@cloudpss/crypto 0.5.25 → 0.5.26

package/dist/encryption/pure-js.js

@@ -1,82 +0,0 @@
-import sjcl from 'sjcl';
-import { NONCE_SIZE, AES_KEY_SIZE, AES_TAG_SIZE, PBKDF2_ITERATIONS, } from './common.js';
-// Load unminified version for debugging
-// globalThis.sjcl = sjcl;
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/aes.js');
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/gcm.js');
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/bitArray.js');
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/pbkdf2.js');
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/hmac.js');
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/sha256.js');
-/** Convert word array to buffer data */
-function wordArrayToBuffer(bitArray) {
-    const len = sjcl.bitArray.bitLength(bitArray) / 8;
-    const out = new Uint8Array(len);
-    for (let i = 0; i < len; i += 4) {
-        const tmp = bitArray[i / 4];
-        out[i] = (tmp >>> 24) & 0xff;
-        out[i + 1] = (tmp >>> 16) & 0xff;
-        out[i + 2] = (tmp >>> 8) & 0xff;
-        out[i + 3] = tmp & 0xff;
-    }
-    return out;
-}
-/** Convert buffer data to word array */
-function bufferToWordArray(buffer) {
-    const out = [];
-    const length = buffer.byteLength;
-    for (let i = 0; i < length; i += 4) {
-        out.push((buffer[i] << 24) | (buffer[i + 1] << 16) | (buffer[i + 2] << 8) | buffer[i + 3]);
-    }
-    if (length & 3) {
-        out[out.length - 1] = sjcl.bitArray.partial(8 * (length & 3), out[out.length - 1], 1);
-    }
-    return out;
-}
-/** Create aes params */
-function aesKdfJs(passphrase, salt) {
-    return sjcl.misc.pbkdf2(passphrase, salt, PBKDF2_ITERATIONS, AES_KEY_SIZE * 8, sjcl.misc.hmac);
-}
-/** wrap non-error thrown */
-function wrapError(error) {
-    if (error instanceof Error) {
-        return error;
-    }
-    return new Error(String(error), { cause: error });
-}
-/** crypto-js encrypt */
-export async function encrypt({ data, aad }, passphrase) {
-    try {
-        const nonce = sjcl.random.randomWords(NONCE_SIZE / 4);
-        const key = aesKdfJs(passphrase, nonce);
-        const encrypted = sjcl.mode.gcm.encrypt(new sjcl.cipher.aes(key), bufferToWordArray(data), nonce, aad ? bufferToWordArray(aad) : undefined, AES_TAG_SIZE * 8);
-        return await Promise.resolve({
-            nonce: wordArrayToBuffer(nonce),
-            data: wordArrayToBuffer(encrypted),
-        });
-    }
-    catch (ex) {
-        throw wrapError(ex);
-    }
-}
-/** crypto-js decrypt */
-export async function decrypt({ data, aad, nonce }, passphrase) {
-    try {
-        const n = bufferToWordArray(nonce);
-        const key = aesKdfJs(passphrase, n);
-        const decrypted = sjcl.mode.gcm.decrypt(new sjcl.cipher.aes(key), bufferToWordArray(data), n, aad ? bufferToWordArray(aad) : undefined, AES_TAG_SIZE * 8);
-        return await Promise.resolve({
-            data: wordArrayToBuffer(decrypted),
-        });
-    }
-    catch (ex) {
-        throw wrapError(ex);
-    }
-}
-//# sourceMappingURL=pure-js.js.map

