npm - @opentdf/sdk - Versions diffs - 0.1.0-beta.1701 - Mend

@opentdf/sdk 0.1.0-beta.1701

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (566) hide show

package/README.md +52 -0
package/dist/cjs/package.json +3 -0
package/dist/cjs/src/access.js +155 -0
package/dist/cjs/src/auth/Eas.js +60 -0
package/dist/cjs/src/auth/auth.js +79 -0
package/dist/cjs/src/auth/oidc-clientcredentials-provider.js +26 -0
package/dist/cjs/src/auth/oidc-externaljwt-provider.js +33 -0
package/dist/cjs/src/auth/oidc-refreshtoken-provider.js +34 -0
package/dist/cjs/src/auth/oidc.js +222 -0
package/dist/cjs/src/auth/providers.js +143 -0
package/dist/cjs/src/encodings/base64.js +154 -0
package/dist/cjs/src/encodings/hex.js +70 -0
package/dist/cjs/src/encodings/index.js +29 -0
package/dist/cjs/src/errors.js +138 -0
package/dist/cjs/src/index.js +344 -0
package/dist/cjs/src/nanotdf/Client.js +296 -0
package/dist/cjs/src/nanotdf/NanoTDF.js +94 -0
package/dist/cjs/src/nanotdf/browser-entry.js +19 -0
package/dist/cjs/src/nanotdf/constants.js +5 -0
package/dist/cjs/src/nanotdf/decrypt.js +17 -0
package/dist/cjs/src/nanotdf/encrypt-dataset.js +38 -0
package/dist/cjs/src/nanotdf/encrypt.js +132 -0
package/dist/cjs/src/nanotdf/enum/CipherEnum.js +13 -0
package/dist/cjs/src/nanotdf/enum/CurveNameEnum.js +15 -0
package/dist/cjs/src/nanotdf/enum/EncodingEnum.js +8 -0
package/dist/cjs/src/nanotdf/enum/PolicyTypeEnum.js +11 -0
package/dist/cjs/src/nanotdf/enum/ProtocolEnum.js +10 -0
package/dist/cjs/src/nanotdf/enum/ResourceLocatorIdentifierEnum.js +11 -0
package/dist/cjs/src/nanotdf/helpers/calculateByCurve.js +29 -0
package/dist/cjs/src/nanotdf/helpers/getHkdfSalt.js +11 -0
package/dist/cjs/src/nanotdf/index.js +25 -0
package/dist/cjs/src/nanotdf/interfaces/PolicyInterface.js +3 -0
package/dist/cjs/src/nanotdf/models/Ciphers.js +61 -0
package/dist/cjs/src/nanotdf/models/DefaultParams.js +27 -0
package/dist/cjs/src/nanotdf/models/EcCurves.js +39 -0
package/dist/cjs/src/nanotdf/models/Header.js +255 -0
package/dist/cjs/src/nanotdf/models/Payload.js +158 -0
package/dist/cjs/src/nanotdf/models/Policy/AbstractPolicy.js +73 -0
package/dist/cjs/src/nanotdf/models/Policy/EmbeddedPolicy.js +82 -0
package/dist/cjs/src/nanotdf/models/Policy/PolicyFactory.js +38 -0
package/dist/cjs/src/nanotdf/models/Policy/RemotePolicy.js +62 -0
package/dist/cjs/src/nanotdf/models/ResourceLocator.js +211 -0
package/dist/cjs/src/nanotdf/models/Signature.js +77 -0
package/dist/cjs/src/nanotdf-crypto/ciphers.js +17 -0
package/dist/cjs/src/nanotdf-crypto/decrypt.js +24 -0
package/dist/cjs/src/nanotdf-crypto/digest.js +7 -0
package/dist/cjs/src/nanotdf-crypto/ecdsaSignature.js +83 -0
package/dist/cjs/src/nanotdf-crypto/encrypt.js +24 -0
package/dist/cjs/src/nanotdf-crypto/enums.js +52 -0
package/dist/cjs/src/nanotdf-crypto/exportCryptoKey.js +20 -0
package/dist/cjs/src/nanotdf-crypto/generateKeyPair.js +13 -0
package/dist/cjs/src/nanotdf-crypto/generateRandomNumber.js +12 -0
package/dist/cjs/src/nanotdf-crypto/importRawKey.js +18 -0
package/dist/cjs/src/nanotdf-crypto/index.js +52 -0
package/dist/cjs/src/nanotdf-crypto/keyAgreement.js +91 -0
package/dist/cjs/src/nanotdf-crypto/pemPublicToCrypto.js +225 -0
package/dist/cjs/src/policy/api.js +58 -0
package/dist/cjs/src/policy/attributes.js +3 -0
package/dist/cjs/src/policy/granter.js +146 -0
package/dist/cjs/src/tdf/AttributeObject.js +15 -0
package/dist/cjs/src/tdf/AttributeObjectJwt.js +3 -0
package/dist/cjs/src/tdf/Crypto.js +47 -0
package/dist/cjs/src/tdf/EntityObject.js +3 -0
package/dist/cjs/src/tdf/NanoTDF/NanoTDF.js +38 -0
package/dist/cjs/src/tdf/Policy.js +50 -0
package/dist/cjs/src/tdf/PolicyObject.js +3 -0
package/dist/cjs/src/tdf/TypedArray.js +3 -0
package/dist/cjs/src/tdf/index.js +35 -0
package/dist/cjs/src/types/index.js +3 -0
package/dist/cjs/src/utils.js +147 -0
package/dist/cjs/src/version.js +12 -0
package/dist/cjs/tdf3/index.js +57 -0
package/dist/cjs/tdf3/src/assertions.js +118 -0
package/dist/cjs/tdf3/src/binary.js +153 -0
package/dist/cjs/tdf3/src/ciphers/aes-gcm-cipher.js +56 -0
package/dist/cjs/tdf3/src/ciphers/algorithms.js +8 -0
package/dist/cjs/tdf3/src/ciphers/index.js +8 -0
package/dist/cjs/tdf3/src/ciphers/symmetric-cipher-base.js +22 -0
package/dist/cjs/tdf3/src/client/DecoratedReadableStream.js +116 -0
package/dist/cjs/tdf3/src/client/builders.js +561 -0
package/dist/cjs/tdf3/src/client/index.js +460 -0
package/dist/cjs/tdf3/src/client/validation.js +63 -0
package/dist/cjs/tdf3/src/crypto/crypto-utils.js +116 -0
package/dist/cjs/tdf3/src/crypto/declarations.js +8 -0
package/dist/cjs/tdf3/src/crypto/index.js +315 -0
package/dist/cjs/tdf3/src/index.js +34 -0
package/dist/cjs/tdf3/src/models/attribute-set.js +122 -0
package/dist/cjs/tdf3/src/models/encryption-information.js +90 -0
package/dist/cjs/tdf3/src/models/index.js +25 -0
package/dist/cjs/tdf3/src/models/key-access.js +103 -0
package/dist/cjs/tdf3/src/models/manifest.js +3 -0
package/dist/cjs/tdf3/src/models/payload.js +3 -0
package/dist/cjs/tdf3/src/models/policy.js +24 -0
package/dist/cjs/tdf3/src/models/upsert-response.js +3 -0
package/dist/cjs/tdf3/src/tdf.js +907 -0
package/dist/cjs/tdf3/src/templates/default.html.js +98 -0
package/dist/cjs/tdf3/src/templates/escaper.js +15 -0
package/dist/cjs/tdf3/src/templates/index.js +12 -0
package/dist/cjs/tdf3/src/utils/buffer-crc32.js +48 -0
package/dist/cjs/tdf3/src/utils/chunkers.js +106 -0
package/dist/cjs/tdf3/src/utils/index.js +296 -0
package/dist/cjs/tdf3/src/utils/keysplit.js +61 -0
package/dist/cjs/tdf3/src/utils/zip-reader.js +253 -0
package/dist/cjs/tdf3/src/utils/zip-writer.js +308 -0
package/dist/cjs/tdf3/src/version.js +6 -0
package/dist/types/src/access.d.ts +47 -0
package/dist/types/src/access.d.ts.map +1 -0
package/dist/types/src/auth/Eas.d.ts +34 -0
package/dist/types/src/auth/Eas.d.ts.map +1 -0
