From 17b37d3dc92ae6f64bb62aea9fffdaa64bfd4579 Mon Sep 17 00:00:00 2001
From: Filip Skokan <panva.ip@gmail.com>
Date: Mon, 11 Mar 2019 21:51:13 +0100
Subject: [PATCH] fix: do not list "dir" under wrap/unwrapKey operations

BREAKING CHANGE: "dir" is no longer returned as wrap/unwrapKey key
operation
---
 lib/jwa/index.js     |  2 +-
 lib/jwe/encrypt.js   |  1 -
 lib/jwk/key/oct.js   |  7 ++-----
 test/jwk/oct.test.js | 30 ------------------------------
 4 files changed, 3 insertions(+), 37 deletions(-)

diff --git a/lib/jwa/index.js b/lib/jwa/index.js
index 899b9f9673..99a2788286 100644
--- a/lib/jwa/index.js
+++ b/lib/jwa/index.js
@@ -27,7 +27,7 @@ require('./ecdh/kw')(JWA)
 require('./ecdh/dir')(JWA)
 
 const check = (key, op, alg) => {
-  if (JWA[op].has(alg) || (alg === 'dir' && op === 'unwrapKey')) {
+  if (JWA[op].has(alg)) {
     if (!key.algorithms(op).has(alg)) {
       throw new JWKKeySupport(`the key does not support ${alg} ${op} algorithm`)
     }
diff --git a/lib/jwe/encrypt.js b/lib/jwe/encrypt.js
index e6c6913020..59586204b8 100644
--- a/lib/jwe/encrypt.js
+++ b/lib/jwe/encrypt.js
@@ -124,7 +124,6 @@ class Encrypt {
 
     if (key.kty === 'oct' && alg === 'dir') {
       this[CEK] = importKey(key[KEYOBJECT], { use: 'enc', alg: enc })
-      wrapped = ''
     } else {
       ({ wrapped, header: generatedHeader, direct } = wrapKey(alg, key, this[CEK][KEYOBJECT].export(), { enc, alg }))
       if (direct) {
diff --git a/lib/jwk/key/oct.js b/lib/jwk/key/oct.js
index bc12360579..e41d2dfcfa 100644
--- a/lib/jwk/key/oct.js
+++ b/lib/jwk/key/oct.js
@@ -29,6 +29,7 @@ const ENC_ALGS = new Set([
   'A256GCM'
 ])
 
+const PBES2 = ['PBES2-HS256+A128KW', 'PBES2-HS384+A192KW', 'PBES2-HS512+A256KW']
 const WRAP_LEN = new Set([
   128,
   192,
@@ -122,11 +123,7 @@ class OctKey extends Key {
           algs.add(`A${this.length}GCMKW`)
         }
 
-        ['PBES2-HS256+A128KW', 'PBES2-HS384+A192KW', 'PBES2-HS512+A256KW'].forEach(Set.prototype.add.bind(algs))
-
-        if (ENC_LEN.has(this.length)) {
-          algs.add('dir')
-        }
+        PBES2.forEach(Set.prototype.add.bind(algs))
 
         return algs
       case undefined:
diff --git a/test/jwk/oct.test.js b/test/jwk/oct.test.js
index 6c9bfb58cb..e39b3001d5 100644
--- a/test/jwk/oct.test.js
+++ b/test/jwk/oct.test.js
@@ -80,12 +80,6 @@ test('no verify support when `use` is "enc"', t => {
   t.deepEqual([...result], [])
 })
 
-test(`oct keys (odd bits) wrap/unwrap algorithms do not have "dir"`, t => {
-  const key = OctKey.generateSync(136)
-
-  t.false(key.algorithms().has('dir'))
-})
-
 test(`oct keys (odd bits) wrap/unwrap algorithms only have "PBES2"`, t => {
   const key = OctKey.generateSync(136)
   const result = key.algorithms('wrapKey')
@@ -102,30 +96,6 @@ test(`oct keys (odd bits) wrap/unwrap algorithms only have "PBES2"`, t => {
   })
 })
 
-Object.entries({
-  128: ['A128GCM'],
-  192: ['A192GCM'],
-  256: ['A128CBC-HS256', 'A256GCM'],
-  384: ['A192CBC-HS384'],
-  512: ['A256CBC-HS512']
-}).forEach(([len, encAlgs]) => {
-  len = parseInt(len)
-
-  test(`oct key (${len} bits) can encrypt`, t => {
-    const key = OctKey.generateSync(len)
-
-    const result = key.algorithms('encrypt')
-    t.is(result.constructor, Set)
-    t.deepEqual([...result], encAlgs)
-  })
-
-  test(`oct keys (${len} bits) wrap/unwrap algorithms have "dir"`, t => {
-    const key = OctKey.generateSync(len)
-
-    t.true(key.algorithms().has('dir'))
-  })
-})
-
 test('oct keys may not be generated as public', t => {
   t.throws(() => {
     OctKey.generateSync(undefined, undefined, false)