jose - npm Package Compare versions

Comparing version 5.2.2 to 5.2.3

dist/browser/jwe/flattened/encrypt.js

 import { encode as base64url } from '../../runtime/base64url.js';
 import encrypt from '../../runtime/encrypt.js';
-import generateIv from '../../lib/iv.js';
 import encryptKeyManagement from '../../lib/encrypt_key_management.js';
@@ -87,12 +86,5 @@ import { JOSENotSupported, JWEInvalid } from '../../util/errors.js';
         let encryptedKey;
-        if (alg === 'dir') {
-            if (this._cek) {
-                throw new TypeError('setContentEncryptionKey cannot be called when using Direct Encryption');
-            }
+        if (this._cek && (alg === 'dir' || alg === 'ECDH-ES')) {
+            throw new TypeError(`setContentEncryptionKey cannot be called with JWE "alg" (Algorithm) Header ${alg}`);
         }
-        else if (alg === 'ECDH-ES') {
-            if (this._cek) {
-                throw new TypeError('setContentEncryptionKey cannot be called when using Direct Key Agreement');
-            }
-        }
         let cek;
@@ -121,3 +113,2 @@ {
         }
-        this._iv || (this._iv = generateIv(enc));
         let additionalData;
@@ -139,8 +130,12 @@ let protectedHeader;
         }
-        const { ciphertext, tag } = await encrypt(enc, this._plaintext, cek, this._iv, additionalData);
+        const { ciphertext, tag, iv } = await encrypt(enc, this._plaintext, cek, this._iv, additionalData);
         const jwe = {
             ciphertext: base64url(ciphertext),
-            iv: base64url(this._iv),
-            tag: base64url(tag),
         };
+        if (iv) {
+            jwe.iv = base64url(iv);
+        }
+        if (tag) {
+            jwe.tag = base64url(tag);
+        }
         if (encryptedKey) {
@@ -147,0 +142,0 @@ jwe.encrypted_key = base64url(encryptedKey);

dist/browser/jwks/remote.js

@@ -12,3 +12,3 @@ import fetchJwks from '../runtime/fetch_jwks.js';
     const NAME = 'jose';
-    const VERSION = 'v5.2.2';
+    const VERSION = 'v5.2.3';
     USER_AGENT = `${NAME}/${VERSION}`;
@@ -15,0 +15,0 @@ }

dist/browser/lib/aesgcmkw.js

 import encrypt from '../runtime/encrypt.js';
 import decrypt from '../runtime/decrypt.js';
-import generateIv from './iv.js';
 import { encode as base64url } from '../runtime/base64url.js';
 export async function wrap(alg, key, cek, iv) {
     const jweAlgorithm = alg.slice(0, 7);
-    iv || (iv = generateIv(jweAlgorithm));
-    const { ciphertext: encryptedKey, tag } = await encrypt(jweAlgorithm, cek, key, iv, new Uint8Array(0));
-    return { encryptedKey, iv: base64url(iv), tag: base64url(tag) };
+    const wrapped = await encrypt(jweAlgorithm, cek, key, iv, new Uint8Array(0));
+    return {
+        encryptedKey: wrapped.ciphertext,
+        iv: base64url(wrapped.iv),
+        tag: base64url(wrapped.tag),
+    };
 }
@@ -11,0 +13,0 @@ export async function unwrap(alg, key, encryptedKey, iv, tag) {

dist/browser/lib/validate_crit.js

 import { JOSENotSupported } from '../util/errors.js';
 function validateCrit(Err, recognizedDefault, recognizedOption, protectedHeader, joseHeader) {
-    if (joseHeader.crit !== undefined && protectedHeader.crit === undefined) {
+    if (joseHeader.crit !== undefined && protectedHeader?.crit === undefined) {
         throw new Err('"crit" (Critical) Header Parameter MUST be integrity protected');
@@ -5,0 +5,0 @@ }

