feat: removed sharedKey since it just caused confusion recipientKey s…

…hould be used BREAKING CHANGE
beatt83 · Dec 7, 2024 · 3960a7f · 3960a7f
1 parent d7e5875
commit 3960a7f
Show file tree

Hide file tree

Showing 17 changed files with 29 additions and 117 deletions.
diff --git a/Sources/JSONWebEncryption/EncryptionModule/Decryptors/AESDecryptor.swift b/Sources/JSONWebEncryption/EncryptionModule/Decryptors/AESDecryptor.swift
@@ -53,7 +53,6 @@ struct AESJWEDecryptor: JWEDecryptor {
         additionalAuthenticationData: Data?,
         senderKey: JWK?,
         recipientKey: JWK?,
-        sharedKey: JWK?,
         password: Data?
     ) throws -> Data {
         guard let alg = getKeyAlgorithm(
@@ -87,7 +86,7 @@ struct AESJWEDecryptor: JWEDecryptor {
             )
         }
 
-        guard let kek = sharedKey ?? recipientKey else{
+        guard let kek = recipientKey else{
             throw JWE.JWEError.missingKek
         }
 

diff --git a/Sources/JSONWebEncryption/EncryptionModule/Decryptors/DirectDecryptor.swift b/Sources/JSONWebEncryption/EncryptionModule/Decryptors/DirectDecryptor.swift
@@ -48,7 +48,6 @@ struct DirectJWEDecryptor: JWEDecryptor {
         additionalAuthenticationData: Data?,
         senderKey: JWK?,
         recipientKey: JWK?,
-        sharedKey: JWK?,
         password: Data?
     ) throws -> Data {
         guard let enc = getEncoding(
@@ -82,7 +81,7 @@ struct DirectJWEDecryptor: JWEDecryptor {
             throw JWE.JWEError.missingContentAuthenticationTag
         }
 
-        guard let cek = sharedKey?.key else {
+        guard let cek = recipientKey?.key else {
             throw JWE.JWEError.missingCek
         }
 

diff --git a/Sources/JSONWebEncryption/EncryptionModule/Decryptors/ECDH1PUDecryptor.swift b/Sources/JSONWebEncryption/EncryptionModule/Decryptors/ECDH1PUDecryptor.swift
@@ -54,7 +54,6 @@ struct ECDH1PUJWEDecryptor: JWEDecryptor {
         additionalAuthenticationData: Data?,
         senderKey: JWK?,
         recipientKey: JWK?,
-        sharedKey: JWK?,
         password: Data?
     ) throws -> Data {
         guard let alg = getKeyAlgorithm(

diff --git a/Sources/JSONWebEncryption/EncryptionModule/Decryptors/ECDHDecryptor.swift b/Sources/JSONWebEncryption/EncryptionModule/Decryptors/ECDHDecryptor.swift
@@ -54,7 +54,6 @@ struct ECDHJWEDecryptor: JWEDecryptor {
         additionalAuthenticationData: Data?,
         senderKey: JWK?,
         recipientKey: JWK?,
-        sharedKey: JWK?,
         password: Data?
     ) throws -> Data {
         guard let alg = getKeyAlgorithm(

