change interface to return material,not nested material

Author: seebees

modules/cache-material/src/caching_cryptographic_materials_decorators.ts

@@ -16,10 +16,10 @@
 import {
   GetEncryptionMaterials, // eslint-disable-line no-unused-vars
   GetDecryptMaterials, // eslint-disable-line no-unused-vars
-  DecryptionResponse, // eslint-disable-line no-unused-vars
+  DecryptionMaterial, // eslint-disable-line no-unused-vars
   SupportedAlgorithmSuites, // eslint-disable-line no-unused-vars
   EncryptionRequest, // eslint-disable-line no-unused-vars
-  EncryptionResponse, // eslint-disable-line no-unused-vars
+  EncryptionMaterial, // eslint-disable-line no-unused-vars
   MaterialsManager, // eslint-disable-line no-unused-vars
   DecryptionRequest, // eslint-disable-line no-unused-vars
   needs,
@@ -69,7 +69,7 @@ export function getEncryptionMaterials<S extends SupportedAlgorithmSuites> (
   return async function getEncryptionMaterials (
     this: CachingMaterialsManager<S>,
     request: EncryptionRequest<S>
-  ): Promise<EncryptionResponse<S>> {
+  ): Promise<EncryptionMaterial<S>> {
     const { suite, encryptionContext, frameLength, plaintextLength } = request
     /* Check for early return (Postcondition): If I can not cache the EncryptionResponse, do not even look. */
     if ((suite && !suite.cacheSafe) || typeof plaintextLength !== 'number' || plaintextLength < 0) {
@@ -95,7 +95,7 @@ export function getEncryptionMaterials<S extends SupportedAlgorithmSuites> (
       .getEncryptionMaterials({ suite, encryptionContext, frameLength })
 
     /* Check for early return (Postcondition): If I can not cache the EncryptionResponse, just return it. */
-    if (!response.material.suite.cacheSafe) return response
+    if (!response.suite.cacheSafe) return response
 
     /* It is possible for an entry to exceed limits immediately.
      * The simplest case is to need to encrypt more than then maxBytesEncrypted.
@@ -122,7 +122,7 @@ export function decryptMaterials<S extends SupportedAlgorithmSuites> (
   return async function decryptMaterials (
     this: CachingMaterialsManager<S>,
     request: DecryptionRequest<S>
-  ): Promise<DecryptionResponse<S>> {
+  ): Promise<DecryptionMaterial<S>> {
     const { suite } = request
     /* Check for early return (Postcondition): If I can not cache the DecryptionResponse, do not even look. */
     if (!suite.cacheSafe) {
@@ -166,14 +166,13 @@ export function cacheEntryHasExceededLimits<S extends SupportedAlgorithmSuites>
  * Because when the Encryption SDK is done with material, it will zero it out.
  * Plucking off the material and cloning just that and then returning the rest of the response
  * can just be handled in one place.
- * @param response EncryptionResponse|DecryptionResponse
+ * @param material EncryptionResponse|DecryptionResponse
  * @return EncryptionResponse|DecryptionResponse
  */
-function cloneResponse<S extends SupportedAlgorithmSuites, R extends EncryptionResponse<S>|DecryptionResponse<S>> (
-  response: R
-): R {
-  const { material } = response
-  return { ...response, material: cloneMaterial(material) }
+function cloneResponse<S extends SupportedAlgorithmSuites, M extends EncryptionMaterial<S>|DecryptionMaterial<S>> (
+  material: M
+): M {
+  return cloneMaterial(material)
 }
 
 export interface CachingMaterialsManagerInput<S extends SupportedAlgorithmSuites> extends Readonly<{

modules/cache-material/src/cryptographic_materials_cache.ts

@@ -14,21 +14,21 @@
  */
 
 import {
-  EncryptionResponse, // eslint-disable-line no-unused-vars
-  DecryptionResponse, // eslint-disable-line no-unused-vars
+  EncryptionMaterial, // eslint-disable-line no-unused-vars
+  DecryptionMaterial, // eslint-disable-line no-unused-vars
   SupportedAlgorithmSuites // eslint-disable-line no-unused-vars
 } from '@aws-crypto/material-management'
 
