npm - @opentdf/sdk - Versions diffs - 0.1.0-beta.1701 - Mend

@opentdf/sdk 0.1.0-beta.1701

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (566) hide show

package/README.md +52 -0
package/dist/cjs/package.json +3 -0
package/dist/cjs/src/access.js +155 -0
package/dist/cjs/src/auth/Eas.js +60 -0
package/dist/cjs/src/auth/auth.js +79 -0
package/dist/cjs/src/auth/oidc-clientcredentials-provider.js +26 -0
package/dist/cjs/src/auth/oidc-externaljwt-provider.js +33 -0
package/dist/cjs/src/auth/oidc-refreshtoken-provider.js +34 -0
package/dist/cjs/src/auth/oidc.js +222 -0
package/dist/cjs/src/auth/providers.js +143 -0
package/dist/cjs/src/encodings/base64.js +154 -0
package/dist/cjs/src/encodings/hex.js +70 -0
package/dist/cjs/src/encodings/index.js +29 -0
package/dist/cjs/src/errors.js +138 -0
package/dist/cjs/src/index.js +344 -0
package/dist/cjs/src/nanotdf/Client.js +296 -0
package/dist/cjs/src/nanotdf/NanoTDF.js +94 -0
package/dist/cjs/src/nanotdf/browser-entry.js +19 -0
package/dist/cjs/src/nanotdf/constants.js +5 -0
package/dist/cjs/src/nanotdf/decrypt.js +17 -0
package/dist/cjs/src/nanotdf/encrypt-dataset.js +38 -0
package/dist/cjs/src/nanotdf/encrypt.js +132 -0
package/dist/cjs/src/nanotdf/enum/CipherEnum.js +13 -0
package/dist/cjs/src/nanotdf/enum/CurveNameEnum.js +15 -0
package/dist/cjs/src/nanotdf/enum/EncodingEnum.js +8 -0
package/dist/cjs/src/nanotdf/enum/PolicyTypeEnum.js +11 -0
package/dist/cjs/src/nanotdf/enum/ProtocolEnum.js +10 -0
package/dist/cjs/src/nanotdf/enum/ResourceLocatorIdentifierEnum.js +11 -0
package/dist/cjs/src/nanotdf/helpers/calculateByCurve.js +29 -0
package/dist/cjs/src/nanotdf/helpers/getHkdfSalt.js +11 -0
package/dist/cjs/src/nanotdf/index.js +25 -0
package/dist/cjs/src/nanotdf/interfaces/PolicyInterface.js +3 -0
package/dist/cjs/src/nanotdf/models/Ciphers.js +61 -0
package/dist/cjs/src/nanotdf/models/DefaultParams.js +27 -0
package/dist/cjs/src/nanotdf/models/EcCurves.js +39 -0
package/dist/cjs/src/nanotdf/models/Header.js +255 -0
package/dist/cjs/src/nanotdf/models/Payload.js +158 -0
package/dist/cjs/src/nanotdf/models/Policy/AbstractPolicy.js +73 -0
package/dist/cjs/src/nanotdf/models/Policy/EmbeddedPolicy.js +82 -0
package/dist/cjs/src/nanotdf/models/Policy/PolicyFactory.js +38 -0
package/dist/cjs/src/nanotdf/models/Policy/RemotePolicy.js +62 -0
package/dist/cjs/src/nanotdf/models/ResourceLocator.js +211 -0
package/dist/cjs/src/nanotdf/models/Signature.js +77 -0
package/dist/cjs/src/nanotdf-crypto/ciphers.js +17 -0
package/dist/cjs/src/nanotdf-crypto/decrypt.js +24 -0
package/dist/cjs/src/nanotdf-crypto/digest.js +7 -0
package/dist/cjs/src/nanotdf-crypto/ecdsaSignature.js +83 -0
package/dist/cjs/src/nanotdf-crypto/encrypt.js +24 -0
package/dist/cjs/src/nanotdf-crypto/enums.js +52 -0
package/dist/cjs/src/nanotdf-crypto/exportCryptoKey.js +20 -0
package/dist/cjs/src/nanotdf-crypto/generateKeyPair.js +13 -0
package/dist/cjs/src/nanotdf-crypto/generateRandomNumber.js +12 -0
package/dist/cjs/src/nanotdf-crypto/importRawKey.js +18 -0
package/dist/cjs/src/nanotdf-crypto/index.js +52 -0
package/dist/cjs/src/nanotdf-crypto/keyAgreement.js +91 -0
package/dist/cjs/src/nanotdf-crypto/pemPublicToCrypto.js +225 -0
package/dist/cjs/src/policy/api.js +58 -0
package/dist/cjs/src/policy/attributes.js +3 -0
package/dist/cjs/src/policy/granter.js +146 -0
package/dist/cjs/src/tdf/AttributeObject.js +15 -0
package/dist/cjs/src/tdf/AttributeObjectJwt.js +3 -0
package/dist/cjs/src/tdf/Crypto.js +47 -0
package/dist/cjs/src/tdf/EntityObject.js +3 -0
package/dist/cjs/src/tdf/NanoTDF/NanoTDF.js +38 -0
package/dist/cjs/src/tdf/Policy.js +50 -0
package/dist/cjs/src/tdf/PolicyObject.js +3 -0
package/dist/cjs/src/tdf/TypedArray.js +3 -0
package/dist/cjs/src/tdf/index.js +35 -0
package/dist/cjs/src/types/index.js +3 -0
package/dist/cjs/src/utils.js +147 -0
package/dist/cjs/src/version.js +12 -0
package/dist/cjs/tdf3/index.js +57 -0
package/dist/cjs/tdf3/src/assertions.js +118 -0
package/dist/cjs/tdf3/src/binary.js +153 -0
package/dist/cjs/tdf3/src/ciphers/aes-gcm-cipher.js +56 -0
package/dist/cjs/tdf3/src/ciphers/algorithms.js +8 -0
package/dist/cjs/tdf3/src/ciphers/index.js +8 -0
package/dist/cjs/tdf3/src/ciphers/symmetric-cipher-base.js +22 -0
package/dist/cjs/tdf3/src/client/DecoratedReadableStream.js +116 -0
package/dist/cjs/tdf3/src/client/builders.js +561 -0
package/dist/cjs/tdf3/src/client/index.js +460 -0
package/dist/cjs/tdf3/src/client/validation.js +63 -0
package/dist/cjs/tdf3/src/crypto/crypto-utils.js +116 -0
package/dist/cjs/tdf3/src/crypto/declarations.js +8 -0
package/dist/cjs/tdf3/src/crypto/index.js +315 -0
package/dist/cjs/tdf3/src/index.js +34 -0
package/dist/cjs/tdf3/src/models/attribute-set.js +122 -0
package/dist/cjs/tdf3/src/models/encryption-information.js +90 -0
package/dist/cjs/tdf3/src/models/index.js +25 -0
package/dist/cjs/tdf3/src/models/key-access.js +103 -0
package/dist/cjs/tdf3/src/models/manifest.js +3 -0
package/dist/cjs/tdf3/src/models/payload.js +3 -0
package/dist/cjs/tdf3/src/models/policy.js +24 -0
package/dist/cjs/tdf3/src/models/upsert-response.js +3 -0
package/dist/cjs/tdf3/src/tdf.js +907 -0
package/dist/cjs/tdf3/src/templates/default.html.js +98 -0
package/dist/cjs/tdf3/src/templates/escaper.js +15 -0
package/dist/cjs/tdf3/src/templates/index.js +12 -0
package/dist/cjs/tdf3/src/utils/buffer-crc32.js +48 -0
package/dist/cjs/tdf3/src/utils/chunkers.js +106 -0
package/dist/cjs/tdf3/src/utils/index.js +296 -0
package/dist/cjs/tdf3/src/utils/keysplit.js +61 -0
package/dist/cjs/tdf3/src/utils/zip-reader.js +253 -0
package/dist/cjs/tdf3/src/utils/zip-writer.js +308 -0
package/dist/cjs/tdf3/src/version.js +6 -0
package/dist/types/src/access.d.ts +47 -0
package/dist/types/src/access.d.ts.map +1 -0
package/dist/types/src/auth/Eas.d.ts +34 -0
package/dist/types/src/auth/Eas.d.ts.map +1 -0
package/dist/types/src/auth/auth.d.ts +86 -0
package/dist/types/src/auth/auth.d.ts.map +1 -0
package/dist/types/src/auth/oidc-clientcredentials-provider.d.ts +9 -0
package/dist/types/src/auth/oidc-clientcredentials-provider.d.ts.map +1 -0
package/dist/types/src/auth/oidc-externaljwt-provider.d.ts +10 -0
package/dist/types/src/auth/oidc-externaljwt-provider.d.ts.map +1 -0
package/dist/types/src/auth/oidc-refreshtoken-provider.d.ts +10 -0
package/dist/types/src/auth/oidc-refreshtoken-provider.d.ts.map +1 -0
