feat: Remove unencryptedDataKeyLength (#201)

seebees · web-flow · commit bd160c068e07 · 2019-09-06T14:35:45.000-07:00
It is a feature that is not being used.
This was created to let callers confirm that the unencrypted data key matched the algorithm suite,
but this checking is done directly into the cryptographic material now.
The hasUnencryptedDataKey is the best way to check for existence,
and the materials themselves will ensure that algorithm suite specifications are meet.

NOTE: This change is **ONLY** done because the project is in beta.
Otherwise there would be a major version bump.
diff --git a/modules/material-management/src/cryptographic_material.ts b/modules/material-management/src/cryptographic_material.ts
@@ -109,7 +109,6 @@ export interface CryptographicMaterial<T extends CryptographicMaterial<T>> {
   getUnencryptedDataKey: () => Uint8Array|AwsEsdkKeyObject
   zeroUnencryptedDataKey: () => T
   hasUnencryptedDataKey: boolean
-  unencryptedDataKeyLength: number
   keyringTrace: KeyringTrace[]
   encryptionContext: Readonly<EncryptionContext>
 }
@@ -141,7 +140,6 @@ export class NodeEncryptionMaterial implements
   getUnencryptedDataKey!: () => Uint8Array|AwsEsdkKeyObject
   zeroUnencryptedDataKey!: () => NodeEncryptionMaterial
   hasUnencryptedDataKey!: boolean
-  unencryptedDataKeyLength!: number
   keyringTrace: KeyringTrace[] = []
   encryptedDataKeys!: EncryptedDataKey[]
   addEncryptedDataKey!: (edk: EncryptedDataKey, flags: KeyringTraceFlag) => NodeEncryptionMaterial
@@ -176,7 +174,6 @@ export class NodeDecryptionMaterial implements
   getUnencryptedDataKey!: () => Uint8Array|AwsEsdkKeyObject
   zeroUnencryptedDataKey!: () => NodeDecryptionMaterial
   hasUnencryptedDataKey!: boolean
-  unencryptedDataKeyLength!: number
   keyringTrace: KeyringTrace[] = []
   setVerificationKey!: (key: VerificationKey) => NodeDecryptionMaterial
   verificationKey?: VerificationKey
@@ -210,7 +207,6 @@ export class WebCryptoEncryptionMaterial implements
   getUnencryptedDataKey!: () => Uint8Array|AwsEsdkKeyObject
   zeroUnencryptedDataKey!: () => WebCryptoEncryptionMaterial
   hasUnencryptedDataKey!: boolean
-  unencryptedDataKeyLength!: number
   keyringTrace: KeyringTrace[] = []
   encryptedDataKeys!: EncryptedDataKey[]
   addEncryptedDataKey!: (edk: EncryptedDataKey, flags: KeyringTraceFlag) => WebCryptoEncryptionMaterial
@@ -252,7 +248,6 @@ export class WebCryptoDecryptionMaterial implements
   getUnencryptedDataKey!: () => Uint8Array|AwsEsdkKeyObject
   zeroUnencryptedDataKey!: () => WebCryptoDecryptionMaterial
   hasUnencryptedDataKey!: boolean
-  unencryptedDataKeyLength!: number
   keyringTrace: KeyringTrace[] = []
   setVerificationKey!: (key: VerificationKey) => WebCryptoDecryptionMaterial
   verificationKey?: VerificationKey
@@ -367,21 +362,6 @@ export function decorateCryptographicMaterial<T extends CryptographicMaterial<T>
     needs(unsetCount === 0 || unsetCount === 2, 'Either unencryptedDataKey or udkForVerification was not set.')
     return material
   }
-  Object.defineProperty(material, 'unencryptedDataKeyLength', {
-    get: () => {
-      /* Precondition: The unencryptedDataKey must be set to have a length. */
-      needs(unencryptedDataKey, 'unencryptedDataKey has not been set')
-      /* Precondition: the unencryptedDataKey must not be Zeroed out.
-       * returning information about the data key,
-       * while not the worst thing may indicate misuse.
-       * Checking the algorithm specification is the proper way
-       * to do this
-       */
-      needs(!unencryptedDataKeyZeroed, 'unencryptedDataKey has been zeroed.')
-      return unwrapDataKey(unencryptedDataKey).byteLength
-    },
-    enumerable: true
-  })
 
