fix: caching cmm export and material (#186)

seebees · web-flow · commit d2b352c5a1eb · 2019-08-06T18:38:03.000-07:00
* WebCryptoDecryptionMaterial do not have an unencrypted data key
This is because the CrypoKey offers better security,
and some unwrapping algorithms can directly return a CryptoKey
without exposing the unencrypted data key.
Update test for WebCryptoDecryptionMaterial.

* Caching CMMs need to be able to create a local cryptographic materials cache
export the function.
diff --git a/modules/cache-material/src/clone_cryptographic_material.ts b/modules/cache-material/src/clone_cryptographic_material.ts
@@ -37,12 +37,15 @@ export function cloneMaterial<M extends Material> (source: M): M {
       ? new WebCryptoEncryptionMaterial(suite, encryptionContext)
       : new WebCryptoDecryptionMaterial(suite, encryptionContext)
 
-  const udk = new Uint8Array(source.getUnencryptedDataKey())
-  clone.setUnencryptedDataKey(udk, source.keyringTrace[0])
+  if (source.hasUnencryptedDataKey) {
+    const udk = new Uint8Array(source.getUnencryptedDataKey())
+    clone.setUnencryptedDataKey(udk, source.keyringTrace[0])
+  }
+
   if ((<WebCryptoDecryptionMaterial>source).hasCryptoKey) {
     const cryptoKey = (<WebCryptoDecryptionMaterial>source).getCryptoKey()
     ;(<WebCryptoDecryptionMaterial>clone)
-      .setCryptoKey(cryptoKey, clone.keyringTrace[0])
+      .setCryptoKey(cryptoKey, source.keyringTrace[0])
   }
 
   if (isEncryptionMaterial(source) && isEncryptionMaterial(clone)) {
diff --git a/modules/cache-material/src/index.ts b/modules/cache-material/src/index.ts
@@ -17,3 +17,4 @@ export * from './cryptographic_materials_cache'
 export * from './caching_cryptographic_materials_decorators'
 export * from './build_cryptographic_materials_cache_key_helpers'
 export * from './clone_cryptographic_material'
+export * from './get_local_cryptographic_materials_cache'
diff --git a/modules/cache-material/test/clone_cryptographic_material.test.ts b/modules/cache-material/test/clone_cryptographic_material.test.ts
@@ -87,13 +87,12 @@ describe('cloneMaterial', () => {
   })
 
   it('clone WebCryptoDecryptionMaterial', () => {
+    /* WebCryptoDecryptionMaterial do not have an unencrypted data key. */
     const material = new WebCryptoDecryptionMaterial(webCryptoSuite, { some: 'context' })
-      .setUnencryptedDataKey(udk128, trace)
       .setCryptoKey(cryptoKey, trace)
 
     const test = cloneMaterial(material)
     expect(test).to.be.instanceOf(WebCryptoDecryptionMaterial)
-    expect(test.getUnencryptedDataKey()).to.deep.equal(udk128)
     expect(test.getCryptoKey()).to.deep.equal(cryptoKey)
     expect(test.keyringTrace).to.deep.equal(material.keyringTrace)
     expect(test.encryptionContext).to.deep.equal(material.encryptionContext)
diff --git a/modules/caching-materials-manager-browser/src/index.ts b/modules/caching-materials-manager-browser/src/index.ts
@@ -14,3 +14,4 @@
  */
 
 export * from './caching_materials_manager_browser'
+export { getLocalCryptographicMaterialsCache } from '@aws-crypto/cache-material'
diff --git a/modules/caching-materials-manager-node/src/index.ts b/modules/caching-materials-manager-node/src/index.ts
@@ -14,3 +14,4 @@
  */
 
 export * from './caching_materials_manager_node'
+export { getLocalCryptographicMaterialsCache } from '@aws-crypto/cache-material'

Original file line number	Diff line number	Diff line change
`@@ -14,3 +14,4 @@`
`14`	`14`	`*/`
`15`	`15`
`16`	`16`	`export * from './caching_materials_manager_browser'`
	`17`	`+export { getLocalCryptographicMaterialsCache } from '@aws-crypto/cache-material'`