Skip to content

feat: Remove unencryptedDataKeyLength #201

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Sep 6, 2019
Merged

feat: Remove unencryptedDataKeyLength #201

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9a5118d
feat: Remove unencryptedDataKeyLength
seebees Aug 28, 2019
6cfe6a3
Merge branch 'master' into remove-unencrypted_data_key_length
seebees Sep 6, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 0 additions & 20 deletions modules/material-management/src/cryptographic_material.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,6 @@ export interface CryptographicMaterial<T extends CryptographicMaterial<T>> {
getUnencryptedDataKey: () => Uint8Array|AwsEsdkKeyObject
zeroUnencryptedDataKey: () => T
hasUnencryptedDataKey: boolean
unencryptedDataKeyLength: number
keyringTrace: KeyringTrace[]
encryptionContext: Readonly<EncryptionContext>
}
Expand Down Expand Up @@ -141,7 +140,6 @@ export class NodeEncryptionMaterial implements
getUnencryptedDataKey!: () => Uint8Array|AwsEsdkKeyObject
zeroUnencryptedDataKey!: () => NodeEncryptionMaterial
hasUnencryptedDataKey!: boolean
unencryptedDataKeyLength!: number
keyringTrace: KeyringTrace[] = []
encryptedDataKeys!: EncryptedDataKey[]
addEncryptedDataKey!: (edk: EncryptedDataKey, flags: KeyringTraceFlag) => NodeEncryptionMaterial
Expand Down Expand Up @@ -176,7 +174,6 @@ export class NodeDecryptionMaterial implements
getUnencryptedDataKey!: () => Uint8Array|AwsEsdkKeyObject
zeroUnencryptedDataKey!: () => NodeDecryptionMaterial
hasUnencryptedDataKey!: boolean
unencryptedDataKeyLength!: number
keyringTrace: KeyringTrace[] = []
setVerificationKey!: (key: VerificationKey) => NodeDecryptionMaterial
verificationKey?: VerificationKey
Expand Down Expand Up @@ -210,7 +207,6 @@ export class WebCryptoEncryptionMaterial implements
getUnencryptedDataKey!: () => Uint8Array|AwsEsdkKeyObject
zeroUnencryptedDataKey!: () => WebCryptoEncryptionMaterial
hasUnencryptedDataKey!: boolean
unencryptedDataKeyLength!: number
keyringTrace: KeyringTrace[] = []
encryptedDataKeys!: EncryptedDataKey[]
addEncryptedDataKey!: (edk: EncryptedDataKey, flags: KeyringTraceFlag) => WebCryptoEncryptionMaterial
Expand Down Expand Up @@ -252,7 +248,6 @@ export class WebCryptoDecryptionMaterial implements
getUnencryptedDataKey!: () => Uint8Array|AwsEsdkKeyObject
zeroUnencryptedDataKey!: () => WebCryptoDecryptionMaterial
hasUnencryptedDataKey!: boolean
unencryptedDataKeyLength!: number
keyringTrace: KeyringTrace[] = []
setVerificationKey!: (key: VerificationKey) => WebCryptoDecryptionMaterial
verificationKey?: VerificationKey
Expand Down Expand Up @@ -367,21 +362,6 @@ export function decorateCryptographicMaterial<T extends CryptographicMaterial<T>
needs(unsetCount === 0 || unsetCount === 2, 'Either unencryptedDataKey or udkForVerification was not set.')
return material
}
Object.defineProperty(material, 'unencryptedDataKeyLength', {
get: () => {
/* Precondition: The unencryptedDataKey must be set to have a length. */
needs(unencryptedDataKey, 'unencryptedDataKey has not been set')
/* Precondition: the unencryptedDataKey must not be Zeroed out.
* returning information about the data key,
* while not the worst thing may indicate misuse.
* Checking the algorithm specification is the proper way
* to do this
*/
needs(!unencryptedDataKeyZeroed, 'unencryptedDataKey has been zeroed.')
return unwrapDataKey(unencryptedDataKey).byteLength
},
enumerable: true
})