diff --git a/Sources/JSONWebEncryption/EncryptionModule/Decryptors/JWEDecryptor.swift b/Sources/JSONWebEncryption/EncryptionModule/Decryptors/JWEDecryptor.swift
@@ -38,7 +38,6 @@ public protocol JWEDecryptor: Sendable {
     ///   - additionalAuthenticationData: Additional authenticated data.
     ///   - senderKey: Optional sender's key.
     ///   - recipientKey: Optional recipient's key.
-    ///   - sharedKey: Optional shared key.
     ///   - password: Optional password for key derivation.
     /// - Returns: Decrypted data as `Data`.
     /// - Throws: Encryption related errors.
@@ -53,7 +52,6 @@ public protocol JWEDecryptor: Sendable {
         additionalAuthenticationData: Data?,
         senderKey: JWK?,
         recipientKey: JWK?,
-        sharedKey: JWK?,
         password: Data?
     ) throws -> Data
 }
@@ -70,7 +68,6 @@ public protocol JWEMultiDecryptor: Sendable {
     ///   - authenticationTag: Authentication tag for verifying the integrity of the decrypted data.
     ///   - senderKey: Optional sender's key.
     ///   - recipientKey: Optional recipient's key.
-    ///   - sharedKey: Optional shared key.
     ///   - additionalAuthenticationData: Additional authenticated data.
     ///   - tryAllRecipients: Flag to attempt decryption with all provided recipient keys.
     ///   - password: Optional password for key derivation.
@@ -86,7 +83,6 @@ public protocol JWEMultiDecryptor: Sendable {
         authenticationTag: Data?,
         senderKey: JWK?,
         recipientKey: JWK?,
-        sharedKey: JWK?,
         additionalAuthenticationData: Data?,
         tryAllRecipients: Bool,
         password: Data?,
@@ -109,7 +105,6 @@ public extension JWEDecryptor {
     ///   - additionalAuthenticationData: Additional authenticated data (optional).
     ///   - senderKey: Sender's key (optional).
     ///   - recipientKey: Recipient's key (optional).
-    ///   - sharedKey: Shared key (optional).
     ///   - password: Password for key derivation (optional).
     /// - Returns: Decrypted data as `Data`.
     /// - Throws: Encryption related errors.
@@ -128,7 +123,6 @@ public extension JWEDecryptor {
         additionalAuthenticationData: Data? = nil,
         senderKey: JWK? = nil,
         recipientKey: JWK? = nil,
-        sharedKey: JWK? = nil,
         password: Data? = nil
     ) throws -> Data {
         try self.decrypt(
@@ -142,7 +136,6 @@ public extension JWEDecryptor {
             additionalAuthenticationData: additionalAuthenticationData,
             senderKey: senderKey,
             recipientKey: recipientKey,
-            sharedKey: sharedKey,
             password: password
         )
     }
@@ -159,7 +152,6 @@ public extension JWEDecryptor {
     ///   - additionalAuthenticationData: Additional authenticated data (optional).
     ///   - senderKey: Sender's key (optional).
     ///   - recipientKey: Recipient's key (optional).
-    ///   - sharedKey: Shared key (optional).
     ///   - password: Password for key derivation (optional).
     /// - Returns: Decrypted data as `Data`.
     /// - Throws: Encryption related errors.
@@ -176,7 +168,6 @@ public extension JWEDecryptor {
         additionalAuthenticationData: Data? = nil,
         senderKey: JWK? = nil,
         recipientKey: JWK? = nil,
-        sharedKey: JWK? = nil,
         password: Data? = nil
     ) throws -> Data {
         let aad = try AAD.computeAAD(header: encodedProtectedHeader, aad: additionalAuthenticationData)
@@ -194,7 +185,6 @@ public extension JWEDecryptor {
             additionalAuthenticationData: aad,
             senderKey: senderKey,
             recipientKey: recipientKey,
-            sharedKey: sharedKey,
             password: password
         )
     }
@@ -213,7 +203,6 @@ public extension JWEMultiDecryptor {
     ///   - authenticationTag: Authentication tag (optional).
     ///   - senderKey: Sender's key (optional).
     ///   - recipientKey: Recipient's key (optional).
-    ///   - sharedKey: Shared key (optional).
     ///   - additionalAuthenticationData: Additional authenticated data (optional).
     ///   - tryAllRecipients: Flag to attempt decryption with all provided recipient keys (optional).
     ///   - password: Password for key derivation (optional).
@@ -233,7 +222,6 @@ public extension JWEMultiDecryptor {
         authenticationTag: Data? = nil,
         senderKey: JWK? = nil,
         recipientKey: JWK? = nil,
-        sharedKey: JWK? = nil,
         additionalAuthenticationData: Data? = nil,
         tryAllRecipients: Bool = false,
         password: Data? = nil,
@@ -248,7 +236,6 @@ public extension JWEMultiDecryptor {
             authenticationTag: authenticationTag,
             senderKey: senderKey,
             recipientKey: recipientKey,
-            sharedKey: sharedKey,
             additionalAuthenticationData: additionalAuthenticationData,
             tryAllRecipients: tryAllRecipients,
             password: password,
@@ -266,7 +253,6 @@ public extension JWEMultiDecryptor {
     ///   - authenticationTag: Authentication tag (optional).
     ///   - senderKey: Sender's key (optional).
     ///   - recipientKey: Recipient's key (optional).
-    ///   - sharedKey: Shared key (optional).
     ///   - additionalAuthenticationData: Additional authenticated data (optional).
     ///   - tryAllRecipients: Flag to attempt decryption with all provided recipient keys (optional).
     ///   - password: Password for key derivation (optional).
@@ -284,7 +270,6 @@ public extension JWEMultiDecryptor {
         authenticationTag: Data? = nil,
         senderKey: JWK? = nil,
         recipientKey: JWK? = nil,
-        sharedKey: JWK? = nil,
         additionalAuthenticationData: Data?,
         tryAllRecipients: Bool = false,
         password: Data? = nil,
@@ -302,7 +287,6 @@ public extension JWEMultiDecryptor {
             authenticationTag: authenticationTag,
             senderKey: senderKey,
             recipientKey: recipientKey,
-            sharedKey: sharedKey,
             additionalAuthenticationData: aad,
             tryAllRecipients: tryAllRecipients,
             password: password,

