jwe auth token not compatible with other java libraries
himangshuj opened this issue · 11 comments
I am trying out jwe with {:alg :rsa-oaep-256 :enc :a256cbc-hs512}. It works only if the client and server both use buddy to perform encryption. But if I am using some other library, it does not. I tried with
https://bitbucket.org/connect2id/nimbus-jose-jwt/wiki/Home and https://bitbucket.org/b_c/jose4j/wiki/Home. In both the cases, the cipher is fine, but the auth tag is not compatible. On the other hand, the token generated by jose4j works with nimbus-jose-jwt.
On digging further, the auth token generator seems to be culprit
buddy code
(defn- generate-authtag
[{:keys [algorithm input authkey iv aad] :as params}]
(let [al (if aad
(aad->bytes aad)
(byte-array 0))
data (bytes/concat aad iv input al)
fulltag (mac/hash data {:key authkey :alg :hmac :digest algorithm})
truncatesize (quot (count fulltag) 2)]
(bytes/slice fulltag 0 truncatesize)))
nimbus code
byte[] al = AAD.computeLength(aad);
// Do MAC
int hmacInputLength = aad.length + iv.length + cipherText.length + al.length;
byte[] hmacInput = ByteBuffer.allocate(hmacInputLength).put(aad).put(iv).put(cipherText).put(al).array();
byte[] hmac = HMAC.compute(compositeKey.getMACKey(), hmacInput, macProvider);
byte[] authTag = Arrays.copyOf(hmac, compositeKey.getTruncatedMACByteLength());
jose4j code
Mac mac = MacUtil.getInitializedMac(this.getHmacJavaAlgorithm(), hmacKey, macProvider);
byte[] al = this.getAdditionalAuthenticatedDataLengthBytes(aad);
byte[] authenticationTagInput = ByteUtil.concat(new byte[][]{aad, iv, cipherText, al});
byte[] authenticationTag = mac.doFinal(authenticationTagInput);
authenticationTag = ByteUtil.subArray(authenticationTag, 0, this.getTagTruncationLength());
Thanks.
Seems like this is not related to buddy-core, it should go into the buddy-sign repository.
I'll try to do some research on this point, but would be awesome have some test case for that.
@niwinz Will try to create a test gist for this. I put this in buddy core because generate-authtag was present in core. Please letme know if this is the right place to post the test case or should it put in buddy-sign
the test case should go in buddy-sign if thar is only can be tested with jwe interface, but if it can be tested just with low level crypto primitives, then it should go here (in this repo).
(I'm also currently researching this problem at this moment but I still not found nothing)
I think is not directly related to the generate-authtag function, I'm currently can reproduce that the with {:alg :dir :enc :a128gcm} buddy can not read properly nimbus encoded token, but I don't understand why, because I have revised the code and them are doing the same thing...
Its related to authtag. I ran the code in debugger. I am able to decrypt the cipher text but auth tag is not getting matched. I will try to create a test gist by tomorrow. I think it will help you debug
Yeah, is related to authtag but not with generate-authtag function explictly, because aes128gcm does not uses that function and also fails.
Would be awesome have that test case! Thanks for your time.
@himangshuj I found the error and the solution, so no additional test case is needed.
@niwinz waiting for the commit so that i can use it
I'm just doing some additional changes and improvements to the code, and I'll release soon it ;)
Is already fixed in the master on buddy-sign (was buddy-sign issue and not buddy-core :P)
Added interop tests with nimbus-jose library and released a new version. Please check if this issue is solved with that.