feat: Change to AwsEsdkJsCryptoKey

Regarding aws#237, the shape of the CryptoKey
when dealing with a fallback may slightly differ.
By changing all references to AwsEsdkJsCryptoKey
I can control any type mismatch.

Author: seebees

modules/material-management-browser/src/index.ts

@@ -22,5 +22,5 @@ export {
   AlgorithmSuiteIdentifier, EncryptionContext, EncryptedDataKey, KeyringWebCrypto,
   KeyringTrace, KeyringTraceFlag, needs, MixedBackendCryptoKey, MultiKeyringWebCrypto,
   immutableBaseClass, immutableClass, frozenClass, readOnlyProperty, keyUsageForMaterial,
-  isValidCryptoKey, isCryptoKey, WebCryptoMaterialsManager, unwrapDataKey
+  isValidCryptoKey, isCryptoKey, WebCryptoMaterialsManager, unwrapDataKey, AwsEsdkJsCryptoKey
 } from '@aws-crypto/material-management'

modules/material-management-browser/src/material_helpers.ts

@@ -23,6 +23,7 @@ import {
   keyUsageForMaterial,
   subtleFunctionForMaterial,
   unwrapDataKey,
+  AwsEsdkJsCryptoKey, // eslint-disable-line no-unused-vars
   WebCryptoMaterial // eslint-disable-line no-unused-vars
 } from '@aws-crypto/material-management'
 
@@ -155,7 +156,7 @@ export function getSubtleFunction<T extends WebCryptoMaterial<T>> (
   const { encryption: cipherName, ivLength, tagLength } = suite
 
   return (info: Uint8Array) => {
-    const derivedKeyPromise: Promise<CryptoKey|MixedBackendCryptoKey> = isCryptoKey(cryptoKey)
+    const derivedKeyPromise: Promise<AwsEsdkJsCryptoKey|MixedBackendCryptoKey> = isCryptoKey(cryptoKey)
       ? WebCryptoKdf(getNonZeroByteBackend(backend), material, cryptoKey, [subtleFunction], info)
       : Promise.all([
         WebCryptoKdf(getNonZeroByteBackend(backend), material, cryptoKey.nonZeroByteCryptoKey, [subtleFunction], info),
@@ -190,7 +191,7 @@ export function getSubtleFunction<T extends WebCryptoMaterial<T>> (
 export async function WebCryptoKdf<T extends WebCryptoMaterial<T>> (
   subtle: SubtleCrypto,
   material: T,
-  cryptoKey: CryptoKey,
+  cryptoKey: AwsEsdkJsCryptoKey,
   keyUsages: SubtleFunction[],
   info: Uint8Array
 ): Promise<CryptoKey> {
@@ -244,7 +245,7 @@ export async function _importCryptoKey<T extends WebCryptoMaterial<T>> (
   subtle: SubtleCrypto,
   material: T,
   keyUsages: KeyUsage[] = [keyUsageForMaterial(material)]
-) {
+): Promise<AwsEsdkJsCryptoKey> {
   const { suite } = material
   const extractable = false
   const udk = unwrapDataKey(material.getUnencryptedDataKey())

modules/raw-aes-keyring-browser/src/raw_aes_keyring_browser.ts

@@ -27,7 +27,8 @@ import {
   _importCryptoKey,
   unwrapDataKey,
   importForWebCryptoEncryptionMaterial,
-  importForWebCryptoDecryptionMaterial
+  importForWebCryptoDecryptionMaterial,
+  AwsEsdkJsCryptoKey // eslint-disable-line no-unused-vars
 } from '@aws-crypto/material-management-browser'
 import {
   serializeFactory,
@@ -55,7 +56,7 @@ const decryptFlags = KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY | KeyringT
 export type RawAesKeyringWebCryptoInput = {
   keyNamespace: string
   keyName: string
-  masterKey: CryptoKey,
+  masterKey: AwsEsdkJsCryptoKey,
   wrappingSuite: WrappingSuiteIdentifier
 }
 
@@ -125,7 +126,7 @@ export class RawAesKeyringWebCrypto extends KeyringWebCrypto {
    */
   _onDecrypt = _onDecrypt<WebCryptoAlgorithmSuite, RawAesKeyringWebCrypto>()
 
-  static async importCryptoKey (masterKey: Uint8Array, wrappingSuite: WrappingSuiteIdentifier) {
+  static async importCryptoKey (masterKey: Uint8Array, wrappingSuite: WrappingSuiteIdentifier): Promise<AwsEsdkJsCryptoKey> {
     needs(masterKey instanceof Uint8Array, 'Unsupported master key type.')
     const material = new WebCryptoRawAesMaterial(wrappingSuite)
       /* Precondition: masterKey must correspond to the algorithm suite specification.

