From 3a4d44957d7f5e0440a03040f16175ab868d1e91 Mon Sep 17 00:00:00 2001 From: Goncalo Frade Date: Sat, 7 Dec 2024 15:09:41 +0000 Subject: [PATCH] feat: removed sharedKey since it just caused confusion recipientKey should be used BREAKING CHANGE --- .../Decryptors/AESDecryptor.swift | 3 +- .../Decryptors/DirectDecryptor.swift | 3 +- .../Decryptors/ECDH1PUDecryptor.swift | 1 - .../Decryptors/ECDHDecryptor.swift | 1 - .../Decryptors/JWEDecryptor.swift | 16 --------- .../Decryptors/MultiDecryptor.swift | 12 +++---- .../Decryptors/PasswordBasedDecryptor.swift | 1 - .../Decryptors/RSADecryptor.swift | 1 - Sources/JSONWebEncryption/JWE+Decrypt.swift | 12 ------- Sources/JSONWebToken/JWT+Encryption.swift | 16 --------- Sources/JSONWebToken/JWT+Verification.swift | 19 ++-------- .../Articles/Tutorials/EncryptingJWT.md | 4 +-- Tests/ExampleTests/ExampleTests.swift | 4 +-- Tests/JWETests/AESTests.swift | 12 +++---- Tests/JWETests/DirectTests.swift | 2 +- Tests/JWETests/PBES2Tests.swift | 3 -- Tests/JWETests/RFC7520Tests.swift | 36 +++++++------------ 17 files changed, 29 insertions(+), 117 deletions(-) diff --git a/Sources/JSONWebEncryption/EncryptionModule/Decryptors/AESDecryptor.swift b/Sources/JSONWebEncryption/EncryptionModule/Decryptors/AESDecryptor.swift index 6124c2b..b3ae460 100644 --- a/Sources/JSONWebEncryption/EncryptionModule/Decryptors/AESDecryptor.swift +++ b/Sources/JSONWebEncryption/EncryptionModule/Decryptors/AESDecryptor.swift @@ -53,7 +53,6 @@ struct AESJWEDecryptor: JWEDecryptor { additionalAuthenticationData: Data?, senderKey: JWK?, recipientKey: JWK?, - sharedKey: JWK?, password: Data? ) throws -> Data { guard let alg = getKeyAlgorithm( @@ -87,7 +86,7 @@ struct AESJWEDecryptor: JWEDecryptor { ) } - guard let kek = sharedKey ?? recipientKey else{ + guard let kek = recipientKey else{ throw JWE.JWEError.missingKek } diff --git a/Sources/JSONWebEncryption/EncryptionModule/Decryptors/DirectDecryptor.swift b/Sources/JSONWebEncryption/EncryptionModule/Decryptors/DirectDecryptor.swift index 3a6f1ca..954576b 100644 --- a/Sources/JSONWebEncryption/EncryptionModule/Decryptors/DirectDecryptor.swift +++ b/Sources/JSONWebEncryption/EncryptionModule/Decryptors/DirectDecryptor.swift @@ -48,7 +48,6 @@ struct DirectJWEDecryptor: JWEDecryptor { additionalAuthenticationData: Data?, senderKey: JWK?, recipientKey: JWK?, - sharedKey: JWK?, password: Data? ) throws -> Data { guard let enc = getEncoding( @@ -82,7 +81,7 @@ struct DirectJWEDecryptor: JWEDecryptor { throw JWE.JWEError.missingContentAuthenticationTag } - guard let cek = sharedKey?.key else { + guard let cek = recipientKey?.key else { throw JWE.JWEError.missingCek } diff --git a/Sources/JSONWebEncryption/EncryptionModule/Decryptors/ECDH1PUDecryptor.swift b/Sources/JSONWebEncryption/EncryptionModule/Decryptors/ECDH1PUDecryptor.swift index 1c6dbbb..650d6c8 100644 --- a/Sources/JSONWebEncryption/EncryptionModule/Decryptors/ECDH1PUDecryptor.swift +++ b/Sources/JSONWebEncryption/EncryptionModule/Decryptors/ECDH1PUDecryptor.swift @@ -54,7 +54,6 @@ struct ECDH1PUJWEDecryptor: JWEDecryptor { additionalAuthenticationData: Data?, senderKey: JWK?, recipientKey: JWK?, - sharedKey: JWK?, password: Data? ) throws -> Data { guard let alg = getKeyAlgorithm( diff --git a/Sources/JSONWebEncryption/EncryptionModule/Decryptors/ECDHDecryptor.swift b/Sources/JSONWebEncryption/EncryptionModule/Decryptors/ECDHDecryptor.swift index 3ae44a9..c7d841a 100644 --- a/Sources/JSONWebEncryption/EncryptionModule/Decryptors/ECDHDecryptor.swift +++ b/Sources/JSONWebEncryption/EncryptionModule/Decryptors/ECDHDecryptor.swift @@ -54,7 +54,6 @@ struct ECDHJWEDecryptor: JWEDecryptor { additionalAuthenticationData: Data?, senderKey: JWK?, recipientKey: JWK?, - sharedKey: JWK?, password: Data? ) throws -> Data { guard let alg = getKeyAlgorithm( diff --git a/Sources/JSONWebEncryption/EncryptionModule/Decryptors/JWEDecryptor.swift b/Sources/JSONWebEncryption/EncryptionModule/Decryptors/JWEDecryptor.swift index 6b104e7..99dfe72 100644 --- a/Sources/JSONWebEncryption/EncryptionModule/Decryptors/JWEDecryptor.swift +++ b/Sources/JSONWebEncryption/EncryptionModule/Decryptors/JWEDecryptor.swift @@ -38,7 +38,6 @@ public protocol JWEDecryptor: Sendable { /// - additionalAuthenticationData: Additional authenticated data. /// - senderKey: Optional sender's key. /// - recipientKey: Optional