asherah 1.0.35 → 1.0.38

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +33 -15
  2. package/dist/asherah.d.ts +45 -0
  3. package/dist/asherah.js +18 -29
  4. package/package.json +5 -2
package/README.md CHANGED
@@ -5,23 +5,41 @@ This is a wrapper of the Asherah Go implementation using the Cobhan FFI library
5
5
  Example code:
6
6
 
7
7
 
8
- ```javascript
9
- import { setup, encrypt, decrypt } from 'asherah'
10
-
11
- setup({
12
- kmsType: 'static',
13
- metastore: 'memory',
14
- serviceName: 'TestService',
15
- productId: 'TestProduct',
16
- verbose: true,
17
- sessionCache: true
18
- });
19
-
20
- const data = Buffer.from('mysecretdata', 'utf8');
8
+ ```typescript
9
+ import { AsherahConfig, decrypt, encrypt, setup, shutdown } from 'asherah'
10
+
11
+ const config: AsherahConfig = {
12
+ KMS: 'static',
13
+ Metastore: 'memory',
14
+ ServiceName: 'TestService',
15
+ ProductID: 'TestProduct',
16
+ Verbose: true,
17
+ EnableSessionCaching: true,
18
+ ExpireAfter: null,
19
+ CheckInterval: null,
20
+ ConnectionString: null,
21
+ ReplicaReadConsistency: null,
22
+ DynamoDBEndpoint: null,
23
+ DynamoDBRegion: null,
24
+ DynamoDBTableName: null,
25
+ SessionCacheMaxSize: null,
26
+ SessionCacheDuration: null,
27
+ RegionMap: null,
28
+ PreferredRegion: null,
29
+ EnableRegionSuffix: null
30
+ };
31
+
32
+ setup(config)
33
+
34
+ const input = 'mysecretdata'
35
+
36
+ const data = Buffer.from(input, 'utf8');
21
37
 
22
38
  const encrypted = encrypt('partition', data);
23
- console.log(encrypted);
24
39
 
