@cloudpss/crypto 0.5.24 → 0.5.25

package/dist/encryption/web.js.map

@@ -1 +1 @@
-{"version":3,"file":"web.js","sourceRoot":"","sources":["../../src/encryption/web.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,gBAAgB,EAAyB,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAEpH,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;AAElC,wBAAwB;AACxB,KAAK,UAAU,SAAS,CAAC,UAAkB,EAAE,IAAgB;IACzD,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;IAC9G,MAAM,YAAY,GAAiB;QAC/B,IAAI,EAAE,QAAQ;QACd,IAAI;QACJ,UAAU,EAAE,iBAAiB;QAC7B,IAAI,EAAE,SAAS;KAClB,CAAC;IACF,OAAO,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,YAAY,GAAG,CAAC,EAAE,EAAE,KAAK,EAAE;QAC3G,SAAS;QACT,SAAS;KACZ,CAAC,CAAC;AACP,CAAC;AAED,wBAAwB;AACxB,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,IAAgB,EAAE,UAAkB;IAC9D,MAAM,IAAI,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC;IACtE,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;IAC9C,MAAM,EAAE,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC;IAC/D,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CACzC;QACI,IAAI,EAAE,SAAS;QACf,EAAE;KACL,EACD,GAAG,EACH,IAAI,CACP,CAAC;IACF,OAAO;QACH,IAAI,EAAE,IAAI;QACV,EAAE,EAAE,EAAE;QACN,IAAI,EAAE,IAAI,UAAU,CAAC,SAAS,CAAC;KAClC,CAAC;AACN,CAAC;AAED,wBAAwB;AACxB,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAoB,EAAE,UAAkB;IAClF,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CACzC;QACI,IAAI,EAAE,SAAS;QACf,EAAE;KACL,EACD,GAAG,EACH,IAAI,CACP,CAAC;IACF,OAAO,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;AACrC,CAAC"}
+{"version":3,"file":"web.js","sourceRoot":"","sources":["../../src/encryption/web.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,UAAU,EACV,YAAY,EACZ,YAAY,EAGZ,iBAAiB,GACpB,MAAM,aAAa,CAAC;AAErB,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;AAElC,wBAAwB;AACxB,KAAK,UAAU,SAAS,CAAC,UAAkB,EAAE,IAAgB;IACzD,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;IAC9G,MAAM,YAAY,GAAiB;QAC/B,IAAI,EAAE,QAAQ;QACd,IAAI;QACJ,UAAU,EAAE,iBAAiB;QAC7B,IAAI,EAAE,SAAS;KAClB,CAAC;IACF,OAAO,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,YAAY,GAAG,CAAC,EAAE,EAAE,KAAK,EAAE;QAC3G,SAAS;QACT,SAAS;KACZ,CAAC,CAAC;AACP,CAAC;AAED,wBAAwB;AACxB,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,EAAE,IAAI,EAAE,GAAG,EAAa,EAAE,UAAkB;IACtE,MAAM,KAAK,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;IACjE,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IAC/C,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CACzC;QACI,IAAI,EAAE,SAAS;QACf,EAAE,EAAE,KAAK;QACT,SAAS,EAAE,YAAY,GAAG,CAAC;QAC3B,cAAc,EAAE,GAAG;KACtB,EACD,GAAG,EACH,IAAI,CACP,CAAC;IACF,OAAO;QACH,KAAK;QACL,IAAI,EAAE,IAAI,UAAU,CAAC,SAAS,CAAC;KAClC,CAAC;AACN,CAAC;AAED,wBAAwB;AACxB,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAiB,EAAE,UAAkB;IACjF,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IAC/C,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CACzC;QACI,IAAI,EAAE,SAAS;QACf,EAAE,EAAE,KAAK;QACT,SAAS,EAAE,YAAY,GAAG,CAAC;QAC3B,cAAc,EAAE,GAAG;KACtB,EACD,GAAG,EACH,IAAI,CACP,CAAC;IACF,OAAO,EAAE,IAAI,EAAE,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;AAC/C,CAAC"}