package/dist/types/src/auth/auth.d.ts +86 -0
package/dist/types/src/auth/auth.d.ts.map +1 -0
package/dist/types/src/auth/oidc-clientcredentials-provider.d.ts +9 -0
package/dist/types/src/auth/oidc-clientcredentials-provider.d.ts.map +1 -0
package/dist/types/src/auth/oidc-externaljwt-provider.d.ts +10 -0
package/dist/types/src/auth/oidc-externaljwt-provider.d.ts.map +1 -0
package/dist/types/src/auth/oidc-refreshtoken-provider.d.ts +10 -0
package/dist/types/src/auth/oidc-refreshtoken-provider.d.ts.map +1 -0
package/dist/types/src/auth/oidc.d.ts +104 -0
package/dist/types/src/auth/oidc.d.ts.map +1 -0
package/dist/types/src/auth/providers.d.ts +67 -0
package/dist/types/src/auth/providers.d.ts.map +1 -0
package/dist/types/src/encodings/base64.d.ts +18 -0
package/dist/types/src/encodings/base64.d.ts.map +1 -0
package/dist/types/src/encodings/hex.d.ts +5 -0
package/dist/types/src/encodings/hex.d.ts.map +1 -0
package/dist/types/src/encodings/index.d.ts +3 -0
package/dist/types/src/encodings/index.d.ts.map +1 -0
package/dist/types/src/errors.d.ts +72 -0
package/dist/types/src/errors.d.ts.map +1 -0
package/dist/types/src/index.d.ts +138 -0
package/dist/types/src/index.d.ts.map +1 -0
package/dist/types/src/nanotdf/Client.d.ts +95 -0
package/dist/types/src/nanotdf/Client.d.ts.map +1 -0
package/dist/types/src/nanotdf/NanoTDF.d.ts +25 -0
package/dist/types/src/nanotdf/NanoTDF.d.ts.map +1 -0
package/dist/types/src/nanotdf/browser-entry.d.ts +17 -0
package/dist/types/src/nanotdf/browser-entry.d.ts.map +1 -0
package/dist/types/src/nanotdf/constants.d.ts +2 -0
package/dist/types/src/nanotdf/constants.d.ts.map +1 -0
package/dist/types/src/nanotdf/decrypt.d.ts +9 -0
package/dist/types/src/nanotdf/decrypt.d.ts.map +1 -0
package/dist/types/src/nanotdf/encrypt-dataset.d.ts +12 -0
package/dist/types/src/nanotdf/encrypt-dataset.d.ts.map +1 -0
package/dist/types/src/nanotdf/encrypt.d.ts +14 -0
package/dist/types/src/nanotdf/encrypt.d.ts.map +1 -0
package/dist/types/src/nanotdf/enum/CipherEnum.d.ts +10 -0
package/dist/types/src/nanotdf/enum/CipherEnum.d.ts.map +1 -0
package/dist/types/src/nanotdf/enum/CurveNameEnum.d.ts +12 -0
package/dist/types/src/nanotdf/enum/CurveNameEnum.d.ts.map +1 -0
package/dist/types/src/nanotdf/enum/EncodingEnum.d.ts +5 -0
package/dist/types/src/nanotdf/enum/EncodingEnum.d.ts.map +1 -0
package/dist/types/src/nanotdf/enum/PolicyTypeEnum.d.ts +8 -0
package/dist/types/src/nanotdf/enum/PolicyTypeEnum.d.ts.map +1 -0
package/dist/types/src/nanotdf/enum/ProtocolEnum.d.ts +7 -0
package/dist/types/src/nanotdf/enum/ProtocolEnum.d.ts.map +1 -0
package/dist/types/src/nanotdf/enum/ResourceLocatorIdentifierEnum.d.ts +8 -0
package/dist/types/src/nanotdf/enum/ResourceLocatorIdentifierEnum.d.ts.map +1 -0
package/dist/types/src/nanotdf/helpers/calculateByCurve.d.ts +20 -0
package/dist/types/src/nanotdf/helpers/calculateByCurve.d.ts.map +1 -0
package/dist/types/src/nanotdf/helpers/getHkdfSalt.d.ts +9 -0
package/dist/types/src/nanotdf/helpers/getHkdfSalt.d.ts.map +1 -0
package/dist/types/src/nanotdf/index.d.ts +9 -0
package/dist/types/src/nanotdf/index.d.ts.map +1 -0
package/dist/types/src/nanotdf/interfaces/PolicyInterface.d.ts +17 -0
package/dist/types/src/nanotdf/interfaces/PolicyInterface.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Ciphers.d.ts +14 -0
package/dist/types/src/nanotdf/models/Ciphers.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/DefaultParams.d.ts +21 -0
package/dist/types/src/nanotdf/models/DefaultParams.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/EcCurves.d.ts +15 -0
package/dist/types/src/nanotdf/models/EcCurves.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Header.d.ts +73 -0
package/dist/types/src/nanotdf/models/Header.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Payload.d.ts +47 -0
package/dist/types/src/nanotdf/models/Payload.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Policy/AbstractPolicy.d.ts +52 -0
package/dist/types/src/nanotdf/models/Policy/AbstractPolicy.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Policy/EmbeddedPolicy.d.ts +35 -0
package/dist/types/src/nanotdf/models/Policy/EmbeddedPolicy.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Policy/PolicyFactory.d.ts +11 -0
package/dist/types/src/nanotdf/models/Policy/PolicyFactory.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Policy/RemotePolicy.d.ts +31 -0
package/dist/types/src/nanotdf/models/Policy/RemotePolicy.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/ResourceLocator.d.ts +65 -0
package/dist/types/src/nanotdf/models/ResourceLocator.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Signature.d.ts +33 -0
package/dist/types/src/nanotdf/models/Signature.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/ciphers.d.ts +8 -0
package/dist/types/src/nanotdf-crypto/ciphers.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/decrypt.d.ts +14 -0
package/dist/types/src/nanotdf-crypto/decrypt.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/digest.d.ts +3 -0
package/dist/types/src/nanotdf-crypto/digest.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/ecdsaSignature.d.ts +35 -0
package/dist/types/src/nanotdf-crypto/ecdsaSignature.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/encrypt.d.ts +14 -0
package/dist/types/src/nanotdf-crypto/encrypt.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/enums.d.ts +42 -0
package/dist/types/src/nanotdf-crypto/enums.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/exportCryptoKey.d.ts +7 -0
package/dist/types/src/nanotdf-crypto/exportCryptoKey.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/generateKeyPair.d.ts +10 -0
package/dist/types/src/nanotdf-crypto/generateKeyPair.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/generateRandomNumber.d.ts +5 -0
package/dist/types/src/nanotdf-crypto/generateRandomNumber.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/importRawKey.d.ts +13 -0
