@cloudpss/crypto 0.5.24 → 0.5.25
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/benchmark.js +44 -0
- package/dist/encryption/browser.d.ts +3 -3
- package/dist/encryption/browser.js.map +1 -1
- package/dist/encryption/common.d.ts +45 -16
- package/dist/encryption/common.js +57 -9
- package/dist/encryption/common.js.map +1 -1
- package/dist/encryption/index.d.ts +4 -21
- package/dist/encryption/index.js +11 -63
- package/dist/encryption/index.js.map +1 -1
- package/dist/encryption/js/aes.d.ts +20 -0
- package/dist/encryption/js/aes.js +151 -0
- package/dist/encryption/js/aes.js.map +1 -0
- package/dist/encryption/js/gcm.d.ts +26 -0
- package/dist/encryption/js/gcm.js +226 -0
- package/dist/encryption/js/gcm.js.map +1 -0
- package/dist/encryption/module.d.ts +22 -0
- package/dist/encryption/module.js +62 -0
- package/dist/encryption/module.js.map +1 -0
- package/dist/encryption/node.d.ts +3 -3
- package/dist/encryption/node.js +19 -15
- package/dist/encryption/node.js.map +1 -1
- package/dist/encryption/pure-js.d.ts +3 -3
- package/dist/encryption/pure-js.js +70 -42
- package/dist/encryption/pure-js.js.map +1 -1
- package/dist/encryption/web.d.ts +3 -3
- package/dist/encryption/web.js +17 -15
- package/dist/encryption/web.js.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/package.json +7 -4
- package/src/encryption/browser.ts +3 -3
- package/src/encryption/common.ts +79 -16
- package/src/encryption/index.ts +12 -71
- package/src/encryption/js/aes.ts +191 -0
- package/src/encryption/js/gcm.ts +258 -0
- package/src/encryption/module.ts +94 -0
- package/src/encryption/node.ts +24 -15
- package/src/encryption/pure-js.ts +89 -46
- package/src/encryption/web.ts +24 -15
- package/src/index.ts +1 -1
- package/tests/encryption.js +126 -49
package/benchmark.js
ADDED
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
/* eslint-disable no-console */
|
|
2
|
+
import prettyBytes from 'pretty-bytes';
|
|
3
|
+
import files from '../../benchmark-files/index.js';
|
|
4
|
+
import { createModule } from './dist/encryption/module.js';
|
|
5
|
+
import * as js from './dist/encryption/pure-js.js';
|
|
6
|
+
import * as web from './dist/encryption/web.js';
|
|
7
|
+
import * as node from './dist/encryption/node.js';
|
|
8
|
+
|
|
9
|
+
const t = (/** @type {number} */ time) =>
|
|
10
|
+
Number.isFinite(time) ? (time.toFixed(2) + 'ms').padStart(10) : ' --------';
|
|
11
|
+
|
|
12
|
+
const pb = (/** @type {number} */ size) => prettyBytes(size, { binary: true });
|
|
13
|
+
|
|
14
|
+
/** 生成测试 */
|
|
15
|
+
function createTest(/** @type {string} */ name, { encrypt, decrypt }, /** @type {boolean} */ decompressOnly = false) {
|
|
16
|
+
/** 测试函数 */
|
|
17
|
+
async function fn(/** @type {Buffer} */ data) {
|
|
18
|
+
let start = performance.now();
|
|
19
|
+
const encrypted = await encrypt(data, 'pass').catch((e) => console.error(e.message));
|
|
20
|
+
const encryptTime = performance.now() - start;
|
|
21
|
+
start = performance.now();
|
|
22
|
+
const decrypted = await decrypt(encrypted, 'pass').catch((e) => console.error(e.message));
|
|
23
|
+
const decryptTime = performance.now() - start;
|
|
24
|
+
console.assert(data.equals(decrypted), name, `unmatched`);
|
|
25
|
+
return { encrypted, encryptTime, decryptTime };
|
|
26
|
+
}
|
|
27
|
+
Object.defineProperty(fn, 'name', { value: name });
|
|
28
|
+
return fn;
|
|
29
|
+
}
|
|
30
|
+
const tests = [
|
|
31
|
+
createTest('web', createModule(web)),
|
|
32
|
+
createTest('node', createModule(node)),
|
|
33
|
+
createTest('js', createModule(js)),
|
|
34
|
+
];
|
|
35
|
+
for await (const { file, data } of files()) {
|
|
36
|
+
console.log(`File: ${file} \tRaw: ${pb(data.length)}`);
|
|
37
|
+
for (const test of tests) {
|
|
38
|
+
const result = await test(data);
|
|
39
|
+
const diff = `+${result.encrypted.length - data.length}`;
|
|
40
|
+
console.log(
|
|
41
|
+
` ${test.name.padEnd(25)} ${diff.padStart(6)} ${t(result.encryptTime)} ${t(result.decryptTime)}`,
|
|
42
|
+
);
|
|
43
|
+
}
|
|
44
|
+
