lib/jwe/enc/aes_cbc_hs.rb in jwe-0.1.1 vs lib/jwe/enc/aes_cbc_hs.rb in jwe-0.2.0
- old
+ new
@@ -16,11 +16,11 @@
cipher.encrypt
cipher.key = enc_key
cipher.iv = iv
ciphertext = cipher.update(cleartext) + cipher.final
- length = [ciphertext.length * 8].pack('Q>') # 64bit big endian
+ length = [authenticated_data.length * 8].pack('Q>') # 64bit big endian
to_sign = authenticated_data + iv + ciphertext + length
signature = OpenSSL::HMAC.digest(OpenSSL::Digest.new(hash_name), mac_key, to_sign)
self.tag = signature[0...mac_key.length]
@@ -28,10 +28,10 @@
end
def decrypt(ciphertext, authenticated_data)
raise JWE::BadCEK.new("The supplied key is invalid. Required length: #{key_length}") if cek.length != key_length
- length = [ciphertext.length * 8].pack('Q>') # 64bit big endian
+ length = [authenticated_data.length * 8].pack('Q>') # 64bit big endian
to_sign = authenticated_data + iv + ciphertext + length
signature = OpenSSL::HMAC.digest(OpenSSL::Digest.new(hash_name), mac_key, to_sign)
if signature[0...mac_key.length] != tag
raise JWE::InvalidData.new('Authentication tag verification failed')
end