package/dist/types/src/nanotdf-crypto/importRawKey.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/index.d.ts +12 -0
package/dist/types/src/nanotdf-crypto/index.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/keyAgreement.d.ts +28 -0
package/dist/types/src/nanotdf-crypto/keyAgreement.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/pemPublicToCrypto.d.ts +28 -0
package/dist/types/src/nanotdf-crypto/pemPublicToCrypto.d.ts.map +1 -0
package/dist/types/src/policy/api.d.ts +4 -0
package/dist/types/src/policy/api.d.ts.map +1 -0
package/dist/types/src/policy/attributes.d.ts +95 -0
package/dist/types/src/policy/attributes.d.ts.map +1 -0
package/dist/types/src/policy/granter.d.ts +23 -0
package/dist/types/src/policy/granter.d.ts.map +1 -0
package/dist/types/src/tdf/AttributeObject.d.ts +13 -0
package/dist/types/src/tdf/AttributeObject.d.ts.map +1 -0
package/dist/types/src/tdf/AttributeObjectJwt.d.ts +4 -0
package/dist/types/src/tdf/AttributeObjectJwt.d.ts.map +1 -0
package/dist/types/src/tdf/Crypto.d.ts +37 -0
package/dist/types/src/tdf/Crypto.d.ts.map +1 -0
package/dist/types/src/tdf/EntityObject.d.ts +18 -0
package/dist/types/src/tdf/EntityObject.d.ts.map +1 -0
package/dist/types/src/tdf/NanoTDF/NanoTDF.d.ts +99 -0
package/dist/types/src/tdf/NanoTDF/NanoTDF.d.ts.map +1 -0
package/dist/types/src/tdf/Policy.d.ts +28 -0
package/dist/types/src/tdf/Policy.d.ts.map +1 -0
package/dist/types/src/tdf/PolicyObject.d.ts +11 -0
package/dist/types/src/tdf/PolicyObject.d.ts.map +1 -0
package/dist/types/src/tdf/TypedArray.d.ts +3 -0
package/dist/types/src/tdf/TypedArray.d.ts.map +1 -0
package/dist/types/src/tdf/index.d.ts +7 -0
package/dist/types/src/tdf/index.d.ts.map +1 -0
package/dist/types/src/types/index.d.ts +45 -0
package/dist/types/src/types/index.d.ts.map +1 -0
package/dist/types/src/utils.d.ts +45 -0
package/dist/types/src/utils.d.ts.map +1 -0
package/dist/types/src/version.d.ts +9 -0
package/dist/types/src/version.d.ts.map +1 -0
package/dist/types/tdf3/index.d.ts +16 -0
package/dist/types/tdf3/index.d.ts.map +1 -0
package/dist/types/tdf3/src/assertions.d.ts +63 -0
package/dist/types/tdf3/src/assertions.d.ts.map +1 -0
package/dist/types/tdf3/src/binary.d.ts +38 -0
package/dist/types/tdf3/src/binary.d.ts.map +1 -0
package/dist/types/tdf3/src/ciphers/aes-gcm-cipher.d.ts +18 -0
package/dist/types/tdf3/src/ciphers/aes-gcm-cipher.d.ts.map +1 -0
package/dist/types/tdf3/src/ciphers/algorithms.d.ts +4 -0
package/dist/types/tdf3/src/ciphers/algorithms.d.ts.map +1 -0
package/dist/types/tdf3/src/ciphers/index.d.ts +3 -0
package/dist/types/tdf3/src/ciphers/index.d.ts.map +1 -0
package/dist/types/tdf3/src/ciphers/symmetric-cipher-base.d.ts +14 -0
package/dist/types/tdf3/src/ciphers/symmetric-cipher-base.d.ts.map +1 -0
package/dist/types/tdf3/src/client/DecoratedReadableStream.d.ts +53 -0
package/dist/types/tdf3/src/client/DecoratedReadableStream.d.ts.map +1 -0
package/dist/types/tdf3/src/client/builders.d.ts +436 -0
package/dist/types/tdf3/src/client/builders.d.ts.map +1 -0
package/dist/types/tdf3/src/client/index.d.ts +139 -0
package/dist/types/tdf3/src/client/index.d.ts.map +1 -0
package/dist/types/tdf3/src/client/validation.d.ts +8 -0
package/dist/types/tdf3/src/client/validation.d.ts.map +1 -0
package/dist/types/tdf3/src/crypto/crypto-utils.d.ts +34 -0
package/dist/types/tdf3/src/crypto/crypto-utils.d.ts.map +1 -0
package/dist/types/tdf3/src/crypto/declarations.d.ts +60 -0
package/dist/types/tdf3/src/crypto/declarations.d.ts.map +1 -0
package/dist/types/tdf3/src/crypto/index.d.ts +103 -0
package/dist/types/tdf3/src/crypto/index.d.ts.map +1 -0
package/dist/types/tdf3/src/index.d.ts +5 -0
package/dist/types/tdf3/src/index.d.ts.map +1 -0
package/dist/types/tdf3/src/models/attribute-set.d.ts +65 -0
package/dist/types/tdf3/src/models/attribute-set.d.ts.map +1 -0
package/dist/types/tdf3/src/models/encryption-information.d.ts +49 -0
package/dist/types/tdf3/src/models/encryption-information.d.ts.map +1 -0
package/dist/types/tdf3/src/models/index.d.ts +9 -0
package/dist/types/tdf3/src/models/index.d.ts.map +1 -0
package/dist/types/tdf3/src/models/key-access.d.ts +42 -0
package/dist/types/tdf3/src/models/key-access.d.ts.map +1 -0
package/dist/types/tdf3/src/models/manifest.d.ts +9 -0
package/dist/types/tdf3/src/models/manifest.d.ts.map +1 -0
package/dist/types/tdf3/src/models/payload.d.ts +7 -0
package/dist/types/tdf3/src/models/payload.d.ts.map +1 -0
package/dist/types/tdf3/src/models/policy.d.ts +13 -0
package/dist/types/tdf3/src/models/policy.d.ts.map +1 -0
package/dist/types/tdf3/src/models/upsert-response.d.ts +16 -0
package/dist/types/tdf3/src/models/upsert-response.d.ts.map +1 -0
package/dist/types/tdf3/src/tdf.d.ts +152 -0
package/dist/types/tdf3/src/tdf.d.ts.map +1 -0
package/dist/types/tdf3/src/templates/default.html.d.ts +8 -0
package/dist/types/tdf3/src/templates/default.html.d.ts.map +1 -0
package/dist/types/tdf3/src/templates/escaper.d.ts +6 -0
package/dist/types/tdf3/src/templates/escaper.d.ts.map +1 -0
package/dist/types/tdf3/src/templates/index.d.ts +3 -0
package/dist/types/tdf3/src/templates/index.d.ts.map +1 -0
package/dist/types/tdf3/src/utils/buffer-crc32.d.ts +2 -0
package/dist/types/tdf3/src/utils/buffer-crc32.d.ts.map +1 -0
package/dist/types/tdf3/src/utils/chunkers.d.ts +29 -0
package/dist/types/tdf3/src/utils/chunkers.d.ts.map +1 -0
package/dist/types/tdf3/src/utils/index.d.ts +36 -0
package/dist/types/tdf3/src/utils/index.d.ts.map +1 -0
package/dist/types/tdf3/src/utils/keysplit.d.ts +19 -0
package/dist/types/tdf3/src/utils/keysplit.d.ts.map +1 -0
package/dist/types/tdf3/src/utils/zip-reader.d.ts +63 -0
package/dist/types/tdf3/src/utils/zip-reader.d.ts.map +1 -0
package/dist/types/tdf3/src/utils/zip-writer.d.ts +35 -0
package/dist/types/tdf3/src/utils/zip-writer.d.ts.map +1 -0