}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import type {
|
|
1
|
+
import type { EncryptedData, PlainData } from './common.js';
|
|
2
2
|
/** browser encrypt */
|
|
3
|
-
export declare function encrypt(data:
|
|
3
|
+
export declare function encrypt(data: PlainData, passphrase: string): Promise<EncryptedData>;
|
|
4
4
|
/** browser decrypt */
|
|
5
|
-
export declare function decrypt(data:
|
|
5
|
+
export declare function decrypt(data: EncryptedData, passphrase: string): Promise<PlainData>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"browser.js","sourceRoot":"","sources":["../../src/encryption/browser.ts"],"names":[],"mappings":"AAEA,4EAA4E;AAC5E,MAAM,MAAM,GAAG,GAAG,EAAE;IAChB,IACI,OAAO,MAAM,IAAI,QAAQ;QACzB,OAAO,MAAM,CAAC,eAAe,IAAI,UAAU;QAC3C,OAAO,MAAM,CAAC,MAAM,IAAI,QAAQ;QAChC,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,IAAI,UAAU;QAC5C,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,IAAI,UAAU;QAC5C,OAAO,MAAM,CAAC,MAAM,CAAC,OAAO,IAAI,UAAU;QAC1C,OAAO,MAAM,CAAC,MAAM,CAAC,OAAO,IAAI,UAAU,EAC5C,CAAC;QACC,OAAO,MAAM,CAAC,UAAU,CAAC,CAAC;IAC9B,CAAC;SAAM,CAAC;QACJ,OAAO,MAAM,CAAC,cAAc,CAAC,CAAC;IAClC,CAAC;AACL,CAAC,CAAC;AAEF,sBAAsB;AACtB,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,
|
|
1
|
+
{"version":3,"file":"browser.js","sourceRoot":"","sources":["../../src/encryption/browser.ts"],"names":[],"mappings":"AAEA,4EAA4E;AAC5E,MAAM,MAAM,GAAG,GAAG,EAAE;IAChB,IACI,OAAO,MAAM,IAAI,QAAQ;QACzB,OAAO,MAAM,CAAC,eAAe,IAAI,UAAU;QAC3C,OAAO,MAAM,CAAC,MAAM,IAAI,QAAQ;QAChC,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,IAAI,UAAU;QAC5C,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,IAAI,UAAU;QAC5C,OAAO,MAAM,CAAC,MAAM,CAAC,OAAO,IAAI,UAAU;QAC1C,OAAO,MAAM,CAAC,MAAM,CAAC,OAAO,IAAI,UAAU,EAC5C,CAAC;QACC,OAAO,MAAM,CAAC,UAAU,CAAC,CAAC;IAC9B,CAAC;SAAM,CAAC;QACJ,OAAO,MAAM,CAAC,cAAc,CAAC,CAAC;IAClC,CAAC;AACL,CAAC,CAAC;AAEF,sBAAsB;AACtB,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,IAAe,EAAE,UAAkB;IAC7D,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,MAAM,EAAE,CAAC;IACnC,OAAO,MAAM,OAAO,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;AAC3C,CAAC;AAED,sBAAsB;AACtB,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,IAAmB,EAAE,UAAkB;IACjE,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,MAAM,EAAE,CAAC;IACnC,OAAO,MAAM,OAAO,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;AAC3C,CAAC"}
|
|
@@ -1,21 +1,50 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* PBKDF2 迭代次数
|
|
3
|
-
*/
|
|
1
|
+
/** PBKDF2 迭代次数 */
|
|
4
2
|
export declare const PBKDF2_ITERATIONS = 100000;
|
|
5
|
-
/**
|
|
6
|
-
|
|
7
|
-
*/
|
|
8
|
-
export declare const
|
|
9
|
-
/**
|
|
10
|
-
export declare const
|
|
3
|
+
/** NONCE 长度(byte) */
|
|
4
|
+
export declare const NONCE_SIZE: number;
|
|
5
|
+
/** AAD 最大长度(byte) */
|
|
6
|
+
export declare const AAD_MAX_SIZE: number;
|
|
7
|
+
/** AAD 长度字段长度(byte) */
|
|
8
|
+
export declare const AAD_LEN_SIZE = 4;
|
|
9
|
+
/** AAD padding */
|
|
10
|
+
export declare const AAD_PADDING: number;
|
|
11
11
|
/** KEY 长度(byte) */
|
|
12
12
|
export declare const AES_KEY_SIZE: number;
|
|
13
|
-
/**
|
|
14
|
-
export
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
/**
|
|
18
|
-
|
|
19
|
-
/**
|
|
13
|
+
/** Auth tag 长度(byte) */
|
|
14
|
+
export declare const AES_TAG_SIZE: number;
|
|
15
|
+
/** 加密输入/解密结果 */
|
|
16
|
+
export interface PlainData {
|
|
17
|
+
/** 附加数据 */
|
|
18
|
+
aad?: Uint8Array;
|
|
19
|
+
/** 明文数据 */
|
|
20
20
|
data: Uint8Array;
|
|
21
21
|
}
|
|
22
|
+
/** 解密输入/加密结果 */
|
|
23
|
+
export interface EncryptedData {
|
|
24
|
+
/** NONCE */
|
|
25
|
+
nonce: Uint8Array;
|
|
26
|
+
/** 附加数据 */
|
|
27
|
+
aad?: Uint8Array;
|
|
28
|
+
/** 加密后的数据和 tag */
|
|
29
|
+
data: Uint8Array;
|
|
30
|
+
}
|
|
31
|
+
/**
|
|
32
|
+
* CloudPSS 数据加密
|
|
33
|
+
* - 密钥生成算法:PBKDF2-HMAC-SHA256,盐长度 96,迭代 100,000 次
|
|
34
|
+
* - 加密算法:AES-256-GCM,使用与密钥生成算法的盐作为 NONCE,TAG 长度 128
|
|
35
|
+
* - 附加数据:最大长度 0x7fff_ffff
|
|
36
|
+
*
|
|
37
|
+
* - 文件格式:
|
|
38
|
+
* - Magic Number: 0e 02 49 29 3f 07 7b 0a
|
|
39
|
+
* - Nonce: 96 bits