package/dist/types/src/auth/oidc.d.ts +104 -0
package/dist/types/src/auth/oidc.d.ts.map +1 -0
package/dist/types/src/auth/providers.d.ts +67 -0
package/dist/types/src/auth/providers.d.ts.map +1 -0
package/dist/types/src/encodings/base64.d.ts +18 -0
package/dist/types/src/encodings/base64.d.ts.map +1 -0
package/dist/types/src/encodings/hex.d.ts +5 -0
package/dist/types/src/encodings/hex.d.ts.map +1 -0
package/dist/types/src/encodings/index.d.ts +3 -0
package/dist/types/src/encodings/index.d.ts.map +1 -0
package/dist/types/src/errors.d.ts +72 -0
package/dist/types/src/errors.d.ts.map +1 -0
package/dist/types/src/index.d.ts +138 -0
package/dist/types/src/index.d.ts.map +1 -0
package/dist/types/src/nanotdf/Client.d.ts +95 -0
package/dist/types/src/nanotdf/Client.d.ts.map +1 -0
package/dist/types/src/nanotdf/NanoTDF.d.ts +25 -0
package/dist/types/src/nanotdf/NanoTDF.d.ts.map +1 -0
package/dist/types/src/nanotdf/browser-entry.d.ts +17 -0
package/dist/types/src/nanotdf/browser-entry.d.ts.map +1 -0
package/dist/types/src/nanotdf/constants.d.ts +2 -0
package/dist/types/src/nanotdf/constants.d.ts.map +1 -0
package/dist/types/src/nanotdf/decrypt.d.ts +9 -0
package/dist/types/src/nanotdf/decrypt.d.ts.map +1 -0
package/dist/types/src/nanotdf/encrypt-dataset.d.ts +12 -0
package/dist/types/src/nanotdf/encrypt-dataset.d.ts.map +1 -0
package/dist/types/src/nanotdf/encrypt.d.ts +14 -0
package/dist/types/src/nanotdf/encrypt.d.ts.map +1 -0
package/dist/types/src/nanotdf/enum/CipherEnum.d.ts +10 -0
package/dist/types/src/nanotdf/enum/CipherEnum.d.ts.map +1 -0
package/dist/types/src/nanotdf/enum/CurveNameEnum.d.ts +12 -0
package/dist/types/src/nanotdf/enum/CurveNameEnum.d.ts.map +1 -0
package/dist/types/src/nanotdf/enum/EncodingEnum.d.ts +5 -0
package/dist/types/src/nanotdf/enum/EncodingEnum.d.ts.map +1 -0
package/dist/types/src/nanotdf/enum/PolicyTypeEnum.d.ts +8 -0
package/dist/types/src/nanotdf/enum/PolicyTypeEnum.d.ts.map +1 -0
package/dist/types/src/nanotdf/enum/ProtocolEnum.d.ts +7 -0
package/dist/types/src/nanotdf/enum/ProtocolEnum.d.ts.map +1 -0
package/dist/types/src/nanotdf/enum/ResourceLocatorIdentifierEnum.d.ts +8 -0
package/dist/types/src/nanotdf/enum/ResourceLocatorIdentifierEnum.d.ts.map +1 -0
package/dist/types/src/nanotdf/helpers/calculateByCurve.d.ts +20 -0
package/dist/types/src/nanotdf/helpers/calculateByCurve.d.ts.map +1 -0
package/dist/types/src/nanotdf/helpers/getHkdfSalt.d.ts +9 -0
package/dist/types/src/nanotdf/helpers/getHkdfSalt.d.ts.map +1 -0
package/dist/types/src/nanotdf/index.d.ts +9 -0
package/dist/types/src/nanotdf/index.d.ts.map +1 -0
package/dist/types/src/nanotdf/interfaces/PolicyInterface.d.ts +17 -0
package/dist/types/src/nanotdf/interfaces/PolicyInterface.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Ciphers.d.ts +14 -0
package/dist/types/src/nanotdf/models/Ciphers.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/DefaultParams.d.ts +21 -0
package/dist/types/src/nanotdf/models/DefaultParams.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/EcCurves.d.ts +15 -0
package/dist/types/src/nanotdf/models/EcCurves.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Header.d.ts +73 -0
package/dist/types/src/nanotdf/models/Header.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Payload.d.ts +47 -0
package/dist/types/src/nanotdf/models/Payload.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Policy/AbstractPolicy.d.ts +52 -0
package/dist/types/src/nanotdf/models/Policy/AbstractPolicy.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Policy/EmbeddedPolicy.d.ts +35 -0
package/dist/types/src/nanotdf/models/Policy/EmbeddedPolicy.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Policy/PolicyFactory.d.ts +11 -0
package/dist/types/src/nanotdf/models/Policy/PolicyFactory.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Policy/RemotePolicy.d.ts +31 -0
package/dist/types/src/nanotdf/models/Policy/RemotePolicy.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/ResourceLocator.d.ts +65 -0
package/dist/types/src/nanotdf/models/ResourceLocator.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Signature.d.ts +33 -0
package/dist/types/src/nanotdf/models/Signature.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/ciphers.d.ts +8 -0
package/dist/types/src/nanotdf-crypto/ciphers.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/decrypt.d.ts +14 -0
package/dist/types/src/nanotdf-crypto/decrypt.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/digest.d.ts +3 -0
package/dist/types/src/nanotdf-crypto/digest.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/ecdsaSignature.d.ts +35 -0
package/dist/types/src/nanotdf-crypto/ecdsaSignature.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/encrypt.d.ts +14 -0
package/dist/types/src/nanotdf-crypto/encrypt.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/enums.d.ts +42 -0
package/dist/types/src/nanotdf-crypto/enums.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/exportCryptoKey.d.ts +7 -0
package/dist/types/src/nanotdf-crypto/exportCryptoKey.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/generateKeyPair.d.ts +10 -0
package/dist/types/src/nanotdf-crypto/generateKeyPair.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/generateRandomNumber.d.ts +5 -0
package/dist/types/src/nanotdf-crypto/generateRandomNumber.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/importRawKey.d.ts +13 -0
package/dist/types/src/nanotdf-crypto/importRawKey.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/index.d.ts +12 -0
package/dist/types/src/nanotdf-crypto/index.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/keyAgreement.d.ts +28 -0
package/dist/types/src/nanotdf-crypto/keyAgreement.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/pemPublicToCrypto.d.ts +28 -0
package/dist/types/src/nanotdf-crypto/pemPublicToCrypto.d.ts.map +1 -0
package/dist/types/src/policy/api.d.ts +4 -0
package/dist/types/src/policy/api.d.ts.map +1 -0
package/dist/types/src/policy/attributes.d.ts +95 -0
package/dist/types/src/policy/attributes.d.ts.map +1 -0
package/dist/types/src/policy/granter.d.ts +23 -0
package/dist/types/src/policy/granter.d.ts.map +1 -0
package/dist/types/src/tdf/AttributeObject.d.ts +13 -0
package/dist/types/src/tdf/AttributeObject.d.ts.map +1 -0
package/dist/types/src/tdf/AttributeObjectJwt.d.ts +4 -0
package/dist/types/src/tdf/AttributeObjectJwt.d.ts.map +1 -0
