fix: vulnerabilities

beatt83 · Jan 15, 2024 · 22dd8e4 · 22dd8e4
1 parent 1759a8b
commit 22dd8e4
Show file tree

Hide file tree

Showing 6 changed files with 2 additions and 41 deletions.
diff --git a/Sources/JWA/CryptoImplementation/AES/AESCBC_SHA.swift b/Sources/JWA/CryptoImplementation/AES/AESCBC_SHA.swift
@@ -51,14 +51,6 @@ struct AESCBC_SHA<H: HashFunction> {
             .withUnsafeBytes { Data($0) }
             .prefix(authenticationTagLength)
 
-        print("cek: \(Base64URL.encode(cek))")
-        print("cipher: \(Base64URL.encode(Data(ciphertext)))")
-        print("encKey: \(Base64URL.encode(encKey))")
-        print("macKey: \(Base64URL.encode(macKey))")
-        print("computedTag: \(Base64URL.encode(authenticationTag))")
-        print("initializationVector: \(Base64URL.encode(initializationVector))")
-        print("aad: \(Base64URL.encode(additionalAuthenticatedData))")
-
         return (Data(ciphertext), authenticationTag)
     }
 
@@ -84,16 +76,7 @@ struct AESCBC_SHA<H: HashFunction> {
             )
             .withUnsafeBytes { Data($0) }
             .prefix(authenticationTagLength)
-
-        print("cek: \(Base64URL.encode(cek))")
-        print("cipher: \(Base64URL.encode(cipher))")
-        print("encKey: \(Base64URL.encode(encKey))")
-        print("macKey: \(Base64URL.encode(macKey))")
-        print("computedTag: \(Base64URL.encode(computedTag))")
-        print("authenticationTag: \(Base64URL.encode(authenticationTag))")
-        print("initializationVector: \(Base64URL.encode(initializationVector))")
-        print("aad: \(Base64URL.encode(additionalAuthenticatedData))")
-
+
         guard authenticationTag == computedTag else {
             throw CryptoError.decryptionFailedAuthenticationTagDoesntMatch
         }

diff --git a/Sources/JWA/CryptoImplementation/AES/AESGCM.swift b/Sources/JWA/CryptoImplementation/AES/AESGCM.swift
@@ -26,17 +26,12 @@ struct AESGCM {
         initializationVector: Data = Data(),
         additionalAuthenticatedData: Data = Data()
     ) throws -> (cipher: Data, authenticationData: Data) {
-        print("payload: \(Base64URL.encode(payload))")
-        print("initializationVector: \(Base64URL.encode(initializationVector))")
-        print("additionalAuthenticatedData: \(Base64URL.encode(additionalAuthenticatedData))")
-        print("cek: \(Base64URL.encode(cek))")
         let sealedBox = try AES.GCM.seal(
             payload,
             using: .init(data: cek),
             nonce: .init(data: initializationVector),
             authenticating: additionalAuthenticatedData
         )
-        print("tag: \(Base64URL.encode(sealedBox.tag))")
         return (sealedBox.ciphertext, sealedBox.tag)
     }
 
@@ -47,11 +42,6 @@ struct AESGCM {
         authenticationTag: Data = Data(),
         additionalAuthenticatedData: Data = Data()
     ) throws -> Data {
-        print("cipher: \(Base64URL.encode(cipher))")
-        print("initializationVector: \(Base64URL.encode(initializationVector))")
-        print("additionalAuthenticatedData: \(Base64URL.encode(additionalAuthenticatedData))")
-        print("tag: \(Base64URL.encode(authenticationTag))")
-        print("cek: \(Base64URL.encode(using))")
         return try AES.GCM.open(
             .init(
                 nonce: .init(data: initializationVector),

diff --git a/Sources/JWA/KeyManagement/KeyDerivation/ECDH/ECDHES+KeyDerivation.swift b/Sources/JWA/KeyManagement/KeyDerivation/ECDH/ECDHES+KeyDerivation.swift
@@ -34,13 +34,6 @@ extension ECDHES: KeyDerivation {
         let suppPubInfoData = UInt32(keyLengthInBits).bigEndian.dataRepresentation
         let suppPrivInfoData = Data()
         let tagData = Data()
-
-        print("keyZ: \(Base64URL.encode(key))")
-        print("algorithmIDData: \(Base64URL.encode(algorithmIDData))")
-        print("partyUInfo: \(Base64URL.encode(partyUInfoData))")
-        print("partyVInfo: \(Base64URL.encode(partyVInfoData))")
-        print("suppPubInfoData: \(Base64URL.encode(suppPubInfoData))")
-        print("tagData: \(Base64URL.encode(tagData))")
 
         return try ConcatKDF<CryptoKit.SHA256>.deriveKey(
             z: key,

diff --git a/Sources/JWA/KeyManagement/KeyEncryption/AES/AESKeyUnwrap+KeyUnwrap.swift b/Sources/JWA/KeyManagement/KeyEncryption/AES/AESKeyUnwrap+KeyUnwrap.swift
@@ -28,9 +28,7 @@ struct AESKeyUnwrap: KeyUnwrapping {
         guard let key = using.key else {
             throw CryptoError.missingOctetSequenceKey
         }
-        print("encryptedKey: \(Base64URL.encode(encryptedKey))")
-        print("keyEncryptionKey: \(Base64URL.encode(key))")
-
+
         return try AES.KeyWrap.unwrap(
             encryptedKey,
             using: .init(data: key)

diff --git a/Sources/JWA/KeyManagement/KeyEncryption/AES/AESKeyWrap+KeyEncryption.swift b/Sources/JWA/KeyManagement/KeyEncryption/AES/AESKeyWrap+KeyEncryption.swift
@@ -37,8 +37,6 @@ struct AESKeyWrap: KeyWrapping {
             .init(data: cek),
             using: .init(data: key)
         )
-        print("encryptedKey: \(Base64URL.encode(encryptedKey))")
-        print("keyEncryptionKey: \(Base64URL.encode(key))")
 
         return .init(
             encryptedKey: encryptedKey,

diff --git a/Sources/JWS/JWS+Json.swift b/Sources/JWS/JWS+Json.swift
@@ -76,7 +76,6 @@ struct JWSJson<P: JWSRegisteredFieldsHeader, H: JWSRegisteredFieldsHeader>: Coda
             try? jwk.keyID == $0.getKid()
             || jwk.algorithm == $0.validateAlg()?.rawValue
         ) ?? false
-            print(result)
             return result
         }
     }