From 1090a053cc5e0b0246f7d7632ec87513141abdf2 Mon Sep 17 00:00:00 2001 From: seebees Date: Tue, 9 Apr 2019 06:56:05 -0700 Subject: [PATCH] fix: lint and tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Integrating many modules together in individual PRs is hard. I’m not surprised that I missed something. --- .../decrypt-node/src/parse_header_stream.ts | 2 +- modules/encrypt-node/test/encrypt.test.ts | 24 ++-- modules/kms-keyring/src/kms_keyring.ts | 4 +- .../test/kms_keyring.constructor.test.ts | 6 +- .../src/raw_aes_encrypted_data_keys.ts | 125 +++++++++--------- modules/raw-keyring/src/raw_aes_material.ts | 6 +- 6 files changed, 85 insertions(+), 82 deletions(-) diff --git a/modules/decrypt-node/src/parse_header_stream.ts b/modules/decrypt-node/src/parse_header_stream.ts index c32019717..628c0d1a0 100644 --- a/modules/decrypt-node/src/parse_header_stream.ts +++ b/modules/decrypt-node/src/parse_header_stream.ts @@ -78,7 +78,7 @@ export class ParseHeaderStream extends PortableTransformWithType { const verify = getVerify ? getVerify() : void 0 const verifyInfo: VerifyInfo = { headerInfo, getDecipher, verify, dispose } this.emit('VerifyInfo', verifyInfo) - this.emit('MessageHeader', headerInfo) + this.emit('MessageHeader', headerInfo.messageHeader) // The header is parsed, pass control const readPos = rawHeader.byteLength + headerIv.byteLength + headerAuthTag.byteLength diff --git a/modules/encrypt-node/test/encrypt.test.ts b/modules/encrypt-node/test/encrypt.test.ts index 6da1ed960..17eea3377 100644 --- a/modules/encrypt-node/test/encrypt.test.ts +++ b/modules/encrypt-node/test/encrypt.test.ts @@ -16,19 +16,19 @@ /* eslint-env mocha */ // import { expect } from 'chai' -import 'mocha' -import { - NodeDecryptionMaterial, // eslint-disable-line no-unused-vars - NodeAlgorithmSuite, NodeEncryptionMaterial, NodeCryptographicMaterialsManager, KeyringNode, EncryptedDataKey, - KeyringTraceFlag, AlgorithmSuiteIdentifier -} from '@aws-crypto/material-management-node' +// import 'mocha' +// import { +// NodeDecryptionMaterial, // eslint-disable-line no-unused-vars +// NodeAlgorithmSuite, NodeEncryptionMaterial, NodeCryptographicMaterialsManager, KeyringNode, EncryptedDataKey, +// KeyringTraceFlag, AlgorithmSuiteIdentifier +// } from '@aws-crypto/material-management-node' -import * as fs from 'fs' +// import * as fs from 'fs' -import { encryptStream, getEncryptionInfo } from '../src/encrypt_stream' +// import { encryptStream, getEncryptionInfo } from '../src/encrypt_stream' -import { getFramedEncryptStream } from '../src/framed_encrypt_stream' -import { SignatureStream } from '../src/signature_stream' -import { encrypt } from '../src/encrypt' +// import { getFramedEncryptStream } from '../src/framed_encrypt_stream' +// import { SignatureStream } from '../src/signature_stream' +// import { encrypt } from '../src/encrypt' -const never = () => { throw new Error('never') } +// const never = () => { throw new Error('never') } diff --git a/modules/kms-keyring/src/kms_keyring.ts b/modules/kms-keyring/src/kms_keyring.ts index f63805771..3e7b028ec 100644 --- a/modules/kms-keyring/src/kms_keyring.ts +++ b/modules/kms-keyring/src/kms_keyring.ts @@ -73,9 +73,9 @@ export function KmsKeyringClass !!regionFromKmsKeyArn(keyarn)), 'Malformed arn.') diff --git a/modules/kms-keyring/test/kms_keyring.constructor.test.ts b/modules/kms-keyring/test/kms_keyring.constructor.test.ts index e9edb8a3e..617e078cc 100644 --- a/modules/kms-keyring/test/kms_keyring.constructor.test.ts +++ b/modules/kms-keyring/test/kms_keyring.constructor.test.ts @@ -54,11 +54,15 @@ describe('KmsKeyring: constructor', () => { expect(test.isDiscovery).to.equal(true) }) - it('Precondition: A noop KmsKeyring is not allowed. You must explicitly set discovery or keyIds.', () => { + it('Precondition: A noop KmsKeyring is not allowed.', () => { class TestKmsKeyring extends KmsKeyringClass(Keyring as KeyRingConstructible) {} const clientProvider: any = () => {} expect(() => new