├── .eslintrc.js ├── .github ├── CODEOWNERS ├── ISSUE_TEMPLATE │ └── aws-encryption-sdk-issue.md ├── PULL_REQUEST_TEMPLATE.md ├── dependabot.yml ├── not-grep.toml └── workflows │ ├── ci.yml │ ├── ci_static-analysis.yaml │ ├── daily_ci.yml │ └── repo-sync.yml ├── .gitignore ├── .gitmodules ├── .prettierignore ├── .prettierrc.js ├── CHANGELOG.md ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE ├── NOTICE ├── README.md ├── SUPPORT_POLICY.rst ├── VERSIONING.md ├── buildspec.yml ├── codebuild ├── browser18.yml ├── compliance.yml ├── nodejs16.yml ├── nodejs18.yml ├── nodejs20.yml ├── release │ ├── prod-release.yml │ ├── publish.yml │ └── version.yml └── test_vectors │ ├── browser18.yml │ ├── nodejs16.yml │ ├── nodejs18.yml │ └── nodejs20.yml ├── compliance_exceptions ├── master-key-exception.ts └── master-key-provider-exception.ts ├── karma.conf.js ├── lerna.json ├── modules ├── branch-keystore-node │ ├── .eslintrc.js │ ├── .gitignore │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── README.md │ ├── package.json │ ├── src │ │ ├── branch_keystore.ts │ │ ├── branch_keystore_helpers.ts │ │ ├── branch_keystore_structures.ts │ │ ├── constants.ts │ │ ├── dynamodb_key_storage.ts │ │ ├── index.ts │ │ ├── kms_config.ts │ │ └── types.ts │ ├── test │ │ ├── branch_keystore.test.ts │ │ ├── branch_keystore_helpers.test.ts │ │ ├── fixtures.ts │ │ └── kms_config.test.ts │ ├── tsconfig.json │ └── tsconfig.module.json ├── cache-material │ ├── .eslintrc.js │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── README.md │ ├── package.json │ ├── src │ │ ├── build_cryptographic_materials_cache_key_helpers.ts │ │ ├── caching_cryptographic_materials_decorators.ts │ │ ├── cryptographic_materials_cache.ts │ │ ├── get_local_cryptographic_materials_cache.ts │ │ ├── index.ts │ │ └── portable_compare.ts │ ├── test │ │ ├── build_cryptographic_materials_cache_key_helpers.test.ts │ │ ├── caching_cryptographic_materials_decorators.test.ts │ │ ├── fixtures.ts │ │ ├── get_local_cryptographic_materials_cache.test.ts │ │ └── portable_compare.test.ts │ ├── tsconfig.json │ └── tsconfig.module.json ├── caching-materials-manager-browser │ ├── .eslintrc.js │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── README.md │ ├── karma.conf.js │ ├── package.json │ ├── src │ │ ├── caching_materials_manager_browser.ts │ │ ├── index.ts │ │ └── sha512.ts │ ├── test │ │ ├── caching_materials_manager_browser.test.ts │ │ └── sha512.test.ts │ ├── tsconfig.json │ └── tsconfig.module.json ├── caching-materials-manager-node │ ├── .eslintrc.js │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── README.md │ ├── package.json │ ├── src │ │ ├── caching_materials_manager_node.ts │ │ ├── index.ts │ │ └── sha512.ts │ ├── test │ │ ├── caching_materials_manager_node.test.ts │ │ └── sha512.test.ts │ ├── tsconfig.json │ └── tsconfig.module.json ├── client-browser │ ├── .eslintrc.js │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── Readme.md │ ├── package.json │ ├── src │ │ └── index.ts │ ├── tsconfig.json │ └── tsconfig.module.json ├── client-node │ ├── .eslintrc.js │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── Readme.md │ ├── package.json │ ├── src │ │ └── index.ts │ ├── tsconfig.json │ └── tsconfig.module.json ├── decrypt-browser │ ├── .eslintrc.js │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── README.md │ ├── karma.conf.js │ ├── package.json │ ├── src │ │ ├── decrypt.ts │ │ ├── decrypt_client.ts │ │ └── index.ts │ ├── test │ │ ├── compatibility.test.ts │ │ ├── decrypt.test.ts │ │ ├── decrypt_client.test.ts │ │ └── fixtures.ts │ ├── tsconfig.json │ └── tsconfig.module.json ├── decrypt-node │ ├── .eslintrc.js │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── README.md │ ├── package.json │ ├── src │ │ ├── decipher_stream.ts │ │ ├── decrypt.ts │ │ ├── decrypt_client.ts │ │ ├── decrypt_stream.ts │ │ ├── index.ts │ │ ├── parse_header_stream.ts │ │ ├── types.ts │ │ └── verify_stream.ts │ ├── test │ │ ├── compatibility.test.ts │ │ ├── decipher_stream.test.ts │ │ ├── decrypt.test.ts │ │ ├── decrypt_client.test.ts │ │ ├── fixtures.ts │ │ ├── parse_header_stream.test.ts │ │ └── verify_stream.test.ts │ ├── tsconfig.json │ └── tsconfig.module.json ├── encrypt-browser │ ├── .eslintrc.js │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── README.md │ ├── karma.conf.js │ ├── package.json │ ├── src │ │ ├── encrypt.ts │ │ ├── encrypt_client.ts │ │ └── index.ts │ ├── test │ │ ├── encrypt.test.ts │ │ └── encrypt_client.test.ts │ ├── tsconfig.json │ └── tsconfig.module.json ├── encrypt-node │ ├── .eslintrc.js │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── README.md │ ├── package.json │ ├── src │ │ ├── encrypt.ts │ │ ├── encrypt_client.ts │ │ ├── encrypt_stream.ts │ │ ├── framed_encrypt_stream.ts │ │ ├── index.ts │ │ └── signature_stream.ts │ ├── test │ │ ├── encrypt.test.ts │ │ ├── encrypt_client.test.ts │ │ └── framed_encrypt_stream.test.ts │ ├── tsconfig.json │ └── tsconfig.module.json ├── example-browser │ ├── .eslintrc.js │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── Readme.md │ ├── html │ │ ├── aes_simple.html │ │ ├── caching_cmm.html │ │ ├── disable_commitment.html │ │ ├── fallback.html │ │ ├── kms_simple.html │ │ ├── multi_keyring.html │ │ └── rsa_simple.html │ ├── karma.conf.js │ ├── package.json │ ├── src │ │ ├── aes_simple.ts │ │ ├── caching_cmm.ts │ │ ├── disable_commitment.ts │ │ ├── fallback.ts │ │ ├── index.ts │ │ ├── kms_max_encrypted_data_keys.ts │ │ ├── kms_multi_region_discovery.ts │ │ ├── kms_multi_region_simple.ts │ │ ├── kms_simple.ts │ │ ├── msrcrypto.js │ │ ├── msrcrypto.min.js │ │ ├── multi_keyring.ts │ │ └── rsa_simple.ts │ ├── test │ │ └── index.test.ts │ ├── tsconfig.json │ ├── tsconfig.module.json │ └── webpack_configs │ │ ├── aes.webpack.config.js │ │ ├── caching_cmm.webpack.config.js │ │ ├── disable_commitment.webpack.config.js │ │ ├── fallback.webpack.config.js │ │ ├── kms.webpack.config.js │ │ ├── multi_keyring.webpack.config.js │ │ └── rsa.webpack.config.js ├── example-node │ ├── .eslintrc.js │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── Readme.md │ ├── hkr-demo │ │ ├── README.md │ │ ├── hkr.ts │ │ ├── hkr_vs_regular.demo.ts │ │ ├── interop.demo.ts │ │ └── multi_tenant.demo.ts │ ├── package.json │ ├── src │ │ ├── aes_simple.ts │ │ ├── caching_cmm.ts │ │ ├── disable_commitment.ts │ │ ├── index.ts │ │ ├── kms-hierarchical-keyring │ │ │ ├── caching_cmm.ts │ │ │ ├── disable_commitment.ts │ │ │ ├── multi_keyring.ts │ │ │ ├── multi_tenancy.ts │ │ │ ├── simple.ts │ │ │ └── stream.ts │ │ ├── kms_filtered_discovery.ts │ │ ├── kms_max_encrypted_data_keys.ts │ │ ├── kms_multi_region_discovery.ts │ │ ├── kms_multi_region_simple.ts │ │ ├── kms_regional_discovery.ts │ │ ├── kms_simple.ts │ │ ├── kms_stream.ts │ │ ├── multi_keyring.ts │ │ └── rsa_simple.ts │ ├── test │ │ └── index.test.ts │ ├── tsconfig.json │ └── tsconfig.module.json ├── hkdf-node │ ├── .eslintrc.js │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── README.md │ ├── package.json │ ├── src │ │ ├── errors.ts │ │ ├── hkdf.ts │ │ └── index.ts │ ├── test │ │ ├── aws_encryption_sdk_vectors.test.ts │ │ ├── fixtures.ts │ │ └── test.ts │ ├── tsconfig.json │ └── tsconfig.module.json ├── integration-browser │ ├── .eslintrc.js │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── Readme.md │ ├── karma.conf.js │ ├── package.json │ ├── src │ │ ├── build_decrypt_fixtures.ts │ │ ├── build_encrypt_fixtures.ts │ │ ├── cli.ts │ │ ├── decrypt_materials_manager_web_crypto.ts │ │ ├── integration.decrypt.test.ts │ │ ├── integration.encrypt.test.ts │ │ └── testDecryptFixture.ts │ ├── test │ │ ├── decrypt_materials_manager_web_crypto.test.ts │ │ ├── integration.decrypt.test.test.ts │ │ └── unitTestConstants.ts │ ├── tsconfig.json │ ├── tsconfig.module.json │ └── webpack.config.js ├── integration-node │ ├── .eslintrc.js │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── Readme.md │ ├── package.json │ ├── src │ │ ├── cli.ts │ │ ├── constants.ts │ │ ├── decrypt_materials_manager_node.ts │ │ ├── get_encrypt_test_iterator.ts │ │ ├── index.ts │ │ └── integration_tests.ts │ ├── test │ │ ├── decrypt_materials_manager_node.test.ts │ │ └── get_encrypt_test_iterator.test.ts │ ├── tsconfig.json │ └── tsconfig.module.json ├── integration-vectors │ ├── .eslintrc.js │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── Readme.md │ ├── package.json │ ├── src │ │ ├── build_get_keyring.ts │ │ ├── get_decrypt_test_iterator.ts │ │ ├── index.ts │ │ └── types.ts │ ├── test │ │ └── get_decrypt_test_iterator.test.ts │ ├── tsconfig.json │ └── tsconfig.module.json ├── kdf-ctr-mode-node │ ├── .eslintrc.js │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── README.md │ ├── package.json │ ├── src │ │ ├── index.ts │ │ └── kdfctr.ts │ ├── test │ │ ├── fixtures.ts │ │ └── kdfctr.test.ts │ ├── tsconfig.json │ └── tsconfig.module.json ├── kms-keyring-browser │ ├── .eslintrc.js │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── README.md │ ├── karma.conf.js │ ├── package.json │ ├── src │ │ ├── index.ts │ │ ├── kms_keyring_browser.ts │ │ ├── kms_mrk_discovery_keyring_browser.ts │ │ ├── kms_mrk_discovery_multi_keyring_browser.ts │ │ ├── kms_mrk_keyring_browser.ts │ │ └── kms_mrk_strict_multi_keyring_browser.ts │ ├── test │ │ ├── kms_keyring_browser.test.ts │ │ ├── kms_mrk_discovery_keyring_browser.test.ts │ │ └── kms_mrk_keyring_browser.test.ts │ ├── tsconfig.json │ └── tsconfig.module.json ├── kms-keyring-node │ ├── .eslintrc.js │ ├── .gitignore │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── README.md │ ├── package.json │ ├── src │ │ ├── constants.ts │ │ ├── index.ts │ │ ├── kms_hkeyring_node.ts │ │ ├── kms_hkeyring_node_helpers.ts │ │ ├── kms_keyring_node.ts │ │ ├── kms_mrk_discovery_keyring_node.ts │ │ ├── kms_mrk_discovery_multi_keyring_node.ts │ │ ├── kms_mrk_keyring_node.ts │ │ └── kms_mrk_strict_multi_keyring_node.ts │ ├── test │ │ ├── fixtures.ts │ │ ├── kms_hkeyring_node.constructor.test.ts │ │ ├── kms_hkeyring_node.edk-order.test.ts │ │ ├── kms_hkeyring_node.helpers.test.ts │ │ ├── kms_hkeyring_node.ondecrypt.test.ts │ │ ├── kms_hkeyring_node.onencrypt.test.ts │ │ ├── kms_hkeyring_node.test.ts │ │ ├── kms_keyring_node.test.ts │ │ ├── kms_mrk_discovery_keyring_node.test.ts │ │ └── kms_mrk_keyring_node.test.ts │ ├── tsconfig.json │ └── tsconfig.module.json ├── kms-keyring │ ├── .eslintrc.js │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── README.md │ ├── package.json │ ├── src │ │ ├── arn_parsing.ts │ │ ├── aws_kms_mrk_are_unique.ts │ │ ├── branch_key_id_supplier.ts │ │ ├── helpers.ts │ │ ├── index.ts │ │ ├── kms_client_supplier.ts │ │ ├── kms_keyring.ts │ │ ├── kms_mrk_discovery_keyring.ts │ │ ├── kms_mrk_discovery_multi_keyring.ts │ │ ├── kms_mrk_keyring.ts │ │ ├── kms_mrk_strict_multi_keyring.ts │ │ ├── kms_types.ts │ │ └── region_from_kms_key_arn.ts │ ├── test │ │ ├── arn_parsing.test.ts │ │ ├── aws_kms_mrk_are_unique.test.ts │ │ ├── branch_key_id_supplier.test.ts │ │ ├── helpers.test.ts │ │ ├── kms_client_supplier.test.ts │ │ ├── kms_keyring.constructor.test.ts │ │ ├── kms_keyring.edk-order.test.ts │ │ ├── kms_keyring.ondecrypt.test.ts │ │ ├── kms_keyring.onencrypt.test.ts │ │ ├── kms_mrk_discovery_keyring.constructor.test.ts │ │ ├── kms_mrk_discovery_keyring.edk-order.test.ts │ │ ├── kms_mrk_discovery_keyring.ondecrypt.test.ts │ │ ├── kms_mrk_discovery_keyring.onencrypt.test.ts │ │ ├── kms_mrk_discovery_multi_keyring.test.ts │ │ ├── kms_mrk_keyring.constructor.test.ts │ │ ├── kms_mrk_keyring.edk-order.test.ts │ │ ├── kms_mrk_keyring.ondecrypt.test.ts │ │ ├── kms_mrk_keyring.onencrypt.test.ts │ │ ├── kms_mrk_strict_multi_keyring.test.ts │ │ └── region_from_kms_key_arn.test.ts │ ├── tsconfig.json │ └── tsconfig.module.json ├── material-management-browser │ ├── .eslintrc.js │ ├── .gitignore │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── README.md │ ├── karma.conf.js │ ├── package.json │ ├── src │ │ ├── browser_cryptographic_materials_manager.ts │ │ ├── bytes2_jwk.ts │ │ ├── index.ts │ │ ├── keyring_helpers.ts │ │ └── material_helpers.ts │ ├── test │ │ ├── browser_cryptographic_materials_manager.test.ts │ │ ├── bytes2_jwk.test.ts │ │ ├── commit-key.test.ts │ │ ├── keyring_helpers.test.ts │ │ └── material_helpers.test.ts │ ├── tsconfig.json │ └── tsconfig.module.json ├── material-management-node │ ├── .eslintrc.js │ ├── .gitignore │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── README.md │ ├── package.json │ ├── src │ │ ├── index.ts │ │ ├── material_helpers.ts │ │ ├── node_cryptographic_materials_manager.ts │ │ └── types.ts │ ├── test │ │ ├── material_helpers.test.ts │ │ ├── node-kdf.test.ts │ │ └── node_cryptographic_materials_manager.test.ts │ ├── tsconfig.json │ └── tsconfig.module.json ├── material-management │ ├── .eslintrc.js │ ├── .gitignore │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── README.md │ ├── package.json │ ├── src │ │ ├── algorithm_suites.ts │ │ ├── clone_cryptographic_material.ts │ │ ├── cryptographic_material.ts │ │ ├── ecc_decode.ts │ │ ├── ecc_encode.ts │ │ ├── encrypted_data_key.ts │ │ ├── error.ts │ │ ├── immutable_class.ts │ │ ├── index.ts │ │ ├── keyring.ts │ │ ├── keyring_trace.ts │ │ ├── materials_manager.ts │ │ ├── multi_keyring.ts │ │ ├── needs.ts │ │ ├── node_algorithms.ts │ │ ├── pem_helpers.ts │ │ ├── signature_key.ts │ │ ├── types.ts │ │ └── web_crypto_algorithms.ts │ ├── test │ │ ├── algorithm_suites.test.ts │ │ ├── clone_cryptographic_material.test.ts │ │ ├── cryptographic_material.test.ts │ │ ├── ecc.test.ts │ │ ├── encrypted_data_key.test.ts │ │ ├── environmental_integration.test.ts │ │ ├── immutable_class.test.ts │ │ ├── keyring.test.ts │ │ ├── multi_keyring.test.ts │ │ ├── node_algorithms.test.ts │ │ ├── pem_helpers.test.ts │ │ ├── signature_key.test.ts │ │ └── web_crypto_algorithms.test.ts │ ├── tsconfig.json │ └── tsconfig.module.json ├── raw-aes-keyring-browser │ ├── .eslintrc.js │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── README.md │ ├── karma.conf.js │ ├── package.json │ ├── src │ │ ├── index.ts │ │ └── raw_aes_keyring_browser.ts │ ├── test │ │ └── raw_aes_keyring_browser.test.ts │ ├── tsconfig.json │ └── tsconfig.module.json ├── raw-aes-keyring-node │ ├── .eslintrc.js │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── README.md │ ├── package.json │ ├── src │ │ ├── index.ts │ │ └── raw_aes_keyring_node.ts │ ├── test │ │ └── raw_aes_keyring_node.test.ts │ ├── tsconfig.json │ └── tsconfig.module.json ├── raw-keyring │ ├── .eslintrc.js │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── README.md │ ├── package.json │ ├── src │ │ ├── index.ts │ │ ├── raw_aes_algorithm_suite.ts │ │ ├── raw_aes_encrypted_data_keys.ts │ │ ├── raw_aes_material.ts │ │ └── raw_keyring_decorators.ts │ ├── test │ │ ├── raw_aes_encrypted_data_keys.test.ts │ │ ├── raw_aes_material.test.ts │ │ └── raw_keyring_decorators.test.ts │ ├── tsconfig.json │ └── tsconfig.module.json ├── raw-rsa-keyring-browser │ ├── .eslintrc.js │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── README.md │ ├── karma.conf.js │ ├── package.json │ ├── src │ │ ├── get_import_options.ts │ │ ├── index.ts │ │ ├── raw_rsa_keyring_web_crypto.ts │ │ └── types.ts │ ├── test │ │ ├── get_import_options.test.ts │ │ └── raw_rsa_keyring_web_crypto.test.ts │ ├── tsconfig.json │ └── tsconfig.module.json ├── raw-rsa-keyring-node │ ├── .eslintrc.js │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── README.md │ ├── package.json │ ├── src │ │ ├── index.ts │ │ ├── oaep_hash_supported.ts │ │ └── raw_rsa_keyring_node.ts │ ├── test │ │ └── raw_rsa_keyring_node.test.ts │ ├── tsconfig.json │ └── tsconfig.module.json ├── serialize │ ├── .eslintrc.js │ ├── .gitignore │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── README.md │ ├── package.json │ ├── src │ │ ├── aad_factory.ts │ │ ├── concat_buffers.ts │ │ ├── decode_body_header.ts │ │ ├── decode_encryption_context.ts │ │ ├── deserialize_encrypted_data_keys.ts │ │ ├── deserialize_factory.ts │ │ ├── deserialize_header_v1.ts │ │ ├── deserialize_header_v2.ts │ │ ├── ecdsa_signature.ts │ │ ├── identifiers.ts │ │ ├── index.ts │ │ ├── kdf_info.ts │ │ ├── read_element.ts │ │ ├── serialize_factory.ts │ │ ├── signature_info.ts │ │ ├── types.ts │ │ ├── uint_util.ts │ │ └── uuidv4_factory.ts │ ├── test │ │ ├── aad_factory.test.ts │ │ ├── concat_buffers.test.ts │ │ ├── decode_body_header.test.ts │ │ ├── decode_encryption_context.test.ts │ │ ├── deserialize_encrypted_data_keys.test.ts │ │ ├── deserialize_factory.test.ts │ │ ├── deserialize_header_v1.test.ts │ │ ├── deserialize_header_v2.test.ts │ │ ├── ecdsa_signatures.test.ts │ │ ├── fixtures.ts │ │ ├── kdf_info.test.ts │ │ ├── read_elements.test.ts │ │ ├── serialize_factory.test.ts │ │ ├── signature_info.test.ts │ │ ├── uint_util.test.ts │ │ └── uuidv4_factory.test.ts │ ├── tsconfig.json │ └── tsconfig.module.json ├── tsconfig.module.settings.json ├── tsconfig.settings.json └── web-crypto-backend │ ├── .eslintrc.js │ ├── CHANGELOG.md │ ├── LICENSE │ ├── NOTICE │ ├── README.md │ ├── karma.conf.js │ ├── package.json │ ├── src │ ├── backend-factory.ts │ ├── index.ts │ ├── promisify-ms-crypto.ts │ └── synchronous_random_values.ts │ ├── test │ ├── backend-factory.test.ts │ ├── fixtures.ts │ ├── promisify-ms-crypto.test.ts │ └── synchronous_random_values.test.ts │ ├── tsconfig.json │ └── tsconfig.module.json ├── package-lock.json ├── package.json ├── stream_mem_stress_test ├── .gitignore ├── README.md ├── index.ts ├── memory.ts ├── package-lock.json ├── package.json ├── random_1mb.txt ├── random_5mb.txt └── tsconfig.json ├── tsconfig.lint.json ├── util ├── bootstrap_tsconfig ├── local_verdaccio_publish └── npx_verdaccio ├── verdaccio ├── config.yaml ├── htpasswd ├── integration │ ├── Readme.md │ └── package.json └── npmrc └── wallaby.conf.js /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | # Each line is a file pattern followed by one or more owners. 2 | # https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners 3 | 4 | # Default code owner for everything is our aws-crypto-tools group 5 | * @aws/aws-crypto-tools 6 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/aws-encryption-sdk-issue.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: AWS Encryption SDK Issue 3 | about: AWS Encryption SDK Issue 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | ### Security issue notifications 11 | 12 | If you discover a potential security issue in the AWS Encryption SDK we ask that you notify AWS Security via our [vulnerability reporting page](https://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public GitHub issue. 13 | 14 | ### Problem: 15 | 16 | A short description of what the problem is and why we need to fix it. Add reproduction steps if necessary. 17 | 18 | ### Solution: 19 | 20 | A description of the possible solution in terms of Encryption SDK architecture. 21 | 22 | ### Out of scope: 23 | 24 | Is there anything the solution will intentionally NOT address? 25 | 26 | [//]: # (NOTE: If you believe this might be a security issue, please email aws-security@amazon.com instead of creating a GitHub issue. For more details, see the AWS Vulnerability Reporting Guide: https://aws.amazon.com/security/vulnerability-reporting/ ) 27 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | *Issue #, if available:* 2 | 3 | *Description of changes:* 4 | 5 | 6 | By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. 7 | 8 | # Check any applicable: 9 | - [ ] Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files. 10 | 11 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: npm 4 | directory: "/" 5 | schedule: 6 | interval: daily 7 | time: '13:00' 8 | open-pull-requests-limit: 10 9 | versioning-strategy: increase-if-necessary 10 | groups: 11 | production-dependencies: 12 | dependency-type: "production" 13 | patterns: 14 | - "*" 15 | update-types: 16 | - "minor" 17 | - "patch" 18 | development-dependencies: 19 | dependency-type: "development" 20 | patterns: 21 | - "*" 22 | update-types: 23 | - "minor" 24 | - "patch" 25 | -------------------------------------------------------------------------------- /.github/not-grep.toml: -------------------------------------------------------------------------------- 1 | [include] 2 | # Use "include" rather than "prefix" because 3 | # some CLI entry point files have shebang lines 4 | # that need to come first. 5 | "**/*.ts" = """ 6 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 7 | // SPDX-License-Identifier: Apache-2.0 8 | """ 9 | "**/package.json" = "\"license\": \"Apache-2.0\"" 10 | "**/*.sh" = """ 11 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 12 | # SPDX-License-Identifier: Apache-2.0 13 | """ 14 | [prefix] 15 | # Exclude the copies of msrcrypto included in examples packages. 16 | "**/[!msrcrypto]*.js" = """ 17 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 18 | // SPDX-License-Identifier: Apache-2.0 19 | """ 20 | -------------------------------------------------------------------------------- /.github/workflows/ci_static-analysis.yaml: -------------------------------------------------------------------------------- 1 | # This workflow performs static analysis checks. 2 | name: static analysis 3 | 4 | on: ["pull_request", "push"] 5 | 6 | jobs: 7 | not-grep: 8 | runs-on: ubuntu-latest 9 | steps: 10 | - uses: actions/checkout@v2 11 | - name: not-grep 12 | uses: mattsb42-meta/not-grep@1.0.0 13 | -------------------------------------------------------------------------------- /.github/workflows/daily_ci.yml: -------------------------------------------------------------------------------- 1 | # This workflow runs every weekday at 15:00 UTC (8AM PDT) 2 | name: Daily CI 3 | 4 | on: 5 | schedule: 6 | - cron: "00 15 * * 1-5" 7 | 8 | jobs: 9 | DAILY_CI: 10 | # Don't run the cron builds on forks 11 | if: github.event_name != 'schedule' || github.repository_owner == 'aws' 12 | uses: ./.github/workflows/ci.yml -------------------------------------------------------------------------------- /.github/workflows/repo-sync.yml: -------------------------------------------------------------------------------- 1 | name: Repo Sync 2 | 3 | on: 4 | workflow_dispatch: # allows triggering this manually through the Actions UI 5 | 6 | jobs: 7 | repo-sync: 8 | name: Repo Sync 9 | environment: repo-sync 10 | runs-on: ubuntu-latest 11 | steps: 12 | - uses: actions/checkout@v2 13 | - uses: repo-sync/github-sync@v2 14 | name: Sync repo to branch 15 | with: 16 | source_repo: ${{ secrets.SOURCE_REPO }} 17 | source_branch: master 18 | destination_branch: ${{ secrets.INTERMEDIATE_BRANCH }} 19 | github_token: ${{ secrets.GITHUB_TOKEN }} 20 | - uses: repo-sync/pull-request@v2 21 | name: Create pull request 22 | with: 23 | source_branch: ${{ secrets.INTERMEDIATE_BRANCH }} 24 | destination_branch: master 25 | github_token: ${{ secrets.GITHUB_TOKEN }} 26 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Vim swap files 2 | *~ 3 | *.swp 4 | *.swo 5 | 6 | # OS Artifacts 7 | .DS_Store 8 | 9 | # Artifacts 10 | build 11 | node_modules 12 | package.json.decrypt 13 | 14 | # VSCode 15 | .vscode 16 | .history 17 | 18 | # JetBrains 19 | .idea 20 | 21 | # nyc/code coverage 22 | .nyc_output 23 | .karma_output 24 | coverage 25 | 26 | # symlink to test vectors 27 | /modules/integration-node/fixtures 28 | /modules/integration-browser/fixtures 29 | 30 | # Lerna 31 | /lerna-debug.log 32 | 33 | # TypeScript config is built by ./util/bootstrap_tsconfig 34 | /tsconfig.json 35 | /tsconfig.module.json 36 | package.json.decrypt 37 | 38 | # verdaccio 39 | /verdaccio/storage 40 | /storage 41 | 42 | # local npx cache 43 | /verdaccio/.npx 44 | /specification_compliance_report.html 45 | 46 | # These version files are build by genversion 47 | # they track the package.json version 48 | /modules/kms-keyring-browser/src/version.ts 49 | /modules/kms-keyring-node/src/version.ts 50 | /modules/branch-keystore-node/src/version.ts 51 | /modules/integration-node/src/version.ts 52 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "aws-encryption-sdk-test-vectors"] 2 | path = aws-encryption-sdk-test-vectors 3 | url = https://github.com/awslabs/aws-encryption-sdk-test-vectors.git 4 | [submodule "aws-encryption-sdk-specification"] 5 | path = aws-encryption-sdk-specification 6 | url = https://github.com/awslabs/aws-encryption-sdk-specification.git 7 | branch = master 8 | -------------------------------------------------------------------------------- /.prettierignore: -------------------------------------------------------------------------------- 1 | *.d.ts -------------------------------------------------------------------------------- /.prettierrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | // I would prefer to use the default configuration 5 | // but then the diff is out of control. 