@storacha/encrypt-upload-client 1.1.76-rc.0 → 1.1.76-rc.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/core/metadata/encrypted-metadata.d.ts +12 -13
- package/dist/core/metadata/encrypted-metadata.d.ts.map +1 -1
- package/dist/core/metadata/encrypted-metadata.js +16 -3
- package/dist/crypto/adapters/kms-crypto-adapter.d.ts +156 -172
- package/dist/crypto/adapters/kms-crypto-adapter.d.ts.map +1 -1
- package/dist/crypto/adapters/kms-crypto-adapter.js +30 -5
- package/dist/crypto/adapters/lit-crypto-adapter.d.ts +13 -0
- package/dist/crypto/adapters/lit-crypto-adapter.d.ts.map +1 -1
- package/dist/crypto/adapters/lit-crypto-adapter.js +15 -1
- package/dist/handlers/decrypt-handler.d.ts +4 -29
- package/dist/handlers/decrypt-handler.d.ts.map +1 -1
- package/dist/handlers/decrypt-handler.js +5 -85
- package/dist/tsconfig.spec.tsbuildinfo +1 -1
- package/dist/types.d.ts +4 -0
- package/dist/types.d.ts.map +1 -1
- package/dist/utils/decrypt.d.ts +24 -0
- package/dist/utils/decrypt.d.ts.map +1 -0
- package/dist/utils/decrypt.js +108 -0
- package/package.json +8 -4
|
@@ -1,13 +1,12 @@
|
|
|
1
|
-
export function extract(archive: Uint8Array): any
|
|
2
|
-
export function
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
):
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
import * as
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
//# sourceMappingURL=encrypted-metadata.d.ts.map
|
|
1
|
+
export function extract(archive: Uint8Array): Types.Result<any>;
|
|
2
|
+
export function view({ root }: {
|
|
3
|
+
root: Types.IPLDBlock;
|
|
4
|
+
}): Types.Result<any>;
|
|
5
|
+
export function create(strategy: "lit" | "kms", data: any): Types.LitMetadataView | Types.KMSMetadataView;
|
|
6
|
+
export function getSupportedVersions(): string[];
|
|
7
|
+
export function isVersionSupported(version: string): boolean;
|
|
8
|
+
import type * as Types from '../../types.js';
|
|
9
|
+
import * as LitMetadata from './lit-metadata.js';
|
|
10
|
+
import * as KMSMetadata from './kms-metadata.js';
|
|
11
|
+
export { LitMetadata, KMSMetadata };
|
|
12
|
+
//# sourceMappingURL=encrypted-metadata.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"encrypted-metadata.d.ts","sourceRoot":"","sources":["../../../src/core/metadata/encrypted-metadata.js"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"encrypted-metadata.d.ts","sourceRoot":"","sources":["../../../src/core/metadata/encrypted-metadata.js"],"names":[],"mappings":"AA2BO,iCAHI,UAAU,GACR,aAAa,GAAG,CAAC,CAkB7B;AASM,+BAHJ;IAAgC,IAAI,EAA5B,eAAe;CACvB,GAAU,aAAa,GAAG,CAAC,CAgB7B;AAQM,iCAHI,KAAK,GAAG,KAAK,QACb,GAAG,iDAWb;AAKM,iDAAuD;AAOvD,4CAFI,MAAM,WAEgD;4BAlFtC,gBAAgB;6BAPd,mBAAmB;6BACnB,mBAAmB"}
|
|
@@ -8,6 +8,9 @@ import * as KMSMetadata from './kms-metadata.js';
|
|
|
8
8
|
import { CAR, error } from '@ucanto/core';
|
|
9
9
|
import * as dagCBOR from '@ipld/dag-cbor';
|
|
10
10
|
import { UnknownFormat } from '../errors.js';
|
|
11
|
+
/**
|
|
12
|
+
* @import * as Types from '../../types.js'
|
|
13
|
+
*/
|
|
11
14
|
const FORMATS = {
|
|
12
15
|
[LitMetadata.version]: LitMetadata, // 'encrypted-metadata@0.1'
|
|
13
16
|
[KMSMetadata.version]: KMSMetadata, // 'encrypted-metadata@0.2'
|
|
@@ -16,7 +19,7 @@ const FORMATS = {
|
|
|
16
19
|
* Universal extract function - tries each registered format
|
|
17
20
|
*
|
|
18
21
|
* @param {Uint8Array} archive
|
|
19
|
-
* @returns {any}
|
|
22
|
+
* @returns {Types.Result<any>}
|
|
20
23
|
*/
|
|
21
24
|
export const extract = (archive) => {
|
|
22
25
|
// Decode CAR to check version
|
|
@@ -28,12 +31,22 @@ export const extract = (archive) => {
|
|
|
28
31
|
if (code !== dagCBOR.code) {
|
|
29
32
|
return error(new UnknownFormat(`unexpected root CID codec: 0x${code.toString(16)}`));
|
|
30
33
|
}
|
|
34
|
+
return view({ root: roots[0] });
|
|
35
|
+
};
|
|
36
|
+
/**
|
|
37
|
+
* Universal view function - tries each registered format
|
|
38
|
+
*
|
|
39
|
+
* @param {object} source
|
|
40
|
+
* @param {Types.IPLDBlock} source.root
|
|
41
|
+
* @returns {Types.Result<any>}
|
|
42
|
+
*/
|
|
43
|
+
export const view = ({ root }) => {
|
|
31
44
|
// Check which version this metadata uses
|
|
32
|
-
const value = dagCBOR.decode(
|
|
45
|
+
const value = dagCBOR.decode(root.bytes);
|
|
33
46
|
for (const [version, formatModule] of Object.entries(FORMATS)) {
|
|
34
47
|
if (value && typeof value === 'object' && version in value) {
|
|
35
48
|
// Found matching version, delegate to specific format module
|
|
36
|
-
return formatModule.