package/dist/index.d.ts

@@ -1 +1 @@
-export { isEncrypted, encrypt, decrypt } from './encryption/index.js';
+export { isEncrypted, encrypt, decrypt, encryptAad, extractAad } from './encryption/index.js';

package/dist/index.js

@@ -1,2 +1,2 @@
-export { isEncrypted, encrypt, decrypt } from './encryption/index.js';
+export { isEncrypted, encrypt, decrypt, encryptAad, extractAad } from './encryption/index.js';
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cloudpss/crypto",
-  "version": "0.5.24",
+  "version": "0.5.25",
   "author": "CloudPSS",
   "license": "MIT",
   "type": "module",
@@ -16,16 +16,19 @@
     }
   },
   "dependencies": {
-    "crypto-js": "^4.2.0",
-    "hash-wasm": "^4.11.0"
+    "sjcl": "^1.0.8"
   },
   "devDependencies": {
-    "@types/crypto-js": "^4.2.2"
+    "crypto-js": "^4.2.0",
+    "hash-wasm": "^4.11.0",
+    "@types/crypto-js": "^4.2.2",
+    "@types/sjcl": "^1.0.34"
   },
   "scripts": {
     "start": "pnpm clean && tsc --watch",
     "build": "pnpm clean && tsc",
     "test": "NODE_OPTIONS=\"${NODE_OPTIONS:-} --experimental-vm-modules\" jest",
+    "benchmark": "node ./benchmark",
     "clean": "rimraf dist"
   }
 }

package/src/encryption/browser.ts

@@ -1,4 +1,4 @@
-import type { EncryptionResult } from './common.js';
+import type { EncryptedData, PlainData } from './common.js';
 
 // eslint-disable-next-line @typescript-eslint/explicit-function-return-type
 const module = () => {
@@ -18,13 +18,13 @@ const module = () => {
 };
 
 /** browser encrypt */
-export async function encrypt(data: Uint8Array, passphrase: string): Promise<EncryptionResult> {
+export async function encrypt(data: PlainData, passphrase: string): Promise<EncryptedData> {
     const { encrypt } = await module();
     return await encrypt(data, passphrase);
 }
 
 /** browser decrypt */
-export async function decrypt(data: EncryptionResult, passphrase: string): Promise<Uint8Array> {
+export async function decrypt(data: EncryptedData, passphrase: string): Promise<PlainData> {
     const { decrypt } = await module();
     return await decrypt(data, passphrase);
 }

package/src/encryption/common.ts

@@ -1,22 +1,85 @@
-/**
- * PBKDF2 迭代次数
- */
+import { toUint8Array } from '../utils.js';
+
+/** PBKDF2 迭代次数 */
 export const PBKDF2_ITERATIONS = 100_000;
-/**
- * PBKDF2 盐值长度（byte）
- */
-export const PBKDF2_SALT_SIZE = 128 / 8;
-/** IV 长度（byte） */
-export const AES_IV_SIZE = 128 / 8;
+/** NONCE 长度（byte） */
+export const NONCE_SIZE = 96 / 8;
+/** AAD 最大长度（byte） */
+export const AAD_MAX_SIZE = 1024 * 1024 * 1024; // 1GiB
+/** AAD 长度字段长度（byte） */
+export const AAD_LEN_SIZE = 4;
+
+// 与 AES 一致对齐
+/** AAD padding */
+export const AAD_PADDING = 128 / 8;
 /** KEY 长度（byte） */
 export const AES_KEY_SIZE = 256 / 8;
+/** Auth tag 长度（byte） */
+export const AES_TAG_SIZE = 128 / 8;
+
+/** 加密输入/解密结果 */
+export interface PlainData {
+    /** 附加数据 */
+    aad?: Uint8Array;
+    /** 明文数据 */
+    data: Uint8Array;
+}
 
