Skip to content

Commit 16e6b23

Browse files
panvapanva
committed
refactor: expose setKeyManagementParameters also on a GeneralEncrypt Recipient
1 parent daee426 commit 16e6b23

File tree

11 files changed

+98
-47
lines changed

11 files changed

+98
-47
lines changed

docs/jwe/compact/encrypt/classes/CompactEncrypt.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -112,10 +112,10 @@ You should not use this method. It is only really intended for test and vector
112112

113113
**setKeyManagementParameters**(`parameters`): `this`
114114

115-
Sets the JWE Key Management parameters to be used when encrypting. Use of this is method is
116-
really only needed for ECDH based algorithms when utilizing the Agreement PartyUInfo or
117-
Agreement PartyVInfo parameters. Other parameters will always be randomly generated when needed
118-
and missing.
115+
Sets the JWE Key Management parameters to be used when encrypting.
116+
117+
(ECDH-ES) Use of this method is needed for ECDH based algorithms to set the "apu" (Agreement
118+
PartyUInfo) or "apv" (Agreement PartyVInfo) parameters.
119119

120120
#### Parameters
121121

docs/jwe/flattened/encrypt/classes/FlattenedEncrypt.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -131,10 +131,10 @@ You should not use this method. It is only really intended for test and vector
131131

132132
**setKeyManagementParameters**(`parameters`): `this`
133133

134-
Sets the JWE Key Management parameters to be used when encrypting. Use of this is method is
135-
really only needed for ECDH based algorithms when utilizing the "apu" (Agreement PartyUInfo) or
136-
"apv" (Agreement PartyVInfo) parameters. Other parameters will always be randomly generated
137-
when needed and missing.
134+
Sets the JWE Key Management parameters to be used when encrypting.
135+
136+
(ECDH-ES) Use of this method is needed for ECDH based algorithms to set the "apu" (Agreement
137+
PartyUInfo) or "apv" (Agreement PartyVInfo) parameters.
138138

139139
#### Parameters
140140

docs/jwe/general/encrypt/interfaces/Recipient.md

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,27 @@ A shorthand for calling encrypt() on the enclosing [GeneralEncrypt](../classes/G
5656

5757
***
5858

59+
### setKeyManagementParameters()
60+
61+
**setKeyManagementParameters**(`parameters`): `Recipient`
62+
63+
Sets the JWE Key Management parameters to be used when encrypting.
64+
65+
(ECDH-ES) Use of this method is needed for ECDH based algorithms to set the "apu" (Agreement
66+
PartyUInfo) or "apv" (Agreement PartyVInfo) parameters.
67+
68+
#### Parameters
69+
70+
| Parameter | Type | Description |
71+
| ------ | ------ | ------ |
72+
| `parameters` | [`JWEKeyManagementHeaderParameters`](../../../../types/interfaces/JWEKeyManagementHeaderParameters.md) | JWE Key Management parameters. |
73+
74+
#### Returns
75+
76+
`Recipient`
77+
78+
***
79+
5980
### setUnprotectedHeader()
6081

6182
**setUnprotectedHeader**(`unprotectedHeader`): `Recipient`

docs/jwt/encrypt/classes/EncryptJWT.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -290,10 +290,10 @@ Set the "jti" (JWT ID) Claim.
290290

291291
**setKeyManagementParameters**(`parameters`): `this`
292292

293-
Sets the JWE Key Management parameters to be used when encrypting. Use of this is method is
294-
really only needed for ECDH based algorithms when utilizing the "apu" (Agreement PartyUInfo) or
295-
"apv" (Agreement PartyVInfo) parameters. Other parameters will always be randomly generated
296-
when needed and missing.
293+
Sets the JWE Key Management parameters to be used when encrypting.
294+
295+
(ECDH-ES) Use of this method is needed for ECDH based algorithms to set the "apu" (Agreement
296+
PartyUInfo) or "apv" (Agreement PartyVInfo) parameters.
297297

298298
#### Parameters
299299

docs/types/interfaces/JWEKeyManagementHeaderParameters.md

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -12,12 +12,18 @@ Recognized JWE Key Management-related Header Parameters.
1212

1313
`optional` **apu**: [`Uint8Array`](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array)
1414

15+
ECDH-ES "apu" (Agreement PartyUInfo). This will be used as a JOSE Header Parameter and will be
16+
used in ECDH's ConcatKDF.
17+
1518
***
1619

1720
### apv?
1821

1922
`optional` **apv**: [`Uint8Array`](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array)
2023

24+
ECDH-ES "apv" (Agreement PartyVInfo). This will be used as a JOSE Header Parameter and will be
25+
used in ECDH's ConcatKDF.
26+
2127
***
2228

2329
### ~~epk?~~
@@ -26,7 +32,7 @@ Recognized JWE Key Management-related Header Parameters.
2632

2733
#### Deprecated
2834

29-
You should not use this parameter. It is only really intended for test and vector
35+
You should not use this parameter. It is only intended for testing and vector
3036
validation purposes.
3137