 export interface CryptographicMaterialsCache<S extends SupportedAlgorithmSuites> {
   putEncryptionResponse(
     key: string,
-    response: EncryptionResponse<S>,
+    response: EncryptionMaterial<S>,
     plaintextLength: number,
     maxAge?: number
   ): void
   putDecryptionResponse(
     key: string,
-    response: DecryptionResponse<S>,
+    response: DecryptionMaterial<S>,
     maxAge?: number
   ): void
   getEncryptionResponse(key: string, plaintextLength: number): EncryptionResponseEntry<S>|false
@@ -37,16 +37,16 @@ export interface CryptographicMaterialsCache<S extends SupportedAlgorithmSuites>
 }
 
 export interface Entry<S extends SupportedAlgorithmSuites> {
-  readonly response: EncryptionResponse<S>|DecryptionResponse<S>
+  response: EncryptionMaterial<S>|DecryptionMaterial<S>
   bytesEncrypted: number
   messagesEncrypted: number
   readonly now: number
 }
 
 export interface EncryptionResponseEntry<S extends SupportedAlgorithmSuites> extends Entry<S> {
-  readonly response: EncryptionResponse<S>
+  readonly response: EncryptionMaterial<S>
 }
 
 export interface DecryptionResponseEntry<S extends SupportedAlgorithmSuites> extends Entry<S> {
-  readonly response: DecryptionResponse<S>
+  readonly response: DecryptionMaterial<S>
 }

modules/cache-material/src/get_local_cryptographic_materials_cache.ts

@@ -15,8 +15,8 @@
 
 import LRU from 'lru-cache'
 import {
-  EncryptionResponse, // eslint-disable-line no-unused-vars
-  DecryptionResponse, // eslint-disable-line no-unused-vars
+  EncryptionMaterial, // eslint-disable-line no-unused-vars
+  DecryptionMaterial, // eslint-disable-line no-unused-vars
   SupportedAlgorithmSuites, // eslint-disable-line no-unused-vars
   needs,
   isEncryptionMaterial,
@@ -38,7 +38,7 @@ export function getLocalCryptographicMaterialsCache<S extends SupportedAlgorithm
     max: maxSize,
     dispose (_key, value) {
       /* Zero out the unencrypted dataKey, when the material is removed from the cache. */
-      value.response.material.zeroUnencryptedDataKey()
+      value.response.zeroUnencryptedDataKey()
     }
   })
 
@@ -73,18 +73,18 @@ export function getLocalCryptographicMaterialsCache<S extends SupportedAlgorithm
   return {
     putEncryptionResponse (
       key: string,
-      response: EncryptionResponse<S>,
+      material: EncryptionMaterial<S>,
       plaintextLength: number,
       maxAge?: number
     ) {
       /* Precondition: putEncryptionResponse plaintextLength can not be negative. */
       needs(plaintextLength >= 0, 'Malformed plaintextLength')
       /* Precondition: Only cache EncryptionMaterial. */
-      needs(isEncryptionMaterial(response.material), 'Malformed response.')
+      needs(isEncryptionMaterial(material), 'Malformed response.')
       /* Precondition: Only cache EncryptionMaterial that is cacheSafe. */
-      needs(response.material.suite.cacheSafe, 'Can not cache non-cache safe material')
+      needs(material.suite.cacheSafe, 'Can not cache non-cache safe material')
       const entry = Object.seal({
-        response: Object.freeze(response),
+        response: material,
         bytesEncrypted: plaintextLength,
         messagesEncrypted: 1,
         now: Date.now()
@@ -94,15 +94,15 @@ export function getLocalCryptographicMaterialsCache<S extends SupportedAlgorithm
     },
     putDecryptionResponse (
       key: string,
-      response: DecryptionResponse<S>,
+      material: DecryptionMaterial<S>,
       maxAge?: number
     ) {
       /* Precondition: Only cache DecryptionMaterial. */
-      needs(isDecryptionMaterial(response.material), 'Malformed response.')
+      needs(isDecryptionMaterial(material), 'Malformed response.')
       /* Precondition: Only cache DecryptionMaterial that is cacheSafe. */
-      needs(response.material.suite.cacheSafe, 'Can not cache non-cache safe material')
+      needs(material.suite.cacheSafe, 'Can not cache non-cache safe material')
       const entry = Object.seal({
-        response: Object.freeze(response),
+        response: material,
         bytesEncrypted: 0,
         messagesEncrypted: 0,
         now: Date.now()
@@ -117,7 +117,7 @@ export function getLocalCryptographicMaterialsCache<S extends SupportedAlgorithm
       /* Check for early return (Postcondition): If this key does not have an EncryptionMaterial, return false. */
       if (!entry) return false
       /* Postcondition: Only return EncryptionMaterial. */
-      needs(isEncryptionMaterial(entry.response.material), 'Malformed response.')
+      needs(isEncryptionMaterial(entry.response), 'Malformed response.')
 
