asherah 1.0.43 → 1.0.46
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md
CHANGED
|
@@ -4,12 +4,13 @@ This is a wrapper of the Asherah Go implementation using the Cobhan FFI library
|
|
|
4
4
|
|
|
5
5
|
Example code:
|
|
6
6
|
|
|
7
|
+
### TypeScript
|
|
7
8
|
|
|
8
9
|
```typescript
|
|
9
10
|
import { AsherahConfig, decrypt, encrypt, setup, shutdown } from 'asherah'
|
|
10
11
|
|
|
11
12
|
const config: AsherahConfig = {
|
|
12
|
-
KMS: '
|
|
13
|
+
KMS: 'aws',
|
|
13
14
|
Metastore: 'memory',
|
|
14
15
|
ServiceName: 'TestService',
|
|
15
16
|
ProductID: 'TestProduct',
|
|
@@ -24,7 +25,7 @@ const config: AsherahConfig = {
|
|
|
24
25
|
DynamoDBTableName: null,
|
|
25
26
|
SessionCacheMaxSize: null,
|
|
26
27
|
SessionCacheDuration: null,
|
|
27
|
-
RegionMap:
|
|
28
|
+
RegionMap: {"us-west-2": "arn:aws:kms:us-west-2:XXXXXXXXX:key/XXXXXXXXXX"},
|
|
28
29
|
PreferredRegion: null,
|
|
29
30
|
EnableRegionSuffix: null
|
|
30
31
|
};
|
|
@@ -33,6 +34,8 @@ setup(config)
|
|
|
33
34
|
|
|
34
35
|
const input = 'mysecretdata'
|
|
35
36
|
|
|
37
|
+
console.log("Input: " + input)
|
|
38
|
+
|
|
36
39
|
const data = Buffer.from(input, 'utf8');
|
|
37
40
|
|
|
38
41
|
const encrypted = encrypt('partition', data);
|
|
@@ -41,5 +44,53 @@ const decrypted = decrypt('partition', encrypted);
|
|
|
41
44
|
|
|
42
45
|
const output = decrypted.toString('utf8');
|
|
43
46
|
|
|
47
|
+
console.log("Output: " + output)
|
|
48
|
+
|
|
44
49
|
shutdown()
|
|
45
50
|
```
|
|
51
|
+
|
|
52
|
+
### JavaScript
|
|
53
|
+
|
|
54
|
+
```javascript
|
|
55
|
+
|
|
56
|
+
const asherah = require('asherah')
|
|
57
|
+
|
|
58
|
+
const config = {
|
|
59
|
+
KMS: 'aws',
|
|
60
|
+
Metastore: 'memory',
|
|
61
|
+
ServiceName: 'TestService',
|
|
62
|
+
ProductID: 'TestProduct',
|
|
63
|
+
Verbose: true,
|
|
64
|
+
EnableSessionCaching: true,
|
|
65
|
+
ExpireAfter: null,
|
|
66
|
+
CheckInterval: null,
|
|
67
|
+
ConnectionString: null,
|
|
68
|
+
ReplicaReadConsistency: null,
|
|
69
|
+
DynamoDBEndpoint: null,
|
|
70
|
+
DynamoDBRegion: null,
|
|
71
|
+
DynamoDBTableName: null,
|
|
72
|
+
SessionCacheMaxSize: null,
|
|
73
|
+
SessionCacheDuration: null,
|
|
74
|
+
RegionMap: {"us-west-2": "arn:aws:kms:us-west-2:XXXXXXXXX:key/XXXXXXXXXX"},
|
|
75
|
+
PreferredRegion: null,
|
|
76
|
+
EnableRegionSuffix: null
|
|
77
|
+
};
|
|
78
|
+
|
|
79
|
+
asherah.setup(config)
|
|
80
|
+
|
|
81
|
+
const input = 'mysecretdata'
|
|
82
|
+
|
|
83
|
+
console.log("Input: " + input)
|
|
84
|
+
|
|
85
|
+
const data = Buffer.from(input, 'utf8');
|
|
86
|
+
|
|
87
|
+
const encrypted = asherah.encrypt('partition', data);
|
|
88
|
+
|
|
89
|
+
const decrypted = asherah.decrypt('partition', encrypted);
|
|
90
|
+
|
|
91
|
+
const output = decrypted.toString('utf8');
|
|
92
|
+
|
|
93
|
+
console.log("Output: " + output)
|
|
94
|
+
|
|
95
|
+
asherah.shutdown()
|
|
96
|
+
```
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
package/dist/asherah.d.ts
CHANGED
package/dist/asherah.js
CHANGED
|
@@ -6,13 +6,24 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
6
6
|
exports.encrypt_string = exports.decrypt_string = exports.encrypt = exports.decrypt = exports.shutdown = exports.setup = void 0;
|
|
7
7
|
const cobhan_1 = require("cobhan");
|
|
8
8
|
const fs_1 = __importDefault(require("fs"));
|
|
9
|
+
const ref_napi_1 = __importDefault(require("ref-napi"));
|
|
9
10
|
const binaries_path = find_binaries();
|
|
10
11
|
const libasherah = (0, cobhan_1.load_platform_library)(binaries_path, 'libasherah', {
|
|
11
|
-
'SetupJson': [
|
|
12
|
-
'EncryptToJson': [
|
|
13
|
-
'DecryptFromJson': [
|
|
14
|
-
'Shutdown': [
|
|
12
|
+
'SetupJson': [ref_napi_1.default.types.int32, [ref_napi_1.default.refType(ref_napi_1.default.types.void)]],
|
|
13
|
+