package/dist/types/src/tdf/Crypto.d.ts +37 -0
package/dist/types/src/tdf/Crypto.d.ts.map +1 -0
package/dist/types/src/tdf/EntityObject.d.ts +18 -0
package/dist/types/src/tdf/EntityObject.d.ts.map +1 -0
package/dist/types/src/tdf/NanoTDF/NanoTDF.d.ts +99 -0
package/dist/types/src/tdf/NanoTDF/NanoTDF.d.ts.map +1 -0
package/dist/types/src/tdf/Policy.d.ts +28 -0
package/dist/types/src/tdf/Policy.d.ts.map +1 -0
package/dist/types/src/tdf/PolicyObject.d.ts +11 -0
package/dist/types/src/tdf/PolicyObject.d.ts.map +1 -0
package/dist/types/src/tdf/TypedArray.d.ts +3 -0
package/dist/types/src/tdf/TypedArray.d.ts.map +1 -0
package/dist/types/src/tdf/index.d.ts +7 -0
package/dist/types/src/tdf/index.d.ts.map +1 -0
package/dist/types/src/types/index.d.ts +45 -0
package/dist/types/src/types/index.d.ts.map +1 -0
package/dist/types/src/utils.d.ts +45 -0
package/dist/types/src/utils.d.ts.map +1 -0
package/dist/types/src/version.d.ts +9 -0
package/dist/types/src/version.d.ts.map +1 -0
package/dist/types/tdf3/index.d.ts +16 -0
package/dist/types/tdf3/index.d.ts.map +1 -0
package/dist/types/tdf3/src/assertions.d.ts +63 -0
package/dist/types/tdf3/src/assertions.d.ts.map +1 -0
package/dist/types/tdf3/src/binary.d.ts +38 -0
package/dist/types/tdf3/src/binary.d.ts.map +1 -0
package/dist/types/tdf3/src/ciphers/aes-gcm-cipher.d.ts +18 -0
package/dist/types/tdf3/src/ciphers/aes-gcm-cipher.d.ts.map +1 -0
package/dist/types/tdf3/src/ciphers/algorithms.d.ts +4 -0
package/dist/types/tdf3/src/ciphers/algorithms.d.ts.map +1 -0
package/dist/types/tdf3/src/ciphers/index.d.ts +3 -0
package/dist/types/tdf3/src/ciphers/index.d.ts.map +1 -0
package/dist/types/tdf3/src/ciphers/symmetric-cipher-base.d.ts +14 -0
package/dist/types/tdf3/src/ciphers/symmetric-cipher-base.d.ts.map +1 -0
package/dist/types/tdf3/src/client/DecoratedReadableStream.d.ts +53 -0
package/dist/types/tdf3/src/client/DecoratedReadableStream.d.ts.map +1 -0
package/dist/types/tdf3/src/client/builders.d.ts +436 -0
package/dist/types/tdf3/src/client/builders.d.ts.map +1 -0
package/dist/types/tdf3/src/client/index.d.ts +139 -0
package/dist/types/tdf3/src/client/index.d.ts.map +1 -0
package/dist/types/tdf3/src/client/validation.d.ts +8 -0
package/dist/types/tdf3/src/client/validation.d.ts.map +1 -0
package/dist/types/tdf3/src/crypto/crypto-utils.d.ts +34 -0
package/dist/types/tdf3/src/crypto/crypto-utils.d.ts.map +1 -0
package/dist/types/tdf3/src/crypto/declarations.d.ts +60 -0
package/dist/types/tdf3/src/crypto/declarations.d.ts.map +1 -0
package/dist/types/tdf3/src/crypto/index.d.ts +103 -0
package/dist/types/tdf3/src/crypto/index.d.ts.map +1 -0
package/dist/types/tdf3/src/index.d.ts +5 -0
package/dist/types/tdf3/src/index.d.ts.map +1 -0
package/dist/types/tdf3/src/models/attribute-set.d.ts +65 -0
package/dist/types/tdf3/src/models/attribute-set.d.ts.map +1 -0
package/dist/types/tdf3/src/models/encryption-information.d.ts +49 -0
package/dist/types/tdf3/src/models/encryption-information.d.ts.map +1 -0
package/dist/types/tdf3/src/models/index.d.ts +9 -0
package/dist/types/tdf3/src/models/index.d.ts.map +1 -0
package/dist/types/tdf3/src/models/key-access.d.ts +42 -0
package/dist/types/tdf3/src/models/key-access.d.ts.map +1 -0
package/dist/types/tdf3/src/models/manifest.d.ts +9 -0
package/dist/types/tdf3/src/models/manifest.d.ts.map +1 -0
package/dist/types/tdf3/src/models/payload.d.ts +7 -0
package/dist/types/tdf3/src/models/payload.d.ts.map +1 -0
package/dist/types/tdf3/src/models/policy.d.ts +13 -0
package/dist/types/tdf3/src/models/policy.d.ts.map +1 -0
package/dist/types/tdf3/src/models/upsert-response.d.ts +16 -0
package/dist/types/tdf3/src/models/upsert-response.d.ts.map +1 -0
package/dist/types/tdf3/src/tdf.d.ts +152 -0
package/dist/types/tdf3/src/tdf.d.ts.map +1 -0
package/dist/types/tdf3/src/templates/default.html.d.ts +8 -0
package/dist/types/tdf3/src/templates/default.html.d.ts.map +1 -0
package/dist/types/tdf3/src/templates/escaper.d.ts +6 -0
package/dist/types/tdf3/src/templates/escaper.d.ts.map +1 -0
package/dist/types/tdf3/src/templates/index.d.ts +3 -0
package/dist/types/tdf3/src/templates/index.d.ts.map +1 -0
package/dist/types/tdf3/src/utils/buffer-crc32.d.ts +2 -0
package/dist/types/tdf3/src/utils/buffer-crc32.d.ts.map +1 -0
package/dist/types/tdf3/src/utils/chunkers.d.ts +29 -0
package/dist/types/tdf3/src/utils/chunkers.d.ts.map +1 -0
package/dist/types/tdf3/src/utils/index.d.ts +36 -0
package/dist/types/tdf3/src/utils/index.d.ts.map +1 -0
package/dist/types/tdf3/src/utils/keysplit.d.ts +19 -0
package/dist/types/tdf3/src/utils/keysplit.d.ts.map +1 -0
package/dist/types/tdf3/src/utils/zip-reader.d.ts +63 -0
package/dist/types/tdf3/src/utils/zip-reader.d.ts.map +1 -0
package/dist/types/tdf3/src/utils/zip-writer.d.ts +35 -0
package/dist/types/tdf3/src/utils/zip-writer.d.ts.map +1 -0
package/dist/types/tdf3/src/version.d.ts +3 -0
package/dist/types/tdf3/src/version.d.ts.map +1 -0
package/dist/web/package.json +3 -0
package/dist/web/src/access.js +147 -0
package/dist/web/src/auth/Eas.js +55 -0
package/dist/web/src/auth/auth.js +71 -0
package/dist/web/src/auth/oidc-clientcredentials-provider.js +22 -0
package/dist/web/src/auth/oidc-externaljwt-provider.js +29 -0
package/dist/web/src/auth/oidc-refreshtoken-provider.js +30 -0
package/dist/web/src/auth/oidc.js +215 -0
package/dist/web/src/auth/providers.js +119 -0
package/dist/web/src/encodings/base64.js +147 -0
package/dist/web/src/encodings/hex.js +63 -0
package/dist/web/src/encodings/index.js +3 -0
package/dist/web/src/errors.js +123 -0
package/dist/web/src/index.js +313 -0
package/dist/web/src/nanotdf/Client.js +268 -0
package/dist/web/src/nanotdf/NanoTDF.js +89 -0
package/dist/web/src/nanotdf/browser-entry.js +14 -0
package/dist/web/src/nanotdf/constants.js +2 -0
package/dist/web/src/nanotdf/decrypt.js +14 -0
package/dist/web/src/nanotdf/encrypt-dataset.js +32 -0
package/dist/web/src/nanotdf/encrypt.js +126 -0
package/dist/web/src/nanotdf/enum/CipherEnum.js +11 -0
package/dist/web/src/nanotdf/enum/CurveNameEnum.js +13 -0
package/dist/web/src/nanotdf/enum/EncodingEnum.js +6 -0
package/dist/web/src/nanotdf/enum/PolicyTypeEnum.js +9 -0
package/dist/web/src/nanotdf/enum/ProtocolEnum.js +8 -0
package/dist/web/src/nanotdf/enum/ResourceLocatorIdentifierEnum.js +9 -0
package/dist/web/src/nanotdf/helpers/calculateByCurve.js +24 -0
package/dist/web/src/nanotdf/helpers/getHkdfSalt.js +8 -0