package/dist/types/tdf3/src/version.d.ts +3 -0
package/dist/types/tdf3/src/version.d.ts.map +1 -0
package/dist/web/package.json +3 -0
package/dist/web/src/access.js +147 -0
package/dist/web/src/auth/Eas.js +55 -0
package/dist/web/src/auth/auth.js +71 -0
package/dist/web/src/auth/oidc-clientcredentials-provider.js +22 -0
package/dist/web/src/auth/oidc-externaljwt-provider.js +29 -0
package/dist/web/src/auth/oidc-refreshtoken-provider.js +30 -0
package/dist/web/src/auth/oidc.js +215 -0
package/dist/web/src/auth/providers.js +119 -0
package/dist/web/src/encodings/base64.js +147 -0
package/dist/web/src/encodings/hex.js +63 -0
package/dist/web/src/encodings/index.js +3 -0
package/dist/web/src/errors.js +123 -0
package/dist/web/src/index.js +313 -0
package/dist/web/src/nanotdf/Client.js +268 -0
package/dist/web/src/nanotdf/NanoTDF.js +89 -0
package/dist/web/src/nanotdf/browser-entry.js +14 -0
package/dist/web/src/nanotdf/constants.js +2 -0
package/dist/web/src/nanotdf/decrypt.js +14 -0
package/dist/web/src/nanotdf/encrypt-dataset.js +32 -0
package/dist/web/src/nanotdf/encrypt.js +126 -0
package/dist/web/src/nanotdf/enum/CipherEnum.js +11 -0
package/dist/web/src/nanotdf/enum/CurveNameEnum.js +13 -0
package/dist/web/src/nanotdf/enum/EncodingEnum.js +6 -0
package/dist/web/src/nanotdf/enum/PolicyTypeEnum.js +9 -0
package/dist/web/src/nanotdf/enum/ProtocolEnum.js +8 -0
package/dist/web/src/nanotdf/enum/ResourceLocatorIdentifierEnum.js +9 -0
package/dist/web/src/nanotdf/helpers/calculateByCurve.js +24 -0
package/dist/web/src/nanotdf/helpers/getHkdfSalt.js +8 -0
package/dist/web/src/nanotdf/index.js +11 -0
package/dist/web/src/nanotdf/interfaces/PolicyInterface.js +2 -0
package/dist/web/src/nanotdf/models/Ciphers.js +54 -0
package/dist/web/src/nanotdf/models/DefaultParams.js +22 -0
package/dist/web/src/nanotdf/models/EcCurves.js +32 -0
package/dist/web/src/nanotdf/models/Header.js +250 -0
package/dist/web/src/nanotdf/models/Payload.js +156 -0
package/dist/web/src/nanotdf/models/Policy/AbstractPolicy.js +71 -0
package/dist/web/src/nanotdf/models/Policy/EmbeddedPolicy.js +77 -0
package/dist/web/src/nanotdf/models/Policy/PolicyFactory.js +33 -0
package/dist/web/src/nanotdf/models/Policy/RemotePolicy.js +57 -0
package/dist/web/src/nanotdf/models/ResourceLocator.js +206 -0
package/dist/web/src/nanotdf/models/Signature.js +74 -0
package/dist/web/src/nanotdf-crypto/ciphers.js +14 -0
package/dist/web/src/nanotdf-crypto/decrypt.js +21 -0
package/dist/web/src/nanotdf-crypto/digest.js +4 -0
package/dist/web/src/nanotdf-crypto/ecdsaSignature.js +77 -0
package/dist/web/src/nanotdf-crypto/encrypt.js +21 -0
package/dist/web/src/nanotdf-crypto/enums.js +49 -0
package/dist/web/src/nanotdf-crypto/exportCryptoKey.js +17 -0
package/dist/web/src/nanotdf-crypto/generateKeyPair.js +10 -0
package/dist/web/src/nanotdf-crypto/generateRandomNumber.js +9 -0
package/dist/web/src/nanotdf-crypto/importRawKey.js +15 -0
package/dist/web/src/nanotdf-crypto/index.js +12 -0
package/dist/web/src/nanotdf-crypto/keyAgreement.js +87 -0
package/dist/web/src/nanotdf-crypto/pemPublicToCrypto.js +197 -0
package/dist/web/src/policy/api.js +54 -0
package/dist/web/src/policy/attributes.js +2 -0
package/dist/web/src/policy/granter.js +141 -0
package/dist/web/src/tdf/AttributeObject.js +11 -0
package/dist/web/src/tdf/AttributeObjectJwt.js +2 -0
package/dist/web/src/tdf/Crypto.js +44 -0
package/dist/web/src/tdf/EntityObject.js +2 -0
package/dist/web/src/tdf/NanoTDF/NanoTDF.js +35 -0
package/dist/web/src/tdf/Policy.js +48 -0
package/dist/web/src/tdf/PolicyObject.js +2 -0
package/dist/web/src/tdf/TypedArray.js +2 -0
package/dist/web/src/tdf/index.js +4 -0
package/dist/web/src/types/index.js +2 -0
package/dist/web/src/utils.js +133 -0
package/dist/web/src/version.js +9 -0
package/dist/web/tdf3/index.js +13 -0
package/dist/web/tdf3/src/assertions.js +111 -0
package/dist/web/tdf3/src/binary.js +149 -0
package/dist/web/tdf3/src/ciphers/aes-gcm-cipher.js +52 -0
package/dist/web/tdf3/src/ciphers/algorithms.js +5 -0
package/dist/web/tdf3/src/ciphers/index.js +3 -0
package/dist/web/tdf3/src/ciphers/symmetric-cipher-base.js +18 -0
package/dist/web/tdf3/src/client/DecoratedReadableStream.js +107 -0
package/dist/web/tdf3/src/client/builders.js +557 -0
package/dist/web/tdf3/src/client/index.js +423 -0
package/dist/web/tdf3/src/client/validation.js +58 -0
package/dist/web/tdf3/src/crypto/crypto-utils.js +107 -0
package/dist/web/tdf3/src/crypto/declarations.js +5 -0
package/dist/web/tdf3/src/crypto/index.js +296 -0
package/dist/web/tdf3/src/index.js +5 -0
package/dist/web/tdf3/src/models/attribute-set.js +118 -0
package/dist/web/tdf3/src/models/encryption-information.js +86 -0
package/dist/web/tdf3/src/models/index.js +9 -0
package/dist/web/tdf3/src/models/key-access.js +74 -0
package/dist/web/tdf3/src/models/manifest.js +2 -0
package/dist/web/tdf3/src/models/payload.js +2 -0
package/dist/web/tdf3/src/models/policy.js +20 -0
package/dist/web/tdf3/src/models/upsert-response.js +2 -0
package/dist/web/tdf3/src/tdf.js +866 -0
package/dist/web/tdf3/src/templates/default.html.js +96 -0
package/dist/web/tdf3/src/templates/escaper.js +10 -0
package/dist/web/tdf3/src/templates/index.js +3 -0
package/dist/web/tdf3/src/utils/buffer-crc32.js +44 -0
package/dist/web/tdf3/src/utils/chunkers.js +96 -0
package/dist/web/tdf3/src/utils/index.js +248 -0
package/dist/web/tdf3/src/utils/keysplit.js +55 -0
package/dist/web/tdf3/src/utils/zip-reader.js +247 -0
package/dist/web/tdf3/src/utils/zip-writer.js +302 -0
package/dist/web/tdf3/src/version.js +3 -0
package/package.json +126 -0
package/src/access.ts +198 -0
package/src/auth/Eas.ts +79 -0
package/src/auth/auth.ts +141 -0
package/src/auth/oidc-clientcredentials-provider.ts +32 -0
package/src/auth/oidc-externaljwt-provider.ts +41 -0
package/src/auth/oidc-refreshtoken-provider.ts +41 -0
package/src/auth/oidc.ts +307 -0