-/** 加密结果 */
-export interface EncryptionResult {
-    /** 盐值 */
-    salt: Uint8Array;
-    /** 初始向量 */
-    iv: Uint8Array;
-    /** 加密后的数据 */
+/** 解密输入/加密结果 */
+export interface EncryptedData {
+    /** NONCE */
+    nonce: Uint8Array;
+    /** 附加数据 */
+    aad?: Uint8Array;
+    /** 加密后的数据和 tag */
     data: Uint8Array;
 }
+
+/**
+ * CloudPSS 数据加密
+ * - 密钥生成算法：PBKDF2-HMAC-SHA256，盐长度 96，迭代 100,000 次
+ * - 加密算法：AES-256-GCM，使用与密钥生成算法的盐作为 NONCE，TAG 长度 128
+ * - 附加数据：最大长度 0x7fff_ffff
+ *
+ * - 文件格式：
+ *   - Magic Number: 0e 02 49 29 3f 07 7b 0a
+ *   - Nonce: 96 bits
+ *   - Length of AAD: 4 bytes
+ *   - AAD (if exists)
+ *   - Encrypted Data
+ *   - Auth Tag: 128 bits
+ */
+
+/** CloudPSS 数据加密 */
+export const MAGIC_NUMBER = Uint8Array.from([0x0e, 0x02, 0x49, 0x29, 0x3f, 0x07, 0x7b, 0x0a]);
+
+const MIN_ENCRYPTED_SIZE = MAGIC_NUMBER.length + NONCE_SIZE + AAD_LEN_SIZE + AES_TAG_SIZE;
+
+/** 计算对齐后的长度 */
+export function padding(size: number, padding: number): number {
+    return (size + padding - 1) & ~(padding - 1);
+}
+
+/** 解析 CloudPSS 加密数据 */
+export function parseEncrypted(data: BinaryData): EncryptedData | undefined {
+    const buffer = toUint8Array(data);
+    if (buffer.byteLength < MIN_ENCRYPTED_SIZE) return undefined;
+    if (!MAGIC_NUMBER.every((v, i) => buffer[i] === v)) return undefined;
+    const nonce = buffer.subarray(MAGIC_NUMBER.length, MAGIC_NUMBER.length + NONCE_SIZE);
+    const aadSize =
+        (buffer[MAGIC_NUMBER.length + NONCE_SIZE] << 24) |
+        (buffer[MAGIC_NUMBER.length + NONCE_SIZE + 1] << 16) |
+        (buffer[MAGIC_NUMBER.length + NONCE_SIZE + 2] << 8) |
+        buffer[MAGIC_NUMBER.length + NONCE_SIZE + 3];
+    if (aadSize > AAD_MAX_SIZE || aadSize < 0) return undefined;
+    const paddingAadSize = padding(aadSize, AAD_PADDING);
+    if (buffer.byteLength < paddingAadSize + MIN_ENCRYPTED_SIZE) return undefined;
+    const aad = aadSize
+        ? buffer.subarray(
+              MAGIC_NUMBER.length + NONCE_SIZE + AAD_LEN_SIZE,
+              MAGIC_NUMBER.length + NONCE_SIZE + AAD_LEN_SIZE + aadSize,
+          )
+        : undefined;
+    const encrypted = buffer.subarray(MAGIC_NUMBER.length + NONCE_SIZE + AAD_LEN_SIZE + paddingAadSize);
+    return { nonce, aad, data: encrypted };
+}

package/src/encryption/index.ts

@@ -1,84 +1,25 @@
 import * as impl from '#encryption';
-import { toUint8Array } from '../utils.js';
-import { AES_IV_SIZE, PBKDF2_SALT_SIZE } from './common.js';
+import { parseEncrypted } from './common.js';
+import { createModule } from './module.js';
 
