asherah 1.0.20 → 1.0.23

package/LICENSE

@@ -1,6 +1,6 @@
-MIT License
+The MIT License (MIT)
 
-Copyright (c) 2022 GoDaddy
+Copyright (c) 2022 GoDaddy Operating Company, LLC.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/dist/index.d.ts

@@ -0,0 +1,34 @@
+/// <reference types="node" />
+declare type KeyMeta = {
+    ID: string;
+    Created: string | number;
+};
+declare type EnvelopeKeyRecord = {
+    EncryptedKey: Buffer;
+    Created: string | number;
+    ParentKeyMeta: KeyMeta;
+};
+declare type DataRowRecord = {
+    Data: Buffer;
+    Key: EnvelopeKeyRecord;
+};
+declare type AsherahConfig = {
+    kmsType: string;
+    metastore: string;
+    serviceName: string;
+    productId: string;
+    rdbmsConnectionString: string | null;
+    dynamoDbEndpoint: string | null;
+    dynamoDbRegion: string | null;
+    dynamoDbTableName: string | null;
+    enableRegionSuffix: boolean;
+    preferredRegion: string | null;
+    regionMap: string | null;
+    verbose: boolean;
+    sessionCache: boolean;
+    debugOutput: boolean;
+};
+export declare function setup(config: AsherahConfig): void;
+export declare function decrypt(partitionId: string, dataRowRecord: DataRowRecord): Buffer;
+export declare function encrypt(partitionId: string, data: Buffer): DataRowRecord;
+export {};

