Skip to content

Commit

Permalink
refactor: update CEK length validation error message
Browse files Browse the repository at this point in the history
  • Loading branch information
panva committed Sep 15, 2022
1 parent 644a13b commit 81a92a9
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 8 deletions.
7 changes: 5 additions & 2 deletions src/runtime/browser/check_cek_length.ts
Original file line number Diff line number Diff line change
@@ -1,8 +1,11 @@
import { JWEInvalid } from '../../util/errors.js'

const checkCekLength = (cek: Uint8Array, expected: number) => {
if (cek.length << 3 !== expected) {
throw new JWEInvalid('Invalid Content Encryption Key length')
const actual = cek.byteLength << 3
if (actual !== expected) {
throw new JWEInvalid(
`Invalid Content Encryption Key length. Expected ${expected} bits, got ${actual} bits`,
)
}
}

Expand Down
14 changes: 10 additions & 4 deletions src/runtime/node/check_cek_length.ts
Original file line number Diff line number Diff line change
Expand Up @@ -22,15 +22,21 @@ const checkCekLength = (enc: string, cek: KeyObject | Uint8Array) => {
}

if (cek instanceof Uint8Array) {
if (cek.length << 3 !== expected) {
throw new JWEInvalid('Invalid Content Encryption Key length')
const actual = cek.byteLength << 3
if (actual !== expected) {
throw new JWEInvalid(
`Invalid Content Encryption Key length. Expected ${expected} bits, got ${actual} bits`,
)
}
return
}

if (isKeyObject(cek) && cek.type === 'secret') {
if (cek.symmetricKeySize! << 3 !== expected) {
throw new JWEInvalid('Invalid Content Encryption Key length')
const actual = cek.symmetricKeySize! << 3
if (actual !== expected) {
throw new JWEInvalid(
`Invalid Content Encryption Key length. Expected ${expected} bits, got ${actual} bits`,
)
}
return
}
Expand Down
4 changes: 2 additions & 2 deletions src/types.d.ts
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,8 @@
* obtain a KeyObject from your existing key material.
*
* [CryptoKey](https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey) is a representation of a
* key/secret available in the Browser and Deno runtimes. In addition to the import functions of
* this library you may use the
* key/secret available in the Browser and Web-interoperable runtimes. In addition to the import
* functions of this library you may use the
* [SubtleCrypto.importKey](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey)
* API to obtain a CryptoKey from your existing key material.
*
Expand Down

0 comments on commit 81a92a9

Please sign in to comment.