package/src/auth/providers.ts +139 -0
package/src/encodings/base64.ts +160 -0
package/src/encodings/hex.ts +69 -0
package/src/encodings/index.ts +2 -0
package/src/errors.ts +113 -0
package/src/index.ts +441 -0
package/src/nanotdf/Client.ts +349 -0
package/src/nanotdf/NanoTDF.ts +121 -0
package/src/nanotdf/browser-entry.ts +20 -0
package/src/nanotdf/constants.ts +1 -0
package/src/nanotdf/decrypt.ts +19 -0
package/src/nanotdf/encrypt-dataset.ts +52 -0
package/src/nanotdf/encrypt.ts +197 -0
package/src/nanotdf/enum/CipherEnum.ts +10 -0
package/src/nanotdf/enum/CurveNameEnum.ts +12 -0
package/src/nanotdf/enum/EncodingEnum.ts +5 -0
package/src/nanotdf/enum/PolicyTypeEnum.ts +8 -0
package/src/nanotdf/enum/ProtocolEnum.ts +7 -0
package/src/nanotdf/enum/ResourceLocatorIdentifierEnum.ts +8 -0
package/src/nanotdf/helpers/calculateByCurve.ts +26 -0
package/src/nanotdf/helpers/getHkdfSalt.ts +15 -0
package/src/nanotdf/index.ts +10 -0
package/src/nanotdf/interfaces/PolicyInterface.ts +27 -0
package/src/nanotdf/models/Ciphers.ts +67 -0
package/src/nanotdf/models/DefaultParams.ts +24 -0
package/src/nanotdf/models/EcCurves.ts +40 -0
package/src/nanotdf/models/Header.ts +322 -0
package/src/nanotdf/models/Payload.ts +196 -0
package/src/nanotdf/models/Policy/AbstractPolicy.ts +90 -0
package/src/nanotdf/models/Policy/EmbeddedPolicy.ts +101 -0
package/src/nanotdf/models/Policy/PolicyFactory.ts +48 -0
package/src/nanotdf/models/Policy/RemotePolicy.ts +74 -0
package/src/nanotdf/models/ResourceLocator.ts +212 -0
package/src/nanotdf/models/Signature.ts +85 -0
package/src/nanotdf-crypto/ciphers.ts +13 -0
package/src/nanotdf-crypto/decrypt.ts +30 -0
package/src/nanotdf-crypto/digest.ts +8 -0
package/src/nanotdf-crypto/ecdsaSignature.ts +109 -0
package/src/nanotdf-crypto/encrypt.ts +30 -0
package/src/nanotdf-crypto/enums.ts +47 -0
package/src/nanotdf-crypto/exportCryptoKey.ts +17 -0
package/src/nanotdf-crypto/generateKeyPair.ts +19 -0
package/src/nanotdf-crypto/generateRandomNumber.ts +8 -0
package/src/nanotdf-crypto/importRawKey.ts +19 -0
package/src/nanotdf-crypto/index.ts +11 -0
package/src/nanotdf-crypto/keyAgreement.ts +139 -0
package/src/nanotdf-crypto/pemPublicToCrypto.ts +232 -0
package/src/package-lock.json +6 -0
package/src/package.json +3 -0
package/src/platform/authorization/authorization_connect.d.ts +44 -0
package/src/platform/authorization/authorization_connect.js +44 -0
package/src/platform/authorization/authorization_pb.d.ts +707 -0
package/src/platform/authorization/authorization_pb.js +372 -0
package/src/platform/common/common_pb.d.ts +129 -0
package/src/platform/common/common_pb.js +58 -0
package/src/platform/entityresolution/entity_resolution_connect.d.ts +35 -0
package/src/platform/entityresolution/entity_resolution_connect.js +35 -0
package/src/platform/entityresolution/entity_resolution_pb.d.ts +242 -0
package/src/platform/entityresolution/entity_resolution_pb.js +139 -0
package/src/platform/kas/kas_connect.d.ts +59 -0
package/src/platform/kas/kas_connect.js +59 -0
package/src/platform/kas/kas_pb.d.ts +200 -0
package/src/platform/kas/kas_pb.js +84 -0
package/src/platform/policy/attributes/attributes_connect.d.ts +168 -0
package/src/platform/policy/attributes/attributes_connect.js +168 -0
package/src/platform/policy/attributes/attributes_pb.d.ts +929 -0
package/src/platform/policy/attributes/attributes_pb.js +363 -0
package/src/platform/policy/kasregistry/key_access_server_registry_connect.d.ts +62 -0
package/src/platform/policy/kasregistry/key_access_server_registry_connect.js +62 -0
package/src/platform/policy/kasregistry/key_access_server_registry_pb.d.ts +283 -0
package/src/platform/policy/kasregistry/key_access_server_registry_pb.js +113 -0
package/src/platform/policy/namespaces/namespaces_connect.d.ts +62 -0
package/src/platform/policy/namespaces/namespaces_connect.js +62 -0
package/src/platform/policy/namespaces/namespaces_pb.d.ts +270 -0
package/src/platform/policy/namespaces/namespaces_pb.js +110 -0
package/src/platform/policy/objects_pb.d.ts +725 -0
package/src/platform/policy/objects_pb.js +288 -0
package/src/platform/policy/resourcemapping/resource_mapping_connect.d.ts +259 -0
package/src/platform/policy/resourcemapping/resource_mapping_connect.js +259 -0
package/src/platform/policy/resourcemapping/resource_mapping_pb.d.ts +314 -0
package/src/platform/policy/resourcemapping/resource_mapping_pb.js +142 -0
package/src/platform/policy/selectors_pb.d.ts +269 -0
package/src/platform/policy/selectors_pb.js +110 -0
package/src/platform/policy/subjectmapping/subject_mapping_connect.d.ts +118 -0
package/src/platform/policy/subjectmapping/subject_mapping_connect.js +118 -0
package/src/platform/policy/subjectmapping/subject_mapping_pb.d.ts +672 -0
package/src/platform/policy/subjectmapping/subject_mapping_pb.js +260 -0
package/src/platform/wellknownconfiguration/wellknown_configuration_connect.d.ts +26 -0
package/src/platform/wellknownconfiguration/wellknown_configuration_connect.js +26 -0
package/src/platform/wellknownconfiguration/wellknown_configuration_pb.d.ts +75 -0
package/src/platform/wellknownconfiguration/wellknown_configuration_pb.js +35 -0
package/src/policy/api.ts +61 -0
package/src/policy/attributes.ts +117 -0
package/src/policy/granter.ts +181 -0
package/src/tdf/AttributeObject.ts +27 -0
package/src/tdf/AttributeObjectJwt.ts +3 -0
package/src/tdf/Crypto.ts +42 -0
package/src/tdf/EntityObject.ts +18 -0
package/src/tdf/NanoTDF/NanoTDF.ts +120 -0
package/src/tdf/Policy.ts +51 -0
package/src/tdf/PolicyObject.ts +12 -0
package/src/tdf/TypedArray.ts +12 -0
package/src/tdf/index.ts +6 -0
package/src/types/index.ts +55 -0
package/src/utils.ts +149 -0
package/src/version.ts +9 -0
package/tdf3/index.ts +91 -0
package/tdf3/package-lock.json +6 -0
package/tdf3/package.json +3 -0
package/tdf3/src/assertions.ts +191 -0