   readOnlyProperty(material, 'setUnencryptedDataKey', setUnencryptedDataKey)
   readOnlyProperty(material, 'getUnencryptedDataKey', getUnencryptedDataKey)
diff --git a/modules/material-management/test/cryptographic_material.test.ts b/modules/material-management/test/cryptographic_material.test.ts
@@ -61,7 +61,6 @@ describe('decorateCryptographicMaterial', () => {
     const dataKey = new Uint8Array(suite.keyLengthBytes).fill(1)
     test.setUnencryptedDataKey(new Uint8Array(dataKey), { keyNamespace: 'k', keyName: 'k', flags: KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY })
     expect(test.hasUnencryptedDataKey).to.equal(true)
-    expect(test.unencryptedDataKeyLength).to.equal(dataKey.byteLength)
     const udk = unwrapDataKey(test.getUnencryptedDataKey())
     expect(udk).to.deep.equal(dataKey)
   })
@@ -101,29 +100,13 @@ describe('decorateCryptographicMaterial', () => {
     test.setUnencryptedDataKey(new Uint8Array(dataKey), { keyNamespace: 'k', keyName: 'k', flags: KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY })
     test.zeroUnencryptedDataKey()
     expect(() => test.getUnencryptedDataKey()).to.throw()
-    expect(() => test.unencryptedDataKeyLength).to.throw()
   })
 
   it('Precondition: unencryptedDataKey must be set before we can return it.', () => {
     const test: any = decorateCryptographicMaterial((<any>{}), KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY)
     expect(() => test.getUnencryptedDataKey()).to.throw()
   })
 
-  it('Precondition: The unencryptedDataKey must be set to have a length.', () => {
-    const test: any = decorateCryptographicMaterial((<any>{}), KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY)
-    expect(() => test.unencryptedDataKeyLength).to.throw()
-  })
-
-  it('Precondition: the unencryptedDataKey must not be Zeroed out.', () => {
-    const suite = new NodeAlgorithmSuite(AlgorithmSuiteIdentifier.ALG_AES128_GCM_IV12_TAG16)
-    const test = decorateCryptographicMaterial((<any>{ suite, keyringTrace: [] }), KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY)
-    const dataKey = new Uint8Array(suite.keyLengthBytes).fill(1)
-    const trace = { keyNamespace: 'k', keyName: 'k', flags: KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY }
-    test.setUnencryptedDataKey(dataKey, trace)
-    test.zeroUnencryptedDataKey()
-    expect(() => test.unencryptedDataKeyLength).to.throw('unencryptedDataKey has been zeroed.')
-  })
-
   it(`Precondition: If the unencryptedDataKey has not been set, it should not be settable later.
       Precondition: If the udkForVerification has not been set, it should not be settable later.`, () => {
     const suite = new NodeAlgorithmSuite(AlgorithmSuiteIdentifier.ALG_AES128_GCM_IV12_TAG16)
diff --git a/modules/raw-keyring/src/raw_aes_material.ts b/modules/raw-keyring/src/raw_aes_material.ts
@@ -50,7 +50,6 @@ export class NodeRawAesMaterial implements
   getUnencryptedDataKey!: () => Uint8Array|AwsEsdkKeyObject
   zeroUnencryptedDataKey!: () => NodeRawAesMaterial
   hasUnencryptedDataKey!: boolean
-  unencryptedDataKeyLength!: number
   keyringTrace: KeyringTrace[] = []
   encryptionContext: EncryptionContext = Object.freeze({})
   constructor (suiteId: WrappingSuiteIdentifier) {
@@ -80,7 +79,6 @@ export class WebCryptoRawAesMaterial implements
   getUnencryptedDataKey!: () => Uint8Array|AwsEsdkKeyObject
   zeroUnencryptedDataKey!: () => WebCryptoRawAesMaterial
   hasUnencryptedDataKey!: boolean
-  unencryptedDataKeyLength!: number
   keyringTrace: KeyringTrace[] = []
   setCryptoKey!: (dataKey: AwsEsdkJsCryptoKey|MixedBackendCryptoKey, trace: KeyringTrace) => WebCryptoRawAesMaterial
   getCryptoKey!: () => AwsEsdkJsCryptoKey|MixedBackendCryptoKey
