@brix-crypto/crypto-js 0.0.1-security → 4.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of @brix-crypto/crypto-js might be problematic. Click here for more details.
- package/.jshintrc +33 -0
- package/.travis.yml +15 -0
- package/CONTRIBUTING.md +28 -0
- package/LICENSE +24 -0
- package/README.md +273 -3
- package/docs/QuickStartGuide.wiki +470 -0
- package/package.json +45 -3
- package/src/aes.js +214 -0
- package/src/blowfish.js +451 -0
- package/src/cipher-core.js +877 -0
- package/src/core.js +796 -0
- package/src/enc-base64.js +116 -0
- package/src/enc-base64url.js +128 -0
- package/src/enc-utf16.js +129 -0
- package/src/evpkdf.js +114 -0
- package/src/format-hex.js +46 -0
- package/src/hmac.js +125 -0
- package/src/lib-typedarrays.js +56 -0
- package/src/md5.js +248 -0
- package/src/mode-cfb.js +60 -0
- package/src/mode-ctr-gladman.js +96 -0
- package/src/mode-ctr.js +38 -0
- package/src/mode-ecb.js +20 -0
- package/src/mode-ofb.js +34 -0
- package/src/pad-ansix923.js +29 -0
- package/src/pad-iso10126.js +24 -0
- package/src/pad-iso97971.js +20 -0
- package/src/pad-nopadding.js +10 -0
- package/src/pad-zeropadding.js +27 -0
- package/src/pbkdf2.js +125 -0
- package/src/rabbit-legacy.js +170 -0
- package/src/rabbit.js +172 -0
- package/src/rc4.js +119 -0
- package/src/ripemd160.js +247 -0
- package/src/sha1.js +130 -0
- package/src/sha224.js +60 -0
- package/src/sha256.js +179 -0
- package/src/sha3.js +306 -0
- package/src/sha384.js +63 -0
- package/src/sha512.js +306 -0
- package/src/tripledes.js +759 -0
- package/src/x64-core.js +284 -0
- package/test/aes-profile.js +31 -0
- package/test/aes-test.js +80 -0
- package/test/blowfish-test.js +33 -0
- package/test/cipher-test.js +522 -0
- package/test/config-test.js +51 -0
- package/test/des-profile.js +31 -0
- package/test/des-test.js +104 -0
- package/test/enc-base64-test.js +71 -0
- package/test/enc-hex-test.js +15 -0
- package/test/enc-latin1-test.js +15 -0
- package/test/enc-utf16-test.js +55 -0
- package/test/enc-utf8-test.js +39 -0
- package/test/evpkdf-profile.js +11 -0
- package/test/evpkdf-test.js +32 -0
- package/test/format-openssl-test.js +37 -0
- package/test/hmac-md5-profile.js +30 -0
- package/test/hmac-md5-test.js +59 -0
- package/test/hmac-sha224-test.js +59 -0
- package/test/hmac-sha256-test.js +59 -0
- package/test/hmac-sha384-test.js +59 -0
- package/test/hmac-sha512-test.js +59 -0
- package/test/kdf-openssl-test.js +15 -0
- package/test/lib-base-test.js +92 -0
- package/test/lib-cipherparams-test.js +59 -0
- package/test/lib-passwordbasedcipher-test.js +25 -0
- package/test/lib-serializablecipher-test.js +51 -0
- package/test/lib-typedarrays-test.js +57 -0
- package/test/lib-wordarray-test.js +85 -0
- package/test/md5-profile.js +24 -0
- package/test/md5-test.js +70 -0
- package/test/mode-cbc-test.js +49 -0
- package/test/mode-cfb-test.js +51 -0
- package/test/mode-ctr-test.js +55 -0
- package/test/mode-ecb-test.js +38 -0
- package/test/mode-ofb-test.js +50 -0
- package/test/pad-ansix923-test.js +28 -0
- package/test/pad-iso10126-test.js +50 -0
- package/test/pad-iso97971-test.js +35 -0
- package/test/pad-pkcs7-test.js +28 -0
- package/test/pad-zeropadding-test.js +28 -0
- package/test/pbkdf2-profile.js +11 -0
- package/test/pbkdf2-test.js +80 -0
- package/test/profile.html +281 -0
- package/test/rabbit-legacy-test.js +80 -0
- package/test/rabbit-profile.js +30 -0
- package/test/rabbit-test.js +84 -0
- package/test/rc4-profile.js +30 -0
- package/test/rc4-test.js +68 -0
- package/test/ripemd160-test.js +19 -0
- package/test/sha1-profile.js +24 -0
- package/test/sha1-test.js +70 -0
- package/test/sha224-test.js +19 -0
- package/test/sha256-profile.js +24 -0
- package/test/sha256-test.js +70 -0
- package/test/sha3-profile.js +24 -0
- package/test/sha3-test.js +69 -0
- package/test/sha384-test.js +54 -0
- package/test/sha512-profile.js +24 -0
- package/test/sha512-test.js +54 -0
- package/test/test-build.html +105 -0
- package/test/test.html +138 -0
- package/test/test1.html +63 -0
- package/test/tripledes-profile.js +31 -0
- package/test/tripledes-test.js +121 -0
- package/test/x64-word-test.js +99 -0
- package/test/x64-wordarray-test.js +38 -0
package/src/pbkdf2.js
ADDED
|
@@ -0,0 +1,125 @@
|
|
|
1
|
+
(function () {
|
|
2
|
+
// Shortcuts
|
|
3
|
+
var C = CryptoJS;
|
|
4
|
+
var C_lib = C.lib;
|
|
5
|
+
var Base = C_lib.Base;
|
|
6
|
+
var WordArray = C_lib.WordArray;
|
|
7
|
+
var C_algo = C.algo;
|
|
8
|
+
var SHA256 = C_algo.SHA256;
|
|
9
|
+
var HMAC = C_algo.HMAC;
|
|
10
|
+
|
|
11
|
+
/**
|
|
12
|
+
* Password-Based Key Derivation Function 2 algorithm.