package/dist/encryption/pure-js.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"pure-js.js","sourceRoot":"","sources":["../../src/encryption/pure-js.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EACH,UAAU,EACV,YAAY,EACZ,YAAY,EAEZ,iBAAiB,GAEpB,MAAM,aAAa,CAAC;AAErB,wCAAwC;AACxC,0BAA0B;AAC1B,2CAA2C;AAC3C,oCAAoC;AACpC,2CAA2C;AAC3C,oCAAoC;AACpC,2CAA2C;AAC3C,yCAAyC;AACzC,2CAA2C;AAC3C,uCAAuC;AACvC,2CAA2C;AAC3C,qCAAqC;AACrC,2CAA2C;AAC3C,uCAAuC;AAEvC,wCAAwC;AACxC,SAAS,iBAAiB,CAAC,QAAuB;IAC9C,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAClD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;IAChC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9B,MAAM,GAAG,GAAG,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC5B,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,KAAK,EAAE,CAAC,GAAG,IAAI,CAAC;QAC7B,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,KAAK,EAAE,CAAC,GAAG,IAAI,CAAC;QACjC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,GAAG,IAAI,CAAC;QAChC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,GAAG,IAAI,CAAC;IAC5B,CAAC;IACD,OAAO,GAAG,CAAC;AACf,CAAC;AAED,wCAAwC;AACxC,SAAS,iBAAiB,CAAC,MAAkB;IACzC,MAAM,GAAG,GAAG,EAAE,CAAC;IACf,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC;IACjC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QACjC,GAAG,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAC/F,CAAC;IACD,IAAI,MAAM,GAAG,CAAC,EAAE,CAAC;QACb,GAAG,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC1F,CAAC;IACD,OAAO,GAAG,CAAC;AACf,CAAC;AAED,wBAAwB;AACxB,SAAS,QAAQ,CAAC,UAAkB,EAAE,IAAmB;IACrD,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,IAAI,EAAE,iBAAiB,EAAE,YAAY,GAAG,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACnG,CAAC;AAED,4BAA4B;AAC5B,SAAS,SAAS,CAAC,KAAc;IAC7B,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC;IACjB,CAAC;IACD,OAAO,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;AACtD,CAAC;AAED,wBAAwB;AACxB,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,EAAE,IAAI,EAAE,GAAG,EAAa,EAAE,UAAkB;IACtE,IAAI,CAAC;QACD,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;QACtD,MAAM,GAAG,GAAG,QAAQ,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QACxC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CACnC,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,EACxB,iBAAiB,CAAC,IAAI,CAAC,EACvB,KAAK,EACL,GAAG,CAAC,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,EACxC,YAAY,GAAG,CAAC,CACnB,CAAC;QACF,OAAO,MAAM,OAAO,CAAC,OAAO,CAAC;YACzB,KAAK,EAAE,iBAAiB,CAAC,KAAK,CAAC;YAC/B,IAAI,EAAE,iBAAiB,CAAC,SAAS,CAAC;SACrC,CAAC,CAAC;IACP,CAAC;IAAC,OAAO,EAAE,EAAE,CAAC;QACV,MAAM,SAAS,CAAC,EAAE,CAAC,CAAC;IACxB,CAAC;AACL,CAAC;AAED,wBAAwB;AACxB,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAiB,EAAE,UAAkB;IACjF,IAAI,CAAC;QACD,MAAM,CAAC,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;QACnC,MAAM,GAAG,GAAG,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;QACpC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CACnC,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,EACxB,iBAAiB,CAAC,IAAI,CAAC,EACvB,CAAC,EACD,GAAG,CAAC,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,EACxC,YAAY,GAAG,CAAC,CACnB,CAAC;QACF,OAAO,MAAM,OAAO,CAAC,OAAO,CAAC;YACzB,IAAI,EAAE,iBAAiB,CAAC,SAAS,CAAC;SACrC,CAAC,CAAC;IACP,CAAC;IAAC,OAAO,EAAE,EAAE,CAAC;QACV,MAAM,SAAS,CAAC,EAAE,CAAC,CAAC;IACxB,CAAC;AACL,CAAC"}

package/src/encryption/js/aes.ts

@@ -1,191 +0,0 @@
-/** AES S-box Tables */
-type SBoxTable = [t0: Uint32Array, t1: Uint32Array, t2: Uint32Array, t3: Uint32Array, t4: Uint8Array];
-
-/** Compute AES S-box Tables */
-function createSBox(): [SBoxTable, SBoxTable] {
-    const encTable: SBoxTable = [
-        new Uint32Array(256),
-        new Uint32Array(256),
-        new Uint32Array(256),
-        new Uint32Array(256),
-        new Uint8Array(256),
-    ];
-    const decTable: SBoxTable = [
-        new Uint32Array(256),
