Skip to content

Commit 7325e9a

Browse files
committed
use fixed authentication tag length of 16 octets in AES GCM decryption
see: cisco#125 Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
1 parent 96f8cb8 commit 7325e9a

File tree

2 files changed

+64
-0
lines changed

2 files changed

+64
-0
lines changed

Diff for: src/jwe.c

+6
Original file line numberDiff line numberDiff line change
@@ -1286,6 +1286,12 @@ static bool _cjose_jwe_decrypt_dat_aes_gcm(cjose_jwe_t *jwe, cjose_err *err)
12861286
goto _cjose_jwe_decrypt_dat_aes_gcm_fail;
12871287
}
12881288

1289+
if (jwe->enc_auth_tag.raw_len != 16)
1290+
{
1291+
CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
1292+
goto _cjose_jwe_decrypt_dat_aes_gcm_fail;
1293+
}
1294+
12891295
// set the expected GCM-mode authentication tag
12901296
if (EVP_CIPHER_CTX_ctrl(ctx, CJOSE_EVP_CTRL_GCM_SET_TAG, jwe->enc_auth_tag.raw_len, jwe->enc_auth_tag.raw) != 1)
12911297
{

Diff for: test/check_jwe.c

+58
Original file line numberDiff line numberDiff line change
@@ -967,6 +967,63 @@ START_TEST(test_cjose_jwe_decrypt_aes)
967967
}
968968
END_TEST
969969

970+
START_TEST(test_cjose_jwe_decrypt_aes_gcm)
971+
{
972+
cjose_err err;
973+
974+
const char *key = JWK_OCT_32;
975+
const char *plain1 = "Live long and prosper.";
976+
char *compact1 = "eyJhbGciOiAiZGlyIiwgImVuYyI6ICJBMjU2R0NNIn0..Du_9fxxV-zrReaWC.aS_rpokeuxkaPc2sykcQDCQuJCYoww.GpeKGEqd8KQ0v6JNea5aSA";
977+
char *compact2 = "eyJhbGciOiAiZGlyIiwgImVuYyI6ICJBMjU2R0NNIn0..Du_9fxxV-zrReaWC.aS_rpokeuxkaPc2sykcQDCQuJCYoww.Gp";
978+
979+
cjose_jwk_t *jwk = cjose_jwk_import(key, strlen(key), &err);
980+
ck_assert_msg(NULL != jwk,
981+
"cjose_jwk_import failed: "
982+
"%s, file: %s, function: %s, line: %ld",
983+
err.message, err.file, err.function, err.line);
984+
985+
cjose_jwe_t *jwe1 = cjose_jwe_import(compact1, strlen(compact1), &err);
986+
ck_assert_msg(NULL != jwe1,
987+
"cjose_jwe_import failed: "
988+
"%s, file: %s, function: %s, line: %ld",
989+
err.message, err.file, err.function, err.line);
990+
991+
uint8_t *plain2 = NULL;
992+
size_t plain2_len = 0;
993+
plain2 = cjose_jwe_decrypt(jwe1, jwk, &plain2_len, &err);
994+
ck_assert_msg(NULL != plain2,
995+
"cjose_jwe_decrypt failed: "
996+
"%s, file: %s, function: %s, line: %ld",
997+
err.message, err.file, err.function, err.line);
998+
999+
ck_assert_msg(plain2_len == strlen(plain1),
1000+
"length of decrypted plaintext does not match length of original, "
1001+
"expected: %lu, found: %lu",
1002+
strlen(plain1), plain2_len);
1003+
ck_assert_msg(strncmp(plain1, plain2, plain2_len) == 0, "decrypted plaintext does not match encrypted plaintext");
1004+
1005+
cjose_get_dealloc()(plain2);
1006+
cjose_jwe_release(jwe1);
1007+
1008+
cjose_jwe_t *jwe2 = cjose_jwe_import(compact2, strlen(compact2), &err);
1009+
ck_assert_msg(NULL != jwe2,
1010+
"cjose_jwe_import failed: "
1011+
"%s, file: %s, function: %s, line: %ld",
1012+
err.message, err.file, err.function, err.line);
1013+
1014+
uint8_t *plain3 = NULL;
1015+
size_t plain3_len = 0;
1016+
plain3 = cjose_jwe_decrypt(jwe2, jwk, &plain3_len, &err);
1017+
ck_assert_msg(NULL == plain3,
1018+
"cjose_jwe_decrypt succeeded where it should have failed: "
1019+
"%s, file: %s, function: %s, line: %ld",
1020+
err.message, err.file, err.function, err.line);
1021+
1022+
cjose_jwe_release(jwe2);
1023+
cjose_jwk_release(jwk);
1024+
}
1025+
END_TEST
1026+
9701027
START_TEST(test_cjose_jwe_decrypt_rsa)
9711028
{
9721029
struct cjose_jwe_decrypt_rsa
@@ -1373,6 +1430,7 @@ Suite *cjose_jwe_suite()
13731430
tcase_add_test(tc_jwe, test_cjose_jwe_self_encrypt_self_decrypt_large);
13741431
tcase_add_test(tc_jwe, test_cjose_jwe_self_encrypt_self_decrypt_many);
13751432
tcase_add_test(tc_jwe, test_cjose_jwe_decrypt_aes);
1433+
tcase_add_test(tc_jwe, test_cjose_jwe_decrypt_aes_gcm);
13761434
tcase_add_test(tc_jwe, test_cjose_jwe_decrypt_rsa);
13771435
tcase_add_test(tc_jwe, test_cjose_jwe_encrypt_with_bad_header);
13781436
tcase_add_test(tc_jwe, test_cjose_jwe_encrypt_with_bad_key);

0 commit comments

Comments
 (0)