readOnlyProperty(material, 'setUnencryptedDataKey', setUnencryptedDataKey)
readOnlyProperty(material, 'getUnencryptedDataKey', getUnencryptedDataKey)
Expand Down
17 changes: 0 additions & 17 deletions modules/material-management/test/cryptographic_material.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,6 @@ describe('decorateCryptographicMaterial', () => {
const dataKey = new Uint8Array(suite.keyLengthBytes).fill(1)
test.setUnencryptedDataKey(new Uint8Array(dataKey), { keyNamespace: 'k', keyName: 'k', flags: KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY })
expect(test.hasUnencryptedDataKey).to.equal(true)
expect(test.unencryptedDataKeyLength).to.equal(dataKey.byteLength)
const udk = unwrapDataKey(test.getUnencryptedDataKey())
expect(udk).to.deep.equal(dataKey)
})
Expand Down Expand Up @@ -101,29 +100,13 @@ describe('decorateCryptographicMaterial', () => {
test.setUnencryptedDataKey(new Uint8Array(dataKey), { keyNamespace: 'k', keyName: 'k', flags: KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY })
test.zeroUnencryptedDataKey()
expect(() => test.getUnencryptedDataKey()).to.throw()
expect(() => test.unencryptedDataKeyLength).to.throw()
})

it('Precondition: unencryptedDataKey must be set before we can return it.', () => {
const test: any = decorateCryptographicMaterial((<any>{}), KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY)
expect(() => test.getUnencryptedDataKey()).to.throw()
})

it('Precondition: The unencryptedDataKey must be set to have a length.', () => {
const test: any = decorateCryptographicMaterial((<any>{}), KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY)
expect(() => test.unencryptedDataKeyLength).to.throw()
})

it('Precondition: the unencryptedDataKey must not be Zeroed out.', () => {
const suite = new NodeAlgorithmSuite(AlgorithmSuiteIdentifier.ALG_AES128_GCM_IV12_TAG16)
const test = decorateCryptographicMaterial((<any>{ suite, keyringTrace: [] }), KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY)
const dataKey = new Uint8Array(suite.keyLengthBytes).fill(1)
const trace = { keyNamespace: 'k', keyName: 'k', flags: KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY }
test.setUnencryptedDataKey(dataKey, trace)
test.zeroUnencryptedDataKey()
expect(() => test.unencryptedDataKeyLength).to.throw('unencryptedDataKey has been zeroed.')
})

it(`Precondition: If the unencryptedDataKey has not been set, it should not be settable later.
Precondition: If the udkForVerification has not been set, it should not be settable later.`, () => {
const suite = new NodeAlgorithmSuite(AlgorithmSuiteIdentifier.ALG_AES128_GCM_IV12_TAG16)
Expand Down
2 changes: 0 additions & 2 deletions modules/raw-keyring/src/raw_aes_material.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,6 @@ export class NodeRawAesMaterial implements
getUnencryptedDataKey!: () => Uint8Array|AwsEsdkKeyObject
zeroUnencryptedDataKey!: () => NodeRawAesMaterial
hasUnencryptedDataKey!: boolean
unencryptedDataKeyLength!: number
keyringTrace: KeyringTrace[] = []
encryptionContext: EncryptionContext = Object.freeze({})
constructor (suiteId: WrappingSuiteIdentifier) {
Expand Down Expand Up @@ -80,7 +79,6 @@ export class WebCryptoRawAesMaterial implements
getUnencryptedDataKey!: () => Uint8Array|AwsEsdkKeyObject
zeroUnencryptedDataKey!: () => WebCryptoRawAesMaterial
hasUnencryptedDataKey!: boolean
unencryptedDataKeyLength!: number
keyringTrace: KeyringTrace[] = []
setCryptoKey!: (dataKey: AwsEsdkJsCryptoKey|MixedBackendCryptoKey, trace: KeyringTrace) => WebCryptoRawAesMaterial
getCryptoKey!: () => AwsEsdkJsCryptoKey|MixedBackendCryptoKey
Expand Down