package/dist/web/src/nanotdf/index.js +11 -0
package/dist/web/src/nanotdf/interfaces/PolicyInterface.js +2 -0
package/dist/web/src/nanotdf/models/Ciphers.js +54 -0
package/dist/web/src/nanotdf/models/DefaultParams.js +22 -0
package/dist/web/src/nanotdf/models/EcCurves.js +32 -0
package/dist/web/src/nanotdf/models/Header.js +250 -0
package/dist/web/src/nanotdf/models/Payload.js +156 -0
package/dist/web/src/nanotdf/models/Policy/AbstractPolicy.js +71 -0
package/dist/web/src/nanotdf/models/Policy/EmbeddedPolicy.js +77 -0
package/dist/web/src/nanotdf/models/Policy/PolicyFactory.js +33 -0
package/dist/web/src/nanotdf/models/Policy/RemotePolicy.js +57 -0
package/dist/web/src/nanotdf/models/ResourceLocator.js +206 -0
package/dist/web/src/nanotdf/models/Signature.js +74 -0
package/dist/web/src/nanotdf-crypto/ciphers.js +14 -0
package/dist/web/src/nanotdf-crypto/decrypt.js +21 -0
package/dist/web/src/nanotdf-crypto/digest.js +4 -0
package/dist/web/src/nanotdf-crypto/ecdsaSignature.js +77 -0
package/dist/web/src/nanotdf-crypto/encrypt.js +21 -0
package/dist/web/src/nanotdf-crypto/enums.js +49 -0
package/dist/web/src/nanotdf-crypto/exportCryptoKey.js +17 -0
package/dist/web/src/nanotdf-crypto/generateKeyPair.js +10 -0
package/dist/web/src/nanotdf-crypto/generateRandomNumber.js +9 -0
package/dist/web/src/nanotdf-crypto/importRawKey.js +15 -0
package/dist/web/src/nanotdf-crypto/index.js +12 -0
package/dist/web/src/nanotdf-crypto/keyAgreement.js +87 -0
package/dist/web/src/nanotdf-crypto/pemPublicToCrypto.js +197 -0
package/dist/web/src/policy/api.js +54 -0
package/dist/web/src/policy/attributes.js +2 -0
package/dist/web/src/policy/granter.js +141 -0
package/dist/web/src/tdf/AttributeObject.js +11 -0
package/dist/web/src/tdf/AttributeObjectJwt.js +2 -0
package/dist/web/src/tdf/Crypto.js +44 -0
package/dist/web/src/tdf/EntityObject.js +2 -0
package/dist/web/src/tdf/NanoTDF/NanoTDF.js +35 -0
package/dist/web/src/tdf/Policy.js +48 -0
package/dist/web/src/tdf/PolicyObject.js +2 -0
package/dist/web/src/tdf/TypedArray.js +2 -0
package/dist/web/src/tdf/index.js +4 -0
package/dist/web/src/types/index.js +2 -0
package/dist/web/src/utils.js +133 -0
package/dist/web/src/version.js +9 -0
package/dist/web/tdf3/index.js +13 -0
package/dist/web/tdf3/src/assertions.js +111 -0
package/dist/web/tdf3/src/binary.js +149 -0
package/dist/web/tdf3/src/ciphers/aes-gcm-cipher.js +52 -0
package/dist/web/tdf3/src/ciphers/algorithms.js +5 -0
package/dist/web/tdf3/src/ciphers/index.js +3 -0
package/dist/web/tdf3/src/ciphers/symmetric-cipher-base.js +18 -0
package/dist/web/tdf3/src/client/DecoratedReadableStream.js +107 -0
package/dist/web/tdf3/src/client/builders.js +557 -0
package/dist/web/tdf3/src/client/index.js +423 -0
package/dist/web/tdf3/src/client/validation.js +58 -0
package/dist/web/tdf3/src/crypto/crypto-utils.js +107 -0
package/dist/web/tdf3/src/crypto/declarations.js +5 -0
package/dist/web/tdf3/src/crypto/index.js +296 -0
package/dist/web/tdf3/src/index.js +5 -0
package/dist/web/tdf3/src/models/attribute-set.js +118 -0
package/dist/web/tdf3/src/models/encryption-information.js +86 -0
package/dist/web/tdf3/src/models/index.js +9 -0
package/dist/web/tdf3/src/models/key-access.js +74 -0
package/dist/web/tdf3/src/models/manifest.js +2 -0
package/dist/web/tdf3/src/models/payload.js +2 -0
package/dist/web/tdf3/src/models/policy.js +20 -0
package/dist/web/tdf3/src/models/upsert-response.js +2 -0
package/dist/web/tdf3/src/tdf.js +866 -0
package/dist/web/tdf3/src/templates/default.html.js +96 -0
package/dist/web/tdf3/src/templates/escaper.js +10 -0
package/dist/web/tdf3/src/templates/index.js +3 -0
package/dist/web/tdf3/src/utils/buffer-crc32.js +44 -0
package/dist/web/tdf3/src/utils/chunkers.js +96 -0
package/dist/web/tdf3/src/utils/index.js +248 -0
package/dist/web/tdf3/src/utils/keysplit.js +55 -0
package/dist/web/tdf3/src/utils/zip-reader.js +247 -0
package/dist/web/tdf3/src/utils/zip-writer.js +302 -0
package/dist/web/tdf3/src/version.js +3 -0
package/package.json +126 -0
package/src/access.ts +198 -0
package/src/auth/Eas.ts +79 -0
package/src/auth/auth.ts +141 -0
package/src/auth/oidc-clientcredentials-provider.ts +32 -0
package/src/auth/oidc-externaljwt-provider.ts +41 -0
package/src/auth/oidc-refreshtoken-provider.ts +41 -0
package/src/auth/oidc.ts +307 -0
package/src/auth/providers.ts +139 -0
package/src/encodings/base64.ts +160 -0
package/src/encodings/hex.ts +69 -0
package/src/encodings/index.ts +2 -0
package/src/errors.ts +113 -0
package/src/index.ts +441 -0
package/src/nanotdf/Client.ts +349 -0
package/src/nanotdf/NanoTDF.ts +121 -0
package/src/nanotdf/browser-entry.ts +20 -0
package/src/nanotdf/constants.ts +1 -0
package/src/nanotdf/decrypt.ts +19 -0
package/src/nanotdf/encrypt-dataset.ts +52 -0
package/src/nanotdf/encrypt.ts +197 -0
package/src/nanotdf/enum/CipherEnum.ts +10 -0
package/src/nanotdf/enum/CurveNameEnum.ts +12 -0
package/src/nanotdf/enum/EncodingEnum.ts +5 -0
package/src/nanotdf/enum/PolicyTypeEnum.ts +8 -0
package/src/nanotdf/enum/ProtocolEnum.ts +7 -0
package/src/nanotdf/enum/ResourceLocatorIdentifierEnum.ts +8 -0
package/src/nanotdf/helpers/calculateByCurve.ts +26 -0
package/src/nanotdf/helpers/getHkdfSalt.ts +15 -0
package/src/nanotdf/index.ts +10 -0
package/src/nanotdf/interfaces/PolicyInterface.ts +27 -0
package/src/nanotdf/models/Ciphers.ts +67 -0
package/src/nanotdf/models/DefaultParams.ts +24 -0
package/src/nanotdf/models/EcCurves.ts +40 -0
package/src/nanotdf/models/Header.ts +322 -0
package/src/nanotdf/models/Payload.ts +196 -0
package/src/nanotdf/models/Policy/AbstractPolicy.ts +90 -0
package/src/nanotdf/models/Policy/EmbeddedPolicy.ts +101 -0
package/src/nanotdf/models/Policy/PolicyFactory.ts +48 -0
package/src/nanotdf/models/Policy/RemotePolicy.ts +74 -0
package/src/nanotdf/models/ResourceLocator.ts +212 -0
package/src/nanotdf/models/Signature.ts +85 -0
package/src/nanotdf-crypto/ciphers.ts +13 -0
package/src/nanotdf-crypto/decrypt.ts +30 -0
package/src/nanotdf-crypto/digest.ts +8 -0
package/src/nanotdf-crypto/ecdsaSignature.ts +109 -0
package/src/nanotdf-crypto/encrypt.ts +30 -0
package/src/nanotdf-crypto/enums.ts +47 -0
package/src/nanotdf-crypto/exportCryptoKey.ts +17 -0
package/src/nanotdf-crypto/generateKeyPair.ts +19 -0
package/src/nanotdf-crypto/generateRandomNumber.ts +8 -0
package/src/nanotdf-crypto/importRawKey.ts +19 -0