package/tdf3/src/binary.ts +195 -0
package/tdf3/src/ciphers/aes-gcm-cipher.ts +76 -0
package/tdf3/src/ciphers/algorithms.ts +9 -0
package/tdf3/src/ciphers/index.ts +2 -0
package/tdf3/src/ciphers/symmetric-cipher-base.ts +38 -0
package/tdf3/src/client/DecoratedReadableStream.ts +148 -0
package/tdf3/src/client/builders.ts +701 -0
package/tdf3/src/client/index.ts +637 -0
package/tdf3/src/client/validation.ts +79 -0
package/tdf3/src/crypto/crypto-utils.ts +119 -0
package/tdf3/src/crypto/declarations.ts +89 -0
package/tdf3/src/crypto/index.ts +394 -0
package/tdf3/src/index.ts +4 -0
package/tdf3/src/models/attribute-set.ts +142 -0
package/tdf3/src/models/encryption-information.ts +172 -0
package/tdf3/src/models/index.ts +8 -0
package/tdf3/src/models/key-access.ts +128 -0
package/tdf3/src/models/manifest.ts +9 -0
package/tdf3/src/models/payload.ts +6 -0
package/tdf3/src/models/policy.ts +35 -0
package/tdf3/src/models/upsert-response.ts +17 -0
package/tdf3/src/tdf.ts +1351 -0
package/tdf3/src/templates/default.html.ts +105 -0
package/tdf3/src/templates/escaper.ts +10 -0
package/tdf3/src/templates/index.ts +2 -0
package/tdf3/src/utils/buffer-crc32.ts +46 -0
package/tdf3/src/utils/chunkers.ts +118 -0
package/tdf3/src/utils/index.ts +309 -0
package/tdf3/src/utils/keysplit.ts +63 -0
package/tdf3/src/utils/zip-reader.ts +341 -0
package/tdf3/src/utils/zip-writer.ts +375 -0
package/tdf3/src/version.ts +2 -0
package/tdf3/types.d.ts +14 -0

package/src/nanotdf/Client.ts ADDED Viewed

@@ -0,0 +1,349 @@
+import { type TypedArray } from '../tdf/index.js';
+import * as base64 from '../encodings/base64.js';
+import { generateKeyPair, keyAgreement } from '../nanotdf-crypto/index.js';
+import getHkdfSalt from './helpers/getHkdfSalt.js';
+import DefaultParams from './models/DefaultParams.js';
+import { fetchWrappedKey, KasPublicKeyInfo, OriginAllowList } from '../access.js';
+import { AuthProvider, isAuthProvider, reqSignature } from '../auth/providers.js';
+import { ConfigurationError, DecryptError, TdfError, UnsafeUrlError } from '../errors.js';
+import { cryptoPublicToPem, pemToCryptoPublicKey, validateSecureUrl } from '../utils.js';
+export interface ClientConfig {
+  allowedKases?: string[];
+  ignoreAllowList?: boolean;
+  authProvider: AuthProvider;
+  dpopEnabled?: boolean;
+  dpopKeys?: Promise<CryptoKeyPair>;
+  ephemeralKeyPair?: Promise<CryptoKeyPair>;
+  kasEndpoint: string;
+}
+function toJWSAlg(c: CryptoKey): string {
+  const { algorithm } = c;
+  switch (algorithm.name) {
+    case 'RSASSA-PKCS1-v1_5':
+    case 'RSA-PSS':
+    case 'RSA-OAEP': {
+      const r = algorithm as RsaHashedKeyGenParams;
+      switch (r.modulusLength) {
+        case 2048:
+          return 'RS256';
+        case 3072:
+          return 'RS384';
+        case 4096:
+          return 'RS512';
+      }
+      break;
+    }
+    case 'ECDSA':
+    case 'ECDH': {
+      return 'ES256';
+    }
+  }
+  throw new ConfigurationError(`unsupported key algorithm ${JSON.stringify(algorithm)}`);
+}
+async function generateEphemeralKeyPair(): Promise<CryptoKeyPair> {
+  const { publicKey, privateKey } = await generateKeyPair();
+  if (!privateKey || !publicKey) {
+    throw Error('Key pair generation failed');
+  }
+  return { publicKey, privateKey };
+}
+async function generateSignerKeyPair(): Promise<CryptoKeyPair> {
+  return crypto.subtle.generateKey(
+    {
+      name: 'RSASSA-PKCS1-v1_5',
+      hash: 'SHA-256',
+      modulusLength: 2048,
+      publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
+    },
+    true,
+    ['sign', 'verify']
+  );
+}
+/**
+ * A Client encapsulates sessions interacting with TDF3 and nanoTDF backends, KAS and any
+ * plugin-based sessions like identity and further attribute control. Most importantly, it is responsible
+ * for local key and token management, including the ephemeral public/private keypairs
+ * used for encrypting and decrypting information.
+ *
+ * @link https://developer.mozilla.org/en-US/docs/Web/API/CryptoKeyPair
+ *
+ * @example
+ * import { Client, clientAuthProvider, decrypt, encrypt } from '@opentdf/sdk/nanotdf`
+ *
+ * const OIDC_ENDPOINT = 'http://localhost:65432/auth/';
+ * const KAS_URL = 'http://localhost:65432/kas';
+ *
+ * let client = new Client(
+ *    await clientAuthProvider({
+ *      clientId: 'tdf-client',
+ *      clientSecret: '123-456',
+ *      oidcOrigin: OIDC_ENDPOINT,
+ *    }),
+ *    KAS_URL
+ *  );
+ *
+ * // t=1
+ * let nanoTDFEncrypted = await encrypt('some string', client.unwrappedKey);
+ * let nanoTDFDecrypted = await decrypt(nanoTDFEncrypted, client.unwrappedKey);
+ * nanoTDFDecrypted.toString() // 'some string'
+ *
+ */
+export default class Client {
+  static readonly KEY_ACCESS_REMOTE = 'remote';
+  static readonly KAS_PROTOCOL = 'kas';
+  static readonly SDK_INITIAL_RELEASE = '0.0.0';
+  static readonly INITIAL_RELEASE_IV_SIZE = 3;
+  static readonly IV_SIZE = 12;
+  allowedKases: OriginAllowList;
+  /*
+    These variables are expected to be either assigned during initialization or within the methods.
+    This is needed as the flow is very specific. Errors should be thrown if the necessary step is not completed.
+  */
+  protected kasUrl: string;
+  kasPubKey?: KasPublicKeyInfo;
+  readonly authProvider: AuthProvider;
+  readonly dpopEnabled: boolean;
+  dissems: string[] = [];
+  dataAttributes: string[] = [];
+  protected ephemeralKeyPair: Promise<CryptoKeyPair>;
+  protected requestSignerKeyPair: Promise<CryptoKeyPair>;
+  protected iv?: number;
+  /**
+   * Create new NanoTDF Client
+   *
+   * The Ephemeral Key Pair can either be provided or will be generate when fetching the entity object. Once set it
+   * cannot be changed. If a new ephemeral key is desired it a new client should be initialized.
+   * There is no performance impact for creating a new client IFF the ephemeral key pair is provided.