dist/browser/runtime/encrypt.js

@@ -7,2 +7,3 @@ import { concat, uint64be } from '../lib/buffer_utils.js';
 import invalidKeyInput from '../lib/invalid_key_input.js';
+import generateIv from '../lib/iv.js';
 import { JOSENotSupported } from '../util/errors.js';
@@ -26,3 +27,3 @@ import { types } from './is_key_like.js';
     const tag = new Uint8Array((await crypto.subtle.sign('HMAC', macKey, macData)).slice(0, keySize >> 3));
-    return { ciphertext, tag };
+    return { ciphertext, tag, iv };
 }
@@ -46,3 +47,3 @@ async function gcmEncrypt(enc, plaintext, cek, iv, aad) {
     const ciphertext = encrypted.slice(0, -16);
-    return { ciphertext, tag };
+    return { ciphertext, tag, iv };
 }
@@ -53,3 +54,8 @@ const encrypt = async (enc, plaintext, cek, iv, aad) => {
     }
-    checkIvLength(enc, iv);
+    if (iv) {
+        checkIvLength(enc, iv);
+    }
+    else {
+        iv = generateIv(enc);
+    }
     switch (enc) {
@@ -59,4 +65,5 @@ case 'A128CBC-HS256':
         case 'A256CBC-HS512':
-            if (cek instanceof Uint8Array)
+            if (cek instanceof Uint8Array) {
                 checkCekLength(cek, parseInt(enc.slice(-3), 10));
+            }
             return cbcEncrypt(enc, plaintext, cek, iv, aad);
@@ -66,4 +73,5 @@ case 'A128GCM':
         case 'A256GCM':
-            if (cek instanceof Uint8Array)
+            if (cek instanceof Uint8Array) {
                 checkCekLength(cek, parseInt(enc.slice(1, 4), 10));
+            }
             return gcmEncrypt(enc, plaintext, cek, iv, aad);
@@ -70,0 +78,0 @@ default:

dist/node/cjs/jwe/flattened/encrypt.js

@@ -6,3 +6,2 @@ "use strict";
 const encrypt_js_1 = require("../../runtime/encrypt.js");
-const iv_js_1 = require("../../lib/iv.js");
 const encrypt_key_management_js_1 = require("../../lib/encrypt_key_management.js");
@@ -99,12 +98,5 @@ const errors_js_1 = require("../../util/errors.js");
         let encryptedKey;
-        if (alg === 'dir') {
-            if (this._cek) {
-                throw new TypeError('setContentEncryptionKey cannot be called when using Direct Encryption');
-            }
+        if (this._cek && (alg === 'dir' || alg === 'ECDH-ES')) {
+            throw new TypeError(`setContentEncryptionKey cannot be called with JWE "alg" (Algorithm) Header ${alg}`);
         }
-        else if (alg === 'ECDH-ES') {
-            if (this._cek) {
-                throw new TypeError('setContentEncryptionKey cannot be called when using Direct Key Agreement');
-            }
-        }
         let cek;
@@ -133,3 +125,2 @@ {
         }
-        this._iv ||= (0, iv_js_1.default)(enc);
         let additionalData;
@@ -151,8 +142,12 @@ let protectedHeader;
         }
-        const { ciphertext, tag } = await (0, encrypt_js_1.default)(enc, this._plaintext, cek, this._iv, additionalData);
+        const { ciphertext, tag, iv } = await (0, encrypt_js_1.default)(enc, this._plaintext, cek, this._iv, additionalData);
         const jwe = {
             ciphertext: (0, base64url_js_1.encode)(ciphertext),
-            iv: (0, base64url_js_1.encode)(this._iv),
-            tag: (0, base64url_js_1.encode)(tag),
         };
+        if (iv) {
+            jwe.iv = (0, base64url_js_1.encode)(iv);
+        }
+        if (tag) {
+            jwe.tag = (0, base64url_js_1.encode)(tag);
+        }
         if (encryptedKey) {
@@ -159,0 +154,0 @@ jwe.encrypted_key = (0, base64url_js_1.encode)(encryptedKey);

dist/node/cjs/jwks/remote.js

@@ -15,3 +15,3 @@ "use strict";
     const NAME = 'jose';
-    const VERSION = 'v5.2.2';
+    const VERSION = 'v5.2.3';
     USER_AGENT = `${NAME}/${VERSION}`;
@@ -18,0 +18,0 @@ }

