@oari/jose 0.0.0

package/dist/webapi/lib/asn1.js

@@ -0,0 +1,243 @@
+import { invalidKeyInput } from './invalid_key_input.js';
+import { encodeBase64, decodeBase64 } from '../lib/base64.js';
+import { JOSENotSupported } from '../util/errors.js';
+import { isCryptoKey, isKeyObject } from './is_key_like.js';
+const formatPEM = (b64, descriptor) => {
+    const newlined = (b64.match(/.{1,64}/g) || []).join('\n');
+    return `-----BEGIN ${descriptor}-----\n${newlined}\n-----END ${descriptor}-----`;
+};
+const genericExport = async (keyType, keyFormat, key) => {
+    if (isKeyObject(key)) {
+        if (key.type !== keyType) {
+            throw new TypeError(`key is not a ${keyType} key`);
+        }
+        return key.export({ format: 'pem', type: keyFormat });
+    }
+    if (!isCryptoKey(key)) {
+        throw new TypeError(invalidKeyInput(key, 'CryptoKey', 'KeyObject'));
+    }
+    if (!key.extractable) {
+        throw new TypeError('CryptoKey is not extractable');
+    }
+    if (key.type !== keyType) {
+        throw new TypeError(`key is not a ${keyType} key`);
+    }
+    return formatPEM(encodeBase64(new Uint8Array(await crypto.subtle.exportKey(keyFormat, key))), `${keyType.toUpperCase()} KEY`);
+};
+export const toSPKI = (key) => genericExport('public', 'spki', key);
+export const toPKCS8 = (key) => genericExport('private', 'pkcs8', key);
+const bytesEqual = (a, b) => {
+    if (a.byteLength !== b.length)
+        return false;
+    for (let i = 0; i < a.byteLength; i++) {
+        if (a[i] !== b[i])
+            return false;
+    }
+    return true;
+};
+const createASN1State = (data) => ({ data, pos: 0 });
+const parseLength = (state) => {
+    const first = state.data[state.pos++];
+    if (first & 0x80) {
+        const lengthOfLen = first & 0x7f;
+        let length = 0;
+        for (let i = 0; i < lengthOfLen; i++) {
+            length = (length << 8) | state.data[state.pos++];
+        }
+        return length;
+    }
+    return first;
+};
+const skipElement = (state, count = 1) => {
+    if (count <= 0)
+        return;
+    state.pos++;
+    const length = parseLength(state);
+    state.pos += length;
+    if (count > 1) {
+        skipElement(state, count - 1);
+    }
+};
+const expectTag = (state, expectedTag, errorMessage) => {
+    if (state.data[state.pos++] !== expectedTag) {
+        throw new Error(errorMessage);
+    }
+};
+const getSubarray = (state, length) => {
+    const result = state.data.subarray(state.pos, state.pos + length);
+    state.pos += length;
+    return result;
+};
+const parseAlgorithmOID = (state) => {
+    expectTag(state, 0x06, 'Expected algorithm OID');
+    const oidLen = parseLength(state);
+    return getSubarray(state, oidLen);
+};
+function parsePKCS8Header(state) {
+    expectTag(state, 0x30, 'Invalid PKCS#8 structure');
+    parseLength(state);
+    expectTag(state, 0x02, 'Expected version field');
+    const verLen = parseLength(state);
+    state.pos += verLen;
+    expectTag(state, 0x30, 'Expected algorithm identifier');
+    const algIdLen = parseLength(state);
+    const algIdStart = state.pos;
+    return { algIdStart, algIdLength: algIdLen };
+}
+function parseSPKIHeader(state) {
+    expectTag(state, 0x30, 'Invalid SPKI structure');
+    parseLength(state);
+    expectTag(state, 0x30, 'Expected algorithm identifier');
+    const algIdLen = parseLength(state);
+    const algIdStart = state.pos;
+    return { algIdStart, algIdLength: algIdLen };
