feat: Node.js Typescript version dependency

modules/decrypt-node/src/decipher_stream.ts

@@ -16,8 +16,11 @@
 // @ts-ignore
 import { Transform as PortableTransform } from 'readable-stream'
 import { Transform } from 'stream' // eslint-disable-line no-unused-vars
-import { DecipherGCM } from 'crypto' // eslint-disable-line no-unused-vars
-import { needs } from '@aws-crypto/material-management-node'
+import {
+  needs,
+  GetDecipher, // eslint-disable-line no-unused-vars
+  AwsEsdkJsDecipherGCM // eslint-disable-line no-unused-vars
+} from '@aws-crypto/material-management-node'
 import {
   aadFactory,
   ContentType // eslint-disable-line no-unused-vars
@@ -31,12 +34,12 @@ const PortableTransformWithType = (<new (...args: any[]) => Transform>PortableTr
 export interface DecipherInfo {
   messageId: Buffer
   contentType: ContentType
-  getDecipher: (iv: Uint8Array) => DecipherGCM
+  getDecipher: GetDecipher
   dispose: () => void
 }
 
 interface DecipherState {
-  decipher: DecipherGCM
+  decipher: AwsEsdkJsDecipherGCM
   content: Buffer[]
   contentLength: number
 }

modules/decrypt-node/src/verify_stream.ts

@@ -16,10 +16,10 @@
 // @ts-ignore
 import { Transform as PortableTransform } from 'readable-stream'
 import { Transform } from 'stream' // eslint-disable-line no-unused-vars
-import { DecipherGCM } from 'crypto' // eslint-disable-line no-unused-vars
 import {
   needs,
-  GetVerify // eslint-disable-line no-unused-vars
+  GetVerify, // eslint-disable-line no-unused-vars
+  GetDecipher // eslint-disable-line no-unused-vars
 } from '@aws-crypto/material-management-node'
 import {
   deserializeSignature,
@@ -35,7 +35,7 @@ const PortableTransformWithType = (<new (...args: any[]) => Transform>PortableTr
 
 export interface VerifyInfo {
   headerInfo: HeaderInfo
-  getDecipher: (iv: Uint8Array) => DecipherGCM
+  getDecipher: GetDecipher
   dispose: () => void
   verify?: AWSVerify
 }

modules/encrypt-node/src/framed_encrypt_stream.ts

@@ -19,9 +19,12 @@ import {
 } from '@aws-crypto/serialize'
 // @ts-ignore
 import { Transform as PortableTransform } from 'readable-stream'
-import { CipherGCM } from 'crypto' // eslint-disable-line no-unused-vars
 import { Transform } from 'stream' // eslint-disable-line no-unused-vars
-import { needs } from '@aws-crypto/material-management-node'
+import {
+  GetCipher, // eslint-disable-line no-unused-vars
+  AwsEsdkJsCipherGCM, // eslint-disable-line no-unused-vars
+  needs
+} from '@aws-crypto/material-management-node'
 
 const fromUtf8 = (input: string) => Buffer.from(input, 'utf8')
 const serialize = serializeFactory(fromUtf8)
@@ -38,7 +41,7 @@ interface EncryptFrame {
   content: Buffer[]
   bodyHeader: Buffer
   headerSent?: boolean
-  cipher: CipherGCM,
+  cipher: AwsEsdkJsCipherGCM,
   isFinalFrame: boolean
 }
 
@@ -165,8 +168,6 @@ export function getFramedEncryptStream (getCipher: GetCipher, messageHeader: Mes
   })()
 }
 
-type GetCipher = (iv: Uint8Array) => CipherGCM
-
 type EncryptFrameInput = {
   pendingFrame: AccumulatingFrame,
   messageHeader: MessageHeader,

modules/material-management-node/src/index.ts

@@ -18,7 +18,11 @@ export {
   getEncryptHelper,
   getDecryptionHelper,
   GetSigner,
-  GetVerify
+  GetVerify,
+  GetCipher,
+  GetDecipher,
+  AwsEsdkJsCipherGCM,
+  AwsEsdkJsDecipherGCM
 } from './material_helpers'
 export {
   NodeDecryptionMaterial, NodeEncryptionMaterial, NodeAlgorithmSuite,

modules/material-management-node/src/material_helpers.ts

@@ -18,27 +18,45 @@ import {
   NodeHash // eslint-disable-line no-unused-vars
 } from '@aws-crypto/material-management'
 import {
-  CipherGCM, DecipherGCM, Signer, Verify, // eslint-disable-line no-unused-vars
+  Signer, Verify, // eslint-disable-line no-unused-vars
   createCipheriv, createDecipheriv, createSign, createVerify
 } from 'crypto'
 import { HKDF } from '@aws-crypto/hkdf-node'
 