package/dist/index.js

@@ -0,0 +1,75 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.encrypt = exports.decrypt = exports.setup = void 0;
+const cobhan_1 = __importDefault(require("cobhan"));
+const libasherah = cobhan_1.default.load_platform_library('node_modules/asherah/binaries', 'libasherah', {
+    'Encrypt': ['int32', ['pointer', 'pointer', 'pointer', 'pointer', 'pointer', 'pointer', 'pointer']],
+    'Decrypt': ['int32', ['pointer', 'pointer', 'pointer', 'int64', 'pointer', 'int64', 'pointer']],
+    'Setup': ['int32', ['pointer', 'pointer', 'pointer', 'pointer', 'pointer', 'pointer', 'int32', 'pointer', 'pointer', 'pointer', 'pointer', 'int32', 'int32', 'int32']],
+});
+function setup(config) {
+    const kmsTypeBuffer = cobhan_1.default.string_to_cbuffer(config.kmsType);
+    const metastoreBuffer = cobhan_1.default.string_to_cbuffer(config.metastore);
+    const rdbmsConnectionStringBuffer = cobhan_1.default.string_to_cbuffer(config.rdbmsConnectionString);
+    const dynamoDbEndpointBuffer = cobhan_1.default.string_to_cbuffer(config.dynamoDbEndpoint);
+    const dynamoDbRegionBuffer = cobhan_1.default.string_to_cbuffer(config.dynamoDbRegion);
+    const dynamoDbTableNameBuffer = cobhan_1.default.string_to_cbuffer(config.dynamoDbTableName);
+    const enableRegionSuffixInt = config.enableRegionSuffix ? 1 : 0;
+    const serviceNameBuffer = cobhan_1.default.string_to_cbuffer(config.serviceName);
+    const productIdBuffer = cobhan_1.default.string_to_cbuffer(config.productId);
+    const preferredRegionBuffer = cobhan_1.default.string_to_cbuffer(config.preferredRegion);
+    const regionMapBuffer = cobhan_1.default.string_to_cbuffer(config.regionMap);
+    const verboseInt = config.verbose ? 1 : 0;
+    const sessionCacheInt = config.sessionCache ? 1 : 0;
+    const debugOutputInt = config.debugOutput ? 1 : 0;
+    const result = libasherah.Setup(kmsTypeBuffer, metastoreBuffer, rdbmsConnectionStringBuffer, dynamoDbEndpointBuffer, dynamoDbRegionBuffer, dynamoDbTableNameBuffer, enableRegionSuffixInt, serviceNameBuffer, productIdBuffer, preferredRegionBuffer, regionMapBuffer, verboseInt, sessionCacheInt, debugOutputInt);
+    if (result < 0) {
+        throw new Error('setup failed: ' + result);
+    }
+}
+exports.setup = setup;
+function decrypt(partitionId, dataRowRecord) {
+    const partitionIdBuffer = cobhan_1.default.string_to_cbuffer(partitionId);
+    const encryptedDataBuffer = cobhan_1.default.buffer_to_cbuffer(dataRowRecord.Data);
+    const encryptedKeyBuffer = cobhan_1.default.buffer_to_cbuffer(dataRowRecord.Key.EncryptedKey);
+    const created = dataRowRecord.Key.Created;
+    const parentKeyIdBuffer = cobhan_1.default.string_to_cbuffer(dataRowRecord.Key.ParentKeyMeta.ID);
+    const parentKeyCreated = dataRowRecord.Key.ParentKeyMeta.Created;
+    const outputDataBuffer = cobhan_1.default.allocate_cbuffer(encryptedDataBuffer.length + 256);
+    const result = libasherah.Decrypt(partitionIdBuffer, encryptedDataBuffer, encryptedKeyBuffer, created, parentKeyIdBuffer, parentKeyCreated, outputDataBuffer);
+    if (result < 0) {
+        throw new Error('decrypt failed: ' + result);
+    }
+    return cobhan_1.default.cbuffer_to_buffer(outputDataBuffer);
+}
+exports.decrypt = decrypt;
+function encrypt(partitionId, data) {
+    const partitionIdBuffer = cobhan_1.default.string_to_cbuffer(partitionId);
+    const dataBuffer = cobhan_1.default.buffer_to_cbuffer(data);
+    const outputEncryptedDataBuffer = cobhan_1.default.allocate_cbuffer(data.length + 256);
+    const outputEncryptedKeyBuffer = cobhan_1.default.allocate_cbuffer(256);
+    const outputCreatedBuffer = cobhan_1.default.int64_to_buffer(0);
+    const outputParentKeyIdBuffer = cobhan_1.default.allocate_cbuffer(256);
+    const outputParentKeyCreatedBuffer = cobhan_1.default.int64_to_buffer(0);
+    const result = libasherah.Encrypt(partitionIdBuffer, dataBuffer, outputEncryptedDataBuffer, outputEncryptedKeyBuffer, outputCreatedBuffer, outputParentKeyIdBuffer, outputParentKeyCreatedBuffer);
+    if (result < 0) {
+        throw new Error('encrypt failed: ' + result);
+    }
+    const parentKeyId = cobhan_1.default.cbuffer_to_string(outputParentKeyIdBuffer);
+    const dataRowRecord = {
+        Data: cobhan_1.default.cbuffer_to_buffer(outputEncryptedDataBuffer),
+        Key: {
+            EncryptedKey: cobhan_1.default.cbuffer_to_buffer(outputEncryptedKeyBuffer),
+            Created: cobhan_1.default.buffer_to_int64(outputCreatedBuffer),
+            ParentKeyMeta: {
+                ID: parentKeyId,
+                Created: cobhan_1.default.buffer_to_int64(outputParentKeyCreatedBuffer)
+            }
+        }
+    };
+    return dataRowRecord;
+}
+exports.encrypt = encrypt;

package/package.json

@@ -1,14 +1,14 @@
 {
   "name": "asherah",
-  "version": "1.0.20",
+  "version": "1.0.23",
   "description": "Asherah envelope encryption and key rotation library",
-  "main": "index.js",
-  "type": "module",
+  "main": "dist/index.js",
   "repository": {
     "type": "git",
     "url": "https://github.com/jgowdy/asherah-cobhan.git"
   },
   "scripts": {
+    "build": "npx tsc",
     "test": "echo \"Error: no test specified\" && exit 1"
   },
   "keywords": [],
@@ -16,9 +16,18 @@
   "license": "MIT",
   "files": [
     "binaries/*.so",
-    "binaries/*.dylib"
+    "binaries/*.dylib",
+    "dist/index.d.ts"
   ],
   "dependencies": {
-    "cobhan": "^1.0.15"
-  }
+    "cobhan": "^1.0.21"
+  },
+  "devDependencies": {
+    "@types/node": "^17.0.21",
+    "@typescript-eslint/eslint-plugin": "^5.13.0",
+    "@typescript-eslint/parser": "^5.13.0",
+    "eslint": "^8.10.0",
+    "typescript": "^4.6.2"
+  },
+  "types": "./dist/index.d.ts"
 }

