asherah 1.0.18 → 1.0.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/LICENSE +21 -0
  2. package/binaries/libasherah-arm64.dylib +0 -0
  3. package/binaries/libasherah-arm64.so +0 -0
  4. package/dist/index.js +75 -0
  5. package/package.json +11 -4
  6. package/index.js +0 -150
package/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2022 GoDaddy Operating Company, LLC.
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
package/binaries/libasherah-arm64.dylib CHANGED
Binary file
package/binaries/libasherah-arm64.so CHANGED
Binary file
package/dist/index.js ADDED
@@ -0,0 +1,75 @@
1
+ "use strict";
2
+ var __importDefault = (this && this.__importDefault) || function (mod) {
3
+ return (mod && mod.__esModule) ? mod : { "default": mod };
4
+ };
5
+ Object.defineProperty(exports, "__esModule", { value: true });
6
+ exports.encrypt = exports.decrypt = exports.setup = void 0;
7
+ const cobhan_1 = __importDefault(require("cobhan"));
8
+ const libasherah = cobhan_1.default.load_platform_library('node_modules/asherah/binaries', 'libasherah', {
9
+ 'Encrypt': ['int32', ['pointer', 'pointer', 'pointer', 'pointer', 'pointer', 'pointer', 'pointer']],
10
+ 'Decrypt': ['int32', ['pointer', 'pointer', 'pointer', 'int64', 'pointer', 'int64', 'pointer']],
11
+ 'Setup': ['int32', ['pointer', 'pointer', 'pointer', 'pointer', 'pointer', 'pointer', 'int32', 'pointer', 'pointer', 'pointer', 'pointer', 'int32', 'int32', 'int32']],
12
+ });
13
+ function setup(config) {
14
+ const kmsTypeBuffer = cobhan_1.default.string_to_cbuffer(config.kmsType);
15
+ const metastoreBuffer = cobhan_1.default.string_to_cbuffer(config.metastore);
16
+ const rdbmsConnectionStringBuffer = cobhan_1.default.string_to_cbuffer(config.rdbmsConnectionString);
17
+ const dynamoDbEndpointBuffer = cobhan_1.default.string_to_cbuffer(config.dynamoDbEndpoint);
18
+ const dynamoDbRegionBuffer = cobhan_1.default.string_to_cbuffer(config.dynamoDbRegion);
19
+ const dynamoDbTableNameBuffer = cobhan_1.default.string_to_cbuffer(config.dynamoDbTableName);
20
+ const enableRegionSuffixInt = config.enableRegionSuffix ? 1 : 0;
21
+ const serviceNameBuffer = cobhan_1.default.string_to_cbuffer(config.serviceName);
22
+ const productIdBuffer = cobhan_1.default.string_to_cbuffer(config.productId);
23
+ const preferredRegionBuffer = cobhan_1.default.string_to_cbuffer(config.preferredRegion);
24
+ const regionMapBuffer = cobhan_1.default.string_to_cbuffer(config.regionMap);
25
+ const verboseInt = config.verbose ? 1 : 0;
26
+ const sessionCacheInt = config.sessionCache ? 1 : 0;
27
+ const debugOutputInt = config.debugOutput ? 1 : 0;
28
+ const result = libasherah.Setup(kmsTypeBuffer, metastoreBuffer, rdbmsConnectionStringBuffer, dynamoDbEndpointBuffer, dynamoDbRegionBuffer, dynamoDbTableNameBuffer, enableRegionSuffixInt, serviceNameBuffer, productIdBuffer, preferredRegionBuffer, regionMapBuffer, verboseInt, sessionCacheInt, debugOutputInt);
29
+ if (result < 0) {
30
+ throw new Error('setup failed: ' + result);
31
+ }
32
+ }
33
+ exports.setup = setup;
34
+ function decrypt(partitionId, dataRowRecord) {
35
+ const partitionIdBuffer = cobhan_1.default.string_to_cbuffer(partitionId);
36
+ const encryptedDataBuffer = cobhan_1.default.buffer_to_cbuffer(dataRowRecord.Data);