|
|
13
|
+
*/
|
|
14
|
+
var PBKDF2 = C_algo.PBKDF2 = Base.extend({
|
|
15
|
+
/**
|
|
16
|
+
* Configuration options.
|
|
17
|
+
*
|
|
18
|
+
* @property {number} keySize The key size in words to generate. Default: 4 (128 bits)
|
|
19
|
+
* @property {Hasher} hasher The hasher to use. Default: SHA256
|
|
20
|
+
* @property {number} iterations The number of iterations to perform. Default: 250000
|
|
21
|
+
*/
|
|
22
|
+
cfg: Base.extend({
|
|
23
|
+
keySize: 128/32,
|
|
24
|
+
hasher: SHA256,
|
|
25
|
+
iterations: 250000
|
|
26
|
+
}),
|
|
27
|
+
|
|
28
|
+
/**
|
|
29
|
+
* Initializes a newly created key derivation function.
|
|
30
|
+
*
|
|
31
|
+
* @param {Object} cfg (Optional) The configuration options to use for the derivation.
|
|
32
|
+
*
|
|
33
|
+
* @example
|
|
34
|
+
*
|
|
35
|
+
* var kdf = CryptoJS.algo.PBKDF2.create();
|
|
36
|
+
* var kdf = CryptoJS.algo.PBKDF2.create({ keySize: 8 });
|
|
37
|
+
* var kdf = CryptoJS.algo.PBKDF2.create({ keySize: 8, iterations: 1000 });
|
|
38
|
+
*/
|
|
39
|
+
init: function (cfg) {
|
|
40
|
+
this.cfg = this.cfg.extend(cfg);
|
|
41
|
+
},
|
|
42
|
+
|
|
43
|
+
/**
|
|
44
|
+
* Computes the Password-Based Key Derivation Function 2.
|
|
45
|
+
*
|
|
46
|
+
* @param {WordArray|string} password The password.
|
|
47
|
+
* @param {WordArray|string} salt A salt.
|
|
48
|
+
*
|
|
49
|
+
* @return {WordArray} The derived key.
|
|
50
|
+
*
|
|
51
|
+
* @example
|
|
52
|
+
*
|
|
53
|
+
* var key = kdf.compute(password, salt);
|
|
54
|
+
*/
|
|
55
|
+
compute: function (password, salt) {
|
|
56
|
+
// Shortcut
|
|
57
|
+
var cfg = this.cfg;
|
|
58
|
+
|
|
59
|
+
// Init HMAC
|
|
60
|
+
var hmac = HMAC.create(cfg.hasher, password);
|
|
61
|
+
|
|
62
|
+
// Initial values
|
|
63
|
+
var derivedKey = WordArray.create();
|
|
64
|
+
var blockIndex = WordArray.create([0x00000001]);
|
|
65
|
+
|
|
66
|
+
// Shortcuts
|
|
67
|
+
var derivedKeyWords = derivedKey.words;
|
|
68
|
+
var blockIndexWords = blockIndex.words;
|
|
69
|
+
var keySize = cfg.keySize;
|
|
70
|
+
var iterations = cfg.iterations;
|
|
71
|
+
|
|
72
|
+
// Generate key
|
|
73
|
+
while (derivedKeyWords.length < keySize) {
|
|
74
|
+
var block = hmac.update(salt).finalize(blockIndex);
|
|
75
|
+
hmac.reset();
|
|
76
|
+
|
|
77
|
+
// Shortcuts
|
|
78
|
+
var blockWords = block.words;
|
|
79
|
+
var blockWordsLength = blockWords.length;
|
|
80
|
+
|
|
81
|
+
// Iterations
|
|
82
|
+
var intermediate = block;
|
|
83
|
+
for (var i = 1; i < iterations; i++) {
|
|
84
|
+
intermediate = hmac.finalize(intermediate);
|
|
85
|
+
hmac.reset();
|
|
86
|
+
|
|
87
|
+
// Shortcut
|
|
88
|
+
var intermediateWords = intermediate.words;
|
|
89
|
+
|
|
90
|
+
// XOR intermediate with block
|
|
91
|
+
for (var j = 0; j < blockWordsLength; j++) {
|
|
92
|
+
blockWords[j] ^= intermediateWords[j];
|
|
93
|
+
}
|
|
94
|
+
}
|
|
95
|
+
|
|
96
|
+
derivedKey.concat(block);
|
|
97
|
+
blockIndexWords[0]++;
|
|
98
|
+
}
|
|
99
|
+
derivedKey.sigBytes = keySize * 4;
|
|
100
|
+
|
|
101
|
+
return derivedKey;
|
|
102
|
+
}
|
|
103
|
+
});
|
|
104
|
+
|
|
105
|
+
/**
|
|
106
|
+
* Computes the Password-Based Key Derivation Function 2.