6 | module.exports = { 7 | semi: false, 8 | singleQuote: true 9 | } -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | ## Code of Conduct 2 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 3 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 4 | opensource-codeofconduct@amazon.com with any additional questions or comments. 5 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Javascript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /codebuild/browser18.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | NODE_OPTIONS: "--max-old-space-size=4096" 6 | 7 | phases: 8 | install: 9 | commands: 10 | - n 18 11 | - npm ci --unsafe-perm 12 | - npm run build 13 | build: 14 | commands: 15 | - npm -v 16 | - node -v 17 | - npm run coverage-browser 18 | -------------------------------------------------------------------------------- /codebuild/compliance.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | NODE_OPTIONS: "--max-old-space-size=4096" 6 | 7 | phases: 8 | install: 9 | commands: 10 | - n 18 11 | - npm ci --unsafe-perm 12 | build: 13 | commands: 14 | - npm run lint 15 | - npm run test_conditions 16 | -------------------------------------------------------------------------------- /codebuild/nodejs16.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | NODE_OPTIONS: "--max-old-space-size=4096" 6 | 7 | phases: 8 | install: 9 | commands: 10 | - n 16 11 | - node -v 12 | - npm -v 13 | - npm ci --unsafe-perm 14 | - npm run build 15 | build: 16 | commands: 17 | - npm -v 18 | - node -v 19 | - npm run coverage-node 20 | -------------------------------------------------------------------------------- /codebuild/nodejs18.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | NODE_OPTIONS: "--max-old-space-size=4096" 6 | 7 | phases: 8 | install: 9 | commands: 10 | - n 18 11 | - node -v 12 | - npm -v 13 | - npm ci --unsafe-perm 14 | - npm run build 15 | build: 16 | commands: 17 | - npm -v 18 | - node -v 19 | - npm run coverage-node 20 | -------------------------------------------------------------------------------- /codebuild/nodejs20.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | NODE_OPTIONS: "--max-old-space-size=4096" 6 | 7 | phases: 8 | install: 9 | commands: 10 | - TMP_ROLE=$(aws sts assume-role --role-arn "arn:aws:iam::370957321024:role/GitHub-CI-MPL-Dafny-Role-us-west-2" --role-session-name "CB-TestVectorResources") 11 | - export TMP_ROLE 12 | - export AWS_ACCESS_KEY_ID=$(echo "${TMP_ROLE}" | jq -r '.Credentials.AccessKeyId') 13 | - export AWS_SECRET_ACCESS_KEY=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SecretAccessKey') 14 | - export AWS_SESSION_TOKEN=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SessionToken') 15 | - aws sts get-caller-identity 16 | 17 | - n 20 18 | - node --version ; npm --version 19 | - npm ci --unsafe-perm 20 | - npm run build 21 | build: 22 | commands: 23 | - npm run coverage-node 24 | -------------------------------------------------------------------------------- /codebuild/release/version.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | NODE_OPTIONS: "--max-old-space-size=4096" 6 | BRANCH: "master" 7 | # An explicit version bump 8 | VERSION_BUMP: "" 9 | git-credential-helper: yes 10 | 11 | phases: 12 | install: 13 | commands: 14 | - npm ci --unsafe-perm 15 | runtime-versions: 16 | nodejs: 16 17 | pre_build: 18 | commands: 19 | - git config --global user.name "aws-crypto-tools-ci-bot" 20 | - git config --global user.email "no-reply@noemail.local" 21 | - git checkout $BRANCH 22 | build: 23 | commands: 24 | # Generate new version and CHANGELOG entry and push it 25 | - npx lerna version --conventional-commits --git-remote origin --yes ${VERSION_BUMP:+$VERSION_BUMP --force-publish} 26 | # Log the commit for posterity 27 | - git log -n 1 28 | -------------------------------------------------------------------------------- /codebuild/test_vectors/browser18.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | NODE_OPTIONS: "--max-old-space-size=4096" 6 | NPM_CONFIG_UNSAFE_PERM: true 7 | 8 | phases: 9 | install: 10 | commands: 11 | - n 18 12 | - npm ci --unsafe-perm 13 | - |- 14 | if [ "$PUBLISH_LOCAL" = "true" ]; then 15 | npm run build 16 | fi 17 | build: 18 | commands: 19 | - npm -v 20 | - node -v 21 | - |- 22 | if [ "$PUBLISH_LOCAL" = "true" ]; then 23 | npm run verdaccio-publish 24 | fi 25 | - npm run verdaccio-browser-decrypt 26 | - npm run verdaccio-browser-encrypt 27 | -------------------------------------------------------------------------------- /codebuild/test_vectors/nodejs16.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | NODE_OPTIONS: "--max-old-space-size=4096" 6 | NPM_CONFIG_UNSAFE_PERM: true 7 | 8 | phases: 9 | install: 10 | commands: 11 | - n 16 12 | - npm ci --unsafe-perm 13 | - |- 14 | if [ "$PUBLISH_LOCAL" = "true" ]; then 15 | npm run build 16 | fi 17 | build: 18 | commands: 19 | - node -v 20 | - |- 21 | if [ "$PUBLISH_LOCAL" = "true" ]; then 22 | npm run verdaccio-publish 23 | fi 24 | - npm run verdaccio-node-decrypt 25 | - npm run verdaccio-node-encrypt 26 | -------------------------------------------------------------------------------- /codebuild/test_vectors/nodejs18.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | NODE_OPTIONS: "--max-old-space-size=4096" 6 | NPM_CONFIG_UNSAFE_PERM: true 7 | 8 | phases: 9 | install: 10 | commands: 11 | - n 18 12 | - npm ci --unsafe-perm 13 | - |- 14 | if [ "$PUBLISH_LOCAL" = "true" ]; then 15 | npm run build 16 | fi 17 | build: 18 | commands: 19 | - node -v 20 | - |- 21 | if [ "$PUBLISH_LOCAL" = "true" ]; then 22 | npm run verdaccio-publish 23 | fi 24 | - npm run verdaccio-node-decrypt 25 | - npm run verdaccio-node-encrypt 26 | -------------------------------------------------------------------------------- /codebuild/test_vectors/nodejs20.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | NODE_OPTIONS: "--max-old-space-size=4096" 6 | NPM_CONFIG_UNSAFE_PERM: true 7 | 8 | phases: 9 | install: 10 | commands: 11 | - n 20 12 | - npm ci --unsafe-perm 13 | - |- 14 | if [ "$PUBLISH_LOCAL" = "true" ]; then 15 | npm run build 16 | fi 17 | build: 18 | commands: 19 | - node -v 20 | - |- 21 | if [ "$PUBLISH_LOCAL" = "true" ]; then 22 | npm run verdaccio-publish 23 | fi 24 | - npm run verdaccio-node-decrypt 25 | - npm run verdaccio-node-encrypt 26 | -------------------------------------------------------------------------------- /lerna.json: -------------------------------------------------------------------------------- 1 | { 2 | "packages": ["modules/*"], 3 | "version": "4.2.1", 4 | "command": { 5 | "bootstrap": { 6 | "nohoist": ["typedoc"] 7 | } 8 | }, 9 | "hoist": true, 10 | "nohoist": ["typedoc"] 11 | } 12 | -------------------------------------------------------------------------------- /modules/branch-keystore-node/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/branch-keystore-node/.gitignore: -------------------------------------------------------------------------------- 1 | /node_modules/ 2 | /build/ 3 | /.nyc_output -------------------------------------------------------------------------------- /modules/branch-keystore-node/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Change Log 2 | 3 | All notable changes to this project will be documented in this file. 4 | See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. 5 | 6 | ## [4.2.1](https://github.com/aws/aws-encryption-sdk-javascript/compare/v4.2.0...v4.2.1) (2025-04-10) 7 | 8 | ### Bug Fixes 9 | 10 | - add serializationOptions flag for AAD UTF8 sorting ([#1581](https://github.com/aws/aws-encryption-sdk-javascript/issues/1581)) ([b80cad1](https://github.com/aws/aws-encryption-sdk-javascript/commit/b80cad14df361b4384aeed5753efb57c69d77377)) 11 | 12 | # [4.2.0](https://github.com/aws/aws-encryption-sdk-javascript/compare/v4.1.0...v4.2.0) (2025-02-27) 13 | 14 | **Note:** Version bump only for package @aws-crypto/branch-keystore-node 15 | 16 | # [4.1.0](https://github.com/aws/aws-encryption-sdk-javascript/compare/v4.0.2...v4.1.0) (2025-01-16) 17 | 18 | ### Features 19 | 20 | - Adding the hierarchical keyring ([#1537](https://github.com/aws/aws-encryption-sdk-javascript/issues/1537)) ([43dcb16](https://github.com/aws/aws-encryption-sdk-javascript/commit/43dcb166d5ac76d744ea283808006f65915b9730)) 21 | -------------------------------------------------------------------------------- /modules/branch-keystore-node/NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Javascript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /modules/branch-keystore-node/README.md: -------------------------------------------------------------------------------- 1 | # aws-encryption-sdk-javascript 2 | 3 | The AWS Encryption SDK for JavaScript is a client-side encryption library 4 | designed to make it easy for everyone to encrypt 5 | and decrypt data using industry standards and best practices. 6 | It uses a data format compatible with the AWS Encryption SDKs in other languages. 7 | For more information on the AWS Encryption SDKs in all languages, 8 | see the [Developer Guide](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html). 9 | 10 | This package should only be used as part of the AWS Encryption SDK for Javascript. 11 | For more information about the packages in this project 12 | and how they can be used together, 13 | see the [main node package readme](https://github.com/aws/aws-encryption-sdk-javascript/blob/master/modules/client-node/Readme.md) 14 | 15 | ## Installing 16 | 17 | ```sh 18 | npm install @aws-crypto/branch-keystore-node 19 | ``` 20 | 21 | ## Testing 22 | 23 | ```sh 24 | npm test 25 | ``` 26 | 27 | ## License 28 | 29 | This SDK is distributed under the 30 | [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0), 31 | see LICENSE.txt and NOTICE.txt for more information. 32 | -------------------------------------------------------------------------------- /modules/branch-keystore-node/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@aws-crypto/branch-keystore-node", 3 | "version": "4.2.1", 4 | "scripts": { 5 | "prepublishOnly": "npm run generate-version.ts; npm run build", 6 | "generate-version.ts": "npx genversion --es6 src/version.ts", 7 | "build": "tsc -b tsconfig.json && tsc -b tsconfig.module.json", 8 | "lint": "run-s lint-*", 9 | "lint-eslint": "eslint src/*.ts test/**/*.ts", 10 | "lint-prettier": "prettier -c src/*.ts test/**/*.ts", 11 | "mocha": "mocha --require ts-node/register test/**/*test.ts", 12 | "test": "npm run lint && npm run coverage", 13 | "coverage": "nyc -e .ts npm run mocha" 14 | }, 15 | "author": { 16 | "name": "AWS Crypto Tools Team", 17 | "email": "aws-crypto-tools-team@amazon.com", 18 | "url": "https://github.com/aws/aws-encryption-sdk-javascript" 19 | }, 20 | "license": "Apache-2.0", 21 | "dependencies": { 22 | "@aws-crypto/kms-keyring": "file:../kms-keyring", 23 | "@aws-sdk/client-dynamodb": "^3.616.0", 24 | "@aws-sdk/util-dynamodb": "^3.616.0", 25 | "tslib": "^2.2.0" 26 | }, 27 | "sideEffects": false, 28 | "main": "./build/main/src/index.js", 29 | "module": "./build/module/src/index.js", 30 | "types": "./build/main/src/index.d.ts", 31 | "files": [ 32 | "build/**/src/*" 33 | ] 34 | } 35 | -------------------------------------------------------------------------------- /modules/branch-keystore-node/src/branch_keystore_structures.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | import { 5 | BRANCH_KEY_ACTIVE_VERSION_FIELD, 6 | BRANCH_KEY_FIELD, 7 | BRANCH_KEY_IDENTIFIER_FIELD, 8 | HIERARCHY_VERSION_FIELD, 9 | KEY_CREATE_TIME_FIELD, 10 | KMS_FIELD, 11 | TYPE_FIELD, 12 | } from './constants' 13 | 14 | // a nicer (easier-to-understand) type alias 15 | export type BranchKeyItem = Record 16 | 17 | export interface BranchKeyRecord { 18 | [BRANCH_KEY_IDENTIFIER_FIELD]: string 19 | [TYPE_FIELD]: string 20 | [BRANCH_KEY_ACTIVE_VERSION_FIELD]?: string 21 | [BRANCH_KEY_FIELD]: Uint8Array 22 | [KMS_FIELD]: string 23 | [KEY_CREATE_TIME_FIELD]: string 24 | [HIERARCHY_VERSION_FIELD]: number 25 | } 26 | -------------------------------------------------------------------------------- /modules/branch-keystore-node/src/constants.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | export const PARTITION_KEY = 'branch-key-id' 5 | export const SORT_KEY = 'type' 6 | export const TABLE_FIELD = 'tablename' 7 | export const CUSTOM_ENCRYPTION_CONTEXT_FIELD_PREFIX = 'aws-crypto-ec:' 8 | export const BRANCH_KEY_IDENTIFIER_FIELD = PARTITION_KEY 9 | export const TYPE_FIELD = SORT_KEY 10 | export const KEY_CREATE_TIME_FIELD = 'create-time' 11 | export const HIERARCHY_VERSION_FIELD = 'hierarchy-version' 12 | export const KMS_FIELD = 'kms-arn' 13 | export const BRANCH_KEY_FIELD = 'enc' 14 | export const BRANCH_KEY_ACTIVE_VERSION_FIELD = 'version' 15 | export const BRANCH_KEY_TYPE_PREFIX = 'branch:version:' 16 | export const BRANCH_KEY_ACTIVE_TYPE = 'branch:ACTIVE' 17 | export const BEACON_KEY_TYPE_VALUE = 'beacon:ACTIVE' 18 | export const POTENTIAL_BRANCH_KEY_RECORD_FIELDS = [ 19 | BRANCH_KEY_IDENTIFIER_FIELD, 20 | TYPE_FIELD, 21 | KEY_CREATE_TIME_FIELD, 22 | HIERARCHY_VERSION_FIELD, 23 | KMS_FIELD, 24 | BRANCH_KEY_FIELD, 25 | BRANCH_KEY_ACTIVE_VERSION_FIELD, 26 | ] 27 | export const KMS_CLIENT_USER_AGENT = 'aws-kms-hierarchy' 28 | -------------------------------------------------------------------------------- /modules/branch-keystore-node/src/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | export * from './kms_config' 5 | export * from './branch_keystore' 6 | -------------------------------------------------------------------------------- /modules/branch-keystore-node/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./" 6 | }, 7 | "include": ["src/**/*.ts", "test/**/*.ts"], 8 | "exclude": ["node_modules/**"], 9 | "references": [ 10 | { "path": "../material-management" }, 11 | { "path": "../kms-keyring" } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /modules/branch-keystore-node/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext", 7 | "allowSyntheticDefaultImports": true 8 | }, 9 | "exclude": [ 10 | "node_modules/**" 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/cache-material/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/cache-material/NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Javascript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /modules/cache-material/README.md: -------------------------------------------------------------------------------- 1 | # aws-encryption-sdk-javascript 2 | 3 | The AWS Encryption SDK for JavaScript is a client-side encryption library designed to make it easy for everyone to encrypt and decrypt data using industry standards and best practices. It uses a data format compatible with the AWS Encryption SDKs in other languages. For more information on the AWS Encryption SDKs in all languages, see the [Developer Guide](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html). 4 | 5 | ## About @aws-crypto/cache-material 6 | 7 | This package is not intended for direct use by clients. To get started with the AWS Encryption SDK for JavaScript, follow the instructions in [the README](https://github.com/aws/aws-encryption-sdk-javascript/blob/master/README.md). 8 | 9 | ## License 10 | 11 | This SDK is distributed under the 12 | [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0), 13 | see LICENSE.txt and NOTICE.txt for more information. 14 | -------------------------------------------------------------------------------- /modules/cache-material/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@aws-crypto/cache-material", 3 | "version": "4.2.1", 4 | "scripts": { 5 | "prepublishOnly": "npm run build", 6 | "build": "tsc -b tsconfig.json && tsc -b tsconfig.module.json", 7 | "lint": "run-s lint-*", 8 | "lint-eslint": "eslint src/*.ts test/**/*.ts", 9 | "lint-prettier": "prettier -c src/*.ts test/**/*.ts", 10 | "mocha": "mocha --require ts-node/register test/**/*test.ts", 11 | "test": "npm run lint && npm run coverage", 12 | "coverage": "nyc -e .ts npm run mocha" 13 | }, 14 | "author": { 15 | "name": "AWS Crypto Tools Team", 16 | "email": "aws-crypto-tools-team@amazon.com", 17 | "url": "https://github.com/aws/aws-encryption-sdk-javascript" 18 | }, 19 | "license": "Apache-2.0", 20 | "dependencies": { 21 | "@aws-crypto/material-management": "file:../material-management", 22 | "@aws-crypto/serialize": "file:../serialize", 23 | "@types/lru-cache": "^5.1.0", 24 | "lru-cache": "^6.0.0", 25 | "tslib": "^2.2.0" 26 | }, 27 | "sideEffects": false, 28 | "main": "./build/main/src/index.js", 29 | "module": "./build/module/src/index.js", 30 | "types": "./build/main/src/index.d.ts", 31 | "files": [ 32 | "build/**/src/*" 33 | ] 34 | } 35 | -------------------------------------------------------------------------------- /modules/cache-material/src/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | export * from './cryptographic_materials_cache' 5 | export * from './caching_cryptographic_materials_decorators' 6 | export * from './build_cryptographic_materials_cache_key_helpers' 7 | export * from './get_local_cryptographic_materials_cache' 8 | -------------------------------------------------------------------------------- /modules/cache-material/src/portable_compare.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | /* Node has Buffer.compare, 5 | * but browsers have nothing. 6 | * This is a simple compare function that is portable. 7 | * This function is *not* constant time. 8 | */ 9 | export function compare(a: Uint8Array, b: Uint8Array) { 10 | const length = a.byteLength > b.byteLength ? b.byteLength : a.byteLength 11 | 12 | for (let i = 0; length > i; i += 1) { 13 | if (a[i] > b[i]) return 1 14 | if (a[i] < b[i]) return -1 15 | } 16 | 17 | if (a.byteLength > b.byteLength) return 1 18 | if (a.byteLength < b.byteLength) return -1 19 | 20 | return 0 21 | } 22 | -------------------------------------------------------------------------------- /modules/cache-material/test/portable_compare.test.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | /* eslint-env mocha */ 5 | 6 | import { expect } from 'chai' 7 | import { compare } from '../src/portable_compare' 8 | 9 | describe('compare', () => { 10 | const a = new Uint8Array([0, 0]) 11 | const b = new Uint8Array([1, 0]) 12 | const c = new Uint8Array([0, 1]) 13 | const d = new Uint8Array([1]) 14 | const e = new Uint8Array([0]) 15 | it('a == a', () => { 16 | expect(compare(a, a)).to.equal(0) 17 | }) 18 | it('b > a', () => { 19 | expect(compare(b, a)).to.equal(1) 20 | }) 21 | it('a < b', () => { 22 | expect(compare(a, b)).to.equal(-1) 23 | }) 24 | it('c > a', () => { 25 | expect(compare(c, a)).to.equal(1) 26 | }) 27 | it('a < c', () => { 28 | expect(compare(a, c)).to.equal(-1) 29 | }) 30 | it('d > a', () => { 31 | expect(compare(d, a)).to.equal(1) 32 | }) 33 | it('a < d', () => { 34 | expect(compare(a, d)).to.equal(-1) 35 | }) 36 | it('b > d', () => { 37 | expect(compare(b, d)).to.equal(1) 38 | }) 39 | it('d < b', () => { 40 | expect(compare(d, b)).to.equal(-1) 41 | }) 42 | it('a > e', () => { 43 | expect(compare(a, e)).to.equal(1) 44 | }) 45 | it('e < a', () => { 46 | expect(compare(e, a)).to.equal(-1) 47 | }) 48 | }) 49 | -------------------------------------------------------------------------------- /modules/cache-material/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./" 6 | }, 7 | "include": ["src/**/*.ts", "test/**/*.ts"], 8 | "exclude": ["node_modules/**"], 9 | "references": [ 10 | { "path": "../material-management" }, 11 | { "path": "../serialize" }, 12 | ] 13 | } -------------------------------------------------------------------------------- /modules/cache-material/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext", 7 | "allowSyntheticDefaultImports": true 8 | }, 9 | "exclude": [ 10 | "node_modules/**" 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/caching-materials-manager-browser/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/caching-materials-manager-browser/NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Javascript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /modules/caching-materials-manager-browser/README.md: -------------------------------------------------------------------------------- 1 | # aws-encryption-sdk-javascript 2 | 3 | The AWS Encryption SDK for JavaScript is a client-side encryption library 4 | designed to make it easy for everyone to encrypt 5 | and decrypt data using industry standards and best practices. 6 | It uses a data format compatible with the AWS Encryption SDKs in other languages. 7 | For more information on the AWS Encryption SDKs in all languages, 8 | see the [Developer Guide](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html). 9 | 10 | This package should only be used as part of the AWS Encryption SDK for Javascript. 11 | For more information about the packages in this project 12 | and how they can be used together, 13 | see the [main browser package readme](https://github.com/aws/aws-encryption-sdk-javascript/blob/master/modules/client-browser/Readme.md) 14 | 15 | ## Installing 16 | 17 | ```sh 18 | npm install @aws-crypto/caching-materials-manager-browser 19 | ``` 20 | 21 | ## Testing 22 | 23 | ```sh 24 | npm test 25 | ``` 26 | 27 | ## License 28 | 29 | This SDK is distributed under the 30 | [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0), 31 | see LICENSE.txt and NOTICE.txt for more information. 32 | -------------------------------------------------------------------------------- /modules/caching-materials-manager-browser/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@aws-crypto/caching-materials-manager-browser", 3 | "version": "4.2.1", 4 | "scripts": { 5 | "prepublishOnly": "npm run build", 6 | "build": "tsc -b tsconfig.json && tsc -b tsconfig.module.json", 7 | "lint": "run-s lint-*", 8 | "lint-eslint": "eslint src/*.ts test/**/*.ts", 9 | "lint-prettier": "prettier -c src/*.ts test/**/*.ts", 10 | "karma": "karma start karma.conf.js", 11 | "test": "npm run lint && npm run coverage", 12 | "coverage": "npm run karma && nyc report --exclude-after-remap false -t .karma_output --check-coverage" 13 | }, 14 | "author": { 15 | "name": "AWS Crypto Tools Team", 16 | "email": "aws-crypto-tools-team@amazon.com", 17 | "url": "https://github.com/aws/aws-encryption-sdk-javascript" 18 | }, 19 | "license": "Apache-2.0", 20 | "dependencies": { 21 | "@aws-crypto/cache-material": "file:../cache-material", 22 | "@aws-crypto/material-management-browser": "file:../material-management-browser", 23 | "@aws-crypto/serialize": "file:../serialize", 24 | "@aws-crypto/web-crypto-backend": "file:../web-crypto-backend", 25 | "@aws-sdk/util-base64": "^3.374.0", 26 | "@aws-sdk/util-utf8-browser": "3.259.0", 27 | "tslib": "^2.2.0" 28 | }, 29 | "sideEffects": false, 30 | "main": "./build/main/src/index.js", 31 | "module": "./build/module/src/index.js", 32 | "types": "./build/main/src/index.d.ts", 33 | "files": [ 34 | "build/**/src/*" 35 | ] 36 | } 37 | -------------------------------------------------------------------------------- /modules/caching-materials-manager-browser/src/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | export * from './caching_materials_manager_browser' 5 | export { getLocalCryptographicMaterialsCache } from '@aws-crypto/cache-material' 6 | -------------------------------------------------------------------------------- /modules/caching-materials-manager-browser/src/sha512.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | import { fromUtf8 } from '@aws-sdk/util-utf8-browser' 5 | import { 6 | getWebCryptoBackend, 7 | getNonZeroByteBackend, 8 | } from '@aws-crypto/web-crypto-backend' 9 | import { concatBuffers } from '@aws-crypto/serialize' 10 | 11 | export const sha512 = async (...inputs: (Uint8Array | string)[]) => { 12 | // Normalize to Uint8Array and squash into a single value. 13 | const data = concatBuffers( 14 | ...inputs.map((u) => (typeof u === 'string' ? fromUtf8(u) : u)) 15 | ) 16 | // Prefer the non-zero byte because this will always be the native implementation. 17 | const backend = getNonZeroByteBackend(await getWebCryptoBackend()) 18 | // Do the hash 19 | const ab = await backend.digest('SHA-512', data) 20 | return new Uint8Array(ab) 21 | } 22 | -------------------------------------------------------------------------------- /modules/caching-materials-manager-browser/test/sha512.test.