dist/node/cjs/lib/aesgcmkw.js

@@ -6,9 +6,11 @@ "use strict";
 const decrypt_js_1 = require("../runtime/decrypt.js");
-const iv_js_1 = require("./iv.js");
 const base64url_js_1 = require("../runtime/base64url.js");
 async function wrap(alg, key, cek, iv) {
     const jweAlgorithm = alg.slice(0, 7);
-    iv ||= (0, iv_js_1.default)(jweAlgorithm);
-    const { ciphertext: encryptedKey, tag } = await (0, encrypt_js_1.default)(jweAlgorithm, cek, key, iv, new Uint8Array(0));
-    return { encryptedKey, iv: (0, base64url_js_1.encode)(iv), tag: (0, base64url_js_1.encode)(tag) };
+    const wrapped = await (0, encrypt_js_1.default)(jweAlgorithm, cek, key, iv, new Uint8Array(0));
+    return {
+        encryptedKey: wrapped.ciphertext,
+        iv: (0, base64url_js_1.encode)(wrapped.iv),
+        tag: (0, base64url_js_1.encode)(wrapped.tag),
+    };
 }
@@ -15,0 +17,0 @@ exports.wrap = wrap;

dist/node/cjs/lib/validate_crit.js

@@ -5,3 +5,3 @@ "use strict";
 function validateCrit(Err, recognizedDefault, recognizedOption, protectedHeader, joseHeader) {
-    if (joseHeader.crit !== undefined && protectedHeader.crit === undefined) {
+    if (joseHeader.crit !== undefined && protectedHeader?.crit === undefined) {
         throw new Err('"crit" (Critical) Header Parameter MUST be integrity protected');
@@ -8,0 +8,0 @@ }

dist/node/cjs/runtime/encrypt.js

@@ -12,2 +12,3 @@ "use strict";
 const invalid_key_input_js_1 = require("../lib/invalid_key_input.js");
+const iv_js_1 = require("../lib/iv.js");
 const errors_js_1 = require("../util/errors.js");
@@ -31,3 +32,3 @@ const ciphers_js_1 = require("./ciphers.js");
     const tag = (0, cbc_tag_js_1.default)(aad, iv, ciphertext, macSize, macKey, keySize);
-    return { ciphertext, tag };
+    return { ciphertext, tag, iv };
 }
@@ -47,3 +48,3 @@ function gcmEncrypt(enc, plaintext, cek, iv, aad) {
     const tag = cipher.getAuthTag();
-    return { ciphertext, tag };
+    return { ciphertext, tag, iv };
 }
@@ -63,3 +64,8 @@ const encrypt = (enc, plaintext, cek, iv, aad) => {
     (0, check_cek_length_js_1.default)(enc, key);
-    (0, check_iv_length_js_1.default)(enc, iv);
+    if (iv) {
+        (0, check_iv_length_js_1.default)(enc, iv);
+    }
+    else {
+        iv = (0, iv_js_1.default)(enc);
+    }
     switch (enc) {
@@ -66,0 +72,0 @@ case 'A128CBC-HS256':

dist/node/esm/jwe/flattened/encrypt.js

 import { encode as base64url } from '../../runtime/base64url.js';
 import encrypt from '../../runtime/encrypt.js';
-import generateIv from '../../lib/iv.js';
 import encryptKeyManagement from '../../lib/encrypt_key_management.js';
@@ -95,12 +94,5 @@ import { JOSENotSupported, JWEInvalid } from '../../util/errors.js';
         let encryptedKey;
-        if (alg === 'dir') {
-            if (this._cek) {
-                throw new TypeError('setContentEncryptionKey cannot be called when using Direct Encryption');
-            }
+        if (this._cek && (alg === 'dir' || alg === 'ECDH-ES')) {
+            throw new TypeError(`setContentEncryptionKey cannot be called with JWE "alg" (Algorithm) Header ${alg}`);
         }
-        else if (alg === 'ECDH-ES') {
-            if (this._cek) {
-                throw new TypeError('setContentEncryptionKey cannot be called when using Direct Key Agreement');
-            }
-        }
         let cek;
@@ -129,3 +121,2 @@ {
         }
-        this._iv ||= generateIv(enc);
         let additionalData;
@@ -147,8 +138,12 @@ let protectedHeader;
         }
-        const { ciphertext, tag } = await encrypt(enc, this._plaintext, cek, this._iv, additionalData);
+        const { ciphertext, tag, iv } = await encrypt(enc, this._plaintext, cek, this._iv, additionalData);
         const jwe = {
             ciphertext: base64url(ciphertext),
-            iv: base64url(this._iv),
-            tag: base64url(tag),
         };
+        if (iv) {
+            jwe.iv = base64url(iv);
+        }
+        if (tag) {
+            jwe.tag = base64url(tag);
+        }
         if (encryptedKey) {
@@ -155,0 +150,0 @@ jwe.encrypted_key = base64url(encryptedKey);