-        new Uint32Array(256),
-        new Uint32Array(256),
-        new Uint32Array(256),
-        new Uint8Array(256),
-    ];
-
-    const sbox = encTable[4];
-    const sboxInv = decTable[4];
-
-    const d = new Uint8Array(256);
-    const th = new Uint8Array(256);
-
-    // Compute double and third tables
-    for (let i = 0; i < 256; i++) {
-        d[i] = (i << 1) ^ ((i >> 7) * 283);
-        th[d[i] ^ i] = i;
-    }
-
-    let x = 0,
-        xInv = 0,
-        x2 = 0,
-        x4 = 0,
-        x8 = 0;
-    for (; !sbox[x]; x ^= x2 || 1, xInv = th[xInv] || 1) {
-        // Compute sbox
-        let s = xInv ^ (xInv << 1) ^ (xInv << 2) ^ (xInv << 3) ^ (xInv << 4);
-        s = (s >> 8) ^ (s & 255) ^ 99;
-        sbox[x] = s;
-        sboxInv[s] = x;
-
-        // Compute MixColumns
-        x8 = d[(x4 = d[(x2 = d[x])])];
-        let tDec = (x8 * 0x101_0101) ^ (x4 * 0x1_0001) ^ (x2 * 0x101) ^ (x * 0x101_0100);
-        let tEnc = (d[s] * 0x101) ^ (s * 0x101_0100);
-
-        for (let i = 0; i < 4; i++) {
-            encTable[i][x] = tEnc = (tEnc << 24) ^ (tEnc >>> 8);
-            decTable[i][s] = tDec = (tDec << 24) ^ (tDec >>> 8);
-        }
-    }
-
-    return [encTable, decTable];
-}
-
-let encryptTable: SBoxTable;
-let decryptTable: SBoxTable;
-/** 初始化 */
-function init(): void {
-    if (!encryptTable) {
-        [encryptTable, decryptTable] = createSBox();
-    }
-}
-/** AES 算法 */
-export class AES {
-    /** 加密密钥 */
-    private readonly encKey: Uint32Array;
-    /** 解密密钥 */
-    private readonly decKey: Uint32Array;
-    constructor(key: Uint32Array) {
-        if (key.length !== 4 && key.length !== 6 && key.length !== 8) {
-            throw new TypeError('Invalid aes key length');
-        }
-        init();
-
-        const sbox = encryptTable[4],
-            decTable = decryptTable,
-            keyLen = key.length,
-            rKeyLen = 4 * key.length + 28;
-
-        this.encKey = new Uint32Array(rKeyLen);
-        this.decKey = new Uint32Array(rKeyLen);
-        const { encKey, decKey } = this;
-
-        encKey.set(key);
-
-        // schedule encryption keys
-        let rcon = 1;
-        for (let i = keyLen; i < rKeyLen; i++) {
-            let tmp = this.encKey[i - 1];
-
-            // apply sbox
-            if (i % keyLen === 0 || (keyLen === 8 && i % keyLen === 4)) {
-                tmp =
-                    (sbox[tmp >>> 24] << 24) ^
-                    (sbox[(tmp >> 16) & 255] << 16) ^
-                    (sbox[(tmp >> 8) & 255] << 8) ^
-                    sbox[tmp & 255];
-
-                // shift rows and add rcon
-                if (i % keyLen === 0) {
-                    tmp = (tmp << 8) ^ (tmp >>> 24) ^ (rcon << 24);
-                    rcon = (rcon << 1) ^ ((rcon >> 7) * 283);
-                }
-            }
-
-            encKey[i] = encKey[i - keyLen] ^ tmp;
-        }
-
-        // schedule decryption keys
-        for (let i = rKeyLen, j = 0; i; j++, i--) {
-            const tmp = encKey[j & 3 ? i : i - 4];
-            if (i <= 4 || j < 4) {
-                decKey[j] = tmp;
-            } else {
-                decKey[j] =
-                    decTable[0][sbox[tmp >>> 24]] ^
-                    decTable[1][sbox[(tmp >> 16) & 255]] ^
-                    decTable[2][sbox[(tmp >> 8) & 255]] ^
-                    decTable[3][sbox[tmp & 255]];
-            }
-        }
-    }
-
-    /**
-     * Encryption and decryption core.
