feat: Node.js Typescript version dependency (#146)

resolves #135

The AWS Encryption SDK should track the Node.js LTS policy.
For developers using Typescript and @types/node@8
the ESDK should “just work”.
Because some packages export Node.js types like `CipherGCM`
developers would be forced to install an unwanted type version.

This pulls in the needed parts of the needed types into the packages.
It is only the types that differ in this case.

Regarding KeyObjects, rsa support is removed,
but will be added back in when #74 is addressed.

Author: seebees

modules/decrypt-node/src/decipher_stream.ts

@@ -16,8 +16,11 @@
 // @ts-ignore
 import { Transform as PortableTransform } from 'readable-stream'
 import { Transform } from 'stream' // eslint-disable-line no-unused-vars
-import { DecipherGCM } from 'crypto' // eslint-disable-line no-unused-vars
-import { needs } from '@aws-crypto/material-management-node'
+import {
+  needs,
+  GetDecipher, // eslint-disable-line no-unused-vars
+  AwsEsdkJsDecipherGCM // eslint-disable-line no-unused-vars
+} from '@aws-crypto/material-management-node'
 import {
   aadFactory,
   ContentType // eslint-disable-line no-unused-vars
@@ -31,12 +34,12 @@ const PortableTransformWithType = (<new (...args: any[]) => Transform>PortableTr
 export interface DecipherInfo {
   messageId: Buffer
   contentType: ContentType
-  getDecipher: (iv: Uint8Array) => DecipherGCM
+  getDecipher: GetDecipher
   dispose: () => void
 }
 
 interface DecipherState {
-  decipher: DecipherGCM
+  decipher: AwsEsdkJsDecipherGCM
   content: Buffer[]
   contentLength: number
 }

modules/decrypt-node/src/verify_stream.ts

@@ -16,10 +16,10 @@
 // @ts-ignore
 import { Transform as PortableTransform } from 'readable-stream'
 import { Transform } from 'stream' // eslint-disable-line no-unused-vars
-import { DecipherGCM } from 'crypto' // eslint-disable-line no-unused-vars
 import {
   needs,
-  GetVerify // eslint-disable-line no-unused-vars
+  GetVerify, // eslint-disable-line no-unused-vars
+  GetDecipher // eslint-disable-line no-unused-vars
 } from '@aws-crypto/material-management-node'
 import {
   deserializeSignature,
@@ -35,7 +35,7 @@ const PortableTransformWithType = (<new (...args: any[]) => Transform>PortableTr
 
 export interface VerifyInfo {
   headerInfo: HeaderInfo
-  getDecipher: (iv: Uint8Array) => DecipherGCM
+  getDecipher: GetDecipher
   dispose: () => void
   verify?: AWSVerify
 }

modules/encrypt-node/src/framed_encrypt_stream.ts

@@ -19,9 +19,12 @@ import {
 } from '@aws-crypto/serialize'
 // @ts-ignore
 import { Transform as PortableTransform } from 'readable-stream'
-import { CipherGCM } from 'crypto' // eslint-disable-line no-unused-vars
 import { Transform } from 'stream' // eslint-disable-line no-unused-vars
-import { needs } from '@aws-crypto/material-management-node'
+import {
+  GetCipher, // eslint-disable-line no-unused-vars
+  AwsEsdkJsCipherGCM, // eslint-disable-line no-unused-vars
+  needs
+} from '@aws-crypto/material-management-node'
 
 const fromUtf8 = (input: string) => Buffer.from(input, 'utf8')
 const serialize = serializeFactory(fromUtf8)
@@ -38,7 +41,7 @@ interface EncryptFrame {
   content: Buffer[]
   bodyHeader: Buffer
   headerSent?: boolean
-  cipher: CipherGCM,
+  cipher: AwsEsdkJsCipherGCM,
   isFinalFrame: boolean
 }
 
@@ -165,8 +168,6 @@ export function getFramedEncryptStream (getCipher: GetCipher, messageHeader: Mes
   })()
 }
 
-type GetCipher = (iv: Uint8Array) => CipherGCM
-
 type EncryptFrameInput = {
   pendingFrame: AccumulatingFrame,
   messageHeader: MessageHeader,

modules/material-management-node/src/index.ts

@@ -18,7 +18,11 @@ export {
   getEncryptHelper,
   getDecryptionHelper,
   GetSigner,
-  GetVerify
+  GetVerify,
+  GetCipher,
+  GetDecipher,
+  AwsEsdkJsCipherGCM,
+  AwsEsdkJsDecipherGCM
 } from './material_helpers'
 export {
   NodeDecryptionMaterial, NodeEncryptionMaterial, NodeAlgorithmSuite,

modules/material-management-node/src/material_helpers.ts

@@ -18,27 +18,45 @@ import {
   NodeHash // eslint-disable-line no-unused-vars
 } from '@aws-crypto/material-management'
 import {
-  CipherGCM, DecipherGCM, Signer, Verify, // eslint-disable-line no-unused-vars
+  Signer, Verify, // eslint-disable-line no-unused-vars
   createCipheriv, createDecipheriv, createSign, createVerify
 } from 'crypto'
 import { HKDF } from '@aws-crypto/hkdf-node'
 