|
|
49
|
+
return formatModule.view({ root });
|
|
37
50
|
}
|
|
38
51
|
}
|
|
39
52
|
return error(new UnknownFormat('Unknown metadata format - no matching version found'));
|
|
@@ -7,176 +7,160 @@
|
|
|
7
7
|
* @implements {Type.CryptoAdapter}
|
|
8
8
|
*/
|
|
9
9
|
export class KMSCryptoAdapter implements Type.CryptoAdapter {
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
encryptedData: ReadableStream,
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
): Promise<Uint8Array>
|
|
165
|
-
/**
|
|
166
|
-
* Convert PEM-encoded public key to ArrayBuffer for Web Crypto API
|
|
167
|
-
*
|
|
168
|
-
* @param {string} pem - PEM-encoded public key string
|
|
169
|
-
* @returns {ArrayBuffer} - DER-encoded key data for crypto.subtle.importKey()
|
|
170
|
-
*/
|
|
171
|
-
pemToArrayBuffer(pem: string): ArrayBuffer
|
|
172
|
-
newKeyManagerServiceConnection(): import('@ucanto/interface').ConnectionView<any>
|
|
173
|
-
/**
|
|
174
|
-
* Sanitize the space DID for the KMS key ID
|
|
175
|
-
*
|
|
176
|
-
* @param {Type.SpaceDID} spaceDID
|
|
177
|
-
* @returns {string}
|
|
178
|
-
*/
|
|
179
|
-
sanitizeSpaceDIDForKMSKeyId(spaceDID: Type.SpaceDID): string
|
|
10
|
+
/**
|
|
11
|
+
* Create a new KMS crypto adapter
|
|
12
|
+
*
|
|
13
|
+
* @param {Type.SymmetricCrypto} symmetricCrypto - The symmetric crypto implementation (browser or node)
|
|
14
|
+
* @param {URL|string} keyManagerServiceURL - The key manager service URL
|
|
15
|
+
* @param {`did:${string}:${string}`} keyManagerServiceDID - The key manager service DID
|
|
16
|
+
* @param {object} [options] - Optional configuration
|
|
17
|
+
* @param {boolean} [options.allowInsecureHttp] - Allow HTTP for testing (NOT for production)
|
|
18
|
+
*/
|
|
19
|
+
constructor(symmetricCrypto: Type.SymmetricCrypto, keyManagerServiceURL: URL | string, keyManagerServiceDID: `did:${string}:${string}`, options?: {
|
|
20
|
+
allowInsecureHttp?: boolean | undefined;
|
|
21
|
+
});
|
|
22
|
+
/** @type {Map<Type.SpaceDID, { publicKey: string, provider: string, algorithm: string }>} */
|
|
23
|
+
_cachedPublicKeys: Map<Type.SpaceDID, {
|
|
24
|
+
publicKey: string;
|
|
25
|
+
provider: string;
|
|
26
|
+
algorithm: string;
|
|
27
|
+
}>;
|
|
28
|
+
symmetricCrypto: Type.SymmetricCrypto;
|
|
29
|
+
keyManagerServiceURL: URL;
|
|
30
|
+
keyManagerServiceDID: import("@ucanto/client").PrincipalView<`did:${string}:${string}`>;
|
|
31
|
+
/**
|
|
32
|
+
* Encrypt a stream of data using the symmetric crypto
|
|
33
|
+
*
|
|
34
|
+
* @param {Type.BlobLike} data
|
|
35
|
+
*/
|
|
36
|
+
encryptStream(data: Type.BlobLike): Promise<Type.EncryptOutput>;
|
|
37
|
+
/**
|
|
38
|
+
* Decrypt a stream of data using the symmetric crypto
|
|
39
|
+
*
|
|
40
|
+
* @param {ReadableStream} encryptedData
|
|
41
|
+
* @param {Uint8Array} key
|
|
42
|
+
* @param {Uint8Array} iv
|
|
43
|
+
*/
|
|
44
|
+
decryptStream(encryptedData: ReadableStream, key: Uint8Array, iv: Uint8Array): Promise<ReadableStream<any>>;
|
|
45
|
+
/**
|
|
46
|
+
