@opentdf/sdk 0.1.0-beta.1701

package/dist/web/src/nanotdf/enum/ResourceLocatorIdentifierEnum.js

@@ -0,0 +1,9 @@
+var ResourceLocatorIdentifierEnum;
+(function (ResourceLocatorIdentifierEnum) {
+    ResourceLocatorIdentifierEnum[ResourceLocatorIdentifierEnum["None"] = 0] = "None";
+    ResourceLocatorIdentifierEnum[ResourceLocatorIdentifierEnum["TwoBytes"] = 2] = "TwoBytes";
+    ResourceLocatorIdentifierEnum[ResourceLocatorIdentifierEnum["EightBytes"] = 8] = "EightBytes";
+    ResourceLocatorIdentifierEnum[ResourceLocatorIdentifierEnum["ThirtyTwoBytes"] = 32] = "ThirtyTwoBytes";
+})(ResourceLocatorIdentifierEnum || (ResourceLocatorIdentifierEnum = {}));
+export default ResourceLocatorIdentifierEnum;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUmVzb3VyY2VMb2NhdG9ySWRlbnRpZmllckVudW0uanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi9zcmMvbmFub3RkZi9lbnVtL1Jlc291cmNlTG9jYXRvcklkZW50aWZpZXJFbnVtLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLElBQUssNkJBS0o7QUFMRCxXQUFLLDZCQUE2QjtJQUNoQyxpRkFBUSxDQUFBO0lBQ1IseUZBQVksQ0FBQTtJQUNaLDZGQUFjLENBQUE7SUFDZCxzR0FBbUIsQ0FBQTtBQUNyQixDQUFDLEVBTEksNkJBQTZCLEtBQTdCLDZCQUE2QixRQUtqQztBQUVELGVBQWUsNkJBQTZCLENBQUMifQ==

package/dist/web/src/nanotdf/helpers/calculateByCurve.js

@@ -0,0 +1,24 @@
+import { getCurveLength } from '../models/EcCurves.js';
+/**
+ * Length of public key
+ *
+ * @param curveName CurveNameEnum
+ * @returns number length of the public key
+ */
+export function lengthOfPublicKey(curveName) {
+    return Math.ceil(getCurveLength(curveName) / 8);
+}
+/**
+ * Length of signature
+ *
+ * ECDSA signatures are 2 times longer than the signer's private key for the curve used during the signing process.
+ * For example, for 256-bit elliptic curves (like secp256k1 ) the ECDSA signature is 512 bits (64 bytes) and for 521-bit
+ * curves (like secp521r1 ) the signature is 1042 bits.
+ *
+ * @param curveName CurveNameEnum
+ * @returns number length of the signature
+ */
+export function lengthOfSignature(curveName) {
+    return Math.ceil((getCurveLength(curveName) * 2) / 8);
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2FsY3VsYXRlQnlDdXJ2ZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uL3NyYy9uYW5vdGRmL2hlbHBlcnMvY2FsY3VsYXRlQnlDdXJ2ZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFDQSxPQUFPLEVBQUUsY0FBYyxFQUFFLE1BQU0sdUJBQXVCLENBQUM7QUFFdkQ7Ozs7O0dBS0c7QUFDSCxNQUFNLFVBQVUsaUJBQWlCLENBQUMsU0FBd0I7SUFDeEQsT0FBTyxJQUFJLENBQUMsSUFBSSxDQUFDLGNBQWMsQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQztBQUNsRCxDQUFDO0FBRUQ7Ozs7Ozs7OztHQVNHO0FBQ0gsTUFBTSxVQUFVLGlCQUFpQixDQUFDLFNBQXdCO0lBQ3hELE9BQU8sSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDLGNBQWMsQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUFDLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQztBQUN4RCxDQUFDIn0=

package/dist/web/src/nanotdf/helpers/getHkdfSalt.js

@@ -0,0 +1,8 @@
+import { digest, enums } from '../../nanotdf-crypto/index.js';
+export default async function getHkdfSalt(buffer) {
+    return {
+        hkdfSalt: await digest(enums.HashType.Sha256, buffer),
+        hkdfHash: enums.HashType.Sha256,
+    };
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZ2V0SGtkZlNhbHQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi9zcmMvbmFub3RkZi9oZWxwZXJzL2dldEhrZGZTYWx0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUVBLE9BQU8sRUFBRSxNQUFNLEVBQUUsS0FBSyxFQUFFLE1BQU0sK0JBQStCLENBQUM7QUFPOUQsTUFBTSxDQUFDLE9BQU8sQ0FBQyxLQUFLLFVBQVUsV0FBVyxDQUFDLE1BQWdDO0lBQ3hFLE9BQU87UUFDTCxRQUFRLEVBQUUsTUFBTSxNQUFNLENBQUMsS0FBSyxDQUFDLFFBQVEsQ0FBQyxNQUFNLEVBQUUsTUFBTSxDQUFDO1FBQ3JELFFBQVEsRUFBRSxLQUFLLENBQUMsUUFBUSxDQUFDLE1BQU07S0FDaEMsQ0FBQztBQUNKLENBQUMifQ==

package/dist/web/src/nanotdf/index.js

@@ -0,0 +1,11 @@
+// Don't export named values or the enduser will
+// have to call `const NanoTDF = require('nanotdf').default`
+export { default as Client } from './Client.js';
+export { default as Header } from './models/Header.js';
+export { default as NanoTDF } from './NanoTDF.js';
+export { default as decrypt } from './decrypt.js';
+export { default as encrypt } from './encrypt.js';
+export { default as encryptDataset } from './encrypt-dataset.js';
+export { default as getHkdfSalt } from './helpers/getHkdfSalt.js';
+export { default as DefaultParams } from './models/DefaultParams.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvbmFub3RkZi9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxnREFBZ0Q7QUFDaEQsNERBQTREO0FBQzVELE9BQU8sRUFBRSxPQUFPLElBQUksTUFBTSxFQUFFLE1BQU0sYUFBYSxDQUFDO0FBQ2hELE9BQU8sRUFBRSxPQUFPLElBQUksTUFBTSxFQUFFLE1BQU0sb0JBQW9CLENBQUM7QUFDdkQsT0FBTyxFQUFFLE9BQU8sSUFBSSxPQUFPLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFDbEQsT0FBTyxFQUFFLE9BQU8sSUFBSSxPQUFPLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFDbEQsT0FBTyxFQUFFLE9BQU8sSUFBSSxPQUFPLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFDbEQsT0FBTyxFQUFFLE9BQU8sSUFBSSxjQUFjLEVBQUUsTUFBTSxzQkFBc0IsQ0FBQztBQUNqRSxPQUFPLEVBQUUsT0FBTyxJQUFJLFdBQVcsRUFBRSxNQUFNLDBCQUEwQixDQUFDO0FBQ2xFLE9BQU8sRUFBRSxPQUFPLElBQUksYUFBYSxFQUFFLE1BQU0sMkJBQTJCLENBQUMifQ==

package/dist/web/src/nanotdf/interfaces/PolicyInterface.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUG9saWN5SW50ZXJmYWNlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vLi4vc3JjL25hbm90ZGYvaW50ZXJmYWNlcy9Qb2xpY3lJbnRlcmZhY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IiJ9

