Merge commit from fork

* Security Fix: Added missing tag length validation

* Spec for tag size checking

---------

Co-authored-by: Sideni <[email protected]>

Author: anakinj

lib/jwe/enc/aes_gcm.rb

@@ -38,7 +38,11 @@ def setup_cipher(direction, auth_data)
         cipher.send(direction)
         cipher.key = cek
         cipher.iv = iv
-        cipher.auth_tag = tag if direction == :decrypt
+        if direction == :decrypt
+          raise JWE::InvalidData, 'Invalid ciphertext or authentication tag' unless tag.bytesize == 16
+
+          cipher.auth_tag = tag
+        end
         cipher.auth_data = auth_data
       end
 

spec/jwe/enc_spec.rb

@@ -130,6 +130,14 @@
           end
         end
 
+        context 'when the tag is not 16 bytes' do
+          it 'raises an error' do
+            enc = klass.new(key, group[:iv])
+            enc.tag = group[:tag][0...-1]
+            expect { enc.decrypt(group[:helloworld], '') }.to raise_error(JWE::InvalidData)
+          end
+        end
+
         context 'when the ciphertext is not valid' do
           it 'raises an error' do
             enc = klass.new(key, group[:iv])