25
40
  const decrypted = decrypt('partition', encrypted);
26
- console.log("Decrypted: " + decrypted.toString('utf8'));
41
+
42
+ const output = decrypted.toString('utf8');
43
+
44
+ shutdown()
27
45
  ```
package/dist/asherah.d.ts ADDED
@@ -0,0 +1,45 @@
1
+ /// <reference types="node" />
2
+ export declare type AsherahConfig = {
3
+ /** The name of this service (Required) */
4
+ ServiceName: string;
5
+ /** The name of the product that owns this service (Required) */
6
+ ProductID: string;
7
+ /** The amount of time a key is considered valid */
8
+ ExpireAfter: number | null;
9
+ /** The amount of time before cached keys are considered stale */
10
+ CheckInterval: number | null;
11
+ /** Determines the type of metastore to use for persisting keys (Required) { "rdbms", "dynamodb", "memory" } */
12
+ Metastore: string;
13
+ /** The database connection string (Required if metastore=rdbms) */
14
+ ConnectionString: string | null;
15
+ /** Required for Aurora sessions using write forwarding { "eventual", "global", "session" } */
16
+ ReplicaReadConsistency: string | null;
17
+ /** An optional endpoint URL (hostname only or fully qualified URI) (only supported by metastore=dynamodb) */
18
+ DynamoDBEndpoint: string | null;
19
+ /** The AWS region for DynamoDB requests (defaults to globally configured region) (only supported by metastore=dynamodb) */
20
+ DynamoDBRegion: string | null;
21
+ /** The table name for DynamoDB (only supported by metastore=dynamodb) */
22
+ DynamoDBTableName: string | null;
23
+ /** Define the maximum number of sessions to cache (Default 1000) */
24
+ SessionCacheMaxSize: number | null;
25
+ /** The amount of time a session will remain cached (Default 2h) */
26
+ SessionCacheDuration: number | null;
27
+ /** Configures the master key management service (Default kms) { "aws", "static" } */
28
+ KMS: string | null;
29
+ /** A comma separated list of key-value pairs in the form of REGION1=ARN1[,REGION2=ARN2] (required if kms=aws) */
30
+ RegionMap: string | null;
31
+ /** The preferred AWS region (required if kms=aws) */
32
+ PreferredRegion: string | null;
33
+ /** Configure the metastore to use regional suffixes (only supported by metastore=dynamodb) */
34
+ EnableRegionSuffix: boolean | null;
35
+ /** Enable shared session caching */
36
+ EnableSessionCaching: boolean | null;
37
+ /** Enable verbose logging output */
38
+ Verbose: boolean | null;
39
+ };
40
+ export declare function setup(config: AsherahConfig): void;
41
+ export declare function shutdown(): void;
42
+ export declare function decrypt(partitionId: string, dataRowRecord: string): Buffer;
43
+ export declare function encrypt(partitionId: string, data: Buffer): string;
44
+ export declare function decrypt_string(partitionId: string, dataRowRecord: string): string;
45
+ export declare function encrypt_string(partitionId: string, data: string): string;
package/dist/asherah.js CHANGED
@@ -3,14 +3,14 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
3
3
  return (mod && mod.__esModule) ? mod : { "default": mod };
4
4
  };
5
5
  Object.defineProperty(exports, "__esModule", { value: true });
6
- exports.encrypt = exports.decrypt = exports.shutdown = exports.setup = void 0;
6
+ exports.encrypt_string = exports.decrypt_string = exports.encrypt = exports.decrypt = exports.shutdown = exports.setup = void 0;
7
7
  const cobhan_1 = require("cobhan");
8
8
  const fs_1 = __importDefault(require("fs"));
9
9
  const binaries_path = find_binaries();
10
10
  const libasherah = (0, cobhan_1.load_platform_library)(binaries_path, 'libasherah', {
11
- 'Encrypt': ['int32', ['pointer', 'pointer', 'pointer', 'pointer', 'pointer', 'pointer', 'pointer']],
12
- 'Decrypt': ['int32', ['pointer', 'pointer', 'pointer', 'int64', 'pointer', 'int64', 'pointer']],
13
11
  'SetupJson': ['int32', ['pointer']],
12
+ 'EncryptToJson': ['int32', ['pointer', 'pointer', 'pointer']],
13
+ 'DecryptFromJson': ['int32', ['pointer', 'pointer', 'pointer']],
14
14
  'Shutdown': ['void', []]
15
15
  });
16
16
  function find_binaries() {
@@ -36,13 +36,9 @@ function shutdown() {
36
36
  exports.shutdown = shutdown;
37
37