package/dist/web/src/nanotdf/models/Ciphers.js

@@ -0,0 +1,54 @@
+import CipherEnum from '../enum/CipherEnum.js';
+import { UnsupportedFeatureError } from '../../errors.js';
+export const Aes256Gcm64 = {
+    name: CipherEnum.AES_256_GCM_64,
+    length: 64,
+};
+export const Aes256Gcm96 = {
+    name: CipherEnum.AES_256_GCM_96,
+    length: 96,
+};
+export const Aes256Gcm104 = {
+    name: CipherEnum.AES_256_GCM_104,
+    length: 104,
+};
+export const Aes256Gcm112 = {
+    name: CipherEnum.AES_256_GCM_112,
+    length: 112,
+};
+export const Aes256Gcm120 = {
+    name: CipherEnum.AES_256_GCM_120,
+    length: 120,
+};
+export const Aes256Gcm128 = {
+    name: CipherEnum.AES_256_GCM_128,
+    length: 128,
+};
+export function getBitLength(cipher) {
+    switch (cipher) {
+        case CipherEnum.AES_256_GCM_64:
+            return Aes256Gcm64.length;
+        case CipherEnum.AES_256_GCM_96:
+            return Aes256Gcm96.length;
+        case CipherEnum.AES_256_GCM_104:
+            return Aes256Gcm104.length;
+        case CipherEnum.AES_256_GCM_112:
+            return Aes256Gcm112.length;
+        case CipherEnum.AES_256_GCM_120:
+            return Aes256Gcm120.length;
+        case CipherEnum.AES_256_GCM_128:
+            return Aes256Gcm128.length;
+        default:
+            throw new UnsupportedFeatureError(`unsupported cipher enum value: [${cipher}]`);
+    }
+}
+// export default {
+//   Aes256Gcm64,
+//   Aes256Gcm96,
+//   Aes256Gcm104,
+//   Aes256Gcm112,
+//   Aes256Gcm120,
+//   Aes256Gcm128,
+//   getBitLength,
+// };
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQ2lwaGVycy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uL3NyYy9uYW5vdGRmL21vZGVscy9DaXBoZXJzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sVUFBVSxNQUFNLHVCQUF1QixDQUFDO0FBQy9DLE9BQU8sRUFBRSx1QkFBdUIsRUFBRSxNQUFNLGlCQUFpQixDQUFDO0FBTzFELE1BQU0sQ0FBQyxNQUFNLFdBQVcsR0FBb0I7SUFDMUMsSUFBSSxFQUFFLFVBQVUsQ0FBQyxjQUFjO0lBQy9CLE1BQU0sRUFBRSxFQUFFO0NBQ1gsQ0FBQztBQUVGLE1BQU0sQ0FBQyxNQUFNLFdBQVcsR0FBb0I7SUFDMUMsSUFBSSxFQUFFLFVBQVUsQ0FBQyxjQUFjO0lBQy9CLE1BQU0sRUFBRSxFQUFFO0NBQ1gsQ0FBQztBQUVGLE1BQU0sQ0FBQyxNQUFNLFlBQVksR0FBb0I7SUFDM0MsSUFBSSxFQUFFLFVBQVUsQ0FBQyxlQUFlO0lBQ2hDLE1BQU0sRUFBRSxHQUFHO0NBQ1osQ0FBQztBQUVGLE1BQU0sQ0FBQyxNQUFNLFlBQVksR0FBb0I7SUFDM0MsSUFBSSxFQUFFLFVBQVUsQ0FBQyxlQUFlO0lBQ2hDLE1BQU0sRUFBRSxHQUFHO0NBQ1osQ0FBQztBQUVGLE1BQU0sQ0FBQyxNQUFNLFlBQVksR0FBb0I7SUFDM0MsSUFBSSxFQUFFLFVBQVUsQ0FBQyxlQUFlO0lBQ2hDLE1BQU0sRUFBRSxHQUFHO0NBQ1osQ0FBQztBQUVGLE1BQU0sQ0FBQyxNQUFNLFlBQVksR0FBb0I7SUFDM0MsSUFBSSxFQUFFLFVBQVUsQ0FBQyxlQUFlO0lBQ2hDLE1BQU0sRUFBRSxHQUFHO0NBQ1osQ0FBQztBQUVGLE1BQU0sVUFBVSxZQUFZLENBQUMsTUFBa0I7SUFDN0MsUUFBUSxNQUFNLEVBQUU7UUFDZCxLQUFLLFVBQVUsQ0FBQyxjQUFjO1lBQzVCLE9BQU8sV0FBVyxDQUFDLE1BQU0sQ0FBQztRQUM1QixLQUFLLFVBQVUsQ0FBQyxjQUFjO1lBQzVCLE9BQU8sV0FBVyxDQUFDLE1BQU0sQ0FBQztRQUM1QixLQUFLLFVBQVUsQ0FBQyxlQUFlO1lBQzdCLE9BQU8sWUFBWSxDQUFDLE1BQU0sQ0FBQztRQUM3QixLQUFLLFVBQVUsQ0FBQyxlQUFlO1lBQzdCLE9BQU8sWUFBWSxDQUFDLE1BQU0sQ0FBQztRQUM3QixLQUFLLFVBQVUsQ0FBQyxlQUFlO1lBQzdCLE9BQU8sWUFBWSxDQUFDLE1BQU0sQ0FBQztRQUM3QixLQUFLLFVBQVUsQ0FBQyxlQUFlO1lBQzdCLE9BQU8sWUFBWSxDQUFDLE1BQU0sQ0FBQztRQUM3QjtZQUNFLE1BQU0sSUFBSSx1QkFBdUIsQ0FBQyxtQ0FBbUMsTUFBTSxHQUFHLENBQUMsQ0FBQztLQUNuRjtBQUNILENBQUM7QUFFRCxtQkFBbUI7QUFDbkIsaUJBQWlCO0FBQ2pCLGlCQUFpQjtBQUNqQixrQkFBa0I7QUFDbEIsa0JBQWtCO0FBQ2xCLGtCQUFrQjtBQUNsQixrQkFBa0I7QUFFbEIsa0JBQWtCO0FBQ2xCLEtBQUsifQ==

package/dist/web/src/nanotdf/models/DefaultParams.js

@@ -0,0 +1,22 @@
+import CipherEnum from '../enum/CipherEnum.js';
+import CurveNameEnum from '../enum/CurveNameEnum.js';
+import PolicyTypeEnum from '../enum/PolicyTypeEnum.js';
+const enc = new TextEncoder();
+/**
+ * Default encrypt param builders
+ *
+ * @link https://github.com/virtru/tdf3-cpp/blob/develop/tdf3-src/lib/src/nanotdf_builder_impl.h
+ */
+const DefaultParams = {
+    ecdsaBinding: false,
+    ephemeralCurveName: CurveNameEnum.SECP256R1,
+    magicNumberVersion: enc.encode('L1L'),
+    offlineMode: false,
+    policyType: PolicyTypeEnum.EmbeddedEncrypted,
+    signature: false,
+    signatureCurveName: CurveNameEnum.SECP256R1,
+    symmetricCipher: CipherEnum.AES_256_GCM_96,
+    defaultECAlgorithm: 'ec:secp256r1',
+};
+export default DefaultParams;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiRGVmYXVsdFBhcmFtcy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uL3NyYy9uYW5vdGRmL21vZGVscy9EZWZhdWx0UGFyYW1zLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sVUFBVSxNQUFNLHVCQUF1QixDQUFDO0FBQy9DLE9BQU8sYUFBYSxNQUFNLDBCQUEwQixDQUFDO0FBQ3JELE9BQU8sY0FBYyxNQUFNLDJCQUEyQixDQUFDO0FBRXZELE1BQU0sR0FBRyxHQUFHLElBQUksV0FBVyxFQUFFLENBQUM7QUFFOUI7Ozs7R0FJRztBQUNILE1BQU0sYUFBYSxHQUFHO0lBQ3BCLFlBQVksRUFBRSxLQUFLO0lBQ25CLGtCQUFrQixFQUFFLGFBQWEsQ0FBQyxTQUFTO0lBQzNDLGtCQUFrQixFQUFFLEdBQUcsQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDO0lBQ3JDLFdBQVcsRUFBRSxLQUFLO0lBQ2xCLFVBQVUsRUFBRSxjQUFjLENBQUMsaUJBQWlCO0lBQzVDLFNBQVMsRUFBRSxLQUFLO0lBQ2hCLGtCQUFrQixFQUFFLGFBQWEsQ0FBQyxTQUFTO0lBQzNDLGVBQWUsRUFBRSxVQUFVLENBQUMsY0FBYztJQUMxQyxrQkFBa0IsRUFBRSxjQUFjO0NBQ25DLENBQUM7QUFFRixlQUFlLGFBQWEsQ0FBQyJ9