+}
+const parseECAlgorithmIdentifier = (state) => {
+    const algOid = parseAlgorithmOID(state);
+    if (bytesEqual(algOid, [0x2b, 0x65, 0x6e])) {
+        return 'X25519';
+    }
+    if (!bytesEqual(algOid, [0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01])) {
+        throw new Error('Unsupported key algorithm');
+    }
+    expectTag(state, 0x06, 'Expected curve OID');
+    const curveOidLen = parseLength(state);
+    const curveOid = getSubarray(state, curveOidLen);
+    for (const { name, oid } of [
+        { name: 'P-256', oid: [0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07] },
+        { name: 'P-384', oid: [0x2b, 0x81, 0x04, 0x00, 0x22] },
+        { name: 'P-521', oid: [0x2b, 0x81, 0x04, 0x00, 0x23] },
+    ]) {
+        if (bytesEqual(curveOid, oid)) {
+            return name;
+        }
+    }
+    throw new Error('Unsupported named curve');
+};
+const genericImport = async (keyFormat, keyData, alg, options) => {
+    let algorithm;
+    let keyUsages;
+    const isPublic = keyFormat === 'spki';
+    const getSigUsages = () => (isPublic ? ['verify'] : ['sign']);
+    const getEncUsages = () => isPublic ? ['encrypt', 'wrapKey'] : ['decrypt', 'unwrapKey'];
+    switch (alg) {
+        case 'PS256':
+        case 'PS384':
+        case 'PS512':
+            algorithm = { name: 'RSA-PSS', hash: `SHA-${alg.slice(-3)}` };
+            keyUsages = getSigUsages();
+            break;
+        case 'RS256':
+        case 'RS384':
+        case 'RS512':
+            algorithm = { name: 'RSASSA-PKCS1-v1_5', hash: `SHA-${alg.slice(-3)}` };
+            keyUsages = getSigUsages();
+            break;
+        case 'RSA-OAEP':
+        case 'RSA-OAEP-256':
+        case 'RSA-OAEP-384':
+        case 'RSA-OAEP-512':
+            algorithm = {
+                name: 'RSA-OAEP',
+                hash: `SHA-${parseInt(alg.slice(-3), 10) || 1}`,
+            };
+            keyUsages = getEncUsages();
+            break;
+        case 'ES256':
+        case 'ES384':
+        case 'ES512': {
+            const curveMap = { ES256: 'P-256', ES384: 'P-384', ES512: 'P-521' };
+            algorithm = { name: 'ECDSA', namedCurve: curveMap[alg] };
+            keyUsages = getSigUsages();
+            break;
+        }
+        case 'ECDH-ES':
+        case 'ECDH-ES+A128KW':
+        case 'ECDH-ES+A192KW':
+        case 'ECDH-ES+A256KW': {
+            try {
+                const namedCurve = options.getNamedCurve(keyData);
+                algorithm = namedCurve === 'X25519' ? { name: 'X25519' } : { name: 'ECDH', namedCurve };
+            }
+            catch (cause) {
+                throw new JOSENotSupported('Invalid or unsupported key format');
+            }
+            keyUsages = isPublic ? [] : ['deriveBits'];
+            break;
+        }
+        case 'Ed25519':
+        case 'EdDSA':
+            algorithm = { name: 'Ed25519' };
+            keyUsages = getSigUsages();
+            break;
+        case 'ML-DSA-44':
+        case 'ML-DSA-65':
+        case 'ML-DSA-87':
+            algorithm = { name: alg };
+            keyUsages = getSigUsages();
+            break;
+        default:
+            throw new JOSENotSupported('Invalid or unsupported "alg" (Algorithm) value');
+    }
+    return crypto.subtle.importKey(keyFormat, keyData, algorithm, options?.extractable ?? (isPublic ? true : false), keyUsages);
+};
+const processPEMData = (pem, pattern) => {
+    return decodeBase64(pem.replace(pattern, ''));