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | /* eslint-env mocha */ 5 | 6 | import { expect } from 'chai' 7 | import { sha512 } from '../src/sha512' 8 | 9 | // sha512('asdf') 10 | const fixture = new Uint8Array([ 11 | 64, 27, 9, 234, 179, 192, 19, 212, 202, 84, 146, 43, 184, 2, 190, 200, 253, 12 | 83, 24, 25, 43, 10, 117, 242, 1, 216, 179, 114, 116, 41, 8, 15, 179, 55, 89, 13 | 26, 189, 62, 68, 69, 59, 149, 69, 85, 183, 160, 129, 46, 16, 129, 195, 155, 14 | 116, 2, 147, 247, 101, 234, 231, 49, 245, 166, 94, 209, 15 | ]) 16 | 17 | describe('WebCryptoCachingMaterialsManager', () => { 18 | it('can hash a string', async () => { 19 | const test = await sha512('asdf') 20 | expect(test).to.deep.equal(fixture) 21 | }) 22 | 23 | it('can hash a Uint8Array', async () => { 24 | // the string 'asdf' as utf-8 encoded bytes 25 | const test = await sha512(new Uint8Array([97, 115, 100, 102])) 26 | expect(test).to.deep.equal(fixture) 27 | }) 28 | 29 | it('can hash a mix of arguments', async () => { 30 | // the string 'asdf' as a mix of strings and binary 31 | const test = await sha512( 32 | 'a', 33 | new Uint8Array([115]), 34 | 'd', 35 | new Uint8Array([102]) 36 | ) 37 | expect(test).to.deep.equal(fixture) 38 | }) 39 | }) 40 | -------------------------------------------------------------------------------- /modules/caching-materials-manager-browser/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./" 6 | }, 7 | "include": ["src/**/*.ts", "test/**/*.ts"], 8 | "exclude": ["node_modules/**"], 9 | "references": [ 10 | { "path": "../material-management-browser" }, 11 | { "path": "../cache-material" }, 12 | { "path": "../serialize" }, 13 | ] 14 | } -------------------------------------------------------------------------------- /modules/caching-materials-manager-browser/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext", 7 | "allowSyntheticDefaultImports": true 8 | }, 9 | "exclude": [ 10 | "node_modules/**" 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/caching-materials-manager-node/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/caching-materials-manager-node/NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Javascript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /modules/caching-materials-manager-node/README.md: -------------------------------------------------------------------------------- 1 | # aws-encryption-sdk-javascript 2 | 3 | The AWS Encryption SDK for JavaScript is a client-side encryption library 4 | designed to make it easy for everyone to encrypt 5 | and decrypt data using industry standards and best practices. 6 | It uses a data format compatible with the AWS Encryption SDKs in other languages. 7 | For more information on the AWS Encryption SDKs in all languages, 8 | see the [Developer Guide](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html). 9 | 10 | This package should only be used as part of the AWS Encryption SDK for Javascript. 11 | For more information about the packages in this project 12 | and how they can be used together, 13 | see the [main node package readme](https://github.com/aws/aws-encryption-sdk-javascript/blob/master/modules/client-node/Readme.md) 14 | 15 | ## Installing 16 | 17 | ```sh 18 | npm install @aws-crypto/caching-materials-manager-node 19 | ``` 20 | 21 | ## Testing 22 | 23 | ```sh 24 | npm test 25 | ``` 26 | 27 | ## License 28 | 29 | This SDK is distributed under the 30 | [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0), 31 | see LICENSE.txt and NOTICE.txt for more information. 32 | -------------------------------------------------------------------------------- /modules/caching-materials-manager-node/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@aws-crypto/caching-materials-manager-node", 3 | "version": "4.2.1", 4 | "scripts": { 5 | "prepublishOnly": "npm run build", 6 | "build": "tsc -b tsconfig.json && tsc -b tsconfig.module.json", 7 | "lint": "run-s lint-*", 8 | "lint-eslint": "eslint src/*.ts test/**/*.ts", 9 | "lint-prettier": "prettier -c src/*.ts test/**/*.ts", 10 | "mocha": "mocha --require ts-node/register test/**/*test.ts", 11 | "test": "npm run lint && npm run coverage", 12 | "coverage": "nyc -e .ts npm run mocha" 13 | }, 14 | "author": { 15 | "name": "AWS Crypto Tools Team", 16 | "email": "aws-crypto-tools-team@amazon.com", 17 | "url": "https://github.com/aws/aws-encryption-sdk-javascript" 18 | }, 19 | "license": "Apache-2.0", 20 | "dependencies": { 21 | "@aws-crypto/cache-material": "file:../cache-material", 22 | "@aws-crypto/material-management-node": "file:../material-management-node", 23 | "tslib": "^2.2.0" 24 | }, 25 | "sideEffects": false, 26 | "main": "./build/main/src/index.js", 27 | "module": "./build/module/src/index.js", 28 | "types": "./build/main/src/index.d.ts", 29 | "files": [ 30 | "build/**/src/*" 31 | ] 32 | } 33 | -------------------------------------------------------------------------------- /modules/caching-materials-manager-node/src/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | export * from './caching_materials_manager_node' 5 | export { getLocalCryptographicMaterialsCache } from '@aws-crypto/cache-material' 6 | -------------------------------------------------------------------------------- /modules/caching-materials-manager-node/src/sha512.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | import { createHash } from 'crypto' 5 | 6 | export const sha512 = async (...data: (Uint8Array | string)[]) => 7 | data 8 | .map((item) => (typeof item === 'string' ? Buffer.from(item) : item)) 9 | .reduce((hash, item) => hash.update(item), createHash('sha512')) 10 | .digest() 11 | -------------------------------------------------------------------------------- /modules/caching-materials-manager-node/test/sha512.test.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | /* eslint-env mocha */ 5 | 6 | import { expect } from 'chai' 7 | import { sha512 } from '../src/sha512' 8 | 9 | // sha512('asdf') 10 | const fixture = Buffer.from( 11 | 'QBsJ6rPAE9TKVJIruAK+yP1TGBkrCnXyAdizcnQpCA+zN1kavT5ERTuVRVW3oIEuEIHDm3QCk/dl6ucx9aZe0Q==', 12 | 'base64' 13 | ) 14 | 15 | describe('WebCryptoCachingMaterialsManager', () => { 16 | it('can hash a string', async () => { 17 | const test = await sha512('asdf') 18 | expect(test).to.deep.equal(fixture) 19 | }) 20 | 21 | it('can hash a Uint8Array', async () => { 22 | // the string 'asdf' as utf-8 encoded bytes 23 | const test = await sha512(Buffer.from([97, 115, 100, 102])) 24 | expect(test).to.deep.equal(fixture) 25 | }) 26 | 27 | it('can hash a mix of arguments', async () => { 28 | // the string 'asdf' as a mix of strings and binary 29 | const test = await sha512( 30 | 'a', 31 | new Uint8Array([115]), 32 | 'd', 33 | Buffer.from([102]) 34 | ) 35 | expect(test).to.deep.equal(fixture) 36 | }) 37 | }) 38 | -------------------------------------------------------------------------------- /modules/caching-materials-manager-node/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./" 6 | }, 7 | "include": ["src/**/*.ts", "test/**/*.ts"], 8 | "exclude": ["node_modules/**"], 9 | "references": [ 10 | { "path": "../material-management-node" }, 11 | { "path": "../cache-material" }, 12 | ] 13 | } -------------------------------------------------------------------------------- /modules/caching-materials-manager-node/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext", 7 | "allowSyntheticDefaultImports": true 8 | }, 9 | "exclude": [ 10 | "node_modules/**" 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/client-browser/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/client-browser/NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Javascript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /modules/client-browser/src/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | export * from '@aws-crypto/encrypt-browser' 5 | export * from '@aws-crypto/decrypt-browser' 6 | export * from '@aws-crypto/material-management-browser' 7 | export * from '@aws-crypto/caching-materials-manager-browser' 8 | export * from '@aws-crypto/kms-keyring-browser' 9 | export * from '@aws-crypto/raw-aes-keyring-browser' 10 | export * from '@aws-crypto/raw-rsa-keyring-browser' 11 | export * from '@aws-crypto/web-crypto-backend' 12 | 13 | import { 14 | CommitmentPolicy, 15 | ClientOptions, 16 | } from '@aws-crypto/material-management-browser' 17 | 18 | import { buildEncrypt } from '@aws-crypto/encrypt-browser' 19 | import { buildDecrypt } from '@aws-crypto/decrypt-browser' 20 | 21 | export function buildClient( 22 | options?: CommitmentPolicy | ClientOptions 23 | ): ReturnType & ReturnType { 24 | return { 25 | ...buildEncrypt(options), 26 | ...buildDecrypt(options), 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /modules/client-browser/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./" 6 | }, 7 | "include": ["src/**/*.ts", "test/**/*.ts"], 8 | "exclude": ["node_modules/**"], 9 | "references": [ 10 | { "path": "../encrypt-browser" }, 11 | { "path": "../decrypt-browser" }, 12 | { "path": "../material-management-browser" }, 13 | { "path": "../kms-keyring-browser" }, 14 | { "path": "../raw-rsa-keyring-browser" }, 15 | { "path": "../raw-aes-keyring-browser" }, 16 | ] 17 | } -------------------------------------------------------------------------------- /modules/client-browser/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext", 7 | "allowSyntheticDefaultImports": true 8 | }, 9 | "exclude": [ "node_modules/**" ], 10 | "references": [ 11 | { "path": "../encrypt-browser/tsconfig.module.json" }, 12 | { "path": "../decrypt-browser/tsconfig.module.json" }, 13 | { "path": "../material-management-browser/tsconfig.module.json" }, 14 | { "path": "../caching-materials-manager-browser/tsconfig.module.json" }, 15 | { "path": "../kms-keyring-browser/tsconfig.module.json" }, 16 | { "path": "../raw-rsa-keyring-browser/tsconfig.module.json" }, 17 | { "path": "../raw-aes-keyring-browser/tsconfig.module.json" }, 18 | ] 19 | } -------------------------------------------------------------------------------- /modules/client-node/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/client-node/NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Javascript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /modules/client-node/src/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | export * from '@aws-crypto/encrypt-node' 5 | export * from '@aws-crypto/decrypt-node' 6 | export * from '@aws-crypto/material-management-node' 7 | export * from '@aws-crypto/caching-materials-manager-node' 8 | export * from '@aws-crypto/kms-keyring-node' 9 | export * from '@aws-crypto/raw-aes-keyring-node' 10 | export * from '@aws-crypto/raw-rsa-keyring-node' 11 | export * from '@aws-crypto/branch-keystore-node' 12 | export { BranchKeyIdSupplier } from '@aws-crypto/kms-keyring' 13 | 14 | import { 15 | CommitmentPolicy, 16 | ClientOptions, 17 | } from '@aws-crypto/material-management-node' 18 | 19 | import { buildEncrypt } from '@aws-crypto/encrypt-node' 20 | import { buildDecrypt } from '@aws-crypto/decrypt-node' 21 | 22 | export function buildClient( 23 | options?: CommitmentPolicy | ClientOptions 24 | ): ReturnType & ReturnType { 25 | return { 26 | ...buildEncrypt(options), 27 | ...buildDecrypt(options), 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /modules/client-node/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./" 6 | }, 7 | "include": ["src/**/*.ts", "test/**/*.ts"], 8 | "exclude": ["node_modules/**"], 9 | "references": [ 10 | { "path": "../encrypt-node" }, 11 | { "path": "../decrypt-node" }, 12 | { "path": "../material-management-node" }, 13 | { "path": "../caching-materials-manager-node" }, 14 | { "path": "../kms-keyring-node" }, 15 | { "path": "../raw-rsa-keyring-node" }, 16 | { "path": "../raw-aes-keyring-node" }, 17 | { "path": "../branch-keystore-node" }, 18 | { "path": "../kms-keyring" } 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /modules/client-node/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext", 7 | "allowSyntheticDefaultImports": true 8 | }, 9 | "exclude": [ 10 | "node_modules/**" 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/decrypt-browser/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/decrypt-browser/NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Javascript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /modules/decrypt-browser/README.md: -------------------------------------------------------------------------------- 1 | # aws-encryption-sdk-javascript 2 | 3 | The AWS Encryption SDK for JavaScript is a client-side encryption library 4 | designed to make it easy for everyone to encrypt 5 | and decrypt data using industry standards and best practices. 6 | It uses a data format compatible with the AWS Encryption SDKs in other languages. 7 | For more information on the AWS Encryption SDKs in all languages, 8 | see the [Developer Guide](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html). 9 | 10 | This package should only be used as part of the AWS Encryption SDK for Javascript. 11 | For more information about the packages in this project 12 | and how they can be used together, 13 | see the [main browser package readme](https://github.com/aws/aws-encryption-sdk-javascript/blob/master/modules/client-browser/Readme.md) 14 | 15 | ## Installing 16 | 17 | ```sh 18 | npm install @aws-crypto/decrypt-browser 19 | ``` 20 | 21 | ## Testing 22 | 23 | ```sh 24 | npm test 25 | ``` 26 | 27 | ## License 28 | 29 | This SDK is distributed under the 30 | [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0), 31 | see LICENSE.txt and NOTICE.txt for more information. 32 | -------------------------------------------------------------------------------- /modules/decrypt-browser/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@aws-crypto/decrypt-browser", 3 | "version": "4.2.1", 4 | "scripts": { 5 | "prepublishOnly": "tsc -p tsconfig.json && tsc -p tsconfig.module.json", 6 | "lint": "run-s lint-*", 7 | "lint-eslint": "eslint src/*.ts test/**/*.ts", 8 | "lint-prettier": "prettier -c src/*.ts test/**/*.ts", 9 | "karma": "karma start karma.conf.js", 10 | "test": "npm run lint && npm run coverage", 11 | "coverage": "npm run karma && nyc report --exclude-after-remap false -t .karma_output --check-coverage" 12 | }, 13 | "author": { 14 | "name": "AWS Crypto Tools Team", 15 | "email": "aws-cryptools@amazon.com", 16 | "url": "https://github.com/aws/aws-encryption-sdk-javascript" 17 | }, 18 | "license": "Apache-2.0", 19 | "dependencies": { 20 | "@aws-crypto/material-management-browser": "file:../material-management-browser", 21 | "@aws-crypto/serialize": "file:../serialize", 22 | "@aws-sdk/util-utf8-browser": "3.259.0", 23 | "tslib": "^2.2.0" 24 | }, 25 | "sideEffects": false, 26 | "main": "./build/main/src/index.js", 27 | "module": "./build/module/src/index.js", 28 | "types": "./build/main/src/index.d.ts", 29 | "files": [ 30 | "build/**/src/*" 31 | ] 32 | } 33 | -------------------------------------------------------------------------------- /modules/decrypt-browser/src/decrypt_client.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | import { _decrypt } from './decrypt' 5 | import { 6 | CommitmentPolicy, 7 | ClientOptions, 8 | needs, 9 | } from '@aws-crypto/material-management-browser' 10 | 11 | type CurryFirst any> = fn extends ( 12 | _: any, 13 | ...tail: infer TAIL 14 | ) => any 15 | ? TAIL 16 | : [] 17 | 18 | export function buildDecrypt( 19 | options: CommitmentPolicy | Partial = {} 20 | ): { 21 | decrypt: (...args: CurryFirst) => ReturnType 22 | } { 23 | const { 24 | commitmentPolicy = CommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT, 25 | maxEncryptedDataKeys = false, 26 | } = typeof options === 'string' ? { commitmentPolicy: options } : options 27 | 28 | /* Precondition: browser buildDecrypt needs a valid commitmentPolicy. */ 29 | needs(CommitmentPolicy[commitmentPolicy], 'Invalid commitment policy.') 30 | /* Precondition: browser buildDecrypt needs a valid maxEncryptedDataKeys. */ 31 | needs( 32 | maxEncryptedDataKeys === false || maxEncryptedDataKeys >= 1, 33 | 'Invalid maxEncryptedDataKeys value.' 34 | ) 35 | 36 | const clientOptions: ClientOptions = { 37 | commitmentPolicy, 38 | maxEncryptedDataKeys, 39 | } 40 | return { 41 | decrypt: _decrypt.bind({}, clientOptions), 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /modules/decrypt-browser/src/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | export { buildDecrypt } from './decrypt_client' 5 | export { DecryptResult } from './decrypt' 6 | export { MessageHeader } from '@aws-crypto/serialize' 7 | -------------------------------------------------------------------------------- /modules/decrypt-browser/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./" 6 | }, 7 | "include": ["src/**/*.ts", "test/**/*.ts"], 8 | "exclude": ["node_modules/**"], 9 | "references": [ 10 | { "path": "../material-management-browser" }, 11 | { "path": "../serialize" }, 12 | { "path": "../kms-keyring-browser" } 13 | ] 14 | } -------------------------------------------------------------------------------- /modules/decrypt-browser/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext", 7 | "allowSyntheticDefaultImports": true 8 | }, 9 | "exclude": [ 10 | "node_modules/**" 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/decrypt-node/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/decrypt-node/NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Javascript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /modules/decrypt-node/README.md: -------------------------------------------------------------------------------- 1 | # aws-encryption-sdk-javascript 2 | 3 | The AWS Encryption SDK for JavaScript is a client-side encryption library 4 | designed to make it easy for everyone to encrypt 5 | and decrypt data using industry standards and best practices. 6 | It uses a data format compatible with the AWS Encryption SDKs in other languages. 7 | For more information on the AWS Encryption SDKs in all languages, 8 | see the [Developer Guide](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html). 9 | 10 | This package should only be used as part of the AWS Encryption SDK for Javascript. 11 | For more information about the packages in this project 12 | and how they can be used together, 13 | see the [main node package readme](https://github.com/aws/aws-encryption-sdk-javascript/blob/master/modules/client-node/Readme.md) 14 | 15 | ## Installing 16 | 17 | ```sh 18 | npm install @aws-crypto/decrypt-node 19 | ``` 20 | 21 | ## Testing 22 | 23 | ```sh 24 | npm test 25 | ``` 26 | 27 | ## License 28 | 29 | This SDK is distributed under the 30 | [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0), 31 | see LICENSE.txt and NOTICE.txt for more information. 32 | -------------------------------------------------------------------------------- /modules/decrypt-node/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@aws-crypto/decrypt-node", 3 | "version": "4.2.1", 4 | "scripts": { 5 | "prepublishOnly": "npm run build", 6 | "build": "tsc -b tsconfig.json && tsc -b tsconfig.module.json", 7 | "lint": "run-s lint-*", 8 | "lint-eslint": "eslint src/*.ts test/**/*.ts", 9 | "lint-prettier": "prettier -c src/*.ts test/**/*.ts", 10 | "mocha": "mocha --require ts-node/register test/**/*test.ts", 11 | "test": "npm run lint && npm run coverage", 12 | "coverage": "nyc -e .ts npm run mocha" 13 | }, 14 | "author": { 15 | "name": "AWS Crypto Tools Team", 16 | "email": "aws-cryptools@amazon.com", 17 | "url": "https://github.com/aws/aws-encryption-sdk-javascript" 18 | }, 19 | "license": "Apache-2.0", 20 | "dependencies": { 21 | "@aws-crypto/material-management-node": "file:../material-management-node", 22 | "@aws-crypto/serialize": "file:../serialize", 23 | "@types/duplexify": "^3.6.0", 24 | "duplexify": "^4.1.1", 25 | "readable-stream": "^3.6.0", 26 | "tslib": "^2.2.0" 27 | }, 28 | "sideEffects": false, 29 | "main": "./build/main/src/index.js", 30 | "module": "./build/module/src/index.js", 31 | "types": "./build/main/src/index.d.ts", 32 | "files": [ 33 | "build/**/src/*" 34 | ] 35 | } 36 | -------------------------------------------------------------------------------- /modules/decrypt-node/src/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | export { buildDecrypt } from './decrypt_client' 5 | export { DecryptOutput } from './decrypt' 6 | export { MessageHeader } from '@aws-crypto/serialize' 7 | -------------------------------------------------------------------------------- /modules/decrypt-node/src/types.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | import { 5 | SignaturePolicy, 6 | ClientOptions, 7 | } from '@aws-crypto/material-management-node' 8 | 9 | export interface DecryptStreamOptions { 10 | maxBodySize?: number 11 | } 12 | 13 | export interface DecryptParameters { 14 | signaturePolicy: SignaturePolicy 15 | clientOptions: ClientOptions 16 | } 17 | -------------------------------------------------------------------------------- /modules/decrypt-node/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./" 6 | }, 7 | "include": ["src/**/*.ts", "test/**/*.ts"], 8 | "exclude": ["node_modules/**"], 9 | "references": [ 10 | { "path": "../material-management-node" }, 11 | { "path": "../serialize" }, 12 | { "path": "../kms-keyring-node" } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /modules/decrypt-node/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext", 7 | "allowSyntheticDefaultImports": true 8 | }, 9 | "exclude": [ 10 | "node_modules/**" 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/encrypt-browser/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/encrypt-browser/NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Javascript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /modules/encrypt-browser/README.md: -------------------------------------------------------------------------------- 1 | # aws-encryption-sdk-javascript 2 | 3 | The AWS Encryption SDK for JavaScript is a client-side encryption library 4 | designed to make it easy for everyone to encrypt 5 | and decrypt data using industry standards and best practices. 6 | It uses a data format compatible with the AWS Encryption SDKs in other languages. 7 | For more information on the AWS Encryption SDKs in all languages, 8 | see the [Developer Guide](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html). 9 | 10 | This package should only be used as part of the AWS Encryption SDK for Javascript. 11 | For more information about the packages in this project 12 | and how they can be used together, 13 | see the [main browser package readme](https://github.com/aws/aws-encryption-sdk-javascript/blob/master/modules/client-browser/Readme.md) 14 | 15 | ## Installing 16 | 17 | ```sh 18 | npm install @aws-crypto/encrypt-browser 19 | ``` 20 | 21 | ## Testing 22 | 23 | ```sh 24 | npm test 25 | ``` 26 | 27 | ## License 28 | 29 | This SDK is distributed under the 30 | [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0), 31 | see LICENSE.txt and NOTICE.txt for more information. 32 | -------------------------------------------------------------------------------- /modules/encrypt-browser/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@aws-crypto/encrypt-browser", 3 | "version": "4.2.1", 4 | "scripts": { 5 | "prepublishOnly": "tsc -p tsconfig.json && tsc -p tsconfig.module.json", 6 | "lint": "run-s lint-*", 7 | "lint-eslint": "eslint src/*.ts test/**/*.ts", 8 | "lint-prettier": "prettier -c src/*.ts test/**/*.ts", 9 | "karma": "karma start karma.conf.js", 10 | "test": "npm run lint && npm run coverage", 11 | "coverage": "npm run karma && nyc report --exclude-after-remap false -t .karma_output --check-coverage" 12 | }, 13 | "author": { 14 | "name": "AWS Crypto Tools Team", 15 | "email": "aws-cryptools@amazon.com", 16 | "url": "https://github.com/aws/aws-encryption-sdk-javascript" 17 | }, 18 | "license": "Apache-2.0", 19 | "dependencies": { 20 | "@aws-crypto/material-management-browser": "file:../material-management-browser", 21 | "@aws-crypto/serialize": "file:../serialize", 22 | "@aws-crypto/web-crypto-backend": "file:../web-crypto-backend", 23 | "@aws-sdk/util-utf8-browser": "3.259.0", 24 | "tslib": "^2.2.0" 25 | }, 26 | "sideEffects": false, 27 | "main": "./build/main/src/index.js", 28 | "module": "./build/module/src/index.js", 29 | "types": "./build/main/src/index.d.ts", 30 | "files": [ 31 | "build/**/src/*" 32 | ] 33 | } 34 | -------------------------------------------------------------------------------- /modules/encrypt-browser/src/encrypt_client.