package/dist/web/src/nanotdf/models/EcCurves.js

@@ -0,0 +1,32 @@
+import CurveNameEnum from '../enum/CurveNameEnum.js';
+import { UnsupportedFeatureError } from '../../errors.js';
+export const Secp256R1 = {
+    name: CurveNameEnum.SECP256R1,
+    length: 256,
+};
+export const Secp384R1 = {
+    name: CurveNameEnum.SECP384R1,
+    length: 384,
+};
+export const Secp521R1 = {
+    name: CurveNameEnum.SECP521R1,
+    length: 521,
+};
+/**
+ * Get size from Curve
+ *
+ * @param curveName CurveNameEnum name of the curve
+ */
+export function getCurveLength(curveName) {
+    switch (curveName) {
+        case Secp256R1.name:
+            return Secp256R1.length;
+        case Secp384R1.name:
+            return Secp384R1.length;
+        case Secp521R1.name:
+            return Secp521R1.length;
+        default:
+            throw new UnsupportedFeatureError(`unsupported curve name: ${curveName}`);
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiRWNDdXJ2ZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi9zcmMvbmFub3RkZi9tb2RlbHMvRWNDdXJ2ZXMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxhQUFhLE1BQU0sMEJBQTBCLENBQUM7QUFDckQsT0FBTyxFQUFFLHVCQUF1QixFQUFFLE1BQU0saUJBQWlCLENBQUM7QUFPMUQsTUFBTSxDQUFDLE1BQU0sU0FBUyxHQUFtQjtJQUN2QyxJQUFJLEVBQUUsYUFBYSxDQUFDLFNBQVM7SUFDN0IsTUFBTSxFQUFFLEdBQUc7Q0FDWixDQUFDO0FBRUYsTUFBTSxDQUFDLE1BQU0sU0FBUyxHQUFtQjtJQUN2QyxJQUFJLEVBQUUsYUFBYSxDQUFDLFNBQVM7SUFDN0IsTUFBTSxFQUFFLEdBQUc7Q0FDWixDQUFDO0FBRUYsTUFBTSxDQUFDLE1BQU0sU0FBUyxHQUFtQjtJQUN2QyxJQUFJLEVBQUUsYUFBYSxDQUFDLFNBQVM7SUFDN0IsTUFBTSxFQUFFLEdBQUc7Q0FDWixDQUFDO0FBRUY7Ozs7R0FJRztBQUNILE1BQU0sVUFBVSxjQUFjLENBQUMsU0FBd0I7SUFDckQsUUFBUSxTQUFTLEVBQUU7UUFDakIsS0FBSyxTQUFTLENBQUMsSUFBSTtZQUNqQixPQUFPLFNBQVMsQ0FBQyxNQUFNLENBQUM7UUFDMUIsS0FBSyxTQUFTLENBQUMsSUFBSTtZQUNqQixPQUFPLFNBQVMsQ0FBQyxNQUFNLENBQUM7UUFDMUIsS0FBSyxTQUFTLENBQUMsSUFBSTtZQUNqQixPQUFPLFNBQVMsQ0FBQyxNQUFNLENBQUM7UUFDMUI7WUFDRSxNQUFNLElBQUksdUJBQXVCLENBQUMsMkJBQTJCLFNBQVMsRUFBRSxDQUFDLENBQUM7S0FDN0U7QUFDSCxDQUFDIn0=