-/**
- * CloudPSS 数据加密
- * - 密钥生成算法：PBKDF2-HMAC-SHA256，盐长度 128，迭代 100,000 次
- * - 加密算法：AES-256-CBC
- *
- * - 文件格式：
- *   - Magic Number: 0e 02 49 29 3f 07 7b 0a
- *   - Salt: 128 bits
- *   - IV: 128 bits
- *   - Encrypted Data
- */
-
-/** CloudPSS 数据加密 */
-export const MAGIC_NUMBER = Uint8Array.from([0x0e, 0x02, 0x49, 0x29, 0x3f, 0x07, 0x7b, 0x0a]);
-
-/** 检查是否为 CloudPSS 加密数据 */
-function isEncryptedImpl(data: Uint8Array): boolean {
-    return (
-        data.length > MAGIC_NUMBER.length + PBKDF2_SALT_SIZE + AES_IV_SIZE &&
-        MAGIC_NUMBER.every((v, i) => data[i] === v)
-    );
-}
+export { MAGIC_NUMBER } from './common.js';
 
 /** 检查是否为 CloudPSS 加密数据 */
 export function isEncrypted(data: BinaryData): boolean {
-    const buffer = toUint8Array(data);
-    return isEncryptedImpl(buffer);
-}
-
-/** 检查密码 */
-function assertPassphrase(passphrase: string): void {
-    if (typeof passphrase !== 'string') {
-        throw new TypeError('Invalid passphrase, must be a string');
-    }
-    if (passphrase.length === 0) {
-        throw new TypeError('Invalid passphrase, must not be empty');
-    }
-}
-
-/**
- * 加密数据
- * @throws {TypeError} 如果密码无效
- */
-export async function encrypt(data: BinaryData, passphrase: string): Promise<Uint8Array> {
-    assertPassphrase(passphrase);
-    const buffer = toUint8Array(data);
-    const encrypted = await impl.encrypt(buffer, passphrase);
-    const result = new Uint8Array(MAGIC_NUMBER.length + PBKDF2_SALT_SIZE + AES_IV_SIZE + encrypted.data.length);
-    result.set(MAGIC_NUMBER);
-    result.set(encrypted.salt, MAGIC_NUMBER.length);
-    result.set(encrypted.iv, MAGIC_NUMBER.length + PBKDF2_SALT_SIZE);
-    result.set(encrypted.data, MAGIC_NUMBER.length + PBKDF2_SALT_SIZE + AES_IV_SIZE);
-    return result;
+    return parseEncrypted(data) != null;
 }
 
 /**
- * 解密数据
+ * 从加密数据中提取附加数据
  * @throws {TypeError} 如果数据不是有效的加密数据
- * @throws {TypeError} 如果密码无效
  */
-export async function decrypt(data: BinaryData, passphrase: string): Promise<Uint8Array> {
-    assertPassphrase(passphrase);
-    const buffer = toUint8Array(data);
-    if (!isEncryptedImpl(buffer)) {
+export function extractAad(data: BinaryData): Uint8Array | undefined {
+    const encrypted = parseEncrypted(data);
+    if (encrypted == null) {
         throw new TypeError('Invalid encrypted data');
     }
-    const encrypted = {
-        salt: buffer.subarray(MAGIC_NUMBER.length, MAGIC_NUMBER.length + PBKDF2_SALT_SIZE),
-        iv: buffer.subarray(
-            MAGIC_NUMBER.length + PBKDF2_SALT_SIZE,
-            MAGIC_NUMBER.length + PBKDF2_SALT_SIZE + AES_IV_SIZE,
-        ),
-        data: buffer.subarray(MAGIC_NUMBER.length + PBKDF2_SALT_SIZE + AES_IV_SIZE),
-    };
-    try {
-        return await impl.decrypt(encrypted, passphrase);
-    } catch (ex) {
-        throw new Error('Wrong passphrase', { cause: ex });
-    }
+    return encrypted.aad;
 }
+
+// eslint-disable-next-line @typescript-eslint/unbound-method
+export const { encrypt, decrypt, encryptAad } = createModule(impl);