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | import { _encrypt } from './encrypt' 5 | import { 6 | CommitmentPolicy, 7 | ClientOptions, 8 | needs, 9 | } from '@aws-crypto/material-management-browser' 10 | 11 | type CurryFirst any> = fn extends ( 12 | _: any, 13 | ...tail: infer TAIL 14 | ) => any 15 | ? TAIL 16 | : [] 17 | 18 | export function buildEncrypt( 19 | options: CommitmentPolicy | Partial = {} 20 | ): { 21 | encrypt: (...args: CurryFirst) => ReturnType 22 | } { 23 | const { 24 | commitmentPolicy = CommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT, 25 | maxEncryptedDataKeys = false, 26 | } = typeof options === 'string' ? { commitmentPolicy: options } : options 27 | 28 | /* Precondition: browser buildEncrypt needs a valid commitmentPolicy. */ 29 | needs(CommitmentPolicy[commitmentPolicy], 'Invalid commitment policy.') 30 | /* Precondition: browser buildEncrypt needs a valid maxEncryptedDataKeys. */ 31 | needs( 32 | maxEncryptedDataKeys === false || maxEncryptedDataKeys >= 1, 33 | 'Invalid maxEncryptedDataKeys value.' 34 | ) 35 | 36 | const clientOptions: ClientOptions = { 37 | commitmentPolicy, 38 | maxEncryptedDataKeys, 39 | } 40 | return { 41 | encrypt: _encrypt.bind({}, clientOptions), 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /modules/encrypt-browser/src/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | export { buildEncrypt } from './encrypt_client' 5 | export { MessageHeader } from '@aws-crypto/serialize' 6 | -------------------------------------------------------------------------------- /modules/encrypt-browser/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./" 6 | }, 7 | "include": ["src/**/*.ts", "test/**/*.ts"], 8 | "exclude": ["node_modules/**"], 9 | "references": [ 10 | { "path": "../material-management-browser" }, 11 | { "path": "../serialize" }, 12 | { "path": "../web-crypto-backend" } 13 | ] 14 | } -------------------------------------------------------------------------------- /modules/encrypt-browser/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext", 7 | "allowSyntheticDefaultImports": true 8 | }, 9 | "exclude": [ 10 | "node_modules/**" 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/encrypt-node/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/encrypt-node/NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Javascript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /modules/encrypt-node/README.md: -------------------------------------------------------------------------------- 1 | # aws-encryption-sdk-javascript 2 | 3 | The AWS Encryption SDK for JavaScript is a client-side encryption library 4 | designed to make it easy for everyone to encrypt 5 | and decrypt data using industry standards and best practices. 6 | It uses a data format compatible with the AWS Encryption SDKs in other languages. 7 | For more information on the AWS Encryption SDKs in all languages, 8 | see the [Developer Guide](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html). 9 | 10 | This package should only be used as part of the AWS Encryption SDK for Javascript. 11 | For more information about the packages in this project 12 | and how they can be used together, 13 | see the [main node package readme](https://github.com/aws/aws-encryption-sdk-javascript/blob/master/modules/client-node/Readme.md) 14 | 15 | ## Installing 16 | 17 | ```sh 18 | npm install @aws-crypto/encrypt-node 19 | ``` 20 | 21 | ## Testing 22 | 23 | ```sh 24 | npm test 25 | ``` 26 | 27 | ## License 28 | 29 | This SDK is distributed under the 30 | [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0), 31 | see LICENSE.txt and NOTICE.txt for more information. 32 | -------------------------------------------------------------------------------- /modules/encrypt-node/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@aws-crypto/encrypt-node", 3 | "version": "4.2.1", 4 | "scripts": { 5 | "prepublishOnly": "tsc -p tsconfig.json && tsc -p tsconfig.module.json", 6 | "lint": "run-s lint-*", 7 | "lint-eslint": "eslint src/*.ts test/**/*.ts", 8 | "lint-prettier": "prettier -c src/*.ts test/**/*.ts", 9 | "mocha": "mocha --require ts-node/register test/**/*test.ts", 10 | "test": "npm run lint && npm run coverage", 11 | "coverage": "nyc -e .ts npm run mocha" 12 | }, 13 | "author": { 14 | "name": "AWS Crypto Tools Team", 15 | "email": "aws-cryptools@amazon.com", 16 | "url": "https://github.com/aws/aws-encryption-sdk-javascript" 17 | }, 18 | "license": "Apache-2.0", 19 | "dependencies": { 20 | "@aws-crypto/material-management-node": "file:../material-management-node", 21 | "@aws-crypto/serialize": "file:../serialize", 22 | "@types/duplexify": "^3.6.0", 23 | "duplexify": "^4.1.3", 24 | "readable-stream": "^3.6.0", 25 | "tslib": "^2.2.0" 26 | }, 27 | "sideEffects": false, 28 | "main": "./build/main/src/index.js", 29 | "module": "./build/module/src/index.js", 30 | "types": "./build/main/src/index.d.ts", 31 | "files": [ 32 | "build/**/src/*" 33 | ] 34 | } 35 | -------------------------------------------------------------------------------- /modules/encrypt-node/src/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | export { buildEncrypt } from './encrypt_client' 5 | export { MessageHeader } from '@aws-crypto/serialize' 6 | -------------------------------------------------------------------------------- /modules/encrypt-node/src/signature_stream.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | import { Transform } from 'stream' 5 | import { GetSigner } from '@aws-crypto/material-management-node' 6 | import { serializeSignatureInfo } from '@aws-crypto/serialize' 7 | 8 | type AWSSigner = ReturnType 9 | 10 | export class SignatureStream extends Transform { 11 | private _signer!: AWSSigner | undefined 12 | constructor(getSigner?: GetSigner) { 13 | super() 14 | const value = getSigner && getSigner() 15 | Object.defineProperty(this, '_signer', { value, enumerable: true }) 16 | } 17 | 18 | _transform( 19 | chunk: any, 20 | _encoding: string, 21 | callback: (err?: Error | null, data?: Uint8Array) => void 22 | ) { 23 | // If we have a signer, push the data to it 24 | this._signer && this._signer.update(chunk) 25 | // forward the data on 26 | callback(null, chunk) 27 | } 28 | 29 | _flush(callback: (err?: Error) => void) { 30 | if (this._signer) { 31 | const signature = this._signer.awsCryptoSign() 32 | this.push(serializeSignatureInfo(signature)) 33 | } 34 | callback() 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /modules/encrypt-node/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./" 6 | }, 7 | "include": ["src/**/*.ts", "test/**/*.ts"], 8 | "exclude": ["node_modules/**"], 9 | "references": [ 10 | { "path": "../material-management-node" }, 11 | { "path": "../serialize" } 12 | ] 13 | } -------------------------------------------------------------------------------- /modules/encrypt-node/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext", 7 | "allowSyntheticDefaultImports": true 8 | }, 9 | "exclude": [ 10 | "node_modules/**" 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/example-browser/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/example-browser/NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Javascript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /modules/example-browser/html/aes_simple.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Client Side AES Encryption Test 7 | 8 | 9 | 10 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /modules/example-browser/html/caching_cmm.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Client-Side Caching CMM Encryption Test 7 | 8 | 9 | 10 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /modules/example-browser/html/disable_commitment.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Client Side KMS Encryption Test 8 | 9 | 10 | 11 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /modules/example-browser/html/fallback.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Client Side AWS Encryption SDK with MSRCrypto as a fallback 7 | 8 | 9 | 10 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /modules/example-browser/html/kms_simple.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Client Side KMS Encryption Test 7 | 8 | 9 | 10 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /modules/example-browser/html/multi_keyring.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Client Side Multi Keyring Encryption Test 7 | 8 | 9 | 10 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /modules/example-browser/html/rsa_simple.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Client Side RSA Encryption Test 7 | 8 | 9 | 10 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /modules/example-browser/src/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | /* 5 | * This library has no exported implementation. 6 | * It is intended to be used as a reference. 7 | */ 8 | -------------------------------------------------------------------------------- /modules/example-browser/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./", 6 | "allowJs": true, 7 | }, 8 | "include": ["src/**/*.ts", "test/**/*.ts", "src/**/*.js"], 9 | "exclude": ["node_modules/**"], 10 | "references": [ 11 | { "path": "../client-browser" } 12 | ] 13 | } -------------------------------------------------------------------------------- /modules/example-browser/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext" 7 | }, 8 | "exclude": [ 9 | "node_modules/**" 10 | ] 11 | } -------------------------------------------------------------------------------- /modules/example-browser/webpack_configs/aes.webpack.config.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | const path = require('path') 5 | 6 | module.exports = { 7 | entry: './src/aes_simple.ts', 8 | // devtool: 'inline-source-map', 9 | module: { 10 | rules: [ 11 | { 12 | test: /aes_simple.ts$/, 13 | use: [ 14 | { 15 | loader: 'ts-loader', 16 | options: { 17 | configFile: 'tsconfig.module.json' 18 | } 19 | } 20 | ], 21 | include: /aes_simple.ts/, 22 | exclude: [/node_modules/] 23 | } 24 | ] 25 | }, 26 | resolve: { 27 | extensions: [ '.tsx', '.ts', '.js' ] 28 | }, 29 | output: { 30 | filename: 'aes_simple_bundle.js', 31 | path: path.resolve(__dirname, '..', 'build'), 32 | library: 'test', 33 | libraryTarget: 'var' 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /modules/example-browser/webpack_configs/caching_cmm.webpack.config.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | const webpack = require('webpack') 5 | const path = require('path') 6 | const {defaultProvider} = require('@aws-sdk/credential-provider-node') 7 | 8 | module.exports = (async () => ({ 9 | entry: './src/caching_cmm.ts', 10 | // devtool: 'inline-source-map', 11 | module: { 12 | rules: [ 13 | { 14 | test: /caching_cmm.ts$/, 15 | use: [ 16 | { 17 | loader: 'ts-loader', 18 | options: { 19 | configFile: 'tsconfig.module.json' 20 | } 21 | } 22 | ], 23 | include: /caching_cmm.ts/, 24 | exclude: [/node_modules/] 25 | } 26 | ] 27 | }, 28 | resolve: { 29 | extensions: [ '.tsx', '.ts', '.js' ] 30 | }, 31 | output: { 32 | filename: 'caching_cmm_bundle.js', 33 | path: path.resolve(__dirname, '..', 'build'), 34 | library: 'test', 35 | libraryTarget: 'var' 36 | }, 37 | plugins: [ 38 | new webpack.DefinePlugin({ 39 | credentials: JSON.stringify(await defaultProvider()()) 40 | }) 41 | ], 42 | node: { 43 | util: 'empty' 44 | } 45 | }))() 46 | -------------------------------------------------------------------------------- /modules/example-browser/webpack_configs/disable_commitment.webpack.config.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | const webpack = require('webpack') 5 | const path = require('path') 6 | const {defaultProvider} = require('@aws-sdk/credential-provider-node') 7 | 8 | module.exports = (async () => ({ 9 | entry: './src/disable_commitment.ts', 10 | // devtool: 'inline-source-map', 11 | module: { 12 | rules: [ 13 | { 14 | test: /disable_commitment.ts$/, 15 | use: [ 16 | { 17 | loader: 'ts-loader', 18 | options: { 19 | configFile: 'tsconfig.module.json' 20 | } 21 | } 22 | ], 23 | include: /disable_commitment.ts/, 24 | exclude: [/node_modules/] 25 | } 26 | ] 27 | }, 28 | resolve: { 29 | extensions: [ '.tsx', '.ts', '.js' ] 30 | }, 31 | output: { 32 | filename: 'disable_commitment_bundle.js', 33 | path: path.resolve(__dirname, '..', 'build'), 34 | library: 'test', 35 | libraryTarget: 'var' 36 | }, 37 | plugins: [ 38 | new webpack.DefinePlugin({ 39 | credentials: JSON.stringify(await defaultProvider()()) 40 | }) 41 | ], 42 | node: { 43 | util: 'empty' 44 | } 45 | }))() 46 | -------------------------------------------------------------------------------- /modules/example-browser/webpack_configs/fallback.webpack.config.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | const path = require('path') 5 | 6 | module.exports = { 7 | entry: './src/fallback.ts', 8 | // devtool: 'inline-source-map', 9 | module: { 10 | rules: [ 11 | { 12 | test: /fallback.ts$/, 13 | use: [ 14 | { 15 | loader: 'ts-loader', 16 | options: { 17 | configFile: 'tsconfig.module.json' 18 | } 19 | } 20 | ], 21 | include: /fallback.ts/, 22 | exclude: [/node_modules/] 23 | } 24 | ] 25 | }, 26 | resolve: { 27 | extensions: [ '.tsx', '.ts', '.js' ] 28 | }, 29 | output: { 30 | filename: 'fallback_bundle.js', 31 | path: path.resolve(__dirname, '..', 'build'), 32 | library: 'test', 33 | libraryTarget: 'var' 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /modules/example-browser/webpack_configs/kms.webpack.config.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | const webpack = require('webpack') 5 | const path = require('path') 6 | const {defaultProvider} = require('@aws-sdk/credential-provider-node') 7 | 8 | module.exports = (async () => ({ 9 | entry: './src/kms_simple.ts', 10 | // devtool: 'inline-source-map', 11 | module: { 12 | rules: [ 13 | { 14 | test: /kms_simple.ts$/, 15 | use: [ 16 | { 17 | loader: 'ts-loader', 18 | options: { 19 | configFile: 'tsconfig.module.json' 20 | } 21 | } 22 | ], 23 | include: /kms_simple.ts/, 24 | exclude: [/node_modules/] 25 | } 26 | ] 27 | }, 28 | resolve: { 29 | extensions: [ '.tsx', '.ts', '.js' ] 30 | }, 31 | output: { 32 | filename: 'kms_simple_bundle.js', 33 | path: path.resolve(__dirname, '..', 'build'), 34 | library: 'test', 35 | libraryTarget: 'var' 36 | }, 37 | plugins: [ 38 | new webpack.DefinePlugin({ 39 | credentials: JSON.stringify(await defaultProvider()()) 40 | }) 41 | ], 42 | node: { 43 | util: 'empty' 44 | } 45 | }))() 46 | -------------------------------------------------------------------------------- /modules/example-browser/webpack_configs/multi_keyring.webpack.config.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | const webpack = require('webpack') 5 | const path = require('path') 6 | const {defaultProvider} = require('@aws-sdk/credential-provider-node') 7 | 8 | module.exports = (async () => ({ 9 | entry: './src/multi_keyring.ts', 10 | // devtool: 'inline-source-map', 11 | module: { 12 | rules: [ 13 | { 14 | test: /multi_keyring.ts$/, 15 | use: [ 16 | { 17 | loader: 'ts-loader', 18 | options: { 19 | configFile: 'tsconfig.module.json' 20 | } 21 | } 22 | ], 23 | include: /multi_keyring.ts/, 24 | exclude: [/node_modules/] 25 | } 26 | ] 27 | }, 28 | resolve: { 29 | extensions: [ '.tsx', '.ts', '.js' ] 30 | }, 31 | output: { 32 | filename: 'multi_keyring_bundle.js', 33 | path: path.resolve(__dirname, '..', 'build'), 34 | library: 'test', 35 | libraryTarget: 'var' 36 | }, 37 | plugins: [ 38 | new webpack.DefinePlugin({ 39 | credentials: JSON.stringify(await defaultProvider()()) 40 | }) 41 | ], 42 | node: { 43 | util: 'empty' 44 | } 45 | }))() 46 | -------------------------------------------------------------------------------- /modules/example-browser/webpack_configs/rsa.webpack.config.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | const path = require('path') 5 | 6 | module.exports = { 7 | entry: './src/rsa_simple.ts', 8 | // devtool: 'inline-source-map', 9 | module: { 10 | rules: [ 11 | { 12 | test: /rsa_simple.ts$/, 13 | use: [ 14 | { 15 | loader: 'ts-loader', 16 | options: { 17 | configFile: 'tsconfig.module.json' 18 | } 19 | } 20 | ], 21 | include: /rsa_simple.ts/, 22 | exclude: [/node_modules/] 23 | } 24 | ] 25 | }, 26 | resolve: { 27 | extensions: [ '.tsx', '.ts', '.js' ] 28 | }, 29 | output: { 30 | filename: 'rsa_simple_bundle.js', 31 | path: path.resolve(__dirname, '..', 'build'), 32 | library: 'test', 33 | libraryTarget: 'var' 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /modules/example-node/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/example-node/NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Javascript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /modules/example-node/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@aws-crypto/example-node", 3 | "version": "4.2.1", 4 | "scripts": { 5 | "prepublishOnly": "npm run build", 6 | "build": "tsc -b tsconfig.json && tsc -b tsconfig.module.json", 7 | "lint": "run-s lint-*", 8 | "lint-eslint": "eslint src/*.ts test/**/*.ts", 9 | "lint-prettier": "prettier -c src/*.ts test/**/*.ts", 10 | "mocha": "mocha --require ts-node/register test/**/*test.ts", 11 | "test": "npm run lint && npm run coverage", 12 | "coverage": "nyc -e .ts npm run mocha" 13 | }, 14 | "author": { 15 | "name": "AWS Crypto Tools Team", 16 | "email": "aws-cryptools@amazon.com", 17 | "url": "https://aws.amazon.com/javascript/" 18 | }, 19 | "license": "Apache-2.0", 20 | "dependencies": { 21 | "@aws-crypto/client-node": "file:../client-node", 22 | "tslib": "^2.2.0" 23 | }, 24 | "sideEffects": false, 25 | "main": "./build/main/src/index.js", 26 | "module": "./build/module/src/index.js", 27 | "types": "./build/main/src/index.d.ts", 28 | "files": [ 29 | "build/**/src/*" 30 | ] 31 | } 32 | -------------------------------------------------------------------------------- /modules/example-node/src/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | /* 5 | * This library has no exported implementation. 6 | * It is intended to be used as a reference. 7 | */ 8 | -------------------------------------------------------------------------------- /modules/example-node/src/kms_filtered_discovery.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | import { 5 | KmsKeyringNode, 6 | getKmsClient, 7 | buildClient, 8 | CommitmentPolicy, 9 | } from '@aws-crypto/client-node' 10 | 11 | /* This builds the client with the REQUIRE_ENCRYPT_REQUIRE_DECRYPT commitment policy, 12 | * which enforces that this client only encrypts using committing algorithm suites 13 | * and enforces that this client 14 | * will only decrypt encrypted messages 15 | * that were created with a committing algorithm suite. 16 | * This is the default commitment policy 17 | * if you build the client with `buildClient()`. 18 | */ 19 | const { decrypt } = buildClient( 20 | CommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT 21 | ) 22 | 23 | export async function kmsFilteredDiscoveryTest( 24 | ciphertext: string | Buffer, 25 | accountID: string, 26 | partition: string 27 | ) { 28 | const discovery = true 29 | const clientProvider = getKmsClient 30 | /* This filter will only attempt to decrypt CMKs 31 | * in `accountID` and `partition`. 32 | */ 33 | const discoveryFilter = { 34 | accountIDs: [accountID], 35 | partition, 36 | } 37 | const keyring = new KmsKeyringNode({ 38 | clientProvider, 39 | discovery, 40 | discoveryFilter, 41 | }) 42 | 43 | const cleartext = await decrypt(keyring, ciphertext) 44 | 45 | return { ciphertext, cleartext } 46 | } 47 | -------------------------------------------------------------------------------- /modules/example-node/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./" 6 | }, 7 | "include": ["src/**/*.ts", "test/**/*.ts"], 8 | "exclude": ["node_modules/**"], 9 | "references": [ 10 | { "path": "../client-node" } 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/example-node/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext", 7 | "allowSyntheticDefaultImports": true 8 | }, 9 | "exclude": [ 10 | "node_modules/**" 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/hkdf-node/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/hkdf-node/NOTICE: -------------------------------------------------------------------------------- 1 | AWS SDK for JavaScript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | 4 | This product includes software developed at 5 | Amazon Web Services, Inc. (http://aws.amazon.com/). -------------------------------------------------------------------------------- /modules/hkdf-node/README.md: -------------------------------------------------------------------------------- 1 | # @aws-crypto/hkdf-node 2 | 3 | This module exports a HMAC-based Key Derivation Function (HKDF) for Node.js. 4 | HKDF is very simple to implement, 5 | but this module has been reviewed 6 | and has extensive test vectors. 7 | 8 | This module is used in the the AWS Encryption SDK for JavaScript 9 | to provide HKDF key derivation for specific algorithm suites. 10 | 11 | Specification: https://tools.ietf.org/html/rfc5869 12 | 13 | ## install 14 | 15 | ```sh 16 | npm install @aws-crypto/hkdf-node 17 | ``` 18 | 19 | ## use 20 | 21 | ```javascript 22 | const HKDF = require('@aws-crypto/hkdf-node') 23 | const expand = HKDF('sha256')('some key', 'some salt') 24 | const info = {some: 'info', message_id: 123} 25 | const key = expand(32, Buffer.from(JSON.stringify(info))) 26 | ``` 27 | 28 | ## test 29 | 30 | ```sh 31 | npm test 32 | ``` 33 | 34 | ## license 35 | 36 | This SDK is distributed under the 37 | [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0), 38 | see LICENSE.txt and NOTICE.txt for more information. 39 | -------------------------------------------------------------------------------- /modules/hkdf-node/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@aws-crypto/hkdf-node", 3 | "version": "4.0.0", 4 | "description": "nodejs hkdf crypto primitive", 5 | "scripts": { 6 | "prepublishOnly": "npm run build", 7 | "build": "tsc -b tsconfig.json && tsc -b tsconfig.module.json", 8 | "lint": "run-s lint-*", 9 | "lint-eslint": "eslint src/*.ts test/**/*.ts", 10 | "lint-prettier": "prettier -c src/*.ts test/**/*.ts", 11 | "mocha": "mocha --require ts-node/register test/**/*test.ts", 12 | "test": "npm run lint && npm run coverage", 13 | "coverage": "nyc -e .ts npm run mocha" 14 | }, 15 | "repository": "", 16 | "author": { 17 | "name": "AWS Crypto Tools Team", 18 | "email": "aws-cryptools@amazon.com", 19 | "url": "https://docs.aws.amazon.com/aws-crypto-tools/index.html?id=docs_gateway#lang/en_us" 20 | }, 21 | "license": "Apache-2.0", 22 | "dependencies": { 23 | "tslib": "^2.2.0" 24 | }, 25 | "sideEffects": false, 26 | "main": "./build/main/src/index.js", 27 | "module": "./build/module/src/index.js", 28 | "types": "./build/main/src/index.d.ts", 29 | "files": [ 30 | "build/**/src/*" 31 | ], 32 | "standard": { 33 | "fix": true, 34 | "parser": "@typescript-eslint/parser", 35 | "plugins": [ 36 | "@typescript-eslint" 37 | ] 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /modules/hkdf-node/src/errors.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | export class HKDFError extends Error { 5 | constructor(message?: string) { 6 | super(message) 7 | Object.setPrototypeOf(this, HKDFError.prototype) 8 | } 9 | } 10 | 11 | export class KeyLengthError extends HKDFError { 12 | public name = 'KeyLengthError' 13 | constructor(maxLength: number, algorithm: string) { 14 | super( 15 | 'Can not derive keys larger than ' + 16 | maxLength + 17 | ' for algorithm:' + 18 | algorithm 19 | ) 20 | Object.setPrototypeOf(this, KeyLengthError.prototype) 21 | } 22 | } 23 | 24 | export class UnsupportedAlgorithm extends HKDFError { 25 | public name = 'UnsupportedAlgorithm' 26 | constructor(algorithm: string) { 27 | super('Hash algorithm: ' + algorithm + ' is not an implemented algorithm') 28 | Object.setPrototypeOf(this, UnsupportedAlgorithm.prototype) 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /modules/hkdf-node/src/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | export * from './hkdf' 5 | export * from './errors' 6 | -------------------------------------------------------------------------------- /modules/hkdf-node/test/aws_encryption_sdk_vectors.test.