package/dist/web/src/nanotdf/models/Header.js

@@ -0,0 +1,250 @@
+// Models
+import { getBitLength } from './Ciphers.js';
+import ResourceLocator from './ResourceLocator.js';
+import PolicyFactory from './Policy/PolicyFactory.js';
+// Helpers
+import { lengthOfPublicKey } from '../helpers/calculateByCurve.js';
+import DefaultParams from './DefaultParams.js';
+import { ConfigurationError, InvalidFileError } from '../../errors.js';
+import { rstrip } from '../../utils.js';
+/**
+ * NanoTDF Header
+ *
+ * The header section is intended to be sent to a KAS and is used by the KAS to derive the decryption key that can
+ * decrypts the nanotdf's payload. The Header is structured as follows:
+ *
+ * | Section                | Minimum Length (B) | Maximum Length (B) |
+ * |------------------------|--------------------|--------------------|
+ * | Magic Number + Version | 3                  | 3                  |
+ * | KAS (resource locator) | 3                  | 257                |
+ * | ECC Mode               | 1                  | 1                  |
+ * | Payload + Sig Mode     | 1                  | 1                  |
+ * | Policy                 | 3                  | 257                |
+ * | Ephemeral Key          | 33                 | 67                 |
+ *
+ */
+class Header {
+    static parse(buff) {
+        let offset = 0;
+        /**
+         * Magic number and version
+         *
+         * @link https://github.com/virtru/nanotdf/blob/master/spec/index.md#3311-magic-number--version
+         */
+        // Convert to ascii
+        const magicNumberVersion = buff.subarray(Header.MAGIC_NUMBER_VERSION_BYTE_OFF, Header.MAGIC_NUMBER_VERSION_BYTE_LEN);
+        offset += Header.MAGIC_NUMBER_VERSION_BYTE_LEN;
+        /**
+         * KAS Resource Locator
+         *
+         * KAS is a typeof Resource Locator
+         *
+         * @link https://github.com/virtru/nanotdf/blob/master/spec/index.md#3312-kas
+         * @link https://github.com/virtru/nanotdf/blob/master/spec/index.md#341-resource-locator
+         */
+        const kas = ResourceLocator.parse(buff.subarray(offset));
+        offset += kas.length;
+        /**
+         * ECC & Binding Mode
+         *
+         * This section contains a 1-byte bitfield describing the ECC Params and Policy binding strategy to use.
+         * The Policy Binding strategy is either using a 64-bit GMAC (using AES-256-GCM) tag or an ECDSA signature.
+         * The signature size depends on the size of ECC Params used. The nanotdf at this time only supports methods that
+         * involve Elliptic Curve Cryptography. The fields are structured as follows:
+         *
+         * | Section                   | Bit Length | Bit start index |
+         * |---------------------------|------------|-----------------|
+         * | USE_ECDSA_BINDING         | 1          | 7               |
+         * | UNUSED                    | 4          | 3               |
+         * | Ephemeral ECC Params Enum | 3          | 0               |
+         *
+         * @link https://github.com/virtru/nanotdf/blob/master/spec/index.md#3313-ecc-and-binding-mode
+         */
+        const eccBindingModeDV = buff.subarray(offset, offset + Header.ECC_BINDING_MODE_BYTE_LEN);
+        const useECDSABinding = eccBindingModeDV[0] >> 7 === 1; // Last bit
+        const ephemeralCurveName = eccBindingModeDV[0] & 0x7; // First 3 bits
+        offset += Header.ECC_BINDING_MODE_BYTE_LEN;
+        /**
+         * Symmetric & payload config
+         *
+         * This section contains a 1 byte data structure composed of bitfields that describe the symmetric ciphers for
+         * encrypted payloads. This cipher applies to both the Payload and the Policy of the nanotdf. The fields are as
+         * follows:
+         *
+         * | Section               | Bit Length | Bit start index |
+         * |-----------------------|------------|-----------------|
+         * | HAS_SIGNATURE         | 1          | 7               |
+         * | Signature ECC Mode    | 3          | 4               |
+         * | Symmetric Cipher Enum | 4          | 0               |
+         *
+         * @link https://github.com/virtru/nanotdf/blob/master/spec/index.md#3314-symmetric-and-payload-config
+         */
+        const symmetricPayloadDV = buff.subarray(offset, offset + Header.ECC_BINDING_MODE_BYTE_LEN);
+        const hasSignature = symmetricPayloadDV[0] >> 7 === 1; // Last bit
+        const signatureCurveName = (symmetricPayloadDV[0] >> 4) & 0x7; // Middle 3 bits
+        const symmetricCipher = symmetricPayloadDV[0] & 0xf; // First 4 bits
+        offset += Header.SYMMETRIC_PAYLOAD_CONFIG_BYTE_LEN;
+        /**
+         * Policy
+         *
+         * This section contains a Policy object. The data contained in the Policy allows for definition flexible
+         * definitions of a policy including a policy by reference, or an embedded policy. Refer to the Policy object's
+         * definition in Section 3.4.2
+         *
+         * The structure of the Policy is as follows:
+         *
+         * | Section   | Minimum Length (B) | Maximum Length (B) |
+         * |-----------|--------------------|--------------------|
+         * | Type Enum | 1                  | 1                  |
+         * | Body      | 3                  | 257                |
+         * | Binding   | 8                  | 132                |
+         *
+         * @link https://github.com/virtru/nanotdf/blob/master/spec/index.md#3315-policy
+         * @link https://github.com/virtru/nanotdf/blob/master/spec/index.md#342-policy
+         */
+        const { policy, offset: nextOffset } = PolicyFactory.parse(buff.subarray(offset), useECDSABinding, ephemeralCurveName);
+        offset += nextOffset;
+        /**
+         * Ephemeral public key
+         *
+         * This section contains a Key object. The size of the key is determined by the Encryption Method Section.
+         *
+         * @link https://github.com/virtru/nanotdf/blob/master/spec/index.md#3316-key
+         */
+        // TODO: Resolve where offset isn't adding 1 byte
+        const ephemeralPublicKeyLength = lengthOfPublicKey(ephemeralCurveName) + 1;
+        const ephemeralPublicKey = buff.subarray(offset, offset + ephemeralPublicKeyLength);
+        offset += ephemeralPublicKeyLength;
+        // Check if the ephemeral public key length is not the same length
+        if (ephemeralPublicKey.byteLength !== ephemeralPublicKeyLength) {
+            throw new InvalidFileError('nanotdf parse failure: public key read failure');
+        }