'EncryptToJson': [ref_napi_1.default.types.int32, [ref_napi_1.default.refType(ref_napi_1.default.types.void), ref_napi_1.default.refType(ref_napi_1.default.types.void), ref_napi_1.default.refType(ref_napi_1.default.types.void)]],
|
|
14
|
+
'DecryptFromJson': [ref_napi_1.default.types.int32, [ref_napi_1.default.refType(ref_napi_1.default.types.void), ref_napi_1.default.refType(ref_napi_1.default.types.void), ref_napi_1.default.refType(ref_napi_1.default.types.void)]],
|
|
15
|
+
'Shutdown': [ref_napi_1.default.types.void, []]
|
|
15
16
|
});
|
|
17
|
+
const DecryptFromJson = libasherah["DecryptFromJson"];
|
|
18
|
+
const EncryptToJson = libasherah["EncryptToJson"];
|
|
19
|
+
const EstimatedEncryptionOverhead = 48;
|
|
20
|
+
const EstimatedEnvelopeOverhead = 185;
|
|
21
|
+
const Base64Overhead = 1.34;
|
|
22
|
+
let EstimatedIntermediateKeyOverhead = 0;
|
|
23
|
+
function estimate_buffer(dataLen, partitionLen) {
|
|
24
|
+
const estimatedDataLen = (dataLen + EstimatedEncryptionOverhead) * Base64Overhead;
|
|
25
|
+
return cobhan_1.header_size + EstimatedEnvelopeOverhead + EstimatedIntermediateKeyOverhead + partitionLen + estimatedDataLen;
|
|
26
|
+
}
|
|
16
27
|
function find_binaries() {
|
|
17
28
|
if (fs_1.default.existsSync('node_modules/asherah/binaries')) {
|
|
18
29
|
return 'node_modules/asherah/binaries';
|
|
@@ -24,6 +35,7 @@ function find_binaries() {
|
|
|
24
35
|
}
|
|
25
36
|
function setup(config) {
|
|
26
37
|
const configJsonBuffer = (0, cobhan_1.json_to_cbuffer)(config);
|
|
38
|
+
EstimatedIntermediateKeyOverhead = config.ProductID.length + config.ServiceName.length;
|
|
27
39
|
const result = libasherah.SetupJson(configJsonBuffer);
|
|
28
40
|
if (result < 0) {
|
|
29
41
|
throw new Error('setupJson failed: ' + result);
|
|
@@ -38,7 +50,7 @@ function decrypt(partitionId, dataRowRecord) {
|
|
|
38
50
|
const partitionIdBuffer = (0, cobhan_1.string_to_cbuffer)(partitionId);
|
|
39
51
|
const jsonBuffer = (0, cobhan_1.string_to_cbuffer)(dataRowRecord);
|
|
40
52
|
const outputDataBuffer = (0, cobhan_1.allocate_cbuffer)(jsonBuffer.byteLength);
|
|
41
|
-
const result =
|
|
53
|
+
const result = DecryptFromJson(partitionIdBuffer, jsonBuffer, outputDataBuffer);
|
|
42
54
|
if (result < 0) {
|
|
43
55
|
throw new Error('decrypt failed: ' + result);
|
|
44
56
|
}
|
|
@@ -46,11 +58,10 @@ function decrypt(partitionId, dataRowRecord) {
|
|
|
46
58
|
}
|
|
47
59
|
exports.decrypt = decrypt;
|
|
48
60
|
function encrypt(partitionId, data) {
|
|
49
|
-
const json_overhead = 256;
|
|
50
61
|
const partitionIdBuffer = (0, cobhan_1.string_to_cbuffer)(partitionId);
|
|
51
62
|
const dataBuffer = (0, cobhan_1.buffer_to_cbuffer)(data);
|
|
52
|
-
const outputJsonBuffer = (0, cobhan_1.allocate_cbuffer)(data.byteLength
|
|
53
|
-
const result =
|
|
63
|
+
const outputJsonBuffer = (0, cobhan_1.allocate_cbuffer)(estimate_buffer(data.byteLength, partitionId.length));
|
|
64
|
+
const result = EncryptToJson(partitionIdBuffer, dataBuffer, outputJsonBuffer);
|
|
54
65
|
if (result < 0) {
|
|
55
66
|
throw new Error('encrypt failed: ' + result);
|
|
56
67
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "asherah",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.46",
|
|
4
4
|
"description": "Asherah envelope encryption and key rotation library",
|
|
5
5
|
"main": "dist/asherah.js",
|
|
6
6
|
"repository": {
|
|
@@ -27,6 +27,7 @@
|
|
|
27
27
|
"@types/chai": "^4.3.0",
|
|
28
28
|
"@types/mocha": "^9.1.0",
|
|
29
29
|
"@types/node": "^17.0.21",
|
|
30
|
+
"@types/ref-napi": "^3.0.4",
|
|
30
31
|
"@typescript-eslint/eslint-plugin": "^5.13.0",
|
|
31
32
|
"@typescript-eslint/parser": "^5.13.0",
|
|
32
33
|
"benchmark": "^2.1.4",
|
|
@@ -48,6 +49,7 @@
|
|
|
48
49
|
},
|
|
49
50
|
"types": "dist/asherah.d.ts",
|
|
50
51
|
"dependencies": {
|
|
51
|
-
"cobhan": "^1.0.
|
|
52
|
+
"cobhan": "^1.0.33",
|
|
53
|
+
"ref-napi": "^3.0.3"
|
|
52
54
|
}
|
|
53
55
|
}
|