* Encrypt a symmetric key using the KMS
|
|
47
|
+
*
|
|
48
|
+
* @param {Uint8Array} key
|
|
49
|
+
* @param {Uint8Array} iv
|
|
50
|
+
* @param {Type.EncryptionConfig} encryptionConfig
|
|
51
|
+
* @returns {Promise<Type.EncryptedKeyResult>}
|
|
52
|
+
*/
|
|
53
|
+
encryptSymmetricKey(key: Uint8Array, iv: Uint8Array, encryptionConfig: Type.EncryptionConfig): Promise<Type.EncryptedKeyResult>;
|
|
54
|
+
/**
|
|
55
|
+
* @param {string} encryptedKey
|
|
56
|
+
* @param {object} configs
|
|
57
|
+
* @param {Type.DecryptionConfig} configs.decryptionConfig
|
|
58
|
+
* @param {Type.ExtractedMetadata} configs.metadata
|
|
59
|
+
* @param {Type.AnyLink} configs.resourceCID
|
|
60
|
+
* @param {import('@storacha/client/types').Signer<import('@storacha/client/types').DID, import('@storacha/client/types').SigAlg>} configs.issuer
|
|
61
|
+
* @param {import('@storacha/client/types').DID} configs.audience
|
|
62
|
+
*/
|
|
63
|
+
decryptSymmetricKey(encryptedKey: string, configs: {
|
|
64
|
+
decryptionConfig: Type.DecryptionConfig;
|
|
65
|
+
metadata: Type.ExtractedMetadata;
|
|
66
|
+
resourceCID: Type.AnyLink;
|
|
67
|
+
issuer: import("@storacha/client/types").Signer<import("@storacha/client/types").DID, import("@storacha/client/types").SigAlg>;
|
|
68
|
+
audience: import("@storacha/client/types").DID;
|
|
69
|
+
}): Promise<{
|
|
70
|
+
key: Uint8Array;
|
|
71
|
+
iv: Uint8Array;
|
|
72
|
+
}>;
|
|
73
|
+
/**
|
|
74
|
+
* Get decrypted symmetric key in base64 string from KMS via private gateway
|
|
75
|
+
*
|
|
76
|
+
* @param {string} encryptedSymmetricKey - The encrypted symmetric key (base64-encoded)
|
|
77
|
+
* @param {Type.SpaceDID} spaceDID - The space DID
|
|
78
|
+
* @param {import('@ucanto/interface').Proof} decryptionProof - The decryption delegation proof
|
|
79
|
+
* @param {import('@ucanto/interface').Proof[]} proofs - The proofs to access the space
|
|
80
|
+
* @param {import('@storacha/client/types').Signer<import('@storacha/client/types').DID, import('@storacha/client/types').SigAlg>} issuer - The issuer
|
|
81
|
+
* @returns {Promise<{decryptedSymmetricKey: string}>} - The decrypted symmetric key (base64-encoded)
|
|
82
|
+
*/
|
|
83
|
+
getDecryptedSymmetricKey(encryptedSymmetricKey: string, spaceDID: Type.SpaceDID, decryptionProof: import("@ucanto/interface").Proof, proofs: import("@ucanto/interface").Proof[], issuer: import("@storacha/client/types").Signer<import("@storacha/client/types").DID, import("@storacha/client/types").SigAlg>): Promise<{
|
|
84
|
+
decryptedSymmetricKey: string;
|
|
85
|
+
}>;
|
|
86
|
+
/**
|
|
87
|
+
* Extract the encrypted metadata from the CAR file
|
|
88
|
+
* KMS adapter only handles KMS format (encrypted-metadata@0.2)
|
|
89
|
+
*
|
|
90
|
+
* @param {Uint8Array} car
|
|
91
|
+
* @returns {Type.ExtractedMetadata}
|
|
92
|
+
*/
|
|
93
|
+
extractEncryptedMetadata(car: Uint8Array): Type.ExtractedMetadata;
|
|
94
|
+
/**
|
|
95
|
+
* @param {object} source
|
|
96
|
+
* @param {Type.IPLDBlock} source.root
|
|
97