package/index.js

@@ -1,150 +0,0 @@
-import cobhan from 'cobhan'
-
-// KeyMeta contains the ID and Created timestamp for an encryption key.
-
-/**
- * @typedef {Object} KeyMeta
- * @property {string} ID
- * @property {number} Created
- */
-
-// DataRowRecord contains the encrypted key and provided data, as well as the information
-// required to decrypt the key encryption key. This struct should be stored in your
-// data persistence as it's required to decrypt data.
-
-/**
- * @typedef {Object} DataRowRecord
- * @property {EnvelopeKeyRecord} Key
- * @property {Buffer} Data
- */
-
-// EnvelopeKeyRecord represents an encrypted key and is the data structure used
-// to persist the key in our key table. It also contains the meta data
-// of the key used to encrypt it.
-
-/**
- * @typedef {Object} EnvelopeKeyRecord
- * @property {number} Created
- * @property {Buffer} EncryptedKey
- * @property {KeyMeta} ParentKeyMeta
- */
-
-  const libasherah = cobhan.load_platform_library('node_modules/asherah/binaries', 'libasherah', {
-    'Encrypt': ['int32', ['pointer', 'pointer', 'pointer', 'pointer', 'pointer', 'pointer', 'pointer']],
-    'Decrypt': ['int32', ['pointer', 'pointer', 'pointer', 'int64', 'pointer', 'int64', 'pointer']],
-    'Setup': ['int32', ['pointer', 'pointer', 'pointer', 'pointer', 'pointer', 'pointer', 'int32', 'pointer', 'pointer', 'pointer', 'pointer', 'int32', 'int32', 'int32' ]],
-    });
-
-/**
-* @param {string} args.kmsType
-* @param {string} args.metastore
-* @param {string} args.serviceName
-* @param {string} args.productId
-* @param {string} [args.rdbmsConnectionString]
-* @param {string} [args.dynamoDbEndpoint]
-* @param {string} [args.dynamoDbRegion]
-* @param {string} [args.dynamoDbTableName]
-* @param {boolean} [args.enableRegionSuffix]
-* @param {string} [args.preferredRegion]
-* @param {string} [args.regionMap]
-* @param {boolean} [args.verbose]
-* @param {boolean} [args.sessionCache]
-* @param {boolean} [args.debugOutput]
-*/
-function setup({
-    kmsType,
-    metastore,
-    serviceName,
-    productId,
-    rdbmsConnectionString = null,
-    dynamoDbEndpoint = null,
-    dynamoDbRegion = null,
-    dynamoDbTableName = null,
-    enableRegionSuffix = null,
-    preferredRegion = null,
-    regionMap = null,
-    verbose = false,
-    sessionCache = false,
-    debugOutput = false,
-}) {
-    const kmsTypeBuffer = cobhan.string_to_cbuffer(kmsType)
-    const metastoreBuffer = cobhan.string_to_cbuffer(metastore)
-    const rdbmsConnectionStringBuffer = cobhan.string_to_cbuffer(rdbmsConnectionString)
-    const dynamoDbEndpointBuffer = cobhan.string_to_cbuffer(dynamoDbEndpoint)
-    const dynamoDbRegionBuffer = cobhan.string_to_cbuffer(dynamoDbRegion)
-    const dynamoDbTableNameBuffer = cobhan.string_to_cbuffer(dynamoDbTableName)
-    const enableRegionSuffixInt = enableRegionSuffix ? 1 : 0
-    const serviceNameBuffer = cobhan.string_to_cbuffer(serviceName)
-    const productIdBuffer = cobhan.string_to_cbuffer(productId)
-    const preferredRegionBuffer = cobhan.string_to_cbuffer(preferredRegion)