3238
***
@@ -37,7 +43,7 @@ You should not use this parameter. It is only really intended for test and vecto
3743

3844
#### Deprecated
3945

40-
You should not use this parameter. It is only really intended for test and vector
46+
You should not use this parameter. It is only intended for testing and vector
4147
validation purposes.
4248

4349
***
@@ -48,7 +54,7 @@ You should not use this parameter. It is only really intended for test and vecto
4854

4955
#### Deprecated
5056

51-
You should not use this parameter. It is only really intended for test and vector
57+
You should not use this parameter. It is only intended for testing and vector
5258
validation purposes.
5359

5460
***
@@ -59,5 +65,5 @@ You should not use this parameter. It is only really intended for test and vecto
5965

6066
#### Deprecated
6167

62-
You should not use this parameter. It is only really intended for test and vector
68+
You should not use this parameter. It is only intended for testing and vector
6369
validation purposes.

src/jwe/compact/encrypt.ts

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -76,10 +76,10 @@ export class CompactEncrypt {
7676
}
7777

7878
/**
79-
* Sets the JWE Key Management parameters to be used when encrypting. Use of this is method is
80-
* really only needed for ECDH based algorithms when utilizing the Agreement PartyUInfo or
81-
* Agreement PartyVInfo parameters. Other parameters will always be randomly generated when needed
82-
* and missing.
79+
* Sets the JWE Key Management parameters to be used when encrypting.
80+
*
81+
* (ECDH-ES) Use of this method is needed for ECDH based algorithms to set the "apu" (Agreement
82+
* PartyUInfo) or "apv" (Agreement PartyVInfo) parameters.
8383
*
8484
* @param parameters JWE Key Management parameters.
8585
*/

src/jwe/flattened/encrypt.ts

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@ export class FlattenedEncrypt {
5050

5151
#iv!: Uint8Array | undefined
5252

53-
#keyManagementParameters!: types.JWEKeyManagementHeaderParameters
53+
#keyManagementParameters?: types.JWEKeyManagementHeaderParameters
5454

5555
/**
5656
* {@link FlattenedEncrypt} constructor
@@ -65,10 +65,10 @@ export class FlattenedEncrypt {
6565
}
6666

6767
/**
68-
* Sets the JWE Key Management parameters to be used when encrypting. Use of this is method is
69-
* really only needed for ECDH based algorithms when utilizing the "apu" (Agreement PartyUInfo) or
70-
* "apv" (Agreement PartyVInfo) parameters. Other parameters will always be randomly generated
71-
* when needed and missing.
68+
* Sets the JWE Key Management parameters to be used when encrypting.
69+
*
70+
* (ECDH-ES) Use of this method is needed for ECDH based algorithms to set the "apu" (Agreement
71+
* PartyUInfo) or "apv" (Agreement PartyVInfo) parameters.
7272
*
7373
* @param parameters JWE Key Management parameters.
7474
*/

src/jwe/general/encrypt.ts

Lines changed: 28 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,16 @@ export interface Recipient {
2525
*/
2626
setUnprotectedHeader(unprotectedHeader: types.JWEHeaderParameters): Recipient
2727

28+
/**
29+
* Sets the JWE Key Management parameters to be used when encrypting.
30+
*
31+
* (ECDH-ES) Use of this method is needed for ECDH based algorithms to set the "apu" (Agreement
32+
* PartyUInfo) or "apv" (Agreement PartyVInfo) parameters.
33+
*
34+
* @param parameters JWE Key Management parameters.
35+
*/
36+
setKeyManagementParameters(parameters: types.JWEKeyManagementHeaderParameters): Recipient
37+
2838
/** A shorthand for calling addRecipient() on the enclosing {@link GeneralEncrypt} instance */
2939
addRecipient(...args: Parameters<GeneralEncrypt['addRecipient']>): Recipient
3040

@@ -38,6 +48,7 @@ export interface Recipient {
3848
class IndividualRecipient implements Recipient {
3949
#parent: GeneralEncrypt
4050
unprotectedHeader?: types.JWEHeaderParameters
51+
keyManagementParameters?: types.JWEKeyManagementHeaderParameters
4152
key: types.CryptoKey | types.KeyObject | types.JWK | Uint8Array
4253
options: types.CritOption
4354

@@ -51,14 +62,22 @@ class IndividualRecipient implements Recipient {
5162
this.options = options
5263
}
5364

54-
setUnprotectedHeader(unprotectedHeader: types.JWEHeaderParameters) {
65+
setUnprotectedHeader(unprotectedHeader: types.JWEHeaderParameters): this {
5566
if (this.unprotectedHeader) {
5667
throw new TypeError('setUnprotectedHeader can only be called once')
5768
}
5869
this.unprotectedHeader = unprotectedHeader
5970
return this
6071
}
6172