dist/node/esm/jwks/remote.js

@@ -12,3 +12,3 @@ import fetchJwks from '../runtime/fetch_jwks.js';
     const NAME = 'jose';
-    const VERSION = 'v5.2.2';
+    const VERSION = 'v5.2.3';
     USER_AGENT = `${NAME}/${VERSION}`;
@@ -15,0 +15,0 @@ }

dist/node/esm/lib/aesgcmkw.js

 import encrypt from '../runtime/encrypt.js';
 import decrypt from '../runtime/decrypt.js';
-import generateIv from './iv.js';
 import { encode as base64url } from '../runtime/base64url.js';
 export async function wrap(alg, key, cek, iv) {
     const jweAlgorithm = alg.slice(0, 7);
-    iv ||= generateIv(jweAlgorithm);
-    const { ciphertext: encryptedKey, tag } = await encrypt(jweAlgorithm, cek, key, iv, new Uint8Array(0));
-    return { encryptedKey, iv: base64url(iv), tag: base64url(tag) };
+    const wrapped = await encrypt(jweAlgorithm, cek, key, iv, new Uint8Array(0));
+    return {
+        encryptedKey: wrapped.ciphertext,
+        iv: base64url(wrapped.iv),
+        tag: base64url(wrapped.tag),
+    };
 }
@@ -11,0 +13,0 @@ export async function unwrap(alg, key, encryptedKey, iv, tag) {

dist/node/esm/lib/validate_crit.js

 import { JOSENotSupported } from '../util/errors.js';
 function validateCrit(Err, recognizedDefault, recognizedOption, protectedHeader, joseHeader) {
-    if (joseHeader.crit !== undefined && protectedHeader.crit === undefined) {
+    if (joseHeader.crit !== undefined && protectedHeader?.crit === undefined) {
         throw new Err('"crit" (Critical) Header Parameter MUST be integrity protected');
@@ -5,0 +5,0 @@ }

dist/node/esm/runtime/encrypt.js

@@ -10,2 +10,3 @@ import { createCipheriv, KeyObject } from 'node:crypto';
 import invalidKeyInput from '../lib/invalid_key_input.js';
+import generateIv from '../lib/iv.js';
 import { JOSENotSupported } from '../util/errors.js';
@@ -29,3 +30,3 @@ import supported from './ciphers.js';
     const tag = cbcTag(aad, iv, ciphertext, macSize, macKey, keySize);
-    return { ciphertext, tag };
+    return { ciphertext, tag, iv };
 }
@@ -45,3 +46,3 @@ function gcmEncrypt(enc, plaintext, cek, iv, aad) {
     const tag = cipher.getAuthTag();
-    return { ciphertext, tag };
+    return { ciphertext, tag, iv };
 }
@@ -61,3 +62,8 @@ const encrypt = (enc, plaintext, cek, iv, aad) => {
     checkCekLength(enc, key);
-    checkIvLength(enc, iv);
+    if (iv) {
+        checkIvLength(enc, iv);
+    }
+    else {
+        iv = generateIv(enc);
+    }
     switch (enc) {
@@ -64,0 +70,0 @@ case 'A128CBC-HS256':

package.json

 {
   "name": "jose",
-  "version": "5.2.2",
+  "version": "5.2.3",
   "description": "JWA, JWS, JWE, JWT, JWK, JWKS for Node.js, Browser, Cloudflare Workers, Deno, Bun, and other Web-interoperable runtimes",
@@ -5,0 +5,0 @@ "keywords": [

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Lines of code

12502

increased by0.09%

Worsened metrics

Total package byte prevSize

504606

decreased by-0.08%

No dependency changes