@virtru/dsp-sdk 0.7.3 → 0.7.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,20 @@
|
|
|
1
1
|
# Change Log - @virtru/dsp-sdk
|
|
2
2
|
|
|
3
|
-
This log was last generated on
|
|
3
|
+
This log was last generated on Thu, 14 May 2026 17:39:47 GMT and should not be manually modified.
|
|
4
|
+
|
|
5
|
+
## 0.7.5
|
|
6
|
+
Thu, 14 May 2026 17:39:47 GMT
|
|
7
|
+
|
|
8
|
+
### Patches
|
|
9
|
+
|
|
10
|
+
- fix FIPS AES-GCM decrypt to accept payload with authTag appended (opentdf-sdk >=0.16 contract)
|
|
11
|
+
|
|
12
|
+
## 0.7.4
|
|
13
|
+
Tue, 28 Apr 2026 16:40:32 GMT
|
|
14
|
+
|
|
15
|
+
### Patches
|
|
16
|
+
|
|
17
|
+
- Fix fips library dynamic import for vite 8
|
|
4
18
|
|
|
5
19
|
## 0.7.3
|
|
6
20
|
Tue, 28 Apr 2026 15:37:06 GMT
|
|
@@ -67,9 +67,10 @@ export const getVirtruCrypto = async () => {
|
|
|
67
67
|
* Loaded dynamically so non-FIPS consumers do not require the optional peer.
|
|
68
68
|
*/
|
|
69
69
|
export const initializeFipsCrypto = () => {
|
|
70
|
-
//
|
|
71
|
-
//
|
|
72
|
-
|
|
70
|
+
// .join() prevents esbuild from constant-folding the specifier into a string
|
|
71
|
+
// literal, which would cause Vite 8's import-analysis to error on the
|
|
72
|
+
// unresolvable bare specifier. @vite-ignore kept for defense in depth.
|
|
73
|
+
const modulePath = ['@virtru-private', 'fips-crypto-js'].join('/');
|
|
73
74
|
void import(/* @vite-ignore */ modulePath).catch((err) => {
|
|
74
75
|
console.error('Virtru FIPS crypto initialization failed: @virtru-private/fips-crypto-js is not installed.', err);
|
|
75
76
|
});
|
|
@@ -58,10 +58,11 @@ export async function decrypt(payload, key, iv, algorithm, authTag) {
|
|
|
58
58
|
const algName = algorithm === AES_CBC_URN ? 'AES-CBC' : 'AES-GCM';
|
|
59
59
|
let payloadBytes = new Uint8Array(payload.asArrayBuffer());
|
|
60
60
|
const ivBytes = new Uint8Array(iv.asArrayBuffer());
|
|
61
|
-
if (algName === 'AES-GCM') {
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
61
|
+
if (algName === 'AES-GCM' && authTag) {
|
|
62
|
+
// Legacy contract (opentdf-sdk <0.16): authTag passed separately —
|
|
63
|
+
// recombine for WebCrypto, which expects payload || authTag.
|
|
64
|
+
// >=0.16 (web-sdk PR #922): the tag is already appended to payload, so
|
|
65
|
+
// we pass it through unchanged. Mirrors DefaultCryptoService behaviour.
|
|
65
66
|
const tagBytes = new Uint8Array(authTag.asArrayBuffer());
|
|
66
67
|
const combined = new Uint8Array(payloadBytes.length + tagBytes.length);
|
|
67
68
|
combined.set(payloadBytes, 0);
|