37
+ const encryptedKeyBuffer = cobhan_1.default.buffer_to_cbuffer(dataRowRecord.Key.EncryptedKey);
38
+ const created = dataRowRecord.Key.Created;
39
+ const parentKeyIdBuffer = cobhan_1.default.string_to_cbuffer(dataRowRecord.Key.ParentKeyMeta.ID);
40
+ const parentKeyCreated = dataRowRecord.Key.ParentKeyMeta.Created;
41
+ const outputDataBuffer = cobhan_1.default.allocate_cbuffer(encryptedDataBuffer.length + 256);
42
+ const result = libasherah.Decrypt(partitionIdBuffer, encryptedDataBuffer, encryptedKeyBuffer, created, parentKeyIdBuffer, parentKeyCreated, outputDataBuffer);
43
+ if (result < 0) {
44
+ throw new Error('decrypt failed: ' + result);
45
+ }
46
+ return cobhan_1.default.cbuffer_to_buffer(outputDataBuffer);
47
+ }
48
+ exports.decrypt = decrypt;
49
+ function encrypt(partitionId, data) {
50
+ const partitionIdBuffer = cobhan_1.default.string_to_cbuffer(partitionId);
51
+ const dataBuffer = cobhan_1.default.buffer_to_cbuffer(data);
52
+ const outputEncryptedDataBuffer = cobhan_1.default.allocate_cbuffer(data.length + 256);
53
+ const outputEncryptedKeyBuffer = cobhan_1.default.allocate_cbuffer(256);
54
+ const outputCreatedBuffer = cobhan_1.default.int64_to_buffer(0);
55
+ const outputParentKeyIdBuffer = cobhan_1.default.allocate_cbuffer(256);
56
+ const outputParentKeyCreatedBuffer = cobhan_1.default.int64_to_buffer(0);
57
+ const result = libasherah.Encrypt(partitionIdBuffer, dataBuffer, outputEncryptedDataBuffer, outputEncryptedKeyBuffer, outputCreatedBuffer, outputParentKeyIdBuffer, outputParentKeyCreatedBuffer);
58
+ if (result < 0) {
59
+ throw new Error('encrypt failed: ' + result);
60
+ }
61
+ const parentKeyId = cobhan_1.default.cbuffer_to_string(outputParentKeyIdBuffer);
62
+ const dataRowRecord = {
63
+ Data: cobhan_1.default.cbuffer_to_buffer(outputEncryptedDataBuffer),
64
+ Key: {
65
+ EncryptedKey: cobhan_1.default.cbuffer_to_buffer(outputEncryptedKeyBuffer),
66
+ Created: cobhan_1.default.buffer_to_int64(outputCreatedBuffer),
67
+ ParentKeyMeta: {
68
+ ID: parentKeyId,
69
+ Created: cobhan_1.default.buffer_to_int64(outputParentKeyCreatedBuffer)
70
+ }
71
+ }
72
+ };
73
+ return dataRowRecord;
74
+ }
75
+ exports.encrypt = encrypt;
package/package.json CHANGED
@@ -1,14 +1,14 @@
1
1
  {
2
2
  "name": "asherah",
3
- "version": "1.0.18",
3
+ "version": "1.0.21",
4
4
  "description": "Asherah envelope encryption and key rotation library",
5
- "main": "index.js",
6
- "type": "module",
5
+ "main": "dist/index.js",
7
6
  "repository": {
8
7
  "type": "git",
9
8
  "url": "https://github.com/jgowdy/asherah-cobhan.git"
10
9
  },
11
10
  "scripts": {
11
+ "build": "npx tsc",
12
12
  "test": "echo \"Error: no test specified\" && exit 1"
13
13
  },
14
14
  "keywords": [],
@@ -19,6 +19,13 @@
19
19
  "binaries/*.dylib"
20
20
  ],
21
21
  "dependencies": {
22
- "cobhan": "^1.0.11"
22
+ "cobhan": "^1.0.21"
23
+ },
24
+ "devDependencies": {
25
+ "@types/node": "^17.0.21",
26
+ "@typescript-eslint/eslint-plugin": "^5.13.0",
27
+ "@typescript-eslint/parser": "^5.13.0",
28
+ "eslint": "^8.10.0",
29
+ "typescript": "^4.6.2"
23
30
  }
24
31
  }
package/index.js DELETED
@@ -1,150 +0,0 @@
1
- import cobhan from 'cobhan'
2
-
3
- // KeyMeta contains the ID and Created timestamp for an encryption key.