+        const header = new Header(magicNumberVersion, kas, useECDSABinding, ephemeralCurveName, hasSignature, signatureCurveName, symmetricCipher, policy, ephemeralPublicKey);
+        return {
+            header,
+            offset,
+        };
+    }
+    //Ephemeral Public Key
+    // protected _ephemeralPublicKey: string | null = null;
+    constructor(magicNumberVersion, kas, useECDSABinding, ephemeralCurveName, hasSignature, signatureCurveName, symmetricCipher, policy, ephemeralPublicKey) {
+        // Magic Number & Version
+        this.magicNumberVersion = DefaultParams.magicNumberVersion;
+        // ECC & Binding Mode
+        this.useECDSABinding = DefaultParams.ecdsaBinding;
+        this.ephemeralCurveName = DefaultParams.ephemeralCurveName;
+        // Symmetric & Payload Config
+        this.hasSignature = DefaultParams.signature;
+        this.signatureCurveName = DefaultParams.signatureCurveName;
+        this.symmetricCipher = DefaultParams.symmetricCipher;
+        this.magicNumberVersion = magicNumberVersion;
+        this.kas = kas;
+        this.useECDSABinding = useECDSABinding;
+        this.ephemeralCurveName = ephemeralCurveName;
+        this.hasSignature = hasSignature;
+        this.signatureCurveName = signatureCurveName;
+        this.symmetricCipher = symmetricCipher;
+        this.policy = policy;
+        this.ephemeralPublicKey = ephemeralPublicKey;
+        // Auth tag length in bits (i.e. AES GCM 64 bit)
+        this.authTagLength = getBitLength(this.symmetricCipher);
+    }
+    /**
+     * Copy the contents of the header to buffer
+     */
+    copyToBuffer(target) {
+        if (this.length > target.length) {
+            throw new InvalidFileError('invalid buffer size to copy tdf header');
+        }
+        let offset = 0;
+        // Write Magic number and version
+        target.set(this.magicNumberVersion, 0);
+        offset += this.magicNumberVersion.length;
+        // Write kas resource locator
+        const kasResourceLocatorBuf = this.kas.toBuffer();
+        target.set(kasResourceLocatorBuf, offset);
+        offset += kasResourceLocatorBuf.length;
+        // Write ECC & Binding Mode
+        const ecdsaBinding = this.useECDSABinding ? 1 : 0;
+        const eccBingingMode = (ecdsaBinding << 7) | this.ephemeralCurveName;
+        const eccBingingModeAsByte = new Uint8Array(1);
+        eccBingingModeAsByte[0] = eccBingingMode;
+        target.set(eccBingingModeAsByte, offset);
+        offset += eccBingingModeAsByte.length;
+        // Write symmetric & payload config
+        const isSignatureEnable = this.hasSignature ? 1 : 0;
+        const symmetricPayloadConfig = (isSignatureEnable << 7) | this.signatureCurveName | this.symmetricCipher;
+        const symmetricPayloadConfigAsByte = new Uint8Array(1);
+        symmetricPayloadConfigAsByte[0] = symmetricPayloadConfig;
+        target.set(symmetricPayloadConfigAsByte, offset);
+        offset += symmetricPayloadConfigAsByte.length;
+        // Write the policy
+        const policyBuffer = this.policy.toBuffer();
+        target.set(policyBuffer, offset);
+        offset += policyBuffer.length;
+        // Write the ephemeral public key
+        target.set(this.ephemeralPublicKey, offset);
+    }
+    /**
+     * Length
+     *
+     * @returns { number } Length of header
+     */
+    get length() {
+        return (
+        // Length of the magic number and version
+        this.magicNumberVersion.length +
+            // Length of the KAS resource locator
+            this.kas.length +
+            // ECC & Binding Mode - 1 Bytes
+            1 +
+            // symmetric & payload config - 1 Bytes
+            1 +
+            // Length of the policy
+            this.policy.getLength() +
+            // Length of the ephemeral public key
+            this.ephemeralPublicKey.length);
+    }
+    /**
+     * Return nanoTDF header as buffer
+     *
+     * Warning: This method will allocate memory of length of the header, use
+     * copyToBuffer() when copy is not needed.
+     */
+    toBuffer() {
+        const arrayBuffer = new ArrayBuffer(this.length);
+        const target = new Uint8Array(arrayBuffer);
+        this.copyToBuffer(target);
+        return arrayBuffer;
+    }
+    /**
+     * Get KAS Rewrap URL
+     */
+    getKasRewrapUrl() {
+        try {
+            return `${rstrip(this.kas.url, '/')}/v2/rewrap`;
+        }
+        catch (e) {
+            throw new ConfigurationError(`cannot construct KAS Rewrap URL: ${e.message}`);
+        }
+    }
+}
+// Magic Number & Version
+Header.MAGIC_NUMBER_VERSION_BYTE_OFF = 0;
+Header.MAGIC_NUMBER_VERSION_BYTE_LEN = 3;
+Header.MAGIC_NUMBER_OFFSET = 0;
+Header.MAGIC_NUMBER_LENGTH = 18;
+// ECC & Binding Mode
+Header.ECC_BINDING_MODE_BYTE_LEN = 1;
+Header.USE_ECDSA_BINDING_BIT_OFF = 0;
+Header.EPHEMERAL_ECC_CURVE_NAME_BIT_OFF = -3;
+// Symmetric & Payload Config
+Header.SYMMETRIC_PAYLOAD_CONFIG_BYTE_LEN = 1;
+Header.HAS_SIGNATURE_BIT_OFF = 1;
+Header.HAS_SIGNATURE_BIT_LEN = 1;
+Header.SIGNATURE_ECC_CURVE_NAME_BIT_OFF = 1;
+Header.SIGNATURE_ECC_CURVE_NAME_BIT_LEN = 3;
+Header.SYMMETRIC_CIPHER_BIT_OFF = 4;
+Header.SYMMETRIC_CIPHER_BIT_LEN = 4;
+export default Header;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiSGVhZGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vLi4vc3JjL25hbm90ZGYvbW9kZWxzL0hlYWRlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxTQUFTO0FBQ1QsT0FBTyxFQUFFLFlBQVksRUFBRSxNQUFNLGNBQWMsQ0FBQztBQUM1QyxPQUFPLGVBQWUsTUFBTSxzQkFBc0IsQ0FBQztBQUNuRCxPQUFPLGFBQWEsTUFBTSwyQkFBMkIsQ0FBQztBQU10RCxVQUFVO0FBQ1YsT0FBTyxFQUFFLGlCQUFpQixFQUFFLE1BQU0sZ0NBQWdDLENBQUM7QUFDbkUsT0FBTyxhQUFhLE1BQU0sb0JBQW9CLENBQUM7QUFDL0MsT0FBTyxFQUFFLGtCQUFrQixFQUFFLGdCQUFnQixFQUFFLE1BQU0saUJBQWlCLENBQUM7QUFDdkUsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLGdCQUFnQixDQUFDO0FBRXhDOzs7Ozs7Ozs7Ozs7Ozs7R0FlRztBQUNILE1BQXFCLE1BQU07SUE0Q3pCLE1BQU0sQ0FBQyxLQUFLLENBQUMsSUFBZ0I7UUFDM0IsSUFBSSxNQUFNLEdBQUcsQ0FBQyxDQUFDO1FBRWY7Ozs7V0FJRztRQUNILG1CQUFtQjtRQUNuQixNQUFNLGtCQUFrQixHQUFHLElBQUksQ0FBQyxRQUFRLENBQ3RDLE1BQU0sQ0FBQyw2QkFBNkIsRUFDcEMsTUFBTSxDQUFDLDZCQUE2QixDQUNyQyxDQUFDO1FBQ0YsTUFBTSxJQUFJLE1BQU0sQ0FBQyw2QkFBNkIsQ0FBQztRQUUvQzs7Ozs7OztXQU9HO1FBQ0gsTUFBTSxHQUFHLEdBQUcsZUFBZSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUM7UUFDekQsTUFBTSxJQUFJLEdBQUcsQ0FBQyxNQUFNLENBQUM7UUFFckI7Ozs7Ozs7Ozs7Ozs7OztXQWVHO1FBQ0gsTUFBTSxnQkFBZ0IsR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sRUFBRSxNQUFNLEdBQUcsTUFBTSxDQUFDLHlCQUF5QixDQUFDLENBQUM7UUFDMUYsTUFBTSxlQUFlLEdBQUcsZ0JBQWdCLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLFdBQVc7UUFDbkUsTUFBTSxrQkFBa0IsR0FBRyxnQkFBZ0IsQ0FBQyxDQUFDLENBQUMsR0FBRyxHQUFHLENBQUMsQ0FBQyxlQUFlO1FBQ3JFLE1BQU0sSUFBSSxNQUFNLENBQUMseUJBQXlCLENBQUM7UUFFM0M7Ozs7Ozs7Ozs7Ozs7O1dBY0c7UUFDSCxNQUFNLGtCQUFrQixHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxFQUFFLE1BQU0sR0FBRyxNQUFNLENBQUMseUJBQXlCLENBQUMsQ0FBQztRQUM1RixNQUFNLFlBQVksR0FBRyxrQkFBa0IsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsV0FBVztRQUNsRSxNQUFNLGtCQUFrQixHQUFHLENBQUMsa0JBQWtCLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDLEdBQUcsR0FBRyxDQUFDLENBQUMsZ0JBQWdCO1FBQy9FLE1BQU0sZUFBZSxHQUFHLGtCQUFrQixDQUFDLENBQUMsQ0FBQyxHQUFHLEdBQUcsQ0FBQyxDQUFDLGVBQWU7UUFDcEUsTUFBTSxJQUFJLE1BQU0sQ0FBQyxpQ0FBaUMsQ0FBQztRQUVuRDs7Ozs7Ozs7Ozs7Ozs7Ozs7V0FpQkc7UUFDSCxNQUFNLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxVQUFVLEVBQUUsR0FBRyxhQUFhLENBQUMsS0FBSyxDQUN4RCxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxFQUNyQixlQUFlLEVBQ2Ysa0JBQWtCLENBQ25CLENBQUM7UUFDRixNQUFNLElBQUksVUFBVSxDQUFDO1FBRXJCOzs7Ozs7V0FNRztRQUNILGlEQUFpRDtRQUNqRCxNQUFNLHdCQUF3QixHQUFHLGlCQUFpQixDQUFDLGtCQUFrQixDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQzNFLE1BQU0sa0JBQWtCLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLEVBQUUsTUFBTSxHQUFHLHdCQUF3QixDQUFDLENBQUM7UUFDcEYsTUFBTSxJQUFJLHdCQUF3QixDQUFDO1FBRW5DLGtFQUFrRTtRQUNsRSxJQUFJLGtCQUFrQixDQUFDLFVBQVUsS0FBSyx3QkFBd0IsRUFBRTtZQUM5RCxNQUFNLElBQUksZ0JBQWdCLENBQUMsZ0RBQWdELENBQUMsQ0FBQztTQUM5RTtRQUVELE1BQU0sTUFBTSxHQUFHLElBQUksTUFBTSxDQUN2QixrQkFBa0IsRUFDbEIsR0FBRyxFQUNILGVBQWUsRUFDZixrQkFBa0IsRUFDbEIsWUFBWSxFQUNaLGtCQUFrQixFQUNsQixlQUFlLEVBQ2YsTUFBTSxFQUNOLGtCQUFrQixDQUNuQixDQUFDO1FBRUYsT0FBTztZQUNMLE1BQU07WUFDTixNQUFNO1NBQ1AsQ0FBQztJQUNKLENBQUM7SUFFRCxzQkFBc0I7SUFDdEIsdURBQXVEO0lBRXZELFlBQ0Usa0JBQThCLEVBQzlCLEdBQW9CLEVBQ3BCLGVBQXdCLEVBQ3hCLGtCQUFpQyxFQUNqQyxZQUFxQixFQUNyQixrQkFBaUMsRUFDakMsZUFBMkIsRUFDM0IsTUFBdUIsRUFDdkIsa0JBQThCO1FBbktoQyx5QkFBeUI7UUFDbEIsdUJBQWtCLEdBQWUsYUFBYSxDQUFDLGtCQUFrQixDQUFDO1FBS3pFLHFCQUFxQjtRQUNkLG9CQUFlLEdBQVksYUFBYSxDQUFDLFlBQVksQ0FBQztRQUN0RCx1QkFBa0IsR0FBa0IsYUFBYSxDQUFDLGtCQUFrQixDQUFDO1FBRTVFLDZCQUE2QjtRQUN0QixpQkFBWSxHQUFZLGFBQWEsQ0FBQyxTQUFTLENBQUM7UUFDaEQsdUJBQWtCLEdBQWtCLGFBQWEsQ0FBQyxrQkFBa0IsQ0FBQztRQUNyRSxvQkFBZSxHQUFlLGFBQWEsQ0FBQyxlQUFlLENBQUM7UUF3SmpFLElBQUksQ0FBQyxrQkFBa0IsR0FBRyxrQkFBa0IsQ0FBQztRQUM3QyxJQUFJLENBQUMsR0FBRyxHQUFHLEdBQUcsQ0FBQztRQUNmLElBQUksQ0FBQyxlQUFlLEdBQUcsZUFBZSxDQUFDO1FBQ3ZDLElBQUksQ0FBQyxrQkFBa0IsR0FBRyxrQkFBa0IsQ0FBQztRQUM3QyxJQUFJLENBQUMsWUFBWSxHQUFHLFlBQVksQ0FBQztRQUNqQyxJQUFJLENBQUMsa0JBQWtCLEdBQUcsa0JBQWtCLENBQUM7UUFDN0MsSUFBSSxDQUFDLGVBQWUsR0FBRyxlQUFlLENBQUM7UUFDdkMsSUFBSSxDQUFDLE1BQU0sR0FBRyxNQUFNLENBQUM7UUFDckIsSUFBSSxDQUFDLGtCQUFrQixHQUFHLGtCQUFrQixDQUFDO1FBRTdDLGdEQUFnRDtRQUNoRCxJQUFJLENBQUMsYUFBYSxHQUFHLFlBQVksQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUFDLENBQUM7SUFDMUQsQ0FBQztJQUVEOztPQUVHO0lBQ0gsWUFBWSxDQUFDLE1BQWtCO1FBQzdCLElBQUksSUFBSSxDQUFDLE1BQU0sR0FBRyxNQUFNLENBQUMsTUFBTSxFQUFFO1lBQy9CLE1BQU0sSUFBSSxnQkFBZ0IsQ0FBQyx3Q0FBd0MsQ0FBQyxDQUFDO1NBQ3RFO1FBRUQsSUFBSSxNQUFNLEdBQUcsQ0FBQyxDQUFDO1FBRWYsaUNBQWlDO1FBQ2pDLE1BQU0sQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLGtCQUFrQixFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQ3ZDLE1BQU0sSUFBSSxJQUFJLENBQUMsa0JBQWtCLENBQUMsTUFBTSxDQUFDO1FBRXpDLDZCQUE2QjtRQUM3QixNQUFNLHFCQUFxQixHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsUUFBUSxFQUFFLENBQUM7UUFDbEQsTUFBTSxDQUFDLEdBQUcsQ0FBQyxxQkFBcUIsRUFBRSxNQUFNLENBQUMsQ0FBQztRQUMxQyxNQUFNLElBQUkscUJBQXFCLENBQUMsTUFBTSxDQUFDO1FBRXZDLDJCQUEyQjtRQUMzQixNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsZUFBZSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUNsRCxNQUFNLGNBQWMsR0FBRyxDQUFDLFlBQVksSUFBSSxDQUFDLENBQUMsR0FBRyxJQUFJLENBQUMsa0JBQWtCLENBQUM7UUFDckUsTUFBTSxvQkFBb0IsR0FBRyxJQUFJLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUMvQyxvQkFBb0IsQ0FBQyxDQUFDLENBQUMsR0FBRyxjQUFjLENBQUM7UUFDekMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxvQkFBb0IsRUFBRSxNQUFNLENBQUMsQ0FBQztRQUN6QyxNQUFNLElBQUksb0JBQW9CLENBQUMsTUFBTSxDQUFDO1FBRXRDLG1DQUFtQztRQUNuQyxNQUFNLGlCQUFpQixHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQ3BELE1BQU0sc0JBQXNCLEdBQzFCLENBQUMsaUJBQWlCLElBQUksQ0FBQyxDQUFDLEdBQUcsSUFBSSxDQUFDLGtCQUFrQixHQUFHLElBQUksQ0FBQyxlQUFlLENBQUM7UUFDNUUsTUFBTSw0QkFBNEIsR0FBRyxJQUFJLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUN2RCw0QkFBNEIsQ0FBQyxDQUFDLENBQUMsR0FBRyxzQkFBc0IsQ0FBQztRQUN6RCxNQUFNLENBQUMsR0FBRyxDQUFDLDRCQUE0QixFQUFFLE1BQU0sQ0FBQyxDQUFDO1FBQ2pELE1BQU0sSUFBSSw0QkFBNEIsQ0FBQyxNQUFNLENBQUM7UUFFOUMsbUJBQW1CO1FBQ25CLE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsUUFBUSxFQUFFLENBQUM7UUFDNUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxZQUFZLEVBQUUsTUFBTSxDQUFDLENBQUM7UUFDakMsTUFBTSxJQUFJLFlBQVksQ0FBQyxNQUFNLENBQUM7UUFFOUIsaUNBQWlDO1FBQ2pDLE1BQU0sQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLGtCQUFrQixFQUFFLE1BQU0sQ0FBQyxDQUFDO0lBQzlDLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsSUFBSSxNQUFNO1FBQ1IsT0FBTztRQUNMLHlDQUF5QztRQUN6QyxJQUFJLENBQUMsa0JBQWtCLENBQUMsTUFBTTtZQUM5QixxQ0FBcUM7WUFDckMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxNQUFNO1lBQ2YsK0JBQStCO1lBQy9CLENBQUM7WUFDRCx1Q0FBdUM7WUFDdkMsQ0FBQztZQUNELHVCQUF1QjtZQUN2QixJQUFJLENBQUMsTUFBTSxDQUFDLFNBQVMsRUFBRTtZQUN2QixxQ0FBcUM7WUFDckMsSUFBSSxDQUFDLGtCQUFrQixDQUFDLE1BQU0sQ0FDL0IsQ0FBQztJQUNKLENBQUM7SUFFRDs7Ozs7T0FLRztJQUNILFFBQVE7UUFDTixNQUFNLFdBQVcsR0FBRyxJQUFJLFdBQVcsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDakQsTUFBTSxNQUFNLEdBQUcsSUFBSSxVQUFVLENBQUMsV0FBVyxDQUFDLENBQUM7UUFDM0MsSUFBSSxDQUFDLFlBQVksQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUMxQixPQUFPLFdBQVcsQ0FBQztJQUNyQixDQUFDO0lBRUQ7O09BRUc7SUFDSCxlQUFlO1FBQ2IsSUFBSTtZQUNGLE9BQU8sR0FBRyxNQUFNLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsR0FBRyxDQUFDLFlBQVksQ0FBQztTQUNqRDtRQUFDLE9BQU8sQ0FBQyxFQUFFO1lBQ1YsTUFBTSxJQUFJLGtCQUFrQixDQUFDLG9DQUFvQyxDQUFDLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztTQUMvRTtJQUNILENBQUM7O0FBaFNELHlCQUF5QjtBQUNULG9DQUE2QixHQUFHLENBQUMsQUFBSixDQUFLO0FBQ2xDLG9DQUE2QixHQUFHLENBQUMsQUFBSixDQUFLO0FBQ2xDLDBCQUFtQixHQUFHLENBQUMsQUFBSixDQUFLO0FBQ3hCLDBCQUFtQixHQUFHLEVBQUUsQUFBTCxDQUFNO0FBRXpDLHFCQUFxQjtBQUNMLGdDQUF5QixHQUFHLENBQUMsQUFBSixDQUFLO0FBQzlCLGdDQUF5QixHQUFHLENBQUMsQUFBSixDQUFLO0FBQzlCLHVDQUFnQyxHQUFHLENBQUMsQ0FBQyxBQUFMLENBQU07QUFFdEQsNkJBQTZCO0FBQ2Isd0NBQWlDLEdBQUcsQ0FBQyxBQUFKLENBQUs7QUFDdEMsNEJBQXFCLEdBQUcsQ0FBQyxBQUFKLENBQUs7QUFDMUIsNEJBQXFCLEdBQUcsQ0FBQyxBQUFKLENBQUs7QUFDMUIsdUNBQWdDLEdBQUcsQ0FBQyxBQUFKLENBQUs7QUFDckMsdUNBQWdDLEdBQUcsQ0FBQyxBQUFKLENBQUs7QUFDckMsK0JBQXdCLEdBQUcsQ0FBQyxBQUFKLENBQUs7QUFDN0IsK0JBQXdCLEdBQUcsQ0FBQyxBQUFKLENBQUs7ZUFuQjFCLE1BQU0ifQ==

