Comparing version 5.2.2 to 5.2.3
import { encode as base64url } from '../../runtime/base64url.js'; | ||
import encrypt from '../../runtime/encrypt.js'; | ||
import generateIv from '../../lib/iv.js'; | ||
import encryptKeyManagement from '../../lib/encrypt_key_management.js'; | ||
@@ -87,12 +86,5 @@ import { JOSENotSupported, JWEInvalid } from '../../util/errors.js'; | ||
let encryptedKey; | ||
if (alg === 'dir') { | ||
if (this._cek) { | ||
throw new TypeError('setContentEncryptionKey cannot be called when using Direct Encryption'); | ||
} | ||
if (this._cek && (alg === 'dir' || alg === 'ECDH-ES')) { | ||
throw new TypeError(`setContentEncryptionKey cannot be called with JWE "alg" (Algorithm) Header ${alg}`); | ||
} | ||
else if (alg === 'ECDH-ES') { | ||
if (this._cek) { | ||
throw new TypeError('setContentEncryptionKey cannot be called when using Direct Key Agreement'); | ||
} | ||
} | ||
let cek; | ||
@@ -121,3 +113,2 @@ { | ||
} | ||
this._iv || (this._iv = generateIv(enc)); | ||
let additionalData; | ||
@@ -139,8 +130,12 @@ let protectedHeader; | ||
} | ||
const { ciphertext, tag } = await encrypt(enc, this._plaintext, cek, this._iv, additionalData); | ||
const { ciphertext, tag, iv } = await encrypt(enc, this._plaintext, cek, this._iv, additionalData); | ||
const jwe = { | ||
ciphertext: base64url(ciphertext), | ||
iv: base64url(this._iv), | ||
tag: base64url(tag), | ||
}; | ||
if (iv) { | ||
jwe.iv = base64url(iv); | ||
} | ||
if (tag) { | ||
jwe.tag = base64url(tag); | ||
} | ||
if (encryptedKey) { | ||
@@ -147,0 +142,0 @@ jwe.encrypted_key = base64url(encryptedKey); |
@@ -12,3 +12,3 @@ import fetchJwks from '../runtime/fetch_jwks.js'; | ||
const NAME = 'jose'; | ||
const VERSION = 'v5.2.2'; | ||
const VERSION = 'v5.2.3'; | ||
USER_AGENT = `${NAME}/${VERSION}`; | ||
@@ -15,0 +15,0 @@ } |
import encrypt from '../runtime/encrypt.js'; | ||
import decrypt from '../runtime/decrypt.js'; | ||
import generateIv from './iv.js'; | ||
import { encode as base64url } from '../runtime/base64url.js'; | ||
export async function wrap(alg, key, cek, iv) { | ||
const jweAlgorithm = alg.slice(0, 7); | ||
iv || (iv = generateIv(jweAlgorithm)); | ||
const { ciphertext: encryptedKey, tag } = await encrypt(jweAlgorithm, cek, key, iv, new Uint8Array(0)); | ||
return { encryptedKey, iv: base64url(iv), tag: base64url(tag) }; | ||
const wrapped = await encrypt(jweAlgorithm, cek, key, iv, new Uint8Array(0)); | ||
return { | ||
encryptedKey: wrapped.ciphertext, | ||
iv: base64url(wrapped.iv), | ||
tag: base64url(wrapped.tag), | ||
}; | ||
} | ||
@@ -11,0 +13,0 @@ export async function unwrap(alg, key, encryptedKey, iv, tag) { |
import { JOSENotSupported } from '../util/errors.js'; | ||
function validateCrit(Err, recognizedDefault, recognizedOption, protectedHeader, joseHeader) { | ||
if (joseHeader.crit !== undefined && protectedHeader.crit === undefined) { | ||
if (joseHeader.crit !== undefined && protectedHeader?.crit === undefined) { | ||
throw new Err('"crit" (Critical) Header Parameter MUST be integrity protected'); | ||
@@ -5,0 +5,0 @@ } |
@@ -7,2 +7,3 @@ import { concat, uint64be } from '../lib/buffer_utils.js'; | ||
import invalidKeyInput from '../lib/invalid_key_input.js'; | ||