+   */
+  constructor(
+    optsOrOldAuthProvider: AuthProvider | ClientConfig,
+    kasUrl?: string,
+    ephemeralKeyPair?: CryptoKeyPair,
+    dpopEnabled = false
+  ) {
+    if (isAuthProvider(optsOrOldAuthProvider)) {
+      this.authProvider = optsOrOldAuthProvider;
+      if (!kasUrl) {
+        throw new ConfigurationError('please specify kasEndpoint');
+      }
+      // TODO Disallow http KAS. For now just log as error
+      validateSecureUrl(kasUrl);
+      this.kasUrl = kasUrl;
+      this.allowedKases = new OriginAllowList([kasUrl]);
+      this.dpopEnabled = dpopEnabled;
+      if (ephemeralKeyPair) {
+        this.ephemeralKeyPair = Promise.resolve(ephemeralKeyPair);
+      } else {
+        this.ephemeralKeyPair = generateEphemeralKeyPair();
+      }
+      this.iv = 1;
+    } else {
+      const {
+        allowedKases,
+        ignoreAllowList,
+        authProvider,
+        dpopEnabled,
+        dpopKeys,
+        ephemeralKeyPair,
+        kasEndpoint,
+      } = optsOrOldAuthProvider;
+      this.authProvider = authProvider;
+      // TODO Disallow http KAS. For now just log as error
+      validateSecureUrl(kasEndpoint);
+      this.kasUrl = kasEndpoint;
+      this.allowedKases = new OriginAllowList(allowedKases || [kasEndpoint], !!ignoreAllowList);
+      this.dpopEnabled = !!dpopEnabled;
+      if (dpopKeys) {
+        this.requestSignerKeyPair = dpopKeys;
+      } else {
+        this.requestSignerKeyPair = generateSignerKeyPair();
+      }
+      if (ephemeralKeyPair) {
+        this.ephemeralKeyPair = ephemeralKeyPair;
+      } else {
+        this.ephemeralKeyPair = generateEphemeralKeyPair();
+      }
+      this.iv = 1;
+    }
+  }
+  /**
+   * Add attribute to the TDF file/data
+   *
+   * @param attribute The attribute that decides the access control of the TDF.
+   */
+  addAttribute(attribute: string): void {
+    this.dataAttributes.push(attribute);
+  }
+  /**
+   * Explicitly get a new Entity Object using the supplied EntityAttributeService.
+   *
+   * This method is expected to be called at least once per encrypt/decrypt cycle. If the entityObject is expired then
+   * this will need to be called again.
+   *
+   * @security the ephemeralKeyPair must be set in the constructor if desired to use here. If this is wished to be changed
+   * then a new client should be initialized.
+   * @performance key pair is generated when the entity object is fetched IFF the ephemeralKeyPair is not set. This will
+   * either be set on the first call or passed in the constructor.
+   */
+  async fetchOIDCToken(): Promise<void> {
+    const signer = await this.requestSignerKeyPair;
+    if (!signer) {
+      throw new ConfigurationError('failed to find or generate signer session key');
+    }
+    await this.authProvider.updateClientPublicKey(signer);
+  }
+  /**
+   * Rewrap key
+   *
+   * @important the `fetchEntityObject` method must be called prior to
+   * @param nanoTdfHeader the full header for the nanotdf
+   * @param kasRewrapUrl key access server's rewrap endpoint
+   * @param magicNumberVersion nanotdf container version
+   * @param clientVersion version of the client, as SemVer
+   */
+  async rewrapKey(
+    nanoTdfHeader: TypedArray | ArrayBuffer,
+    kasRewrapUrl: string,
+    magicNumberVersion: TypedArray | ArrayBuffer,
+    clientVersion: string
+  ): Promise<CryptoKey> {
+    if (!this.allowedKases.allows(kasRewrapUrl)) {
+      throw new UnsafeUrlError(`request URL ∉ ${this.allowedKases.origins};`, kasRewrapUrl);
+    }
+    // Ensure the ephemeral key pair has been set or generated (see createOidcServiceProvider)
+    await this.fetchOIDCToken();
+    const ephemeralKeyPair = await this.ephemeralKeyPair;
+    const requestSignerKeyPair = await this.requestSignerKeyPair;
+    // Ensure the ephemeral key pair has been set or generated (see fetchEntityObject)
+    if (!ephemeralKeyPair?.privateKey) {
+      throw new ConfigurationError('Ephemeral key has not been set or generated');
+    }
+    if (!requestSignerKeyPair?.privateKey) {
+      throw new ConfigurationError('Signer key has not been set or generated');
+    }
+    const requestBodyStr = JSON.stringify({
+      algorithm: DefaultParams.defaultECAlgorithm,
+      // nano keyAccess minimum, header is used for nano
+      keyAccess: {
+        type: Client.KEY_ACCESS_REMOTE,
+        url: '',
+        protocol: Client.KAS_PROTOCOL,
+        header: base64.encodeArrayBuffer(nanoTdfHeader),
+      },
+      clientPublicKey: await cryptoPublicToPem(ephemeralKeyPair.publicKey),
+    });
+    const jwtPayload = { requestBody: requestBodyStr };
+    const requestBody = {
+      signedRequestToken: await reqSignature(jwtPayload, requestSignerKeyPair.privateKey, {
+        alg: toJWSAlg(requestSignerKeyPair.publicKey),
+      }),
+    };
+    // Wrapped
+    const wrappedKey = await fetchWrappedKey(
+      kasRewrapUrl,
+      requestBody,
+      this.authProvider,
+      clientVersion
+    );
+    // Extract the iv and ciphertext
+    const entityWrappedKey = new Uint8Array(base64.decodeArrayBuffer(wrappedKey.entityWrappedKey));
+    const ivLength =
+      clientVersion == Client.SDK_INITIAL_RELEASE ? Client.INITIAL_RELEASE_IV_SIZE : Client.IV_SIZE;
+    const iv = entityWrappedKey.subarray(0, ivLength);
+    const encryptedSharedKey = entityWrappedKey.subarray(ivLength);
+    let kasPublicKey;
+    try {
+      // Let us import public key as a cert or public key
+      kasPublicKey = await pemToCryptoPublicKey(wrappedKey.sessionPublicKey);
+    } catch (cause) {
+      throw new ConfigurationError(
+        `internal: [${kasRewrapUrl}] PEM Public Key to crypto public key failed. Is PEM formatted correctly?`,
+        cause
+      );
+    }
+    let hkdfSalt;
+    try {
+      // Get the hkdf salt params
+      hkdfSalt = await getHkdfSalt(magicNumberVersion);
+    } catch (e) {
+      throw new TdfError('salting hkdf failed', e);
+    }
+    const { privateKey } = await this.ephemeralKeyPair;
+    // Get the unwrapping key
+    let unwrappingKey;
+    try {
+      unwrappingKey = await keyAgreement(
+        // Ephemeral private key
+        privateKey,
+        kasPublicKey,
+        hkdfSalt
+      );
+    } catch (e) {
+      if (e.name == 'InvalidAccessError' || e.name == 'OperationError') {
+        throw new DecryptError('unable to solve key agreement', e);
+      } else if (e.name == 'NotSupported') {
+        throw new ConfigurationError('unable to unwrap key from kas', e);
+      }
+      throw new TdfError('unable to reach agreement', e);
+    }
+    const authTagLength = 8 * (encryptedSharedKey.byteLength - 32);
+    let decryptedKey;
+    try {
+      // Decrypt the wrapped key
+      decryptedKey = await crypto.subtle.decrypt(
+        { name: 'AES-GCM', iv, tagLength: authTagLength },
+        unwrappingKey,
+        encryptedSharedKey
+      );
+    } catch (cause) {
+      throw new DecryptError(
+        `unable to decrypt key. Are you using the right KAS? Is the salt correct?`,
+        cause
+      );
+    }
+    // UnwrappedKey
+    let unwrappedKey;
+    try {
+      unwrappedKey = await crypto.subtle.importKey(
+        'raw',
+        decryptedKey,
+        'AES-GCM',
+        // @security This allows the key to be used in `exportKey` and `wrapKey`
+        // https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/exportKey
+        // https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/wrapKey
+        true,
+        // Want to use the key to encrypt and decrypt. Signing key will be used later.
