fix: defer AES CBC w/ HMAC decryption after tag verification passes

panva · Apr 9, 2021 · 08e1bc5 · 08e1bc5
1 parent 9a8404a
commit 08e1bc5
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/lib/jwa/aes_cbc_hmac_sha2.js b/lib/jwa/aes_cbc_hmac_sha2.js
@@ -44,13 +44,17 @@ const decrypt = (size, sign, { [KEYOBJECT]: keyObject }, ciphertext, { iv, tag =
   const expectedTag = sign({ [KEYOBJECT]: macKey }, macData, tag).slice(0, keySize)
   const macCheckPassed = timingSafeEqual(tag, expectedTag)
 
+  if (!macCheckPassed) {
+    throw new JWEDecryptionFailed()
+  }
+
   let cleartext
   try {
     const cipher = createDecipheriv(`aes-${size}-cbc`, encKey, iv)
     cleartext = Buffer.concat([cipher.update(ciphertext), cipher.final()])
   } catch (err) {}
 
-  if (!cleartext || !macCheckPassed) {
+  if (!cleartext) {
     throw new JWEDecryptionFailed()
   }