package/src/encryption/js/aes.ts

@@ -0,0 +1,191 @@
+/** AES S-box Tables */
+type SBoxTable = [t0: Uint32Array, t1: Uint32Array, t2: Uint32Array, t3: Uint32Array, t4: Uint8Array];
+
+/** Compute AES S-box Tables */
+function createSBox(): [SBoxTable, SBoxTable] {
+    const encTable: SBoxTable = [
+        new Uint32Array(256),
+        new Uint32Array(256),
+        new Uint32Array(256),
+        new Uint32Array(256),
+        new Uint8Array(256),
+    ];
+    const decTable: SBoxTable = [
+        new Uint32Array(256),
+        new Uint32Array(256),
+        new Uint32Array(256),
+        new Uint32Array(256),
+        new Uint8Array(256),
+    ];
+
+    const sbox = encTable[4];
+    const sboxInv = decTable[4];
+
+    const d = new Uint8Array(256);
+    const th = new Uint8Array(256);
+
+    // Compute double and third tables
+    for (let i = 0; i < 256; i++) {
+        d[i] = (i << 1) ^ ((i >> 7) * 283);
+        th[d[i] ^ i] = i;
+    }
+
+    let x = 0,
+        xInv = 0,
+        x2 = 0,
+        x4 = 0,
+        x8 = 0;
+    for (; !sbox[x]; x ^= x2 || 1, xInv = th[xInv] || 1) {
+        // Compute sbox
+        let s = xInv ^ (xInv << 1) ^ (xInv << 2) ^ (xInv << 3) ^ (xInv << 4);
+        s = (s >> 8) ^ (s & 255) ^ 99;
+        sbox[x] = s;
+        sboxInv[s] = x;
+
+        // Compute MixColumns
+        x8 = d[(x4 = d[(x2 = d[x])])];
+        let tDec = (x8 * 0x101_0101) ^ (x4 * 0x1_0001) ^ (x2 * 0x101) ^ (x * 0x101_0100);
+        let tEnc = (d[s] * 0x101) ^ (s * 0x101_0100);
+
+        for (let i = 0; i < 4; i++) {
+            encTable[i][x] = tEnc = (tEnc << 24) ^ (tEnc >>> 8);
+            decTable[i][s] = tDec = (tDec << 24) ^ (tDec >>> 8);
+        }
+    }
+
+    return [encTable, decTable];
+}
+
+let encryptTable: SBoxTable;
+let decryptTable: SBoxTable;
+/** 初始化 */
+function init(): void {
+    if (!encryptTable) {
+        [encryptTable, decryptTable] = createSBox();
+    }
+}
+/** AES 算法 */
+export class AES {
+    /** 加密密钥 */
+    private readonly encKey: Uint32Array;
+    /** 解密密钥 */
+    private readonly decKey: Uint32Array;
+    constructor(key: Uint32Array) {
+        if (key.length !== 4 && key.length !== 6 && key.length !== 8) {
+            throw new TypeError('Invalid aes key length');
+        }
+        init();
+
+        const sbox = encryptTable[4],
+            decTable = decryptTable,
+            keyLen = key.length,
+            rKeyLen = 4 * key.length + 28;
+
+        this.encKey = new Uint32Array(rKeyLen);
+        this.decKey = new Uint32Array(rKeyLen);
+        const { encKey, decKey } = this;
+
+        encKey.set(key);
+
+        // schedule encryption keys
+        let rcon = 1;
+        for (let i = keyLen; i < rKeyLen; i++) {
+            let tmp = this.encKey[i - 1];
+
+            // apply sbox
+            if (i % keyLen === 0 || (keyLen === 8 && i % keyLen === 4)) {
+                tmp =
+                    (sbox[tmp >>> 24] << 24) ^
+                    (sbox[(tmp >> 16) & 255] << 16) ^
+                    (sbox[(tmp >> 8) & 255] << 8) ^
+                    sbox[tmp & 255];
+
+                // shift rows and add rcon
