Use correct iv size (#281)

[jkamp-aws]

Use a 12 byte IV for GCM based algorithms and 16 byte IV for CBC based ones. This makes a JWE compatible with other libraries based on OpenSSL which can only use a 12 byte IV for GCM.

[floxay]

Would be nice if this could be merged as it fixes #281, @mpdavis?

[mikhaililin21027]

Very nice

[mikhaililin21027]

Please fix it, this problem is very annoying

[TBoshoven]

Confirming this issue is preventing validation of generated JWEs for non-CBC algorithms.

[twwildey]

Folks - is there a concern for resolving this issue?

I've opened the following issue for jose here: panva/jose#678

However, the primary maintainer of that package (who also opened this issue) has identified that python-jose is not following the RFC spec for JWE. It seems like this package should follow the specification. If there is no concern for following the JWE spec to adhere to the IV length requirements for AES GCM modes, can we merge this?

There are only two block cipher modes supported in backends/cryptography_backend.py today: https://github.com/twwildey/python-jose/blob/master/jose/backends/cryptography_backend.py#L424

As such, this change should be safe to merge. Can we please illustrate our concerns/problems so that this can be fixed promptly?

(This replicates my comment from #281 here)

[twwildey]

@panva @mikhaililin21027 Any advice on how we can fix these linting issues that are blocking a merge?

[panva]

Any advice on how we can fix these linting issues that are blocking a merge?

I'm not a maintainer here.

[twwildey]

I've created another PR with an equivalent change: #355

[twwildey]

I have merged changes from the other PR. As such, I am closing this PR in favor of #355.