package/src/nanotdf-crypto/index.ts +11 -0
package/src/nanotdf-crypto/keyAgreement.ts +139 -0
package/src/nanotdf-crypto/pemPublicToCrypto.ts +232 -0
package/src/package-lock.json +6 -0
package/src/package.json +3 -0
package/src/platform/authorization/authorization_connect.d.ts +44 -0
package/src/platform/authorization/authorization_connect.js +44 -0
package/src/platform/authorization/authorization_pb.d.ts +707 -0
package/src/platform/authorization/authorization_pb.js +372 -0
package/src/platform/common/common_pb.d.ts +129 -0
package/src/platform/common/common_pb.js +58 -0
package/src/platform/entityresolution/entity_resolution_connect.d.ts +35 -0
package/src/platform/entityresolution/entity_resolution_connect.js +35 -0
package/src/platform/entityresolution/entity_resolution_pb.d.ts +242 -0
package/src/platform/entityresolution/entity_resolution_pb.js +139 -0
package/src/platform/kas/kas_connect.d.ts +59 -0
package/src/platform/kas/kas_connect.js +59 -0
package/src/platform/kas/kas_pb.d.ts +200 -0
package/src/platform/kas/kas_pb.js +84 -0
package/src/platform/policy/attributes/attributes_connect.d.ts +168 -0
package/src/platform/policy/attributes/attributes_connect.js +168 -0
package/src/platform/policy/attributes/attributes_pb.d.ts +929 -0
package/src/platform/policy/attributes/attributes_pb.js +363 -0
package/src/platform/policy/kasregistry/key_access_server_registry_connect.d.ts +62 -0
package/src/platform/policy/kasregistry/key_access_server_registry_connect.js +62 -0
package/src/platform/policy/kasregistry/key_access_server_registry_pb.d.ts +283 -0
package/src/platform/policy/kasregistry/key_access_server_registry_pb.js +113 -0
package/src/platform/policy/namespaces/namespaces_connect.d.ts +62 -0
package/src/platform/policy/namespaces/namespaces_connect.js +62 -0
package/src/platform/policy/namespaces/namespaces_pb.d.ts +270 -0
package/src/platform/policy/namespaces/namespaces_pb.js +110 -0
package/src/platform/policy/objects_pb.d.ts +725 -0
package/src/platform/policy/objects_pb.js +288 -0
package/src/platform/policy/resourcemapping/resource_mapping_connect.d.ts +259 -0
package/src/platform/policy/resourcemapping/resource_mapping_connect.js +259 -0
package/src/platform/policy/resourcemapping/resource_mapping_pb.d.ts +314 -0
package/src/platform/policy/resourcemapping/resource_mapping_pb.js +142 -0
package/src/platform/policy/selectors_pb.d.ts +269 -0
package/src/platform/policy/selectors_pb.js +110 -0
package/src/platform/policy/subjectmapping/subject_mapping_connect.d.ts +118 -0
package/src/platform/policy/subjectmapping/subject_mapping_connect.js +118 -0
package/src/platform/policy/subjectmapping/subject_mapping_pb.d.ts +672 -0
package/src/platform/policy/subjectmapping/subject_mapping_pb.js +260 -0
package/src/platform/wellknownconfiguration/wellknown_configuration_connect.d.ts +26 -0
package/src/platform/wellknownconfiguration/wellknown_configuration_connect.js +26 -0
package/src/platform/wellknownconfiguration/wellknown_configuration_pb.d.ts +75 -0
package/src/platform/wellknownconfiguration/wellknown_configuration_pb.js +35 -0
package/src/policy/api.ts +61 -0
package/src/policy/attributes.ts +117 -0
package/src/policy/granter.ts +181 -0
package/src/tdf/AttributeObject.ts +27 -0
package/src/tdf/AttributeObjectJwt.ts +3 -0
package/src/tdf/Crypto.ts +42 -0
package/src/tdf/EntityObject.ts +18 -0
package/src/tdf/NanoTDF/NanoTDF.ts +120 -0
package/src/tdf/Policy.ts +51 -0
package/src/tdf/PolicyObject.ts +12 -0
package/src/tdf/TypedArray.ts +12 -0
package/src/tdf/index.ts +6 -0
package/src/types/index.ts +55 -0
package/src/utils.ts +149 -0
package/src/version.ts +9 -0
package/tdf3/index.ts +91 -0
package/tdf3/package-lock.json +6 -0
package/tdf3/package.json +3 -0
package/tdf3/src/assertions.ts +191 -0
package/tdf3/src/binary.ts +195 -0
package/tdf3/src/ciphers/aes-gcm-cipher.ts +76 -0
package/tdf3/src/ciphers/algorithms.ts +9 -0
package/tdf3/src/ciphers/index.ts +2 -0
package/tdf3/src/ciphers/symmetric-cipher-base.ts +38 -0
package/tdf3/src/client/DecoratedReadableStream.ts +148 -0
package/tdf3/src/client/builders.ts +701 -0
package/tdf3/src/client/index.ts +637 -0
package/tdf3/src/client/validation.ts +79 -0
package/tdf3/src/crypto/crypto-utils.ts +119 -0
package/tdf3/src/crypto/declarations.ts +89 -0
package/tdf3/src/crypto/index.ts +394 -0
package/tdf3/src/index.ts +4 -0
package/tdf3/src/models/attribute-set.ts +142 -0
package/tdf3/src/models/encryption-information.ts +172 -0
package/tdf3/src/models/index.ts +8 -0
package/tdf3/src/models/key-access.ts +128 -0
package/tdf3/src/models/manifest.ts +9 -0
package/tdf3/src/models/payload.ts +6 -0
package/tdf3/src/models/policy.ts +35 -0
package/tdf3/src/models/upsert-response.ts +17 -0
package/tdf3/src/tdf.ts +1351 -0
package/tdf3/src/templates/default.html.ts +105 -0
package/tdf3/src/templates/escaper.ts +10 -0
package/tdf3/src/templates/index.ts +2 -0
package/tdf3/src/utils/buffer-crc32.ts +46 -0
package/tdf3/src/utils/chunkers.ts +118 -0
package/tdf3/src/utils/index.ts +309 -0
package/tdf3/src/utils/keysplit.ts +63 -0
package/tdf3/src/utils/zip-reader.ts +341 -0
package/tdf3/src/utils/zip-writer.ts +375 -0
package/tdf3/src/version.ts +2 -0
package/tdf3/types.d.ts +14 -0

package/src/nanotdf/models/Header.ts ADDED Viewed

@@ -0,0 +1,322 @@
+// Models
+import { getBitLength } from './Ciphers.js';
+import ResourceLocator from './ResourceLocator.js';
+import PolicyFactory from './Policy/PolicyFactory.js';
+// Interfaces
+import PolicyInterface from '../interfaces/PolicyInterface.js';
+// Enum
+import CipherEnum from '../enum/CipherEnum.js';
+import CurveNameEnum from '../enum/CurveNameEnum.js';
+// Helpers
+import { lengthOfPublicKey } from '../helpers/calculateByCurve.js';
+import DefaultParams from './DefaultParams.js';
+import { ConfigurationError, InvalidFileError } from '../../errors.js';
+import { rstrip } from '../../utils.js';
+/**
+ * NanoTDF Header
+ *
+ * The header section is intended to be sent to a KAS and is used by the KAS to derive the decryption key that can
+ * decrypts the nanotdf's payload. The Header is structured as follows:
+ *
+ * | Section                | Minimum Length (B) | Maximum Length (B) |
+ * |------------------------|--------------------|--------------------|
+ * | Magic Number + Version | 3                  | 3                  |
+ * | KAS (resource locator) | 3                  | 257                |