|
+
*/
|
|
98
|
+
viewEncryptedMetadata({ root }: {
|
|
99
|
+
root: Type.IPLDBlock;
|
|
100
|
+
}): Type.ExtractedMetadata;
|
|
101
|
+
/**
|
|
102
|
+
*
|
|
103
|
+
* @param {Type.Result<any>} kmsContentResult
|
|
104
|
+
* @returns {Type.ExtractedMetadata}
|
|
105
|
+
*/
|
|
106
|
+
_validateKMSMetadata(kmsContentResult: Type.Result<any>): Type.ExtractedMetadata;
|
|
107
|
+
/**
|
|
108
|
+
* @param {Type.ExtractedMetadata} metadata
|
|
109
|
+
* @returns {string}
|
|
110
|
+
*/
|
|
111
|
+
getEncryptedKey(metadata: Type.ExtractedMetadata): string;
|
|
112
|
+
/**
|
|
113
|
+
* Encode metadata for upload
|
|
114
|
+
*
|
|
115
|
+
* @param {string} encryptedDataCID - The CID of the encrypted data
|
|
116
|
+
* @param {string} encryptedKey - The encrypted key
|
|
117
|
+
* @param {Type.KMSKeyMetadata} metadata - The metadata to encode
|
|
118
|
+
* @returns {Promise<{ cid: import('@storacha/upload-client/types').AnyLink, bytes: Uint8Array }>} - The encoded metadata
|
|
119
|
+
*/
|
|
120
|
+
encodeMetadata(encryptedDataCID: string, encryptedKey: string, metadata: Type.KMSKeyMetadata): Promise<{
|
|
121
|
+
cid: import("@storacha/upload-client/types").AnyLink;
|
|
122
|
+
bytes: Uint8Array;
|
|
123
|
+
}>;
|
|
124
|
+
/**
|
|
125
|
+
* Get the RSA public key from the space/encryption/setup
|
|
126
|
+
*
|
|
127
|
+
* @param {Type.EncryptionConfig} encryptionConfig
|
|
128
|
+
* @returns {Promise<{ publicKey: string, provider: string, algorithm: string }>}
|
|
129
|
+
*/
|
|
130
|
+
getSpacePublicKey(encryptionConfig: Type.EncryptionConfig): Promise<{
|
|
131
|
+
publicKey: string;
|
|
132
|
+
provider: string;
|
|
133
|
+
algorithm: string;
|
|
134
|
+
}>;
|
|
135
|
+
/**
|
|
136
|
+
* Get the Web Crypto API SubtleCrypto interface (universal compatibility)
|
|
137
|
+
*
|
|
138
|
+
* @returns {SubtleCrypto} - The SubtleCrypto interface
|
|
139
|
+
*/
|
|
140
|
+
getSubtleCrypto(): SubtleCrypto;
|
|
141
|
+
/**
|
|
142
|
+
* Encrypt data with RSA-OAEP using the public key
|
|
143
|
+
*
|
|
144
|
+
* @param {Uint8Array} dataToEncrypt
|
|
145
|
+
* @param {string} publicKeyPem
|
|
146
|
+
* @returns {Promise<Uint8Array>}
|
|
147
|
+
*/
|
|
148
|
+
encryptWithRSA(dataToEncrypt: Uint8Array, publicKeyPem: string): Promise<Uint8Array>;
|
|
149
|
+
/**
|
|
150
|
+
* Convert PEM-encoded public key to ArrayBuffer for Web Crypto API
|
|
151
|
+
*
|
|
152
|
+
* @param {string} pem - PEM-encoded public key string
|
|
153
|
+
* @returns {ArrayBuffer} - DER-encoded key data for crypto.subtle.importKey()
|
|
154
|
+
*/
|
|
155
|
+
pemToArrayBuffer(pem: string): ArrayBuffer;
|
|
156
|
+
newKeyManagerServiceConnection(): import("@ucanto/interface").ConnectionView<any>;
|
|
157
|
+
/**
|
|
158
|
+
* Sanitize the space DID for the KMS key ID
|
|
159
|
+
*
|
|
160
|
+
* @param {Type.SpaceDID} spaceDID
|
|
161
|
+
* @returns {string}
|
|
162
|
+
*/
|
|
163
|
+
sanitizeSpaceDIDForKMSKeyId(spaceDID: Type.SpaceDID): string;
|
|
180
164
|
}
|
|
181
|
-
import * as Type from '../../types.js'