|
|
107
|
+
*
|
|
108
|
+
* @param {WordArray|string} password The password.
|
|
109
|
+
* @param {WordArray|string} salt A salt.
|
|
110
|
+
* @param {Object} cfg (Optional) The configuration options to use for this computation.
|
|
111
|
+
*
|
|
112
|
+
* @return {WordArray} The derived key.
|
|
113
|
+
*
|
|
114
|
+
* @static
|
|
115
|
+
*
|
|
116
|
+
* @example
|
|
117
|
+
*
|
|
118
|
+
* var key = CryptoJS.PBKDF2(password, salt);
|
|
119
|
+
* var key = CryptoJS.PBKDF2(password, salt, { keySize: 8 });
|
|
120
|
+
* var key = CryptoJS.PBKDF2(password, salt, { keySize: 8, iterations: 1000 });
|
|
121
|
+
*/
|
|
122
|
+
C.PBKDF2 = function (password, salt, cfg) {
|
|
123
|
+
return PBKDF2.create(cfg).compute(password, salt);
|
|
124
|
+
};
|
|
125
|
+
}());
|
|
@@ -0,0 +1,170 @@
|
|
|
1
|
+
(function () {
|
|
2
|
+
// Shortcuts
|
|
3
|
+
var C = CryptoJS;
|
|
4
|
+
var C_lib = C.lib;
|
|
5
|
+
var StreamCipher = C_lib.StreamCipher;
|
|
6
|
+
var C_algo = C.algo;
|
|
7
|
+
|
|
8
|
+
// Reusable objects
|
|
9
|
+
var S = [];
|
|
10
|
+
var C_ = [];
|
|
11
|
+
var G = [];
|
|
12
|
+
|
|
13
|
+
/**
|
|
14
|
+
* Rabbit stream cipher algorithm.
|
|
15
|
+
*
|
|
16
|
+
* This is a legacy version that neglected to convert the key to little-endian.
|
|
17
|
+
* This error doesn't affect the cipher's security,
|
|
18
|
+
* but it does affect its compatibility with other implementations.
|
|
19
|
+
*/
|
|
20
|
+
var RabbitLegacy = C_algo.RabbitLegacy = StreamCipher.extend({
|
|
21
|
+
_doReset: function () {
|
|
22
|
+
// Shortcuts
|
|
23
|
+
var K = this._key.words;
|
|
24
|
+
var iv = this.cfg.iv;
|
|
25
|
+
|
|
26
|
+
// Generate initial state values
|
|
27
|
+
var X = this._X = [
|
|
28
|
+
K[0], (K[3] << 16) | (K[2] >>> 16),
|
|
29
|
+
K[1], (K[0] << 16) | (K[3] >>> 16),
|
|
30
|
+
K[2], (K[1] << 16) | (K[0] >>> 16),
|
|
31
|
+
K[3], (K[2] << 16) | (K[1] >>> 16)
|
|
32
|
+
];
|
|
33
|
+
|
|
34
|
+
// Generate initial counter values
|
|
35
|
+
var C = this._C = [
|
|
36
|
+
(K[2] << 16) | (K[2] >>> 16), (K[0] & 0xffff0000) | (K[1] & 0x0000ffff),
|
|
37
|
+
(K[3] << 16) | (K[3] >>> 16), (K[1] & 0xffff0000) | (K[2] & 0x0000ffff),
|
|
38
|
+
(K[0] << 16) | (K[0] >>> 16), (K[2] & 0xffff0000) | (K[3] & 0x0000ffff),
|
|
39
|
+
(K[1] << 16) | (K[1] >>> 16), (K[3] & 0xffff0000) | (K[0] & 0x0000ffff)
|
|
40
|
+
];
|
|
41
|
+
|
|
42
|
+
// Carry bit
|
|
43
|
+
this._b = 0;
|
|
44
|
+
|
|
45
|
+
// Iterate the system four times
|
|
46
|
+
for (var i = 0; i < 4; i++) {
|
|
47
|
+
nextState.call(this);
|
|
48
|
+
}
|
|
49
|
+
|
|
50
|
+
// Modify the counters
|
|
51
|
+
for (var i = 0; i < 8; i++) {
|
|
52
|
+
C[i] ^= X[(i + 4) & 7];
|
|
53
|
+
}
|
|
54
|
+
|
|
55
|
+
// IV setup
|
|
56
|
+
if (iv) {
|
|
57
|
+
// Shortcuts
|
|
58
|
+
var IV = iv.words;
|
|
59
|
+