+ * | ECC Mode               | 1                  | 1                  |
+ * | Payload + Sig Mode     | 1                  | 1                  |
+ * | Policy                 | 3                  | 257                |
+ * | Ephemeral Key          | 33                 | 67                 |
+ *
+ */
+export default class Header {
+  // Magic Number & Version
+  static readonly MAGIC_NUMBER_VERSION_BYTE_OFF = 0;
+  static readonly MAGIC_NUMBER_VERSION_BYTE_LEN = 3;
+  static readonly MAGIC_NUMBER_OFFSET = 0;
+  static readonly MAGIC_NUMBER_LENGTH = 18;
+  // ECC & Binding Mode
+  static readonly ECC_BINDING_MODE_BYTE_LEN = 1;
+  static readonly USE_ECDSA_BINDING_BIT_OFF = 0;
+  static readonly EPHEMERAL_ECC_CURVE_NAME_BIT_OFF = -3;
+  // Symmetric & Payload Config
+  static readonly SYMMETRIC_PAYLOAD_CONFIG_BYTE_LEN = 1;
+  static readonly HAS_SIGNATURE_BIT_OFF = 1;
+  static readonly HAS_SIGNATURE_BIT_LEN = 1;
+  static readonly SIGNATURE_ECC_CURVE_NAME_BIT_OFF = 1;
+  static readonly SIGNATURE_ECC_CURVE_NAME_BIT_LEN = 3;
+  static readonly SYMMETRIC_CIPHER_BIT_OFF = 4;
+  static readonly SYMMETRIC_CIPHER_BIT_LEN = 4;
+  // Magic Number & Version
+  public magicNumberVersion: Uint8Array = DefaultParams.magicNumberVersion;
+  // KAS Resource Locator
+  public kas: ResourceLocator;
+  // ECC & Binding Mode
+  public useECDSABinding: boolean = DefaultParams.ecdsaBinding;
+  public ephemeralCurveName: CurveNameEnum = DefaultParams.ephemeralCurveName;
+  // Symmetric & Payload Config
+  public hasSignature: boolean = DefaultParams.signature;
+  public signatureCurveName: CurveNameEnum = DefaultParams.signatureCurveName;
+  public symmetricCipher: CipherEnum = DefaultParams.symmetricCipher;
+  // Auth tag length (in bits) is not part of the spec, but is needed for decrypt
+  public authTagLength: number;
+  // Policy
+  public policy: PolicyInterface;
+  // Ephemeral Public Key
+  public ephemeralPublicKey: Uint8Array;
+  static parse(buff: Uint8Array) {
+    let offset = 0;
+    /**
+     * Magic number and version
+     *
+     * @link https://github.com/virtru/nanotdf/blob/master/spec/index.md#3311-magic-number--version
+     */
+    // Convert to ascii
+    const magicNumberVersion = buff.subarray(
+      Header.MAGIC_NUMBER_VERSION_BYTE_OFF,
+      Header.MAGIC_NUMBER_VERSION_BYTE_LEN
+    );
+    offset += Header.MAGIC_NUMBER_VERSION_BYTE_LEN;
+    /**
+     * KAS Resource Locator
+     *
+     * KAS is a typeof Resource Locator
+     *
+     * @link https://github.com/virtru/nanotdf/blob/master/spec/index.md#3312-kas
+     * @link https://github.com/virtru/nanotdf/blob/master/spec/index.md#341-resource-locator
+     */
+    const kas = ResourceLocator.parse(buff.subarray(offset));
+    offset += kas.length;
+    /**
+     * ECC & Binding Mode
+     *
+     * This section contains a 1-byte bitfield describing the ECC Params and Policy binding strategy to use.
+     * The Policy Binding strategy is either using a 64-bit GMAC (using AES-256-GCM) tag or an ECDSA signature.
+     * The signature size depends on the size of ECC Params used. The nanotdf at this time only supports methods that
+     * involve Elliptic Curve Cryptography. The fields are structured as follows:
+     *
+     * | Section                   | Bit Length | Bit start index |
+     * |---------------------------|------------|-----------------|
+     * | USE_ECDSA_BINDING         | 1          | 7               |
+     * | UNUSED                    | 4          | 3               |
+     * | Ephemeral ECC Params Enum | 3          | 0               |
+     *
+     * @link https://github.com/virtru/nanotdf/blob/master/spec/index.md#3313-ecc-and-binding-mode
+     */
+    const eccBindingModeDV = buff.subarray(offset, offset + Header.ECC_BINDING_MODE_BYTE_LEN);
+    const useECDSABinding = eccBindingModeDV[0] >> 7 === 1; // Last bit
+    const ephemeralCurveName = eccBindingModeDV[0] & 0x7; // First 3 bits
+    offset += Header.ECC_BINDING_MODE_BYTE_LEN;
+    /**
+     * Symmetric & payload config
+     *
+     * This section contains a 1 byte data structure composed of bitfields that describe the symmetric ciphers for
+     * encrypted payloads. This cipher applies to both the Payload and the Policy of the nanotdf. The fields are as
+     * follows:
+     *
+     * | Section               | Bit Length | Bit start index |
+     * |-----------------------|------------|-----------------|
+     * | HAS_SIGNATURE         | 1          | 7               |
+     * | Signature ECC Mode    | 3          | 4               |
+     * | Symmetric Cipher Enum | 4          | 0               |
+     *
+     * @link https://github.com/virtru/nanotdf/blob/master/spec/index.md#3314-symmetric-and-payload-config
+     */
+    const symmetricPayloadDV = buff.subarray(offset, offset + Header.ECC_BINDING_MODE_BYTE_LEN);
+    const hasSignature = symmetricPayloadDV[0] >> 7 === 1; // Last bit
+    const signatureCurveName = (symmetricPayloadDV[0] >> 4) & 0x7; // Middle 3 bits
+    const symmetricCipher = symmetricPayloadDV[0] & 0xf; // First 4 bits
+    offset += Header.SYMMETRIC_PAYLOAD_CONFIG_BYTE_LEN;
+    /**
+     * Policy
+     *
+     * This section contains a Policy object. The data contained in the Policy allows for definition flexible
+     * definitions of a policy including a policy by reference, or an embedded policy. Refer to the Policy object's
+     * definition in Section 3.4.2
+     *
+     * The structure of the Policy is as follows:
+     *
+     * | Section   | Minimum Length (B) | Maximum Length (B) |
+     * |-----------|--------------------|--------------------|
+     * | Type Enum | 1                  | 1                  |
+     * | Body      | 3                  | 257                |
+     * | Binding   | 8                  | 132                |
+     *
+     * @link https://github.com/virtru/nanotdf/blob/master/spec/index.md#3315-policy
+     * @link https://github.com/virtru/nanotdf/blob/master/spec/index.md#342-policy
+     */
+    const { policy, offset: nextOffset } = PolicyFactory.parse(
+      buff.subarray(offset),
+      useECDSABinding,
+      ephemeralCurveName
+    );
+    offset += nextOffset;
+    /**
+     * Ephemeral public key
+     *
+     * This section contains a Key object. The size of the key is determined by the Encryption Method Section.