       entry.bytesEncrypted += plaintextLength
       entry.messagesEncrypted += 1
@@ -129,7 +129,7 @@ export function getLocalCryptographicMaterialsCache<S extends SupportedAlgorithm
       /* Check for early return (Postcondition): If this key does not have a DecryptionMaterial, return false. */
       if (!entry) return false
       /* Postcondition: Only return DecryptionMaterial. */
-      needs(isDecryptionMaterial(entry.response.material), 'Malformed response.')
+      needs(isDecryptionMaterial(entry.response), 'Malformed response.')
 
       return <DecryptionResponseEntry<S>>entry
     },

modules/decrypt-browser/src/decrypt.ts

@@ -59,7 +59,7 @@ export async function decrypt (
   const { encryptionContext, encryptedDataKeys, suiteId, messageId } = messageHeader
   const suite = new WebCryptoAlgorithmSuite(suiteId)
 
-  const { material } = await cmm.decryptMaterials({ suite, encryptionContext, encryptedDataKeys })
+  const material = await cmm.decryptMaterials({ suite, encryptionContext, encryptedDataKeys })
   const { kdfGetSubtleDecrypt, subtleVerify, dispose } = await getDecryptionHelper(material)
   const info = kdfInfo(suiteId, messageId)
   const getSubtleDecrypt = kdfGetSubtleDecrypt(info)

modules/decrypt-node/src/parse_header_stream.ts

@@ -86,7 +86,7 @@ export class ParseHeaderStream extends PortableTransformWithType {
 
     this.materialsManager
       .decryptMaterials({ suite, encryptionContext, encryptedDataKeys })
-      .then(({ material }) => {
+      .then((material) => {
         this._headerState.buffer = Buffer.alloc(0) // clear the Buffer...
 
         const { kdfGetDecipher, getVerify, dispose } = getDecryptionHelper(material)

modules/encrypt-browser/src/encrypt.ts

@@ -84,7 +84,7 @@ export async function encrypt (
     plaintextLength
   }
 
-  const { material } = await cmm.getEncryptionMaterials(encryptionRequest)
+  const material = await cmm.getEncryptionMaterials(encryptionRequest)
   const { kdfGetSubtleEncrypt, subtleSign, dispose } = await getEncryptHelper(material)
 
   const messageId = await backend.randomValues(MESSAGE_ID_LENGTH)

modules/encrypt-node/src/encrypt_stream.ts

@@ -71,7 +71,7 @@ export function encryptStream (
   const wrappingStream = new Duplexify()
 
   cmm.getEncryptionMaterials({ suite, encryptionContext, frameLength })
-    .then(async ({ material }) => {
+    .then(async (material) => {
       const { dispose, getSigner } = getEncryptHelper(material)
 
       const { getCipher, messageHeader, rawHeader } = getEncryptionInfo(material, frameLength)

modules/material-management-browser/src/browser_cryptographic_materials_manager.ts