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | /* eslint-env mocha */ 5 | 6 | import { expect } from 'chai' 7 | import { HKDF } from '../src/index' 8 | import { testVectors } from './fixtures' 9 | 10 | // See: https://github.com/aws/aws-encryption-sdk-c/blob/master/tests/unit/t_hkdf.c 11 | describe('aws-encryption-sdk-c hkdf test vectors', () => { 12 | for (const vector of testVectors) { 13 | it(`Test: ${vector.testName}`, () => { 14 | const hdkf = HKDF(vector.whichSha) 15 | const test = hdkf(vector.ikm, vector.salt)(vector.okmLen, vector.info) 16 | expect(test).to.deep.equal(vector.okmDesired) 17 | }) 18 | } 19 | }) 20 | -------------------------------------------------------------------------------- /modules/hkdf-node/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./" 6 | }, 7 | "include": ["src/**/*.ts", "test/**/*.ts"], 8 | "exclude": ["node_modules/**"] 9 | } -------------------------------------------------------------------------------- /modules/hkdf-node/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext", 7 | "allowSyntheticDefaultImports": true 8 | }, 9 | "exclude": [ 10 | "node_modules/**" 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/integration-browser/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/integration-browser/NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Javascript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /modules/integration-browser/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./" 6 | }, 7 | "include": ["src/**/*.ts", "test/**/*.ts"], 8 | "exclude": ["node_modules/**"], 9 | "references": [ 10 | { "path": "../client-browser" }, 11 | { "path": "../integration-vectors" } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /modules/integration-browser/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext", 7 | "allowSyntheticDefaultImports": true 8 | }, 9 | "exclude": ["node_modules/**"], 10 | "references": [ 11 | { 12 | "path": "../client-browser/tsconfig.module.json" 13 | }, 14 | { "path": "../integration-vectors/tsconfig.module.json" } 15 | ] 16 | } 17 | -------------------------------------------------------------------------------- /modules/integration-browser/webpack.config.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | const path = require('path') 5 | 6 | module.exports = { 7 | entry: './src/asdf.test.ts', 8 | // devtool: 'inline-source-map', 9 | module: { 10 | rules: [ 11 | { 12 | test: /\.asdf.test.ts$/, 13 | use: 'mocha-loader', 14 | exclude: /node_modules/ 15 | }, 16 | { 17 | test: /\.tsx?$/, 18 | use: 'ts-loader', 19 | exclude: /node_modules/ 20 | } 21 | ] 22 | }, 23 | resolve: { 24 | extensions: [ '.tsx', '.ts', '.js' ] 25 | }, 26 | output: { 27 | filename: 'asdf.test.js', 28 | path: path.resolve(__dirname, 'build') 29 | }, 30 | node: false 31 | } 32 | -------------------------------------------------------------------------------- /modules/integration-node/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/integration-node/NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Javascript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /modules/integration-node/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@aws-crypto/integration-node", 3 | "version": "4.2.1", 4 | "scripts": { 5 | "prepublishOnly": "npm run generate-version.ts; npm run build", 6 | "generate-version.ts": "npx genversion --es6 src/version.ts", 7 | "build": "tsc -b tsconfig.json", 8 | "lint": "run-s lint-*", 9 | "lint-eslint": "eslint src/*.ts test/*.ts", 10 | "lint-prettier": "prettier -c src/*.ts test/*.ts", 11 | "test": "npm run lint && npm run build && node ./build/main/index.js", 12 | "integration_node": "npx ." 13 | }, 14 | "author": { 15 | "name": "AWS Crypto Tools Team", 16 | "email": "aws-cryptools@amazon.com", 17 | "url": "https://aws.amazon.com/javascript/" 18 | }, 19 | "license": "Apache-2.0", 20 | "dependencies": { 21 | "@aws-crypto/client-node": "file:../client-node", 22 | "@aws-crypto/integration-vectors": "file:../integration-vectors", 23 | "@types/got": "^9.6.9", 24 | "@types/stream-to-promise": "^2.2.0", 25 | "@types/yargs": "^17.0.1", 26 | "got": "^11.8.0", 27 | "stream-to-promise": "^3.0.0", 28 | "tslib": "^2.3.0", 29 | "yargs": "^17.0.1", 30 | "yazl": "^3.3.1" 31 | }, 32 | "sideEffects": false, 33 | "main": "./build/main/src/index.js", 34 | "types": "./build/main/src/index.d.ts", 35 | "bin": "./build/main/src/cli.js", 36 | "files": [ 37 | "build/**/src/*" 38 | ] 39 | } 40 | -------------------------------------------------------------------------------- /modules/integration-node/src/constants.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | export const KEYS_MANIFEST_NAME_FILENAME = 'keys.json' 5 | export const MANIFEST_NAME_FILENAME = 'manifest.json' 6 | export const DECRYPT_MANIFEST_TYPE = 'awses-decrypt' 7 | export const DECRYPT_MANIFEST_CLIENT_NAME = 'aws/aws-encryption-sdk-javascript' 8 | export const MANIFEST_URI_PREFIX = 'file://' 9 | export const MANIFEST_PLAINTEXT_PATH = 'plaintexts/' 10 | export const MANIFEST_CIPHERTEXT_PATH = 'ciphertexts/' 11 | -------------------------------------------------------------------------------- /modules/integration-node/src/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | export * from './get_encrypt_test_iterator' 5 | export * from './integration_tests' 6 | export * from './decrypt_materials_manager_node' 7 | -------------------------------------------------------------------------------- /modules/integration-node/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./" 6 | }, 7 | "include": ["src/**/*.ts", "test/**/*.ts"], 8 | "exclude": ["node_modules/**"], 9 | "references": [ 10 | { "path": "../client-node"}, 11 | {"path": "../integration-vectors"} 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /modules/integration-node/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext", 7 | "allowSyntheticDefaultImports": true 8 | }, 9 | "exclude": [ 10 | "node_modules/**" 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/integration-vectors/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | }, 12 | } 13 | -------------------------------------------------------------------------------- /modules/integration-vectors/NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Javascript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /modules/integration-vectors/Readme.md: -------------------------------------------------------------------------------- 1 | # AWS Encryption SDK for Javascript Test Vectors 2 | 3 | This repository is for compatibility tests with the other versions of the AWS Encryption SDKs. 4 | Its purpose is to facilitate testing the set of test vectors the AWS Encryption SDK. 5 | The test vectors can be found at https://github.com/awslabs/aws-encryption-sdk-test-vectors. 6 | Manifest information can be found at https://github.com/awslabs/aws-crypto-tools-test-vector-framework. 7 | 8 | It does not provide any useful functionality upon which you may want to build any dependencies. 9 | Instead, you want to use it to verify environments (make sure the AWS Encryption SDK works on them). 10 | 11 | # To use, take a dependency on @aws-crypto/integration-vectors 12 | 13 | 1. Download a manifest zip file from aws-encryption-sdk-test-vectors or a supported format. 14 | 1. Select or download both an encryption manifest list and key manifest from aws-crypto-tools-test-vector-framework. 15 | 1. Refer to the `integration-node` and/or `integration-browser` for examples of usage. 16 | -------------------------------------------------------------------------------- /modules/integration-vectors/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@aws-crypto/integration-vectors", 3 | "version": "4.2.1", 4 | "scripts": { 5 | "build": "tsc -b tsconfig.json", 6 | "lint": "run-s lint-*", 7 | "lint-eslint": "eslint src/*.ts test/**/*.ts", 8 | "lint-prettier": "prettier -c src/*.ts test/**/*.ts", 9 | "mocha": "mocha --require source-map-support/register --require ts-node/register test/*test.ts", 10 | "test": "npm run lint && npm run build && node ./build/main/index.js && npm run mocha" 11 | }, 12 | "dependencies": { 13 | "@aws-crypto/material-management": "file:../material-management", 14 | "@types/stream-to-promise": "^2.2.0", 15 | "@types/yauzl": "^2.9.1", 16 | "stream-to-promise": "^3.0.0", 17 | "tslib": "^2.3.0", 18 | "yauzl": "^2.10.0" 19 | }, 20 | "sideEffects": false, 21 | "main": "./build/main/src/index.js", 22 | "types": "./build/main/src/index.d.ts", 23 | "files": [ 24 | "build/**/src/*" 25 | ], 26 | "description": "This repository is for compatibility tests with the other versions of the AWS Encryption SDKs.", 27 | "directories": { 28 | "test": "test" 29 | }, 30 | "keywords": [], 31 | "author": { 32 | "name": "AWS Crypto Tools Team", 33 | "email": "aws-cryptools@amazon.com", 34 | "url": "https://aws.amazon.com/javascript/" 35 | }, 36 | "license": "Apache-2.0" 37 | } 38 | -------------------------------------------------------------------------------- /modules/integration-vectors/src/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | export * from './types' 5 | export * from './get_decrypt_test_iterator' 6 | export * from './build_get_keyring' 7 | -------------------------------------------------------------------------------- /modules/integration-vectors/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./" 6 | }, 7 | "include": ["src/**/*.ts", "test/**/*.ts"], 8 | "exclude": ["node_modules/**"], 9 | "references": [ 10 | { "path": "../client-node"} 11 | ] 12 | } 13 | -------------------------------------------------------------------------------- /modules/integration-vectors/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext", 7 | "allowSyntheticDefaultImports": true 8 | }, 9 | "exclude": [ 10 | "node_modules/**" 11 | ] 12 | } 13 | -------------------------------------------------------------------------------- /modules/kdf-ctr-mode-node/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/kdf-ctr-mode-node/NOTICE: -------------------------------------------------------------------------------- 1 | AWS SDK for JavaScript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | 4 | This product includes software developed at 5 | Amazon Web Services, Inc. (http://aws.amazon.com/). -------------------------------------------------------------------------------- /modules/kdf-ctr-mode-node/README.md: -------------------------------------------------------------------------------- 1 | # @aws-crypto/kdf-ctr-mode-node 2 | 3 | This module exports a Key Derivation Function in Counter Mode with a Pseudo 4 | Random function with HMAC SHA 256 for Node.js. 5 | 6 | This module is used in the the AWS Encryption SDK for JavaScript 7 | to provide key derivation for specific algorithm suites. 8 | 9 | Specification: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf 10 | 11 | ## install 12 | 13 | ```sh 14 | npm install @aws-crypto/kdf-ctr-mode-node 15 | ``` 16 | 17 | ## use 18 | 19 | ```javascript 20 | 21 | const digestAlgorithm = 'sha256' 22 | const initialKeyMaterial = gottenFromSomewhereSecure() 23 | const nonce = freshRandomData() 24 | const purpose = Buffer.from('What this derived key is for.', 'utf-8') 25 | const expectedLength = 32 26 | 27 | const KDF = require('@aws-crypto/kdf-ctr-mode-node') 28 | const derivedKey = KDF.kdfCounterMode({ 29 | digestAlgorithm, 30 | ikm: initialKeyMaterial, 31 | nonce, 32 | purpose, 33 | expectedLength, 34 | }) 35 | ``` 36 | 37 | ## test 38 | 39 | ```sh 40 | npm test 41 | ``` 42 | 43 | ## license 44 | 45 | This SDK is distributed under the 46 | [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0), 47 | see LICENSE.txt and NOTICE.txt for more information. 48 | -------------------------------------------------------------------------------- /modules/kdf-ctr-mode-node/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@aws-crypto/kdf-ctr-mode-node", 3 | "version": "4.1.0", 4 | "description": "nodejs kdf ctr mode crypto primitive", 5 | "scripts": { 6 | "prepublishOnly": "npm run build", 7 | "build": "tsc -b tsconfig.json && tsc -b tsconfig.module.json", 8 | "lint": "run-s lint-*", 9 | "lint-eslint": "eslint src/*.ts test/**/*.ts", 10 | "lint-prettier": "prettier -c src/*.ts test/**/*.ts", 11 | "mocha": "mocha --require ts-node/register test/**/*test.ts", 12 | "test": "npm run lint && npm run coverage", 13 | "coverage": "nyc -e .ts npm run mocha" 14 | }, 15 | "repository": "", 16 | "author": { 17 | "name": "AWS Crypto Tools Team", 18 | "email": "aws-cryptools@amazon.com", 19 | "url": "https://docs.aws.amazon.com/aws-crypto-tools/index.html?id=docs_gateway#lang/en_us" 20 | }, 21 | "license": "Apache-2.0", 22 | "dependencies": { 23 | "tslib": "^2.2.0" 24 | }, 25 | "sideEffects": false, 26 | "main": "./build/main/src/index.js", 27 | "module": "./build/module/src/index.js", 28 | "types": "./build/main/src/index.d.ts", 29 | "files": [ 30 | "build/**/src/*" 31 | ], 32 | "standard": { 33 | "fix": true, 34 | "parser": "@typescript-eslint/parser", 35 | "plugins": [ 36 | "@typescript-eslint" 37 | ] 38 | }, 39 | "devDependencies": { 40 | "@types/sinon": "^17.0.3" 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /modules/kdf-ctr-mode-node/src/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | export { kdfCounterMode } from './kdfctr' 5 | -------------------------------------------------------------------------------- /modules/kdf-ctr-mode-node/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./" 6 | }, 7 | "include": ["src/**/*.ts", "test/**/*.ts"], 8 | "exclude": ["node_modules/**"], 9 | "references": [{ "path": "../material-management" }] 10 | } 11 | -------------------------------------------------------------------------------- /modules/kdf-ctr-mode-node/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext", 7 | "allowSyntheticDefaultImports": true 8 | }, 9 | "exclude": [ 10 | "node_modules/**" 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/kms-keyring-browser/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/kms-keyring-browser/NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Javascript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /modules/kms-keyring-browser/README.md: -------------------------------------------------------------------------------- 1 | # aws-encryption-sdk-javascript 2 | 3 | The AWS Encryption SDK for JavaScript is a client-side encryption library 4 | designed to make it easy for everyone to encrypt 5 | and decrypt data using industry standards and best practices. 6 | It uses a data format compatible with the AWS Encryption SDKs in other languages. 7 | For more information on the AWS Encryption SDKs in all languages, 8 | see the [Developer Guide](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html). 9 | 10 | This package should only be used as part of the AWS Encryption SDK for Javascript. 11 | For more information about the packages in this project 12 | and how they can be used together, 13 | see the [main browser package readme](https://github.com/aws/aws-encryption-sdk-javascript/blob/master/modules/client-browser/Readme.md) 14 | 15 | ## Installing 16 | 17 | ```sh 18 | npm install @aws-crypto/kms-keyring-browser 19 | ``` 20 | 21 | ## Testing 22 | 23 | ```sh 24 | npm test 25 | ``` 26 | 27 | ## License 28 | 29 | This SDK is distributed under the 30 | [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0), 31 | see LICENSE.txt and NOTICE.txt for more information. 32 | -------------------------------------------------------------------------------- /modules/kms-keyring-browser/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@aws-crypto/kms-keyring-browser", 3 | "version": "4.2.1", 4 | "scripts": { 5 | "prepublishOnly": "npm run generate-version.ts; npm run build", 6 | "generate-version.ts": "npx genversion --es6 src/version.ts", 7 | "build": "tsc -b tsconfig.json && tsc -b tsconfig.module.json", 8 | "lint": "run-s lint-*", 9 | "lint-eslint": "eslint src/*.ts test/**/*.ts", 10 | "lint-prettier": "prettier -c src/*.ts test/**/*.ts", 11 | "karma": "karma start karma.conf.js", 12 | "test": "npm run lint && npm run coverage", 13 | "coverage": "npm run karma && nyc report --exclude-after-remap false -t .karma_output --check-coverage" 14 | }, 15 | "author": { 16 | "name": "AWS Crypto Tools Team", 17 | "email": "aws-crypto-tools-team@amazon.com", 18 | "url": "https://github.com/aws/aws-encryption-sdk-javascript" 19 | }, 20 | "license": "Apache-2.0", 21 | "dependencies": { 22 | "@aws-crypto/kms-keyring": "file:../kms-keyring", 23 | "@aws-crypto/material-management-browser": "file:../material-management-browser", 24 | "@aws-crypto/web-crypto-backend": "file:../web-crypto-backend", 25 | "@aws-sdk/client-kms": "^3.363.0", 26 | "tslib": "^2.2.0" 27 | }, 28 | "sideEffects": false, 29 | "main": "./build/main/src/index.js", 30 | "module": "./build/module/src/index.js", 31 | "types": "./build/main/src/index.d.ts", 32 | "files": [ 33 | "build/**/src/*" 34 | ] 35 | } 36 | -------------------------------------------------------------------------------- /modules/kms-keyring-browser/src/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | export * from './kms_keyring_browser' 5 | export * from './kms_mrk_keyring_browser' 6 | export * from './kms_mrk_discovery_keyring_browser' 7 | export * from './kms_mrk_strict_multi_keyring_browser' 8 | export * from './kms_mrk_discovery_multi_keyring_browser' 9 | -------------------------------------------------------------------------------- /modules/kms-keyring-browser/src/kms_mrk_discovery_multi_keyring_browser.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | import { 5 | getAwsKmsMrkAwareDiscoveryMultiKeyringBuilder, 6 | AwsEsdkKMSInterface, 7 | } from '@aws-crypto/kms-keyring' 8 | import { 9 | MultiKeyringWebCrypto, 10 | WebCryptoAlgorithmSuite, 11 | } from '@aws-crypto/material-management-browser' 12 | import { getKmsClient } from '.' 13 | import { AwsKmsMrkAwareSymmetricDiscoveryKeyringBrowser } from './kms_mrk_discovery_keyring_browser' 14 | 15 | export const buildAwsKmsMrkAwareDiscoveryMultiKeyringBrowser = 16 | getAwsKmsMrkAwareDiscoveryMultiKeyringBuilder< 17 | WebCryptoAlgorithmSuite, 18 | AwsEsdkKMSInterface 19 | >( 20 | AwsKmsMrkAwareSymmetricDiscoveryKeyringBrowser, 21 | MultiKeyringWebCrypto, 22 | getKmsClient 23 | ) 24 | -------------------------------------------------------------------------------- /modules/kms-keyring-browser/src/kms_mrk_strict_multi_keyring_browser.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | import { 5 | getAwsKmsMrkAwareStrictMultiKeyringBuilder, 6 | AwsEsdkKMSInterface, 7 | } from '@aws-crypto/kms-keyring' 8 | import { 9 | MultiKeyringWebCrypto, 10 | WebCryptoAlgorithmSuite, 11 | } from '@aws-crypto/material-management-browser' 12 | import { getKmsClient } from '.' 13 | import { AwsKmsMrkAwareSymmetricKeyringBrowser } from './kms_mrk_keyring_browser' 14 | 15 | export const buildAwsKmsMrkAwareStrictMultiKeyringBrowser = 16 | getAwsKmsMrkAwareStrictMultiKeyringBuilder< 17 | WebCryptoAlgorithmSuite, 18 | AwsEsdkKMSInterface 19 | >(AwsKmsMrkAwareSymmetricKeyringBrowser, MultiKeyringWebCrypto, getKmsClient) 20 | -------------------------------------------------------------------------------- /modules/kms-keyring-browser/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./" 6 | }, 7 | "include": ["src/**/*.ts", "test/**/*.ts"], 8 | "exclude": ["node_modules/**"], 9 | "references": [ 10 | { "path": "../material-management-browser" }, 11 | { "path": "../kms-keyring" } 12 | ] 13 | } -------------------------------------------------------------------------------- /modules/kms-keyring-browser/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext", 7 | "allowSyntheticDefaultImports": true 8 | }, 9 | "exclude": [ 10 | "node_modules/**" 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/kms-keyring-node/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/kms-keyring-node/.gitignore: -------------------------------------------------------------------------------- 1 | /node_modules/ 2 | /build/ 3 | /.nyc_output -------------------------------------------------------------------------------- /modules/kms-keyring-node/NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Javascript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /modules/kms-keyring-node/README.md: -------------------------------------------------------------------------------- 1 | # aws-encryption-sdk-javascript 2 | 3 | The AWS Encryption SDK for JavaScript is a client-side encryption library 4 | designed to make it easy for everyone to encrypt 5 | and decrypt data using industry standards and best practices. 6 | It uses a data format compatible with the AWS Encryption SDKs in other languages. 7 | For more information on the AWS Encryption SDKs in all languages, 8 | see the [Developer Guide](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html). 9 | 10 | This package should only be used as part of the AWS Encryption SDK for Javascript. 11 | For more information about the packages in this project 12 | and how they can be used together, 13 | see the [main node package readme](https://github.com/aws/aws-encryption-sdk-javascript/blob/master/modules/client-node/Readme.md) 14 | 15 | ## Installing 16 | 17 | ```sh 18 | npm install @aws-crypto/kms-keyring-node 19 | ``` 20 | 21 | ## Testing 22 | 23 | ```sh 24 | npm test 25 | ``` 26 | 27 | ## License 28 | 29 | This SDK is distributed under the 30 | [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0), 31 | see LICENSE.txt and NOTICE.txt for more information. 32 | -------------------------------------------------------------------------------- /modules/kms-keyring-node/src/constants.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | import { KeyringTraceFlag } from '@aws-crypto/material-management' 5 | 6 | export const ACTIVE_AS_BYTES = Buffer.from('ACTIVE', 'utf-8') 7 | export const CACHE_ENTRY_ID_DIGEST_ALGORITHM = 'sha384' 8 | export const KDF_DIGEST_ALGORITHM_SHA_256 = 'sha256' 9 | export const ENCRYPT_FLAGS = 10 | KeyringTraceFlag.WRAPPING_KEY_ENCRYPTED_DATA_KEY | 11 | KeyringTraceFlag.WRAPPING_KEY_SIGNED_ENC_CTX 12 | export const DECRYPT_FLAGS = 13 | KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY | 14 | KeyringTraceFlag.WRAPPING_KEY_VERIFIED_ENC_CTX 15 | export const PROVIDER_ID_HIERARCHY = 'aws-kms-hierarchy' 16 | export const PROVIDER_ID_HIERARCHY_AS_BYTES = Buffer.from( 17 | PROVIDER_ID_HIERARCHY, 18 | 'utf-8' 19 | ) 20 | export const DERIVED_BRANCH_KEY_LENGTH = 32 21 | // export const CACHE_ENTRY_ID_LENGTH = 32 22 | export const KEY_DERIVATION_LABEL = Buffer.from(PROVIDER_ID_HIERARCHY, 'utf-8') 23 | export const CIPHERTEXT_STRUCTURE = { 24 | saltLength: 16, 25 | ivLength: 12, 26 | branchKeyVersionCompressedLength: 16, 27 | // Encrypted Key is of variable length 28 | authTagLength: 16, 29 | } 30 | -------------------------------------------------------------------------------- /modules/kms-keyring-node/src/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | export * from './kms_keyring_node' 5 | export * from './kms_mrk_keyring_node' 6 | export * from './kms_mrk_discovery_keyring_node' 7 | export * from './kms_mrk_strict_multi_keyring_node' 8 | export * from './kms_mrk_discovery_multi_keyring_node' 9 | export * from './kms_hkeyring_node' 10 | -------------------------------------------------------------------------------- /modules/kms-keyring-node/src/kms_mrk_discovery_keyring_node.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | import { 5 | AwsKmsMrkAwareSymmetricDiscoveryKeyringClass, 6 | AwsKmsMrkAwareSymmetricDiscoveryKeyringInput, 7 | AwsEsdkKMSInterface, 8 | } from '@aws-crypto/kms-keyring' 9 | import { 10 | KeyringNode, 11 | Newable, 12 | NodeAlgorithmSuite, 13 | } from '@aws-crypto/material-management-node' 14 | 15 | export type AwsKmsMrkAwareSymmetricDiscoveryKeyringNodeInput = 16 | AwsKmsMrkAwareSymmetricDiscoveryKeyringInput 17 | 18 | export const AwsKmsMrkAwareSymmetricDiscoveryKeyringNode = 19 | AwsKmsMrkAwareSymmetricDiscoveryKeyringClass< 20 | NodeAlgorithmSuite, 21 | AwsEsdkKMSInterface 22 | >(KeyringNode as Newable) 23 | -------------------------------------------------------------------------------- /modules/kms-keyring-node/src/kms_mrk_discovery_multi_keyring_node.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | import { 5 | getAwsKmsMrkAwareDiscoveryMultiKeyringBuilder, 6 | KmsClientSupplier, 7 | AwsEsdkKMSInterface, 8 | } from '@aws-crypto/kms-keyring' 9 | import { 10 | MultiKeyringNode, 11 | NodeAlgorithmSuite, 12 | } from '@aws-crypto/material-management' 13 | import { getKmsClient } from '.' 