var IV_0 = IV[0];
|
|
60
|
+
var IV_1 = IV[1];
|
|
61
|
+
|
|
62
|
+
// Generate four subvectors
|
|
63
|
+
var i0 = (((IV_0 << 8) | (IV_0 >>> 24)) & 0x00ff00ff) | (((IV_0 << 24) | (IV_0 >>> 8)) & 0xff00ff00);
|
|
64
|
+
var i2 = (((IV_1 << 8) | (IV_1 >>> 24)) & 0x00ff00ff) | (((IV_1 << 24) | (IV_1 >>> 8)) & 0xff00ff00);
|
|
65
|
+
var i1 = (i0 >>> 16) | (i2 & 0xffff0000);
|
|
66
|
+
var i3 = (i2 << 16) | (i0 & 0x0000ffff);
|
|
67
|
+
|
|
68
|
+
// Modify counter values
|
|
69
|
+
C[0] ^= i0;
|
|
70
|
+
C[1] ^= i1;
|
|
71
|
+
C[2] ^= i2;
|
|
72
|
+
C[3] ^= i3;
|
|
73
|
+
C[4] ^= i0;
|
|
74
|
+
C[5] ^= i1;
|
|
75
|
+
C[6] ^= i2;
|
|
76
|
+
C[7] ^= i3;
|
|
77
|
+
|
|
78
|
+
// Iterate the system four times
|
|
79
|
+
for (var i = 0; i < 4; i++) {
|
|
80
|
+
nextState.call(this);
|
|
81
|
+
}
|
|
82
|
+
}
|
|
83
|
+
},
|
|
84
|
+
|
|
85
|
+
_doProcessBlock: function (M, offset) {
|
|
86
|
+
// Shortcut
|
|
87
|
+
var X = this._X;
|
|
88
|
+
|
|
89
|
+
// Iterate the system
|
|
90
|
+
nextState.call(this);
|
|
91
|
+
|
|
92
|
+
// Generate four keystream words
|
|
93
|
+
S[0] = X[0] ^ (X[5] >>> 16) ^ (X[3] << 16);
|
|
94
|
+
S[1] = X[2] ^ (X[7] >>> 16) ^ (X[5] << 16);
|
|
95
|
+
S[2] = X[4] ^ (X[1] >>> 16) ^ (X[7] << 16);
|
|
96
|
+
S[3] = X[6] ^ (X[3] >>> 16) ^ (X[1] << 16);
|
|
97
|
+
|
|
98
|
+
for (var i = 0; i < 4; i++) {
|
|
99
|
+
// Swap endian
|
|
100
|
+
S[i] = (((S[i] << 8) | (S[i] >>> 24)) & 0x00ff00ff) |
|
|
101
|
+
(((S[i] << 24) | (S[i] >>> 8)) & 0xff00ff00);
|
|
102
|
+
|
|
103
|
+
// Encrypt
|
|
104
|
+
M[offset + i] ^= S[i];
|
|
105
|
+
}
|
|
106
|
+
},
|
|
107
|
+
|
|
108
|
+
blockSize: 128/32,
|
|
109
|
+
|
|
110
|
+
ivSize: 64/32
|
|
111
|
+
});
|
|
112
|
+
|
|
113
|
+
function nextState() {
|
|
114
|
+
// Shortcuts
|
|
115
|
+
var X = this._X;
|
|
116
|
+
var C = this._C;
|
|
117
|
+
|
|
118
|
+
// Save old counter values
|
|
119
|
+
for (var i = 0; i < 8; i++) {
|
|
120
|
+
C_[i] = C[i];
|
|
121
|
+
}
|
|
122
|
+
|
|
123
|
+
// Calculate new counter values
|
|
124
|
+
C[0] = (C[0] + 0x4d34d34d + this._b) | 0;
|
|
125
|
+
C[1] = (C[1] + 0xd34d34d3 + ((C[0] >>> 0) < (C_[0] >>> 0) ? 1 : 0)) | 0;
|
|
126
|
+
C[2] = (C[2] + 0x34d34d34 + ((C[1] >>> 0) < (C_[1] >>> 0) ? 1 : 0)) | 0;
|
|
127
|
+
C[3] = (C[3] + 0x4d34d34d + ((C[2] >>> 0) < (C_[2] >>> 0) ? 1 : 0)) | 0;
|
|
128
|
+
C[4] = (C[4] + 0xd34d34d3 + ((C[3] >>> 0) < (C_[3] >>> 0) ? 1 : 0)) | 0;
|
|
129
|
+
C[5] = (C[5] + 0x34d34d34 + ((C[4] >>> 0) < (C_[4] >>> 0) ? 1 : 0)) | 0;
|
|
130
|
+
C[6] = (C[6] + 0x4d34d34d + ((C[5] >>> 0) < (C_[5] >>> 0) ? 1 : 0)) | 0;
|
|
131
|
+
C[7] = (C[7] + 0xd34d34d3 + ((C[6] >>> 0) < (C_[6] >>> 0) ? 1 : 0)) | 0;
|
|
132
|
+
this._b = (C[7] >>> 0) < (C_[7] >>> 0) ? 1 : 0;
|
|
133
|
+
|
|
134
|
+
// Calculate the g-values
|
|
135
|
+
for (var i = 0; i < 8; i++) {