recipient's key. - /// - sharedKey: Optional shared key. /// - password: Optional password for key derivation. /// - Returns: Decrypted data as `Data`. /// - Throws: Encryption related errors. @@ -53,7 +52,6 @@ public protocol JWEDecryptor: Sendable { additionalAuthenticationData: Data?, senderKey: JWK?, recipientKey: JWK?, - sharedKey: JWK?, password: Data? ) throws -> Data } @@ -70,7 +68,6 @@ public protocol JWEMultiDecryptor: Sendable { /// - authenticationTag: Authentication tag for verifying the integrity of the decrypted data. /// - senderKey: Optional sender's key. /// - recipientKey: Optional recipient's key. - /// - sharedKey: Optional shared key. /// - additionalAuthenticationData: Additional authenticated data. /// - tryAllRecipients: Flag to attempt decryption with all provided recipient keys. /// - password: Optional password for key derivation. @@ -86,7 +83,6 @@ public protocol JWEMultiDecryptor: Sendable { authenticationTag: Data?, senderKey: JWK?, recipientKey: JWK?, - sharedKey: JWK?, additionalAuthenticationData: Data?, tryAllRecipients: Bool, password: Data?, @@ -109,7 +105,6 @@ public extension JWEDecryptor { /// - additionalAuthenticationData: Additional authenticated data (optional). /// - senderKey: Sender's key (optional). /// - recipientKey: Recipient's key (optional). - /// - sharedKey: Shared key (optional). /// - password: Password for key derivation (optional). /// - Returns: Decrypted data as `Data`. /// - Throws: Encryption related errors. @@ -128,7 +123,6 @@ public extension JWEDecryptor { additionalAuthenticationData: Data? = nil, senderKey: JWK? = nil, recipientKey: JWK? = nil, - sharedKey: JWK? = nil, password: Data? = nil ) throws -> Data { try self.decrypt( @@ -142,7 +136,6 @@ public extension JWEDecryptor { additionalAuthenticationData: additionalAuthenticationData, senderKey: senderKey, recipientKey: recipientKey, - sharedKey: sharedKey, password: password ) } @@ -159,7 +152,6 @@ public extension JWEDecryptor { /// - additionalAuthenticationData: Additional authenticated data (optional). /// - senderKey: Sender's key (optional). /// - recipientKey: Recipient's key (optional). - /// - sharedKey: Shared key (optional). /// - password: Password for key derivation (optional). /// - Returns: Decrypted data as `Data`. /// - Throws: Encryption related errors. @@ -176,7 +168,6 @@ public extension JWEDecryptor { additionalAuthenticationData: Data? = nil, senderKey: JWK? = nil, recipientKey: JWK? = nil, - sharedKey: JWK? = nil, password: Data? = nil ) throws -> Data { let aad = try AAD.computeAAD(header: encodedProtectedHeader, aad: additionalAuthenticationData) @@ -194,7 +185,6 @@ public extension JWEDecryptor { additionalAuthenticationData: aad, senderKey: senderKey, recipientKey: recipientKey, - sharedKey: sharedKey, password: password ) } @@ -213,7 +203,6 @@ public extension JWEMultiDecryptor { /// - authenticationTag: Authentication tag (optional). /// - senderKey: Sender's key (optional). /// - recipientKey: Recipient's key (optional). - /// - sharedKey: Shared key (optional). /// - additionalAuthenticationData: Additional authenticated data (optional). /// - tryAllRecipients: Flag to attempt decryption with all provided recipient keys (optional). /// - password: Password for key derivation (optional). @@ -233,7 +222,6 @@ public extension JWEMultiDecryptor { authenticationTag: Data? = nil, senderKey: JWK? = nil, recipientKey: JWK? = nil, - sharedKey: JWK? = nil, additionalAuthenticationData: Data? = nil, tryAllRecipients: Bool = false, password: Data? = nil, @@ -248,7 +236,6 @@ public extension JWEMultiDecryptor { authenticationTag: authenticationTag, senderKey: senderKey, recipientKey: recipientKey, - sharedKey: sharedKey, additionalAuthenticationData: additionalAuthenticationData, tryAllRecipients: tryAllRecipients, password: password, @@ -266,7 +253,6 @@ public extension JWEMultiDecryptor { /// - authenticationTag: Authentication tag (optional). /// - senderKey: Sender's key (optional). /// - recipientKey: Recipient's key (optional). - /// - sharedKey: Shared key (optional). /// - additionalAuthenticationData: Additional authenticated data (optional). /// - tryAllRecipients: Flag to attempt decryption with all provided recipient keys (optional). /// - password: Password for key derivation (optional). @@ -284,7 +270,6 @@ public extension