diff --git a/Sources/JSONWebEncryption/EncryptionModule/Decryptors/MultiDecryptor.swift b/Sources/JSONWebEncryption/EncryptionModule/Decryptors/MultiDecryptor.swift
@@ -32,15 +32,14 @@ struct MultiDecryptor: JWEMultiDecryptor {
         authenticationTag: Data?,
         senderKey: JWK?,
         recipientKey: JWK?,
-        sharedKey: JWK?,
         additionalAuthenticationData: Data?,
         tryAllRecipients: Bool,
         password: Data? = nil,
         encryptionModule: JWEEncryptionModule
     ) throws -> Data {
         let aad = try AAD.computeAAD(header: protectedHeader, aad: additionalAuthenticationData)
 
-        guard let key = recipientKey ?? sharedKey else {
+        guard let key = recipientKey else {
             throw JWE.JWEError.missingRecipientKey
         }
 
@@ -64,8 +63,7 @@ struct MultiDecryptor: JWEMultiDecryptor {
                     authenticationTag: authenticationTag,
                     additionalAuthenticationData: aad,
                     senderKey: senderKey,
-                    recipientKey: recipientKey,
-                    sharedKey: sharedKey
+                    recipientKey: recipientKey
                 )) != nil
             }
 
@@ -91,8 +89,7 @@ struct MultiDecryptor: JWEMultiDecryptor {
                 authenticationTag: authenticationTag,
                 additionalAuthenticationData: aad,
                 senderKey: senderKey,
-                recipientKey: recipientKey,
-                sharedKey: sharedKey
+                recipientKey: recipientKey
             )
         }
 
@@ -123,8 +120,7 @@ struct MultiDecryptor: JWEMultiDecryptor {
             authenticationTag: authenticationTag,
             additionalAuthenticationData: aad,
             senderKey: senderKey,
-            recipientKey: recipientKey,
-            sharedKey: sharedKey
+            recipientKey: recipientKey
         )
     }
 }

diff --git a/Sources/JSONWebEncryption/EncryptionModule/Decryptors/PasswordBasedDecryptor.swift b/Sources/JSONWebEncryption/EncryptionModule/Decryptors/PasswordBasedDecryptor.swift
@@ -50,7 +50,6 @@ struct PasswordBasedJWEDecryptor: JWEDecryptor {
         additionalAuthenticationData: Data?,
         senderKey: JWK?,
         recipientKey: JWK?,
-        sharedKey: JWK?,
         password: Data?
     ) throws -> Data {
         guard let iterationCount = getSaltCount(

diff --git a/Sources/JSONWebEncryption/EncryptionModule/Decryptors/RSADecryptor.swift b/Sources/JSONWebEncryption/EncryptionModule/Decryptors/RSADecryptor.swift
@@ -50,7 +50,6 @@ struct RSAJWEDecryptor: JWEDecryptor {
         additionalAuthenticationData: Data?,
         senderKey: JWK?,
         recipientKey: JWK?,
-        sharedKey: JWK?,
         password: Data?
     ) throws -> Data {
         guard let alg = getKeyAlgorithm(