|
|
40
|
+
* - Length of AAD: 4 bytes
|
|
41
|
+
* - AAD (if exists)
|
|
42
|
+
* - Encrypted Data
|
|
43
|
+
* - Auth Tag: 128 bits
|
|
44
|
+
*/
|
|
45
|
+
/** CloudPSS 数据加密 */
|
|
46
|
+
export declare const MAGIC_NUMBER: Uint8Array;
|
|
47
|
+
/** 计算对齐后的长度 */
|
|
48
|
+
export declare function padding(size: number, padding: number): number;
|
|
49
|
+
/** 解析 CloudPSS 加密数据 */
|
|
50
|
+
export declare function parseEncrypted(data: BinaryData): EncryptedData | undefined;
|
|
@@ -1,13 +1,61 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
*/
|
|
1
|
+
import { toUint8Array } from '../utils.js';
|
|
2
|
+
/** PBKDF2 迭代次数 */
|
|
4
3
|
export const PBKDF2_ITERATIONS = 100_000;
|
|
5
|
-
/**
|
|
6
|
-
|
|
7
|
-
*/
|
|
8
|
-
export const
|
|
9
|
-
/**
|
|
10
|
-
export const
|
|
4
|
+
/** NONCE 长度(byte) */
|
|
5
|
+
export const NONCE_SIZE = 96 / 8;
|
|
6
|
+
/** AAD 最大长度(byte) */
|
|
7
|
+
export const AAD_MAX_SIZE = 1024 * 1024 * 1024; // 1GiB
|
|
8
|
+
/** AAD 长度字段长度(byte) */
|
|
9
|
+
export const AAD_LEN_SIZE = 4;
|
|
10
|
+
// 与 AES 一致对齐
|
|
11
|
+
/** AAD padding */
|
|
12
|
+
export const AAD_PADDING = 128 / 8;
|
|
11
13
|
/** KEY 长度(byte) */
|
|
12
14
|
export const AES_KEY_SIZE = 256 / 8;
|
|
15
|
+
/** Auth tag 长度(byte) */
|
|
16
|
+
export const AES_TAG_SIZE = 128 / 8;
|
|
17
|
+
/**
|
|
18
|
+
* CloudPSS 数据加密
|
|
19
|
+
* - 密钥生成算法:PBKDF2-HMAC-SHA256,盐长度 96,迭代 100,000 次
|
|
20
|
+
* - 加密算法:AES-256-GCM,使用与密钥生成算法的盐作为 NONCE,TAG 长度 128
|
|
21
|
+
* - 附加数据:最大长度 0x7fff_ffff
|
|
22
|
+
*
|
|
23
|
+
* - 文件格式:
|
|
24
|
+
* - Magic Number: 0e 02 49 29 3f 07 7b 0a
|
|
25
|
+
* - Nonce: 96 bits
|
|
26
|
+
* - Length of AAD: 4 bytes
|
|
27
|
+
* - AAD (if exists)
|
|
28
|
+
* - Encrypted Data
|
|
29
|
+
* - Auth Tag: 128 bits
|
|
30
|
+
*/
|
|
31
|
+
/** CloudPSS 数据加密 */
|
|
32
|
+
export const MAGIC_NUMBER = Uint8Array.from([0x0e, 0x02, 0x49, 0x29, 0x3f, 0x07, 0x7b, 0x0a]);
|
|
33
|
+
const MIN_ENCRYPTED_SIZE = MAGIC_NUMBER.length + NONCE_SIZE + AAD_LEN_SIZE + AES_TAG_SIZE;
|
|
34
|
+
/** 计算对齐后的长度 */
|
|
35
|
+
export function padding(size, padding) {
|
|
36
|
+
return (size + padding - 1) & ~(padding - 1);
|
|
37
|
+
}
|
|
38
|
+
/** 解析 CloudPSS 加密数据 */
|
|
39
|
+
export function parseEncrypted(data) {
|
|
40
|
+
const buffer = toUint8Array(data);
|
|
41
|
+
if (buffer.byteLength < MIN_ENCRYPTED_SIZE)
|
|
42
|
+
return undefined;
|
|
43
|
+
if (!MAGIC_NUMBER.every((v, i) => buffer[i] === v))
|
|
44
|
+
return undefined;
|
|
45
|
+
const nonce = buffer.subarray(MAGIC_NUMBER.length, MAGIC_NUMBER.length + NONCE_SIZE);
|
|
46
|
+
const aadSize = (buffer[MAGIC_NUMBER.length + NONCE_SIZE] << 24) |
|
|
47
|
+
(buffer[MAGIC_NUMBER.length + NONCE_SIZE + 1] << 16) |
|
|
48
|
+
(buffer[MAGIC_NUMBER.length + NONCE_SIZE + 2] << 8) |
|
|
49
|
+
buffer[MAGIC_NUMBER.length + NONCE_SIZE + 3];
|
|
50
|
+
if (aadSize > AAD_MAX_SIZE || aadSize < 0)
|
|
51
|
+
return undefined;
|
|
52
|
+
const paddingAadSize = padding(aadSize, AAD_PADDING);
|
|
53
|
+
if (buffer.byteLength < paddingAadSize + MIN_ENCRYPTED_SIZE)
|
|
54
|
+
return undefined;
|
|
55
|
+
const aad = aadSize
|
|
56
|
+
? buffer.subarray(MAGIC_NUMBER.length + NONCE_SIZE + AAD_LEN_SIZE, MAGIC_NUMBER.length + NONCE_SIZE + AAD_LEN_SIZE + aadSize)
|
|
57
|
+
: undefined;
|
|
58
|
+
const encrypted = buffer.subarray(MAGIC_NUMBER.length + NONCE_SIZE + AAD_LEN_SIZE + paddingAadSize);
|
|
59
|
+
return { nonce, aad, data: encrypted };
|
|
60
|
+
}
|
|
13
61
|