  function decrypt(partitionId, dataRowRecord) {
38
38
  const partitionIdBuffer = (0, cobhan_1.string_to_cbuffer)(partitionId);
39
- const encryptedDataBuffer = (0, cobhan_1.buffer_to_cbuffer)(dataRowRecord.Data);
40
- const encryptedKeyBuffer = (0, cobhan_1.buffer_to_cbuffer)(dataRowRecord.Key.EncryptedKey);
41
- const created = dataRowRecord.Key.Created;
42
- const parentKeyIdBuffer = (0, cobhan_1.string_to_cbuffer)(dataRowRecord.Key.ParentKeyMeta.ID);
43
- const parentKeyCreated = dataRowRecord.Key.ParentKeyMeta.Created;
44
- const outputDataBuffer = (0, cobhan_1.allocate_cbuffer)(encryptedDataBuffer.length + 256);
45
- const result = libasherah.Decrypt(partitionIdBuffer, encryptedDataBuffer, encryptedKeyBuffer, created, parentKeyIdBuffer, parentKeyCreated, outputDataBuffer);
39
+ const jsonBuffer = (0, cobhan_1.string_to_cbuffer)(dataRowRecord);
40
+ const outputDataBuffer = (0, cobhan_1.allocate_cbuffer)(jsonBuffer.byteLength);
41
+ const result = libasherah.DecryptFromJson(partitionIdBuffer, jsonBuffer, outputDataBuffer);
46
42
  if (result < 0) {
47
43
  throw new Error('decrypt failed: ' + result);
48
44
  }
@@ -50,29 +46,22 @@ function decrypt(partitionId, dataRowRecord) {
50
46
  }
51
47
  exports.decrypt = decrypt;
52
48
  function encrypt(partitionId, data) {
49
+ const json_overhead = 256;
53
50
  const partitionIdBuffer = (0, cobhan_1.string_to_cbuffer)(partitionId);
54
51
  const dataBuffer = (0, cobhan_1.buffer_to_cbuffer)(data);
55
- const outputEncryptedDataBuffer = (0, cobhan_1.allocate_cbuffer)(data.length + 256);
56
- const outputEncryptedKeyBuffer = (0, cobhan_1.allocate_cbuffer)(256);
57
- const outputCreatedBuffer = (0, cobhan_1.int64_to_buffer)(0);
58
- const outputParentKeyIdBuffer = (0, cobhan_1.allocate_cbuffer)(256);
59
- const outputParentKeyCreatedBuffer = (0, cobhan_1.int64_to_buffer)(0);
60
- const result = libasherah.Encrypt(partitionIdBuffer, dataBuffer, outputEncryptedDataBuffer, outputEncryptedKeyBuffer, outputCreatedBuffer, outputParentKeyIdBuffer, outputParentKeyCreatedBuffer);
52
+ const outputJsonBuffer = (0, cobhan_1.allocate_cbuffer)(data.byteLength + json_overhead);
53
+ const result = libasherah.EncryptToJson(partitionIdBuffer, dataBuffer, outputJsonBuffer);
61
54
  if (result < 0) {
62
55
  throw new Error('encrypt failed: ' + result);
63
56
  }
64
- const parentKeyId = (0, cobhan_1.cbuffer_to_string)(outputParentKeyIdBuffer);
65
- const dataRowRecord = {
66
- Data: (0, cobhan_1.cbuffer_to_buffer)(outputEncryptedDataBuffer),
67
- Key: {
68
- EncryptedKey: (0, cobhan_1.cbuffer_to_buffer)(outputEncryptedKeyBuffer),
69
- Created: (0, cobhan_1.buffer_to_int64)(outputCreatedBuffer),
70
- ParentKeyMeta: {
71
- ID: parentKeyId,
72
- Created: (0, cobhan_1.buffer_to_int64)(outputParentKeyCreatedBuffer)
73
- }
74
- }
75
- };
76
- return dataRowRecord;
57
+ return (0, cobhan_1.cbuffer_to_string)(outputJsonBuffer);
77
58
  }
78
59
  exports.encrypt = encrypt;
60
+ function decrypt_string(partitionId, dataRowRecord) {
61
+ return decrypt(partitionId, dataRowRecord).toString('utf8');
62
+ }
63
+ exports.decrypt_string = decrypt_string;
64
+ function encrypt_string(partitionId, data) {
65
+ return encrypt(partitionId, Buffer.from(data, 'utf8'));
66
+ }
67
+ exports.encrypt_string = encrypt_string;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "asherah",
3
- "version": "1.0.35",
3
+ "version": "1.0.38",
4
4
  "description": "Asherah envelope encryption and key rotation library",
5
5
  "main": "dist/asherah.js",
6
6
  "repository": {
@@ -20,16 +20,19 @@
20
20
  "files": [
21
21
  "binaries/*.so",
22
22
  "binaries/*.dylib",
23
- "dist/index.d.ts"
23
+ "dist/asherah.d.ts"
24
24
  ],
25
25
  "devDependencies": {
26
+ "@types/benchmark": "^2.1.1",
26
27
  "@types/chai": "^4.3.0",
27
28
  "@types/mocha": "^9.1.0",
28
29
  "@types/node": "^17.0.21",
29
30
  "@typescript-eslint/eslint-plugin": "^5.13.0",
30
31
  "@typescript-eslint/parser": "^5.13.0",
32
+ "benchmark": "^2.1.4",
31
33
  "chai": "^4.3.6",
32
34
  "eslint": "^8.10.0",
35
+ "microtime": "^3.0.0",
33
36
  "mocha": "^9.2.1",
34
37
  "nyc": "^15.1.0",
35
38
  "ts-mocha": "^9.0.2",