JWEMultiDecryptor { authenticationTag: Data? = nil, senderKey: JWK? = nil, recipientKey: JWK? = nil, - sharedKey: JWK? = nil, additionalAuthenticationData: Data?, tryAllRecipients: Bool = false, password: Data? = nil, @@ -302,7 +287,6 @@ public extension JWEMultiDecryptor { authenticationTag: authenticationTag, senderKey: senderKey, recipientKey: recipientKey, - sharedKey: sharedKey, additionalAuthenticationData: aad, tryAllRecipients: tryAllRecipients, password: password, diff --git a/Sources/JSONWebEncryption/EncryptionModule/Decryptors/MultiDecryptor.swift b/Sources/JSONWebEncryption/EncryptionModule/Decryptors/MultiDecryptor.swift index 3065a8b..415cda3 100644 --- a/Sources/JSONWebEncryption/EncryptionModule/Decryptors/MultiDecryptor.swift +++ b/Sources/JSONWebEncryption/EncryptionModule/Decryptors/MultiDecryptor.swift @@ -32,7 +32,6 @@ struct MultiDecryptor: JWEMultiDecryptor { authenticationTag: Data?, senderKey: JWK?, recipientKey: JWK?, - sharedKey: JWK?, additionalAuthenticationData: Data?, tryAllRecipients: Bool, password: Data? = nil, @@ -40,7 +39,7 @@ struct MultiDecryptor: JWEMultiDecryptor { ) throws -> Data { let aad = try AAD.computeAAD(header: protectedHeader, aad: additionalAuthenticationData) - guard let key = recipientKey ?? sharedKey else { + guard let key = recipientKey else { throw JWE.JWEError.missingRecipientKey } @@ -64,8 +63,7 @@ struct MultiDecryptor: JWEMultiDecryptor { authenticationTag: authenticationTag, additionalAuthenticationData: aad, senderKey: senderKey, - recipientKey: recipientKey, - sharedKey: sharedKey + recipientKey: recipientKey )) != nil } @@ -91,8 +89,7 @@ struct MultiDecryptor: JWEMultiDecryptor { authenticationTag: authenticationTag, additionalAuthenticationData: aad, senderKey: senderKey, - recipientKey: recipientKey, - sharedKey: sharedKey + recipientKey: recipientKey ) } @@ -123,8 +120,7 @@ struct MultiDecryptor: JWEMultiDecryptor { authenticationTag: authenticationTag, additionalAuthenticationData: aad, senderKey: senderKey, - recipientKey: recipientKey, - sharedKey: sharedKey + recipientKey: recipientKey ) } } diff --git a/Sources/JSONWebEncryption/EncryptionModule/Decryptors/PasswordBasedDecryptor.swift b/Sources/JSONWebEncryption/EncryptionModule/Decryptors/PasswordBasedDecryptor.swift index 098a0e2..ddac7b2 100644 --- a/Sources/JSONWebEncryption/EncryptionModule/Decryptors/PasswordBasedDecryptor.swift +++ b/Sources/JSONWebEncryption/EncryptionModule/Decryptors/PasswordBasedDecryptor.swift @@ -50,7 +50,6 @@ struct PasswordBasedJWEDecryptor: JWEDecryptor { additionalAuthenticationData: Data?, senderKey: JWK?, recipientKey: JWK?, - sharedKey: JWK?, password: Data? ) throws -> Data { guard let iterationCount = getSaltCount( diff --git a/Sources/JSONWebEncryption/EncryptionModule/Decryptors/RSADecryptor.swift b/Sources/JSONWebEncryption/EncryptionModule/Decryptors/RSADecryptor.swift index d127849..4cd4ef7 100644 --- a/Sources/JSONWebEncryption/EncryptionModule/Decryptors/RSADecryptor.swift +++ b/Sources/JSONWebEncryption/EncryptionModule/Decryptors/RSADecryptor.swift @@ -50,7 +50,6 @@ struct RSAJWEDecryptor: JWEDecryptor { additionalAuthenticationData: Data?, senderKey: JWK?, recipientKey: JWK?, - sharedKey: JWK?, password: Data? ) throws -> Data { guard let alg = getKeyAlgorithm( diff --git a/Sources/JSONWebEncryption/JWE+Decrypt.swift b/Sources/JSONWebEncryption/JWE+Decrypt.swift index ea28a28..ae09722 100644 --- a/Sources/JSONWebEncryption/JWE+Decrypt.swift +++ b/Sources/JSONWebEncryption/JWE+Decrypt.swift @@ -56,14 +56,12 @@ extension JWE { /// - Parameters: /// - senderKey: The sender's key, if applicable. Used in certain key agreement protocols. /// - recipientKey: The recipient's key, if applicable. Typically used for asymmetric decryption. - /// - sharedKey: A shared key, if applicable. Used for symmetric decryption. /// - password: An optional password for decryption algorithms that require it. /// - Returns: The decrypted data as `Data`. /// - Throws: `JWEError` for errors related to missing algorithms, keys, or failed decryption. public func decrypt( senderKey: KeyRepresentable? = nil, recipientKey: KeyRepresentable? = nil, - sharedKey: KeyRepresentable? = nil, password: Data? = nil ) throws -> Data { guard let alg = getKeyAlgorithm( @@ -84,7 +82,6 @@ extension JWE { additionalAuthenticationData: additionalAuthenticatedData, senderKey: senderKey.map { try prepareJWK(key: $0) }, recipientKey: recipientKey.map { try prepareJWK(key: $0) }, - sharedKey: sharedKey.map { try prepareJWK(key: $0) }, password: password ) } @@ -101,7 +98,6 @@ extension JWE { /// - compactString: The compact serialization string of the JWE. /// - senderKey: The sender's key, if applicable. /// - recipientKey: The recipient's key, if applicable. - /// - sharedKey: A shared key, if applicable. /// - password: An optional password for decryption algorithms that require it. /// - Returns: The decrypted data as `Data`. /// - Throws: `JWEError` for errors related to parsing the compact string, missing algorithms, keys, or failed decryption. @@ -109,14 +105,12 @@ extension JWE { compactString: String, senderKey: KeyRepresentable? = nil, recipientKey: KeyRepresentable? = nil, - sharedKey: KeyRepresentable? = nil, password: Data? = nil ) throws -> Data { try JWE(compactString: compactString) .decrypt( senderKey: senderKey, recipientKey: recipientKey, - sharedKey: sharedKey, password: password ) } @@ -133,7 +127,6 @@ extension JWE { /// - jweJson: The JSON data representing the JWE. /// - senderKey: The sender's key, if applicable. /// - recipientKey: The recipient's key, if applicable. - /// - sharedKey: A shared key, if applicable. /// - password: An optional password for decryption algorithms that require it. /// - tryAllRecipients: A flag to try all recipient keys in the JSON data for decryption. /// - Returns: The decrypted data as `Data`. @@ -142,7 +135,6 @@ extension JWE { jweJson: Data, senderKey: KeyRepresentable? = nil, recipientKey: KeyRepresentable? = nil, - sharedKey: KeyRepresentable? = nil, password: Data? = nil, tryAllRecipients: Bool = false ) throws -> Data { @@ -151,7 +143,6 @@ extension JWE { jweJson: jsonObj, senderKey: senderKey, recipientKey: recipientKey, - sharedKey: sharedKey, password: password, tryAllRecipients: tryAllRecipients ) @@ -169,7 +160,6 @@ extension JWE { /// - jweJson: The `JWEJson` object representing the JWE. /// - senderKey: The sender's key, if applicable. /// - recipientKey: The recipient's key, if applicable. - /// - sharedKey: A shared key, if applicable. /// - password: An optional password for decryption algorithms that require it. /// - tryAllRecipients: A flag to try all recipient keys in the `JWEJson` object for decryption. /// - Returns: The decrypted data as `Data`. @@ -182,7 +172,6 @@ extension JWE { jweJson: JWEJson, senderKey: KeyRepresentable? = nil, recipientKey: KeyRepresentable? = nil, - sharedKey: KeyRepresentable? = nil, password: Data? = nil, tryAllRecipients: Bool = false ) throws -> Data { @@ -200,7 +189,6 @@ extension JWE { authenticationTag: jweJson.authenticationTag, senderKey: senderKey.map { try prepareJWK(key: $0) }, recipientKey: recipientKey.map { try prepareJWK(key: $0) }, - sharedKey: sharedKey.map { try prepareJWK(key: $0) }, additionalAuthenticationData: aad, tryAllRecipients: tryAllRecipients, password: password diff --git a/Sources/JSONWebToken/JWT+Encryption.swift b/Sources/JSONWebToken/JWT+Encryption.swift index 0193762..038efcb 100644 --- a/Sources/JSONWebToken/JWT+Encryption.swift +++ b/Sources/JSONWebToken/JWT+Encryption.swift @@ -33,7 +33,6 @@ extension JWT { /// - unprotectedHeader: An optional header with fields that will be unprotected (not encrypted). /// - senderKey: An optional `JWK` representing the sender's key. /// - recipientKey: An optional `JWK` representing the recipient's key. - /// - sharedKey: An optional shared symmetric key used in key agreement protocols. /// - cek: An optional content encryption key. /// - initializationVector: An optional initialization vector for the encryption algorithm. /// - additionalAuthenticationData: Optional additional data authenticated along with the payload. @@ -48,7 +47,6 @@ extension JWT { unprotectedHeader: U? = nil as DefaultJWEHeaderImpl?, senderKey: KeyRepresentable?, recipientKey: KeyRepresentable?, - sharedKey: KeyRepresentable?, cek: Data? = nil, initializationVector: Data? = nil, additionalAuthenticationData: Data? = nil @@ -89,7 +87,6 @@ extension JWT { /// - unprotectedHeader: An optional header conforming to `JWERegisteredFieldsHeader` that specifies the unprotected header fields. /// - senderKey: An optional `KeyRepresentable` representing the sender's key, used in key agreement protocols or