forked from aws/aws-encryption-sdk-javascript
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathidentifiers.ts
104 lines (95 loc) · 4.85 KB
/
identifiers.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
/*
* Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use
* this file except in compliance with the License. A copy of the License is
* located at
*
* http://aws.amazon.com/apache2.0/
*
* or in the "license" file accompanying this file. This file is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied. See the License for the specific language governing permissions and
* limitations under the License.
*/
/*
* This public interface for constants is provided for
* the use of the Encryption SDK for JavaScript only. It can be used
* as a reference but is not intended to be use by any packages other
* than the Encryption SDK for JavaScript.
*
* See: https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/reference.html
*
* https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/message-format.html#header-aad (algorithms with signing)
* https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/message-format.html#header-version
* https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/message-format.html#header-content-type
* https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/body-aad-reference.html (Body AAD Content)
* https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/message-format.html#header-type
* https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/body-aad-reference.html#body-aad-sequence-number
*/
export const ENCODED_SIGNER_KEY = 'aws-crypto-public-key'
export enum SerializationVersion {
V1 = 1 // eslint-disable-line no-unused-vars
}
Object.freeze(SerializationVersion)
export enum ContentType {
NO_FRAMING = 1, // eslint-disable-line no-unused-vars
FRAMED_DATA = 2 // eslint-disable-line no-unused-vars
}
Object.freeze(ContentType)
export enum ContentAADString {
FRAME_STRING_ID = 'AWSKMSEncryptionClient Frame', // eslint-disable-line no-unused-vars
FINAL_FRAME_STRING_ID = 'AWSKMSEncryptionClient Final Frame', // eslint-disable-line no-unused-vars
NON_FRAMED_STRING_ID = 'AWSKMSEncryptionClient Single Block', // eslint-disable-line no-unused-vars
}
Object.freeze(ContentAADString)
export enum ObjectType {
CUSTOMER_AE_DATA = 128 // eslint-disable-line no-unused-vars
}
Object.freeze(ObjectType)
export enum SequenceIdentifier {
SEQUENCE_NUMBER_END = 0xFFFFFFFF // eslint-disable-line no-unused-vars
}
Object.freeze(SequenceIdentifier)
export enum Maximum {
// Maximum number of messages which are allowed to be encrypted under a single cached data key
MESSAGES_PER_CACHED_KEY_LIMIT = 2 ** 32, // eslint-disable-line no-unused-vars
/* Maximum number of bytes that are allowed to be encrypted
* under a single cached data key across messages.
* The maximum value defined in the AWS Encryption SDK specification is 2 ** 63 - 1.
* However Javascript can only perform safe operations on values
* up to Number.MAX_SAFE_INTEGER === 9007199254740991 === 2 ** 53 - 1.
* e.g
* Number.MAX_SAFE_INTEGER + 1 === Number.MAX_SAFE_INTEGER + 2 => true
* Number.MAX_SAFE_INTEGER + 1 > Number.MAX_SAFE_INTEGER + 2 => false
* Number.MAX_SAFE_INTEGER + 1 < Number.MAX_SAFE_INTEGER + 2 => false
*
* This means that after 2 ** 53 - 1 the process of accumulating a byte count
* will never yield an accurate comparison and so, never halt.
*
* The choice here to use 2 ** 53 - 1 instead of Number.MAX_SAFE_INTEGER is deliberate.
* This is because in the future Number.MAX_SAFE_INTEGER could be raised to 2 ** 66
* or some value larger 2 ** 63.
*/
BYTES_PER_CACHED_KEY_LIMIT = 2 ** 53 - 1, // eslint-disable-line no-unused-vars
/* This value should be Maximum.FRAME_COUNT * Maximum.FRAME_SIZE.
* However this would be ~ 2 ** 64, much larger than Number.MAX_SAFE_INTEGER.
* For the same reasons outlined above in BYTES_PER_CACHED_KEY_LIMIT
* this value is set to 2 ** 53 - 1.
*/
BYTES_PER_MESSAGE = 2 ** 53 - 1, // eslint-disable-line no-unused-vars
// Maximum number of frames allowed in one message as defined in specification
FRAME_COUNT = 2 ** 32 - 1, // eslint-disable-line no-unused-vars
// Maximum bytes allowed in a single frame as defined in specification
FRAME_SIZE = 2 ** 32 - 1, // eslint-disable-line no-unused-vars
// Maximum bytes allowed in a non-framed message ciphertext as defined in specification
GCM_CONTENT_SIZE = 2 ** 32 - 1, // eslint-disable-line no-unused-vars
NON_FRAMED_SIZE = 2 ** 32 - 1, // eslint-disable-line no-unused-vars
// Maximum number of AAD bytes allowed as defined in specification
AAD_BYTE_SIZE = 2 ** 16 - 1, // eslint-disable-line no-unused-vars
}
Object.freeze(Maximum)
// Default frame length when using framing
export const FRAME_LENGTH = 4096
// Message ID length as defined in specification
export const MESSAGE_ID_LENGTH = 16