cyberchef 9.52.1 → 9.54.0

package/CHANGELOG.md

@@ -13,6 +13,12 @@ All major and minor version changes will be documented in this file. Details of
 
 ## Details
 
+### [9.54.0] - 2022-11-25
+- Added 'Rabbit' operation [@mikecat] | [#1450]
+
+### [9.53.0] - 2022-11-25
+- Added 'AES Key Wrap' and 'AES Key Unwrap' operations [@mikecat] | [#1456]
+
 ### [9.52.0] - 2022-11-25
 - Added 'ChaCha' operation [@joostrijneveld] | [#1466]
 
@@ -333,6 +339,8 @@ All major and minor version changes will be documented in this file. Details of
 
 
 
+[9.54.0]: https://github.com/gchq/CyberChef/releases/tag/v9.54.0
+[9.53.0]: https://github.com/gchq/CyberChef/releases/tag/v9.53.0
 [9.52.0]: https://github.com/gchq/CyberChef/releases/tag/v9.52.0
 [9.51.0]: https://github.com/gchq/CyberChef/releases/tag/v9.51.0
 [9.50.0]: https://github.com/gchq/CyberChef/releases/tag/v9.50.0
@@ -584,4 +592,6 @@ All major and minor version changes will be documented in this file. Details of
 [#1472]: https://github.com/gchq/CyberChef/pull/1472
 [#1457]: https://github.com/gchq/CyberChef/pull/1457
 [#1466]: https://github.com/gchq/CyberChef/pull/1466
+[#1456]: https://github.com/gchq/CyberChef/pull/1456
+[#1450]: https://github.com/gchq/CyberChef/pull/1450
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cyberchef",
-  "version": "9.52.1",
+  "version": "9.54.0",
   "description": "The Cyber Swiss Army Knife for encryption, encoding, compression and data analysis.",
   "author": "n1474335 <n1474335@gmail.com>",
   "homepage": "https://gchq.github.io/CyberChef",

package/src/core/config/Categories.json

@@ -75,7 +75,6 @@
             "AES Decrypt",
             "Blowfish Encrypt",
             "Blowfish Decrypt",
-            "ChaCha",
             "DES Encrypt",
             "DES Decrypt",
             "Triple DES Encrypt",
@@ -86,6 +85,8 @@
             "RC2 Decrypt",
             "RC4",
             "RC4 Drop",
+            "ChaCha",
+            "Rabbit",
             "SM4 Encrypt",
             "SM4 Decrypt",
             "ROT13",
@@ -125,6 +126,8 @@
             "JWT Decode",
             "Citrix CTX1 Encode",
             "Citrix CTX1 Decode",
+            "AES Key Wrap",
+            "AES Key Unwrap",
             "Pseudo-Random Number Generator",
             "Enigma",
             "Bombe",

