t *testing.T) {
{jwa.A256KW, jwa.A256GCM},
{jwa.A256KW, jwa.A256CBC_HS512},
{jwa.A128GCMKW, jwa.A128GCM},
// {jwa.A128GCMKW, jwa.A128CBC_HS256},
{jwa.A128GCMKW, jwa.A128CBC_HS256},
{jwa.A256GCMKW, jwa.A256GCM},
// {jwa.A256GCMKW, jwa.A256CBC_HS512},
{jwa.A256GCMKW, jwa.A256CBC_HS512},
{jwa.PBES2_HS256_A128KW, jwa.A128GCM},
{jwa.PBES2_HS256_A128KW, jwa.A128CBC_HS256},
{jwa.PBES2_HS512_A256KW, jwa.A256GCM},
Expand Down

0 comments on commit 71483b1

Please sign in to comment.