+     *
+     * @link https://github.com/virtru/nanotdf/blob/master/spec/index.md#3316-key
+     */
+    // TODO: Resolve where offset isn't adding 1 byte
+    const ephemeralPublicKeyLength = lengthOfPublicKey(ephemeralCurveName) + 1;
+    const ephemeralPublicKey = buff.subarray(offset, offset + ephemeralPublicKeyLength);
+    offset += ephemeralPublicKeyLength;
+    // Check if the ephemeral public key length is not the same length
+    if (ephemeralPublicKey.byteLength !== ephemeralPublicKeyLength) {
+      throw new InvalidFileError('nanotdf parse failure: public key read failure');
+    }
+    const header = new Header(
+      magicNumberVersion,
+      kas,
+      useECDSABinding,
+      ephemeralCurveName,
+      hasSignature,
+      signatureCurveName,
+      symmetricCipher,
+      policy,
+      ephemeralPublicKey
+    );
+    return {
+      header,
+      offset,
+    };
+  }
+  //Ephemeral Public Key
+  // protected _ephemeralPublicKey: string | null = null;
+  constructor(
+    magicNumberVersion: Uint8Array,
+    kas: ResourceLocator,
+    useECDSABinding: boolean,
+    ephemeralCurveName: CurveNameEnum,
+    hasSignature: boolean,
+    signatureCurveName: CurveNameEnum,
+    symmetricCipher: CipherEnum,
+    policy: PolicyInterface,
+    ephemeralPublicKey: Uint8Array
+  ) {
+    this.magicNumberVersion = magicNumberVersion;
+    this.kas = kas;
+    this.useECDSABinding = useECDSABinding;
+    this.ephemeralCurveName = ephemeralCurveName;
+    this.hasSignature = hasSignature;
+    this.signatureCurveName = signatureCurveName;
+    this.symmetricCipher = symmetricCipher;
+    this.policy = policy;
+    this.ephemeralPublicKey = ephemeralPublicKey;
+    // Auth tag length in bits (i.e. AES GCM 64 bit)
+    this.authTagLength = getBitLength(this.symmetricCipher);
+  }
+  /**
+   * Copy the contents of the header to buffer
+   */
+  copyToBuffer(target: Uint8Array): void {
+    if (this.length > target.length) {
+      throw new InvalidFileError('invalid buffer size to copy tdf header');
+    }
+    let offset = 0;
+    // Write Magic number and version
+    target.set(this.magicNumberVersion, 0);
+    offset += this.magicNumberVersion.length;
+    // Write kas resource locator
+    const kasResourceLocatorBuf = this.kas.toBuffer();
+    target.set(kasResourceLocatorBuf, offset);
+    offset += kasResourceLocatorBuf.length;
+    // Write ECC & Binding Mode
+    const ecdsaBinding = this.useECDSABinding ? 1 : 0;
+    const eccBingingMode = (ecdsaBinding << 7) | this.ephemeralCurveName;
+    const eccBingingModeAsByte = new Uint8Array(1);
+    eccBingingModeAsByte[0] = eccBingingMode;
+    target.set(eccBingingModeAsByte, offset);
+    offset += eccBingingModeAsByte.length;
+    // Write symmetric & payload config
+    const isSignatureEnable = this.hasSignature ? 1 : 0;
+    const symmetricPayloadConfig =
+      (isSignatureEnable << 7) | this.signatureCurveName | this.symmetricCipher;
+    const symmetricPayloadConfigAsByte = new Uint8Array(1);
+    symmetricPayloadConfigAsByte[0] = symmetricPayloadConfig;
+    target.set(symmetricPayloadConfigAsByte, offset);
+    offset += symmetricPayloadConfigAsByte.length;
+    // Write the policy
+    const policyBuffer = this.policy.toBuffer();
+    target.set(policyBuffer, offset);
+    offset += policyBuffer.length;
+    // Write the ephemeral public key
+    target.set(this.ephemeralPublicKey, offset);
+  }
+  /**
+   * Length
+   *
+   * @returns { number } Length of header
+   */
+  get length(): number {
+    return (
+      // Length of the magic number and version
+      this.magicNumberVersion.length +
+      // Length of the KAS resource locator
+      this.kas.length +
+      // ECC & Binding Mode - 1 Bytes
+      1 +
+      // symmetric & payload config - 1 Bytes
+      1 +
+      // Length of the policy
+      this.policy.getLength() +
+      // Length of the ephemeral public key
+      this.ephemeralPublicKey.length
+    );
+  }
+  /**
+   * Return nanoTDF header as buffer
+   *
+   * Warning: This method will allocate memory of length of the header, use
+   * copyToBuffer() when copy is not needed.
+   */
+  toBuffer(): ArrayBuffer {
+    const arrayBuffer = new ArrayBuffer(this.length);
+    const target = new Uint8Array(arrayBuffer);
+    this.copyToBuffer(target);
+    return arrayBuffer;
+  }
+  /**
+   * Get KAS Rewrap URL
+   */
+  getKasRewrapUrl(): string {
+    try {
+      return `${rstrip(this.kas.url, '/')}/v2/rewrap`;
+    } catch (e) {
+      throw new ConfigurationError(`cannot construct KAS Rewrap URL: ${e.message}`);
+    }
+  }
+}

package/src/nanotdf/models/Payload.ts ADDED Viewed

@@ -0,0 +1,196 @@
+import Header from './Header.js';
+import { getBitLength } from './Ciphers.js';
+import { ConfigurationError, InvalidFileError } from '../../errors.js';
+/**
+ * Payload
+ *
+ * The payload section of the nanotdf contains the ciphertext that is protected by the policy defined in the Header.
+ * The structure of the Payload is as follows:
+ *
+ * | Section               | Minimum Length (B) | Maximum Length (B) |
+ * |-----------------------|--------------------|--------------------|
+ * | Length                | 3                  | 3                  |
+ * | IV                    | 3                  | 3                  |
+ * | Ciphertext            | 0                  | 16777204           |
+ * | Payload MAC (AuthTag) | 8                  | 32                 |
+ */
+export default class Payload {
+  static LENGTH_LEN = 3;
+  static IV_LEN = 3;
+  static MIN_LENGTH = 11;
+  static MAX_NANO_TDF_ENCRYPT_PAYLOAD_SIZE = 16777216; // 3 bytes unsigned int.
+  public iv: Uint8Array;
+  public ciphertext: Uint8Array;
+  public authTag: Uint8Array;
+  public ciphertextWithAuthTag: Uint8Array;
+  /**
+   * Parse the payload
+   *
+   * Returns a new Payload object and the next offset
+   *
+   * @param buff Uint8Array
+   */
+  static parse(
+    header: Header,
+    buff: Uint8Array,
+    legacyTDF = false
+  ): { payload: Payload; offset: number } {
+    let offset = 0;
+    const authTagByteLength = getBitLength(header.symmetricCipher) / 8;
+    /**
+     * Length
+     *
+     * This 3 byte unsigned integer dictates the length of the subsequent ciphertext section.
+     *
+     * NOTE: it includes the IV + Ciphertext + Auth Tag. To get the Auth Tag length you have to subtract the other
+     * lengths
+     */
+    // TODO: This will not work in Big Endian host environments
+    const length = (buff[offset] << 16) + (buff[offset + 1] << 8) + buff[offset + 2];
+    const ciphertextLength = length - Payload.IV_LEN - authTagByteLength;
+    offset += Payload.LENGTH_LEN;
+    const inRange = length >= this.MIN_LENGTH && length <= this.MAX_NANO_TDF_ENCRYPT_PAYLOAD_SIZE;
+    if (!inRange) {
+      throw new InvalidFileError('nanotdf parse failure: Payload Length Out Of Range');
+    }
+    /**
+     * Parse IV
+     *
+     * The IV used for encryption. This value is a byte array containing the IV. This IV must never be reused with the
+     * same symmetric key. Also, to support an extremely compacted version of the nanotdf the IV value 00 00 00 is
+     * reserved for use with an encrypted policy.