TestKmsKeyring({ clientProvider })).to.throw() + }) + it('Precondition: A keyring can be either a Discovery or have keyIds configured.', () => { + class TestKmsKeyring extends KmsKeyringClass(Keyring as KeyRingConstructible) {} + const clientProvider: any = () => {} const generatorKeyId = 'arn:aws:kms:us-east-1:123456789012:alias/example-alias' const keyIds = ['arn:aws:kms:us-east-1:123456789012:alias/example-alias'] const discovery = true diff --git a/modules/raw-keyring/src/raw_aes_encrypted_data_keys.ts b/modules/raw-keyring/src/raw_aes_encrypted_data_keys.ts index 22c120c1c..67ef0831f 100644 --- a/modules/raw-keyring/src/raw_aes_encrypted_data_keys.ts +++ b/modules/raw-keyring/src/raw_aes_encrypted_data_keys.ts @@ -26,73 +26,72 @@ * The AAD (encryption context) is the same as the message. */ - import { concatBuffers, uInt32BE } from '@aws-crypto/serialize' - import { - AlgorithmSuite, // eslint-disable-line no-unused-vars - EncryptedDataKey, // eslint-disable-line no-unused-vars - needs - } from '@aws-crypto/material-management' - - export function rawAesEncryptedDataKeyFactory ( - toUtf8: (input: Uint8Array) => string, - fromUtf8: (input: any) => Uint8Array - ) { - return { rawAesEncryptedDataKey } - - function rawAesEncryptedDataKey ( - keyNamespace: string, - keyName: string, - iv: Uint8Array, - ciphertext: Uint8Array, - authTag: Uint8Array - ): EncryptedDataKey { - const ivLength = iv.byteLength - const authTagBitLength = authTag.byteLength * 8 - const encryptedDataKey = concatBuffers(ciphertext, authTag) - const providerId = keyNamespace - const rawInfo = concatBuffers(fromUtf8(keyName), uInt32BE(authTagBitLength), uInt32BE(ivLength), iv) - const providerInfo = toUtf8(rawInfo) - return new EncryptedDataKey({ encryptedDataKey, providerId, providerInfo, rawInfo }) - } - } - - export function rawAesEncryptedPartsFactory (fromUtf8: (input: any) => Uint8Array) { - return { rawAesEncryptedParts } - - function rawAesEncryptedParts (suite: AlgorithmSuite, keyName: string, { encryptedDataKey, rawInfo }: EncryptedDataKey) { - if (!(rawInfo instanceof Uint8Array)) throw new Error('Malformed Encrypted Data Key.') - // see above for format, slice off the "string part" - rawInfo = rawInfo.slice(fromUtf8(keyName).byteLength) - /* Uint8Array is a view on top of the underlying ArrayBuffer. +import { concatBuffers, uInt32BE } from '@aws-crypto/serialize' +import { + AlgorithmSuite, // eslint-disable-line no-unused-vars + EncryptedDataKey, // eslint-disable-line no-unused-vars + needs +} from '@aws-crypto/material-management' + +export function rawAesEncryptedDataKeyFactory ( + toUtf8: (input: Uint8Array) => string, + fromUtf8: (input: any) => Uint8Array +) { + return { rawAesEncryptedDataKey } + + function rawAesEncryptedDataKey ( + keyNamespace: string, + keyName: string, + iv: Uint8Array, + ciphertext: Uint8Array, + authTag: Uint8Array + ): EncryptedDataKey { + const ivLength = iv.byteLength + const authTagBitLength = authTag.byteLength * 8 + const encryptedDataKey = concatBuffers(ciphertext, authTag) + const providerId = keyNamespace + const rawInfo = concatBuffers(fromUtf8(keyName), uInt32BE(authTagBitLength), uInt32BE(ivLength), iv) + const providerInfo = toUtf8(rawInfo) + return new EncryptedDataKey({ encryptedDataKey, providerId, providerInfo, rawInfo }) + } +} + +export function rawAesEncryptedPartsFactory (fromUtf8: (input: any) => Uint8Array) { + return { rawAesEncryptedParts } + + function rawAesEncryptedParts (suite: AlgorithmSuite, keyName: string, { encryptedDataKey, rawInfo }: EncryptedDataKey) { + if (!