package/dist/web/src/nanotdf/models/Payload.js

@@ -0,0 +1,156 @@
+import { getBitLength } from './Ciphers.js';
+import { ConfigurationError, InvalidFileError } from '../../errors.js';
+/**
+ * Payload
+ *
+ * The payload section of the nanotdf contains the ciphertext that is protected by the policy defined in the Header.
+ * The structure of the Payload is as follows:
+ *
+ * | Section               | Minimum Length (B) | Maximum Length (B) |
+ * |-----------------------|--------------------|--------------------|
+ * | Length                | 3                  | 3                  |
+ * | IV                    | 3                  | 3                  |
+ * | Ciphertext            | 0                  | 16777204           |
+ * | Payload MAC (AuthTag) | 8                  | 32                 |
+ */
+class Payload {
+    /**
+     * Parse the payload
+     *
+     * Returns a new Payload object and the next offset
+     *
+     * @param buff Uint8Array
+     */
+    static parse(header, buff, legacyTDF = false) {
+        let offset = 0;
+        const authTagByteLength = getBitLength(header.symmetricCipher) / 8;
+        /**
+         * Length
+         *
+         * This 3 byte unsigned integer dictates the length of the subsequent ciphertext section.
+         *
+         * NOTE: it includes the IV + Ciphertext + Auth Tag. To get the Auth Tag length you have to subtract the other
+         * lengths
+         */
+        // TODO: This will not work in Big Endian host environments
+        const length = (buff[offset] << 16) + (buff[offset + 1] << 8) + buff[offset + 2];
+        const ciphertextLength = length - Payload.IV_LEN - authTagByteLength;
+        offset += Payload.LENGTH_LEN;
+        const inRange = length >= this.MIN_LENGTH && length <= this.MAX_NANO_TDF_ENCRYPT_PAYLOAD_SIZE;
+        if (!inRange) {
+            throw new InvalidFileError('nanotdf parse failure: Payload Length Out Of Range');
+        }
+        /**
+         * Parse IV
+         *
+         * The IV used for encryption. This value is a byte array containing the IV. This IV must never be reused with the
+         * same symmetric key. Also, to support an extremely compacted version of the nanotdf the IV value 00 00 00 is
+         * reserved for use with an encrypted policy.
+         */
+        let iv = buff.subarray(offset, offset + Payload.IV_LEN);
+        offset += Payload.IV_LEN;
+        if (iv.byteLength != 3) {
+            throw new InvalidFileError('nanotdf parse failure: Invalid Payload Length');
+        }
+        if (!legacyTDF) {
+            const actuallIV = new Uint8Array(12).fill(0);
+            // The the iv from payload to lower-order bits
+            actuallIV.set(iv, 9);
+            // update the iv
+            iv = actuallIV;
+        }
+        /**
+         * Parse Ciphertext w/ Auth Tag
+         */
+        const ciphertextWithAuthTag = buff.subarray(offset, offset + ciphertextLength + authTagByteLength);
+        if (ciphertextWithAuthTag.byteLength + Payload.LENGTH_LEN !== length) {
+            throw new InvalidFileError('nanotdf parse failure: Invalid Payload Length');
+        }
+        /**
+         * Parse Ciphertext
+         *
+         * The byte array of the ciphertext that is protected in the nanotdf. The encryption method used to create or decrypt
+         * the ciphertext is defined in the Key Access object in the header.
+         */
+        const ciphertext = buff.subarray(offset, offset + ciphertextLength);
+        offset += ciphertextLength;
+        /**
+         * Auth Tag
+         *
+         * GMAC = 8 byte
+         * ECDSA = size of curve
+         *
+         * The MAC of the payload. The Size of this MAC is determined by the Encryption Method Enum used in the Symmetric and
+         * Payload Config object in the header.
+         *
+         * @link https://github.com/virtru/nanotdf/blob/master/spec/index.md#3314-symmetric-and-payload-config
+         */
+        const authTag = buff.subarray(offset, offset + authTagByteLength);
+        offset += authTagByteLength;
+        return {
+            payload: new Payload(iv, ciphertext, authTag, ciphertextWithAuthTag),
+            offset,
+        };
+    }
+    constructor(iv, ciphertext, authTag, ciphertextWithAuthTag) {
+        this.iv = iv;
+        this.ciphertext = ciphertext;
+        this.authTag = authTag;
+        // If ciphertextWithAuthTag is not set then combine it
+        // Ideally it is set so an additional buffer is not needed
+        if (ciphertextWithAuthTag === undefined) {
+            this.ciphertextWithAuthTag = new Uint8Array(ciphertext.length + authTag.length);
+            this.ciphertextWithAuthTag.set(ciphertext);
+            this.ciphertextWithAuthTag.set(authTag, ciphertext.length);
+        }
+        else {
+            this.ciphertextWithAuthTag = ciphertextWithAuthTag;
+        }
+    }
+    /**
+     * Length
+     *
+     * @returns { number } Length of signature
+     */
+    get length() {
+        return (
+        // Bytes(3) to hold the length of the payload
+        3 +
+            // Length of the IV
+            this.iv.length +
+            // Length of the ciphertext
+            this.ciphertext.length +
+            // Length of the auth tag
+            this.authTag.length);
+    }
+    /**
+     * Copy the contents of the signature to buffer
+     */
+    copyToBuffer(target) {
+        if (this.length > target.length) {
+            throw new Error('internal: invalid buffer size to copy payload');
+        }
+        const lengthOfEncryptedPayload = this.iv.length + this.ciphertext.length + this.authTag.length;
+        if (lengthOfEncryptedPayload > Payload.MAX_NANO_TDF_ENCRYPT_PAYLOAD_SIZE) {
+            throw new ConfigurationError("TDF encrypted payload can't be more that 2^24");
+        }
+        const lengthAsUint32 = new Uint32Array(1);
+        lengthAsUint32[0] = lengthOfEncryptedPayload;
+        const lengthAsUint24 = new Uint8Array(lengthAsUint32.buffer);
+        // NOTE: We are only interested in only first 3 bytes.
+        const payloadSizeAsBg = new Uint8Array(3);
+        payloadSizeAsBg[0] = lengthAsUint24[2];