+                if (i % keyLen === 0) {
+                    tmp = (tmp << 8) ^ (tmp >>> 24) ^ (rcon << 24);
+                    rcon = (rcon << 1) ^ ((rcon >> 7) * 283);
+                }
+            }
+
+            encKey[i] = encKey[i - keyLen] ^ tmp;
+        }
+
+        // schedule decryption keys
+        for (let i = rKeyLen, j = 0; i; j++, i--) {
+            const tmp = encKey[j & 3 ? i : i - 4];
+            if (i <= 4 || j < 4) {
+                decKey[j] = tmp;
+            } else {
+                decKey[j] =
+                    decTable[0][sbox[tmp >>> 24]] ^
+                    decTable[1][sbox[(tmp >> 16) & 255]] ^
+                    decTable[2][sbox[(tmp >> 8) & 255]] ^
+                    decTable[3][sbox[tmp & 255]];
+            }
+        }
+    }
+
+    /**
+     * Encryption and decryption core.
+     */
+    private crypt(
+        input: Uint32Array,
+        inputOffset: number,
+        output: Uint32Array,
+        outputOffset: number,
+        decrypt: boolean,
+    ): void {
+        const key = decrypt ? this.decKey : this.encKey;
+        const [t0, t1, t2, t3, sbox] = decrypt ? decryptTable : encryptTable;
+
+        // state variables a,b,c,d are loaded with pre-whitened data
+        let a = input[inputOffset] ^ key[0],
+            b = input[inputOffset + (decrypt ? 3 : 1)] ^ key[1],
+            c = input[inputOffset + 2] ^ key[2],
+            d = input[inputOffset + (decrypt ? 1 : 3)] ^ key[3];
+
+        let kIndex = 4;
+
+        // Inner rounds.  Cribbed from OpenSSL.
+        const nInnerRounds = key.length / 4 - 2;
+        for (let i = 0; i < nInnerRounds; i++) {
+            const a2 = t0[a >>> 24] ^ t1[(b >> 16) & 255] ^ t2[(c >> 8) & 255] ^ t3[d & 255] ^ key[kIndex];
+            const b2 = t0[b >>> 24] ^ t1[(c >> 16) & 255] ^ t2[(d >> 8) & 255] ^ t3[a & 255] ^ key[kIndex + 1];
+            const c2 = t0[c >>> 24] ^ t1[(d >> 16) & 255] ^ t2[(a >> 8) & 255] ^ t3[b & 255] ^ key[kIndex + 2];
+            d = t0[d >>> 24] ^ t1[(a >> 16) & 255] ^ t2[(b >> 8) & 255] ^ t3[c & 255] ^ key[kIndex + 3];
+            a = a2;
+            b = b2;
+            c = c2;
+            kIndex += 4;
+        }
+
+        // Last round.
+        for (let i = 0; i < 4; i++) {
+            output[outputOffset + (decrypt ? 3 & -i : i)] =
+                (sbox[a >>> 24] << 24) ^
+                (sbox[(b >> 16) & 255] << 16) ^
+                (sbox[(c >> 8) & 255] << 8) ^
+                sbox[d & 255] ^
+                key[kIndex++];
+            const a2 = a;
+            a = b;
+            b = c;
+            c = d;
+            d = a2;
+        }
+    }
+
+    /**
+     * Encrypt a block of plain text.
+     */
+    encrypt(input: Uint32Array, inputOffset: number, output: Uint32Array, outputOffset: number): void {
+        return this.crypt(input, inputOffset, output, outputOffset, false);
+    }
+
+    /**
+     * Decrypt a block of cipher text.
+     */
+    decrypt(input: Uint32Array, inputOffset: number, output: Uint32Array, outputOffset: number): void {
+        return this.crypt(input, inputOffset, output, outputOffset, true);
+    }
+}