//# sourceMappingURL=common.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"common.js","sourceRoot":"","sources":["../../src/encryption/common.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"common.js","sourceRoot":"","sources":["../../src/encryption/common.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,kBAAkB;AAClB,MAAM,CAAC,MAAM,iBAAiB,GAAG,OAAO,CAAC;AACzC,qBAAqB;AACrB,MAAM,CAAC,MAAM,UAAU,GAAG,EAAE,GAAG,CAAC,CAAC;AACjC,qBAAqB;AACrB,MAAM,CAAC,MAAM,YAAY,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO;AACvD,uBAAuB;AACvB,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,CAAC;AAE9B,aAAa;AACb,kBAAkB;AAClB,MAAM,CAAC,MAAM,WAAW,GAAG,GAAG,GAAG,CAAC,CAAC;AACnC,mBAAmB;AACnB,MAAM,CAAC,MAAM,YAAY,GAAG,GAAG,GAAG,CAAC,CAAC;AACpC,wBAAwB;AACxB,MAAM,CAAC,MAAM,YAAY,GAAG,GAAG,GAAG,CAAC,CAAC;AAoBpC;;;;;;;;;;;;;GAaG;AAEH,oBAAoB;AACpB,MAAM,CAAC,MAAM,YAAY,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;AAE9F,MAAM,kBAAkB,GAAG,YAAY,CAAC,MAAM,GAAG,UAAU,GAAG,YAAY,GAAG,YAAY,CAAC;AAE1F,eAAe;AACf,MAAM,UAAU,OAAO,CAAC,IAAY,EAAE,OAAe;IACjD,OAAO,CAAC,IAAI,GAAG,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC;AACjD,CAAC;AAED,uBAAuB;AACvB,MAAM,UAAU,cAAc,CAAC,IAAgB;IAC3C,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IAClC,IAAI,MAAM,CAAC,UAAU,GAAG,kBAAkB;QAAE,OAAO,SAAS,CAAC;IAC7D,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAAE,OAAO,SAAS,CAAC;IACrE,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,MAAM,EAAE,YAAY,CAAC,MAAM,GAAG,UAAU,CAAC,CAAC;IACrF,MAAM,OAAO,GACT,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC;QAChD,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,UAAU,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QACpD,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,UAAU,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC;QACnD,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,UAAU,GAAG,CAAC,CAAC,CAAC;IACjD,IAAI,OAAO,GAAG,YAAY,IAAI,OAAO,GAAG,CAAC;QAAE,OAAO,SAAS,CAAC;IAC5D,MAAM,cAAc,GAAG,OAAO,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IACrD,IAAI,MAAM,CAAC,UAAU,GAAG,cAAc,GAAG,kBAAkB;QAAE,OAAO,SAAS,CAAC;IAC9E,MAAM,GAAG,GAAG,OAAO;QACf,CAAC,CAAC,MAAM,CAAC,QAAQ,CACX,YAAY,CAAC,MAAM,GAAG,UAAU,GAAG,YAAY,EAC/C,YAAY,CAAC,MAAM,GAAG,UAAU,GAAG,YAAY,GAAG,OAAO,CAC5D;QACH,CAAC,CAAC,SAAS,CAAC;IAChB,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,MAAM,GAAG,UAAU,GAAG,YAAY,GAAG,cAAc,CAAC,CAAC;IACpG,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;AAC3C,CAAC"}
|
|
@@ -1,26 +1,9 @@
|
|
|
1
|
-
|
|
2
|
-
* CloudPSS 数据加密
|
|
3
|
-
* - 密钥生成算法:PBKDF2-HMAC-SHA256,盐长度 128,迭代 100,000 次
|
|
4
|
-
* - 加密算法:AES-256-CBC
|
|
5
|
-
*
|
|
6
|
-
* - 文件格式:
|
|
7
|
-
* - Magic Number: 0e 02 49 29 3f 07 7b 0a
|
|
8
|
-
* - Salt: 128 bits
|
|
9
|
-
* - IV: 128 bits
|
|
10
|
-
* - Encrypted Data
|
|
11
|
-
*/
|
|
12
|
-
/** CloudPSS 数据加密 */
|
|
13
|
-
export declare const MAGIC_NUMBER: Uint8Array;
|
|
1
|
+
export { MAGIC_NUMBER } from './common.js';
|
|
14
2
|
/** 检查是否为 CloudPSS 加密数据 */
|
|
15
3
|
export declare function isEncrypted(data: BinaryData): boolean;
|
|
16
4
|
/**
|
|
17
|
-
*
|
|
18
|
-
* @throws {TypeError} 如果密码无效
|
|
19
|
-
*/
|
|
20
|
-
export declare function encrypt(data: BinaryData, passphrase: string): Promise<Uint8Array>;
|
|
21
|
-
/**
|
|
22
|
-
* 解密数据
|
|
5
|
+
* 从加密数据中提取附加数据
|
|
23
6
|
* @throws {TypeError} 如果数据不是有效的加密数据
|
|
24
|
-
* @throws {TypeError} 如果密码无效
|
|
25
7
|
*/
|
|
26
|
-
export declare function
|
|
8
|
+
export declare function extractAad(data: BinaryData): Uint8Array | undefined;
|
|
9
|
+
export declare const encrypt: (data: BinaryData, passphrase: string) => Promise<Uint8Array>, decrypt: (data: BinaryData, passphrase: string) => Promise<Uint8Array>, encryptAad: (data: BinaryData, aad: BinaryData | undefined, passphrase: string) => Promise<Uint8Array>;
|
package/dist/encryption/index.js
CHANGED
|
@@ -1,74 +1,22 @@
|
|
|
1
1
|
import * as impl from '#encryption';
|
|
2
|
-
import {
|
|
3
|
-
import {
|
|
4
|
-
|
|
5
|
-
* CloudPSS 数据加密
|
|
6
|
-
* - 密钥生成算法:PBKDF2-HMAC-SHA256,盐长度 128,迭代 100,000 次
|
|
7
|
-
* - 加密算法:AES-256-CBC
|
|
8
|
-
*
|
|
9
|
-
* - 文件格式:
|
|
10
|
-
* - Magic Number: 0e 02 49 29 3f 07 7b 0a
|
|
11
|
-
* - Salt: 128 bits
|
|
12
|
-
* - IV: 128 bits
|
|
13
|
-
* - Encrypted Data
|
|
14
|
-
*/
|
|
15
|
-
/** CloudPSS 数据加密 */
|
|
16
|
-
export const MAGIC_NUMBER = Uint8Array.from([0x0e, 0x02, 0x49, 0x29, 0x3f, 0x07, 0x7b, 0x0a]);
|
|
17
|
-
/** 检查是否为 CloudPSS 加密数据 */
|
|
18
|
-
function isEncryptedImpl(data) {
|
|
19
|
-
return (data.length > MAGIC_NUMBER.length + PBKDF2_SALT_SIZE + AES_IV_SIZE &&
|
|
20
|
-