4
-
5
- /**
6
- * @typedef {Object} KeyMeta
7
- * @property {string} ID
8
- * @property {number} Created
9
- */
10
-
11
- // DataRowRecord contains the encrypted key and provided data, as well as the information
12
- // required to decrypt the key encryption key. This struct should be stored in your
13
- // data persistence as it's required to decrypt data.
14
-
15
- /**
16
- * @typedef {Object} DataRowRecord
17
- * @property {EnvelopeKeyRecord} Key
18
- * @property {Buffer} Data
19
- */
20
-
21
- // EnvelopeKeyRecord represents an encrypted key and is the data structure used
22
- // to persist the key in our key table. It also contains the meta data
23
- // of the key used to encrypt it.
24
-
25
- /**
26
- * @typedef {Object} EnvelopeKeyRecord
27
- * @property {number} Created
28
- * @property {Buffer} EncryptedKey
29
- * @property {KeyMeta} ParentKeyMeta
30
- */
31
-
32
- const libasherah = cobhan.load_platform_library('node_modules/asherah/binaries', 'libasherah', {
33
- 'Encrypt': ['int32', ['pointer', 'pointer', 'pointer', 'pointer', 'pointer', 'pointer', 'pointer']],
34
- 'Decrypt': ['int32', ['pointer', 'pointer', 'pointer', 'int64', 'pointer', 'int64', 'pointer']],
35
- 'Setup': ['int32', ['pointer', 'pointer', 'pointer', 'pointer', 'pointer', 'pointer', 'int32', 'pointer', 'pointer', 'pointer', 'pointer', 'int32', 'int32', 'int32' ]],
36
- });
37
-
38
- /**
39
- * @param {string} args.kmsType
40
- * @param {string} args.metastore
41
- * @param {string} args.serviceName
42
- * @param {string} args.productId
43
- * @param {string} [args.rdbmsConnectionString]
44
- * @param {string} [args.dynamoDbEndpoint]
45
- * @param {string} [args.dynamoDbRegion]
46
- * @param {string} [args.dynamoDbTableName]
47
- * @param {boolean} [args.enableRegionSuffix]
48
- * @param {string} [args.preferredRegion]
49
- * @param {string} [args.regionMap]
50
- * @param {boolean} [args.verbose]
51
- * @param {boolean} [args.sessionCache]
52
- * @param {boolean} [args.debugOutput]
53
- */
54
- function setup({
55
- kmsType,
56
- metastore,
57
- serviceName,
58
- productId,
59
- rdbmsConnectionString = null,
60
- dynamoDbEndpoint = null,
61
- dynamoDbRegion = null,
62
- dynamoDbTableName = null,
63
- enableRegionSuffix = null,
64
- preferredRegion = null,
65
- regionMap = null,
66
- verbose = false,
67
- sessionCache = false,
68
- debugOutput = false,
69
- }) {
70
- const kmsTypeBuffer = cobhan.string_to_cbuffer(kmsType)
71
- const metastoreBuffer = cobhan.string_to_cbuffer(metastore)
72
- const rdbmsConnectionStringBuffer = cobhan.string_to_cbuffer(rdbmsConnectionString)
73
- const dynamoDbEndpointBuffer = cobhan.string_to_cbuffer(dynamoDbEndpoint)
74
- const dynamoDbRegionBuffer = cobhan.string_to_cbuffer(dynamoDbRegion)
75
- const dynamoDbTableNameBuffer = cobhan.string_to_cbuffer(dynamoDbTableName)
76
- const enableRegionSuffixInt = enableRegionSuffix ? 1 : 0
77
- const serviceNameBuffer = cobhan.string_to_cbuffer(serviceName)
78
- const productIdBuffer = cobhan.string_to_cbuffer(productId)
79
- const preferredRegionBuffer = cobhan.string_to_cbuffer(preferredRegion)
80
- const regionMapBuffer = cobhan.string_to_cbuffer(regionMap)