+        payloadSizeAsBg[1] = lengthAsUint24[1];
+        payloadSizeAsBg[2] = lengthAsUint24[0];
+        target.set(payloadSizeAsBg, 0);
+        target.set(this.iv, payloadSizeAsBg.length);
+        target.set(this.ciphertext, payloadSizeAsBg.length + this.iv.length);
+        target.set(this.authTag, payloadSizeAsBg.length + this.iv.length + this.ciphertext.length);
+    }
+}
+Payload.LENGTH_LEN = 3;
+Payload.IV_LEN = 3;
+Payload.MIN_LENGTH = 11;
+Payload.MAX_NANO_TDF_ENCRYPT_PAYLOAD_SIZE = 16777216; // 3 bytes unsigned int.
+export default Payload;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUGF5bG9hZC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uL3NyYy9uYW5vdGRmL21vZGVscy9QYXlsb2FkLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUNBLE9BQU8sRUFBRSxZQUFZLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFDNUMsT0FBTyxFQUFFLGtCQUFrQixFQUFFLGdCQUFnQixFQUFFLE1BQU0saUJBQWlCLENBQUM7QUFFdkU7Ozs7Ozs7Ozs7OztHQVlHO0FBQ0gsTUFBcUIsT0FBTztJQVcxQjs7Ozs7O09BTUc7SUFDSCxNQUFNLENBQUMsS0FBSyxDQUNWLE1BQWMsRUFDZCxJQUFnQixFQUNoQixTQUFTLEdBQUcsS0FBSztRQUVqQixJQUFJLE1BQU0sR0FBRyxDQUFDLENBQUM7UUFDZixNQUFNLGlCQUFpQixHQUFHLFlBQVksQ0FBQyxNQUFNLENBQUMsZUFBZSxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBRW5FOzs7Ozs7O1dBT0c7UUFDSCwyREFBMkQ7UUFDM0QsTUFBTSxNQUFNLEdBQUcsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksRUFBRSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsTUFBTSxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxHQUFHLElBQUksQ0FBQyxNQUFNLEdBQUcsQ0FBQyxDQUFDLENBQUM7UUFDakYsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLEdBQUcsT0FBTyxDQUFDLE1BQU0sR0FBRyxpQkFBaUIsQ0FBQztRQUNyRSxNQUFNLElBQUksT0FBTyxDQUFDLFVBQVUsQ0FBQztRQUU3QixNQUFNLE9BQU8sR0FBRyxNQUFNLElBQUksSUFBSSxDQUFDLFVBQVUsSUFBSSxNQUFNLElBQUksSUFBSSxDQUFDLGlDQUFpQyxDQUFDO1FBRTlGLElBQUksQ0FBQyxPQUFPLEVBQUU7WUFDWixNQUFNLElBQUksZ0JBQWdCLENBQUMsb0RBQW9ELENBQUMsQ0FBQztTQUNsRjtRQUVEOzs7Ozs7V0FNRztRQUNILElBQUksRUFBRSxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxFQUFFLE1BQU0sR0FBRyxPQUFPLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDeEQsTUFBTSxJQUFJLE9BQU8sQ0FBQyxNQUFNLENBQUM7UUFFekIsSUFBSSxFQUFFLENBQUMsVUFBVSxJQUFJLENBQUMsRUFBRTtZQUN0QixNQUFNLElBQUksZ0JBQWdCLENBQUMsK0NBQStDLENBQUMsQ0FBQztTQUM3RTtRQUVELElBQUksQ0FBQyxTQUFTLEVBQUU7WUFDZCxNQUFNLFNBQVMsR0FBRyxJQUFJLFVBQVUsQ0FBQyxFQUFFLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFFN0MsOENBQThDO1lBQzlDLFNBQVMsQ0FBQyxHQUFHLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDO1lBRXJCLGdCQUFnQjtZQUNoQixFQUFFLEdBQUcsU0FBUyxDQUFDO1NBQ2hCO1FBRUQ7O1dBRUc7UUFDSCxNQUFNLHFCQUFxQixHQUFHLElBQUksQ0FBQyxRQUFRLENBQ3pDLE1BQU0sRUFDTixNQUFNLEdBQUcsZ0JBQWdCLEdBQUcsaUJBQWlCLENBQzlDLENBQUM7UUFFRixJQUFJLHFCQUFxQixDQUFDLFVBQVUsR0FBRyxPQUFPLENBQUMsVUFBVSxLQUFLLE1BQU0sRUFBRTtZQUNwRSxNQUFNLElBQUksZ0JBQWdCLENBQUMsK0NBQStDLENBQUMsQ0FBQztTQUM3RTtRQUVEOzs7OztXQUtHO1FBQ0gsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLEVBQUUsTUFBTSxHQUFHLGdCQUFnQixDQUFDLENBQUM7UUFDcEUsTUFBTSxJQUFJLGdCQUFnQixDQUFDO1FBRTNCOzs7Ozs7Ozs7O1dBVUc7UUFDSCxNQUFNLE9BQU8sR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sRUFBRSxNQUFNLEdBQUcsaUJBQWlCLENBQUMsQ0FBQztRQUNsRSxNQUFNLElBQUksaUJBQWlCLENBQUM7UUFFNUIsT0FBTztZQUNMLE9BQU8sRUFBRSxJQUFJLE9BQU8sQ0FBQyxFQUFFLEVBQUUsVUFBVSxFQUFFLE9BQU8sRUFBRSxxQkFBcUIsQ0FBQztZQUNwRSxNQUFNO1NBQ1AsQ0FBQztJQUNKLENBQUM7SUFFRCxZQUNFLEVBQWMsRUFDZCxVQUFzQixFQUN0QixPQUFtQixFQUNuQixxQkFBa0M7UUFFbEMsSUFBSSxDQUFDLEVBQUUsR0FBRyxFQUFFLENBQUM7UUFDYixJQUFJLENBQUMsVUFBVSxHQUFHLFVBQVUsQ0FBQztRQUM3QixJQUFJLENBQUMsT0FBTyxHQUFHLE9BQU8sQ0FBQztRQUV2QixzREFBc0Q7UUFDdEQsMERBQTBEO1FBQzFELElBQUkscUJBQXFCLEtBQUssU0FBUyxFQUFFO1lBQ3ZDLElBQUksQ0FBQyxxQkFBcUIsR0FBRyxJQUFJLFVBQVUsQ0FBQyxVQUFVLENBQUMsTUFBTSxHQUFHLE9BQU8sQ0FBQyxNQUFNLENBQUMsQ0FBQztZQUNoRixJQUFJLENBQUMscUJBQXFCLENBQUMsR0FBRyxDQUFDLFVBQVUsQ0FBQyxDQUFDO1lBQzNDLElBQUksQ0FBQyxxQkFBcUIsQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQztTQUM1RDthQUFNO1lBQ0wsSUFBSSxDQUFDLHFCQUFxQixHQUFHLHFCQUFxQixDQUFDO1NBQ3BEO0lBQ0gsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxJQUFJLE1BQU07UUFDUixPQUFPO1FBQ0wsNkNBQTZDO1FBQzdDLENBQUM7WUFDRCxtQkFBbUI7WUFDbkIsSUFBSSxDQUFDLEVBQUUsQ0FBQyxNQUFNO1lBQ2QsMkJBQTJCO1lBQzNCLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTTtZQUN0Qix5QkFBeUI7WUFDekIsSUFBSSxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQ3BCLENBQUM7SUFDSixDQUFDO0lBRUQ7O09BRUc7SUFDSCxZQUFZLENBQUMsTUFBa0I7UUFDN0IsSUFBSSxJQUFJLENBQUMsTUFBTSxHQUFHLE1BQU0sQ0FBQyxNQUFNLEVBQUU7WUFDL0IsTUFBTSxJQUFJLEtBQUssQ0FBQywrQ0FBK0MsQ0FBQyxDQUFDO1NBQ2xFO1FBRUQsTUFBTSx3QkFBd0IsR0FBRyxJQUFJLENBQUMsRUFBRSxDQUFDLE1BQU0sR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLE1BQU0sR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQztRQUMvRixJQUFJLHdCQUF3QixHQUFHLE9BQU8sQ0FBQyxpQ0FBaUMsRUFBRTtZQUN4RSxNQUFNLElBQUksa0JBQWtCLENBQUMsK0NBQStDLENBQUMsQ0FBQztTQUMvRTtRQUVELE1BQU0sY0FBYyxHQUFHLElBQUksV0FBVyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQzFDLGNBQWMsQ0FBQyxDQUFDLENBQUMsR0FBRyx3QkFBd0IsQ0FBQztRQUU3QyxNQUFNLGNBQWMsR0FBRyxJQUFJLFVBQVUsQ0FBQyxjQUFjLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFN0Qsc0RBQXNEO1FBQ3RELE1BQU0sZUFBZSxHQUFHLElBQUksVUFBVSxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQzFDLGVBQWUsQ0FBQyxDQUFDLENBQUMsR0FBRyxjQUFjLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDdkMsZUFBZSxDQUFDLENBQUMsQ0FBQyxHQUFHLGNBQWMsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUN2QyxlQUFlLENBQUMsQ0FBQyxDQUFDLEdBQUcsY0FBYyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBRXZDLE1BQU0sQ0FBQyxHQUFHLENBQUMsZUFBZSxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQy9CLE1BQU0sQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLEVBQUUsRUFBRSxlQUFlLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDNUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLGVBQWUsQ0FBQyxNQUFNLEdBQUcsSUFBSSxDQUFDLEVBQUUsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNyRSxNQUFNLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxPQUFPLEVBQUUsZUFBZSxDQUFDLE1BQU0sR0FBRyxJQUFJLENBQUMsRUFBRSxDQUFDLE1BQU0sR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQzdGLENBQUM7O0FBaExNLGtCQUFVLEdBQUcsQ0FBQyxDQUFDO0FBQ2YsY0FBTSxHQUFHLENBQUMsQ0FBQztBQUNYLGtCQUFVLEdBQUcsRUFBRSxDQUFDO0FBQ2hCLHlDQUFpQyxHQUFHLFFBQVEsQ0FBQyxDQUFDLHdCQUF3QjtlQUoxRCxPQUFPIn0=