javascript/hybrid/ecies_aead_hkdf_validators.ts - external/github.com/google/tink - Git at Google

 /**
  * @license
  * Copyright 2020 Google LLC
  * SPDX-License-Identifier: Apache-2.0
  */

 import {AeadConfig} from '../aead/aead_config';
 import {SecurityException} from '../exception/security_exception';
 import {PbEciesAeadDemParams, PbEciesAeadHkdfKeyFormat, PbEciesAeadHkdfParams, PbEciesAeadHkdfPrivateKey, PbEciesAeadHkdfPublicKey, PbEciesHkdfKemParams, PbEllipticCurveType, PbHashType, PbPointFormat} from '../internal/proto';
 import * as Validators from '../subtle/validators';

 function validateKemParams(kemParams: PbEciesHkdfKemParams) {
   const curve = kemParams.getCurveType();
   if (curve !== PbEllipticCurveType.NIST_P256 &&
       curve !== PbEllipticCurveType.NIST_P384 &&
       curve !== PbEllipticCurveType.NIST_P521) {
     throw new SecurityException('Invalid KEM params - unknown curve type.');
   }
   const hashType = kemParams.getHkdfHashType();
   if (hashType !== PbHashType.SHA1 && hashType !== PbHashType.SHA256 &&
       hashType !== PbHashType.SHA384 && hashType !== PbHashType.SHA512) {
     throw new SecurityException('Invalid KEM params - unknown hash type.');
   }
 }

 function validateDemParams(demParams: PbEciesAeadDemParams) {
   if (!demParams.getAeadDem()) {
     throw new SecurityException(
         'Invalid DEM params - missing AEAD key template.');
   }

   // It is checked also here due to methods for creating new keys. We do not
   // allow creating new keys from formats which contains key templates of
   // not supported key types.
   const aeadKeyType = demParams.getAeadDem()!.getTypeUrl();
   if (aeadKeyType != AeadConfig.AES_CTR_HMAC_AEAD_TYPE_URL &&
       aeadKeyType != AeadConfig.AES_GCM_TYPE_URL) {
     throw new SecurityException(
         'Invalid DEM params - ' + aeadKeyType +
         ' template is not supported by ECIES AEAD HKDF.');
   }
 }

 export function validateParams(params: PbEciesAeadHkdfParams) {
   const kemParams = params.getKemParams();
   if (!kemParams) {
     throw new SecurityException('Invalid params - missing KEM params.');
   }
   validateKemParams(kemParams);
   const demParams = params.getDemParams();
   if (!demParams) {
     throw new SecurityException('Invalid params - missing DEM params.');
   }
   validateDemParams(demParams);
   const pointFormat = params.getEcPointFormat();
   if (pointFormat !== PbPointFormat.UNCOMPRESSED &&
       pointFormat !== PbPointFormat.COMPRESSED &&
       pointFormat !== PbPointFormat.DO_NOT_USE_CRUNCHY_UNCOMPRESSED) {
     throw new SecurityException(
         'Invalid key params - unknown EC point format.');
   }
 }

 export function validateKeyFormat(keyFormat: PbEciesAeadHkdfKeyFormat) {
   const params = keyFormat.getParams();
   if (!params) {
     throw new SecurityException('Invalid key format - missing key params.');
   }
   validateParams(params);
 }

 export function validatePublicKey(
     key: PbEciesAeadHkdfPublicKey, publicKeyManagerVersion: number) {
   Validators.validateVersion(key.getVersion(), publicKeyManagerVersion);
   const params = key.getParams();
   if (!params) {
     throw new SecurityException('Invalid public key - missing key params.');
   }
   validateParams(params);
   if (!key.getX().length || !key.getY().length) {
     throw new SecurityException(
         'Invalid public key - missing value of X or Y.');
   }
 }

 // TODO Should we add more checks here?
 export function validatePrivateKey(
     key: PbEciesAeadHkdfPrivateKey, privateKeyManagerVersion: number,
     publicKeyManagerVersion: number) {
   Validators.validateVersion(key.getVersion(), privateKeyManagerVersion);
   if (!key.getKeyValue()) {
     throw new SecurityException(
         'Invalid private key - missing private key value.');
   }
   const publicKey = key.getPublicKey();
   if (!publicKey) {
     throw new SecurityException(
         'Invalid private key - missing public key information.');
   }
   validatePublicKey(publicKey, publicKeyManagerVersion);
 }

