@cloudpss/crypto 0.5.25 → 0.5.28

package/src/encryption/js/gcm.ts

@@ -1,258 +0,0 @@
-import { AES } from './aes.js';
-
-// const console = { log() {} };
-const EMPTY = new Uint8Array(0);
-
-/** GCM (Galois/Counter Mode) */
-export class GCM {
-    constructor(
-        readonly cipher: AES,
-        readonly iv: Uint8Array,
-        readonly tagLength = 128,
-        readonly aad = EMPTY,
-    ) {
-        this.H = new Uint32Array(4);
-        this.cipher.encrypt(new Uint32Array(4), 0, this.H, 0);
-    }
-
-    /** Convert a Uint8Array to a Uint32Array */
-    private toUint32Array(data: Uint8Array): Uint32Array {
-        const out = new Uint32Array(Math.ceil(data.byteLength / 4));
-        for (let i = 0; i < out.length; i++) {
-            out[i] = (data[i * 4] << 24) | (data[i * 4 + 1] << 16) | (data[i * 4 + 2] << 8) | data[i * 4 + 3];
-        }
-        return out;
-    }
-    /** Convert a Uint32Array to a Uint8Array */
-    private toUint8Array(data: Uint32Array, byteLength: number): Uint8Array {
-        const out = new Uint8Array(byteLength);
-        for (let i = 0; i < byteLength; i++) {
-            out[i] = (data[Math.trunc(i / 4)] >>> (24 - (i % 4) * 8)) & 0xff;
-        }
-        return out;
-    }
-
-    /** Set out of range bytes to 0 */
-    private clamp(data: Uint32Array, byteLength: number): void {
-        const mask = 0xffff_ffff << (32 - (byteLength % 4) * 8);
-        data[Math.trunc(byteLength / 4)] &= mask;
-    }
-
-    private readonly H: Uint32Array;
-    /** Compute the galois multiplication of X and Y */
-    private galoisMultiply(x_r: Uint32Array, y: Uint32Array): void {
-        let Zi0 = 0,
-            Zi1 = 0,
-            Zi2 = 0,
-            Zi3 = 0;
-        let Vi0 = y[0],
-            Vi1 = y[1],
-            Vi2 = y[2],
-            Vi3 = y[3];
-
-        // Block size is 128 bits, run 128 times to get Z_128
-        for (let i = 0; i < 128; i++) {
-            const xi = (x_r[i >> 5] & (1 << (31 - (i % 32)))) !== 0;
-            if (xi) {
-                // Z_i+1 = Z_i ^ V_i
-                Zi0 ^= Vi0;
-                Zi1 ^= Vi1;
-                Zi2 ^= Vi2;
-                Zi3 ^= Vi3;
-            }
-
-            // Store the value of LSB(V_i)
-            const lsb_Vi = (Vi3 & 1) !== 0;
-
-            // V_i+1 = V_i >> 1
-            Vi3 = (Vi3 >>> 1) | ((Vi2 & 1) << 31);
-            Vi2 = (Vi2 >>> 1) | ((Vi1 & 1) << 31);
-            Vi1 = (Vi1 >>> 1) | ((Vi0 & 1) << 31);
-            Vi0 = Vi0 >>> 1;
-
-            // If LSB(V_i) is 1, V_i+1 = (V_i >> 1) ^ R
-            if (lsb_Vi) {
-                Vi0 = Vi0 ^ (0xe1 << 24);
-            }
-        }
-        x_r[0] = Zi0;
-        x_r[1] = Zi1;
-        x_r[2] = Zi2;
-        x_r[3] = Zi3;
-    }
-
-    /** Ghash */
-    private ghash(Y: Uint32Array, data: Uint32Array): void {
-        const l = data.length;
-        for (let i = 0; i < l; i += 4) {
-            Y[0] ^= 0xffff_ffff & data[i];
-            Y[1] ^= 0xffff_ffff & data[i + 1];
-            Y[2] ^= 0xffff_ffff & data[i + 2];
-            Y[3] ^= 0xffff_ffff & data[i + 3];
-            this.galoisMultiply(Y, this.H);
-        }
-    }
-
-    /** GCM CTR mode. */
-    private ctr(encrypt: boolean, data: Uint32Array, length: number): { data: Uint32Array; tag: Uint8Array } {
-        // console.log('data inpm', toHex(data));
-        // Calculate data lengths
-        const l = length / 4;
-        const bl = l * 32;
-        const abl = this.aad.byteLength * 8;
-        const ivbl = this.iv.byteLength * 8;
-
-        // Calculate the parameters
-        const J0 = new Uint32Array(4);
-        if (ivbl === 96) {
-            new Uint8Array(J0.buffer, J0.byteOffset).set(this.iv);
-            J0[3] = 1;
-        } else {
-            this.ghash(J0, this.toUint32Array(this.iv));
-            this.ghash(J0, new Uint32Array([0, 0, Math.trunc(ivbl / 0x1_0000_0000), ivbl & 0xffff_ffff]));
-        }
-
-        const S0 = new Uint32Array(4);
-        this.ghash(S0, this.toUint32Array(this.aad));
-
-        // Initialize ctr and tag
-        const tag = S0.slice(0);
-