-     */
-    private crypt(
-        input: Uint32Array,
-        inputOffset: number,
-        output: Uint32Array,
-        outputOffset: number,
-        decrypt: boolean,
-    ): void {
-        const key = decrypt ? this.decKey : this.encKey;
-        const [t0, t1, t2, t3, sbox] = decrypt ? decryptTable : encryptTable;
-
-        // state variables a,b,c,d are loaded with pre-whitened data
-        let a = input[inputOffset] ^ key[0],
-            b = input[inputOffset + (decrypt ? 3 : 1)] ^ key[1],
-            c = input[inputOffset + 2] ^ key[2],
-            d = input[inputOffset + (decrypt ? 1 : 3)] ^ key[3];
-
-        let kIndex = 4;
-
-        // Inner rounds.  Cribbed from OpenSSL.
-        const nInnerRounds = key.length / 4 - 2;
-        for (let i = 0; i < nInnerRounds; i++) {
-            const a2 = t0[a >>> 24] ^ t1[(b >> 16) & 255] ^ t2[(c >> 8) & 255] ^ t3[d & 255] ^ key[kIndex];
-            const b2 = t0[b >>> 24] ^ t1[(c >> 16) & 255] ^ t2[(d >> 8) & 255] ^ t3[a & 255] ^ key[kIndex + 1];
-            const c2 = t0[c >>> 24] ^ t1[(d >> 16) & 255] ^ t2[(a >> 8) & 255] ^ t3[b & 255] ^ key[kIndex + 2];
-            d = t0[d >>> 24] ^ t1[(a >> 16) & 255] ^ t2[(b >> 8) & 255] ^ t3[c & 255] ^ key[kIndex + 3];
-            a = a2;
-            b = b2;
-            c = c2;
-            kIndex += 4;
-        }
-
-        // Last round.
-        for (let i = 0; i < 4; i++) {
-            output[outputOffset + (decrypt ? 3 & -i : i)] =
-                (sbox[a >>> 24] << 24) ^
-                (sbox[(b >> 16) & 255] << 16) ^
-                (sbox[(c >> 8) & 255] << 8) ^
-                sbox[d & 255] ^
-                key[kIndex++];
-            const a2 = a;
-            a = b;
-            b = c;
-            c = d;
-            d = a2;
-        }
-    }
-
-    /**
-     * Encrypt a block of plain text.
-     */
-    encrypt(input: Uint32Array, inputOffset: number, output: Uint32Array, outputOffset: number): void {
-        return this.crypt(input, inputOffset, output, outputOffset, false);
-    }
-
-    /**
-     * Decrypt a block of cipher text.
-     */
-    decrypt(input: Uint32Array, inputOffset: number, output: Uint32Array, outputOffset: number): void {
-        return this.crypt(input, inputOffset, output, outputOffset, true);
-    }
-}

package/src/encryption/js/gcm.ts

@@ -1,258 +0,0 @@
-import { AES } from './aes.js';
-
-// const console = { log() {} };
-const EMPTY = new Uint8Array(0);
-
-/** GCM (Galois/Counter Mode) */
-export class GCM {
-    constructor(
-        readonly cipher: AES,
-        readonly iv: Uint8Array,
-        readonly tagLength = 128,
-        readonly aad = EMPTY,
-    ) {
-        this.H = new Uint32Array(4);
-        this.cipher.encrypt(new Uint32Array(4), 0, this.H, 0);
-    }
-
-    /** Convert a Uint8Array to a Uint32Array */
-    private toUint32Array(data: Uint8Array): Uint32Array {
-        const out = new Uint32Array(Math.ceil(data.byteLength / 4));
-        for (let i = 0; i < out.length; i++) {
-            out[i] = (data[i * 4] << 24) | (data[i * 4 + 1] << 16) | (data[i * 4 + 2] << 8) | data[i * 4 + 3];
-        }
-        return out;
-    }
-    /** Convert a Uint32Array to a Uint8Array */
-    private toUint8Array(data: Uint32Array, byteLength: number): Uint8Array {
-        const out = new Uint8Array(byteLength);
-        for (let i = 0; i < byteLength; i++) {
-            out[i] = (data[Math.trunc(i / 4)] >>> (24 - (i % 4) * 8)) & 0xff;
-        }
-        return out;
-    }
-
-    /** Set out of range bytes to 0 */
-    private clamp(data: Uint32Array, byteLength: number): void {
-        const mask = 0xffff_ffff << (32 - (byteLength % 4) * 8);
