refactor: update CEK length validation error message

src/runtime/browser/check_cek_length.ts

@@ -1,8 +1,11 @@
 import { JWEInvalid } from '../../util/errors.js'
 
 const checkCekLength = (cek: Uint8Array, expected: number) => {
- if (cek.length << 3 !== expected) {
- throw new JWEInvalid('Invalid Content Encryption Key length')
+ const actual = cek.byteLength << 3
+ if (actual !== expected) {
+ throw new JWEInvalid(
+ `Invalid Content Encryption Key length. Expected ${expected} bits, got ${actual} bits`,
+ )
  }
 }
 

src/runtime/node/check_cek_length.ts

@@ -22,15 +22,21 @@ const checkCekLength = (enc: string, cek: KeyObject | Uint8Array) => {
  }
 
  if (cek instanceof Uint8Array) {
- if (cek.length << 3 !== expected) {
- throw new JWEInvalid('Invalid Content Encryption Key length')
+ const actual = cek.byteLength << 3
+ if (actual !== expected) {
+ throw new JWEInvalid(
+ `Invalid Content Encryption Key length. Expected ${expected} bits, got ${actual} bits`,
+ )
  }
  return
  }
 
  if (isKeyObject(cek) && cek.type === 'secret') {
- if (cek.symmetricKeySize! << 3 !== expected) {
- throw new JWEInvalid('Invalid Content Encryption Key length')
+ const actual = cek.symmetricKeySize! << 3
+ if (actual !== expected) {
+ throw new JWEInvalid(
+ `Invalid Content Encryption Key length. Expected ${expected} bits, got ${actual} bits`,
+ )
  }
  return
  }

src/types.d.ts

@@ -20,8 +20,8 @@
  * obtain a KeyObject from your existing key material.
  *
  * [CryptoKey](https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey) is a representation of a
- * key/secret available in the Browser and Deno runtimes. In addition to the import functions of
- * this library you may use the
+ * key/secret available in the Browser and Web-interoperable runtimes. In addition to the import
+ * functions of this library you may use the
  * [SubtleCrypto.importKey](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey)
  * API to obtain a CryptoKey from your existing key material.
  *