+};
+export const fromPKCS8 = (pem, alg, options) => {
+    const keyData = processPEMData(pem, /(?:-----(?:BEGIN|END) PRIVATE KEY-----|\s)/g);
+    let opts = options;
+    if (alg?.startsWith?.('ECDH-ES')) {
+        opts ||= {};
+        opts.getNamedCurve = (keyData) => {
+            const state = createASN1State(keyData);
+            parsePKCS8Header(state);
+            return parseECAlgorithmIdentifier(state);
+        };
+    }
+    return genericImport('pkcs8', keyData, alg, opts);
+};
+export const fromSPKI = (pem, alg, options) => {
+    const keyData = processPEMData(pem, /(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g);
+    let opts = options;
+    if (alg?.startsWith?.('ECDH-ES')) {
+        opts ||= {};
+        opts.getNamedCurve = (keyData) => {
+            const state = createASN1State(keyData);
+            parseSPKIHeader(state);
+            return parseECAlgorithmIdentifier(state);
+        };
+    }
+    return genericImport('spki', keyData, alg, opts);
+};
+function spkiFromX509(buf) {
+    const state = createASN1State(buf);
+    expectTag(state, 0x30, 'Invalid certificate structure');
+    parseLength(state);
+    expectTag(state, 0x30, 'Invalid tbsCertificate structure');
+    parseLength(state);
+    if (buf[state.pos] === 0xa0) {
+        skipElement(state, 6);
+    }
+    else {
+        skipElement(state, 5);
+    }
+    const spkiStart = state.pos;
+    expectTag(state, 0x30, 'Invalid SPKI structure');
+    const spkiContentLen = parseLength(state);
+    return buf.subarray(spkiStart, spkiStart + spkiContentLen + (state.pos - spkiStart));
+}
+function extractX509SPKI(x509) {
+    const derBytes = processPEMData(x509, /(?:-----(?:BEGIN|END) CERTIFICATE-----|\s)/g);
+    return spkiFromX509(derBytes);
+}
+export const fromX509 = (pem, alg, options) => {
+    let spki;
+    try {
+        spki = extractX509SPKI(pem);
+    }
+    catch (cause) {
+        throw new TypeError('Failed to parse the X.509 certificate', { cause });
+    }
+    return fromSPKI(formatPEM(encodeBase64(spki), 'PUBLIC KEY'), alg, options);
+};

package/dist/webapi/lib/base64.js

@@ -0,0 +1,22 @@
+export function encodeBase64(input) {
+    if (Uint8Array.prototype.toBase64) {
+        return input.toBase64();
+    }
+    const CHUNK_SIZE = 0x8000;
+    const arr = [];
+    for (let i = 0; i < input.length; i += CHUNK_SIZE) {
+        arr.push(String.fromCharCode.apply(null, input.subarray(i, i + CHUNK_SIZE)));
+    }
+    return btoa(arr.join(''));
+}
+export function decodeBase64(encoded) {
+    if (Uint8Array.fromBase64) {
+        return Uint8Array.fromBase64(encoded);
+    }
+    const binary = atob(encoded);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) {
+        bytes[i] = binary.charCodeAt(i);
+    }
+    return bytes;
+}

package/dist/webapi/lib/buffer_utils.js

@@ -0,0 +1,43 @@
+export const encoder = new TextEncoder();
+export const decoder = new TextDecoder();
+const MAX_INT32 = 2 ** 32;
+export function concat(...buffers) {
+    const size = buffers.reduce((acc, { length }) => acc + length, 0);
+    const buf = new Uint8Array(size);
+    let i = 0;
+    for (const buffer of buffers) {
+        buf.set(buffer, i);
+        i += buffer.length;
+    }
+    return buf;
+}
+function writeUInt32BE(buf, value, offset) {
+    if (value < 0 || value >= MAX_INT32) {
+        throw new RangeError(`value must be >= 0 and <= ${MAX_INT32 - 1}. Received ${value}`);
+    }