import generateIv from '../lib/iv.js'; | ||
import { JOSENotSupported } from '../util/errors.js'; | ||
@@ -26,3 +27,3 @@ import { types } from './is_key_like.js'; | ||
const tag = new Uint8Array((await crypto.subtle.sign('HMAC', macKey, macData)).slice(0, keySize >> 3)); | ||
return { ciphertext, tag }; | ||
return { ciphertext, tag, iv }; | ||
} | ||
@@ -46,3 +47,3 @@ async function gcmEncrypt(enc, plaintext, cek, iv, aad) { | ||
const ciphertext = encrypted.slice(0, -16); | ||
return { ciphertext, tag }; | ||
return { ciphertext, tag, iv }; | ||
} | ||
@@ -53,3 +54,8 @@ const encrypt = async (enc, plaintext, cek, iv, aad) => { | ||
} | ||
checkIvLength(enc, iv); | ||
if (iv) { | ||
checkIvLength(enc, iv); | ||
} | ||
else { | ||
iv = generateIv(enc); | ||
} | ||
switch (enc) { | ||
@@ -59,4 +65,5 @@ case 'A128CBC-HS256': | ||
case 'A256CBC-HS512': | ||
if (cek instanceof Uint8Array) | ||
if (cek instanceof Uint8Array) { | ||
checkCekLength(cek, parseInt(enc.slice(-3), 10)); | ||
} | ||
return cbcEncrypt(enc, plaintext, cek, iv, aad); | ||
@@ -66,4 +73,5 @@ case 'A128GCM': | ||
case 'A256GCM': | ||
if (cek instanceof Uint8Array) | ||
if (cek instanceof Uint8Array) { | ||
checkCekLength(cek, parseInt(enc.slice(1, 4), 10)); | ||
} | ||
return gcmEncrypt(enc, plaintext, cek, iv, aad); | ||
@@ -70,0 +78,0 @@ default: |
@@ -6,3 +6,2 @@ "use strict"; | ||
const encrypt_js_1 = require("../../runtime/encrypt.js"); | ||
const iv_js_1 = require("../../lib/iv.js"); | ||
const encrypt_key_management_js_1 = require("../../lib/encrypt_key_management.js"); | ||
@@ -99,12 +98,5 @@ const errors_js_1 = require("../../util/errors.js"); | ||
let encryptedKey; | ||
if (alg === 'dir') { | ||
if (this._cek) { | ||
throw new TypeError('setContentEncryptionKey cannot be called when using Direct Encryption'); | ||
} | ||
if (this._cek && (alg === 'dir' || alg === 'ECDH-ES')) { | ||
throw new TypeError(`setContentEncryptionKey cannot be called with JWE "alg" (Algorithm) Header ${alg}`); | ||
} | ||
else if (alg === 'ECDH-ES') { | ||
if (this._cek) { | ||
throw new TypeError('setContentEncryptionKey cannot be called when using Direct Key Agreement'); | ||
} | ||
} | ||
let cek; | ||
@@ -133,3 +125,2 @@ { | ||
} | ||
this._iv ||= (0, iv_js_1.default)(enc); | ||
let additionalData; | ||
@@ -151,8 +142,12 @@ let protectedHeader; | ||
} | ||
const { ciphertext, tag } = await (0, encrypt_js_1.default)(enc, this._plaintext, cek, this._iv, additionalData); | ||
const { ciphertext, tag, iv } = await (0, encrypt_js_1.default)(enc, this._plaintext, cek, this._iv, additionalData); | ||
const jwe = { | ||
ciphertext: (0, base64url_js_1.encode)(ciphertext), | ||
iv: (0, base64url_js_1.encode)(this._iv), | ||
tag: (0, base64url_js_1.encode)(tag), | ||
}; | ||
if (iv) { | ||
jwe.iv = (0, base64url_js_1.encode)(iv); | ||
} | ||
if (tag) { | ||
jwe.tag = (0, base64url_js_1.encode)(tag); | ||
} | ||
if (encryptedKey) { | ||
@@ -159,0 +154,0 @@ jwe.encrypted_key = (0, base64url_js_1.encode)(encryptedKey); |
@@ -15,3 +15,3 @@ "use strict"; | ||
const NAME = 'jose'; | ||
const VERSION = 'v5.2.2'; | ||
const VERSION = 'v5.2.3'; | ||
USER_AGENT = `${NAME}/${VERSION}`; | ||
@@ -18,0 +18,0 @@ } |
@@ -6,9 +6,11 @@ "use strict"; | ||