package/src/core/config/OperationConfig.json

@@ -348,6 +348,104 @@
             }
         ]
     },
+    "AES Key Unwrap": {
+        "module": "Ciphers",
+        "description": "Decryptor for a key wrapping algorithm defined in RFC3394, which is used to protect keys in untrusted storage or communications, using AES.<br><br>This algorithm uses an AES key (KEK: key-encryption key) and a 64-bit IV to decrypt 64-bit blocks.",
+        "infoURL": "https://wikipedia.org/wiki/Key_wrap",
+        "inputType": "string",
+        "outputType": "string",
+        "flowControl": false,
+        "manualBake": false,
+        "args": [
+            {
+                "name": "Key (KEK)",
+                "type": "toggleString",
+                "value": "",
+                "toggleValues": [
+                    "Hex",
+                    "UTF8",
+                    "Latin1",
+                    "Base64"
+                ]
+            },
+            {
+                "name": "IV",
+                "type": "toggleString",
+                "value": "a6a6a6a6a6a6a6a6",
+                "toggleValues": [
+                    "Hex",
+                    "UTF8",
+                    "Latin1",
+                    "Base64"
+                ]
+            },
+            {
+                "name": "Input",
+                "type": "option",
+                "value": [
+                    "Hex",
+                    "Raw"
+                ]
+            },
+            {
+                "name": "Output",
+                "type": "option",
+                "value": [
+                    "Hex",
+                    "Raw"
+                ]
+            }
+        ]
+    },
+    "AES Key Wrap": {
+        "module": "Ciphers",
+        "description": "A key wrapping algorithm defined in RFC3394, which is used to protect keys in untrusted storage or communications, using AES.<br><br>This algorithm uses an AES key (KEK: key-encryption key) and a 64-bit IV to encrypt 64-bit blocks.",
+        "infoURL": "https://wikipedia.org/wiki/Key_wrap",
+        "inputType": "string",
+        "outputType": "string",
+        "flowControl": false,
+        "manualBake": false,
+        "args": [
+            {
+                "name": "Key (KEK)",
+                "type": "toggleString",
+                "value": "",
+                "toggleValues": [
+                    "Hex",
+                    "UTF8",
+                    "Latin1",
+                    "Base64"
+                ]
+            },
+            {
+                "name": "IV",
+                "type": "toggleString",
+                "value": "a6a6a6a6a6a6a6a6",
+                "toggleValues": [
+                    "Hex",
+                    "UTF8",
+                    "Latin1",
+                    "Base64"
+                ]
+            },
+            {
+                "name": "Input",
+                "type": "option",
+                "value": [
+                    "Hex",
+                    "Raw"
+                ]
+            },
+            {
+                "name": "Output",
+                "type": "option",
+                "value": [
+                    "Hex",
+                    "Raw"
+                ]
+            }
+        ]
+    },
     "AND": {
         "module": "Default",
         "description": "AND the input with the given key.<br>e.g. <code>fe023da5</code>",
@@ -10747,6 +10845,63 @@
             }
         ]
     },
+    "Rabbit": {
+        "module": "Ciphers",
+        "description": "Rabbit is a high-speed stream cipher introduced in 2003 and defined in RFC 4503.<br><br>The cipher uses a 128-bit key and an optional 64-bit initialization vector (IV).<br><br>big-endian: based on RFC4503 and RFC3447<br>little-endian: compatible with Crypto++",
+        "infoURL": "https://wikipedia.org/wiki/Rabbit_(cipher)",
+        "inputType": "string",
+        "outputType": "string",
+        "flowControl": false,
+        "manualBake": false,
+        "args": [
+            {
+                "name": "Key",
+                "type": "toggleString",
+                "value": "",
+                "toggleValues": [
+                    "Hex",
+                    "UTF8",
+                    "Latin1",
+                    "Base64"
+                ]
+            },
+            {
+                "name": "IV",
+                "type": "toggleString",
+                "value": "",
+                "toggleValues": [
+                    "Hex",
+                    "UTF8",
+                    "Latin1",
+                    "Base64"
+                ]
+            },
+            {
+                "name": "Endianness",
+                "type": "option",
+                "value": [
+                    "Big",
+                    "Little"
+                ]
+            },
+            {
+                "name": "Input",
+                "type": "option",
+                "value": [
+                    "Raw",
+                    "Hex"
+                ]
+            },
+            {
+                "name": "Output",
+                "type": "option",
+                "value": [
+                    "Raw",
+                    "Hex"
+                ]
+            }
+        ]
+    },
     "Rail Fence Cipher Decode": {
         "module": "Ciphers",
         "description": "Decodes Strings that were created using the Rail fence Cipher provided a key and an offset",

