Skip to content
Permalink
Browse files Browse the repository at this point in the history
one more hash_equals, and better CEK decryption error handling
  • Loading branch information
nov committed Aug 30, 2016
1 parent 368fa80 commit f03b986
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions src/JOSE/JWE.php
Expand Up @@ -168,6 +168,8 @@ private function encryptContentEncryptionKey($public_key_or_secret) {
}

private function decryptContentEncryptionKey($private_key_or_secret) {
$this->generateContentEncryptionKey(null); # NOTE: run this always not to make timing difference
$fake_content_encryption_key = $this->content_encryption_key;
switch ($this->header['alg']) {
case 'RSA1_5':
$rsa = $this->rsa($private_key_or_secret, RSA::ENCRYPTION_PKCS1);
Expand All @@ -194,7 +196,7 @@ private function decryptContentEncryptionKey($private_key_or_secret) {
# Not to disclose timing difference between CEK decryption error and others.
# Mitigating Bleichenbacher Attack on PKCS#1 v1.5
# ref.) http://inaz2.hatenablog.com/entry/2016/01/26/222303
$this->generateContentEncryptionKey(null);
$this->content_encryption_key = $fake_content_encryption_key;
}
}

Expand Down Expand Up @@ -282,7 +284,7 @@ private function calculateAuthenticationTagCBC($sha_size) {
}

private function checkAuthenticationTag() {
if ($this->authentication_tag === $this->calculateAuthenticationTag()) {
if (hash_equals($this->authentication_tag, $this->calculateAuthenticationTag())) {
return true;
} else {
throw new JOSE_Exception_UnexpectedAlgorithm('Invalid authentication tag');
Expand Down

0 comments on commit f03b986

Please sign in to comment.