@@ -16,7 +16,7 @@
 import {
   WebCryptoMaterialsManager, EncryptionRequest, // eslint-disable-line no-unused-vars
   DecryptionRequest, EncryptionContext, // eslint-disable-line no-unused-vars
-  EncryptionResponse, DecryptionResponse, // eslint-disable-line no-unused-vars
+  EncryptionMaterial, DecryptionMaterial, // eslint-disable-line no-unused-vars
   WebCryptoAlgorithmSuite, WebCryptoEncryptionMaterial,
   WebCryptoDecryptionMaterial, SignatureKey, needs, readOnlyProperty,
   VerificationKey, AlgorithmSuiteIdentifier, immutableBaseClass,
@@ -29,8 +29,8 @@ import { fromBase64, toBase64 } from '@aws-sdk/util-base64-browser'
 
 export type WebCryptoEncryptionRequest = EncryptionRequest<WebCryptoAlgorithmSuite>
 export type WebCryptoDecryptionRequest = DecryptionRequest<WebCryptoAlgorithmSuite>
-export type WebCryptoEncryptionResponse = EncryptionResponse<WebCryptoAlgorithmSuite>
-export type WebCryptoDecryptionResponse = DecryptionResponse<WebCryptoAlgorithmSuite>
+export type WebCryptoEncryptionMaterial = EncryptionMaterial<WebCryptoAlgorithmSuite>
+export type WebCryptoDecryptionMaterial = DecryptionMaterial<WebCryptoAlgorithmSuite>
 export type WebCryptoGetEncryptionMaterials = GetEncryptionMaterials<WebCryptoAlgorithmSuite>
 export type WebCryptoGetDecryptMaterials = GetDecryptMaterials<WebCryptoAlgorithmSuite>
 
@@ -46,7 +46,7 @@ export class WebCryptoDefaultCryptographicMaterialsManager implements WebCryptoM
     needs(keyring instanceof KeyringWebCrypto, 'Unsupported type.')
     readOnlyProperty(this, 'keyring', keyring)
   }
-  async getEncryptionMaterials ({ suite, encryptionContext }: WebCryptoEncryptionRequest): Promise<WebCryptoEncryptionResponse> {
+  async getEncryptionMaterials ({ suite, encryptionContext }: WebCryptoEncryptionRequest): Promise<WebCryptoEncryptionMaterial> {
     suite = suite || new WebCryptoAlgorithmSuite(AlgorithmSuiteIdentifier.ALG_AES256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384)
 
     const material = await this
@@ -59,18 +59,18 @@ export class WebCryptoDefaultCryptographicMaterialsManager implements WebCryptoM
     /* Postcondition: The WebCryptoEncryptionMaterial must contain at least 1 EncryptedDataKey. */
     needs(material.encryptedDataKeys.length, 'No EncryptedDataKeys: the ciphertext can never be decrypted.')
 
-    return { material }
+    return material
   }
 
-  async decryptMaterials ({ suite, encryptedDataKeys, encryptionContext }: WebCryptoDecryptionRequest): Promise<WebCryptoDecryptionResponse> {
+  async decryptMaterials ({ suite, encryptedDataKeys, encryptionContext }: WebCryptoDecryptionRequest): Promise<WebCryptoDecryptionMaterial> {
     const material = await this
       .keyring
       .onDecrypt(await this._initializeDecryptionMaterial(suite, encryptionContext), encryptedDataKeys.slice())
 
     /* Postcondition: The WebCryptoDecryptionMaterial must contain a valid dataKey. */
     needs(material.hasValidKey(), 'Unencrypted data key is invalid.')
 