MAGIC_NUMBER.every((v, i) => data[i] === v));
|
|
21
|
-
}
|
|
2
|
+
import { parseEncrypted } from './common.js';
|
|
3
|
+
import { createModule } from './module.js';
|
|
4
|
+
export { MAGIC_NUMBER } from './common.js';
|
|
22
5
|
/** 检查是否为 CloudPSS 加密数据 */
|
|
23
6
|
export function isEncrypted(data) {
|
|
24
|
-
|
|
25
|
-
return isEncryptedImpl(buffer);
|
|
26
|
-
}
|
|
27
|
-
/** 检查密码 */
|
|
28
|
-
function assertPassphrase(passphrase) {
|
|
29
|
-
if (typeof passphrase !== 'string') {
|
|
30
|
-
throw new TypeError('Invalid passphrase, must be a string');
|
|
31
|
-
}
|
|
32
|
-
if (passphrase.length === 0) {
|
|
33
|
-
throw new TypeError('Invalid passphrase, must not be empty');
|
|
34
|
-
}
|
|
35
|
-
}
|
|
36
|
-
/**
|
|
37
|
-
* 加密数据
|
|
38
|
-
* @throws {TypeError} 如果密码无效
|
|
39
|
-
*/
|
|
40
|
-
export async function encrypt(data, passphrase) {
|
|
41
|
-
assertPassphrase(passphrase);
|
|
42
|
-
const buffer = toUint8Array(data);
|
|
43
|
-
const encrypted = await impl.encrypt(buffer, passphrase);
|
|
44
|
-
const result = new Uint8Array(MAGIC_NUMBER.length + PBKDF2_SALT_SIZE + AES_IV_SIZE + encrypted.data.length);
|
|
45
|
-
result.set(MAGIC_NUMBER);
|
|
46
|
-
result.set(encrypted.salt, MAGIC_NUMBER.length);
|
|
47
|
-
result.set(encrypted.iv, MAGIC_NUMBER.length + PBKDF2_SALT_SIZE);
|
|
48
|
-
result.set(encrypted.data, MAGIC_NUMBER.length + PBKDF2_SALT_SIZE + AES_IV_SIZE);
|
|
49
|
-
return result;
|
|
7
|
+
return parseEncrypted(data) != null;
|
|
50
8
|
}
|
|
51
9
|
/**
|
|
52
|
-
*
|
|
10
|
+
* 从加密数据中提取附加数据
|
|
53
11
|
* @throws {TypeError} 如果数据不是有效的加密数据
|
|
54
|
-
* @throws {TypeError} 如果密码无效
|
|
55
12
|
*/
|
|
56
|
-
export
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
if (!isEncryptedImpl(buffer)) {
|
|
13
|
+
export function extractAad(data) {
|
|
14
|
+
const encrypted = parseEncrypted(data);
|
|
15
|
+
if (encrypted == null) {
|
|
60
16
|
throw new TypeError('Invalid encrypted data');
|
|
61
17
|
}
|
|
62
|
-
|
|
63
|
-
salt: buffer.subarray(MAGIC_NUMBER.length, MAGIC_NUMBER.length + PBKDF2_SALT_SIZE),
|
|
64
|
-
iv: buffer.subarray(MAGIC_NUMBER.length + PBKDF2_SALT_SIZE, MAGIC_NUMBER.length + PBKDF2_SALT_SIZE + AES_IV_SIZE),
|
|
65
|
-
data: buffer.subarray(MAGIC_NUMBER.length + PBKDF2_SALT_SIZE + AES_IV_SIZE),
|
|
66
|
-
};
|
|
67
|
-
try {
|
|
68
|
-
return await impl.decrypt(encrypted, passphrase);
|
|
69
|
-
}
|
|
70
|
-
catch (ex) {
|
|
71
|
-
throw new Error('Wrong passphrase', { cause: ex });
|
|
72
|
-
}
|
|
18
|
+
return encrypted.aad;
|
|
73
19
|
}
|
|
20
|
+
// eslint-disable-next-line @typescript-eslint/unbound-method
|
|
21
|
+
export const { encrypt, decrypt, encryptAad } = createModule(impl);
|
|
74
22
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/encryption/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,aAAa,CAAC;AACpC,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/encryption/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,aAAa,CAAC;AACpC,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,0BAA0B;AAC1B,MAAM,UAAU,WAAW,CAAC,IAAgB;IACxC,OAAO,cAAc,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC;AACxC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,UAAU,CAAC,IAAgB;IACvC,MAAM,SAAS,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IACvC,IAAI,SAAS,IAAI,IAAI,EAAE,CAAC;QACpB,MAAM,IAAI,SAAS,CAAC,wBAAwB,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,SAAS,CAAC,GAAG,CAAC;AACzB,CAAC;AAED,6DAA6D;AAC7D,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
/** AES 算法 */
|
|
2
|
+
export declare class AES {
|
|
3
|
+
/** 加密密钥 */
|
|
4
|
+
private readonly encKey;
|
|
5
|
+
/** 解密密钥 */
|
|
6
|
+
private readonly decKey;
|
|
7
|
+
constructor(key: Uint32Array);
|
|
8
|
+
/**
|
|
9
|
+
* Encryption and decryption core.
|
|
10
|
+
*/
|
|
11
|
+
private crypt;
|
|
12
|
+
/**
|
|
13
|
+
* Encrypt a block of plain text.
|
|
14
|
+
*/
|
|
15
|
+
encrypt(input: Uint32Array, inputOffset: number, output: Uint32Array, outputOffset: number): void;
|
|
16
|
+
/**
|
|
17
|
+
* Decrypt a block of cipher text.