|
|
182
|
-
//# sourceMappingURL=kms-crypto-adapter.d.ts.map
|
|
165
|
+
import * as Type from '../../types.js';
|
|
166
|
+
//# sourceMappingURL=kms-crypto-adapter.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"kms-crypto-adapter.d.ts","sourceRoot":"","sources":["../../../src/crypto/adapters/kms-crypto-adapter.js"],"names":[],"mappings":"AAWA;;;;;;;GAOG;AACH,yCAFgB,IAAI,CAAC,aAAa;
|
|
1
|
+
{"version":3,"file":"kms-crypto-adapter.d.ts","sourceRoot":"","sources":["../../../src/crypto/adapters/kms-crypto-adapter.js"],"names":[],"mappings":"AAWA;;;;;;;GAOG;AACH,yCAFgB,IAAI,CAAC,aAAa;IAMhC;;;;;;;;OAQG;IACH,6BANW,IAAI,CAAC,eAAe,wBACpB,GAAG,GAAC,MAAM,wBACV,OAAO,MAAM,IAAI,MAAM,EAAE,YAEjC;QAA0B,iBAAiB;KAC7C,EA0BA;IArCD,6FAA6F;IAC7F,mBADW,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC,CAC5D;IAiB3B,sCAAsC;IAiBtC,0BAA+B;IAC/B,wFAA2D;IAG7D;;;;OAIG;IACH,oBAFW,IAAI,CAAC,QAAQ,+BAIvB;IAED;;;;;;OAMG;IACH,6BAJW,cAAc,OACd,UAAU,MACV,UAAU,gCAIpB;IAED;;;;;;;OAOG;IACH,yBALW,UAAU,MACV,UAAU,oBACV,IAAI,CAAC,gBAAgB,GACnB,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,CA4B5C;IAED;;;;;;;;OAQG;IACH,kCARW,MAAM,WAEd;QAAuC,gBAAgB,EAA/C,IAAI,CAAC,gBAAgB;QACW,QAAQ,EAAxC,IAAI,CAAC,iBAAiB;QACA,WAAW,EAAjC,IAAI,CAAC,OAAO;QACoH,MAAM,EAAtI,OAAO,wBAAwB,EAAE,MAAM,CAAC,OAAO,wBAAwB,EAAE,GAAG,EAAE,OAAO,wBAAwB,EAAE,MAAM,CAAC;QACxE,QAAQ,EAAtD,OAAO,wBAAwB,EAAE,GAAG;KAC9C;;;OA6BA;IAED;;;;;;;;;OASG;IACH,gDAPW,MAAM,YACN,IAAI,CAAC,QAAQ,mBACb,OAAO,mBAAmB,EAAE,KAAK,UACjC,OAAO,mBAAmB,EAAE,KAAK,EAAE,UACnC,OAAO,wBAAwB,EAAE,MAAM,CAAC,OAAO,wBAAwB,EAAE,GAAG,EAAE,OAAO,wBAAwB,EAAE,MAAM,CAAC,GACpH,OAAO,CAAC;QAAC,qBAAqB,EAAE,MAAM,CAAA;KAAC,CAAC,CAgCpD;IAED;;;;;;OAMG;IACH,8BAHW,UAAU,GACR,IAAI,CAAC,iBAAiB,CAKlC;IAED;;;OAGG;IACH,gCAFG;QAA+B,IAAI,EAA3B,IAAI,CAAC,SAAS;KACxB,0BAGA;IAED;;;;OAIG;IACH,uCAHW,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GACd,IAAI,CAAC,iBAAiB,CAgClC;IAED;;;OAGG;IACH,0BAHW,IAAI,CAAC,iBAAiB,GACpB,MAAM,CASlB;IAED;;;;;;;OAOG;IACH,iCALW,MAAM,gBACN,MAAM,YACN,IAAI,CAAC,cAAc,GACjB,OAAO,CAAC;QAAE,GAAG,EAAE,OAAO,+BAA+B,EAAE,OAAO,CAAC;QAAC,KAAK,EAAE,UAAU,CAAA;KAAE,CAAC,CAoBhG;IAED;;;;;OAKG;IACH,oCAHW,IAAI,CAAC,gBAAgB,GACnB,OAAO,CAAC;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC,CAsC/E;IAED;;;;OAIG;IACH,mBAFa,YAAY,CAWxB;IAED;;;;;;OAMG;IACH,8BAJW,UAAU,gBACV,MAAM,GACJ,OAAO,CAAC,UAAU,CAAC,CAyB/B;IAED;;;;;OAKG;IACH,sBAHW,MAAM,GACJ,WAAW,CA6BvB;IAED,kFASC;IAED;;;;;OAKG;IACH,sCAHW,IAAI,CAAC,QAAQ,GACX,MAAM,CAIlB;CACF;sBAtbqB,gBAAgB"}
|
|
@@ -3,7 +3,7 @@ import { CAR, HTTP } from '@ucanto/transport';
|
|
|
3
3
|
import { base64 } from 'multiformats/bases/base64';
|
|
4
4
|
import * as Type from '../../types.js';
|
|
5
5
|
import { EncryptionSetup, EncryptionKeyDecrypt, } from '@storacha/capabilities/space';
|
|
6
|
-
import
|
|
6
|
+
import * as EncryptedMetadata from '../../core/metadata/encrypted-metadata.js';
|
|
7
7
|
import * as DID from '@ipld/dag-ucan/did';
|
|
8
8
|
/**
|
|
9
9
|
* KMSCryptoAdapter implements the complete CryptoAdapter interface using KMS.