+    buf.set([value >>> 24, value >>> 16, value >>> 8, value & 0xff], offset);
+}
+export function uint64be(value) {
+    const high = Math.floor(value / MAX_INT32);
+    const low = value % MAX_INT32;
+    const buf = new Uint8Array(8);
+    writeUInt32BE(buf, high, 0);
+    writeUInt32BE(buf, low, 4);
+    return buf;
+}
+export function uint32be(value) {
+    const buf = new Uint8Array(4);
+    writeUInt32BE(buf, value);
+    return buf;
+}
+export function encode(string) {
+    const bytes = new Uint8Array(string.length);
+    for (let i = 0; i < string.length; i++) {
+        const code = string.charCodeAt(i);
+        if (code > 127) {
+            throw new TypeError('non-ASCII string encountered in encode()');
+        }
+        bytes[i] = code;
+    }
+    return bytes;
+}

package/dist/webapi/lib/check_key_type.js

@@ -0,0 +1,127 @@
+import { withAlg as invalidKeyInput } from './invalid_key_input.js';
+import { isKeyLike } from './is_key_like.js';
+import * as jwk from './type_checks.js';
+const tag = (key) => key?.[Symbol.toStringTag];
+const jwkMatchesOp = (alg, key, usage) => {
+    if (key.use !== undefined) {
+        let expected;
+        switch (usage) {
+            case 'sign':
+            case 'verify':
+                expected = 'sig';
+                break;
+            case 'encrypt':
+            case 'decrypt':
+                expected = 'enc';
+                break;
+        }
+        if (key.use !== expected) {
+            throw new TypeError(`Invalid key for this operation, its "use" must be "${expected}" when present`);
+        }
+    }
+    if (key.alg !== undefined && key.alg !== alg) {
+        throw new TypeError(`Invalid key for this operation, its "alg" must be "${alg}" when present`);
+    }
+    if (Array.isArray(key.key_ops)) {
+        let expectedKeyOp;
+        switch (true) {
+            case usage === 'sign' || usage === 'verify':
+            case alg === 'dir':
+            case alg.includes('CBC-HS'):
+                expectedKeyOp = usage;
+                break;
+            case alg.startsWith('PBES2'):
+                expectedKeyOp = 'deriveBits';
+                break;
+            case /^A\d{3}(?:GCM)?(?:KW)?$/.test(alg):
+                if (!alg.includes('GCM') && alg.endsWith('KW')) {
+                    expectedKeyOp = usage === 'encrypt' ? 'wrapKey' : 'unwrapKey';
+                }
+                else {
+                    expectedKeyOp = usage;
+                }
+                break;
+            case usage === 'encrypt' && alg.startsWith('RSA'):
+                expectedKeyOp = 'wrapKey';
+                break;
+            case usage === 'decrypt':
+                expectedKeyOp = alg.startsWith('RSA') ? 'unwrapKey' : 'deriveBits';
+                break;
+        }
+        if (expectedKeyOp && key.key_ops?.includes?.(expectedKeyOp) === false) {
+            throw new TypeError(`Invalid key for this operation, its "key_ops" must include "${expectedKeyOp}" when present`);
+        }
+    }
+    return true;
+};
+const symmetricTypeCheck = (alg, key, usage) => {
+    if (key instanceof Uint8Array)
+        return;
+    if (jwk.isJWK(key)) {
+        if (jwk.isSecretJWK(key) && jwkMatchesOp(alg, key, usage))
+            return;
+        throw new TypeError(`JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present`);
+    }
+    if (!isKeyLike(key)) {
+        throw new TypeError(invalidKeyInput(alg, key, 'CryptoKey', 'KeyObject', 'JSON Web Key', 'Uint8Array'));