14 | import { AwsKmsMrkAwareSymmetricDiscoveryKeyringNode } from './kms_mrk_discovery_keyring_node' 15 | 16 | export interface AwsKmsMrkAwareDiscoveryMultiKeyringNodeInput { 17 | regions: string[] 18 | clientProvider?: KmsClientSupplier 19 | discoveryFilter?: Readonly<{ 20 | accountIDs: readonly string[] 21 | partition: string 22 | }> 23 | grantTokens?: string[] 24 | } 25 | 26 | export const buildAwsKmsMrkAwareDiscoveryMultiKeyringNode = 27 | getAwsKmsMrkAwareDiscoveryMultiKeyringBuilder< 28 | NodeAlgorithmSuite, 29 | AwsEsdkKMSInterface 30 | >(AwsKmsMrkAwareSymmetricDiscoveryKeyringNode, MultiKeyringNode, getKmsClient) 31 | -------------------------------------------------------------------------------- /modules/kms-keyring-node/src/kms_mrk_keyring_node.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | import { 5 | AwsKmsMrkAwareSymmetricKeyringClass, 6 | AwsKmsMrkAwareSymmetricKeyringInput, 7 | AwsEsdkKMSInterface, 8 | } from '@aws-crypto/kms-keyring' 9 | import { 10 | KeyringNode, 11 | Newable, 12 | NodeAlgorithmSuite, 13 | } from '@aws-crypto/material-management-node' 14 | 15 | export type AwsKmsMrkAwareSymmetricKeyringNodeInput = 16 | AwsKmsMrkAwareSymmetricKeyringInput 17 | 18 | export const AwsKmsMrkAwareSymmetricKeyringNode = 19 | AwsKmsMrkAwareSymmetricKeyringClass( 20 | KeyringNode as Newable 21 | ) 22 | -------------------------------------------------------------------------------- /modules/kms-keyring-node/src/kms_mrk_strict_multi_keyring_node.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | import { 5 | getAwsKmsMrkAwareStrictMultiKeyringBuilder, 6 | AwsEsdkKMSInterface, 7 | } from '@aws-crypto/kms-keyring' 8 | import { KmsClientSupplier } from '@aws-crypto/kms-keyring' 9 | import { 10 | MultiKeyringNode, 11 | NodeAlgorithmSuite, 12 | } from '@aws-crypto/material-management-node' 13 | import { getKmsClient } from '.' 14 | import { AwsKmsMrkAwareSymmetricKeyringNode } from './kms_mrk_keyring_node' 15 | 16 | export interface AwsKmsMrkAwareStrictMultiKeyringNodeInput { 17 | clientProvider?: KmsClientSupplier 18 | generatorKeyId?: string 19 | keyIds?: string[] 20 | grantTokens?: string[] 21 | } 22 | 23 | export const buildAwsKmsMrkAwareStrictMultiKeyringNode = 24 | getAwsKmsMrkAwareStrictMultiKeyringBuilder< 25 | NodeAlgorithmSuite, 26 | AwsEsdkKMSInterface 27 | >(AwsKmsMrkAwareSymmetricKeyringNode, MultiKeyringNode, getKmsClient) 28 | -------------------------------------------------------------------------------- /modules/kms-keyring-node/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./" 6 | }, 7 | "include": ["src/**/*.ts", "test/**/*.ts"], 8 | "exclude": ["node_modules/**"], 9 | "references": [ 10 | { "path": "../material-management" }, 11 | { "path": "../kms-keyring" }, 12 | { "path": "../branch-keystore-node" }, 13 | { "path": "../kdf-ctr-mode-node" }, 14 | { "path": "../serialize" }, 15 | { "path": "../cache-material" } 16 | ] 17 | } 18 | -------------------------------------------------------------------------------- /modules/kms-keyring-node/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext", 7 | "allowSyntheticDefaultImports": true 8 | }, 9 | "exclude": [ 10 | "node_modules/**" 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/kms-keyring/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/kms-keyring/NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Javascript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /modules/kms-keyring/README.md: -------------------------------------------------------------------------------- 1 | # aws-encryption-sdk-javascript 2 | 3 | The AWS Encryption SDK for JavaScript is a client-side encryption library designed to make it easy for everyone to encrypt and decrypt data using industry standards and best practices. It uses a data format compatible with the AWS Encryption SDKs in other languages. For more information on the AWS Encryption SDKs in all languages, see the [Developer Guide](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html). 4 | 5 | ## About @aws-crypto/kms-keyring 6 | 7 | This package is not intended for direct use by clients. To get started with the AWS Encryption SDK for JavaScript, follow the instructions in [the README](https://github.com/aws/aws-encryption-sdk-javascript/blob/master/README.md). 8 | 9 | ## License 10 | 11 | This SDK is distributed under the 12 | [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0), 13 | see LICENSE.txt and NOTICE.txt for more information. 14 | -------------------------------------------------------------------------------- /modules/kms-keyring/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@aws-crypto/kms-keyring", 3 | "version": "4.2.1", 4 | "scripts": { 5 | "prepublishOnly": "npm run build", 6 | "build": "tsc -b tsconfig.json && tsc -b tsconfig.module.json", 7 | "lint": "run-s lint-*", 8 | "lint-eslint": "eslint src/*.ts test/**/*.ts", 9 | "lint-prettier": "prettier -c src/*.ts test/**/*.ts", 10 | "mocha": "mocha --require ts-node/register test/**/*test.ts", 11 | "test": "npm run lint && npm run coverage", 12 | "coverage": "nyc -e .ts npm run mocha" 13 | }, 14 | "author": { 15 | "name": "AWS Crypto Tools Team", 16 | "email": "aws-crypto-tools-team@amazon.com", 17 | "url": "https://github.com/aws/aws-encryption-sdk-javascript" 18 | }, 19 | "license": "Apache-2.0", 20 | "dependencies": { 21 | "@aws-crypto/material-management": "file:../material-management", 22 | "tslib": "^2.2.0" 23 | }, 24 | "sideEffects": false, 25 | "main": "./build/main/src/index.js", 26 | "module": "./build/module/src/index.js", 27 | "types": "./build/main/src/index.d.ts", 28 | "files": [ 29 | "build/**/src/*" 30 | ] 31 | } 32 | -------------------------------------------------------------------------------- /modules/kms-keyring/src/branch_key_id_supplier.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | import { EncryptionContext } from '@aws-crypto/material-management' 5 | 6 | //= aws-encryption-sdk-specification/framework/aws-kms/aws-kms-hierarchical-keyring.md#branch-key-supplier 7 | //# The Branch Key Supplier is an interface containing the `GetBranchKeyId` operation. 8 | //# This operation MUST take in an encryption context as input, 9 | //# and return a branch key id (string) as output. 10 | export interface BranchKeyIdSupplier { 11 | getBranchKeyId(encryptionContext: EncryptionContext): string 12 | } 13 | 14 | // type guard 15 | export function isBranchKeyIdSupplier( 16 | supplier: any 17 | ): supplier is BranchKeyIdSupplier { 18 | return ( 19 | typeof supplier === 'object' && 20 | supplier !== null && 21 | typeof supplier.getBranchKeyId === 'function' 22 | ) 23 | } 24 | -------------------------------------------------------------------------------- /modules/kms-keyring/src/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | export * from './kms_client_supplier' 5 | export { 6 | getRegionFromIdentifier, 7 | parseAwsKmsKeyArn, 8 | constructArnInOtherRegion, 9 | mrkAwareAwsKmsKeyIdCompare, 10 | isMultiRegionAwsKmsArn, 11 | ParsedAwsKmsKeyArn, 12 | } from './arn_parsing' 13 | export * from './kms_keyring' 14 | export * from './kms_mrk_keyring' 15 | export * from './kms_mrk_discovery_keyring' 16 | export * from './helpers' 17 | export * from './region_from_kms_key_arn' 18 | export * from './kms_mrk_strict_multi_keyring' 19 | export * from './kms_mrk_discovery_multi_keyring' 20 | export { AwsEsdkKMSInterface } from './kms_types' 21 | export * from './branch_key_id_supplier' 22 | -------------------------------------------------------------------------------- /modules/kms-keyring/test/branch_key_id_supplier.test.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | import { EncryptionContext } from '@aws-crypto/material-management' 5 | import { BranchKeyIdSupplier, isBranchKeyIdSupplier } from '../src' 6 | import { expect } from 'chai' 7 | 8 | describe('Branch key id supplier', () => { 9 | //= aws-encryption-sdk-specification/framework/aws-kms/aws-kms-hierarchical-keyring.md#branch-key-supplier 10 | //= type=test 11 | //# The Branch Key Supplier is an interface containing the `GetBranchKeyId` operation. 12 | //# This operation MUST take in an encryption context as input, 13 | //# and return a branch key id (string) as output. 14 | it('Can implement the interface', () => { 15 | class Example implements BranchKeyIdSupplier { 16 | getBranchKeyId(encryptionContext: EncryptionContext): string { 17 | return '' in encryptionContext ? '' : '' 18 | } 19 | } 20 | 21 | expect(new Example().getBranchKeyId({})).to.equal('') 22 | }) 23 | 24 | it('Type guard', () => { 25 | expect(isBranchKeyIdSupplier(undefined as any)).to.be.false 26 | expect(isBranchKeyIdSupplier(null as any)).to.be.false 27 | expect(isBranchKeyIdSupplier({} as any)).to.be.false 28 | }) 29 | }) 30 | -------------------------------------------------------------------------------- /modules/kms-keyring/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./" 6 | }, 7 | "include": ["src/**/*.ts", "test/**/*.ts"], 8 | "exclude": ["node_modules/**"], 9 | "references": [ 10 | { "path": "../material-management" } 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/kms-keyring/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext", 7 | "allowSyntheticDefaultImports": true 8 | }, 9 | "exclude": [ 10 | "node_modules/**" 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/material-management-browser/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/material-management-browser/.gitignore: -------------------------------------------------------------------------------- 1 | /node_modules/ 2 | /build/ 3 | /.nyc_output -------------------------------------------------------------------------------- /modules/material-management-browser/NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Javascript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /modules/material-management-browser/README.md: -------------------------------------------------------------------------------- 1 | # aws-encryption-sdk-javascript 2 | 3 | The AWS Encryption SDK for JavaScript is a client-side encryption library 4 | designed to make it easy for everyone to encrypt 5 | and decrypt data using industry standards and best practices. 6 | It uses a data format compatible with the AWS Encryption SDKs in other languages. 7 | For more information on the AWS Encryption SDKs in all languages, 8 | see the [Developer Guide](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html). 9 | 10 | This package should only be used as part of the AWS Encryption SDK for Javascript. 11 | For more information about the packages in this project 12 | and how they can be used together, 13 | see the [main browser package readme](https://github.com/aws/aws-encryption-sdk-javascript/blob/master/modules/client-browser/Readme.md) 14 | 15 | ## Installing 16 | 17 | ```sh 18 | npm install @aws-crypto/material-management-browser 19 | ``` 20 | 21 | ## Testing 22 | 23 | ```sh 24 | npm test 25 | ``` 26 | 27 | ## License 28 | 29 | This SDK is distributed under the 30 | [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0), 31 | see LICENSE.txt and NOTICE.txt for more information. 32 | -------------------------------------------------------------------------------- /modules/material-management-browser/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@aws-crypto/material-management-browser", 3 | "version": "4.2.1", 4 | "scripts": { 5 | "prepublishOnly": "npm run build", 6 | "build": "tsc -b tsconfig.json && tsc -b tsconfig.module.json", 7 | "lint": "run-s lint-*", 8 | "lint-eslint": "eslint src/*.ts test/**/*.ts", 9 | "lint-prettier": "prettier -c src/*.ts test/**/*.ts", 10 | "mocha": "mocha --require ts-node/register test/**/*test.ts", 11 | "test": "npm run lint && npm run coverage", 12 | "coverage": "nyc -e .ts npm run mocha" 13 | }, 14 | "author": { 15 | "name": "AWS Crypto Tools Team", 16 | "email": "aws-cryptools@amazon.com", 17 | "url": "https://github.com/aws/aws-encryption-sdk-javascript" 18 | }, 19 | "license": "Apache-2.0", 20 | "dependencies": { 21 | "@aws-crypto/material-management": "file:../material-management", 22 | "@aws-crypto/serialize": "file:../serialize", 23 | "@aws-crypto/web-crypto-backend": "file:../web-crypto-backend", 24 | "@aws-sdk/util-base64": "^3.374.0", 25 | "@aws-sdk/util-base64-browser": "^3.209.0", 26 | "tslib": "^2.2.0" 27 | }, 28 | "sideEffects": false, 29 | "main": "./build/main/src/index.js", 30 | "module": "./build/module/src/index.js", 31 | "types": "./build/main/src/index.d.ts", 32 | "files": [ 33 | "build/**/src/*" 34 | ] 35 | } 36 | -------------------------------------------------------------------------------- /modules/material-management-browser/src/bytes2_jwk.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | import { toBase64 } from '@aws-sdk/util-base64-browser' 5 | 6 | export function bytes2JWK(rawKeyBytes: Uint8Array): JsonWebKey { 7 | // See https://tools.ietf.org/html/rfc7515#appendix-C Base64url Encoding 8 | const base64 = toBase64(rawKeyBytes) 9 | const base64Url = base64 10 | .replace(/\+/g, '-') 11 | .replace(/\//g, '_') 12 | .replace(/=/g, '') 13 | return { 14 | kty: 'oct', 15 | k: base64Url, 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /modules/material-management-browser/src/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | export * from './browser_cryptographic_materials_manager' 5 | export * from './material_helpers' 6 | export * from './bytes2_jwk' 7 | export * from './keyring_helpers' 8 | export { 9 | WebCryptoDecryptionMaterial, 10 | WebCryptoEncryptionMaterial, 11 | WebCryptoAlgorithmSuite, 12 | AlgorithmSuiteIdentifier, 13 | EncryptionContext, 14 | EncryptedDataKey, 15 | KeyringWebCrypto, 16 | KeyringTrace, 17 | KeyringTraceFlag, 18 | needs, 19 | MixedBackendCryptoKey, 20 | MultiKeyringWebCrypto, 21 | immutableBaseClass, 22 | immutableClass, 23 | frozenClass, 24 | readOnlyProperty, 25 | keyUsageForMaterial, 26 | isValidCryptoKey, 27 | isCryptoKey, 28 | WebCryptoMaterialsManager, 29 | unwrapDataKey, 30 | AwsEsdkJsCryptoKey, 31 | CommitmentPolicy, 32 | CommitmentPolicySuites, 33 | SignaturePolicySuites, 34 | SignaturePolicy, 35 | MessageFormat, 36 | ClientOptions, 37 | Newable, 38 | } from '@aws-crypto/material-management' 39 | -------------------------------------------------------------------------------- /modules/material-management-browser/test/bytes2_jwk.test.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | /* eslint-env mocha */ 5 | 6 | import { expect } from 'chai' 7 | import { bytes2JWK } from '../src/index' 8 | 9 | describe('bytes2JWK', () => { 10 | it('https://tools.ietf.org/html/rfc7515#appendix-C test vector', () => { 11 | const binary = new Uint8Array([3, 236, 255, 224, 193]) 12 | const test = bytes2JWK(binary) 13 | expect(test.kty).to.equal('oct') 14 | expect(test.k).to.equal('A-z_4ME') 15 | }) 16 | }) 17 | -------------------------------------------------------------------------------- /modules/material-management-browser/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./" 6 | }, 7 | "include": ["src/**/*.ts", "test/**/*.ts"], 8 | "exclude": ["node_modules/**"], 9 | "references": [ 10 | { "path": "../material-management" }, 11 | { "path": "../serialize" }, 12 | { "path": "../web-crypto-backend" } 13 | ] 14 | } -------------------------------------------------------------------------------- /modules/material-management-browser/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext", 7 | "allowSyntheticDefaultImports": true 8 | }, 9 | "exclude": [ 10 | "node_modules/**" 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/material-management-node/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/material-management-node/.gitignore: -------------------------------------------------------------------------------- 1 | /node_modules/ 2 | /build/ 3 | /.nyc_output -------------------------------------------------------------------------------- /modules/material-management-node/NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Javascript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /modules/material-management-node/README.md: -------------------------------------------------------------------------------- 1 | # aws-encryption-sdk-javascript 2 | 3 | The AWS Encryption SDK for JavaScript is a client-side encryption library 4 | designed to make it easy for everyone to encrypt 5 | and decrypt data using industry standards and best practices. 6 | It uses a data format compatible with the AWS Encryption SDKs in other languages. 7 | For more information on the AWS Encryption SDKs in all languages, 8 | see the [Developer Guide](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html). 9 | 10 | This package should only be used as part of the AWS Encryption SDK for Javascript. 11 | For more information about the packages in this project 12 | and how they can be used together, 13 | see the [main node package readme](https://github.com/aws/aws-encryption-sdk-javascript/blob/master/modules/client-node/Readme.md) 14 | 15 | ## Installing 16 | 17 | ```sh 18 | npm install @aws-crypto/material-management-node 19 | ``` 20 | 21 | ## Testing 22 | 23 | ```sh 24 | npm test 25 | ``` 26 | 27 | ## License 28 | 29 | This SDK is distributed under the 30 | [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0), 31 | see LICENSE.txt and NOTICE.txt for more information. 32 | -------------------------------------------------------------------------------- /modules/material-management-node/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@aws-crypto/material-management-node", 3 | "version": "4.2.1", 4 | "scripts": { 5 | "prepublishOnly": "npm run build", 6 | "build": "tsc -b tsconfig.json && tsc -b tsconfig.module.json", 7 | "lint": "run-s lint-*", 8 | "lint-eslint": "eslint src/*.ts test/**/*.ts", 9 | "lint-prettier": "prettier -c src/*.ts test/**/*.ts", 10 | "mocha": "mocha --require ts-node/register test/**/*test.ts", 11 | "test": "npm run lint && npm run coverage", 12 | "coverage": "nyc -e .ts npm run mocha" 13 | }, 14 | "author": { 15 | "name": "AWS Crypto Tools Team", 16 | "email": "aws-cryptools@amazon.com", 17 | "url": "https://github.com/aws/aws-encryption-sdk-javascript" 18 | }, 19 | "license": "Apache-2.0", 20 | "dependencies": { 21 | "@aws-crypto/hkdf-node": "file:../hkdf-node", 22 | "@aws-crypto/material-management": "file:../material-management", 23 | "@aws-crypto/serialize": "file:../serialize", 24 | "tslib": "^2.2.0" 25 | }, 26 | "sideEffects": false, 27 | "main": "./build/main/src/index.js", 28 | "module": "./build/module/src/index.js", 29 | "types": "./build/main/src/index.d.ts", 30 | "files": [ 31 | "build/**/src/*" 32 | ] 33 | } 34 | -------------------------------------------------------------------------------- /modules/material-management-node/src/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | export * from './node_cryptographic_materials_manager' 5 | export { 6 | getEncryptHelper, 7 | getDecryptionHelper, 8 | GetSigner, 9 | GetVerify, 10 | GetCipher, 11 | GetDecipher, 12 | AwsEsdkJsCipherGCM, 13 | AwsEsdkJsDecipherGCM, 14 | } from './material_helpers' 15 | export { 16 | NodeDecryptionMaterial, 17 | NodeEncryptionMaterial, 18 | NodeAlgorithmSuite, 19 | AlgorithmSuiteIdentifier, 20 | EncryptionContext, 21 | EncryptedDataKey, 22 | KeyringTrace, 23 | KeyringTraceFlag, 24 | needs, 25 | NotSupported, 26 | KeyringNode, 27 | MultiKeyringNode, 28 | immutableBaseClass, 29 | immutableClass, 30 | frozenClass, 31 | readOnlyProperty, 32 | NodeMaterialsManager, 33 | unwrapDataKey, 34 | AwsEsdkKeyObject, 35 | CommitmentPolicy, 36 | CommitmentPolicySuites, 37 | SignaturePolicySuites, 38 | SignaturePolicy, 39 | MessageFormat, 40 | ClientOptions, 41 | Newable, 42 | getCompatibleCommitmentPolicy, 43 | } from '@aws-crypto/material-management' 44 | -------------------------------------------------------------------------------- /modules/material-management-node/src/types.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | import * as stream from 'stream' 5 | 6 | // noinspection JSAnnotator 7 | export interface AwsESDKSigner extends stream.Writable { 8 | update(data: Buffer): AwsESDKSigner 9 | sign(privateKey: string): Buffer 10 | } 11 | 12 | // noinspection JSAnnotator 13 | export interface AwsESDKVerify extends stream.Writable { 14 | update(data: Buffer): AwsESDKVerify 15 | verify(publicKey: string, signature: Buffer): boolean 16 | } 17 | -------------------------------------------------------------------------------- /modules/material-management-node/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./" 6 | }, 7 | "include": ["src/**/*.ts", "test/**/*.ts"], 8 | "exclude": ["node_modules/**"], 9 | "references": [ 10 | { "path": "../material-management" }, 11 | { "path": "../serialize" }, 12 | { "path": "../hkdf-node"} 13 | ] 14 | } -------------------------------------------------------------------------------- /modules/material-management-node/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext", 7 | "allowSyntheticDefaultImports": true 8 | }, 9 | "exclude": [ 10 | "node_modules/**" 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/material-management/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/material-management/.gitignore: -------------------------------------------------------------------------------- 1 | /node_modules/ 2 | /build/ 3 | /.nyc_output -------------------------------------------------------------------------------- /modules/material-management/NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Javascript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /modules/material-management/README.md: -------------------------------------------------------------------------------- 1 | # aws-encryption-sdk-javascript 2 | 3 | The AWS Encryption SDK for JavaScript is a client-side encryption library designed to make it easy for everyone to encrypt and decrypt data using industry standards and best practices. It uses a data format compatible with the AWS Encryption SDKs in other languages. For more information on the AWS Encryption SDKs in all languages, see the [Developer Guide](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html). 4 | 5 | ## About @aws-crypto/material-management 6 | 7 | This package is not intended for direct use by clients. To get started with the AWS Encryption SDK for JavaScript, follow the instructions in [the README](https://github.com/aws/aws-encryption-sdk-javascript/blob/master/README.md). 8 | 9 | ## License 10 | 11 | This SDK is distributed under the 12 | [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0), 13 | see LICENSE.txt and NOTICE.txt for more information. 14 | -------------------------------------------------------------------------------- /modules/material-management/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@aws-crypto/material-management", 3 | "version": "4.2.1", 4 | "scripts": { 5 | "prepublishOnly": "npm run build", 6 | "build": "tsc -b tsconfig.json && tsc -b tsconfig.module.json", 7 | "lint": "run-s lint-*", 8 | "lint-eslint": "eslint src/*.ts test/**/*.ts", 9 | "lint-prettier": "prettier -c src/*.ts test/**/*.ts", 10 | "mocha": "mocha --require ts-node/register test/**/*test.ts", 11 | "test": "npm run lint && npm run coverage", 12 | "coverage": "nyc -e .ts npm run mocha" 13 | }, 14 | "author": { 15 | "name": "AWS Crypto Tools Team", 16 | "email": "aws-crypto-tools-team@amazon.com", 17 | "url": "https://aws.amazon.com/javascript/" 18 | }, 19 | "license": "Apache-2.0", 20 | "dependencies": { 21 | "asn1.js": "^5.3.0", 22 | "bn.js": "^5.1.1", 23 | "tslib": "^2.2.0", 24 | "uuid": "^10.0.0" 25 | }, 26 | "sideEffects": false, 27 | "main": "./build/main/src/index.js", 28 | "module": "./build/module/src/index.js", 29 | "types": "./build/main/src/index.d.ts", 30 | "files": [ 31 | "build/**/src/*" 32 | ] 33 | } 34 | -------------------------------------------------------------------------------- /modules/material-management/src/error.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | export class NotSupported extends Error { 4 | code: string 5 | 6 | constructor(message?: string) { 7 | super(message) 8 | Object.setPrototypeOf(this, NotSupported.prototype) 9 | this.code = 'NOT_SUPPORTED' 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /modules/material-management/src/materials_manager.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | import { EncryptionRequest, DecryptionRequest } from '.' 