81
- const verboseInt = verbose ? 1 : 0
82
- const sessionCacheInt = sessionCache ? 1 : 0
83
- const debugOutputInt = debugOutput ? 1 : 0
84
-
85
- const result = libasherah.Setup(kmsTypeBuffer, metastoreBuffer, rdbmsConnectionStringBuffer, dynamoDbEndpointBuffer, dynamoDbRegionBuffer, dynamoDbTableNameBuffer, enableRegionSuffixInt, serviceNameBuffer, productIdBuffer, preferredRegionBuffer, regionMapBuffer, verboseInt, sessionCacheInt, debugOutputInt);
86
- if (result < 0) {
87
- throw new Error('setup failed: ' + result);
88
- }
89
- }
90
-
91
- /**
92
- * @param {string} partitionId
93
- * @param {DataRowRecord} dataRowRecord
94
- * @return {Buffer}
95
- */
96
- function decrypt(partitionId, dataRowRecord) {
97
- const partitionIdBuffer = cobhan.string_to_cbuffer(partitionId);
98
- const encryptedDataBuffer = cobhan.buffer_to_cbuffer(dataRowRecord['Data']);
99
- const encryptedKeyBuffer = cobhan.buffer_to_cbuffer(dataRowRecord['Key']['EncryptedKey']);
100
- const created = dataRowRecord['Key']['Created'];
101
- const parentKeyIdBuffer = cobhan.string_to_cbuffer(dataRowRecord['Key']['ParentKeyMeta']['ID']);
102
- const parentKeyCreated = dataRowRecord['Key']['ParentKeyMeta']['Created'];
103
-
104
- const outputDataBuffer = cobhan.allocate_cbuffer(encryptedDataBuffer.length + 256);
105
-
106
- const result = libasherah.Decrypt(partitionIdBuffer, encryptedDataBuffer, encryptedKeyBuffer, created, parentKeyIdBuffer, parentKeyCreated, outputDataBuffer);
107
- if (result < 0) {
108
- throw new Error('decrypt failed: ' + result);
109
- }
110
-
111
- return cobhan.cbuffer_to_buffer(outputDataBuffer);
112
- }
113
-
114
- /**
115
- * @param {string} partitionId
116
- * @param {Buffer} data
117
- * @return {DataRowRecord}
118
- */
119
- function encrypt(partitionId, data) {
120
- const partitionIdBuffer = cobhan.string_to_cbuffer(partitionId);
121
- const dataBuffer = cobhan.buffer_to_cbuffer(data);
122
- const outputEncryptedDataBuffer = cobhan.allocate_cbuffer(data.length + 256);
123
- const outputEncryptedKeyBuffer = cobhan.allocate_cbuffer(256);
124
- const outputCreatedBuffer = cobhan.int64_to_buffer(0);
125
- const outputParentKeyIdBuffer = cobhan.allocate_cbuffer(256);
126
- const outputParentKeyCreatedBuffer = cobhan.int64_to_buffer(0);
127
-
128
- const result = libasherah.Encrypt(partitionIdBuffer, dataBuffer, outputEncryptedDataBuffer, outputEncryptedKeyBuffer,
129
- outputCreatedBuffer, outputParentKeyIdBuffer, outputParentKeyCreatedBuffer);
130
-
131
- if (result < 0) {
132
- throw new Error('encrypt failed: ' + result);
133
- }
134
- const parentKeyId = cobhan.cbuffer_to_string(outputParentKeyIdBuffer);
135
- const dataRowRecord = {
136
- Data: cobhan.cbuffer_to_buffer(outputEncryptedDataBuffer),
137
- Key: {
138
- EncryptedKey: cobhan.cbuffer_to_buffer(outputEncryptedKeyBuffer),
139
- Created: cobhan.buffer_to_int64(outputCreatedBuffer),
140
- ParentKeyMeta: {
141
- ID: parentKeyId,
142
- Created: cobhan.buffer_to_int64(outputParentKeyCreatedBuffer)
143
- }
144
- }
145
- };
146
-
147
- return dataRowRecord;
148
- }
149
-
150
- export { encrypt, decrypt, setup };