fix: do not list "dir" under wrap/unwrapKey operations

BREAKING CHANGE: "dir" is no longer returned as wrap/unwrapKey key operation
panva · Mar 11, 2019 · 17b37d3 · 17b37d3
1 parent 2ad4418
commit 17b37d3
Show file tree

Hide file tree

Showing 4 changed files with 3 additions and 37 deletions.
diff --git a/lib/jwa/index.js b/lib/jwa/index.js
@@ -27,7 +27,7 @@ require('./ecdh/kw')(JWA)
 require('./ecdh/dir')(JWA)
 
 const check = (key, op, alg) => {
- if (JWA[op].has(alg) || (alg === 'dir' && op === 'unwrapKey')) {
+ if (JWA[op].has(alg)) {
  if (!key.algorithms(op).has(alg)) {
  throw new JWKKeySupport(`the key does not support ${alg} ${op} algorithm`)
  }

diff --git a/lib/jwe/encrypt.js b/lib/jwe/encrypt.js
@@ -124,7 +124,6 @@ class Encrypt {
 
  if (key.kty === 'oct' && alg === 'dir') {
  this[CEK] = importKey(key[KEYOBJECT], { use: 'enc', alg: enc })
- wrapped = ''
  } else {
  ({ wrapped, header: generatedHeader, direct } = wrapKey(alg, key, this[CEK][KEYOBJECT].export(), { enc, alg }))
  if (direct) {

diff --git a/lib/jwk/key/oct.js b/lib/jwk/key/oct.js
@@ -29,6 +29,7 @@ const ENC_ALGS = new Set([
  'A256GCM'
 ])
 
+const PBES2 = ['PBES2-HS256+A128KW', 'PBES2-HS384+A192KW', 'PBES2-HS512+A256KW']
 const WRAP_LEN = new Set([
  128,
  192,
@@ -122,11 +123,7 @@ class OctKey extends Key {
  algs.add(`A${this.length}GCMKW`)
  }
 
- ['PBES2-HS256+A128KW', 'PBES2-HS384+A192KW', 'PBES2-HS512+A256KW'].forEach(Set.prototype.add.bind(algs))
-
- if (ENC_LEN.has(this.length)) {
- algs.add('dir')
- }
+ PBES2.forEach(Set.prototype.add.bind(algs))
 
  return algs
  case undefined:

diff --git a/test/jwk/oct.test.js b/test/jwk/oct.test.js
@@ -80,12 +80,6 @@ test('no verify support when `use` is "enc"', t => {
  t.deepEqual([...result], [])
 })
 
-test(`oct keys (odd bits) wrap/unwrap algorithms do not have "dir"`, t => {
- const key = OctKey.generateSync(136)
-
- t.false(key.algorithms().has('dir'))
-})
-
 test(`oct keys (odd bits) wrap/unwrap algorithms only have "PBES2"`, t => {
  const key = OctKey.generateSync(136)
  const result = key.algorithms('wrapKey')
@@ -102,30 +96,6 @@ test(`oct keys (odd bits) wrap/unwrap algorithms only have "PBES2"`, t => {
  })
 })
 
-Object.entries({
- 128: ['A128GCM'],
- 192: ['A192GCM'],
- 256: ['A128CBC-HS256', 'A256GCM'],
- 384: ['A192CBC-HS384'],
- 512: ['A256CBC-HS512']
-}).forEach(([len, encAlgs]) => {
- len = parseInt(len)
-
- test(`oct key (${len} bits) can encrypt`, t => {
- const key = OctKey.generateSync(len)
-
- const result = key.algorithms('encrypt')
- t.is(result.constructor, Set)
- t.deepEqual([...result], encAlgs)
- })
-
- test(`oct keys (${len} bits) wrap/unwrap algorithms have "dir"`, t => {
- const key = OctKey.generateSync(len)
-
- t.true(key.algorithms().has('dir'))
- })
-})
-
 test('oct keys may not be generated as public', t => {
  t.throws(() => {
  OctKey.generateSync(undefined, undefined, false)