+export interface AwsEsdkJsCipherGCM {
+  update(data: Buffer): Buffer
+  final(): Buffer
+  getAuthTag(): Buffer
+  setAAD(aad: Buffer): this
+}
+
+export interface AwsEsdkJsDecipherGCM {
+  update(data: Buffer): Buffer
+  final(): Buffer
+  setAuthTag(buffer: Buffer): this
+  setAAD(aad: Buffer): this
+}
+
 type KDFIndex = Readonly<{[K in NodeHash]: ReturnType<typeof HKDF>}>
 const kdfIndex: KDFIndex = Object.freeze({
   sha256: HKDF('sha256' as NodeHash),
   sha384: HKDF('sha384' as NodeHash)
 })
 
 export interface GetCipher {
-  (info?: Uint8Array) : (iv: Uint8Array) => CipherGCM
+  (iv: Uint8Array): AwsEsdkJsCipherGCM
+}
+
+export interface CurryGetCipher {
+  (info?: Uint8Array): GetCipher
 }
 
 export interface GetSigner {
   () : Signer & {awsCryptoSign: () => Buffer}
 }
 
 export interface NodeEncryptionMaterialHelper {
-  kdfGetCipher: GetCipher
+  kdfGetCipher: CurryGetCipher
   getSigner?: GetSigner
   dispose: () => void
 }
@@ -56,7 +74,7 @@ export const getEncryptHelper: GetEncryptHelper = (material: NodeEncryptionMater
    * Function overloads "works" but then I can not export
    * the function and have eslint be happy (Multiple exports of name)
    */
-  const kdfGetCipher = <GetCipher>getCryptoStream(material)
+  const kdfGetCipher = <CurryGetCipher>getCryptoStream(material)
   return Object.freeze({
     kdfGetCipher,
     getSigner: signatureHash ? getSigner : undefined,
@@ -93,14 +111,17 @@ export const getEncryptHelper: GetEncryptHelper = (material: NodeEncryptionMater
 }
 
 export interface GetDecipher {
-  (info?: Uint8Array) : (iv: Uint8Array) => DecipherGCM
+  (iv: Uint8Array): AwsEsdkJsDecipherGCM
+}
+export interface CurryGetDecipher {
+  (info?: Uint8Array) : GetDecipher
 }
 export interface GetVerify {
   () : Verify & {awsCryptoVerify: (signature: Buffer) => boolean}
 }
 
 export interface NodeDecryptionMaterialHelper {
-  kdfGetDecipher: GetDecipher
+  kdfGetDecipher: CurryGetDecipher
   getVerify?: GetVerify
   dispose: () => void
 }
@@ -119,7 +140,7 @@ export const getDecryptionHelper: GetDecryptionHelper = (material: NodeDecryptio
    * Function overloads "works" but then I can not export
    * the function and have eslint be happy (Multiple exports of name)
    */
-  const kdfGetDecipher = <GetDecipher>getCryptoStream(material)
+  const kdfGetDecipher = <CurryGetDecipher>getCryptoStream(material)
   return Object.freeze({
     kdfGetDecipher,
     getVerify: signatureHash ? getVerify : undefined,
@@ -158,7 +179,7 @@ export function getCryptoStream (material: NodeEncryptionMaterial|NodeDecryption
 
   return (info?: Uint8Array) => {
     const derivedKey = nodeKdf(material, info)
-    return (iv: Uint8Array) => {
+    return (iv: Uint8Array): AwsEsdkJsCipherGCM|AwsEsdkJsDecipherGCM => {
       /* Precondition: The length of the IV must match the algorithm suite specification. */
       needs(iv.byteLength === ivLength, 'Iv length does not match algorithm suite specification')
       /* Precondition: The material must have not been zeroed.

modules/raw-rsa-keyring-node/src/raw_rsa_keyring_node.ts

@@ -30,8 +30,7 @@ import {
   constants,
   publicEncrypt,
   privateDecrypt,
-  randomBytes,
-  KeyObject // eslint-disable-line no-unused-vars
+  randomBytes
 } from 'crypto'
 
 import {
@@ -52,8 +51,8 @@ import {
  * or more complicated options...  Thoughts?
  */
 interface RsaKey {
-  publicKey?: string | Buffer | KeyObject
-  privateKey?: string | Buffer | KeyObject
+  publicKey?: string | Buffer
+  privateKey?: string | Buffer
 }
 
 export type RawRsaKeyringNodeInput = {