How to use the @aws-crypto/material-management-node.needs function in @aws-crypto/material-management-node

To help you get started, we’ve selected a few @aws-crypto/material-management-node examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github aws / aws-encryption-sdk-javascript / modules / encrypt-node / src / encrypt_stream.ts View on Github external
export function encryptStream (
  cmm: KeyringNode|NodeMaterialsManager,
  op: EncryptStreamInput = {}
): Duplex {
  const { suiteId, encryptionContext = {}, frameLength = FRAME_LENGTH, plaintextLength } = op

  /* Precondition: The frameLength must be less than the maximum frame size Node.js stream. */
  needs(frameLength > 0 && Maximum.FRAME_SIZE >= frameLength, `frameLength out of bounds: 0 > frameLength >= ${Maximum.FRAME_SIZE}`)

  /* If the cmm is a Keyring, wrap it with NodeDefaultCryptographicMaterialsManager. */
  cmm = cmm instanceof KeyringNode
    ? new NodeDefaultCryptographicMaterialsManager(cmm)
    : cmm

  const suite = suiteId && new NodeAlgorithmSuite(suiteId)

  const wrappingStream = new Duplexify()

  cmm.getEncryptionMaterials({ suite, encryptionContext, plaintextLength })
    .then(async (material) => {
      const { dispose, getSigner } = getEncryptHelper(material)

      const { getCipher, messageHeader, rawHeader } = getEncryptionInfo(material, frameLength)
github aws / aws-encryption-sdk-javascript / modules / raw-rsa-keyring-node / src / raw_rsa_keyring_node.ts View on Github external
constructor (input: RawRsaKeyringNodeInput) {
    super()

    const { rsaKey, keyName, keyNamespace, padding = constants.RSA_PKCS1_OAEP_PADDING } = input
    const { publicKey, privateKey } = rsaKey
    /* Precondition: RsaKeyringNode needs either a public or a private key to operate. */
    needs(publicKey || privateKey, 'No Key provided.')
    /* Precondition: RsaKeyringNode needs identifying information for encrypt and decrypt. */
    needs(keyName && keyNamespace, 'Identifying information must be defined.')

    const _wrapKey = async (material: NodeEncryptionMaterial) => {
      /* Precondition: Public key must be defined to support encrypt. */
      if (!publicKey) throw new Error('No public key defined in constructor.  Encrypt disabled.')
      const { buffer, byteOffset, byteLength } = unwrapDataKey(material.getUnencryptedDataKey())
      const encryptedDataKey = publicEncrypt(
        { key: publicKey, padding },
        Buffer.from(buffer, byteOffset, byteLength))
      const providerInfo = this.keyName
      const providerId = this.keyNamespace
      const flag = KeyringTraceFlag.WRAPPING_KEY_ENCRYPTED_DATA_KEY
      const edk = new EncryptedDataKey({ encryptedDataKey, providerInfo, providerId })
      return material.addEncryptedDataKey(edk, flag)
    }

    const _unwrapKey = async (material: NodeDecryptionMaterial, edk: EncryptedDataKey) => {
github aws / aws-encryption-sdk-javascript / modules / raw-rsa-keyring-node / src / raw_rsa_keyring_node.ts View on Github external
constructor (input: RawRsaKeyringNodeInput) {
    super()

    const { rsaKey, keyName, keyNamespace, padding = constants.RSA_PKCS1_OAEP_PADDING } = input
    const { publicKey, privateKey } = rsaKey
    /* Precondition: RsaKeyringNode needs either a public or a private key to operate. */
    needs(publicKey || privateKey, 'No Key provided.')
    /* Precondition: RsaKeyringNode needs identifying information for encrypt and decrypt. */
    needs(keyName && keyNamespace, 'Identifying information must be defined.')

    const _wrapKey = async (material: NodeEncryptionMaterial) => {
      /* Precondition: Public key must be defined to support encrypt. */
      if (!publicKey) throw new Error('No public key defined in constructor.  Encrypt disabled.')
      const { buffer, byteOffset, byteLength } = unwrapDataKey(material.getUnencryptedDataKey())
      const encryptedDataKey = publicEncrypt(
        { key: publicKey, padding },
        Buffer.from(buffer, byteOffset, byteLength))
      const providerInfo = this.keyName
      const providerId = this.keyNamespace
      const flag = KeyringTraceFlag.WRAPPING_KEY_ENCRYPTED_DATA_KEY
      const edk = new EncryptedDataKey({ encryptedDataKey, providerInfo, providerId })
      return material.addEncryptedDataKey(edk, flag)
    }
github aws / aws-encryption-sdk-javascript / modules / raw-aes-keyring-node / src / raw_aes_keyring_node.ts View on Github external
constructor (input: RawAesKeyringNodeInput) {
    super()

    const { keyName, keyNamespace, unencryptedMasterKey, wrappingSuite } = input
    /* Precondition: AesKeyringNode needs identifying information for encrypt and decrypt. */
    needs(keyName && keyNamespace, 'Identifying information must be defined.')
    /* Precondition: RawAesKeyringNode requires wrappingSuite to be a valid RawAesWrappingSuite. */
    const wrappingMaterial = new NodeRawAesMaterial(wrappingSuite)
      /* Precondition: unencryptedMasterKey must correspond to the NodeAlgorithmSuite specification.
       * Note: the KeyringTrace and flag are _only_ set because I am reusing an existing implementation.
       * See: raw_aes_material.ts in @aws-crypto/raw-keyring for details
       */
      .setUnencryptedDataKey(unencryptedMasterKey, { keyNamespace, keyName, flags: KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY })

    const _wrapKey = async (material: NodeEncryptionMaterial) => {
      /* The AAD section is uInt16BE(length) + AAD
       * see: https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/message-format.html#header-aad
       * However, the RAW Keyring wants _only_ the ADD.
       * So, I just slice off the length.
       */
      const { buffer, byteOffset, byteLength } = serializeEncryptionContext(material.encryptionContext).slice(2)
      const aad = Buffer.from(buffer, byteOffset, byteLength)