+    }
+    if (key.type !== 'secret') {
+        throw new TypeError(`${tag(key)} instances for symmetric algorithms must be of type "secret"`);
+    }
+};
+const asymmetricTypeCheck = (alg, key, usage) => {
+    if (jwk.isJWK(key)) {
+        switch (usage) {
+            case 'decrypt':
+                if (jwk.isPrivateJWK(key) && jwkMatchesOp(alg, key, usage))
+                    return;
+                throw new TypeError(`JSON Web Key for this operation must be a private JWK`);
+            case 'sign':
+                if (jwk.isHardwareJWK(key) && jwkMatchesOp(alg, key, usage))
+                    return;
+                if (jwk.isPrivateJWK(key) && jwkMatchesOp(alg, key, usage))
+                    return;
+                throw new TypeError(`JSON Web Key for this operation must be a private JWK`);
+            case 'encrypt':
+            case 'verify':
+                if (jwk.isPublicJWK(key) && jwkMatchesOp(alg, key, usage))
+                    return;
+                throw new TypeError(`JSON Web Key for this operation must be a public JWK`);
+        }
+    }
+    if (!isKeyLike(key)) {
+        throw new TypeError(invalidKeyInput(alg, key, 'CryptoKey', 'KeyObject', 'JSON Web Key'));
+    }
+    if (key.type === 'secret') {
+        throw new TypeError(`${tag(key)} instances for asymmetric algorithms must not be of type "secret"`);
+    }
+    if (key.type === 'public') {
+        switch (usage) {
+            case 'sign':
+                throw new TypeError(`${tag(key)} instances for asymmetric algorithm signing must be of type "private"`);
+            case 'decrypt':
+                throw new TypeError(`${tag(key)} instances for asymmetric algorithm decryption must be of type "private"`);
+        }
+    }
+    if (key.type === 'private') {
+        switch (usage) {
+            case 'verify':
+                throw new TypeError(`${tag(key)} instances for asymmetric algorithm verifying must be of type "public"`);
+            case 'encrypt':
+                throw new TypeError(`${tag(key)} instances for asymmetric algorithm encryption must be of type "public"`);
+        }
+    }
+};
+export function checkKeyType(alg, key, usage) {
+    switch (alg.substring(0, 2)) {
+        case 'A1':
+        case 'A2':
+        case 'di':
+        case 'HS':
+        case 'PB':
+            symmetricTypeCheck(alg, key, usage);
+            break;
+        default:
+            asymmetricTypeCheck(alg, key, usage);
+    }
+}

package/dist/webapi/lib/content_encryption.js

@@ -0,0 +1,217 @@
+import { concat, uint64be } from './buffer_utils.js';
+import { checkEncCryptoKey } from './crypto_key.js';
+import { invalidKeyInput } from './invalid_key_input.js';
+import { JOSENotSupported, JWEDecryptionFailed, JWEInvalid } from '../util/errors.js';
+import { isCryptoKey } from './is_key_like.js';
+export function cekLength(alg) {
+    switch (alg) {
+        case 'A128GCM':
+            return 128;
+        case 'A192GCM':
+            return 192;
+        case 'A256GCM':
+        case 'A128CBC-HS256':
+            return 256;
+        case 'A192CBC-HS384':
+            return 384;
+        case 'A256CBC-HS512':
+            return 512;
+        default:
+            throw new JOSENotSupported(`Unsupported JWE Algorithm: ${alg}`);
+    }
+}
+export const generateCek = (alg) => crypto.getRandomValues(new Uint8Array(cekLength(alg) >> 3));
+function checkCekLength(cek, expected) {