(rawInfo instanceof Uint8Array)) throw new Error('Malformed Encrypted Data Key.') + // see above for format, slice off the "string part" + rawInfo = rawInfo.slice(fromUtf8(keyName).byteLength) + /* Uint8Array is a view on top of the underlying ArrayBuffer. * This means that raw underlying memory stored in the ArrayBuffer * may be larger than the Uint8Array. This is especially true of * the Node.js Buffer object. The offset and length *must* be * passed to the DataView otherwise I will get unexpected results. */ - const dataView = new DataView( - rawInfo.buffer, - rawInfo.byteOffset, - rawInfo.byteLength - ) - /* See above: + const dataView = new DataView( + rawInfo.buffer, + rawInfo.byteOffset, + rawInfo.byteLength + ) + /* See above: * uInt32BE(authTagBitLength),uInt32BE(ivLength), iv */ - const tagLengthBits = dataView.getUint32(0, false) // big endian - const ivLength = dataView.getUint32(4, false) // big endian - /* Precondition: The ivLength must match the algorith suite specification. */ - needs(ivLength === suite.ivLength, 'Malformed providerInfo') - /* Precondition: The tagLength must match the algorith suite specification. */ - needs(tagLengthBits === suite.tagLength, 'Malformed providerInfo') - /* Precondition: The byteLength of rawInfo should match the encoded length. */ - needs(rawInfo.byteLength === 4 + 4 + ivLength, 'Malformed providerInfo') - const tagLength = tagLengthBits / 8 - /* Precondition: The encryptedDataKey byteLength must match the algorith suite specification and encoded length. */ - needs(encryptedDataKey.byteLength === tagLength + suite.keyLengthBytes, 'Malformed providerInfo') - const iv = rawInfo.slice(-ivLength) - const authTag = encryptedDataKey.slice(-tagLength) - const ciphertext = encryptedDataKey.slice(0, -tagLength) - - return { authTag, ciphertext, iv } - } - } - \ No newline at end of file + const tagLengthBits = dataView.getUint32(0, false) // big endian + const ivLength = dataView.getUint32(4, false) // big endian + /* Precondition: The ivLength must match the algorith suite specification. */ + needs(ivLength === suite.ivLength, 'Malformed providerInfo') + /* Precondition: The tagLength must match the algorith suite specification. */ + needs(tagLengthBits === suite.tagLength, 'Malformed providerInfo') + /* Precondition: The byteLength of rawInfo should match the encoded length. */ + needs(rawInfo.byteLength === 4 + 4 + ivLength, 'Malformed providerInfo') + const tagLength = tagLengthBits / 8 + /* Precondition: The encryptedDataKey byteLength must match the algorith suite specification and encoded length. */ + needs(encryptedDataKey.byteLength === tagLength + suite.keyLengthBytes, 'Malformed providerInfo') + const iv = rawInfo.slice(-ivLength) + const authTag = encryptedDataKey.slice(-tagLength) + const ciphertext = encryptedDataKey.slice(0, -tagLength) + + return { authTag, ciphertext, iv } + } +} diff --git a/modules/raw-keyring/src/raw_aes_material.ts b/modules/raw-keyring/src/raw_aes_material.ts index 985d59a74..d5b0fd91e 100644 --- a/modules/raw-keyring/src/raw_aes_material.ts +++ b/modules/raw-keyring/src/raw_aes_material.ts @@ -13,7 +13,7 @@ * limitations under the License. */ -/* Here I am reusing the Material implementation and interface from material-management. +/* Here I am reusing the Material implementation and interface from material-management. * This is because there are many security guarantees that this implementations offer * that map to the current implementation of raw AES keyrings. * The KeyringTrace is an unfortunate case because there is no mapping. @@ -55,7 +55,7 @@ export class NodeRawAesMaterial implements /* NodeRawAesMaterial need to set a flag, this is an abuse of TraceFlags * because the material is not generated. * but CryptographicMaterial force a flag to be set. - */ + */ const setFlags = KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY decorateCryptographicMaterial(this, setFlags) Object.setPrototypeOf(this, NodeRawAesMaterial.prototype) @@ -87,7 +87,7 @@ export class WebCryptoRawAesMaterial implements /* WebCryptoRawAesMaterial need to set a flag, this is an abuse of TraceFlags * because the material is not generated. * but CryptographicMaterial force a flag to be set. - */ + */ const setFlag = KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY decorateCryptographicMaterial(this, setFlag) decorateWebCryptoMaterial(this, 0)