JWE generation using A128CBC_HS256 produces the wrong length authentication tag

[awardle]

RFC 7518 JSON Web Algothrims specify that the authentication tag should be truncated to the first 16 octets.

The AES_CBC_HMAC_SHA2 parameters specific to AES_128_CBC_HMAC_SHA_256 are: The input key K is 32 octets long. ENC_KEY_LEN is 16 octets. MAC_KEY_LEN is 16 octets. The SHA-256 hash algorithm is used for the HMAC. The HMAC-SHA-256 output is truncated to T_LEN=16 octets, by stripping off the final 16 octets.

However when JWE tokens are generated the full 32 octets generated by HMAC SHA256 are being appended. This is generating invalid tokens.

[ycrumeyrolle]

Fixed in v1.7. Also added some missing tests with rfc7518 test vectors.