+     */
+    let iv = buff.subarray(offset, offset + Payload.IV_LEN);
+    offset += Payload.IV_LEN;
+    if (iv.byteLength != 3) {
+      throw new InvalidFileError('nanotdf parse failure: Invalid Payload Length');
+    }
+    if (!legacyTDF) {
+      const actuallIV = new Uint8Array(12).fill(0);
+      // The the iv from payload to lower-order bits
+      actuallIV.set(iv, 9);
+      // update the iv
+      iv = actuallIV;
+    }
+    /**
+     * Parse Ciphertext w/ Auth Tag
+     */
+    const ciphertextWithAuthTag = buff.subarray(
+      offset,
+      offset + ciphertextLength + authTagByteLength
+    );
+    if (ciphertextWithAuthTag.byteLength + Payload.LENGTH_LEN !== length) {
+      throw new InvalidFileError('nanotdf parse failure: Invalid Payload Length');
+    }
+    /**
+     * Parse Ciphertext
+     *
+     * The byte array of the ciphertext that is protected in the nanotdf. The encryption method used to create or decrypt
+     * the ciphertext is defined in the Key Access object in the header.
+     */
+    const ciphertext = buff.subarray(offset, offset + ciphertextLength);
+    offset += ciphertextLength;
+    /**
+     * Auth Tag
+     *
+     * GMAC = 8 byte
+     * ECDSA = size of curve
+     *
+     * The MAC of the payload. The Size of this MAC is determined by the Encryption Method Enum used in the Symmetric and
+     * Payload Config object in the header.
+     *
+     * @link https://github.com/virtru/nanotdf/blob/master/spec/index.md#3314-symmetric-and-payload-config
+     */
+    const authTag = buff.subarray(offset, offset + authTagByteLength);
+    offset += authTagByteLength;
+    return {
+      payload: new Payload(iv, ciphertext, authTag, ciphertextWithAuthTag),
+      offset,
+    };
+  }
+  constructor(
+    iv: Uint8Array,
+    ciphertext: Uint8Array,
+    authTag: Uint8Array,
+    ciphertextWithAuthTag?: Uint8Array
+  ) {
+    this.iv = iv;
+    this.ciphertext = ciphertext;
+    this.authTag = authTag;
+    // If ciphertextWithAuthTag is not set then combine it
+    // Ideally it is set so an additional buffer is not needed
+    if (ciphertextWithAuthTag === undefined) {
+      this.ciphertextWithAuthTag = new Uint8Array(ciphertext.length + authTag.length);
+      this.ciphertextWithAuthTag.set(ciphertext);
+      this.ciphertextWithAuthTag.set(authTag, ciphertext.length);
+    } else {
+      this.ciphertextWithAuthTag = ciphertextWithAuthTag;
+    }
+  }
+  /**
+   * Length
+   *
+   * @returns { number } Length of signature
+   */
+  get length(): number {
+    return (
+      // Bytes(3) to hold the length of the payload
+      3 +
+      // Length of the IV
+      this.iv.length +
+      // Length of the ciphertext
+      this.ciphertext.length +
+      // Length of the auth tag
+      this.authTag.length
+    );
+  }
+  /**
+   * Copy the contents of the signature to buffer
+   */
+  copyToBuffer(target: Uint8Array): void {
+    if (this.length > target.length) {
+      throw new Error('internal: invalid buffer size to copy payload');
+    }
+    const lengthOfEncryptedPayload = this.iv.length + this.ciphertext.length + this.authTag.length;
+    if (lengthOfEncryptedPayload > Payload.MAX_NANO_TDF_ENCRYPT_PAYLOAD_SIZE) {
+      throw new ConfigurationError("TDF encrypted payload can't be more that 2^24");
+    }
+    const lengthAsUint32 = new Uint32Array(1);
+    lengthAsUint32[0] = lengthOfEncryptedPayload;
+    const lengthAsUint24 = new Uint8Array(lengthAsUint32.buffer);
+    // NOTE: We are only interested in only first 3 bytes.
+    const payloadSizeAsBg = new Uint8Array(3);
+    payloadSizeAsBg[0] = lengthAsUint24[2];
+    payloadSizeAsBg[1] = lengthAsUint24[1];
+    payloadSizeAsBg[2] = lengthAsUint24[0];
+    target.set(payloadSizeAsBg, 0);
+    target.set(this.iv, payloadSizeAsBg.length);
+    target.set(this.ciphertext, payloadSizeAsBg.length + this.iv.length);
+    target.set(this.authTag, payloadSizeAsBg.length + this.iv.length + this.ciphertext.length);
+  }
+}

package/src/nanotdf/models/Policy/AbstractPolicy.ts ADDED Viewed

@@ -0,0 +1,90 @@
+import PolicyInterface from '../../interfaces/PolicyInterface.js';
+import PolicyType from '../../enum/PolicyTypeEnum.js';
+import { ConfigurationError } from '../../../errors.js';
+abstract class AbstractPolicy implements PolicyInterface {
+  static readonly TYPE_BYTE_OFF = 0;
+  static readonly TYPE_BYTE_LEN = 1;
+  static readonly BODY_BYTE_OFF = 1;
+  static readonly BODY_BYTE_MIN_LEN = 3;
+  static readonly BODY_BYTE_MAX_LEN = 257;
+  static readonly BINDING_BYTE_MIN_LEN = 8;
+  static readonly BINDING_BYTE_MAX_LEN = 132;
+  static readonly SIZE_OF_LENGTH_FIELD = 1; // 1 byte for each length field (R and S)
+  static readonly GMAC_BINDING_LEN = 8;
+  readonly type: PolicyType;
+  readonly binding: Uint8Array;
+  // Static methods can't be defined in an interface
+  static parse(
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    buff: Uint8Array,
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    useECDSABinding: boolean,
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    type?: PolicyType
+  ): { policy: PolicyInterface; offset: number } {
+    throw new ConfigurationError('parsePolicy was not implemented');
+  }
+  constructor(type: PolicyType, binding: Uint8Array) {
+    this.type = type;
+    this.binding = binding;
+  }
+  /**
+   * Length of policy
+   */
+  getLength(): number | never {
+    throw new ConfigurationError('length was not implemented');
+  }
+  /**
+   * Return the content of the policy
+   */
+  toBuffer(): Uint8Array | never {
+    throw new ConfigurationError('toBuffer() was not implemented');
+  }
+  /**
+   * Parses an ECDSA binding from a given buffer.
+   *
+   * @param {Uint8Array} buff - The buffer containing the ECDSA binding.
+   * @returns {{ bindingLength: number; binding: Uint8Array }} - An object containing the binding length and the binding subarray.
+   */
+  static parseECDSABinding(buff: Uint8Array): { bindingLength: number; binding: Uint8Array } {
+    const lengthOfR = buff[0];
+    const lengthOfS = buff[this.SIZE_OF_LENGTH_FIELD + lengthOfR];
+    const bindingLength =
+      this.SIZE_OF_LENGTH_FIELD + lengthOfR + this.SIZE_OF_LENGTH_FIELD + lengthOfS;
+    const binding = buff.subarray(0, bindingLength);
+    return { bindingLength, binding };
+  }
+  /**
+   * Parses a binding from a given buffer based on the specified binding type.
+   *
+   * @param {Uint8Array} buff - The buffer containing the binding.
+   * @param {boolean} useEcdsaBinding - Flag indicating whether to use ECDSA binding.
+   * @param {number} offset - The starting offset in the buffer.
+   * @returns {{ binding: Uint8Array; newOffset: number }} - An object containing the binding and the new offset.
+   */
+  static parseBinding(
+    buff: Uint8Array,
+    useEcdsaBinding: boolean,
+    offset: number
+  ): { binding: Uint8Array; newOffset: number } {
+    if (useEcdsaBinding) {
+      const ecdsaBinding = this.parseECDSABinding(buff.subarray(offset));
+      return { binding: ecdsaBinding.binding, newOffset: offset + ecdsaBinding.bindingLength };
+    } else {
+      const binding = buff.subarray(offset, offset + this.GMAC_BINDING_LEN);
+      return { binding, newOffset: offset + this.GMAC_BINDING_LEN };
+    }
+  }
+}
+export default AbstractPolicy;