const decrypt_js_1 = require("../runtime/decrypt.js"); | ||
const iv_js_1 = require("./iv.js"); | ||
const base64url_js_1 = require("../runtime/base64url.js"); | ||
async function wrap(alg, key, cek, iv) { | ||
const jweAlgorithm = alg.slice(0, 7); | ||
iv ||= (0, iv_js_1.default)(jweAlgorithm); | ||
const { ciphertext: encryptedKey, tag } = await (0, encrypt_js_1.default)(jweAlgorithm, cek, key, iv, new Uint8Array(0)); | ||
return { encryptedKey, iv: (0, base64url_js_1.encode)(iv), tag: (0, base64url_js_1.encode)(tag) }; | ||
const wrapped = await (0, encrypt_js_1.default)(jweAlgorithm, cek, key, iv, new Uint8Array(0)); | ||
return { | ||
encryptedKey: wrapped.ciphertext, | ||
iv: (0, base64url_js_1.encode)(wrapped.iv), | ||
tag: (0, base64url_js_1.encode)(wrapped.tag), | ||
}; | ||
} | ||
@@ -15,0 +17,0 @@ exports.wrap = wrap; |
@@ -5,3 +5,3 @@ "use strict"; | ||
function validateCrit(Err, recognizedDefault, recognizedOption, protectedHeader, joseHeader) { | ||
if (joseHeader.crit !== undefined && protectedHeader.crit === undefined) { | ||
if (joseHeader.crit !== undefined && protectedHeader?.crit === undefined) { | ||
throw new Err('"crit" (Critical) Header Parameter MUST be integrity protected'); | ||
@@ -8,0 +8,0 @@ } |
@@ -12,2 +12,3 @@ "use strict"; | ||
const invalid_key_input_js_1 = require("../lib/invalid_key_input.js"); | ||
const iv_js_1 = require("../lib/iv.js"); | ||
const errors_js_1 = require("../util/errors.js"); | ||
@@ -31,3 +32,3 @@ const ciphers_js_1 = require("./ciphers.js"); | ||
const tag = (0, cbc_tag_js_1.default)(aad, iv, ciphertext, macSize, macKey, keySize); | ||
return { ciphertext, tag }; | ||
return { ciphertext, tag, iv }; | ||
} | ||
@@ -47,3 +48,3 @@ function gcmEncrypt(enc, plaintext, cek, iv, aad) { | ||
const tag = cipher.getAuthTag(); | ||
return { ciphertext, tag }; | ||
return { ciphertext, tag, iv }; | ||
} | ||
@@ -63,3 +64,8 @@ const encrypt = (enc, plaintext, cek, iv, aad) => { | ||
(0, check_cek_length_js_1.default)(enc, key); | ||
(0, check_iv_length_js_1.default)(enc, iv); | ||
if (iv) { | ||
(0, check_iv_length_js_1.default)(enc, iv); | ||
} | ||
else { | ||
iv = (0, iv_js_1.default)(enc); | ||
} | ||
switch (enc) { | ||
@@ -66,0 +72,0 @@ case 'A128CBC-HS256': |
import { encode as base64url } from '../../runtime/base64url.js'; | ||
import encrypt from '../../runtime/encrypt.js'; | ||
import generateIv from '../../lib/iv.js'; | ||
import encryptKeyManagement from '../../lib/encrypt_key_management.js'; | ||
@@ -95,12 +94,5 @@ import { JOSENotSupported, JWEInvalid } from '../../util/errors.js'; | ||
let encryptedKey; | ||
if (alg === 'dir') { | ||
if (this._cek) { | ||
throw new TypeError('setContentEncryptionKey cannot be called when using Direct Encryption'); | ||
} | ||
if (this._cek && (alg === 'dir' || alg === 'ECDH-ES')) { | ||
throw new TypeError(`setContentEncryptionKey cannot be called with JWE "alg" (Algorithm) Header ${alg}`); | ||
} | ||
else if (alg === 'ECDH-ES') { | ||
if (this._cek) { | ||
throw new TypeError('setContentEncryptionKey cannot be called when using Direct Key Agreement'); | ||
} | ||
} | ||
let cek; | ||
@@ -129,3 +121,2 @@ { | ||
} | ||
this._iv ||= generateIv(enc); | ||
let additionalData; | ||
@@ -147,8 +138,12 @@ let protectedHeader; | ||