|
|
@@ -14,6 +14,8 @@ import * as DID from '@ipld/dag-ucan/did';
|
|
|
14
14
|
* @implements {Type.CryptoAdapter}
|
|
15
15
|
*/
|
|
16
16
|
export class KMSCryptoAdapter {
|
|
17
|
+
/** @type {Map<Type.SpaceDID, { publicKey: string, provider: string, algorithm: string }>} */
|
|
18
|
+
_cachedPublicKeys = new Map();
|
|
17
19
|
/**
|
|
18
20
|
* Create a new KMS crypto adapter
|
|
19
21
|
*
|
|
@@ -153,7 +155,22 @@ export class KMSCryptoAdapter {
|
|
|
153
155
|
* @returns {Type.ExtractedMetadata}
|
|
154
156
|
*/
|
|
155
157
|
extractEncryptedMetadata(car) {
|
|
156
|
-
const kmsContentResult =
|
|
158
|
+
const kmsContentResult = EncryptedMetadata.extract(car);
|
|
159
|
+
return this._validateKMSMetadata(kmsContentResult);
|
|
160
|
+
}
|
|
161
|
+
/**
|
|
162
|
+
* @param {object} source
|
|
163
|
+
* @param {Type.IPLDBlock} source.root
|
|
164
|
+
*/
|
|
165
|
+
viewEncryptedMetadata({ root }) {
|
|
166
|
+
return this._validateKMSMetadata(EncryptedMetadata.view({ root }));
|
|
167
|
+
}
|
|
168
|
+
/**
|
|
169
|
+
*
|
|
170
|
+
* @param {Type.Result<any>} kmsContentResult
|
|
171
|
+
* @returns {Type.ExtractedMetadata}
|
|
172
|
+
*/
|
|
173
|
+
_validateKMSMetadata(kmsContentResult) {
|
|
157
174
|
if (kmsContentResult.error) {
|
|
158
175
|
throw kmsContentResult.error;
|
|
159
176
|
}
|
|
@@ -211,7 +228,7 @@ export class KMSCryptoAdapter {
|
|
|
211
228
|
algorithm: kmsKeyMetadata.kms.algorithm,
|
|
212
229
|
},
|
|
213
230
|
};
|
|
214
|
-
const kmsMetadata =
|
|
231
|
+
const kmsMetadata = EncryptedMetadata.create('kms', uploadData);
|
|
215
232
|
return await kmsMetadata.archiveBlock();
|
|
216
233
|
}
|
|
217
234
|
/**
|
|
@@ -221,6 +238,10 @@ export class KMSCryptoAdapter {
|
|
|
221
238
|
* @returns {Promise<{ publicKey: string, provider: string, algorithm: string }>}
|
|
222
239
|
*/
|
|
223
240
|
async getSpacePublicKey(encryptionConfig) {
|
|
241
|
+
const cached = this._cachedPublicKeys.get(encryptionConfig.spaceDID);
|
|
242
|
+
if (cached) {
|
|
243
|
+
return cached;
|
|
244
|
+
}
|
|
224
245
|
// Step 1: Invoke the EncryptionSetup capability
|
|
225
246
|
const setupResult = await EncryptionSetup.invoke({
|
|
226
247
|
issuer: encryptionConfig.issuer,
|
|
@@ -240,8 +261,12 @@ export class KMSCryptoAdapter {
|
|
|
240
261
|
'Encryption setup failed';
|
|
241
262
|
throw new Error(errorMessage);
|
|
242
263
|
}
|
|
243
|
-
// Step 3:
|
|
244
|
-
|
|
264
|
+
// Step 3: Cache the public key and key reference
|
|
265
|
+
const publicKeyData =
|
|
266
|
+
/** @type {{ publicKey: string, provider: string, algorithm: string }} */ (setupResult.out.ok);
|
|
267
|
+
this._cachedPublicKeys.set(encryptionConfig.spaceDID, publicKeyData);
|
|
268
|
+
// Step 4: Return the public key and key reference
|
|
269
|
+
return publicKeyData;
|
|
245
270
|
}
|
|
246
271
|
/**
|
|
247
272
|
* Get the Web Crypto API SubtleCrypto interface (universal compatibility)
|
|
@@ -103,6 +103,19 @@ export class LitCryptoAdapter implements Type.CryptoAdapter {
|
|
|
103
103
|
* @returns {Type.ExtractedMetadata} - The extracted metadata
|
|
104
104
|
*/
|
|
105
105
|
extractEncryptedMetadata(car: Uint8Array): Type.ExtractedMetadata;
|
|
106
|
+
/**
|
|