+    const actual = cek.byteLength << 3;
+    if (actual !== expected) {
+        throw new JWEInvalid(`Invalid Content Encryption Key length. Expected ${expected} bits, got ${actual} bits`);
+    }
+}
+function ivBitLength(alg) {
+    switch (alg) {
+        case 'A128GCM':
+        case 'A128GCMKW':
+        case 'A192GCM':
+        case 'A192GCMKW':
+        case 'A256GCM':
+        case 'A256GCMKW':
+            return 96;
+        case 'A128CBC-HS256':
+        case 'A192CBC-HS384':
+        case 'A256CBC-HS512':
+            return 128;
+        default:
+            throw new JOSENotSupported(`Unsupported JWE Algorithm: ${alg}`);
+    }
+}
+export const generateIv = (alg) => crypto.getRandomValues(new Uint8Array(ivBitLength(alg) >> 3));
+export function checkIvLength(enc, iv) {
+    if (iv.length << 3 !== ivBitLength(enc)) {
+        throw new JWEInvalid('Invalid Initialization Vector length');
+    }
+}
+async function cbcKeySetup(enc, cek, usage) {
+    if (!(cek instanceof Uint8Array)) {
+        throw new TypeError(invalidKeyInput(cek, 'Uint8Array'));
+    }
+    const keySize = parseInt(enc.slice(1, 4), 10);
+    const encKey = await crypto.subtle.importKey('raw', cek.subarray(keySize >> 3), 'AES-CBC', false, [usage]);
+    const macKey = await crypto.subtle.importKey('raw', cek.subarray(0, keySize >> 3), {
+        hash: `SHA-${keySize << 1}`,
+        name: 'HMAC',
+    }, false, ['sign']);
+    return { encKey, macKey, keySize };
+}
+async function cbcHmacTag(macKey, macData, keySize) {
+    return new Uint8Array((await crypto.subtle.sign('HMAC', macKey, macData)).slice(0, keySize >> 3));
+}
+async function cbcEncrypt(enc, plaintext, cek, iv, aad) {
+    const { encKey, macKey, keySize } = await cbcKeySetup(enc, cek, 'encrypt');
+    const ciphertext = new Uint8Array(await crypto.subtle.encrypt({
+        iv: iv,
+        name: 'AES-CBC',
+    }, encKey, plaintext));
+    const macData = concat(aad, iv, ciphertext, uint64be(aad.length << 3));
+    const tag = await cbcHmacTag(macKey, macData, keySize);
+    return { ciphertext, tag, iv };
+}
+async function timingSafeEqual(a, b) {
+    if (!(a instanceof Uint8Array)) {
+        throw new TypeError('First argument must be a buffer');
+    }
+    if (!(b instanceof Uint8Array)) {
+        throw new TypeError('Second argument must be a buffer');
+    }
+    const algorithm = { name: 'HMAC', hash: 'SHA-256' };
+    const key = (await crypto.subtle.generateKey(algorithm, false, ['sign']));
+    const aHmac = new Uint8Array(await crypto.subtle.sign(algorithm, key, a));
+    const bHmac = new Uint8Array(await crypto.subtle.sign(algorithm, key, b));
+    let out = 0;
+    let i = -1;
+    while (++i < 32) {
+        out |= aHmac[i] ^ bHmac[i];
+    }
+    return out === 0;
+}
+async function cbcDecrypt(enc, cek, ciphertext, iv, tag, aad) {
+    const { encKey, macKey, keySize } = await cbcKeySetup(enc, cek, 'decrypt');
+    const macData = concat(aad, iv, ciphertext, uint64be(aad.length << 3));
+    const expectedTag = await cbcHmacTag(macKey, macData, keySize);
+    let macCheckPassed;
+    try {
+        macCheckPassed = await timingSafeEqual(tag, expectedTag);
+    }
+    catch {
+    }
+    if (!macCheckPassed) {
+        throw new JWEDecryptionFailed();
+    }
+    let plaintext;
+    try {
+        plaintext = new Uint8Array(await crypto.subtle.decrypt({ iv: iv, name: 'AES-CBC' }, encKey, ciphertext));
+    }
+    catch {
+    }
+    if (!plaintext) {