authenticated encryption schemes. /// - recipientKey: A `KeyRepresentable` representing the recipient's key. This key is necessary to decrypt and unwrap the Content Encryption Key (CEK). - /// - sharedKey: An optional `KeyRepresentable` representing a shared symmetric key used in key agreement protocols. /// - cek: An optional Content Encryption Key (`Data`). If not provided, one will be automatically generated. /// - initializationVector: An optional initialization vector (`Data`) for the encryption algorithm. If not provided, one will be generated. /// - additionalAuthenticationData: Optional additional data that will be authenticated but not encrypted. This helps ensure the integrity of any external data. @@ -109,7 +106,6 @@ extension JWT { unprotectedHeader: U? = nil as DefaultJWEHeaderImpl?, senderKey: KeyRepresentable?, recipientKey: KeyRepresentable?, - sharedKey: KeyRepresentable?, cek: Data? = nil, initializationVector: Data? = nil, additionalAuthenticationData: Data? = nil @@ -279,7 +275,6 @@ extension JWT { /// - unprotectedHeader: An optional header with fields that will be unprotected (not encrypted) in the outer JWE layer. /// - senderKey: An optional `JWK` representing the sender's key for the outer JWE layer. /// - recipientKey: An optional `JWK` representing the recipient's key for the outer JWE layer. - /// - sharedKey: An optional shared symmetric key used in key agreement protocols for the outer JWE layer. /// - cek: An optional content encryption key for the outer JWE layer. /// - initializationVector: An optional initialization vector for the outer JWE encryption algorithm. /// - additionalAuthenticationData: Optional additional data authenticated along with the payload for the outer JWE layer. @@ -294,7 +289,6 @@ extension JWT { unprotectedHeader: U? = nil as DefaultJWEHeaderImpl?, senderKey: KeyRepresentable? = nil, recipientKey: KeyRepresentable? = nil, - sharedKey: KeyRepresentable? = nil, cek: Data? = nil, initializationVector: Data? = nil, additionalAuthenticationData: Data? = nil @@ -333,7 +327,6 @@ extension JWT { /// - unprotectedHeader: An optional header with fields that will be unprotected (not encrypted) in the outer JWE layer. /// - senderKey: An optional `JWK` representing the sender's key for the outer JWE layer. /// - recipientKey: An optional `JWK` representing the recipient's key for the outer JWE layer. - /// - sharedKey: An optional shared symmetric key used in key agreement protocols for the outer JWE layer. /// - cek: An optional content encryption key for the outer JWE layer. /// - initializationVector: An optional initialization vector for the outer JWE encryption algorithm. /// - additionalAuthenticationData: Optional additional data authenticated along with the payload for the outer JWE layer. @@ -341,7 +334,6 @@ extension JWT { /// - nestedUnprotectedHeader: An optional header with fields that will be unprotected (not encrypted) in the inner JWE layer. /// - nestedSenderKey: An optional `JWK` representing the sender's key for the inner JWE layer. /// - nestedRecipientKey: An optional `JWK` representing the recipient's key for the inner JWE layer. - /// - nestedSharedKey: An optional shared symmetric key used in key agreement protocols for the inner JWE layer. /// - nestedCek: An optional content encryption key for the inner JWE layer. /// - nestedInitializationVector: An optional initialization vector for the inner JWE encryption algorithm. /// - nestedAdditionalAuthenticationData: Optional additional data authenticated along with the payload for the inner JWE layer. @@ -358,7 +350,6 @@ extension JWT { unprotectedHeader: U? = nil as DefaultJWEHeaderImpl?, senderKey: KeyRepresentable? = nil, recipientKey: KeyRepresentable? = nil, - sharedKey: KeyRepresentable? = nil, cek: Data? = nil, initializationVector: Data? = nil, additionalAuthenticationData: Data? = nil, @@ -366,7 +357,6 @@ extension JWT { nestedUnprotectedHeader: NU? = nil as DefaultJWEHeaderImpl?, nestedSenderKey: KeyRepresentable? = nil, nestedRecipientKey: KeyRepresentable? = nil, - nestedSharedKey: KeyRepresentable? = nil, nestedCek: Data? = nil, nestedInitializationVector: Data? = nil, nestedAdditionalAuthenticationData: Data? = nil @@ -377,7 +367,6 @@ extension JWT { unprotectedHeader: nestedUnprotectedHeader, senderKey: nestedSenderKey, recipientKey: nestedRecipientKey, - sharedKey: nestedSharedKey, cek: nestedCek, initializationVector: nestedInitializationVector, additionalAuthenticationData: nestedAdditionalAuthenticationData @@ -389,7 +378,6 @@ extension JWT { unprotectedHeader: unprotectedHeader, senderKey: senderKey, recipientKey: recipientKey, - sharedKey: sharedKey, cek: cek, initializationVector: initializationVector, additionalAuthenticationData: additionalAuthenticationData @@ -407,7 +395,6 @@ extension JWT { unprotectedHeader: U? = nil as DefaultJWEHeaderImpl?, senderKey: KeyRepresentable? = nil, recipientKey: KeyRepresentable? = nil, - sharedKey: KeyRepresentable? = nil, cek: Data? = nil, initializationVector: Data? = nil, additionalAuthenticationData: Data? = nil, @@ -415,7 +402,6 @@ extension JWT { nestedUnprotectedHeader: NU? = nil as DefaultJWEHeaderImpl?, nestedSenderKey: KeyRepresentable? = nil, nestedRecipientKey: KeyRepresentable? = nil, - nestedSharedKey: KeyRepresentable? = nil, nestedCek: Data? = nil, nestedInitializationVector: Data? = nil, nestedAdditionalAuthenticationData: Data? = nil @@ -426,7 +412,6 @@ extension JWT { unprotectedHeader: nestedUnprotectedHeader, senderKey: nestedSenderKey, recipientKey: nestedRecipientKey, - sharedKey: nestedSharedKey, cek: nestedCek, initializationVector: nestedInitializationVector, additionalAuthenticationData: nestedAdditionalAuthenticationData @@ -438,7 +423,6 @@ extension JWT { unprotectedHeader: unprotectedHeader, senderKey: senderKey, recipientKey: recipientKey, - sharedKey: sharedKey, cek: cek, initializationVector: initializationVector, additionalAuthenticationData: additionalAuthenticationData diff --git a/Sources/JSONWebToken/JWT+Verification.swift b/Sources/JSONWebToken/JWT+Verification.swift index 36f18f6..e702038 100644 --- a/Sources/JSONWebToken/JWT+Verification.swift +++ b/Sources/JSONWebToken/JWT+Verification.swift @@ -43,7 +43,6 @@ extension JWT { jwtString: String, senderKey: KeyRepresentable? = nil, recipientKey: KeyRepresentable? = nil, - sharedKey: KeyRepresentable? = nil, nestedKeys: [KeyRepresentable] = [], expectedIssuer: String? = nil, expectedAudience: String? = nil @@ -61,7 +60,6 @@ extension JWT { jwtString: jws.payload.tryToString(), senderKey: senderKey, recipientKey: recipientKey, - sharedKey: sharedKey, nestedKeys: nestedKeys, expectedIssuer: expectedIssuer, expectedAudience: expectedAudience @@ -72,7 +70,6 @@ extension JWT { jwtString: jws.payload.tryToString(), senderKey: key, recipientKey: nil, - sharedKey: sharedKey, nestedKeys: nestedKeys, expectedIssuer: expectedIssuer, expectedAudience: expectedAudience @@ -94,8 +91,7 @@ extension JWT { let decryptedPayload = try jwe.decrypt( senderKey: senderKey, - recipientKey: recipientKey, - sharedKey: sharedKey + recipientKey: recipientKey ) if jwe.protectedHeader.contentType == "JWT" { @@ -107,7 +103,6 @@ extension JWT { jwtString: decryptedPayload.tryToString(), senderKey: senderKey, recipientKey: recipientKey, - sharedKey: sharedKey, nestedKeys: nestedKeys, expectedIssuer: expectedIssuer, expectedAudience: expectedAudience @@ -118,7 +113,6 @@ extension JWT { jwtString: decryptedPayload.tryToString(), senderKey: senderKey, recipientKey: key, - sharedKey: sharedKey, nestedKeys: nestedKeys, expectedIssuer: expectedIssuer, expectedAudience: expectedAudience @@ -158,7 +152,6 @@ extension JWT { signerKey: KeyRepresentable? = nil, senderKey: KeyRepresentable? = nil, recipientKey: KeyRepresentable? = nil, - sharedKey: KeyRepresentable? = nil, nestedKeys: [KeyRepresentable] = [], expectedIssuer: String? = nil, expectedAudience: String? = nil @@ -176,7 +169,6 @@ extension JWT { jwtString: jws.payload.tryToString(), senderKey: senderKey, recipientKey: recipientKey, - sharedKey: sharedKey, nestedKeys: nestedKeys, expectedIssuer: expectedIssuer, expectedAudience: expectedAudience @@ -187,7 +179,6 @@ extension JWT { jwtString: jws.payload.tryToString(), senderKey: key, recipientKey: nil, - sharedKey: sharedKey, nestedKeys: nestedKeys, expectedIssuer: expectedIssuer, expectedAudience: expectedAudience @@ -209,8 +200,7 @@ extension JWT { let decryptedPayload = try jwe.decrypt( senderKey: senderKey, - recipientKey: recipientKey, - sharedKey: sharedKey + recipientKey: recipientKey ) if jwe.protectedHeader.contentType == "JWT" { @@ -222,7 +212,6 @@ extension JWT { jwtString: decryptedPayload.tryToString(), senderKey: