Skip to content

v0.3.1

Choose a tag to compare

View all tags
@cdbattags cdbattags released this 02 Mar 04:25
· 2 commits to master since this release
v0.3.1
4d25e04

Bug Fix

  • Fix ECDH-ES Concat KDF for >256-bit content encryption keys — The Concat KDF (RFC 7518 §4.6.2) only performed a single SHA-256 round (256 bits), which broke ECDH-ES direct key agreement with A192CBC-HS384 (384-bit) and A256CBC-HS512 (512-bit) content encryption. Now correctly iterates ceil(keydatalen / 256) rounds.

Testing

  • 21 new JWE test cases covering previously untested algorithm combinations:
    • dir + GCM modes (A128GCM, A192GCM, A256GCM, A192CBC-HS384)
    • ECDH-ES + CBC-HS modes (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512)
    • ECDH-ES and ECDH-ES+A256KW with P-384 curve
    • Wrong key/password rejection for all key management families (dir, AES-KW, AES-GCMKW, RSA-OAEP, PBES2, ECDH-ES)
    • JWE claim validation (exp/nbf)
    • Invalid key length and unsupported algorithm rejection
  • 858 tests passing (up from 795)

Coverage Tooling

  • Added luacov support gated behind COVERAGE=1 env var
  • New ci-coverage script for line-level coverage reports
  • Current coverage: 87% overall (89% jwt.lua, 99% jwt-validators.lua, 100% utils.lua)

Full Changelog

v0.3.0...v0.3.1

Assets 2
Loading