|
|
136
|
+
var gx = X[i] + C[i];
|
|
137
|
+
|
|
138
|
+
// Construct high and low argument for squaring
|
|
139
|
+
var ga = gx & 0xffff;
|
|
140
|
+
var gb = gx >>> 16;
|
|
141
|
+
|
|
142
|
+
// Calculate high and low result of squaring
|
|
143
|
+
var gh = ((((ga * ga) >>> 17) + ga * gb) >>> 15) + gb * gb;
|
|
144
|
+
var gl = (((gx & 0xffff0000) * gx) | 0) + (((gx & 0x0000ffff) * gx) | 0);
|
|
145
|
+
|
|
146
|
+
// High XOR low
|
|
147
|
+
G[i] = gh ^ gl;
|
|
148
|
+
}
|
|
149
|
+
|
|
150
|
+
// Calculate new state values
|
|
151
|
+
X[0] = (G[0] + ((G[7] << 16) | (G[7] >>> 16)) + ((G[6] << 16) | (G[6] >>> 16))) | 0;
|
|
152
|
+
X[1] = (G[1] + ((G[0] << 8) | (G[0] >>> 24)) + G[7]) | 0;
|
|
153
|
+
X[2] = (G[2] + ((G[1] << 16) | (G[1] >>> 16)) + ((G[0] << 16) | (G[0] >>> 16))) | 0;
|
|
154
|
+
X[3] = (G[3] + ((G[2] << 8) | (G[2] >>> 24)) + G[1]) | 0;
|
|
155
|
+
X[4] = (G[4] + ((G[3] << 16) | (G[3] >>> 16)) + ((G[2] << 16) | (G[2] >>> 16))) | 0;
|
|
156
|
+
X[5] = (G[5] + ((G[4] << 8) | (G[4] >>> 24)) + G[3]) | 0;
|
|
157
|
+
X[6] = (G[6] + ((G[5] << 16) | (G[5] >>> 16)) + ((G[4] << 16) | (G[4] >>> 16))) | 0;
|
|
158
|
+
X[7] = (G[7] + ((G[6] << 8) | (G[6] >>> 24)) + G[5]) | 0;
|
|
159
|
+
}
|
|
160
|
+
|
|
161
|
+
/**
|
|
162
|
+
* Shortcut functions to the cipher's object interface.
|
|
163
|
+
*
|
|
164
|
+
* @example
|
|
165
|
+
*
|
|
166
|
+
* var ciphertext = CryptoJS.RabbitLegacy.encrypt(message, key, cfg);
|
|
167
|
+
* var plaintext = CryptoJS.RabbitLegacy.decrypt(ciphertext, key, cfg);
|
|
168
|
+
*/
|
|
169
|
+
C.RabbitLegacy = StreamCipher._createHelper(RabbitLegacy);
|
|
170
|
+
}());
|
package/src/rabbit.js
ADDED
|
@@ -0,0 +1,172 @@
|
|
|
1
|
+
(function () {
|
|
2
|
+
// Shortcuts
|
|
3
|
+
var C = CryptoJS;
|
|
4
|
+
var C_lib = C.lib;
|
|
5
|
+
var StreamCipher = C_lib.StreamCipher;
|
|
6
|
+
var C_algo = C.algo;
|
|
7
|
+
|
|
8
|
+
// Reusable objects
|
|
9
|
+
var S = [];
|
|
10
|
+
var C_ = [];
|
|
11
|
+
var G = [];
|
|
12
|
+
|
|
13
|
+
/**
|
|
14
|
+
* Rabbit stream cipher algorithm
|
|
15
|
+
*/
|
|
16
|
+
var Rabbit = C_algo.Rabbit = StreamCipher.extend({
|
|
17
|
+
_doReset: function () {
|
|
18
|
+
// Shortcuts
|
|
19
|
+
var K = this._key.words;
|
|
20
|
+
var iv = this.cfg.iv;
|
|
21
|
+
|
|
22
|
+
// Swap endian
|
|
23
|
+
for (var i = 0; i < 4; i++) {
|
|
24
|
+
K[i] = (((K[i] << 8) | (K[i] >>> 24)) & 0x00ff00ff) |
|
|
25
|
+
(((K[i] << 24) | (K[i] >>> 8)) & 0xff00ff00);
|
|
26
|
+
}
|
|
27
|
+
|
|
28
|
+
// Generate initial state values
|
|
29
|
+
var X = this._X = [
|
|
30
|
+
K[0], (K[3] << 16) | (K[2] >>> 16),
|
|
31
|
+
K[1], (K[0] << 16) | (K[3] >>> 16),
|
|
32
|
+
K[2], (K[1] << 16) | (K[0] >>> 16),
|
|
33
|
+
K[3], (K[2] << 16) | (K[1] >>> 16)
|
|
34
|
+
];
|
|
35
|
+
|
|
36
|
+
// Generate initial counter values
