Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
const _unwrapKey = async (material: NodeDecryptionMaterial, edk: EncryptedDataKey) => {
const { keyNamespace, keyName } = this
/* The AAD section is uInt16BE(length) + AAD
* see: https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/message-format.html#header-aad
* However, the RAW Keyring wants _only_ the ADD.
* So, I just slice off the length.
*/
const { buffer, byteOffset, byteLength } = serializeEncryptionContext(material.encryptionContext).slice(2)
const aad = Buffer.from(buffer, byteOffset, byteLength)
// const aad = Buffer.concat(encodeEncryptionContext(context || {}))
return aesGcmUnwrapKey(keyNamespace, keyName, material, wrappingMaterial, edk, aad)
}
readOnlyProperty(this, 'keyName', keyName)
readOnlyProperty(this, 'keyNamespace', keyNamespace)
readOnlyProperty(this, '_wrapKey', _wrapKey)
readOnlyProperty(this, '_unwrapKey', _unwrapKey)
}
/* The AAD section is uInt16BE(length) + AAD
* see: https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/message-format.html#header-aad
* However, the RAW Keyring wants _only_ the ADD.
* So, I just slice off the length.
*/
const { buffer, byteOffset, byteLength } = serializeEncryptionContext(material.encryptionContext).slice(2)
const aad = Buffer.from(buffer, byteOffset, byteLength)
// const aad = Buffer.concat(encodeEncryptionContext(context || {}))
return aesGcmUnwrapKey(keyNamespace, keyName, material, wrappingMaterial, edk, aad)
}
readOnlyProperty(this, 'keyName', keyName)
readOnlyProperty(this, 'keyNamespace', keyNamespace)
readOnlyProperty(this, '_wrapKey', _wrapKey)
readOnlyProperty(this, '_unwrapKey', _unwrapKey)
}
const { keyNamespace, keyName } = this
/* The AAD section is uInt16BE(length) + AAD
* see: https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/message-format.html#header-aad
* However, the RAW Keyring wants _only_ the ADD.
* So, I just slice off the length.
*/
const { buffer, byteOffset, byteLength } = serializeEncryptionContext(material.encryptionContext).slice(2)
const aad = Buffer.from(buffer, byteOffset, byteLength)
// const aad = Buffer.concat(encodeEncryptionContext(context || {}))
return aesGcmUnwrapKey(keyNamespace, keyName, material, wrappingMaterial, edk, aad)
}
readOnlyProperty(this, 'keyName', keyName)
readOnlyProperty(this, 'keyNamespace', keyNamespace)
readOnlyProperty(this, '_wrapKey', _wrapKey)
readOnlyProperty(this, '_unwrapKey', _unwrapKey)
}
const _unwrapKey = async (material: NodeDecryptionMaterial, edk: EncryptedDataKey) => {
const { keyNamespace, keyName } = this
/* The AAD section is uInt16BE(length) + AAD
* see: https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/message-format.html#header-aad
* However, the RAW Keyring wants _only_ the ADD.
* So, I just slice off the length.
*/
const { buffer, byteOffset, byteLength } = serializeEncryptionContext(material.encryptionContext).slice(2)
const aad = Buffer.from(buffer, byteOffset, byteLength)
// const aad = Buffer.concat(encodeEncryptionContext(context || {}))
return aesGcmUnwrapKey(keyNamespace, keyName, material, wrappingMaterial, edk, aad)
}
readOnlyProperty(this, 'keyName', keyName)
readOnlyProperty(this, 'keyNamespace', keyNamespace)
readOnlyProperty(this, '_wrapKey', _wrapKey)
readOnlyProperty(this, '_unwrapKey', _unwrapKey)
}
const trace: KeyringTrace = {
keyName: this.keyName,
keyNamespace: this.keyNamespace,
flags: KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY
}
const { buffer, byteOffset, byteLength } = edk.encryptedDataKey
const encryptedDataKey = Buffer.from(buffer, byteOffset, byteLength)
const unencryptedDataKey = privateDecrypt(
{ key: privateKey, padding },
encryptedDataKey)
return material.setUnencryptedDataKey(unencryptedDataKey, trace)
}
readOnlyProperty(this, 'keyName', keyName)
readOnlyProperty(this, 'keyNamespace', keyNamespace)
readOnlyProperty(this, '_wrapKey', _wrapKey)
readOnlyProperty(this, '_unwrapKey', _unwrapKey)
}
keyNamespace: this.keyNamespace,
flags: KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY
}
const { buffer, byteOffset, byteLength } = edk.encryptedDataKey
const encryptedDataKey = Buffer.from(buffer, byteOffset, byteLength)
const unencryptedDataKey = privateDecrypt(
{ key: privateKey, padding },
encryptedDataKey)
return material.setUnencryptedDataKey(unencryptedDataKey, trace)
}
readOnlyProperty(this, 'keyName', keyName)
readOnlyProperty(this, 'keyNamespace', keyNamespace)
readOnlyProperty(this, '_wrapKey', _wrapKey)
readOnlyProperty(this, '_unwrapKey', _unwrapKey)
}
const trace: KeyringTrace = {
keyName: this.keyName,
keyNamespace: this.keyNamespace,
flags: KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY
}
const { buffer, byteOffset, byteLength } = edk.encryptedDataKey
const encryptedDataKey = Buffer.from(buffer, byteOffset, byteLength)
const unencryptedDataKey = privateDecrypt(
{ key: privateKey, padding },
encryptedDataKey)
return material.setUnencryptedDataKey(unencryptedDataKey, trace)
}
readOnlyProperty(this, 'keyName', keyName)
readOnlyProperty(this, 'keyNamespace', keyNamespace)
readOnlyProperty(this, '_wrapKey', _wrapKey)
readOnlyProperty(this, '_unwrapKey', _unwrapKey)
}
keyName: this.keyName,
keyNamespace: this.keyNamespace,
flags: KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY
}
const { buffer, byteOffset, byteLength } = edk.encryptedDataKey
const encryptedDataKey = Buffer.from(buffer, byteOffset, byteLength)
const unencryptedDataKey = privateDecrypt(
{ key: privateKey, padding },
encryptedDataKey)
return material.setUnencryptedDataKey(unencryptedDataKey, trace)
}
readOnlyProperty(this, 'keyName', keyName)
readOnlyProperty(this, 'keyNamespace', keyNamespace)
readOnlyProperty(this, '_wrapKey', _wrapKey)
readOnlyProperty(this, '_unwrapKey', _unwrapKey)
}