senderKey, recipientKey: recipientKey, - sharedKey: sharedKey, nestedKeys: nestedKeys, expectedIssuer: expectedIssuer, expectedAudience: expectedAudience @@ -233,7 +222,6 @@ extension JWT { jwtString: decryptedPayload.tryToString(), senderKey: senderKey, recipientKey: key, - sharedKey: sharedKey, nestedKeys: nestedKeys, expectedIssuer: expectedIssuer, expectedAudience: expectedAudience @@ -256,7 +244,6 @@ extension JWT { jwtString: String, senderKey: KeyRepresentable?, recipientKey: KeyRepresentable?, - sharedKey: KeyRepresentable?, nestedKeys: [KeyRepresentable], expectedIssuer: String?, expectedAudience: String? @@ -269,7 +256,6 @@ extension JWT { jwtString: jwtString, senderKey: key, recipientKey: recipientKey, - sharedKey: sharedKey, nestedKeys: nestedKeys, expectedIssuer: expectedIssuer, expectedAudience: expectedAudience @@ -279,7 +265,6 @@ extension JWT { jwtString: jwtString, senderKey: senderKey, recipientKey: key, - sharedKey: key, nestedKeys: nestedKeys, expectedIssuer: expectedIssuer, expectedAudience: expectedAudience diff --git a/Sources/jose-swift/jose-swift.docc/Articles/Tutorials/EncryptingJWT.md b/Sources/jose-swift/jose-swift.docc/Articles/Tutorials/EncryptingJWT.md index 90ea894..7756246 100644 --- a/Sources/jose-swift/jose-swift.docc/Articles/Tutorials/EncryptingJWT.md +++ b/Sources/jose-swift/jose-swift.docc/Articles/Tutorials/EncryptingJWT.md @@ -30,7 +30,6 @@ let encryptedJWT = try JWT.encrypt( protectedHeader: header, senderKey: nil, recipientKey: nil, - sharedKey: nil, cek: cek ) @@ -65,8 +64,7 @@ let encryptedJWT = try JWT.encrypt( }, protectedHeader: header, senderKey: nil, - recipientKey: publicKey, - sharedKey: nil + recipientKey: publicKey ) // Output the encrypted JWT string: diff --git a/Tests/ExampleTests/ExampleTests.swift b/Tests/ExampleTests/ExampleTests.swift index d123075..81e3ccc 100644 --- a/Tests/ExampleTests/ExampleTests.swift +++ b/Tests/ExampleTests/ExampleTests.swift @@ -515,7 +515,6 @@ final class ExamplesTests: XCTestCase { protectedHeader: header, senderKey: nil, recipientKey: nil, - sharedKey: nil, cek: cek ) @@ -543,8 +542,7 @@ final class ExamplesTests: XCTestCase { }, protectedHeader: header, senderKey: nil, - recipientKey: publicKey, - sharedKey: nil + recipientKey: publicKey ) // Output the encrypted JWT string: diff --git a/Tests/JWETests/AESTests.swift b/Tests/JWETests/AESTests.swift index cd43b55..a8ff9dc 100644 --- a/Tests/JWETests/AESTests.swift +++ b/Tests/JWETests/AESTests.swift @@ -47,7 +47,7 @@ final class AESTests: XCTestCase { initializationVector: jwe.initializationVector, authenticationTag: jwe.authenticationTag, additionalAuthenticationData: jwe.additionalAuthenticationData, - sharedKey: sharedKey + recipientKey: sharedKey ) XCTAssertEqual(payload, decrypted) @@ -79,7 +79,7 @@ final class AESTests: XCTestCase { initializationVector: jwe.initializationVector, authenticationTag: jwe.authenticationTag, additionalAuthenticationData: jwe.additionalAuthenticationData, - sharedKey: sharedKey + recipientKey: sharedKey ) XCTAssertEqual(payload, decrypted) @@ -111,7 +111,7 @@ final class AESTests: XCTestCase { initializationVector: jwe.initializationVector, authenticationTag: jwe.authenticationTag, additionalAuthenticationData: jwe.additionalAuthenticationData, - sharedKey: sharedKey + recipientKey: sharedKey ) XCTAssertEqual(payload, decrypted) @@ -143,7 +143,7 @@ final class AESTests: XCTestCase { initializationVector: jwe.initializationVector, authenticationTag: jwe.authenticationTag, additionalAuthenticationData: jwe.additionalAuthenticationData, - sharedKey: sharedKey + recipientKey: sharedKey ) XCTAssertEqual(payload, decrypted) @@ -175,7 +175,7 @@ final class AESTests: XCTestCase { initializationVector: jwe.initializationVector, authenticationTag: jwe.authenticationTag, additionalAuthenticationData: jwe.additionalAuthenticationData, - sharedKey: sharedKey + recipientKey: sharedKey ) XCTAssertEqual(payload, decrypted) @@ -207,7 +207,7 @@ final class AESTests: XCTestCase { initializationVector: jwe.initializationVector, authenticationTag: jwe.authenticationTag, additionalAuthenticationData: jwe.additionalAuthenticationData, - sharedKey: sharedKey + recipientKey: sharedKey ) XCTAssertEqual(payload, decrypted) diff --git a/Tests/JWETests/DirectTests.swift b/Tests/JWETests/DirectTests.swift index f97011b..73c4102 100644 --- a/Tests/JWETests/DirectTests.swift +++ b/Tests/JWETests/DirectTests.swift @@ -47,7 +47,7 @@ final class DirectTests: XCTestCase { initializationVector: jwe.initializationVector, authenticationTag: jwe.authenticationTag, additionalAuthenticationData: jwe.additionalAuthenticationData, - sharedKey: .init(keyType: .octetSequence, key: secretKey) + recipientKey: .init(keyType: .octetSequence, key: secretKey) ) XCTAssertEqual(payload, decrypted) diff --git a/Tests/JWETests/PBES2Tests.swift b/Tests/JWETests/PBES2Tests.swift index 1ed85ea..19fa465 100644 --- a/Tests/JWETests/PBES2Tests.swift +++ b/Tests/JWETests/PBES2Tests.swift @@ -55,7 +55,6 @@ final class PBES2Tests: XCTestCase { additionalAuthenticationData: encryption.additionalAuthenticationData, senderKey: nil, recipientKey: nil, - sharedKey: nil, password: password ) @@ -97,7 +96,6 @@ final class PBES2Tests: XCTestCase { additionalAuthenticationData: encryption.additionalAuthenticationData, senderKey: nil, recipientKey: nil, - sharedKey: nil, password: password ) @@ -139,7 +137,6 @@ final class PBES2Tests: XCTestCase { additionalAuthenticationData: encryption.additionalAuthenticationData, senderKey: nil, recipientKey: nil, - sharedKey: nil, password: password ) diff --git a/Tests/JWETests/RFC7520Tests.swift b/Tests/JWETests/RFC7520Tests.swift index 3507133..6676e34 100644 --- a/Tests/JWETests/RFC7520Tests.swift +++ b/Tests/JWETests/RFC7520Tests.swift @@ -469,8 +469,7 @@ final class RFC7520Tests: XCTestCase { let decrypted = try JWE.decrypt( compactString: serialization, - recipientKey: recipientJWK, - sharedKey: sharedSymmetricKey + recipientKey: sharedSymmetricKey ) XCTAssertEqual(payload, decrypted) @@ -494,8 +493,7 @@ final class RFC7520Tests: XCTestCase { let decryptedTestVector = try JWE.decrypt( compactString: expectedSerializationTestVector, - recipientKey: recipientJWK, - sharedKey: sharedSymmetricKey + recipientKey: sharedSymmetricKey ) XCTAssertEqual(payload, decryptedTestVector) @@ -733,8 +731,7 @@ final class RFC7520Tests: XCTestCase { let decrypted = try JWE.decrypt( jweJson: try JSONEncoder.jose.encode(serialization), senderKey: nil, - recipientKey: recipientJWK, - sharedKey: nil + recipientKey: recipientJWK ) XCTAssertEqual(payload, decrypted) @@ -769,8 +766,7 @@ final class RFC7520Tests: XCTestCase { let decryptedTestVector = try JWE.decrypt( jweJson: expectedSerializationTestVector, senderKey: nil, - recipientKey: recipientJWK, - sharedKey: nil + recipientKey: recipientJWK ) XCTAssertEqual(payload, decryptedTestVector) @@ -834,8 +830,7 @@ final class RFC7520Tests: XCTestCase { let decryptedTestVector = try JWE.decrypt( jweJson: expectedSerializationTestVector, senderKey: nil, - recipientKey: recipientJWK, - sharedKey: nil + recipientKey: recipientJWK ) XCTAssertEqual(payload, decryptedTestVector) @@ -897,8 +892,7 @@ final class RFC7520Tests: XCTestCase { let decryptedTestVector = try JWE.decrypt( jweJson: expectedSerializationTestVector, senderKey: nil, - recipientKey: recipientJWK, - sharedKey: nil + recipientKey: recipientJWK ) XCTAssertEqual(payload, decryptedTestVector) @@ -1028,22 +1022,19 @@ final class RFC7520Tests: XCTestCase { let decryptedRecipient1 = try JWE.decrypt( jweJson: jsonData, senderKey: nil, - recipientKey: recipientJWK1, - sharedKey: nil + recipientKey: recipientJWK1 ) let decryptedRecipient2 = try JWE.decrypt( jweJson: jsonData, senderKey: nil, - recipientKey: recipientJWK2, - sharedKey: nil + recipientKey: recipientJWK2 ) let decryptedRecipient3 = try JWE.decrypt( jweJson: jsonData, senderKey: nil, - recipientKey: recipientJWK3, - sharedKey: nil + recipientKey: recipientJWK3 ) XCTAssertEqual(payload, decryptedRecipient1) @@ -1113,22 +1104,19 @@ final class RFC7520Tests: XCTestCase { let decryptedTestVectorRecipient1 = try JWE.decrypt( jweJson: expectedSerializationTestVector, senderKey: nil, - recipientKey: recipientJWK1, - sharedKey: nil + recipientKey: recipientJWK1 ) let decryptedTestVectorRecipient2 = try JWE.decrypt( jweJson: expectedSerializationTestVector, senderKey: nil, - recipientKey: recipientJWK2, - sharedKey: nil + recipientKey: recipientJWK2 ) let decryptedTestVectorRecipient3 = try JWE.decrypt( jweJson: expectedSerializationTestVector, senderKey: nil, - recipientKey: recipientJWK3, - sharedKey: nil + recipientKey: recipientJWK3 ) XCTAssertEqual(payload, decryptedTestVectorRecipient1)