|
|
18
|
+
*/
|
|
19
|
+
decrypt(input: Uint32Array, inputOffset: number, output: Uint32Array, outputOffset: number): void;
|
|
20
|
+
}
|
|
@@ -0,0 +1,151 @@
|
|
|
1
|
+
/** Compute AES S-box Tables */
|
|
2
|
+
function createSBox() {
|
|
3
|
+
const encTable = [
|
|
4
|
+
new Uint32Array(256),
|
|
5
|
+
new Uint32Array(256),
|
|
6
|
+
new Uint32Array(256),
|
|
7
|
+
new Uint32Array(256),
|
|
8
|
+
new Uint8Array(256),
|
|
9
|
+
];
|
|
10
|
+
const decTable = [
|
|
11
|
+
new Uint32Array(256),
|
|
12
|
+
new Uint32Array(256),
|
|
13
|
+
new Uint32Array(256),
|
|
14
|
+
new Uint32Array(256),
|
|
15
|
+
new Uint8Array(256),
|
|
16
|
+
];
|
|
17
|
+
const sbox = encTable[4];
|
|
18
|
+
const sboxInv = decTable[4];
|
|
19
|
+
const d = new Uint8Array(256);
|
|
20
|
+
const th = new Uint8Array(256);
|
|
21
|
+
// Compute double and third tables
|
|
22
|
+
for (let i = 0; i < 256; i++) {
|
|
23
|
+
d[i] = (i << 1) ^ ((i >> 7) * 283);
|
|
24
|
+
th[d[i] ^ i] = i;
|
|
25
|
+
}
|
|
26
|
+
let x = 0, xInv = 0, x2 = 0, x4 = 0, x8 = 0;
|
|
27
|
+
for (; !sbox[x]; x ^= x2 || 1, xInv = th[xInv] || 1) {
|
|
28
|
+
// Compute sbox
|
|
29
|
+
let s = xInv ^ (xInv << 1) ^ (xInv << 2) ^ (xInv << 3) ^ (xInv << 4);
|
|
30
|
+
s = (s >> 8) ^ (s & 255) ^ 99;
|
|
31
|
+
sbox[x] = s;
|
|
32
|
+
sboxInv[s] = x;
|
|
33
|
+
// Compute MixColumns
|
|
34
|
+
x8 = d[(x4 = d[(x2 = d[x])])];
|
|
35
|
+
let tDec = (x8 * 0x101_0101) ^ (x4 * 0x1_0001) ^ (x2 * 0x101) ^ (x * 0x101_0100);
|
|
36
|
+
let tEnc = (d[s] * 0x101) ^ (s * 0x101_0100);
|
|
37
|
+
for (let i = 0; i < 4; i++) {
|
|
38
|
+
encTable[i][x] = tEnc = (tEnc << 24) ^ (tEnc >>> 8);
|
|
39
|
+
decTable[i][s] = tDec = (tDec << 24) ^ (tDec >>> 8);
|
|
40
|
+
}
|
|
41
|
+
}
|
|
42
|
+
return [encTable, decTable];
|
|
43
|
+
}
|
|
44
|
+
let encryptTable;
|
|
45
|
+
let decryptTable;
|
|
46
|
+
/** 初始化 */
|
|
47
|
+
function init() {
|
|
48
|
+
if (!encryptTable) {
|
|
49
|
+
[encryptTable, decryptTable] = createSBox();
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
/** AES 算法 */
|
|
53
|
+
export class AES {
|
|
54
|
+
/** 加密密钥 */
|
|
55
|
+
encKey;
|
|
56
|
+
/** 解密密钥 */
|
|
57
|
+
decKey;
|
|
58
|
+
constructor(key) {
|
|
59
|
+
if (key.length !== 4 && key.length !== 6 && key.length !== 8) {
|
|
60
|
+
throw new TypeError('Invalid aes key length');
|
|
61
|
+
}
|
|
62
|
+
init();
|
|
63
|
+
const sbox = encryptTable[4], decTable = decryptTable, keyLen = key.length, rKeyLen = 4 * key.length + 28;
|
|
64
|
+
this.encKey = new Uint32Array(rKeyLen);
|
|
65
|
+
this.decKey = new Uint32Array(rKeyLen);
|
|
66
|
+
const { encKey, decKey } = this;
|
|
67
|
+
encKey.set(key);
|
|
68
|
+
// schedule encryption keys
|
|
69
|
+
let rcon = 1;
|
|
70
|
+
for (let i = keyLen; i < rKeyLen; i++) {
|
|
71
|
+
let tmp = this.encKey[i - 1];
|
|
72
|
+
// apply sbox
|
|
73
|
+
if (i % keyLen === 0 || (keyLen === 8 && i % keyLen === 4)) {
|
|
74
|
+
tmp =
|
|
75
|
+
(sbox[tmp >>> 24] << 24) ^
|
|
76
|
+
(sbox[(tmp >> 16) & 255] << 16) ^
|
|
77
|
+
(sbox[(tmp >> 8) & 255] << 8) ^
|
|
78
|
+
sbox[tmp & 255];
|
|
79
|
+
// shift rows and add rcon
|
|
80
|
+
if (i % keyLen === 0) {
|
|
81
|
+
tmp = (tmp << 8) ^ (tmp >>> 24) ^ (rcon << 24);
|
|
82
|
+
rcon = (rcon << 1) ^ ((rcon >> 7) * 283);
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
encKey[i] = encKey[i - keyLen] ^ tmp;
|
|
86
|
+
}
|
|
87
|
+
// schedule decryption keys
|
|
88
|
+
for (let i = rKeyLen, j = 0; i; j++, i--) {
|
|
89
|
+
const tmp = encKey[j & 3 ? i : i - 4];
|
|
90
|
+
if (i <= 4 || j < 4) {
|
|
91
|
+
decKey[j] = tmp;
|
|
92
|
+
}
|
|
93
|
+
else {
|
|
94
|
+
decKey[j] =
|
|
95
|
+
decTable[0][sbox[tmp >>> 24]] ^
|
|
96
|
+
decTable[1][sbox[(tmp >> 16) & 255]] ^
|
|
97
|
+
decTable[2][sbox[(tmp >> 8) & 255]] ^
|
|
98
|
+
decTable[3][sbox[tmp & 255]];
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
}
|
|
102
|
+
/**
|
|
103
|
+
* Encryption and decryption core.