+        ['encrypt', 'decrypt']
+      );
+    } catch (cause) {
+      throw new DecryptError('Unable to import raw key.', cause);
+    }
+    return unwrappedKey;
+  }
+}

package/src/nanotdf/NanoTDF.ts ADDED Viewed

@@ -0,0 +1,121 @@
+import { TypedArray } from '../tdf/index.js';
+import { base64 } from '../encodings/index.js';
+import Header from './models/Header.js';
+import Payload from './models/Payload.js';
+import Signature from './models/Signature.js';
+import EncodingEnum from './enum/EncodingEnum.js';
+import { ConfigurationError, InvalidFileError } from '../errors.js';
+// Defaults when none set during encryption
+export default class NanoTDF {
+  // Add encodings to the NanoTDF class for easy access
+  static Encodings: typeof EncodingEnum = EncodingEnum;
+  static Header = Header;
+  static Payload = Payload;
+  static Signature = Signature;
+  public header: Header;
+  public payload: Payload;
+  // TODO: This should be optional
+  public signature?: Signature;
+  static from(
+    content: TypedArray | ArrayBuffer | string,
+    encoding?: EncodingEnum,
+    legacyTDF = false
+  ): NanoTDF {
+    // If we don't assign an empty array buffer then TS reports buffer as unassigned
+    let buffer;
+    if (typeof content === 'string') {
+      if (!encoding || encoding === EncodingEnum.Base64) {
+        buffer = base64.decodeArrayBuffer(content);
+      } else {
+        throw new ConfigurationError(`Unsupported encoding: ${encoding}`);
+      }
+    }
+    // Handle Uint8Array types
+    else if (ArrayBuffer.isView(content) || content instanceof ArrayBuffer) {
+      buffer = content;
+    } else {
+      throw new ConfigurationError(`unsupported content type`);
+    }
+    const dataView = new Uint8Array(buffer);
+    let offset = 0;
+    // Header
+    const { header, offset: headerOffset } = Header.parse(dataView.subarray(offset));
+    offset += headerOffset;
+    // Payload
+    const { payload, offset: payloadOffset } = Payload.parse(
+      header,
+      dataView.subarray(offset),
+      legacyTDF
+    );
+    offset += payloadOffset;
+    // Signature
+    const { signature, offset: signatureOffset } = Signature.parse(
+      header,
+      dataView.subarray(offset)
+    );
+    offset += signatureOffset;
+    // Singature checking
+    if (!header.hasSignature && signature.length > 0) {
+      throw new InvalidFileError("Found signature when there shouldn't be one");
+    }
+    if (header.hasSignature && signature.length === 0) {
+      throw new InvalidFileError('Could not find signature');
+    }
+    return new NanoTDF(header, payload, signature);
+  }
+  constructor(header: Header, payload: Payload, signature?: Signature) {
+    this.header = header;
+    this.payload = payload;
+    this.signature = signature;
+  }
+  /**
+   * Return the content of nano tdf as binary buffer
+   */
+  toBuffer(): ArrayBuffer {
+    let offset = 0;
+    const lengthOfSignature = this.signature && this.signature.length ? this.signature.length : 0;
+    const lengthOfTDF = this.header.length + this.payload.length + lengthOfSignature;
+    const buffer = new ArrayBuffer(lengthOfTDF);
+    // Write the header
+    const headerBufferView = new Uint8Array(buffer, 0, this.header.length);
+    this.header.copyToBuffer(headerBufferView);
+    offset += headerBufferView.length;
+    // Write the payload
+    const payloadBufferView = new Uint8Array(buffer, offset, this.payload.length);
+    this.payload.copyToBuffer(payloadBufferView);
+    offset += payloadBufferView.length;
+    // Write the signature
+    if (this.header.hasSignature && this.signature) {
+      const signatureBufferView = new Uint8Array(buffer, offset, lengthOfSignature);
+      this.signature.copyToBuffer(signatureBufferView);
+    }
+    return buffer;
+  }
+  /**
+   * Return the content of nano tdf as base64 string
+   */
+  toBase64(): string {
+    const arrayBuffer = this.toBuffer();
+    return base64.encodeArrayBuffer(arrayBuffer);
+  }
+}

package/src/nanotdf/browser-entry.ts ADDED Viewed

@@ -0,0 +1,20 @@
+/* globals window */
+/**
+ * This file is used for:
+ *
+ * - es5 browser version of nanoTDF and add it to the window as NanoTDF
+ *
+ * This is not used for:
+ *
+ * - es6 web development (use node modules)
+ * - node applications
+ */
+import NanoTDF from './NanoTDF.js';
+declare global {
+  interface Window {
+    NanoTDF: typeof NanoTDF;
+  }
+}
+window.NanoTDF = NanoTDF;

package/src/nanotdf/constants.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export const GMAC_BINDING_LEN = 8;

package/src/nanotdf/decrypt.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import { decrypt as cryptoDecrypt } from '../nanotdf-crypto/index.js';
+import type NanoTDF from './NanoTDF.js';
+/**
+ * Decrypt nanotdf with a crypto key
+ *
+ * @param key Crypto key used to decrypt nanotdf
+ * @param nanotdf NanoTDF to decrypt
+ */
+export default async function decrypt(key: CryptoKey, nanotdf: NanoTDF): Promise<ArrayBuffer> {
+  // console.log(`Decrypting for content: ${nanotdf}`, nanotdf.header.authTagLength);
+  return await cryptoDecrypt(
+    key,
+    nanotdf.payload.ciphertextWithAuthTag,
+    nanotdf.payload.iv,
+    // Auth tag length in bits
+    nanotdf.header.authTagLength
+  );
+}

package/src/nanotdf/encrypt-dataset.ts ADDED Viewed

@@ -0,0 +1,52 @@
+import NanoTDF from './NanoTDF.js';
+import Header from './models/Header.js';
+import DefaultParams from './models/DefaultParams.js';
+import Payload from './models/Payload.js';
+import { getBitLength as authTagLengthForCipher } from './models/Ciphers.js';
+import TypedArray from '../tdf/TypedArray.js';
+import encrypt from '../nanotdf-crypto/encrypt.js';
+/**
+ * Encrypt the plain data into nanotdf buffer
+ *
+ * @param symmetricKey Key to encrypt the payload
+ * @param header NanoTDF header
+ * @param iv IV to be used for encrypting the payload
+ * @param data The data to be encrypted
+ */
+export default async function encryptDataset(
+  symmetricKey: CryptoKey,
+  header: Header,
+  iv: Uint8Array,
+  data: string | TypedArray | ArrayBuffer
+): Promise<ArrayBuffer> {
+  // Auth tag length for policy and payload
+  const authTagLengthInBytes = authTagLengthForCipher(DefaultParams.symmetricCipher) / 8;
+  // Encrypt the payload
+  let payloadAsBuffer;
+  if (typeof data === 'string') {
+    payloadAsBuffer = new TextEncoder().encode(data);
+  } else {
+    payloadAsBuffer = data;
+  }
+  const encryptedPayload = await encrypt(
+    symmetricKey,
+    new Uint8Array(payloadAsBuffer),
+    iv,
+    authTagLengthInBytes * 8
+  );
+  // Create payload
+  const payload = new Payload(
+    iv.slice(-3),
+    new Uint8Array(encryptedPayload.slice(0, -authTagLengthInBytes)),
+    new Uint8Array(encryptedPayload.slice(-authTagLengthInBytes))
+  );
+  // Create a nanotdf.
+  const nanoTDF = new NanoTDF(header, payload);
+  return nanoTDF.toBuffer();
+}