+export interface AwsEsdkJsCipherGCM {
+  update(data: Buffer): Buffer
+  final(): Buffer
+  getAuthTag(): Buffer
+  setAAD(aad: Buffer): this
+}
+
+export interface AwsEsdkJsDecipherGCM {
+  update(data: Buffer): Buffer
+  final(): Buffer
+  setAuthTag(buffer: Buffer): this
+  setAAD(aad: Buffer): this
+}
+
 type KDFIndex = Readonly<{[K in NodeHash]: ReturnType<typeof HKDF>}>
 const kdfIndex: KDFIndex = Object.freeze({
   sha256: HKDF('sha256' as NodeHash),
   sha384: HKDF('sha384' as NodeHash)
 })
 
 export interface GetCipher {
-  (info?: Uint8Array) : (iv: Uint8Array) => CipherGCM
+  (iv: Uint8Array): AwsEsdkJsCipherGCM
+}
+
+export interface CurryGetCipher {
+  (info?: Uint8Array): GetCipher
 }
 
 export interface GetSigner {
   () : Signer & {awsCryptoSign: () => Buffer}
 }
 
 export interface NodeEncryptionMaterialHelper {
-  kdfGetCipher: GetCipher
+  kdfGetCipher: CurryGetCipher
   getSigner?: GetSigner
   dispose: () => void
 }
@@ -56,7 +74,7 @@ export const getEncryptHelper: GetEncryptHelper = (material: NodeEncryptionMater
    * Function overloads "works" but then I can not export
    * the function and have eslint be happy (Multiple exports of name)
    */
-  const kdfGetCipher = <GetCipher>getCryptoStream(material)
+  const kdfGetCipher = <CurryGetCipher>getCryptoStream(material)
   return Object.freeze({
     kdfGetCipher,
     getSigner: signatureHash ? getSigner : undefined,
@@ -93,14 +111,17 @@ export const getEncryptHelper: GetEncryptHelper = (material: NodeEncryptionMater
 }
 
 export interface GetDecipher {
-  (info?: Uint8Array) : (iv: Uint8Array) => DecipherGCM
+  (iv: Uint8Array): AwsEsdkJsDecipherGCM
+}
+export interface CurryGetDecipher {
+  (info?: Uint8Array) : GetDecipher
 }
 export interface GetVerify {
   () : Verify & {awsCryptoVerify: (signature: Buffer) => boolean}
 }
 
 export interface NodeDecryptionMaterialHelper {
-  kdfGetDecipher: GetDecipher
+  kdfGetDecipher: CurryGetDecipher
   getVerify?: GetVerify
   dispose: () => void
 }
@@ -119,7 +140,7 @@ export const getDecryptionHelper: GetDecryptionHelper = (material: NodeDecryptio
    * Function overloads "works" but then I can not export
    * the function and have eslint be happy (Multiple exports of name)
    */
-  const kdfGetDecipher = <GetDecipher>getCryptoStream(material)
+  const kdfGetDecipher = <CurryGetDecipher>getCryptoStream(material)
   return Object.freeze({
     kdfGetDecipher,
     getVerify: signatureHash ? getVerify : undefined,
@@ -158,7 +179,7 @@ export function getCryptoStream (material: NodeEncryptionMaterial|NodeDecryption
 
   return (info?: Uint8Array) => {
     const derivedKey = nodeKdf(material, info)
-    return (iv: Uint8Array) => {
+    return (iv: Uint8Array): AwsEsdkJsCipherGCM|AwsEsdkJsDecipherGCM => {
       /* Precondition: The length of the IV must match the algorithm suite specification. */
       needs(iv.byteLength === ivLength, 'Iv length does not match algorithm suite specification')
       /* Precondition: The material must have not been zeroed.

modules/raw-rsa-keyring-node/src/raw_rsa_keyring_node.ts

@@ -30,8 +30,7 @@ import {
   constants,
   publicEncrypt,
   privateDecrypt,
-  randomBytes,
-  KeyObject // eslint-disable-line no-unused-vars
+  randomBytes
 } from 'crypto'
 
 import {
@@ -52,8 +51,8 @@ import {
  * or more complicated options...  Thoughts?
  */
 interface RsaKey {
-  publicKey?: string | Buffer | KeyObject
-  privateKey?: string | Buffer | KeyObject
+  publicKey?: string | Buffer
+  privateKey?: string | Buffer
 }
 
 export type RawRsaKeyringNodeInput = {