-        data[Math.trunc(byteLength / 4)] &= mask;
-    }
-
-    private readonly H: Uint32Array;
-    /** Compute the galois multiplication of X and Y */
-    private galoisMultiply(x_r: Uint32Array, y: Uint32Array): void {
-        let Zi0 = 0,
-            Zi1 = 0,
-            Zi2 = 0,
-            Zi3 = 0;
-        let Vi0 = y[0],
-            Vi1 = y[1],
-            Vi2 = y[2],
-            Vi3 = y[3];
-
-        // Block size is 128 bits, run 128 times to get Z_128
-        for (let i = 0; i < 128; i++) {
-            const xi = (x_r[i >> 5] & (1 << (31 - (i % 32)))) !== 0;
-            if (xi) {
-                // Z_i+1 = Z_i ^ V_i
-                Zi0 ^= Vi0;
-                Zi1 ^= Vi1;
-                Zi2 ^= Vi2;
-                Zi3 ^= Vi3;
-            }
-
-            // Store the value of LSB(V_i)
-            const lsb_Vi = (Vi3 & 1) !== 0;
-
-            // V_i+1 = V_i >> 1
-            Vi3 = (Vi3 >>> 1) | ((Vi2 & 1) << 31);
-            Vi2 = (Vi2 >>> 1) | ((Vi1 & 1) << 31);
-            Vi1 = (Vi1 >>> 1) | ((Vi0 & 1) << 31);
-            Vi0 = Vi0 >>> 1;
-
-            // If LSB(V_i) is 1, V_i+1 = (V_i >> 1) ^ R
-            if (lsb_Vi) {
-                Vi0 = Vi0 ^ (0xe1 << 24);
-            }
-        }
-        x_r[0] = Zi0;
-        x_r[1] = Zi1;
-        x_r[2] = Zi2;
-        x_r[3] = Zi3;
-    }
-
-    /** Ghash */
-    private ghash(Y: Uint32Array, data: Uint32Array): void {
-        const l = data.length;
-        for (let i = 0; i < l; i += 4) {
-            Y[0] ^= 0xffff_ffff & data[i];
-            Y[1] ^= 0xffff_ffff & data[i + 1];
-            Y[2] ^= 0xffff_ffff & data[i + 2];
-            Y[3] ^= 0xffff_ffff & data[i + 3];
-            this.galoisMultiply(Y, this.H);
-        }
-    }
-
-    /** GCM CTR mode. */
-    private ctr(encrypt: boolean, data: Uint32Array, length: number): { data: Uint32Array; tag: Uint8Array } {
-        // console.log('data inpm', toHex(data));
-        // Calculate data lengths
-        const l = length / 4;
-        const bl = l * 32;
-        const abl = this.aad.byteLength * 8;
-        const ivbl = this.iv.byteLength * 8;
-
-        // Calculate the parameters
-        const J0 = new Uint32Array(4);
-        if (ivbl === 96) {
-            new Uint8Array(J0.buffer, J0.byteOffset).set(this.iv);
-            J0[3] = 1;
-        } else {
-            this.ghash(J0, this.toUint32Array(this.iv));
-            this.ghash(J0, new Uint32Array([0, 0, Math.trunc(ivbl / 0x1_0000_0000), ivbl & 0xffff_ffff]));
-        }
-
-        const S0 = new Uint32Array(4);
-        this.ghash(S0, this.toUint32Array(this.aad));
-
-        // Initialize ctr and tag
-        const tag = S0.slice(0);
-
-        // If decrypting, calculate hash
-        if (!encrypt) {
-            this.ghash(tag, data);
-        }
-
-        // Encrypt all the data
-        const ctr = J0.slice(0);
-        const enc = new Uint32Array(4);
-        for (let i = 0; i < l; i += 4) {
-            ctr[3]++;
-            this.cipher.encrypt(ctr, 0, enc, 0);
-
-            data[i] ^= enc[0];
-            data[i + 1] ^= enc[1];
-            data[i + 2] ^= enc[2];
-            data[i + 3] ^= enc[3];
-        }
-        this.clamp(data, length);
-        // console.log('data inpm', toHex(data));
-
-        // console.log('H impl', toHex(this.H));
-        // console.log('tag impl', toHex(tag));
-        // If encrypting, calculate hash
-        if (encrypt) {
-            this.ghash(tag, data);
-        }
-        // console.log('tag impl', toHex(tag));
-
-        // Calculate last block from bit lengths, ugly because bitwise operations are 32-bit