107
|
+
* @param {object} source
|
|
108
|
+
* @param {Type.IPLDBlock} source.root
|
|
109
|
+
*/
|
|
110
|
+
viewEncryptedMetadata({ root }: {
|
|
111
|
+
root: Type.IPLDBlock;
|
|
112
|
+
}): Type.ExtractedMetadata;
|
|
113
|
+
/**
|
|
114
|
+
*
|
|
115
|
+
* @param {Type.Result<any>} encryptedContentResult
|
|
116
|
+
* @returns {Type.ExtractedMetadata}
|
|
117
|
+
*/
|
|
118
|
+
_validateLitMetadata(encryptedContentResult: Type.Result<any>): Type.ExtractedMetadata;
|
|
106
119
|
/**
|
|
107
120
|
* Get the encrypted key from the metadata
|
|
108
121
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"lit-crypto-adapter.d.ts","sourceRoot":"","sources":["../../../src/crypto/adapters/lit-crypto-adapter.js"],"names":[],"mappings":"AAMA;;;;;;;GAOG;AACH,yCAFgB,IAAI,CAAC,aAAa;IAGhC;;;;;;OAMG;IACH,6BAJW,IAAI,CAAC,eAAe,aACpB,OAAO,0BAA0B,EAAE,aAAa,eAChD,IAAI,CAAC,WAAW,EAM1B;IAHC,sCAAsC;IACtC;;;;;;;;;;;;;;;;;;;;;;;;;;;MAA0B;IAC1B;;MAA8B;IAGhC;;;;;OAKG;IACH,oBAHW,IAAI,CAAC,QAAQ,GACX,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,CAIvC;IAED;;;;;;;OAOG;IACH,6BALW,cAAc,OACd,UAAU,MACV,UAAU,GACR,OAAO,CAAC,cAAc,CAAC,CAInC;IAED;;;;;;;OAOG;IACH,yBALW,UAAU,MACV,UAAU,oBACV,IAAI,CAAC,gBAAgB,GACnB,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,CA6B5C;IAED;;;;;;;;;;;;OAYG;IACH,kCAVW,MAAM,WAEd;QAAuC,gBAAgB,EAA/C,IAAI,CAAC,gBAAgB;QACW,QAAQ,EAAxC,IAAI,CAAC,iBAAiB;QACqB,iBAAiB,EAA5D,OAAO,mBAAmB,EAAE,KAAK;QACX,WAAW,EAAjC,IAAI,CAAC,OAAO;QACoH,MAAM,EAAtI,OAAO,wBAAwB,EAAE,MAAM,CAAC,OAAO,wBAAwB,EAAE,GAAG,EAAE,OAAO,wBAAwB,EAAE,MAAM,CAAC;QACxE,QAAQ,EAAtD,OAAO,wBAAwB,EAAE,GAAG;KAC5C,GAAU,OAAO,CAAC;QAAE,GAAG,EAAE,UAAU,CAAC;QAAC,EAAE,EAAE,UAAU,CAAA;KAAE,CAAC,CAgFxD;IAED;;;;;OAKG;IACH,8BAHW,UAAU,GACR,IAAI,CAAC,iBAAiB,
|
|
1
|
+
{"version":3,"file":"lit-crypto-adapter.d.ts","sourceRoot":"","sources":["../../../src/crypto/adapters/lit-crypto-adapter.js"],"names":[],"mappings":"AAMA;;;;;;;GAOG;AACH,yCAFgB,IAAI,CAAC,aAAa;IAGhC;;;;;;OAMG;IACH,6BAJW,IAAI,CAAC,eAAe,aACpB,OAAO,0BAA0B,EAAE,aAAa,eAChD,IAAI,CAAC,WAAW,EAM1B;IAHC,sCAAsC;IACtC;;;;;;;;;;;;;;;;;;;;;;;;;;;MAA0B;IAC1B;;MAA8B;IAGhC;;;;;OAKG;IACH,oBAHW,IAAI,CAAC,QAAQ,GACX,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,CAIvC;IAED;;;;;;;OAOG;IACH,6BALW,cAAc,OACd,UAAU,MACV,UAAU,GACR,OAAO,CAAC,cAAc,CAAC,CAInC;IAED;;;;;;;OAOG;IACH,yBALW,UAAU,MACV,UAAU,oBACV,IAAI,CAAC,gBAAgB,GACnB,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,CA6B5C;IAED;;;;;;;;;;;;OAYG;IACH,kCAVW,MAAM,WAEd;QAAuC,gBAAgB,EAA/C,IAAI,CAAC,gBAAgB;QACW,QAAQ,EAAxC,IAAI,CAAC,iBAAiB;QACqB,iBAAiB,EAA5D,OAAO,mBAAmB,EAAE,KAAK;QACX,WAAW,EAAjC,IAAI,CAAC,OAAO;QACoH,MAAM,EAAtI,OAAO,wBAAwB,EAAE,MAAM,CAAC,OAAO,wBAAwB,EAAE,GAAG,EAAE,OAAO,wBAAwB,EAAE,MAAM,CAAC;QACxE,QAAQ,EAAtD,OAAO,wBAAwB,EAAE,GAAG;KAC5C,GAAU,OAAO,CAAC;QAAE,GAAG,EAAE,UAAU,CAAC;QAAC,EAAE,EAAE,UAAU,CAAA;KAAE,CAAC,CAgFxD;IAED;;;;;OAKG;IACH,8BAHW,UAAU,GACR,IAAI,CAAC,iBAAiB,CAIlC;IACD;;;OAGG;IACH,gCAFG;QAA+B,IAAI,EAA3B,IAAI,CAAC,SAAS;KACxB,0BAGA;IAED;;;;OAIG;IACH,6CAHW,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GACd,IAAI,CAAC,iBAAiB,CA0BlC;IAED;;;;;OAKG;IACH,0BAHW,IAAI,CAAC,iBAAiB,GACpB,MAAM,CAOlB;IAED;;;;;;;OAOG;IACH,iCALW,MAAM,gBACN,MAAM,YACN,IAAI,CAAC,cAAc,GACjB,OAAO,CAAC;QAAE,GAAG,EAAE,OAAO,+BAA+B,EAAE,OAAO,CAAC;QAAC,KAAK,EAAE,UAAU,CAAA;KAAE,CAAC,CAehG;CACF;sBAtQqB,gBAAgB"}