modules/raw-rsa-keyring-browser/src/get_import_options.ts

@@ -25,7 +25,8 @@ import {
 import {
   MixedBackendCryptoKey, // eslint-disable-line no-unused-vars
   needs,
-  isCryptoKey
+  isCryptoKey,
+  AwsEsdkJsCryptoKey // eslint-disable-line no-unused-vars
 } from '@aws-crypto/material-management-browser'
 
 type WebCryptoRsaName = keyof typeof JsonWebKeyRsaAlg
@@ -80,7 +81,7 @@ export function getImportOptions (keyInfo: RsaImportableKey) {
   throw new Error('Unsupported RsaImportableKey')
 }
 
-export function getWrappingAlgorithm (publicKey?: CryptoKey, privateKey?: CryptoKey|MixedBackendCryptoKey) {
+export function getWrappingAlgorithm (publicKey?: AwsEsdkJsCryptoKey, privateKey?: AwsEsdkJsCryptoKey|MixedBackendCryptoKey) {
   const privateKeys = flattenMixedCryptoKey(privateKey)
   if (publicKey && privateKeys.length) {
     return verify(...[publicKey, ...privateKeys].map(extract))
@@ -92,7 +93,7 @@ export function getWrappingAlgorithm (publicKey?: CryptoKey, privateKey?: Crypto
   throw new Error('No Key provided.')
 }
 
-export function extract (key: CryptoKey): RsaWrappingKeyAlgorithm {
+export function extract (key: AwsEsdkJsCryptoKey): RsaWrappingKeyAlgorithm {
   const { algorithm } = key
   // @ts-ignore
   const { name, hash } = algorithm
@@ -122,7 +123,7 @@ export function verify (...args: RsaWrappingKeyAlgorithm[]) {
   }
 }
 
-export function flattenMixedCryptoKey (key?: CryptoKey|MixedBackendCryptoKey): CryptoKey[] {
+export function flattenMixedCryptoKey (key?: AwsEsdkJsCryptoKey|MixedBackendCryptoKey): AwsEsdkJsCryptoKey[] {
   /* Check for early return (Postcondition): empty inputs should return an empty array. */
   if (!key) return []
   if (isCryptoKey(key)) return [key]

modules/raw-rsa-keyring-browser/src/raw_rsa_keyring_web_crypto.ts

@@ -28,7 +28,8 @@ import {
   importForWebCryptoEncryptionMaterial,
   unwrapDataKey,
   MixedBackendCryptoKey, // eslint-disable-line no-unused-vars
-  WebCryptoAlgorithmSuite // eslint-disable-line no-unused-vars
+  WebCryptoAlgorithmSuite, // eslint-disable-line no-unused-vars
+  AwsEsdkJsCryptoKey // eslint-disable-line no-unused-vars
 } from '@aws-crypto/material-management-browser'
 
 import {
@@ -168,14 +169,14 @@ export class RawRsaKeyringWebCrypto extends KeyringWebCrypto {
    */
   _onDecrypt = _onDecrypt<WebCryptoAlgorithmSuite, RawRsaKeyringWebCrypto>()
 
-  static async importPublicKey (publicKey: RsaImportableKey): Promise<CryptoKey> {
+  static async importPublicKey (publicKey: RsaImportableKey): Promise<AwsEsdkJsCryptoKey> {
     const { wrappingAlgorithm, format, key } = getImportOptions(publicKey)
     const backend = await getWebCryptoBackend()
     const subtle = getNonZeroByteBackend(backend)
     return subtle.importKey(format, key, wrappingAlgorithm, false, ['wrapKey'])
   }
 
-  static async importPrivateKey (privateKey: RsaImportableKey): Promise<CryptoKey|MixedBackendCryptoKey> {
+  static async importPrivateKey (privateKey: RsaImportableKey): Promise<AwsEsdkJsCryptoKey|MixedBackendCryptoKey> {
     const { wrappingAlgorithm, format, key } = getImportOptions(privateKey)
     const backend = await getWebCryptoBackend()
 

modules/raw-rsa-keyring-browser/src/types.ts

@@ -14,7 +14,8 @@
  */
 
 import {
-  MixedBackendCryptoKey // eslint-disable-line no-unused-vars
+  MixedBackendCryptoKey, // eslint-disable-line no-unused-vars
+  AwsEsdkJsCryptoKey // eslint-disable-line no-unused-vars
 } from '@aws-crypto/material-management-browser'
 
 export enum RsaPadding {
@@ -69,6 +70,6 @@ export type RsaImportableKey = RsaJsonWebKey | BinaryKey
 export type RawRsaKeyringWebCryptoInput = {
   keyNamespace: string
   keyName: string
-  privateKey?: CryptoKey|MixedBackendCryptoKey
-  publicKey?: CryptoKey
+  privateKey?: AwsEsdkJsCryptoKey|MixedBackendCryptoKey
+  publicKey?: AwsEsdkJsCryptoKey
 }