-        // Calculate the final tag block
-        this.ghash(
-            tag,
-            new Uint32Array([
-                Math.trunc(abl / 0x1_0000_0000),
-                abl & 0xffff_ffff,
-                Math.trunc(bl / 0x1_0000_0000),
-                bl & 0xffff_ffff,
-            ]),
-        );
-
-        this.cipher.encrypt(J0, 0, enc, 0);
-        tag[0] ^= enc[0];
-        tag[1] ^= enc[1];
-        tag[2] ^= enc[2];
-        tag[3] ^= enc[3];
-
-        // console.log('tag impl', toHex(tag));
-        return {
-            tag: new Uint8Array(tag.buffer, tag.byteOffset, this.tagLength / 8),
-            data,
-        };
-    }
-
-    /** 加密 */
-    encrypt(data: Uint8Array): Uint8Array {
-        const length = data.byteLength;
-        const data32 = this.toUint32Array(data);
-        const { data: out, tag } = this.ctr(true, data32, length);
-        const result = new Uint8Array(length + tag.byteLength);
-        result.set(this.toUint8Array(out, length), 0);
-        result.set(tag, length);
-        return result;
-    }
-
-    /** 解密 */
-    decrypt(data: Uint8Array): Uint8Array {
-        let tag, data32, length;
-        if (this.tagLength / 8 > data.byteLength) {
-            throw new Error('GCM: invalid data length');
-        } else if (this.tagLength / 8 === data.byteLength) {
-            length = 0;
-            tag = data;
-            data32 = new Uint32Array(0);
-        } else {
-            length = data.byteLength - this.tagLength / 8;
-            tag = data.subarray(length);
-            data32 = this.toUint32Array(data.subarray(0, length));
-        }
-        const { data: out, tag: tag2 } = this.ctr(false, data32, length);
-        if (tag2.some((v, i) => v !== tag[i])) {
-            throw new Error('GCM: tag does not match');
-        }
-        return this.toUint8Array(out, length);
-    }
-}
-
-// import sjcl from 'sjcl';
-// global.sjcl = sjcl;
-
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/aes.js');
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/gcm.js');
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/bitArray.js');
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/pbkdf2.js');
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/hmac.js');
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/sha256.js');
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/codecBytes.js');
-
-// function toHex(arr: number[] | Uint32Array | Int32Array | Uint8Array): string[] {
-//     if (arr instanceof Uint8Array) {
-//         const result = [];
-//         for (let i = 0; i < arr.length; i += 4) {
-//             const a = arr[i].toString(16).padStart(2, '0');
-//             const b = arr[i + 1]?.toString(16).padStart(2, '0') ?? '';
-//             const c = arr[i + 2]?.toString(16).padStart(2, '0') ?? '';
-//             const d = arr[i + 3]?.toString(16).padStart(2, '0') ?? '';
-//             result.push(a + b + c + d);
-//         }
-//         return result;
-//     }
-//     return [...arr].map((x) => {
-//         if (x < 0) x = 0xffffffff + x + 1;
-//         return x.toString(16).padStart(8, '0');
-//     });
-// }
-// // @ts-expect-error sjcl is not a module
-// global.toHex = toHex;
-
-// const data = new Uint8Array([1, 2, 3, 4, 5, 6, 7]);
-// const key = [1, 2, 3, 4];
-// const iv = [9, 8, 7];
-
-// const aes = new AES(new Uint32Array(key));
-// const gcm = new GCM(aes, new Uint8Array(new Uint32Array(iv).buffer));
-// const e1 = gcm.encrypt(data);
-// const e2 = sjcl.mode.gcm.encrypt(new sjcl.cipher.aes(key), sjcl.codec.bytes.toBits([...data]), iv);
-// console.log({ d: toHex(e1), l: e1.byteLength }, { d: toHex(e2), l: sjcl.bitArray.bitLength(e2) / 8 });
