more refactors

Author: tylerccarson

keeperapi/src/endpoint.ts

@@ -348,29 +348,12 @@ export async function prepareApiRequest(
         requestPayload.encryptedSessionToken = normal64Bytes(sessionToken);
     }
     requestPayload.apiVersion = apiVersion || 0
-    let requestPayloadBytes = ApiRequestPayload.encode(requestPayload).finish()
-    let encryptedRequestPayload = await platform.aesGcmEncrypt(requestPayloadBytes, transmissionKey.key)
+    const requestPayloadBytes = ApiRequestPayload.encode(requestPayload).finish()
+    const encryptedRequestPayload = await platform.aesGcmEncrypt(requestPayloadBytes, transmissionKey.key)
 
     // Use QRC to wrap the transmission key
-    const {ecKeyId, mlKemKeyId} = transmissionKey
-    if (!isAllowedNumber(ecKeyId)) { // TODO: validate mlKemKeyId as well
-        throw new Error(`Invalid EC key ID: ${ecKeyId}`)
-    }
-    const serverEcPublicKey = platform.keys[ecKeyId]
-    const serverMlKemPublicKey = platform.mlKemKeys[mlKemKeyId]
-    if (!serverEcPublicKey) {
-        throw new Error(`EC public key not found for ID: ${ecKeyId}`)
-    }
-    if (!serverMlKemPublicKey) {
-        throw new Error(`ML-KEM public key not found for ID: ${mlKemKeyId}`)
-    }
-
     const hpkeTransmissionKey = await generateHpkeTransmissionKey(
-        transmissionKey.key,
-        mlKemKeyId,
-        serverEcPublicKey,
-        serverMlKemPublicKey,
-        ecKeyId,
+        transmissionKey,
         true  // use optional data
     )
 

keeperapi/src/utils.ts

@@ -1,6 +1,6 @@
 import {KeyWrapper, LogOptions, Platform, platform} from "./platform";
 import type {KeeperHost, TransmissionKey, TransmissionKeyHpke} from './configuration';
-import { AllowedNumbers } from "./transmissionKeys";
+import { AllowedNumbers, isAllowedNumber } from "./transmissionKeys";
 import { Ciphersuite, HPKE_ECDH_KYBER, OPTIONAL_DATA_LENGTH } from "./qrc";
 
 export const log = (message: string, options: LogOptions = 'default') => {
@@ -47,25 +47,32 @@ export function getKeeperAutomatorAdminUrl(host: KeeperHost, forPath: string, au
 
 export async function generateTransmissionKey(keyNumber: AllowedNumbers): Promise<TransmissionKey> {
     const transmissionKey = platform.getRandomBytes(32)
-    // Hmm. Do we switch this to HPKE only?
     return {
-        ecKeyId: keyNumber, // TODO: rename to ecKeyId
+        ecKeyId: keyNumber,
         key: transmissionKey,
         mlKemKeyId: 100 // HARD CODED FOR NOW, should be passed in
-        // TODO: add the mlKemKeyId
-        // encryptedKey: await platform.publicEncryptEC(transmissionKey, platform.keys[keyNumber]) // deprecate this
     }
 }
 
-// call this instead (is it exported? also, should we just return the protobuf instead?
 export async function generateHpkeTransmissionKey(
-    transmissionKey: Uint8Array,
-    mlKemKeyId: number,
-    serverEcPublicKey: Uint8Array,
-    serverMlKemPublicKey: Uint8Array,
-    ecKeyId: number,
+    transmissionKey: TransmissionKey,
     useOptionalData: boolean = true
 ): Promise<TransmissionKeyHpke> {
+    const {ecKeyId, mlKemKeyId} = transmissionKey
+    if (!isAllowedNumber(ecKeyId)) { // TODO: validate mlKemKeyId as well
+        throw new Error(`Invalid EC key ID: ${ecKeyId}`)
+    }
+
+    const serverEcPublicKey = platform.keys[ecKeyId]
+    const serverMlKemPublicKey = platform.mlKemKeys[mlKemKeyId]
+    if (!serverEcPublicKey) {
+        throw new Error(`EC public key not found for ID: ${ecKeyId}`)
+    }
+    if (!serverMlKemPublicKey) {
+        throw new Error(`ML-KEM public key not found for ID: ${mlKemKeyId}`)
+    }
+
+
     // Generate optional data if requested (recommended for unique request binding)
     const optionalData = useOptionalData ? platform.getRandomBytes(OPTIONAL_DATA_LENGTH) : undefined;
 
@@ -74,15 +81,15 @@ export async function generateHpkeTransmissionKey(
 
     // Encrypt transmission key using QRC
     const qrcResult = await hpke.encrypt(
-        transmissionKey,
+        transmissionKey.key,
         serverEcPublicKey,
         serverMlKemPublicKey,
         optionalData
     );
 
     return {
         publicKeyId: mlKemKeyId,  // ML-KEM key ID
-        key: transmissionKey,
+        key: transmissionKey.key,
         qrcMessageKey: {
             clientEcPublicKey: qrcResult.clientEcPublicKey,
             mlKemEncapsulatedKey: qrcResult.mlKemEncapsulatedKey,