5 | import { 6 | EncryptionMaterial, 7 | DecryptionMaterial, 8 | SupportedAlgorithmSuites, 9 | } from './types' 10 | import { NodeAlgorithmSuite } from './node_algorithms' 11 | import { WebCryptoAlgorithmSuite } from './web_crypto_algorithms' 12 | 13 | /* 14 | * This public interface to the MaterialsManager object is provided for 15 | * developers of CMMs and keyrings only. If you are a user of the AWS Encryption 16 | * SDK and you are not developing your own CMMs and/or keyrings, you do not 17 | * need to use it and you should not do so. 18 | */ 19 | 20 | export interface GetEncryptionMaterials { 21 | (request: EncryptionRequest): Promise> 22 | } 23 | 24 | export interface GetDecryptMaterials { 25 | (request: DecryptionRequest): Promise> 26 | } 27 | 28 | export interface MaterialsManager { 29 | getEncryptionMaterials: GetEncryptionMaterials 30 | decryptMaterials: GetDecryptMaterials 31 | } 32 | 33 | export interface NodeMaterialsManager 34 | extends MaterialsManager {} 35 | export interface WebCryptoMaterialsManager 36 | extends MaterialsManager {} 37 | -------------------------------------------------------------------------------- /modules/material-management/src/needs.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | /* Preconditions, postconditions, and loop invariants are very 5 | * useful for safe programing. They also document the specifications. 6 | * This function is to help simplify the semantic burden of parsing 7 | * these constructions. 8 | * 9 | * Instead of constructions like 10 | * if (!goodCondition) throw new Error('condition not true') 11 | * 12 | * needs(goodCondition, 'condition not true') 13 | */ 14 | 15 | export function needs( 16 | condition: any, 17 | errorMessage: string, 18 | Err: ErrorConstructor = Error 19 | ): asserts condition { 20 | if (!condition) { 21 | throw new Err(errorMessage) 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /modules/material-management/test/environmental_integration.test.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | /* eslint-env mocha */ 5 | 6 | import { expect } from 'chai' 7 | 8 | function isNode(): boolean { 9 | return ( 10 | Object.prototype.toString.call( 11 | // @ts-ignore 12 | typeof process !== 'undefined' ? process : 0 13 | ) === '[object process]' 14 | ) 15 | } 16 | 17 | describe('environmental integration', () => { 18 | it('Node.js crypto exports timingSafeEqual for supported Node.js Versions.', () => { 19 | if (isNode()) { 20 | // @ts-ignore 21 | const { timingSafeEqual } = require('crypto') // eslint-disable-line @typescript-eslint/no-var-requires 22 | expect(typeof timingSafeEqual === 'function').to.equal(true) 23 | } 24 | }) 25 | }) 26 | -------------------------------------------------------------------------------- /modules/material-management/test/node_algorithms.test.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | /* eslint-env mocha */ 5 | 6 | import { expect } from 'chai' 7 | import { AlgorithmSuiteIdentifier } from '../src/algorithm_suites' 8 | import { NodeAlgorithmSuite } from '../src/node_algorithms' 9 | 10 | describe('NodeAlgorithmSuite', () => { 11 | it('should return WebCryptoAlgorithmSuite', () => { 12 | const test = new NodeAlgorithmSuite( 13 | AlgorithmSuiteIdentifier.ALG_AES128_GCM_IV12_TAG16 14 | ) 15 | expect(test).to.be.instanceof(NodeAlgorithmSuite) 16 | expect(Object.isFrozen(test)).to.equal(true) 17 | }) 18 | 19 | it('should throw for an id that does not exist', () => { 20 | expect(() => new NodeAlgorithmSuite(1111)).to.throw() 21 | }) 22 | 23 | it('instance should be frozen', () => { 24 | const test = new NodeAlgorithmSuite( 25 | AlgorithmSuiteIdentifier.ALG_AES128_GCM_IV12_TAG16 26 | ) 27 | expect(Object.isFrozen(test)) 28 | }) 29 | 30 | it('prototype should be frozen', () => { 31 | expect(Object.isFrozen(NodeAlgorithmSuite.prototype)) 32 | expect(Object.isFrozen(NodeAlgorithmSuite)) 33 | }) 34 | }) 35 | -------------------------------------------------------------------------------- /modules/material-management/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./" 6 | }, 7 | "include": ["src/**/*.ts", "test/**/*.ts"], 8 | "exclude": ["node_modules/**"] 9 | } -------------------------------------------------------------------------------- /modules/material-management/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext", 7 | "allowSyntheticDefaultImports": true 8 | }, 9 | "exclude": [ 10 | "node_modules/**" 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/raw-aes-keyring-browser/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/raw-aes-keyring-browser/NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Javascript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /modules/raw-aes-keyring-browser/README.md: -------------------------------------------------------------------------------- 1 | # aws-encryption-sdk-javascript 2 | 3 | The AWS Encryption SDK for JavaScript is a client-side encryption library 4 | designed to make it easy for everyone to encrypt 5 | and decrypt data using industry standards and best practices. 6 | It uses a data format compatible with the AWS Encryption SDKs in other languages. 7 | For more information on the AWS Encryption SDKs in all languages, 8 | see the [Developer Guide](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html). 9 | 10 | This package should only be used as part of the AWS Encryption SDK for Javascript. 11 | For more information about the packages in this project 12 | and how they can be used together, 13 | see the [main browser package readme](https://github.com/aws/aws-encryption-sdk-javascript/blob/master/modules/client-browser/Readme.md) 14 | 15 | ## Installing 16 | 17 | ```sh 18 | npm install @aws-crypto/raw-aes-keyring-browser 19 | ``` 20 | 21 | ## Testing 22 | 23 | ```sh 24 | npm test 25 | ``` 26 | 27 | ## License 28 | 29 | This SDK is distributed under the 30 | [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0), 31 | see LICENSE.txt and NOTICE.txt for more information. 32 | -------------------------------------------------------------------------------- /modules/raw-aes-keyring-browser/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@aws-crypto/raw-aes-keyring-browser", 3 | "version": "4.2.1", 4 | "scripts": { 5 | "prepublishOnly": "npm run build", 6 | "build": "tsc -b tsconfig.json && tsc -b tsconfig.module.json", 7 | "lint": "run-s lint-*", 8 | "lint-eslint": "eslint src/*.ts test/**/*.ts", 9 | "lint-prettier": "prettier -c src/*.ts test/**/*.ts", 10 | "karma": "karma start karma.conf.js", 11 | "test": "npm run lint && npm run coverage", 12 | "coverage": "npm run karma && nyc report --exclude-after-remap false -t .karma_output --check-coverage" 13 | }, 14 | "author": { 15 | "name": "AWS Crypto Tools Team", 16 | "email": "aws-cryptools@amazon.com", 17 | "url": "https://github.com/aws/aws-encryption-sdk-javascript" 18 | }, 19 | "license": "Apache-2.0", 20 | "dependencies": { 21 | "@aws-crypto/material-management-browser": "file:../material-management-browser", 22 | "@aws-crypto/random-source-browser": "5.2.0", 23 | "@aws-crypto/raw-keyring": "file:../raw-keyring", 24 | "@aws-crypto/serialize": "file:../serialize", 25 | "@aws-crypto/web-crypto-backend": "file:../web-crypto-backend", 26 | "@aws-sdk/util-utf8-browser": "3.259.0", 27 | "tslib": "^2.2.0" 28 | }, 29 | "sideEffects": false, 30 | "main": "./build/main/src/index.js", 31 | "module": "./build/module/src/index.js", 32 | "types": "./build/main/src/index.d.ts", 33 | "files": [ 34 | "build/**/src/*" 35 | ] 36 | } 37 | -------------------------------------------------------------------------------- /modules/raw-aes-keyring-browser/src/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | export { 5 | RawAesWrappingSuiteIdentifier, 6 | WrappingSuiteIdentifier, 7 | } from '@aws-crypto/raw-keyring' 8 | export * from './raw_aes_keyring_browser' 9 | -------------------------------------------------------------------------------- /modules/raw-aes-keyring-browser/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./" 6 | }, 7 | "include": ["src/**/*.ts", "test/**/*.ts"], 8 | "exclude": ["node_modules/**"], 9 | "references": [ 10 | { "path": "../material-management-browser" }, 11 | { "path": "../serialize" }, 12 | { "path": "../raw-keyring" }, 13 | { "path": "../web-crypto-backend" }, 14 | ] 15 | } -------------------------------------------------------------------------------- /modules/raw-aes-keyring-browser/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext", 7 | "allowSyntheticDefaultImports": true 8 | }, 9 | "exclude": [ 10 | "node_modules/**" 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/raw-aes-keyring-node/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/raw-aes-keyring-node/NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Javascript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /modules/raw-aes-keyring-node/README.md: -------------------------------------------------------------------------------- 1 | # aws-encryption-sdk-javascript 2 | 3 | The AWS Encryption SDK for JavaScript is a client-side encryption library 4 | designed to make it easy for everyone to encrypt 5 | and decrypt data using industry standards and best practices. 6 | It uses a data format compatible with the AWS Encryption SDKs in other languages. 7 | For more information on the AWS Encryption SDKs in all languages, 8 | see the [Developer Guide](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html). 9 | 10 | This package should only be used as part of the AWS Encryption SDK for Javascript. 11 | For more information about the packages in this project 12 | and how they can be used together, 13 | see the [main node package readme](https://github.com/aws/aws-encryption-sdk-javascript/blob/master/modules/client-node/Readme.md) 14 | 15 | ## Installing 16 | 17 | ```sh 18 | npm install @aws-crypto/raw-aes-keyring-node 19 | ``` 20 | 21 | ## Testing 22 | 23 | ```sh 24 | npm test 25 | ``` 26 | 27 | ## License 28 | 29 | This SDK is distributed under the 30 | [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0), 31 | see LICENSE.txt and NOTICE.txt for more information. 32 | -------------------------------------------------------------------------------- /modules/raw-aes-keyring-node/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@aws-crypto/raw-aes-keyring-node", 3 | "version": "4.2.1", 4 | "scripts": { 5 | "prepublishOnly": "npm run build", 6 | "build": "tsc -b tsconfig.json && tsc -b tsconfig.module.json", 7 | "lint": "run-s lint-*", 8 | "lint-eslint": "eslint src/*.ts test/**/*.ts", 9 | "lint-prettier": "prettier -c src/*.ts test/**/*.ts", 10 | "mocha": "mocha --require ts-node/register test/**/*test.ts", 11 | "test": "npm run lint && npm run coverage", 12 | "coverage": "nyc -e .ts npm run mocha" 13 | }, 14 | "author": { 15 | "name": "AWS Crypto Tools Team", 16 | "email": "aws-cryptools@amazon.coms", 17 | "url": "https://github.com/aws/aws-encryption-sdk-javascript" 18 | }, 19 | "license": "Apache-2.0", 20 | "dependencies": { 21 | "@aws-crypto/material-management-node": "file:../material-management-node", 22 | "@aws-crypto/raw-keyring": "file:../raw-keyring", 23 | "@aws-crypto/serialize": "file:../serialize", 24 | "tslib": "^2.2.0" 25 | }, 26 | "sideEffects": false, 27 | "main": "./build/main/src/index.js", 28 | "module": "./build/module/src/index.js", 29 | "types": "./build/main/src/index.d.ts", 30 | "files": [ 31 | "build/**/src/*" 32 | ] 33 | } 34 | -------------------------------------------------------------------------------- /modules/raw-aes-keyring-node/src/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | export { 5 | RawAesWrappingSuiteIdentifier, 6 | WrappingSuiteIdentifier, 7 | } from '@aws-crypto/raw-keyring' 8 | export * from './raw_aes_keyring_node' 9 | -------------------------------------------------------------------------------- /modules/raw-aes-keyring-node/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./" 6 | }, 7 | "include": ["src/**/*.ts", "test/**/*.ts"], 8 | "exclude": ["node_modules/**"], 9 | "references": [ 10 | { "path": "../material-management-node" }, 11 | { "path": "../serialize" }, 12 | { "path": "../raw-keyring" }, 13 | ] 14 | } -------------------------------------------------------------------------------- /modules/raw-aes-keyring-node/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext", 7 | "allowSyntheticDefaultImports": true 8 | }, 9 | "exclude": [ 10 | "node_modules/**" 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/raw-keyring/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/raw-keyring/NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Javascript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /modules/raw-keyring/README.md: -------------------------------------------------------------------------------- 1 | # aws-encryption-sdk-javascript 2 | 3 | The AWS Encryption SDK for JavaScript is a client-side encryption library designed to make it easy for everyone to encrypt and decrypt data using industry standards and best practices. It uses a data format compatible with the AWS Encryption SDKs in other languages. For more information on the AWS Encryption SDKs in all languages, see the [Developer Guide](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html). 4 | 5 | ## About @aws-crypto/raw-keyring 6 | 7 | This package is not intended for direct use by clients. To get started with the AWS Encryption SDK for JavaScript, follow the instructions in [the README](https://github.com/aws/aws-encryption-sdk-javascript/blob/master/README.md). 8 | 9 | ## License 10 | 11 | This SDK is distributed under the 12 | [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0), 13 | see LICENSE.txt and NOTICE.txt for more information. 14 | -------------------------------------------------------------------------------- /modules/raw-keyring/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@aws-crypto/raw-keyring", 3 | "version": "4.2.1", 4 | "scripts": { 5 | "prepublishOnly": "npm run build", 6 | "build": "tsc -b tsconfig.json && tsc -b tsconfig.module.json", 7 | "lint": "run-s lint-*", 8 | "lint-eslint": "eslint src/*.ts test/**/*.ts", 9 | "lint-prettier": "prettier -c src/*.ts test/**/*.ts", 10 | "mocha": "mocha --require ts-node/register test/**/*test.ts", 11 | "test": "npm run lint && npm run coverage", 12 | "coverage": "nyc -e .ts npm run mocha" 13 | }, 14 | "author": { 15 | "name": "AWS Crypto Tools Team", 16 | "email": "aws-crypto-tools-team@amazon.com", 17 | "url": "https://github.com/aws/aws-encryption-sdk-javascript" 18 | }, 19 | "license": "Apache-2.0", 20 | "dependencies": { 21 | "@aws-crypto/material-management": "file:../material-management", 22 | "@aws-crypto/serialize": "file:../serialize", 23 | "tslib": "^2.2.0" 24 | }, 25 | "sideEffects": false, 26 | "main": "./build/main/src/index.js", 27 | "module": "./build/module/src/index.js", 28 | "types": "./build/main/src/index.d.ts", 29 | "files": [ 30 | "build/**/src/*" 31 | ] 32 | } 33 | -------------------------------------------------------------------------------- /modules/raw-keyring/src/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | export * from './raw_aes_algorithm_suite' 5 | export * from './raw_aes_material' 6 | export * from './raw_aes_encrypted_data_keys' 7 | export * from './raw_keyring_decorators' 8 | -------------------------------------------------------------------------------- /modules/raw-keyring/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./" 6 | }, 7 | "include": ["src/**/*.ts", "test/**/*.ts"], 8 | "exclude": ["node_modules/**"], 9 | "references": [ 10 | { "path": "../material-management" }, 11 | { "path": "../serialize" }, 12 | ] 13 | } -------------------------------------------------------------------------------- /modules/raw-keyring/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext", 7 | "allowSyntheticDefaultImports": true 8 | }, 9 | "exclude": [ 10 | "node_modules/**" 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/raw-rsa-keyring-browser/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/raw-rsa-keyring-browser/NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Javascript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /modules/raw-rsa-keyring-browser/README.md: -------------------------------------------------------------------------------- 1 | # aws-encryption-sdk-javascript 2 | 3 | The AWS Encryption SDK for JavaScript is a client-side encryption library 4 | designed to make it easy for everyone to encrypt 5 | and decrypt data using industry standards and best practices. 6 | It uses a data format compatible with the AWS Encryption SDKs in other languages. 7 | For more information on the AWS Encryption SDKs in all languages, 8 | see the [Developer Guide](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html). 9 | 10 | This package should only be used as part of the AWS Encryption SDK for Javascript. 11 | For more information about the packages in this project 12 | and how they can be used together, 13 | see the [main browser package readme](https://github.com/aws/aws-encryption-sdk-javascript/blob/master/modules/client-browser/Readme.md) 14 | 15 | ## Installing 16 | 17 | ```sh 18 | npm install @aws-crypto/raw-rsa-keyring-browser 19 | ``` 20 | 21 | ## Testing 22 | 23 | ```sh 24 | npm test 25 | ``` 26 | 27 | ## License 28 | 29 | This SDK is distributed under the 30 | [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0), 31 | see LICENSE.txt and NOTICE.txt for more information. 32 | -------------------------------------------------------------------------------- /modules/raw-rsa-keyring-browser/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@aws-crypto/raw-rsa-keyring-browser", 3 | "version": "4.2.1", 4 | "scripts": { 5 | "prepublishOnly": "npm run build", 6 | "build": "tsc -b tsconfig.json && tsc -b tsconfig.module.json", 7 | "lint": "run-s lint-*", 8 | "lint-eslint": "eslint src/*.ts test/**/*.ts", 9 | "lint-prettier": "prettier -c src/*.ts test/**/*.ts", 10 | "karma": "karma start karma.conf.js", 11 | "test": "npm run lint && npm run coverage", 12 | "coverage": "npm run karma && nyc report --exclude-after-remap false -t .karma_output --check-coverage" 13 | }, 14 | "author": { 15 | "name": "AWS Crypto Tools Team", 16 | "email": "aws-cryptools@amazon.com", 17 | "url": "https://github.com/aws/aws-encryption-sdk-javascript" 18 | }, 19 | "license": "Apache-2.0", 20 | "dependencies": { 21 | "@aws-crypto/material-management-browser": "file:../material-management-browser", 22 | "@aws-crypto/random-source-browser": "5.2.0", 23 | "@aws-crypto/raw-keyring": "file:../raw-keyring", 24 | "@aws-crypto/web-crypto-backend": "file:../web-crypto-backend", 25 | "@aws-sdk/util-base64": "^3.374.0", 26 | "tslib": "^2.2.0" 27 | }, 28 | "sideEffects": false, 29 | "main": "./build/main/src/index.js", 30 | "module": "./build/module/src/index.js", 31 | "types": "./build/main/src/index.d.ts", 32 | "files": [ 33 | "build/**/src/*" 34 | ] 35 | } 36 | -------------------------------------------------------------------------------- /modules/raw-rsa-keyring-browser/src/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | export * from './raw_rsa_keyring_web_crypto' 5 | export * from './types' 6 | -------------------------------------------------------------------------------- /modules/raw-rsa-keyring-browser/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./" 6 | }, 7 | "include": ["src/**/*.ts", "test/**/*.ts"], 8 | "exclude": ["node_modules/**"], 9 | "references": [ 10 | { "path": "../material-management-node" }, 11 | { "path": "../raw-keyring" }, 12 | { "path": "../web-crypto-backend" } 13 | ] 14 | } -------------------------------------------------------------------------------- /modules/raw-rsa-keyring-browser/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext", 7 | "allowSyntheticDefaultImports": true 8 | }, 9 | "exclude": [ 10 | "node_modules/**" 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/raw-rsa-keyring-node/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/raw-rsa-keyring-node/NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Javascript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. -------------------------------------------------------------------------------- /modules/raw-rsa-keyring-node/README.md: -------------------------------------------------------------------------------- 1 | # aws-encryption-sdk-javascript 2 | 3 | The AWS Encryption SDK for JavaScript is a client-side encryption library 4 | designed to make it easy for everyone to encrypt 5 | and decrypt data using industry standards and best practices. 6 | It uses a data format compatible with the AWS Encryption SDKs in other languages. 7 | For more information on the AWS Encryption SDKs in all languages, 8 | see the [Developer Guide](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html). 9 | 10 | This package should only be used as part of the AWS Encryption SDK for Javascript. 11 | For more information about the packages in this project 12 | and how they can be used together, 13 | see the [main node package readme](https://github.com/aws/aws-encryption-sdk-javascript/blob/master/modules/client-node/Readme.md) 14 | 15 | ## Installing 16 | 17 | ```sh 18 | npm install @aws-crypto/raw-rsa-keyring-node 19 | ``` 20 | 21 | ## Testing 22 | 23 | ```sh 24 | npm test 25 | ``` 26 | 27 | ## License 28 | 29 | This SDK is distributed under the 30 | [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0), 31 | see LICENSE.txt and NOTICE.txt for more information. 32 | -------------------------------------------------------------------------------- /modules/raw-rsa-keyring-node/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@aws-crypto/raw-rsa-keyring-node", 3 | "version": "4.2.1", 4 | "scripts": { 5 | "prepublishOnly": "npm run build", 6 | "build": "tsc -b tsconfig.json && tsc -b tsconfig.module.json", 7 | "lint": "run-s lint-*", 8 | "lint-eslint": "eslint src/*.ts test/**/*.ts", 9 | "lint-prettier": "prettier -c src/*.ts test/**/*.ts", 10 | "mocha": "mocha --require ts-node/register test/**/*test.ts", 11 | "test": "npm run lint && npm run coverage", 12 | "coverage": "nyc -e .ts npm run mocha" 13 | }, 14 | "author": { 15 | "name": "AWS Crypto Tools Team", 16 | "email": "aws-cryptools@amazon.com", 17 | "url": "https://github.com/aws/aws-encryption-sdk-javascript" 18 | }, 19 | "license": "Apache-2.0", 20 | "dependencies": { 21 | "@aws-crypto/material-management-node": "file:../material-management-node", 22 | "@aws-crypto/raw-keyring": "file:../raw-keyring", 23 | "tslib": "^2.2.0" 24 | }, 25 | "sideEffects": false, 26 | "main": "./build/main/src/index.js", 27 | "module": "./build/module/src/index.js", 28 | "types": "./build/main/src/index.d.ts", 29 | "files": [ 30 | "build/**/src/*" 31 | ] 32 | } 33 | -------------------------------------------------------------------------------- /modules/raw-rsa-keyring-node/src/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | export * from './raw_rsa_keyring_node' 5 | export * from './oaep_hash_supported' 6 | -------------------------------------------------------------------------------- /modules/raw-rsa-keyring-node/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./" 6 | }, 7 | "include": ["src/**/*.ts", "test/**/*.ts"], 8 | "exclude": ["node_modules/**"], 9 | "references": [ 10 | { "path": "../material-management-node" }, 11 | { "path": "../raw-keyring" }, 12 | ] 13 | } -------------------------------------------------------------------------------- /modules/raw-rsa-keyring-node/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext", 7 | "allowSyntheticDefaultImports": true 8 | }, 9 | "exclude": [ 10 | "node_modules/**" 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/serialize/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/serialize/.gitignore: -------------------------------------------------------------------------------- 1 | /node_modules/ 2 | /build/ 3 | /.nyc_output/ -------------------------------------------------------------------------------- /modules/serialize/NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Javascript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /modules/serialize/README.md: -------------------------------------------------------------------------------- 1 | # aws-encryption-sdk-javascript 2 | 3 | The AWS Encryption SDK for JavaScript is a client-side encryption library designed to make it easy for everyone to encrypt and decrypt data using industry standards and best practices. It uses a data format compatible with the AWS Encryption SDKs in other languages. For more information on the AWS Encryption SDKs in all languages, see the [Developer Guide](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html). 