|
|
104
|
+
*/
|
|
105
|
+
crypt(input, inputOffset, output, outputOffset, decrypt) {
|
|
106
|
+
const key = decrypt ? this.decKey : this.encKey;
|
|
107
|
+
const [t0, t1, t2, t3, sbox] = decrypt ? decryptTable : encryptTable;
|
|
108
|
+
// state variables a,b,c,d are loaded with pre-whitened data
|
|
109
|
+
let a = input[inputOffset] ^ key[0], b = input[inputOffset + (decrypt ? 3 : 1)] ^ key[1], c = input[inputOffset + 2] ^ key[2], d = input[inputOffset + (decrypt ? 1 : 3)] ^ key[3];
|
|
110
|
+
let kIndex = 4;
|
|
111
|
+
// Inner rounds. Cribbed from OpenSSL.
|
|
112
|
+
const nInnerRounds = key.length / 4 - 2;
|
|
113
|
+
for (let i = 0; i < nInnerRounds; i++) {
|
|
114
|
+
const a2 = t0[a >>> 24] ^ t1[(b >> 16) & 255] ^ t2[(c >> 8) & 255] ^ t3[d & 255] ^ key[kIndex];
|
|
115
|
+
const b2 = t0[b >>> 24] ^ t1[(c >> 16) & 255] ^ t2[(d >> 8) & 255] ^ t3[a & 255] ^ key[kIndex + 1];
|
|
116
|
+
const c2 = t0[c >>> 24] ^ t1[(d >> 16) & 255] ^ t2[(a >> 8) & 255] ^ t3[b & 255] ^ key[kIndex + 2];
|
|
117
|
+
d = t0[d >>> 24] ^ t1[(a >> 16) & 255] ^ t2[(b >> 8) & 255] ^ t3[c & 255] ^ key[kIndex + 3];
|
|
118
|
+
a = a2;
|
|
119
|
+
b = b2;
|
|
120
|
+
c = c2;
|
|
121
|
+
kIndex += 4;
|
|
122
|
+
}
|
|
123
|
+
// Last round.
|
|
124
|
+
for (let i = 0; i < 4; i++) {
|
|
125
|
+
output[outputOffset + (decrypt ? 3 & -i : i)] =
|
|
126
|
+
(sbox[a >>> 24] << 24) ^
|
|
127
|
+
(sbox[(b >> 16) & 255] << 16) ^
|
|
128
|
+
(sbox[(c >> 8) & 255] << 8) ^
|
|
129
|
+
sbox[d & 255] ^
|
|
130
|
+
key[kIndex++];
|
|
131
|
+
const a2 = a;
|
|
132
|
+
a = b;
|
|
133
|
+
b = c;
|
|
134
|
+
c = d;
|
|
135
|
+
d = a2;
|
|
136
|
+
}
|
|
137
|
+
}
|
|
138
|
+
/**
|
|
139
|
+
* Encrypt a block of plain text.
|
|
140
|
+
*/
|
|
141
|
+
encrypt(input, inputOffset, output, outputOffset) {
|
|
142
|
+
return this.crypt(input, inputOffset, output, outputOffset, false);
|
|
143
|
+
}
|
|
144
|
+
/**
|
|
145
|
+
* Decrypt a block of cipher text.
|
|
146
|
+
*/
|
|
147
|
+
decrypt(input, inputOffset, output, outputOffset) {
|
|
148
|
+
return this.crypt(input, inputOffset, output, outputOffset, true);
|
|
149
|
+
}
|
|
150
|
+
}
|
|
151
|
+
//# sourceMappingURL=aes.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"aes.js","sourceRoot":"","sources":["../../../src/encryption/js/aes.ts"],"names":[],"mappings":"AAGA,+BAA+B;AAC/B,SAAS,UAAU;IACf,MAAM,QAAQ,GAAc;QACxB,IAAI,WAAW,CAAC,GAAG,CAAC;QACpB,IAAI,WAAW,CAAC,GAAG,CAAC;QACpB,IAAI,WAAW,CAAC,GAAG,CAAC;QACpB,IAAI,WAAW,CAAC,GAAG,CAAC;QACpB,IAAI,UAAU,CAAC,GAAG,CAAC;KACtB,CAAC;IACF,MAAM,QAAQ,GAAc;QACxB,IAAI,WAAW,CAAC,GAAG,CAAC;QACpB,IAAI,WAAW,CAAC,GAAG,CAAC;QACpB,IAAI,WAAW,CAAC,GAAG,CAAC;QACpB,IAAI,WAAW,CAAC,GAAG,CAAC;QACpB,IAAI,UAAU,CAAC,GAAG,CAAC;KACtB,CAAC;IAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAE5B,MAAM,CAAC,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;IAC9B,MAAM,EAAE,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;IAE/B,kCAAkC;IAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3B,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC;QACnC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;IACrB,CAAC;IAED,IAAI,CAAC,GAAG,CAAC,EACL,IAAI,GAAG,CAAC,EACR,EAAE,GAAG,CAAC,EACN,EAAE,GAAG,CAAC,EACN,EAAE,GAAG,CAAC,CAAC;IACX,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAClD,eAAe;QACf,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC;QACrE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,EAAE,CAAC;QAC9B,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACZ,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QAEf,qBAAqB;QACrB,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9B,IAAI,IAAI,GAAG,CAAC,EAAE,GAAG,UAAU,CAAC,GAAG,CAAC,EAAE,GAAG,QAAQ,CAAC,GAAG,CAAC,EAAE,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC;QACjF,IAAI,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC;QAE7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YACzB,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC;YACpD,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC;QACxD,CAAC;IACL,CAAC;IAED,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;AAChC,CAAC;AAED,IAAI,YAAuB,CAAC;AAC5B,IAAI,YAAuB,CAAC;AAC5B,UAAU;AACV,SAAS,IAAI;IACT,IAAI,CAAC,YAAY,EAAE,CAAC;QAChB,CAAC,YAAY,EAAE,YAAY,CAAC,GAAG,UAAU,EAAE,CAAC;IAChD,CAAC;AACL,CAAC;AACD,aAAa;AACb,MAAM,OAAO,GAAG;IACZ,WAAW;IACM,MAAM,CAAc;IACrC,WAAW;IACM,MAAM,CAAc;IACrC,YAAY,GAAgB;QACxB,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3D,MAAM,IAAI,SAAS,CAAC,wBAAwB,CAAC,CAAC;QAClD,CAAC;QACD,IAAI,EAAE,CAAC;QAEP,MAAM,IAAI,GAAG,YAAY,CAAC,CAAC,CAAC,EACxB,QAAQ,GAAG,YAAY,EACvB,MAAM,GAAG,GAAG,CAAC,MAAM,EACnB,OAAO,GAAG,CAAC,GAAG,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC;QAElC,IAAI,CAAC,MAAM,GAAG,IAAI,WAAW,CAAC,OAAO,CAAC,CAAC;QACvC,IAAI,CAAC,MAAM,GAAG,IAAI,WAAW,CAAC,OAAO,CAAC,CAAC;QACvC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