+        throw new JWEDecryptionFailed();
+    }
+    return plaintext;
+}
+async function gcmEncrypt(enc, plaintext, cek, iv, aad) {
+    let encKey;
+    if (cek instanceof Uint8Array) {
+        encKey = await crypto.subtle.importKey('raw', cek, 'AES-GCM', false, ['encrypt']);
+    }
+    else {
+        checkEncCryptoKey(cek, enc, 'encrypt');
+        encKey = cek;
+    }
+    const encrypted = new Uint8Array(await crypto.subtle.encrypt({
+        additionalData: aad,
+        iv: iv,
+        name: 'AES-GCM',
+        tagLength: 128,
+    }, encKey, plaintext));
+    const tag = encrypted.slice(-16);
+    const ciphertext = encrypted.slice(0, -16);
+    return { ciphertext, tag, iv };
+}
+async function gcmDecrypt(enc, cek, ciphertext, iv, tag, aad) {
+    let encKey;
+    if (cek instanceof Uint8Array) {
+        encKey = await crypto.subtle.importKey('raw', cek, 'AES-GCM', false, ['decrypt']);
+    }
+    else {
+        checkEncCryptoKey(cek, enc, 'decrypt');
+        encKey = cek;
+    }
+    try {
+        return new Uint8Array(await crypto.subtle.decrypt({
+            additionalData: aad,
+            iv: iv,
+            name: 'AES-GCM',
+            tagLength: 128,
+        }, encKey, concat(ciphertext, tag)));
+    }
+    catch {
+        throw new JWEDecryptionFailed();
+    }
+}
+const unsupportedEnc = 'Unsupported JWE Content Encryption Algorithm';
+export async function encrypt(enc, plaintext, cek, iv, aad) {
+    if (!isCryptoKey(cek) && !(cek instanceof Uint8Array)) {
+        throw new TypeError(invalidKeyInput(cek, 'CryptoKey', 'KeyObject', 'Uint8Array', 'JSON Web Key'));
+    }
+    if (iv) {
+        checkIvLength(enc, iv);
+    }
+    else {
+        iv = generateIv(enc);
+    }
+    switch (enc) {
+        case 'A128CBC-HS256':
+        case 'A192CBC-HS384':
+        case 'A256CBC-HS512':
+            if (cek instanceof Uint8Array) {
+                checkCekLength(cek, parseInt(enc.slice(-3), 10));
+            }
+            return cbcEncrypt(enc, plaintext, cek, iv, aad);
+        case 'A128GCM':
+        case 'A192GCM':
+        case 'A256GCM':
+            if (cek instanceof Uint8Array) {
+                checkCekLength(cek, parseInt(enc.slice(1, 4), 10));
+            }
+            return gcmEncrypt(enc, plaintext, cek, iv, aad);
+        default:
+            throw new JOSENotSupported(unsupportedEnc);
+    }
+}
+export async function decrypt(enc, cek, ciphertext, iv, tag, aad) {
+    if (!isCryptoKey(cek) && !(cek instanceof Uint8Array)) {
+        throw new TypeError(invalidKeyInput(cek, 'CryptoKey', 'KeyObject', 'Uint8Array', 'JSON Web Key'));
+    }
+    if (!iv) {
+        throw new JWEInvalid('JWE Initialization Vector missing');
+    }
+    if (!tag) {
+        throw new JWEInvalid('JWE Authentication Tag missing');
+    }
+    checkIvLength(enc, iv);
+    switch (enc) {
+        case 'A128CBC-HS256':
+        case 'A192CBC-HS384':
+        case 'A256CBC-HS512':
+            if (cek instanceof Uint8Array)
+                checkCekLength(cek, parseInt(enc.slice(-3), 10));
+            return cbcDecrypt(enc, cek, ciphertext, iv, tag, aad);
+        case 'A128GCM':
+        case 'A192GCM':
+        case 'A256GCM':
+            if (cek instanceof Uint8Array)
+                checkCekLength(cek, parseInt(enc.slice(1, 4), 10));
+            return gcmDecrypt(enc, cek, ciphertext, iv, tag, aad);
+        default:
+            throw new JOSENotSupported(unsupportedEnc);
+    }
+}