@virtru/dsp-sdk 0.7.3 → 0.7.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -1,6 +1,20 @@
1
1
  # Change Log - @virtru/dsp-sdk
2
2
 
3
- This log was last generated on Tue, 28 Apr 2026 15:37:06 GMT and should not be manually modified.
3
+ This log was last generated on Thu, 14 May 2026 17:39:47 GMT and should not be manually modified.
4
+
5
+ ## 0.7.5
6
+ Thu, 14 May 2026 17:39:47 GMT
7
+
8
+ ### Patches
9
+
10
+ - fix FIPS AES-GCM decrypt to accept payload with authTag appended (opentdf-sdk >=0.16 contract)
11
+
12
+ ## 0.7.4
13
+ Tue, 28 Apr 2026 16:40:32 GMT
14
+
15
+ ### Patches
16
+
17
+ - Fix fips library dynamic import for vite 8
4
18
 
5
19
  ## 0.7.3
6
20
  Tue, 28 Apr 2026 15:37:06 GMT
@@ -67,9 +67,10 @@ export const getVirtruCrypto = async () => {
67
67
  * Loaded dynamically so non-FIPS consumers do not require the optional peer.
68
68
  */
69
69
  export const initializeFipsCrypto = () => {
70
- // Keep specifier dynamic so Vite/Rollup does not eagerly resolve the optional
71
- // peer in non-FIPS builds; load occurs only when FIPS mode is enabled.
72
- const modulePath = '@virtru-private/fips-crypto-js';
70
+ // .join() prevents esbuild from constant-folding the specifier into a string
71
+ // literal, which would cause Vite 8's import-analysis to error on the
72
+ // unresolvable bare specifier. @vite-ignore kept for defense in depth.
73
+ const modulePath = ['@virtru-private', 'fips-crypto-js'].join('/');
73
74
  void import(/* @vite-ignore */ modulePath).catch((err) => {
74
75
  console.error('Virtru FIPS crypto initialization failed: @virtru-private/fips-crypto-js is not installed.', err);
75
76
  });
@@ -58,10 +58,11 @@ export async function decrypt(payload, key, iv, algorithm, authTag) {
58
58
  const algName = algorithm === AES_CBC_URN ? 'AES-CBC' : 'AES-GCM';
59
59
  let payloadBytes = new Uint8Array(payload.asArrayBuffer());
60
60
  const ivBytes = new Uint8Array(iv.asArrayBuffer());
61
- if (algName === 'AES-GCM') {
62
- if (!authTag) {
63
- throw new Error('Missing authTag for AES-GCM decryption');
64
- }
61
+ if (algName === 'AES-GCM' && authTag) {
62
+ // Legacy contract (opentdf-sdk <0.16): authTag passed separately —
63
+ // recombine for WebCrypto, which expects payload || authTag.
64
+ // >=0.16 (web-sdk PR #922): the tag is already appended to payload, so
65
+ // we pass it through unchanged. Mirrors DefaultCryptoService behaviour.
65
66
  const tagBytes = new Uint8Array(authTag.asArrayBuffer());
66
67
  const combined = new Uint8Array(payloadBytes.length + tagBytes.length);
67
68
  combined.set(payloadBytes, 0);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@virtru/dsp-sdk",
3
- "version": "0.7.3",
3
+ "version": "0.7.5",
4
4
  "license": "SEE LICENSE IN LICENSE",
5
5
  "main": "dist/src/index.js",
6
6
  "exports": {