-        // If decrypting, calculate hash
-        if (!encrypt) {
-            this.ghash(tag, data);
-        }
-
-        // Encrypt all the data
-        const ctr = J0.slice(0);
-        const enc = new Uint32Array(4);
-        for (let i = 0; i < l; i += 4) {
-            ctr[3]++;
-            this.cipher.encrypt(ctr, 0, enc, 0);
-
-            data[i] ^= enc[0];
-            data[i + 1] ^= enc[1];
-            data[i + 2] ^= enc[2];
-            data[i + 3] ^= enc[3];
-        }
-        this.clamp(data, length);
-        // console.log('data inpm', toHex(data));
-
-        // console.log('H impl', toHex(this.H));
-        // console.log('tag impl', toHex(tag));
-        // If encrypting, calculate hash
-        if (encrypt) {
-            this.ghash(tag, data);
-        }
-        // console.log('tag impl', toHex(tag));
-
-        // Calculate last block from bit lengths, ugly because bitwise operations are 32-bit
-        // Calculate the final tag block
-        this.ghash(
-            tag,
-            new Uint32Array([
-                Math.trunc(abl / 0x1_0000_0000),
-                abl & 0xffff_ffff,
-                Math.trunc(bl / 0x1_0000_0000),
-                bl & 0xffff_ffff,
-            ]),
-        );
-
-        this.cipher.encrypt(J0, 0, enc, 0);
-        tag[0] ^= enc[0];
-        tag[1] ^= enc[1];
-        tag[2] ^= enc[2];
-        tag[3] ^= enc[3];
-
-        // console.log('tag impl', toHex(tag));
-        return {
-            tag: new Uint8Array(tag.buffer, tag.byteOffset, this.tagLength / 8),
-            data,
-        };
-    }
-
-    /** 加密 */
-    encrypt(data: Uint8Array): Uint8Array {
-        const length = data.byteLength;
-        const data32 = this.toUint32Array(data);
-        const { data: out, tag } = this.ctr(true, data32, length);
-        const result = new Uint8Array(length + tag.byteLength);
-        result.set(this.toUint8Array(out, length), 0);
-        result.set(tag, length);
-        return result;
-    }
-
-    /** 解密 */
-    decrypt(data: Uint8Array): Uint8Array {
-        let tag, data32, length;
-        if (this.tagLength / 8 > data.byteLength) {
-            throw new Error('GCM: invalid data length');
-        } else if (this.tagLength / 8 === data.byteLength) {
-            length = 0;
-            tag = data;
-            data32 = new Uint32Array(0);
-        } else {
-            length = data.byteLength - this.tagLength / 8;
-            tag = data.subarray(length);
-            data32 = this.toUint32Array(data.subarray(0, length));
-        }
-        const { data: out, tag: tag2 } = this.ctr(false, data32, length);
-        if (tag2.some((v, i) => v !== tag[i])) {
-            throw new Error('GCM: tag does not match');
-        }
-        return this.toUint8Array(out, length);
-    }
-}
-
-// import sjcl from 'sjcl';
-// global.sjcl = sjcl;
-
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/aes.js');
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/gcm.js');
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/bitArray.js');
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/pbkdf2.js');
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/hmac.js');
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/sha256.js');
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/codecBytes.js');
-
-// function toHex(arr: number[] | Uint32Array | Int32Array | Uint8Array): string[] {
-//     if (arr instanceof Uint8Array) {
-//         const result = [];
-//         for (let i = 0; i < arr.length; i += 4) {
-//             const a = arr[i].toString(16).padStart(2, '0');
-//             const b = arr[i + 1]?.toString(16).padStart(2, '0') ?? '';
-//             const c = arr[i + 2]?.toString(16).padStart(2, '0') ?? '';
-//             const d = arr[i + 3]?.toString(16).padStart(2, '0') ?? '';
-//             result.push(a + b + c + d);
-//         }
-//         return result;
-//     }
-//     return [...arr].map((x) => {
-//         if (x < 0) x = 0xffffffff + x + 1;
-//         return x.toString(16).padStart(8, '0');
-//     });
-// }
-// // @ts-expect-error sjcl is not a module
-// global.toHex = toHex;