-    const regionMapBuffer = cobhan.string_to_cbuffer(regionMap)
-    const verboseInt = verbose ? 1 : 0
-    const sessionCacheInt = sessionCache ? 1 : 0
-    const debugOutputInt = debugOutput ? 1 : 0
-
-    const result = libasherah.Setup(kmsTypeBuffer, metastoreBuffer, rdbmsConnectionStringBuffer, dynamoDbEndpointBuffer, dynamoDbRegionBuffer, dynamoDbTableNameBuffer, enableRegionSuffixInt, serviceNameBuffer, productIdBuffer, preferredRegionBuffer, regionMapBuffer, verboseInt, sessionCacheInt, debugOutputInt);
-    if (result < 0) {
-        throw new Error('setup failed: ' + result);
-    }
-}
-
-/**
-* @param {string} partitionId
-* @param {DataRowRecord} dataRowRecord
-* @return {Buffer}
-*/
-function decrypt(partitionId, dataRowRecord) {
-    const partitionIdBuffer = cobhan.string_to_cbuffer(partitionId);
-    const encryptedDataBuffer = cobhan.buffer_to_cbuffer(dataRowRecord['Data']);
-    const encryptedKeyBuffer = cobhan.buffer_to_cbuffer(dataRowRecord['Key']['EncryptedKey']);
-    const created = dataRowRecord['Key']['Created'];
-    const parentKeyIdBuffer = cobhan.string_to_cbuffer(dataRowRecord['Key']['ParentKeyMeta']['ID']);
-    const parentKeyCreated = dataRowRecord['Key']['ParentKeyMeta']['Created'];
-
-    const outputDataBuffer = cobhan.allocate_cbuffer(encryptedDataBuffer.length + 256);
-
-    const result = libasherah.Decrypt(partitionIdBuffer, encryptedDataBuffer, encryptedKeyBuffer, created, parentKeyIdBuffer, parentKeyCreated, outputDataBuffer);
-    if (result < 0) {
-        throw new Error('decrypt failed: ' + result);
-    }
-
-    return cobhan.cbuffer_to_buffer(outputDataBuffer);
-}
-
-/**
-* @param {string} partitionId
-* @param {Buffer} data
-* @return {DataRowRecord}
-*/
-function encrypt(partitionId, data) {
-    const partitionIdBuffer = cobhan.string_to_cbuffer(partitionId);
-    const dataBuffer = cobhan.buffer_to_cbuffer(data);
-    const outputEncryptedDataBuffer = cobhan.allocate_cbuffer(data.length + 256);
-    const outputEncryptedKeyBuffer = cobhan.allocate_cbuffer(256);
-    const outputCreatedBuffer = cobhan.int64_to_buffer(0);
-    const outputParentKeyIdBuffer = cobhan.allocate_cbuffer(256);
-    const outputParentKeyCreatedBuffer = cobhan.int64_to_buffer(0);
-
-    const result = libasherah.Encrypt(partitionIdBuffer, dataBuffer, outputEncryptedDataBuffer, outputEncryptedKeyBuffer,
-        outputCreatedBuffer, outputParentKeyIdBuffer, outputParentKeyCreatedBuffer);
-
-    if (result < 0) {
-        throw new Error('encrypt failed: ' + result);
-    }
-    const parentKeyId = cobhan.cbuffer_to_string(outputParentKeyIdBuffer);
-    const dataRowRecord = {
-        Data: cobhan.cbuffer_to_buffer(outputEncryptedDataBuffer),
-        Key: {
-            EncryptedKey: cobhan.cbuffer_to_buffer(outputEncryptedKeyBuffer),
-            Created: cobhan.buffer_to_int64(outputCreatedBuffer),
-            ParentKeyMeta: {
-                ID: parentKeyId,
-                Created: cobhan.buffer_to_int64(outputParentKeyCreatedBuffer)
-            }
-        }
-    };
-
-    return dataRowRecord;
-}
-
-export { encrypt, decrypt, setup };