} | ||
const { ciphertext, tag } = await encrypt(enc, this._plaintext, cek, this._iv, additionalData); | ||
const { ciphertext, tag, iv } = await encrypt(enc, this._plaintext, cek, this._iv, additionalData); | ||
const jwe = { | ||
ciphertext: base64url(ciphertext), | ||
iv: base64url(this._iv), | ||
tag: base64url(tag), | ||
}; | ||
if (iv) { | ||
jwe.iv = base64url(iv); | ||
} | ||
if (tag) { | ||
jwe.tag = base64url(tag); | ||
} | ||
if (encryptedKey) { | ||
@@ -155,0 +150,0 @@ jwe.encrypted_key = base64url(encryptedKey); |
@@ -12,3 +12,3 @@ import fetchJwks from '../runtime/fetch_jwks.js'; | ||
const NAME = 'jose'; | ||
const VERSION = 'v5.2.2'; | ||
const VERSION = 'v5.2.3'; | ||
USER_AGENT = `${NAME}/${VERSION}`; | ||
@@ -15,0 +15,0 @@ } |
import encrypt from '../runtime/encrypt.js'; | ||
import decrypt from '../runtime/decrypt.js'; | ||
import generateIv from './iv.js'; | ||
import { encode as base64url } from '../runtime/base64url.js'; | ||
export async function wrap(alg, key, cek, iv) { | ||
const jweAlgorithm = alg.slice(0, 7); | ||
iv ||= generateIv(jweAlgorithm); | ||
const { ciphertext: encryptedKey, tag } = await encrypt(jweAlgorithm, cek, key, iv, new Uint8Array(0)); | ||
return { encryptedKey, iv: base64url(iv), tag: base64url(tag) }; | ||
const wrapped = await encrypt(jweAlgorithm, cek, key, iv, new Uint8Array(0)); | ||
return { | ||
encryptedKey: wrapped.ciphertext, | ||
iv: base64url(wrapped.iv), | ||
tag: base64url(wrapped.tag), | ||
}; | ||
} | ||
@@ -11,0 +13,0 @@ export async function unwrap(alg, key, encryptedKey, iv, tag) { |
import { JOSENotSupported } from '../util/errors.js'; | ||
function validateCrit(Err, recognizedDefault, recognizedOption, protectedHeader, joseHeader) { | ||
if (joseHeader.crit !== undefined && protectedHeader.crit === undefined) { | ||
if (joseHeader.crit !== undefined && protectedHeader?.crit === undefined) { | ||
throw new Err('"crit" (Critical) Header Parameter MUST be integrity protected'); | ||
@@ -5,0 +5,0 @@ } |
@@ -10,2 +10,3 @@ import { createCipheriv, KeyObject } from 'node:crypto'; | ||
import invalidKeyInput from '../lib/invalid_key_input.js'; | ||
import generateIv from '../lib/iv.js'; | ||
import { JOSENotSupported } from '../util/errors.js'; | ||
@@ -29,3 +30,3 @@ import supported from './ciphers.js'; | ||
const tag = cbcTag(aad, iv, ciphertext, macSize, macKey, keySize); | ||
return { ciphertext, tag }; | ||
return { ciphertext, tag, iv }; | ||
} | ||
@@ -45,3 +46,3 @@ function gcmEncrypt(enc, plaintext, cek, iv, aad) { | ||
const tag = cipher.getAuthTag(); | ||
return { ciphertext, tag }; | ||
return { ciphertext, tag, iv }; | ||
} | ||
@@ -61,3 +62,8 @@ const encrypt = (enc, plaintext, cek, iv, aad) => { | ||
checkCekLength(enc, key); | ||
checkIvLength(enc, iv); | ||
if (iv) { | ||
checkIvLength(enc, iv); | ||
} | ||
else { | ||
iv = generateIv(enc); | ||
} | ||
switch (enc) { | ||
@@ -64,0 +70,0 @@ case 'A128CBC-HS256': |
{ | ||
"name": "jose", | ||
"version": "5.2.2", | ||
"version": "5.2.3", | ||
"description": "JWA, JWS, JWE, JWT, JWK, JWKS for Node.js, Browser, Cloudflare Workers, Deno, Bun, and other Web-interoperable runtimes", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
12502
504606