-    return { material }
+    return material
   }
 
   async _initializeEncryptionMaterial (suite: WebCryptoAlgorithmSuite, encryptionContext: EncryptionContext) {

modules/material-management-browser/test/browser_cryptographic_materials_manager.test.ts

@@ -203,7 +203,7 @@ describe('WebCryptoDefaultCryptographicMaterialsManager', () => {
       some: 'context'
     }
 
-    const { material } = await cmm.getEncryptionMaterials({ suite, encryptionContext })
+    const material = await cmm.getEncryptionMaterials({ suite, encryptionContext })
     expect(Object.keys(material.encryptionContext)).lengthOf(2)
     if (!material.signatureKey) throw new Error('I should never see this error')
     expect(material.encryptionContext).to.have.haveOwnProperty(ENCODED_SIGNER_KEY).and.to.equal(toBase64(material.signatureKey.compressPoint))
@@ -233,7 +233,7 @@ describe('WebCryptoDefaultCryptographicMaterialsManager', () => {
       some: 'context'
     }
 
-    const { material } = await cmm.getEncryptionMaterials({ encryptionContext })
+    const material = await cmm.getEncryptionMaterials({ encryptionContext })
     expect(Object.keys(material.encryptionContext)).lengthOf(2)
     if (!material.signatureKey) throw new Error('I should never see this error')
     expect(material.encryptionContext).to.have.haveOwnProperty(ENCODED_SIGNER_KEY).and.to.equal(toBase64(material.signatureKey.compressPoint))
@@ -309,7 +309,7 @@ describe('WebCryptoDefaultCryptographicMaterialsManager', () => {
     const encryptionContext = { some: 'context', [ENCODED_SIGNER_KEY]: 'A29gmBT/NscB90u6npOulZQwAAiKVtoShudOm2J2sCgC' }
     const edk = new EncryptedDataKey({ providerId: ' keyNamespace', providerInfo: 'keyName', encryptedDataKey: new Uint8Array(5) })
 
-    const { material } = await cmm.decryptMaterials({ suite, encryptionContext, encryptedDataKeys: [edk] })
+    const material = await cmm.decryptMaterials({ suite, encryptionContext, encryptedDataKeys: [edk] })
     if (!material.verificationKey) throw new Error('I should never see this error')
     expect(material.encryptionContext).to.deep.equal(encryptionContext)
     expect(material.verificationKey.signatureCurve).to.equal(suite.signatureCurve)

modules/material-management-node/src/node_cryptographic_materials_manager.ts

@@ -15,7 +15,7 @@
 
 import {
   NodeMaterialsManager, EncryptionRequest, DecryptionRequest, EncryptionContext, // eslint-disable-line no-unused-vars
-  EncryptionResponse, DecryptionResponse, // eslint-disable-line no-unused-vars
+  EncryptionMaterial, DecryptionMaterial, // eslint-disable-line no-unused-vars
   NodeAlgorithmSuite, NodeEncryptionMaterial, NodeDecryptionMaterial, SignatureKey,
   needs, VerificationKey, AlgorithmSuiteIdentifier,
   immutableClass, readOnlyProperty, KeyringNode,
@@ -28,8 +28,8 @@ import { createECDH } from 'crypto'
 
 export type NodeEncryptionRequest = EncryptionRequest<NodeAlgorithmSuite>
 export type NodeDecryptionRequest = DecryptionRequest<NodeAlgorithmSuite>
-export type NodeEncryptionResponse = EncryptionResponse<NodeAlgorithmSuite>
-export type NodeDecryptionResponse = DecryptionResponse<NodeAlgorithmSuite>
+export type NodeEncryptionMaterial = EncryptionMaterial<NodeAlgorithmSuite>
+export type NodeDecryptionMaterial = DecryptionMaterial<NodeAlgorithmSuite>
 export type NodeGetEncryptionMaterials = GetEncryptionMaterials<NodeAlgorithmSuite>
 export type NodeGetDecryptMaterials = GetDecryptMaterials<NodeAlgorithmSuite>
 