|
|
@@ -152,7 +152,21 @@ export class LitCryptoAdapter {
|
|
|
152
152
|
* @returns {Type.ExtractedMetadata} - The extracted metadata
|
|
153
153
|
*/
|
|
154
154
|
extractEncryptedMetadata(car) {
|
|
155
|
-
|
|
155
|
+
return this._validateLitMetadata(EncryptedMetadata.extract(car));
|
|
156
|
+
}
|
|
157
|
+
/**
|
|
158
|
+
* @param {object} source
|
|
159
|
+
* @param {Type.IPLDBlock} source.root
|
|
160
|
+
*/
|
|
161
|
+
viewEncryptedMetadata({ root }) {
|
|
162
|
+
return this._validateLitMetadata(EncryptedMetadata.view({ root }));
|
|
163
|
+
}
|
|
164
|
+
/**
|
|
165
|
+
*
|
|
166
|
+
* @param {Type.Result<any>} encryptedContentResult
|
|
167
|
+
* @returns {Type.ExtractedMetadata}
|
|
168
|
+
*/
|
|
169
|
+
_validateLitMetadata(encryptedContentResult) {
|
|
156
170
|
if (encryptedContentResult.error) {
|
|
157
171
|
throw encryptedContentResult.error;
|
|
158
172
|
}
|
|
@@ -1,29 +1,4 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
*
|
|
4
|
-
|
|
5
|
-
* encryption and decryption operations.
|
|
6
|
-
* @param {Uint8Array} key - The symmetric key
|
|
7
|
-
* @param {Uint8Array} iv - The initialization vector
|
|
8
|
-
* @param {AsyncIterable<Uint8Array>|Uint8Array} content - The encrypted file content
|
|
9
|
-
* @returns {Promise<ReadableStream>} The decrypted file stream
|
|
10
|
-
*/
|
|
11
|
-
export function decryptFileWithKey(
|
|
12
|
-
cryptoAdapter: Type.CryptoAdapter,
|
|
13
|
-
key: Uint8Array,
|
|
14
|
-
iv: Uint8Array,
|
|
15
|
-
content: AsyncIterable<Uint8Array> | Uint8Array
|
|
16
|
-
): Promise<ReadableStream>
|
|
17
|
-
export function retrieveAndDecrypt(
|
|
18
|
-
storachaClient: import('@storacha/client').Client,
|
|
19
|
-
cryptoAdapter: Type.CryptoAdapter,
|
|
20
|
-
gatewayURL: URL,
|
|
21
|
-
cid: Type.AnyLink,
|
|
22
|
-
decryptionConfig: Type.DecryptionConfig
|
|
23
|
-
): Promise<Type.DecryptionResult>
|
|
24
|
-
export function getCarFileFromPublicGateway(
|
|
25
|
-
gatewayURL: URL,
|
|
26
|
-
cid: string
|
|
27
|
-
): Promise<Uint8Array>
|
|
28
|
-
import * as Type from '../types.js'
|
|
29
|
-
//# sourceMappingURL=decrypt-handler.d.ts.map
|
|
1
|
+
export function retrieveAndDecrypt(storachaClient: import("@storacha/client").Client, cryptoAdapter: Type.CryptoAdapter, gatewayURL: URL, cid: Type.AnyLink, decryptionConfig: Type.DecryptionConfig): Promise<Type.DecryptionResult>;
|
|
2
|
+
export function getCarFileFromPublicGateway(gatewayURL: URL, cid: string): Promise<Uint8Array>;
|
|
3
|
+
import * as Type from '../types.js';
|
|
4
|
+
//# sourceMappingURL=decrypt-handler.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"decrypt-handler.d.ts","sourceRoot":"","sources":["../../src/handlers/decrypt-handler.js"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"decrypt-handler.d.ts","sourceRoot":"","sources":["../../src/handlers/decrypt-handler.js"],"names":[],"mappings":"AAkBO,mDARI,OAAO,kBAAkB,EAAE,MAAM,iBACjC,IAAI,CAAC,aAAa,cAElB,GAAG,OACH,IAAI,CAAC,OAAO,oBACZ,IAAI,CAAC,gBAAgB,GACnB,OAAO,CAAC,IAAI,CAAC,gBAAgB,CAAC,CA2B1C;AAaM,wDAJI,GAAG,OACH,MAAM,GACJ,OAAO,CAAC,UAAU,CAAC,CA+B/B;sBAjFqB,aAAa"}
|