|
|
37
|
+
var C = this._C = [
|
|
38
|
+
(K[2] << 16) | (K[2] >>> 16), (K[0] & 0xffff0000) | (K[1] & 0x0000ffff),
|
|
39
|
+
(K[3] << 16) | (K[3] >>> 16), (K[1] & 0xffff0000) | (K[2] & 0x0000ffff),
|
|
40
|
+
(K[0] << 16) | (K[0] >>> 16), (K[2] & 0xffff0000) | (K[3] & 0x0000ffff),
|
|
41
|
+
(K[1] << 16) | (K[1] >>> 16), (K[3] & 0xffff0000) | (K[0] & 0x0000ffff)
|
|
42
|
+
];
|
|
43
|
+
|
|
44
|
+
// Carry bit
|
|
45
|
+
this._b = 0;
|
|
46
|
+
|
|
47
|
+
// Iterate the system four times
|
|
48
|
+
for (var i = 0; i < 4; i++) {
|
|
49
|
+
nextState.call(this);
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
// Modify the counters
|
|
53
|
+
for (var i = 0; i < 8; i++) {
|
|
54
|
+
C[i] ^= X[(i + 4) & 7];
|
|
55
|
+
}
|
|
56
|
+
|
|
57
|
+
// IV setup
|
|
58
|
+
if (iv) {
|
|
59
|
+
// Shortcuts
|
|
60
|
+
var IV = iv.words;
|
|
61
|
+
var IV_0 = IV[0];
|
|
62
|
+
var IV_1 = IV[1];
|
|
63
|
+
|
|
64
|
+
// Generate four subvectors
|
|
65
|
+
var i0 = (((IV_0 << 8) | (IV_0 >>> 24)) & 0x00ff00ff) | (((IV_0 << 24) | (IV_0 >>> 8)) & 0xff00ff00);
|
|
66
|
+
var i2 = (((IV_1 << 8) | (IV_1 >>> 24)) & 0x00ff00ff) | (((IV_1 << 24) | (IV_1 >>> 8)) & 0xff00ff00);
|
|
67
|
+
var i1 = (i0 >>> 16) | (i2 & 0xffff0000);
|
|
68
|
+
var i3 = (i2 << 16) | (i0 & 0x0000ffff);
|
|
69
|
+
|
|
70
|
+
// Modify counter values
|
|
71
|
+
C[0] ^= i0;
|
|
72
|
+
C[1] ^= i1;
|
|
73
|
+
C[2] ^= i2;
|
|
74
|
+
C[3] ^= i3;
|
|
75
|
+
C[4] ^= i0;
|
|
76
|
+
C[5] ^= i1;
|
|
77
|
+
C[6] ^= i2;
|
|
78
|
+
C[7] ^= i3;
|
|
79
|
+
|
|
80
|
+
// Iterate the system four times
|
|
81
|
+
for (var i = 0; i < 4; i++) {
|
|
82
|
+
nextState.call(this);
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
},
|
|
86
|
+
|
|
87
|
+
_doProcessBlock: function (M, offset) {
|
|
88
|
+
// Shortcut
|
|
89
|
+
var X = this._X;
|
|
90
|
+
|
|
91
|
+
// Iterate the system
|
|
92
|
+
nextState.call(this);
|
|
93
|
+
|
|
94
|
+
// Generate four keystream words
|
|
95
|
+
S[0] = X[0] ^ (X[5] >>> 16) ^ (X[3] << 16);
|
|
96
|
+
S[1] = X[2] ^ (X[7] >>> 16) ^ (X[5] << 16);
|
|
97
|
+
S[2] = X[4] ^ (X[1] >>> 16) ^ (X[7] << 16);
|
|
98
|
+
S[3] = X[6] ^ (X[3] >>> 16) ^ (X[1] << 16);
|
|
99
|
+
|
|
100
|
+
for (var i = 0; i < 4; i++) {
|
|
101
|
+
// Swap endian
|
|
102
|
+
S[i] = (((S[i] << 8) | (S[i] >>> 24)) & 0x00ff00ff) |
|
|
103
|
+
(((S[i] << 24) | (S[i] >>> 8)) & 0xff00ff00);
|
|
104
|
+
|
|
105
|
+
// Encrypt
|
|
106
|
+
M[offset + i] ^= S[i];
|
|
107
|
+
}
|
|
108
|
+
},
|
|
109
|
+
|
|
110
|
+
blockSize: 128/32,
|
|
111
|
+
|
|
112
|
+
ivSize: 64/32
|
|
113
|
+
});
|
|
114
|
+
|
|
115
|
+
function nextState() {
|
|
116
|
+
// Shortcuts
|
|
117
|
+
var X = this._X;
|
|
118
|
+
var C = this._C;
|
|
119
|
+
|
|
120
|
+
// Save old counter values
|
|
121
|
+
for (var i = 0; i < 8; i++) {
|