@@ -46,7 +46,7 @@ export class NodeDefaultCryptographicMaterialsManager implements NodeMaterialsMa
     readOnlyProperty(this, 'keyring', keyring)
   }
 
-  async getEncryptionMaterials ({ suite, encryptionContext }: NodeEncryptionRequest): Promise<NodeEncryptionResponse> {
+  async getEncryptionMaterials ({ suite, encryptionContext }: NodeEncryptionRequest): Promise<NodeEncryptionMaterial> {
     suite = suite || new NodeAlgorithmSuite(AlgorithmSuiteIdentifier.ALG_AES256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384)
 
     const material = await this
@@ -59,10 +59,10 @@ export class NodeDefaultCryptographicMaterialsManager implements NodeMaterialsMa
     /* Postcondition: The NodeEncryptionMaterial must contain at least 1 EncryptedDataKey. */
     needs(material.encryptedDataKeys.length, 'No EncryptedDataKeys: the ciphertext can never be decrypted.')
 
-    return { material }
+    return material
   }
 
-  async decryptMaterials ({ suite, encryptedDataKeys, encryptionContext }: NodeDecryptionRequest): Promise<NodeDecryptionResponse> {
+  async decryptMaterials ({ suite, encryptedDataKeys, encryptionContext }: NodeDecryptionRequest): Promise<NodeDecryptionMaterial> {
     const material = await this
       .keyring
       .onDecrypt(this._initializeDecryptionMaterial(suite, encryptionContext), encryptedDataKeys.slice())
@@ -73,7 +73,7 @@ export class NodeDefaultCryptographicMaterialsManager implements NodeMaterialsMa
      */
     needs(material.getUnencryptedDataKey(), 'Unencrypted data key is invalid.')
 
-    return { material }
+    return material
   }
 
   _initializeEncryptionMaterial (suite: NodeAlgorithmSuite, encryptionContext: EncryptionContext) {

modules/material-management-node/test/node_cryptographic_materials_manager.test.ts

@@ -258,7 +258,7 @@ describe('NodeDefaultCryptographicMaterialsManager', () => {
       providerId: 'p', providerInfo: 'p', encryptedDataKey: new Uint8Array(5)
     })]
 
-    const { material } = await cmm.decryptMaterials({ suite, encryptedDataKeys, encryptionContext: {} })
+    const material = await cmm.decryptMaterials({ suite, encryptedDataKeys, encryptionContext: {} })
     expect(material.hasUnencryptedDataKey).to.equal(true)
   })
 })

modules/material-management/src/materials_manager.ts

@@ -14,7 +14,7 @@
  */
 
 import { EncryptionRequest, DecryptionRequest } from '.' // eslint-disable-line no-unused-vars
-import { EncryptionResponse, DecryptionResponse, SupportedAlgorithmSuites } from './types' // eslint-disable-line no-unused-vars
+import { EncryptionMaterial, DecryptionMaterial, SupportedAlgorithmSuites } from './types' // eslint-disable-line no-unused-vars
 import { NodeAlgorithmSuite } from './node_algorithms' // eslint-disable-line no-unused-vars
 import { WebCryptoAlgorithmSuite } from './web_crypto_algorithms' // eslint-disable-line no-unused-vars
 
@@ -26,11 +26,11 @@ import { WebCryptoAlgorithmSuite } from './web_crypto_algorithms' // eslint-disa
  */
 
 export interface GetEncryptionMaterials<S extends SupportedAlgorithmSuites> {
-  (request: EncryptionRequest<S>): Promise<EncryptionResponse<S>>
+  (request: EncryptionRequest<S>): Promise<EncryptionMaterial<S>>
 }
 
 export interface GetDecryptMaterials<S extends SupportedAlgorithmSuites> {
-  (request: DecryptionRequest<S>): Promise<DecryptionResponse<S>>
+  (request: DecryptionRequest<S>): Promise<DecryptionMaterial<S>>
 }
 
 export interface MaterialsManager<S extends SupportedAlgorithmSuites> {