;QAEhC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAEhB,2BAA2B;QAC3B,IAAI,IAAI,GAAG,CAAC,CAAC;QACb,KAAK,IAAI,CAAC,GAAG,MAAM,EAAE,CAAC,GAAG,OAAO,EAAE,CAAC,EAAE,EAAE,CAAC;YACpC,IAAI,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAE7B,aAAa;YACb,IAAI,CAAC,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,GAAG,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;gBACzD,GAAG;oBACC,CAAC,IAAI,CAAC,GAAG,KAAK,EAAE,CAAC,IAAI,EAAE,CAAC;wBACxB,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,EAAE,CAAC,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;wBAC/B,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC;wBAC7B,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC;gBAEpB,0BAA0B;gBAC1B,IAAI,CAAC,GAAG,MAAM,KAAK,CAAC,EAAE,CAAC;oBACnB,GAAG,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,GAAG,KAAK,EAAE,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;oBAC/C,IAAI,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC;gBAC7C,CAAC;YACL,CAAC;YAED,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,GAAG,MAAM,CAAC,GAAG,GAAG,CAAC;QACzC,CAAC;QAED,2BAA2B;QAC3B,KAAK,IAAI,CAAC,GAAG,OAAO,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;YACvC,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBAClB,MAAM,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;YACpB,CAAC;iBAAM,CAAC;gBACJ,MAAM,CAAC,CAAC,CAAC;oBACL,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,KAAK,EAAE,CAAC,CAAC;wBAC7B,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC;wBACpC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC;wBACnC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC;YACrC,CAAC;QACL,CAAC;IACL,CAAC;IAED;;OAEG;IACK,KAAK,CACT,KAAkB,EAClB,WAAmB,EACnB,MAAmB,EACnB,YAAoB,EACpB,OAAgB;QAEhB,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC;QAChD,MAAM,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC;QAErE,4DAA4D;QAC5D,IAAI,CAAC,GAAG,KAAK,CAAC,WAAW,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,EAC/B,CAAC,GAAG,KAAK,CAAC,WAAW,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,EACnD,CAAC,GAAG,KAAK,CAAC,WAAW,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,EACnC,CAAC,GAAG,KAAK,CAAC,WAAW,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;QAExD,IAAI,MAAM,GAAG,CAAC,CAAC;QAEf,uCAAuC;QACvC,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,GAAG,CAAC,GAAG,CAAC,CAAC;QACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,EAAE,CAAC,EAAE,EAAE,CAAC;YACpC,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC;YAC/F,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YACnG,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YACnG,CAAC,GAAG,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YAC5F,CAAC,GAAG,EAAE,CAAC;YACP,CAAC,GAAG,EAAE,CAAC;YACP,CAAC,GAAG,EAAE,CAAC;YACP,MAAM,IAAI,CAAC,CAAC;QAChB,CAAC;QAED,cAAc;QACd,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YACzB,MAAM,CAAC,YAAY,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACzC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAC;oBACtB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;oBAC7B,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC;oBAC3B,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC;oBACb,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;YAClB,MAAM,EAAE,GAAG,CAAC,CAAC;YACb,CAAC,GAAG,CAAC,CAAC;YACN,CAAC,GAAG,CAAC,CAAC;YACN,CAAC,GAAG,CAAC,CAAC;YACN,CAAC,GAAG,EAAE,CAAC;QACX,CAAC;IACL,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,KAAkB,EAAE,WAAmB,EAAE,MAAmB,EAAE,YAAoB;QACtF,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,YAAY,EAAE,KAAK,CAAC,CAAC;IACvE,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,KAAkB,EAAE,WAAmB,EAAE,MAAmB,EAAE,YAAoB;QACtF,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,YAAY,EAAE,IAAI,CAAC,CAAC;IACtE,CAAC;CACJ"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
import { AES } from './aes.js';
|
|
2
|
+
/** GCM (Galois/Counter Mode) */
|
|
3
|
+
export declare class GCM {
|
|
4
|
+
readonly cipher: AES;
|
|
5
|
+
readonly iv: Uint8Array;
|
|
6
|
+
readonly tagLength: number;
|
|
7
|
+
readonly aad: Uint8Array;
|
|
8
|
+
constructor(cipher: AES, iv: Uint8Array, tagLength?: number, aad?: Uint8Array);
|
|
9
|
+
/** Convert a Uint8Array to a Uint32Array */
|
|
10
|
+
private toUint32Array;
|
|
11
|
+
/** Convert a Uint32Array to a Uint8Array */
|
|
12
|
+
private toUint8Array;
|
|
13
|
+
/** Set out of range bytes to 0 */
|
|
14
|
+
private clamp;
|
|
15
|
+
private readonly H;
|
|
16
|
+
/** Compute the galois multiplication of X and Y */
|
|
17
|
+
private galoisMultiply;
|
|
18
|
+
/** Ghash */
|
|
19
|
+
private ghash;
|
|
20
|
+
/** GCM CTR mode. */
|
|
21
|
+
private ctr;
|
|
22
|
+
/** 加密 */
|
|
23
|
+
encrypt(data: Uint8Array): Uint8Array;
|
|
24
|
+
/** 解密 */
|
|
25
|
+
decrypt(data: Uint8Array): Uint8Array;
|
|
26
|
+
}
|