|
122
|
+
C_[i] = C[i];
|
|
123
|
+
}
|
|
124
|
+
|
|
125
|
+
// Calculate new counter values
|
|
126
|
+
C[0] = (C[0] + 0x4d34d34d + this._b) | 0;
|
|
127
|
+
C[1] = (C[1] + 0xd34d34d3 + ((C[0] >>> 0) < (C_[0] >>> 0) ? 1 : 0)) | 0;
|
|
128
|
+
C[2] = (C[2] + 0x34d34d34 + ((C[1] >>> 0) < (C_[1] >>> 0) ? 1 : 0)) | 0;
|
|
129
|
+
C[3] = (C[3] + 0x4d34d34d + ((C[2] >>> 0) < (C_[2] >>> 0) ? 1 : 0)) | 0;
|
|
130
|
+
C[4] = (C[4] + 0xd34d34d3 + ((C[3] >>> 0) < (C_[3] >>> 0) ? 1 : 0)) | 0;
|
|
131
|
+
C[5] = (C[5] + 0x34d34d34 + ((C[4] >>> 0) < (C_[4] >>> 0) ? 1 : 0)) | 0;
|
|
132
|
+
C[6] = (C[6] + 0x4d34d34d + ((C[5] >>> 0) < (C_[5] >>> 0) ? 1 : 0)) | 0;
|
|
133
|
+
C[7] = (C[7] + 0xd34d34d3 + ((C[6] >>> 0) < (C_[6] >>> 0) ? 1 : 0)) | 0;
|
|
134
|
+
this._b = (C[7] >>> 0) < (C_[7] >>> 0) ? 1 : 0;
|
|
135
|
+
|
|
136
|
+
// Calculate the g-values
|
|
137
|
+
for (var i = 0; i < 8; i++) {
|
|
138
|
+
var gx = X[i] + C[i];
|
|
139
|
+
|
|
140
|
+
// Construct high and low argument for squaring
|
|
141
|
+
var ga = gx & 0xffff;
|
|
142
|
+
var gb = gx >>> 16;
|
|
143
|
+
|
|
144
|
+
// Calculate high and low result of squaring
|
|
145
|
+
var gh = ((((ga * ga) >>> 17) + ga * gb) >>> 15) + gb * gb;
|
|
146
|
+
var gl = (((gx & 0xffff0000) * gx) | 0) + (((gx & 0x0000ffff) * gx) | 0);
|
|
147
|
+
|
|
148
|
+
// High XOR low
|
|
149
|
+
G[i] = gh ^ gl;
|
|
150
|
+
}
|
|
151
|
+
|
|
152
|
+
// Calculate new state values
|
|
153
|
+
X[0] = (G[0] + ((G[7] << 16) | (G[7] >>> 16)) + ((G[6] << 16) | (G[6] >>> 16))) | 0;
|
|
154
|
+
X[1] = (G[1] + ((G[0] << 8) | (G[0] >>> 24)) + G[7]) | 0;
|
|
155
|
+
X[2] = (G[2] + ((G[1] << 16) | (G[1] >>> 16)) + ((G[0] << 16) | (G[0] >>> 16))) | 0;
|
|
156
|
+
X[3] = (G[3] + ((G[2] << 8) | (G[2] >>> 24)) + G[1]) | 0;
|
|
157
|
+
X[4] = (G[4] + ((G[3] << 16) | (G[3] >>> 16)) + ((G[2] << 16) | (G[2] >>> 16))) | 0;
|
|
158
|
+
X[5] = (G[5] + ((G[4] << 8) | (G[4] >>> 24)) + G[3]) | 0;
|
|
159
|
+
X[6] = (G[6] + ((G[5] << 16) | (G[5] >>> 16)) + ((G[4] << 16) | (G[4] >>> 16))) | 0;
|
|
160
|
+
X[7] = (G[7] + ((G[6] << 8) | (G[6] >>> 24)) + G[5]) | 0;
|
|
161
|
+
}
|
|
162
|
+
|
|
163
|
+
/**
|
|
164
|
+
* Shortcut functions to the cipher's object interface.
|
|
165
|
+
*
|
|
166
|
+
* @example
|
|
167
|
+
*
|
|
168
|
+
* var ciphertext = CryptoJS.Rabbit.encrypt(message, key, cfg);
|
|
169
|
+
* var plaintext = CryptoJS.Rabbit.decrypt(ciphertext, key, cfg);
|
|
170
|
+
*/
|
|
171
|
+
C.Rabbit = StreamCipher._createHelper(Rabbit);
|
|
172
|
+
}());
|
package/src/rc4.js
ADDED
|
@@ -0,0 +1,119 @@
|
|
|
1
|
+
(function () {
|
|
2
|
+
// Shortcuts
|
|
3
|
+
var C = CryptoJS;
|
|
4
|
+
var C_lib = C.lib;
|
|
5
|
+
var StreamCipher = C_lib.StreamCipher;
|
|
6
|
+
var C_algo = C.algo;
|
|
7
|
+
|
|
8
|
+
/**
|
|
9
|
+
* RC4 stream cipher algorithm.