diff --git a/Sources/JSONWebEncryption/JWE+Decrypt.swift b/Sources/JSONWebEncryption/JWE+Decrypt.swift
@@ -56,14 +56,12 @@ extension JWE {
     /// - Parameters:
     ///   - senderKey: The sender's key, if applicable. Used in certain key agreement protocols.
     ///   - recipientKey: The recipient's key, if applicable. Typically used for asymmetric decryption.
-    ///   - sharedKey: A shared key, if applicable. Used for symmetric decryption.
     ///   - password: An optional password for decryption algorithms that require it.
     /// - Returns: The decrypted data as `Data`.
     /// - Throws: `JWEError` for errors related to missing algorithms, keys, or failed decryption.
     public func decrypt(
         senderKey: KeyRepresentable? = nil,
         recipientKey: KeyRepresentable? = nil,
-        sharedKey: KeyRepresentable? = nil,
         password: Data? = nil
     ) throws -> Data {
         guard let alg = getKeyAlgorithm(
@@ -84,7 +82,6 @@ extension JWE {
             additionalAuthenticationData: additionalAuthenticatedData,
             senderKey: senderKey.map { try prepareJWK(key: $0) },
             recipientKey: recipientKey.map { try prepareJWK(key: $0) },
-            sharedKey: sharedKey.map { try prepareJWK(key: $0) },
             password: password
         )
     }
@@ -101,22 +98,19 @@ extension JWE {
     ///   - compactString: The compact serialization string of the JWE.
     ///   - senderKey: The sender's key, if applicable.
     ///   - recipientKey: The recipient's key, if applicable.
-    ///   - sharedKey: A shared key, if applicable.
     ///   - password: An optional password for decryption algorithms that require it.
     /// - Returns: The decrypted data as `Data`.
     /// - Throws: `JWEError` for errors related to parsing the compact string, missing algorithms, keys, or failed decryption.
     public static func decrypt(
         compactString: String,
         senderKey: KeyRepresentable? = nil,
         recipientKey: KeyRepresentable? = nil,
-        sharedKey: KeyRepresentable? = nil,
         password: Data? = nil
     ) throws -> Data {
         try JWE(compactString: compactString)
             .decrypt(
                 senderKey: senderKey,
                 recipientKey: recipientKey,
-                sharedKey: sharedKey,
                 password: password
             )
     }
@@ -133,7 +127,6 @@ extension JWE {
     ///   - jweJson: The JSON data representing the JWE.
     ///   - senderKey: The sender's key, if applicable.
     ///   - recipientKey: The recipient's key, if applicable.
-    ///   - sharedKey: A shared key, if applicable.
     ///   - password: An optional password for decryption algorithms that require it.
     ///   - tryAllRecipients: A flag to try all recipient keys in the JSON data for decryption.
     /// - Returns: The decrypted data as `Data`.
@@ -142,7 +135,6 @@ extension JWE {
         jweJson: Data,
         senderKey: KeyRepresentable? = nil,
         recipientKey: KeyRepresentable? = nil,
-        sharedKey: KeyRepresentable? = nil,
         password: Data? = nil,
         tryAllRecipients: Bool = false
     ) throws -> Data {
@@ -151,7 +143,6 @@ extension JWE {
             jweJson: jsonObj,
             senderKey: senderKey,
             recipientKey: recipientKey,
-            sharedKey: sharedKey,
             password: password,
             tryAllRecipients: tryAllRecipients
         )
@@ -169,7 +160,6 @@ extension JWE {
     ///   - jweJson: The `JWEJson` object representing the JWE.
     ///   - senderKey: The sender's key, if applicable.
     ///   - recipientKey: The recipient's key, if applicable.
-    ///   - sharedKey: A shared key, if applicable.
     ///   - password: An optional password for decryption algorithms that require it.
     ///   - tryAllRecipients: A flag to try all recipient keys in the `JWEJson` object for decryption.
     /// - Returns: The decrypted data as `Data`.
@@ -182,7 +172,6 @@ extension JWE {
         jweJson: JWEJson<P, U, R>,
         senderKey: KeyRepresentable? = nil,
         recipientKey: KeyRepresentable? = nil,
-        sharedKey: KeyRepresentable? = nil,
         password: Data? = nil,
         tryAllRecipients: Bool = false
     ) throws -> Data {
@@ -200,7 +189,6 @@ extension JWE {
             authenticationTag: jweJson.authenticationTag,
             senderKey: senderKey.map { try prepareJWK(key: $0) },
             recipientKey: recipientKey.map { try prepareJWK(key: $0) },
-            sharedKey: sharedKey.map { try prepareJWK(key: $0) },
             additionalAuthenticationData: aad,
             tryAllRecipients: tryAllRecipients, 
             password: password