-
-// const data = new Uint8Array([1, 2, 3, 4, 5, 6, 7]);
-// const key = [1, 2, 3, 4];
-// const iv = [9, 8, 7];
-
-// const aes = new AES(new Uint32Array(key));
-// const gcm = new GCM(aes, new Uint8Array(new Uint32Array(iv).buffer));
-// const e1 = gcm.encrypt(data);
-// const e2 = sjcl.mode.gcm.encrypt(new sjcl.cipher.aes(key), sjcl.codec.bytes.toBits([...data]), iv);
-// console.log({ d: toHex(e1), l: e1.byteLength }, { d: toHex(e2), l: sjcl.bitArray.bitLength(e2) / 8 });
-
-// const d1 = gcm.decrypt(e1);
-// const d2 = sjcl.mode.gcm.decrypt(new sjcl.cipher.aes(key), e2, iv);
-
-// console.log({ d: toHex(d1), l: d1.byteLength }, { d: toHex(d2), l: sjcl.bitArray.bitLength(d2) / 8 });

package/src/encryption/pure-js.ts

@@ -1,105 +0,0 @@
-import sjcl from 'sjcl';
-import {
-    NONCE_SIZE,
-    AES_KEY_SIZE,
-    AES_TAG_SIZE,
-    type EncryptedData,
-    PBKDF2_ITERATIONS,
-    type PlainData,
-} from './common.js';
-
-// Load unminified version for debugging
-// globalThis.sjcl = sjcl;
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/aes.js');
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/gcm.js');
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/bitArray.js');
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/pbkdf2.js');
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/hmac.js');
-// // @ts-expect-error sjcl is not a module
-// await import('sjcl/core/sha256.js');
-
-/** Convert word array to buffer data */
-function wordArrayToBuffer(bitArray: sjcl.BitArray): Uint8Array {
-    const len = sjcl.bitArray.bitLength(bitArray) / 8;
-    const out = new Uint8Array(len);
-    for (let i = 0; i < len; i += 4) {
-        const tmp = bitArray[i / 4];
-        out[i] = (tmp >>> 24) & 0xff;
-        out[i + 1] = (tmp >>> 16) & 0xff;
-        out[i + 2] = (tmp >>> 8) & 0xff;
-        out[i + 3] = tmp & 0xff;
-    }
-    return out;
-}
-
-/** Convert buffer data to word array */
-function bufferToWordArray(buffer: Uint8Array): sjcl.BitArray {
-    const out = [];
-    const length = buffer.byteLength;
-    for (let i = 0; i < length; i += 4) {
-        out.push((buffer[i] << 24) | (buffer[i + 1] << 16) | (buffer[i + 2] << 8) | buffer[i + 3]);
-    }
-    if (length & 3) {
-        out[out.length - 1] = sjcl.bitArray.partial(8 * (length & 3), out[out.length - 1], 1);
-    }
-    return out;
-}
-
-/** Create aes params */
-function aesKdfJs(passphrase: string, salt: sjcl.BitArray): sjcl.BitArray {
-    return sjcl.misc.pbkdf2(passphrase, salt, PBKDF2_ITERATIONS, AES_KEY_SIZE * 8, sjcl.misc.hmac);
-}
-
-/** wrap non-error thrown */
-function wrapError(error: unknown): Error {
-    if (error instanceof Error) {
-        return error;
-    }
-    return new Error(String(error), { cause: error });
-}
-
-/** crypto-js encrypt */
-export async function encrypt({ data, aad }: PlainData, passphrase: string): Promise<EncryptedData> {
-    try {
-        const nonce = sjcl.random.randomWords(NONCE_SIZE / 4);
-        const key = aesKdfJs(passphrase, nonce);
-        const encrypted = sjcl.mode.gcm.encrypt(
-            new sjcl.cipher.aes(key),
-            bufferToWordArray(data),
-            nonce,
-            aad ? bufferToWordArray(aad) : undefined,
-            AES_TAG_SIZE * 8,
-        );
-        return await Promise.resolve({
-            nonce: wordArrayToBuffer(nonce),
-            data: wordArrayToBuffer(encrypted),
-        });
-    } catch (ex) {
-        throw wrapError(ex);
-    }
-}
-
-/** crypto-js decrypt */
-export async function decrypt({ data, aad, nonce }: EncryptedData, passphrase: string): Promise<PlainData> {
-    try {
-        const n = bufferToWordArray(nonce);
-        const key = aesKdfJs(passphrase, n);
-        const decrypted = sjcl.mode.gcm.decrypt(
-            new sjcl.cipher.aes(key),
-            bufferToWordArray(data),
-            n,
-            aad ? bufferToWordArray(aad) : undefined,
-            AES_TAG_SIZE * 8,
-        );
-        return await Promise.resolve({
-            data: wordArrayToBuffer(decrypted),
-        });
-    } catch (ex) {
-        throw wrapError(ex);
-    }
-}