|
|
10
|
+
*/
|
|
11
|
+
var RC4 = C_algo.RC4 = StreamCipher.extend({
|
|
12
|
+
_doReset: function () {
|
|
13
|
+
// Shortcuts
|
|
14
|
+
var key = this._key;
|
|
15
|
+
var keyWords = key.words;
|
|
16
|
+
var keySigBytes = key.sigBytes;
|
|
17
|
+
|
|
18
|
+
// Init sbox
|
|
19
|
+
var S = this._S = [];
|
|
20
|
+
for (var i = 0; i < 256; i++) {
|
|
21
|
+
S[i] = i;
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
// Key setup
|
|
25
|
+
for (var i = 0, j = 0; i < 256; i++) {
|
|
26
|
+
var keyByteIndex = i % keySigBytes;
|
|
27
|
+
var keyByte = (keyWords[keyByteIndex >>> 2] >>> (24 - (keyByteIndex % 4) * 8)) & 0xff;
|
|
28
|
+
|
|
29
|
+
j = (j + S[i] + keyByte) % 256;
|
|
30
|
+
|
|
31
|
+
// Swap
|
|
32
|
+
var t = S[i];
|
|
33
|
+
S[i] = S[j];
|
|
34
|
+
S[j] = t;
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
// Counters
|
|
38
|
+
this._i = this._j = 0;
|
|
39
|
+
},
|
|
40
|
+
|
|
41
|
+
_doProcessBlock: function (M, offset) {
|
|
42
|
+
M[offset] ^= generateKeystreamWord.call(this);
|
|
43
|
+
},
|
|
44
|
+
|
|
45
|
+
keySize: 256/32,
|
|
46
|
+
|
|
47
|
+
ivSize: 0
|
|
48
|
+
});
|
|
49
|
+
|
|
50
|
+
function generateKeystreamWord() {
|
|
51
|
+
// Shortcuts
|
|
52
|
+
var S = this._S;
|
|
53
|
+
var i = this._i;
|
|
54
|
+
var j = this._j;
|
|
55
|
+
|
|
56
|
+
// Generate keystream word
|
|
57
|
+
var keystreamWord = 0;
|
|
58
|
+
for (var n = 0; n < 4; n++) {
|
|
59
|
+
i = (i + 1) % 256;
|
|
60
|
+
j = (j + S[i]) % 256;
|
|
61
|
+
|
|
62
|
+
// Swap
|
|
63
|
+
var t = S[i];
|
|
64
|
+
S[i] = S[j];
|
|
65
|
+
S[j] = t;
|
|
66
|
+
|
|
67
|
+
keystreamWord |= S[(S[i] + S[j]) % 256] << (24 - n * 8);
|
|
68
|
+
}
|
|
69
|
+
|
|
70
|
+
// Update counters
|
|
71
|
+
this._i = i;
|
|
72
|
+
this._j = j;
|
|
73
|
+
|
|
74
|
+
return keystreamWord;
|
|
75
|
+
}
|
|
76
|
+
|
|
77
|
+
/**
|
|
78
|
+
* Shortcut functions to the cipher's object interface.
|
|
79
|
+
*
|
|
80
|
+
* @example
|
|
81
|
+
*
|
|
82
|
+
* var ciphertext = CryptoJS.RC4.encrypt(message, key, cfg);
|
|
83
|
+
* var plaintext = CryptoJS.RC4.decrypt(ciphertext, key, cfg);
|
|
84
|
+
*/
|
|
85
|
+
C.RC4 = StreamCipher._createHelper(RC4);
|
|
86
|
+
|
|
87
|
+
/**
|
|
88
|
+
* Modified RC4 stream cipher algorithm.
|
|
89
|
+
*/
|
|
90
|
+
var RC4Drop = C_algo.RC4Drop = RC4.extend({
|
|
91
|
+
/**
|
|
92
|
+
* Configuration options.
|
|
93
|
+
*
|
|
94
|
+
* @property {number} drop The number of keystream words to drop. Default 192
|
|
95
|
+
*/
|
|
96
|
+
cfg: RC4.cfg.extend({
|
|
97
|
+
drop: 192
|
|
98
|
+
}),
|
|
99
|
+
|
|
100
|
+
_doReset: function () {
|
|
101
|
+
RC4._doReset.call(this);
|
|
102
|
+
|
|
103
|
+
// Drop
|
|
104
|
+
for (var i = this.cfg.drop; i > 0; i--) {
|
|
105
|
+
generateKeystreamWord.call(this);
|
|
106
|
+
}
|
|
107
|
+
}
|
|
108
|
+
});
|
|
109
|
+
|
|
110
|
+
/**
|
|
111
|
+
* Shortcut functions to the cipher's object interface.
|
|
112
|
+
*
|
|
113
|
+
* @example
|
|
114
|
+
*
|
|
115
|
+
* var ciphertext = CryptoJS.RC4Drop.encrypt(message, key, cfg);
|
|
116
|
+
* var plaintext = CryptoJS.RC4Drop.decrypt(ciphertext, key, cfg);
|
|
117
|
+
*/
|
|
118
|
+
C.RC4Drop = StreamCipher._createHelper(RC4Drop);
|
|
119
|
+
}());
|