73+
setKeyManagementParameters(parameters: types.JWEKeyManagementHeaderParameters): this {
74+
if (this.keyManagementParameters) {
75+
throw new TypeError('setKeyManagementParameters can only be called once')
76+
}
77+
this.keyManagementParameters = parameters
78+
return this
79+
}
80+
6281
addRecipient(...args: Parameters<GeneralEncrypt['addRecipient']>) {
6382
return this.#parent.addRecipient(...args)
6483
}
@@ -250,32 +269,22 @@ export class GeneralEncrypt {
250269

251270
const jwe: types.GeneralJWE = {
252271
ciphertext: '',
253-
iv: '',
254272
recipients: [],
255-
tag: '',
256273
}
257274

258275
for (let i = 0; i < this.#recipients.length; i++) {
259276
const recipient = this.#recipients[i]
260277
const target: Record<string, string | types.JWEHeaderParameters> = {}
261278
jwe.recipients!.push(target)
262279

263-
const joseHeader = {
264-
...this.#protectedHeader,
265-
...this.#unprotectedHeader,
266-
...recipient.unprotectedHeader,
267-
}
268-
269-
const p2c = joseHeader.alg!.startsWith('PBES2') ? 2048 + i : undefined
270-
271280
if (i === 0) {
272281
const flattened = await new FlattenedEncrypt(this.#plaintext)
273282
.setAdditionalAuthenticatedData(this.#aad)
274283
.setContentEncryptionKey(cek)
275284
.setProtectedHeader(this.#protectedHeader)
276285
.setSharedUnprotectedHeader(this.#unprotectedHeader)
277286
.setUnprotectedHeader(recipient.unprotectedHeader!)
278-
.setKeyManagementParameters({ p2c })
287+
.setKeyManagementParameters(recipient.keyManagementParameters!)
279288
.encrypt(recipient.key, {
280289
...recipient.options,
281290
// @ts-expect-error
@@ -304,7 +313,13 @@ export class GeneralEncrypt {
304313
checkKeyType(alg === 'dir' ? enc : alg, recipient.key, 'encrypt')
305314

306315
const k = await normalizeKey(recipient.key, alg)
307-
const { encryptedKey, parameters } = await encryptKeyManagement(alg, enc, k, cek, { p2c })
316+
const { encryptedKey, parameters } = await encryptKeyManagement(
317+
alg,
318+
enc,
319+
k,
320+
cek,
321+
recipient.keyManagementParameters,
322+
)
308323
target.encrypted_key = b64u(encryptedKey!)
309324
if (recipient.unprotectedHeader || parameters)
310325
target.header = { ...recipient.unprotectedHeader, ...parameters }

src/jwt/encrypt.ts

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -105,10 +105,10 @@ export class EncryptJWT implements types.ProduceJWT {
105105
}
106106

107107
/**
108-
* Sets the JWE Key Management parameters to be used when encrypting. Use of this is method is
109-
* really only needed for ECDH based algorithms when utilizing the "apu" (Agreement PartyUInfo) or
110-
* "apv" (Agreement PartyVInfo) parameters. Other parameters will always be randomly generated
111-
* when needed and missing.
108+
* Sets the JWE Key Management parameters to be used when encrypting.
109+
*
110+
* (ECDH-ES) Use of this method is needed for ECDH based algorithms to set the "apu" (Agreement
111+
* PartyUInfo) or "apv" (Agreement PartyVInfo) parameters.
112112
*
113113
* @param parameters JWE Key Management parameters.
114114
*/

src/types.d.ts

Lines changed: 13 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -304,25 +304,34 @@ export interface JWSHeaderParameters extends JoseHeaderParameters {
304304

305305
/** Recognized JWE Key Management-related Header Parameters. */
306306
export interface JWEKeyManagementHeaderParameters {
307+
/**
308+
* ECDH-ES "apu" (Agreement PartyUInfo). This will be used as a JOSE Header Parameter and will be
309+
* used in ECDH's ConcatKDF.
310+
*/
307311
apu?: Uint8Array
312+
313+
/**
314+
* ECDH-ES "apv" (Agreement PartyVInfo). This will be used as a JOSE Header Parameter and will be
315+
* used in ECDH's ConcatKDF.
316+
*/
308317
apv?: Uint8Array
309318
/**
310-
* @deprecated You should not use this parameter. It is only really intended for test and vector
319+
* @deprecated You should not use this parameter. It is only intended for testing and vector
311320
* validation purposes.
312321
*/
313322
p2c?: number
314323
/**
315-
* @deprecated You should not use this parameter. It is only really intended for test and vector
324+
* @deprecated You should not use this parameter. It is only intended for testing and vector
316325
* validation purposes.
317326
*/
318327
p2s?: Uint8Array
319328
/**
320-
* @deprecated You should not use this parameter. It is only really intended for test and vector
329+
* @deprecated You should not use this parameter. It is only intended for testing and vector
321330
* validation purposes.
322331
*/
323332
iv?: Uint8Array
324333
/**
325-
* @deprecated You should not use this parameter. It is only really intended for test and vector
334+
* @deprecated You should not use this parameter. It is only intended for testing and vector
326335
* validation purposes.
327336
*/
328337
epk?: CryptoKey | KeyObject

0 commit comments

Comments
 (0)