From 71483b137faa788132bb580fe3a7fc33972ad308 Mon Sep 17 00:00:00 2001 From: Ilia Mirkin Date: Tue, 15 Dec 2020 00:30:26 -0500 Subject: [PATCH] jwe: fix A*GCMKW to check the key iv/tag rather than content This was an oversight in the initial implementation -- originally I did not have the separate iv/keyiv, and when I added keyiv, forgot to update the checks. --- jwe/decrypt.go | 8 ++++---- jwx_test.go | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/jwe/decrypt.go b/jwe/decrypt.go index 8566b876e..9831e3838 100644 --- a/jwe/decrypt.go +++ b/jwe/decrypt.go @@ -224,11 +224,11 @@ func (d *Decrypter) decryptSymmetricKey(recipientKey, cek []byte) ([]byte, error if pdebug.Enabled { pdebug.Printf("cek len = %d", len(cek)) } - if len(d.iv) != 12 { - return nil, errors.Errorf("GCM requires 96-bit iv, got %d", len(d.iv)*8) + if len(d.keyiv) != 12 { + return nil, errors.Errorf("GCM requires 96-bit iv, got %d", len(d.keyiv)*8) } - if len(d.tag) != 16 { - return nil, errors.Errorf("GCM requires 128-bit tag, got %d", len(d.tag)*8) + if len(d.keytag) != 16 { + return nil, errors.Errorf("GCM requires 128-bit tag, got %d", len(d.keytag)*8) } block, err := aes.NewCipher(cek) if err != nil { diff --git a/jwx_test.go b/jwx_test.go index f6d633ed3..c31645aff 100644 --- a/jwx_test.go +++ b/jwx_test.go @@ -179,9 +179,9 @@ func TestJoseCompatibility(t *testing.T) { {jwa.A256KW, jwa.A256GCM}, {jwa.A256KW, jwa.A256CBC_HS512}, {jwa.A128GCMKW, jwa.A128GCM}, - // {jwa.A128GCMKW, jwa.A128CBC_HS256}, + {jwa.A128GCMKW, jwa.A128CBC_HS256}, {jwa.A256GCMKW, jwa.A256GCM}, - // {jwa.A256GCMKW, jwa.A256CBC_HS512}, + {jwa.A256GCMKW, jwa.A256CBC_HS512}, {jwa.PBES2_HS256_A128KW, jwa.A128GCM}, {jwa.PBES2_HS256_A128KW, jwa.A128CBC_HS256}, {jwa.PBES2_HS512_A256KW, jwa.A256GCM},