4 | 5 | ## About @aws-crypto/serialize 6 | 7 | This package is not intended for direct use by clients. To get started with the AWS Encryption SDK for JavaScript, follow the instructions in [the README](https://github.com/aws/aws-encryption-sdk-javascript/blob/master/README.md). 8 | 9 | ## License 10 | 11 | This SDK is distributed under the 12 | [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0), 13 | see LICENSE.txt and NOTICE.txt for more information. 14 | -------------------------------------------------------------------------------- /modules/serialize/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@aws-crypto/serialize", 3 | "version": "4.2.1", 4 | "scripts": { 5 | "prepublishOnly": "tsc -p tsconfig.json && tsc -p tsconfig.module.json", 6 | "lint": "run-s lint-*", 7 | "lint-eslint": "eslint src/*.ts test/**/*.ts", 8 | "lint-prettier": "prettier -c src/*.ts test/**/*.ts", 9 | "mocha": "mocha --require ts-node/register test/**/*test.ts", 10 | "test": "npm run lint && npm run coverage", 11 | "coverage": "nyc -e .ts npm run mocha" 12 | }, 13 | "author": { 14 | "name": "AWS Crypto Tools Team", 15 | "email": "aws-crypto-tools-team@amazon.com", 16 | "url": "https://github.com/aws/aws-encryption-sdk-javascript" 17 | }, 18 | "license": "Apache-2.0", 19 | "dependencies": { 20 | "@aws-crypto/material-management": "file:../material-management", 21 | "asn1.js": "^5.3.0", 22 | "bn.js": "^5.1.1", 23 | "tslib": "^2.2.0", 24 | "uuid": "^10.0.0" 25 | }, 26 | "sideEffects": false, 27 | "main": "./build/main/src/index.js", 28 | "module": "./build/module/src/index.js", 29 | "types": "./build/main/src/index.d.ts", 30 | "files": [ 31 | "build/**/src/*" 32 | ] 33 | } 34 | -------------------------------------------------------------------------------- /modules/serialize/src/concat_buffers.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | import { BinaryData } from './types' 5 | 6 | export function concatBuffers( 7 | ...inputBuffers: (BinaryData | ArrayBufferView)[] 8 | ) { 9 | const neededLength = inputBuffers.reduce( 10 | (sum, buff) => sum + buff.byteLength, 11 | 0 12 | ) 13 | const outputBuffer = new Uint8Array(neededLength) 14 | let offset = 0 15 | 16 | inputBuffers.forEach((buff) => { 17 | if (ArrayBuffer.isView(buff)) { 18 | const { buffer, byteOffset, byteLength } = buff 19 | outputBuffer.set(new Uint8Array(buffer, byteOffset, byteLength), offset) 20 | } else { 21 | outputBuffer.set(new Uint8Array(buff), offset) 22 | } 23 | offset += buff.byteLength 24 | }) 25 | 26 | return outputBuffer 27 | } 28 | -------------------------------------------------------------------------------- /modules/serialize/src/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | export * from './aad_factory' 5 | export * from './concat_buffers' 6 | export * from './decode_body_header' 7 | export * from './deserialize_factory' 8 | export * from './kdf_info' 9 | export * from './serialize_factory' 10 | export * from './types' 11 | export * from './identifiers' 12 | export * from './uint_util' 13 | export * from './signature_info' 14 | export * from './ecdsa_signature' 15 | export * from './uuidv4_factory' 16 | -------------------------------------------------------------------------------- /modules/serialize/src/uint_util.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | import { needs } from '@aws-crypto/material-management' 5 | 6 | const UINT8_OVERFLOW = 2 ** 8 7 | export function uInt8(number: number) { 8 | /* Precondition: Number must be 0-(2^8 - 1). */ 9 | needs(number < UINT8_OVERFLOW && number >= 0, 'number out of bounds.') 10 | 11 | const buff = new Uint8Array(1) 12 | const view = new DataView(buff.buffer, buff.byteOffset, buff.byteLength) 13 | view.setUint8(0, number) 14 | return buff 15 | } 16 | 17 | const UINT16__OVERFLOW = 2 ** 16 18 | export function uInt16BE(number: number) { 19 | /* Precondition: Number must be 0-(2^16 - 1). */ 20 | needs(number < UINT16__OVERFLOW && number >= 0, 'number out of bounds.') 21 | 22 | const buff = new Uint8Array(2) 23 | const view = new DataView(buff.buffer, buff.byteOffset, buff.byteLength) 24 | view.setUint16(0, number, false) // big-endian 25 | return buff 26 | } 27 | 28 | const UINT32__OVERFLOW = 2 ** 32 29 | export function uInt32BE(number: number) { 30 | /* Precondition: Number must be 0-(2^32 - 1). */ 31 | needs(number < UINT32__OVERFLOW && number >= 0, 'number out of bounds.') 32 | 33 | const buff = new Uint8Array(4) 34 | const view = new DataView(buff.buffer, buff.byteOffset, buff.byteLength) 35 | view.setUint32(0, number, false) // big-endian 36 | return buff 37 | } 38 | -------------------------------------------------------------------------------- /modules/serialize/test/concat_buffers.test.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | /* eslint-env mocha */ 5 | 6 | import { expect } from 'chai' 7 | import { concatBuffers } from '../src/concat_buffers' 8 | import { Buffer } from 'buffer' 9 | 10 | describe('concatBuffers', () => { 11 | it('should concatenate simple Uint8Array', () => { 12 | const buff = Array(5) 13 | .fill(1) 14 | .map((_, i) => new Uint8Array([i])) 15 | const test = concatBuffers(...buff) 16 | expect(test).to.be.instanceof(Uint8Array) 17 | expect(test.byteLength).to.eql(5) 18 | expect(test).to.deep.equal(new Uint8Array([0, 1, 2, 3, 4])) 19 | }) 20 | 21 | it('should concatenate simple ArrayBuffer', () => { 22 | const buff = Array(5) 23 | .fill(1) 24 | .map((_, i) => new Uint8Array([i]).buffer) 25 | const test = concatBuffers(...buff) 26 | expect(test).to.be.instanceof(Uint8Array) 27 | expect(test.byteLength).to.eql(5) 28 | expect(test).to.deep.equal(new Uint8Array([0, 1, 2, 3, 4])) 29 | }) 30 | 31 | it('should concatenate simple Node Buffer', () => { 32 | const buff = Array(5) 33 | .fill(1) 34 | .map((_, i) => Buffer.alloc(1, i)) 35 | const test = concatBuffers(...buff) 36 | expect(test).to.be.instanceof(Uint8Array) 37 | expect(test.byteLength).to.eql(5) 38 | expect(test).to.deep.equal(new Uint8Array([0, 1, 2, 3, 4])) 39 | }) 40 | }) 41 | -------------------------------------------------------------------------------- /modules/serialize/test/uint_util.test.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | /* eslint-env mocha */ 5 | 6 | import { expect } from 'chai' 7 | import { uInt8, uInt16BE, uInt32BE } from '../src/uint_util' 8 | 9 | describe('uInt8', () => { 10 | it('Precondition: Number must be 0-(2^8 - 1).', () => { 11 | expect(() => uInt8(-1)).to.throw() 12 | expect(() => uInt8(2 ** 8)).to.throw() 13 | }) 14 | }) 15 | 16 | describe('uInt16BE', () => { 17 | it('Precondition: Number must be 0-(2^16 - 1).', () => { 18 | expect(() => uInt16BE(-1)).to.throw() 19 | expect(() => uInt16BE(2 ** 16)).to.throw() 20 | }) 21 | }) 22 | 23 | describe('uInt32BE', () => { 24 | it('Precondition: Number must be 0-(2^32 - 1).', () => { 25 | expect(() => uInt32BE(-1)).to.throw() 26 | expect(() => uInt32BE(2 ** 32)).to.throw() 27 | }) 28 | }) 29 | -------------------------------------------------------------------------------- /modules/serialize/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./" 6 | }, 7 | "include": ["src/**/*.ts", "test/**/*.ts"], 8 | "exclude": ["node_modules/**"], 9 | "references": [ 10 | { "path": "../material-management" } 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/serialize/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext", 7 | "allowSyntheticDefaultImports": true 8 | }, 9 | "exclude": [ 10 | "node_modules/**" 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/tsconfig.module.settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig.settings", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "outDir": "build/module", 6 | "module": "esnext", 7 | "allowSyntheticDefaultImports": true 8 | }, 9 | "exclude": [ 10 | "node_modules/**" 11 | ] 12 | } -------------------------------------------------------------------------------- /modules/tsconfig.settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "compilerOptions": { 3 | "target": "esnext", 4 | "moduleResolution": "node", 5 | "module": "commonjs", 6 | "declaration": true, 7 | "declarationMap": true, 8 | "inlineSourceMap": true, 9 | "esModuleInterop": true, 10 | 11 | "strict": true, 12 | 13 | "noUnusedLocals": true, 14 | "noUnusedParameters": true, 15 | "noImplicitReturns": true, 16 | "noFallthroughCasesInSwitch": true, 17 | 18 | "traceResolution": false, 19 | "listEmittedFiles": false, 20 | "listFiles": false, 21 | "pretty": true, 22 | 23 | "lib": ["es2017", "dom"], 24 | 25 | "useDefineForClassFields": true, 26 | 27 | "composite": true 28 | } 29 | } -------------------------------------------------------------------------------- /modules/web-crypto-backend/.eslintrc.js: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | module.exports = { 5 | parserOptions: { 6 | // There is an issue with @typescript-eslint/parser performance. 7 | // It scales with the number of projects 8 | // see https://github.com/typescript-eslint/typescript-eslint/issues/1192#issuecomment-596741806 9 | project: '../../tsconfig.lint.json', 10 | tsconfigRootDir: __dirname, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/web-crypto-backend/NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Javascript 2 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /modules/web-crypto-backend/README.md: -------------------------------------------------------------------------------- 1 | # aws-encryption-sdk-javascript 2 | 3 | The AWS Encryption SDK for JavaScript is a client-side encryption library designed to make it easy for everyone to encrypt and decrypt data using industry standards and best practices. It uses a data format compatible with the AWS Encryption SDKs in other languages. For more information on the AWS Encryption SDKs in all languages, see the [Developer Guide](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html). 4 | 5 | ## About @aws-crypto/web-crypto-backend 6 | 7 | This package is not intended for direct use by clients. To get started with the AWS Encryption SDK for JavaScript, follow the instructions in [the README](https://github.com/aws/aws-encryption-sdk-javascript/blob/master/README.md). 8 | 9 | ## License 10 | 11 | This SDK is distributed under the 12 | [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0), 13 | see LICENSE.txt and NOTICE.txt for more information. 14 | -------------------------------------------------------------------------------- /modules/web-crypto-backend/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@aws-crypto/web-crypto-backend", 3 | "version": "4.0.1", 4 | "scripts": { 5 | "prepublishOnly": "npm run build", 6 | "build": "tsc -b tsconfig.json && tsc -b tsconfig.module.json", 7 | "lint": "run-s lint-*", 8 | "lint-eslint": "eslint src/*.ts test/**/*.ts", 9 | "lint-prettier": "prettier -c src/*.ts test/**/*.ts", 10 | "karma": "karma start karma.conf.js", 11 | "mocha": "mocha --require ts-node/register test/**/*test.ts", 12 | "test": "npm run lint && npm run coverage", 13 | "coverage": "npm run karma && nyc report --exclude-after-remap false -t .karma_output --check-coverage" 14 | }, 15 | "author": { 16 | "name": "AWS Crypto Tools Team", 17 | "email": "aws-crypto-tools-team@amazon.com", 18 | "url": "https://aws.amazon.com/javascript/" 19 | }, 20 | "license": "Apache-2.0", 21 | "dependencies": { 22 | "@aws-crypto/ie11-detection": "4.0.0", 23 | "@aws-crypto/supports-web-crypto": "5.2.0", 24 | "@aws-sdk/util-locate-window": "3.310.0", 25 | "tslib": "^2.2.0" 26 | }, 27 | "sideEffects": false, 28 | "main": "./build/main/src/index.js", 29 | "module": "./build/module/src/index.js", 30 | "types": "./build/main/src/index.d.ts", 31 | "files": [ 32 | "build/**/src/*" 33 | ], 34 | "standard": { 35 | "fix": true, 36 | "parser": "@typescript-eslint/parser", 37 | "plugins": [ 38 | "@typescript-eslint" 39 | ] 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /modules/web-crypto-backend/src/index.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | import { locateWindow } from '@aws-sdk/util-locate-window' 5 | import { webCryptoBackendFactory } from './backend-factory' 6 | 7 | const { getWebCryptoBackend, configureFallback } = webCryptoBackendFactory( 8 | locateWindow() 9 | ) 10 | export { getWebCryptoBackend, configureFallback } 11 | 12 | export { 13 | getNonZeroByteBackend, 14 | getZeroByteSubtle, 15 | isFullSupportWebCryptoBackend, 16 | WebCryptoBackend, 17 | FullSupportWebCryptoBackend, 18 | MixedSupportWebCryptoBackend, 19 | } from './backend-factory' 20 | 21 | export { synchronousRandomValues } from './synchronous_random_values' 22 | -------------------------------------------------------------------------------- /modules/web-crypto-backend/src/promisify-ms-crypto.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | import { MsSubtleCrypto } from '@aws-crypto/ie11-detection' 5 | 6 | type MsSubtleFunctions = keyof MsSubtleCrypto 7 | 8 | export default function promisifyMsSubtleCrypto(backend: MsSubtleCrypto) { 9 | const usages: MsSubtleFunctions[] = [ 10 | 'decrypt', 11 | 'digest', 12 | 'encrypt', 13 | 'exportKey', 14 | 'generateKey', 15 | 'importKey', 16 | 'sign', 17 | 'verify', 18 | ] 19 | const decorateUsage = (fakeBackend: any, usage: MsSubtleFunctions) => 20 | decorate(backend, fakeBackend, usage) 21 | return usages.reduce(decorateUsage, {}) as SubtleCrypto 22 | } 23 | 24 | function decorate( 25 | subtle: MsSubtleCrypto, 26 | fakeBackend: any, 27 | name: MsSubtleFunctions 28 | ) { 29 | fakeBackend[name] = async (...args: any[]) => { 30 | return new Promise((resolve, reject) => { 31 | // @ts-ignore 32 | const operation = subtle[name](...args) 33 | operation.oncomplete = () => resolve(operation.result) 34 | operation.onerror = reject 35 | }) 36 | } 37 | return fakeBackend 38 | } 39 | -------------------------------------------------------------------------------- /modules/web-crypto-backend/src/synchronous_random_values.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | import { isMsWindow } from '@aws-crypto/ie11-detection' 5 | import { supportsSecureRandom } from '@aws-crypto/supports-web-crypto' 6 | import { locateWindow } from '@aws-sdk/util-locate-window' 7 | 8 | /* There are uses for a synchronous random source. 9 | * For example constructors need to be synchronous. 10 | * The AWS JS SDK uses IRandomValues to have a consistent interface. 11 | */ 12 | export const synchronousRandomValues = generateSynchronousRandomValues( 13 | locateWindow() 14 | ) 15 | 16 | export function generateSynchronousRandomValues( 17 | globalScope: Window 18 | ): (byteLength: number) => Uint8Array { 19 | return function synchronousRandomValues(byteLength: number): Uint8Array { 20 | if (supportsSecureRandom(globalScope)) { 21 | return globalScope.crypto.getRandomValues(new Uint8Array(byteLength)) 22 | } else if (isMsWindow(globalScope)) { 23 | const values = new Uint8Array(byteLength) 24 | globalScope.msCrypto.getRandomValues(values) 25 | return values 26 | } 27 | 28 | throw new Error(`Unable to locate a secure random source.`) 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /modules/web-crypto-backend/test/promisify-ms-crypto.test.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | /* eslint-env mocha */ 5 | 6 | import * as chai from 'chai' 7 | import chaiAsPromised from 'chai-as-promised' 8 | import promisifyMsSubtleCrypto from '../src/promisify-ms-crypto' 9 | import * as fixtures from './fixtures' 10 | 11 | chai.use(chaiAsPromised) 12 | const { expect } = chai 13 | 14 | /* These tests are very simple 15 | * I am not testing every subtle function 16 | * because the promisify code is all the same. 17 | */ 18 | describe('promisifyMsSubtleCrypto', () => { 19 | const backendComplete = promisifyMsSubtleCrypto( 20 | fixtures.fakeWindowIE11OnComplete.msCrypto.subtle 21 | ) 22 | const backendError = promisifyMsSubtleCrypto( 23 | fixtures.fakeWindowIE11OnError.msCrypto.subtle 24 | ) 25 | 26 | it('backendComplete:decrypt', async () => { 27 | // @ts-ignore These methods are stubs, ignore ts errors 28 | const test = await backendComplete.decrypt() 29 | expect(test).to.equal(true) 30 | }) 31 | 32 | it('backendError:decrypt', async () => { 33 | // @ts-ignore These methods are stubs, ignore ts errors 34 | await expect(backendError.decrypt()).to.rejectedWith(Error) 35 | }) 36 | }) 37 | -------------------------------------------------------------------------------- /modules/web-crypto-backend/test/synchronous_random_values.test.ts: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | /* eslint-env mocha */ 5 | 6 | import { expect } from 'chai' 7 | import { generateSynchronousRandomValues } from '../src/synchronous_random_values' 8 | import { synchronousRandomValues } from '../src/index' 9 | import * as fixtures from './fixtures' 10 | 11 | describe('synchronousRandomValues', () => { 12 | it('should return random values', () => { 13 | const test = synchronousRandomValues(5) 14 | expect(test).to.be.instanceOf(Uint8Array) 15 | expect(test).lengthOf(5) 16 | }) 17 | 18 | it('should return msCrypto random values', () => { 19 | const synchronousRandomValues = generateSynchronousRandomValues( 20 | fixtures.fakeWindowIE11OnComplete 21 | ) 22 | 23 | const test = synchronousRandomValues(5) 24 | expect(test).to.be.instanceOf(Uint8Array) 25 | expect(test).lengthOf(5) 26 | // The random is a stub, so I know the value 27 | expect(test).to.deep.equal(new Uint8Array(5).fill(1)) 28 | }) 29 | }) 30 | -------------------------------------------------------------------------------- /modules/web-crypto-backend/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.settings.json", 3 | "compilerOptions": { 4 | "outDir": "build/main", 5 | "rootDir": "./" 6 | }, 7 | "include": ["src/**/*.ts", "test/**/*.ts"], 8 | "exclude": ["node_modules/**"] 9 | } -------------------------------------------------------------------------------- /modules/web-crypto-backend/tsconfig.module.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.module.settings.json", 3 | "compilerOptions": { 4 | "target": "esnext", 5 | "rootDir": "./", 6 | "outDir": "build/module", 7 | "module": "esnext" 8 | }, 9 | "include": ["src/**/*.ts", "test/**/*.ts"], 10 | "exclude": ["node_modules/**"] 11 | } 12 | -------------------------------------------------------------------------------- /stream_mem_stress_test/.gitignore: -------------------------------------------------------------------------------- 1 | # Node modules 2 | node_modules/ 3 | 4 | # Large files 5 | mem_leak_data1/* 6 | mem_leak_data_default/* 7 | -------------------------------------------------------------------------------- /stream_mem_stress_test/README.md: -------------------------------------------------------------------------------- 1 | # Streams - Memory Stress Test and Memory Profiling 2 | This directory contains test code for running a memory profiler when using the `encryptStream` and `decryptUnsignedMessageStream`. 3 | This directory contains everything you need to run a memory profiler on these two operations. 4 | 5 | ## Requirements 6 | - Node >= 12 7 | - Chrome Browser 8 | 9 | ## How to run the application and memory profiler 10 | 1. For easier debugging open two chrome windows 11 | 1. One where you can look at the profiler 12 | 2. One where you can navigate through the application paths. 13 | 1. On Chrome, navigate to: `chrome://inspect/#devices` 14 | 1. Make sure you are in the `stream_mem_stress_test` directory. 15 | 1. Start debugger and server by running `npm run start` 16 | 1. On the devices page click on `inspect` for the remote target that just appeared 17 | 1. Navigate to the Memory tab. You will have three options: 18 | 1. Heap snapshot 19 | - Useful to focus on a specific action during runtime. 20 | 1. Allocation instrumentation on timeline 21 | - Works better for our stress tests since we can see memory allocation and 22 | garbage collection during runtime 23 | 1. Allocation Sampling (not useful for our test) 24 | 1. Navigate to any of the provided paths and watch memory allocation and garbage collection in 25 | real time 🍿 26 | -------------------------------------------------------------------------------- /stream_mem_stress_test/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "mem-leak", 3 | "version": "1.0.0", 4 | "description": "Testing", 5 | "main": "index.js", 6 | "scripts": { 7 | "start": " node --inspect -r ts-node/register index.ts", 8 | "load-mem": "ab -t 10 -n 10000 -c 10 http://localhost:3000/now" 9 | }, 10 | "keywords": [ 11 | "leak", 12 | "server", 13 | "inspect" 14 | ], 15 | "author": "aws-crypto-tools-team@amazon.com", 16 | "license": "Apache-2.0", 17 | "dependencies": { 18 | "@aws-crypto/client-node": "^3.1.1", 19 | "express": "^4.19.2" 20 | }, 21 | "devDependencies": { 22 | "@types/express": "^4.17.13", 23 | "@types/node": "^17.0.43", 24 | "ts-node": "^10.8.1", 25 | "typescript": "^4.7.3" 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /stream_mem_stress_test/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "compilerOptions": { 3 | /* Language and Environment */ 4 | "target": "es2016", /* Set the JavaScript language version for emitted JavaScript and include compatible library declarations. */ 5 | 6 | /* Modules */ 7 | "module": "commonjs", /* Specify what module code is generated. */ 8 | 9 | /* Interop Constraints */ 10 | "esModuleInterop": true, /* Emit additional JavaScript to ease support for importing CommonJS modules. This enables 'allowSyntheticDefaultImports' for type compatibility. */ 11 | "forceConsistentCasingInFileNames": true, /* Ensure that casing is correct in imports. */ 12 | 13 | /* Type Checking */ 14 | "strict": true, /* Enable all strict type-checking options. */ 15 | 16 | /* Completeness */ 17 | "skipLibCheck": true /* Skip type checking all .d.ts files. */ 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /tsconfig.lint.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./modules/tsconfig.settings.json", 3 | "include": ["modules/**/src/**/*.ts", "modules/**/test/**/*.ts"], 4 | "exclude": ["node_modules/**"] 5 | } -------------------------------------------------------------------------------- /util/bootstrap_tsconfig: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env node 2 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 3 | // SPDX-License-Identifier: Apache-2.0 4 | 5 | /* This file is to help line up the formal conditions listed in source with tests. 6 | * I look for `sourceGrep` and `testGrep` make make sure that the conditions found, 7 | * are in both sets. 8 | */ 9 | 10 | const { writeFileSync } = require('fs') 11 | const { exec } = require('child_process') 12 | const { promisify } = require('util') 13 | const execAsync = promisify(exec) 14 | 15 | const lernaLs = 'npx lerna la' 16 | 17 | execAsync(lernaLs) 18 | .then(clean) 19 | .then(references => ({ 20 | extends: './modules/tsconfig.settings.json', 21 | files: [], 22 | references 23 | })) 24 | .then(tsconfig => { 25 | writeFileSync('./tsconfig.json', JSON.stringify(tsconfig, null, ' ')) 26 | const references = tsconfig.references.map(({path}) => ({path: path + '/tsconfig.module.json'})) 27 | writeFileSync('./tsconfig.module.json', JSON.stringify({...tsconfig, references}, null, ' ')) 28 | }) 29 | 30 | const namespace = '@aws-crypto/' 31 | function clean ({ stdout, stderr }) { 32 | return stdout.split('\n') 33 | .filter(l => l.startsWith(namespace)) 34 | .map(l => l.split(' ').shift().split(namespace).pop()) 35 | .map(name => ({ path: `modules/${name}` })) 36 | } 37 | -------------------------------------------------------------------------------- /verdaccio/htpasswd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws/aws-encryption-sdk-javascript/ef26b39eb8c8078fcbae3482eaf5ce1ec37e61ba/verdaccio/htpasswd -------------------------------------------------------------------------------- /verdaccio/integration/Readme.md: -------------------------------------------------------------------------------- 1 | npx v7 will not install a newer version when any version is installed. 2 | This module is a place to run npx on our integration modules. 3 | 4 | see `util/npx-verdaccio` for more details -------------------------------------------------------------------------------- /verdaccio/integration/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "integration", 3 | "version": "1.0.0", 4 | "license": "Apache-2.0" 5 | } 6 | -------------------------------------------------------------------------------- /verdaccio/npmrc: -------------------------------------------------------------------------------- 1 | loglevel=warn 2 | registry=http://localhost:4873/ 3 | --------------------------------------------------------------------------------