-
-// const d1 = gcm.decrypt(e1);
-// const d2 = sjcl.mode.gcm.decrypt(new sjcl.cipher.aes(key), e2, iv);
-
-// console.log({ d: toHex(d1), l: d1.byteLength }, { d: toHex(d2), l: sjcl.bitArray.bitLength(d2) / 8 });

package/src/encryption/pure-js.ts

@@ -1,105 +0,0 @@
-import sjcl from 'sjcl';
-import {
-    NONCE_SIZE,
-    AES_KEY_SIZE,
-    AES_TAG_SIZE,
-    type EncryptedData,
-    PBKDF2_ITERATIONS,
-    type PlainData,
-} from './common.js';
-
-// Load unminified version for debugging
-// globalThis.sjcl = sjcl;
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/aes.js');
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/gcm.js');
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/bitArray.js');
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/pbkdf2.js');
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/hmac.js');
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/sha256.js');
-
-/** Convert word array to buffer data */
-function wordArrayToBuffer(bitArray: sjcl.BitArray): Uint8Array {
-    const len = sjcl.bitArray.bitLength(bitArray) / 8;
-    const out = new Uint8Array(len);
-    for (let i = 0; i < len; i += 4) {
-        const tmp = bitArray[i / 4];
-        out[i] = (tmp >>> 24) & 0xff;
-        out[i + 1] = (tmp >>> 16) & 0xff;
-        out[i + 2] = (tmp >>> 8) & 0xff;
-        out[i + 3] = tmp & 0xff;
-    }
-    return out;
-}
-
-/** Convert buffer data to word array */
-function bufferToWordArray(buffer: Uint8Array): sjcl.BitArray {
-    const out = [];
-    const length = buffer.byteLength;
-    for (let i = 0; i < length; i += 4) {
-        out.push((buffer[i] << 24) | (buffer[i + 1] << 16) | (buffer[i + 2] << 8) | buffer[i + 3]);
-    }
-    if (length & 3) {
-        out[out.length - 1] = sjcl.bitArray.partial(8 * (length & 3), out[out.length - 1], 1);
-    }
-    return out;
-}
-
-/** Create aes params */
-function aesKdfJs(passphrase: string, salt: sjcl.BitArray): sjcl.BitArray {
-    return sjcl.misc.pbkdf2(passphrase, salt, PBKDF2_ITERATIONS, AES_KEY_SIZE * 8, sjcl.misc.hmac);
-}
-
-/** wrap non-error thrown */
-function wrapError(error: unknown): Error {
-    if (error instanceof Error) {
-        return error;
-    }
-    return new Error(String(error), { cause: error });
-}
-
-/** crypto-js encrypt */
-export async function encrypt({ data, aad }: PlainData, passphrase: string): Promise<EncryptedData> {
-    try {
-        const nonce = sjcl.random.randomWords(NONCE_SIZE / 4);
-        const key = aesKdfJs(passphrase, nonce);
-        const encrypted = sjcl.mode.gcm.encrypt(
-            new sjcl.cipher.aes(key),
-            bufferToWordArray(data),
-            nonce,
-            aad ? bufferToWordArray(aad) : undefined,
-            AES_TAG_SIZE * 8,
-        );
-        return await Promise.resolve({
-            nonce: wordArrayToBuffer(nonce),
-            data: wordArrayToBuffer(encrypted),
-        });
-    } catch (ex) {
-        throw wrapError(ex);
-    }
-}
-
-/** crypto-js decrypt */
-export async function decrypt({ data, aad, nonce }: EncryptedData, passphrase: string): Promise<PlainData> {
-    try {
-        const n = bufferToWordArray(nonce);
-        const key = aesKdfJs(passphrase, n);
-        const decrypted = sjcl.mode.gcm.decrypt(
-            new sjcl.cipher.aes(key),
-            bufferToWordArray(data),
-            n,
-            aad ? bufferToWordArray(aad) : undefined,
-            AES_TAG_SIZE * 8,
-        );
-        return await Promise.resolve({
-            data: wordArrayToBuffer(decrypted),
-        });
-    } catch (ex) {
-        throw wrapError(ex);
-    }
-}