asherah 1.0.36 → 1.0.37
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +33 -15
- package/dist/asherah.js +18 -29
- package/package.json +4 -1
package/README.md
CHANGED
|
@@ -5,23 +5,41 @@ This is a wrapper of the Asherah Go implementation using the Cobhan FFI library
|
|
|
5
5
|
Example code:
|
|
6
6
|
|
|
7
7
|
|
|
8
|
-
```
|
|
9
|
-
import {
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
8
|
+
```typescript
|
|
9
|
+
import { AsherahConfig, decrypt, encrypt, setup, shutdown } from 'asherah'
|
|
10
|
+
|
|
11
|
+
const config: AsherahConfig = {
|
|
12
|
+
KMS: 'static',
|
|
13
|
+
Metastore: 'memory',
|
|
14
|
+
ServiceName: 'TestService',
|
|
15
|
+
ProductID: 'TestProduct',
|
|
16
|
+
Verbose: true,
|
|
17
|
+
EnableSessionCaching: true,
|
|
18
|
+
ExpireAfter: null,
|
|
19
|
+
CheckInterval: null,
|
|
20
|
+
ConnectionString: null,
|
|
21
|
+
ReplicaReadConsistency: null,
|
|
22
|
+
DynamoDBEndpoint: null,
|
|
23
|
+
DynamoDBRegion: null,
|
|
24
|
+
DynamoDBTableName: null,
|
|
25
|
+
SessionCacheMaxSize: null,
|
|
26
|
+
SessionCacheDuration: null,
|
|
27
|
+
RegionMap: null,
|
|
28
|
+
PreferredRegion: null,
|
|
29
|
+
EnableRegionSuffix: null
|
|
30
|
+
};
|
|
31
|
+
|
|
32
|
+
setup(config)
|
|
33
|
+
|
|
34
|
+
const input = 'mysecretdata'
|
|
35
|
+
|
|
36
|
+
const data = Buffer.from(input, 'utf8');
|
|
21
37
|
|
|
22
38
|
const encrypted = encrypt('partition', data);
|
|
23
|
-
console.log(encrypted);
|
|
24
39
|
|
|
25
40
|
const decrypted = decrypt('partition', encrypted);
|
|
26
|
-
|
|
41
|
+
|
|
42
|
+
const output = decrypted.toString('utf8');
|
|
43
|
+
|
|
44
|
+
shutdown()
|
|
27
45
|
```
|
package/dist/asherah.js
CHANGED
|
@@ -3,14 +3,14 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
3
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
-
exports.encrypt = exports.decrypt = exports.shutdown = exports.setup = void 0;
|
|
6
|
+
exports.encrypt_string = exports.decrypt_string = exports.encrypt = exports.decrypt = exports.shutdown = exports.setup = void 0;
|
|
7
7
|
const cobhan_1 = require("cobhan");
|
|
8
8
|
const fs_1 = __importDefault(require("fs"));
|
|
9
9
|
const binaries_path = find_binaries();
|
|
10
10
|
const libasherah = (0, cobhan_1.load_platform_library)(binaries_path, 'libasherah', {
|
|
11
|
-
'Encrypt': ['int32', ['pointer', 'pointer', 'pointer', 'pointer', 'pointer', 'pointer', 'pointer']],
|
|
12
|
-
'Decrypt': ['int32', ['pointer', 'pointer', 'pointer', 'int64', 'pointer', 'int64', 'pointer']],
|
|
13
11
|
'SetupJson': ['int32', ['pointer']],
|
|
12
|
+
'EncryptToJson': ['int32', ['pointer', 'pointer', 'pointer']],
|
|
13
|
+
'DecryptFromJson': ['int32', ['pointer', 'pointer', 'pointer']],
|
|
14
14
|
'Shutdown': ['void', []]
|
|
15
15
|
});
|
|
16
16
|
function find_binaries() {
|
|
@@ -36,13 +36,9 @@ function shutdown() {
|
|
|
36
36
|
exports.shutdown = shutdown;
|
|
37
37
|
function decrypt(partitionId, dataRowRecord) {
|
|
38
38
|
const partitionIdBuffer = (0, cobhan_1.string_to_cbuffer)(partitionId);
|
|
39
|
-
const
|
|
40
|
-
const
|
|
41
|
-
const
|
|
42
|
-
const parentKeyIdBuffer = (0, cobhan_1.string_to_cbuffer)(dataRowRecord.Key.ParentKeyMeta.ID);
|
|
43
|
-
const parentKeyCreated = dataRowRecord.Key.ParentKeyMeta.Created;
|
|
44
|
-
const outputDataBuffer = (0, cobhan_1.allocate_cbuffer)(encryptedDataBuffer.length + 256);
|
|
45
|
-
const result = libasherah.Decrypt(partitionIdBuffer, encryptedDataBuffer, encryptedKeyBuffer, created, parentKeyIdBuffer, parentKeyCreated, outputDataBuffer);