 // TODO Should we add more checks here?
	/**
	* @license
	* Copyright 2020 Google LLC
	* SPDX-License-Identifier: Apache-2.0
	*/

	import {AeadConfig} from '../aead/aead_config';
	import {SecurityException} from '../exception/security_exception';
	import {PbEciesAeadDemParams, PbEciesAeadHkdfKeyFormat, PbEciesAeadHkdfParams, PbEciesAeadHkdfPrivateKey, PbEciesAeadHkdfPublicKey, PbEciesHkdfKemParams, PbEllipticCurveType, PbHashType, PbPointFormat} from '../internal/proto';
	import * as Validators from '../subtle/validators';

	function validateKemParams(kemParams: PbEciesHkdfKemParams) {
	const curve = kemParams.getCurveType();
	if (curve !== PbEllipticCurveType.NIST_P256 &&
	curve !== PbEllipticCurveType.NIST_P384 &&
	curve !== PbEllipticCurveType.NIST_P521) {
	throw new SecurityException('Invalid KEM params - unknown curve type.');
	}
	const hashType = kemParams.getHkdfHashType();
	if (hashType !== PbHashType.SHA1 && hashType !== PbHashType.SHA256 &&
	hashType !== PbHashType.SHA384 && hashType !== PbHashType.SHA512) {
	throw new SecurityException('Invalid KEM params - unknown hash type.');
	}
	}

	function validateDemParams(demParams: PbEciesAeadDemParams) {
	if (!demParams.getAeadDem()) {
	throw new SecurityException(
	'Invalid DEM params - missing AEAD key template.');
	}

	// It is checked also here due to methods for creating new keys. We do not
	// allow creating new keys from formats which contains key templates of
	// not supported key types.
	const aeadKeyType = demParams.getAeadDem()!.getTypeUrl();
	if (aeadKeyType != AeadConfig.AES_CTR_HMAC_AEAD_TYPE_URL &&
	aeadKeyType != AeadConfig.AES_GCM_TYPE_URL) {
	throw new SecurityException(
	'Invalid DEM params - ' + aeadKeyType +
	' template is not supported by ECIES AEAD HKDF.');
	}
	}

	export function validateParams(params: PbEciesAeadHkdfParams) {
	const kemParams = params.getKemParams();
	if (!kemParams) {
	throw new SecurityException('Invalid params - missing KEM params.');
	}
	validateKemParams(kemParams);
	const demParams = params.getDemParams();
	if (!demParams) {
	throw new SecurityException('Invalid params - missing DEM params.');
	}
	validateDemParams(demParams);
	const pointFormat = params.getEcPointFormat();
	if (pointFormat !== PbPointFormat.UNCOMPRESSED &&
	pointFormat !== PbPointFormat.COMPRESSED &&
	pointFormat !== PbPointFormat.DO_NOT_USE_CRUNCHY_UNCOMPRESSED) {
	throw new SecurityException(
	'Invalid key params - unknown EC point format.');
	}
	}

	export function validateKeyFormat(keyFormat: PbEciesAeadHkdfKeyFormat) {
	const params = keyFormat.getParams();
	if (!params) {
	throw new SecurityException('Invalid key format - missing key params.');
	}
	validateParams(params);
	}

	export function validatePublicKey(
	key: PbEciesAeadHkdfPublicKey, publicKeyManagerVersion: number) {
	Validators.validateVersion(key.getVersion(), publicKeyManagerVersion);
	const params = key.getParams();
	if (!params) {
	throw new SecurityException('Invalid public key - missing key params.');
	}
	validateParams(params);
	if (!key.getX().length \|\| !key.getY().length) {
	throw new SecurityException(
	'Invalid public key - missing value of X or Y.');
	}
	}

	// TODO Should we add more checks here?
	export function validatePrivateKey(
	key: PbEciesAeadHkdfPrivateKey, privateKeyManagerVersion: number,
	publicKeyManagerVersion: number) {
	Validators.validateVersion(key.getVersion(), privateKeyManagerVersion);
	if (!key.getKeyValue()) {
	throw new SecurityException(
	'Invalid private key - missing private key value.');
	}
	const publicKey = key.getPublicKey();
	if (!publicKey) {
	throw new SecurityException(
	'Invalid private key - missing public key information.');
	}
	validatePublicKey(publicKey, publicKeyManagerVersion);
	}

	// TODO Should we add more checks here?