|
|
39
|
+
const jsonBuffer = (0, cobhan_1.string_to_cbuffer)(dataRowRecord);
|
|
40
|
+
const outputDataBuffer = (0, cobhan_1.allocate_cbuffer)(jsonBuffer.byteLength);
|
|
41
|
+
const result = libasherah.DecryptFromJson(partitionIdBuffer, jsonBuffer, outputDataBuffer);
|
|
46
42
|
if (result < 0) {
|
|
47
43
|
throw new Error('decrypt failed: ' + result);
|
|
48
44
|
}
|
|
@@ -50,29 +46,22 @@ function decrypt(partitionId, dataRowRecord) {
|
|
|
50
46
|
}
|
|
51
47
|
exports.decrypt = decrypt;
|
|
52
48
|
function encrypt(partitionId, data) {
|
|
49
|
+
const json_overhead = 256;
|
|
53
50
|
const partitionIdBuffer = (0, cobhan_1.string_to_cbuffer)(partitionId);
|
|
54
51
|
const dataBuffer = (0, cobhan_1.buffer_to_cbuffer)(data);
|
|
55
|
-
const
|
|
56
|
-
const
|
|
57
|
-
const outputCreatedBuffer = (0, cobhan_1.int64_to_buffer)(0);
|
|
58
|
-
const outputParentKeyIdBuffer = (0, cobhan_1.allocate_cbuffer)(256);
|
|
59
|
-
const outputParentKeyCreatedBuffer = (0, cobhan_1.int64_to_buffer)(0);
|
|
60
|
-
const result = libasherah.Encrypt(partitionIdBuffer, dataBuffer, outputEncryptedDataBuffer, outputEncryptedKeyBuffer, outputCreatedBuffer, outputParentKeyIdBuffer, outputParentKeyCreatedBuffer);
|
|
52
|
+
const outputJsonBuffer = (0, cobhan_1.allocate_cbuffer)(data.byteLength + json_overhead);
|
|
53
|
+
const result = libasherah.EncryptToJson(partitionIdBuffer, dataBuffer, outputJsonBuffer);
|
|
61
54
|
if (result < 0) {
|
|
62
55
|
throw new Error('encrypt failed: ' + result);
|
|
63
56
|
}
|
|
64
|
-
|
|
65
|
-
const dataRowRecord = {
|
|
66
|
-
Data: (0, cobhan_1.cbuffer_to_buffer)(outputEncryptedDataBuffer),
|
|
67
|
-
Key: {
|
|
68
|
-
EncryptedKey: (0, cobhan_1.cbuffer_to_buffer)(outputEncryptedKeyBuffer),
|
|
69
|
-
Created: (0, cobhan_1.buffer_to_int64)(outputCreatedBuffer),
|
|
70
|
-
ParentKeyMeta: {
|
|
71
|
-
ID: parentKeyId,
|
|
72
|
-
Created: (0, cobhan_1.buffer_to_int64)(outputParentKeyCreatedBuffer)
|
|
73
|
-
}
|
|
74
|
-
}
|
|
75
|
-
};
|
|
76
|
-
return dataRowRecord;
|
|
57
|
+
return (0, cobhan_1.cbuffer_to_string)(outputJsonBuffer);
|
|
77
58
|
}
|
|
78
59
|
exports.encrypt = encrypt;
|
|
60
|
+
function decrypt_string(partitionId, dataRowRecord) {
|
|
61
|
+
return decrypt(partitionId, dataRowRecord).toString('utf8');
|
|
62
|
+
}
|
|
63
|
+
exports.decrypt_string = decrypt_string;
|
|
64
|
+
function encrypt_string(partitionId, data) {
|
|
65
|
+
return encrypt(partitionId, Buffer.from(data, 'utf8'));
|
|
66
|
+
}
|
|
67
|
+
exports.encrypt_string = encrypt_string;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "asherah",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.37",
|
|
4
4
|
"description": "Asherah envelope encryption and key rotation library",
|
|
5
5
|
"main": "dist/asherah.js",
|
|
6
6
|
"repository": {
|
|
@@ -23,13 +23,16 @@
|
|
|
23
23
|
"dist/index.d.ts"
|
|
24
24
|
],
|
|
25
25
|
"devDependencies": {
|
|
26
|
+
"@types/benchmark": "^2.1.1",
|
|
26
27
|
"@types/chai": "^4.3.0",
|
|
27
28
|
"@types/mocha": "^9.1.0",
|
|
28
29
|
"@types/node": "^17.0.21",
|
|
29
30
|
"@typescript-eslint/eslint-plugin": "^5.13.0",
|
|
30
31
|
"@typescript-eslint/parser": "^5.13.0",
|
|
32
|
+
"benchmark": "^2.1.4",
|
|
31
33
|
"chai": "^4.3.6",
|
|
32
34
|
"eslint": "^8.10.0",
|
|
35
|
+
"microtime": "^3.0.0",
|
|
33
36
|
"mocha": "^9.2.1",
|
|
34
37
|
"nyc": "^15.1.0",
|
|
35
38
|
"ts-mocha": "^9.0.2",
|