package/src/core/config/modules/Ciphers.mjs

@@ -9,6 +9,8 @@ import A1Z26CipherDecode from "../../operations/A1Z26CipherDecode.mjs";
 import A1Z26CipherEncode from "../../operations/A1Z26CipherEncode.mjs";
 import AESDecrypt from "../../operations/AESDecrypt.mjs";
 import AESEncrypt from "../../operations/AESEncrypt.mjs";
+import AESKeyUnwrap from "../../operations/AESKeyUnwrap.mjs";
+import AESKeyWrap from "../../operations/AESKeyWrap.mjs";
 import AffineCipherDecode from "../../operations/AffineCipherDecode.mjs";
 import AffineCipherEncode from "../../operations/AffineCipherEncode.mjs";
 import AtbashCipher from "../../operations/AtbashCipher.mjs";
@@ -33,6 +35,7 @@ import RSADecrypt from "../../operations/RSADecrypt.mjs";
 import RSAEncrypt from "../../operations/RSAEncrypt.mjs";
 import RSASign from "../../operations/RSASign.mjs";
 import RSAVerify from "../../operations/RSAVerify.mjs";
+import Rabbit from "../../operations/Rabbit.mjs";
 import RailFenceCipherDecode from "../../operations/RailFenceCipherDecode.mjs";
 import RailFenceCipherEncode from "../../operations/RailFenceCipherEncode.mjs";
 import SM4Decrypt from "../../operations/SM4Decrypt.mjs";
@@ -49,6 +52,8 @@ OpModules.Ciphers = {
     "A1Z26 Cipher Encode": A1Z26CipherEncode,
     "AES Decrypt": AESDecrypt,
     "AES Encrypt": AESEncrypt,
+    "AES Key Unwrap": AESKeyUnwrap,
+    "AES Key Wrap": AESKeyWrap,
     "Affine Cipher Decode": AffineCipherDecode,
     "Affine Cipher Encode": AffineCipherEncode,
     "Atbash Cipher": AtbashCipher,
@@ -73,6 +78,7 @@ OpModules.Ciphers = {
     "RSA Encrypt": RSAEncrypt,
     "RSA Sign": RSASign,
     "RSA Verify": RSAVerify,
+    "Rabbit": Rabbit,
     "Rail Fence Cipher Decode": RailFenceCipherDecode,
     "Rail Fence Cipher Encode": RailFenceCipherEncode,
     "SM4 Decrypt": SM4Decrypt,

package/src/core/operations/AESKeyUnwrap.mjs

@@ -0,0 +1,128 @@
+/**
+ * @author mikecat
+ * @copyright Crown Copyright 2022
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+import Utils from "../Utils.mjs";
+import { toHexFast } from "../lib/Hex.mjs";
+import forge from "node-forge";
+import OperationError from "../errors/OperationError.mjs";
+
+/**
+ * AES Key Unwrap operation
+ */
+class AESKeyUnwrap extends Operation {
+
+    /**
+     * AESKeyUnwrap constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "AES Key Unwrap";
+        this.module = "Ciphers";
+        this.description = "Decryptor for a key wrapping algorithm defined in RFC3394, which is used to protect keys in untrusted storage or communications, using AES.<br><br>This algorithm uses an AES key (KEK: key-encryption key) and a 64-bit IV to decrypt 64-bit blocks.";
+        this.infoURL = "https://wikipedia.org/wiki/Key_wrap";
+        this.inputType = "string";
+        this.outputType = "string";
+        this.args = [
+            {
+                "name": "Key (KEK)",
+                "type": "toggleString",
+                "value": "",
+                "toggleValues": ["Hex", "UTF8", "Latin1", "Base64"]
+            },
+            {
+                "name": "IV",
+                "type": "toggleString",
+                "value": "a6a6a6a6a6a6a6a6",
+                "toggleValues": ["Hex", "UTF8", "Latin1", "Base64"]
+            },
+            {
+                "name": "Input",
+                "type": "option",
+                "value": ["Hex", "Raw"]
+            },
+            {
+                "name": "Output",
+                "type": "option",
+                "value": ["Hex", "Raw"]
+            },
+        ];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        const kek = Utils.convertToByteString(args[0].string, args[0].option),
+            iv = Utils.convertToByteString(args[1].string, args[1].option),
+            inputType = args[2],
+            outputType = args[3];
+
+        if (kek.length !== 16 && kek.length !== 24 && kek.length !== 32) {
+            throw new OperationError("KEK must be either 16, 24, or 32 bytes (currently " + kek.length + " bytes)");
+        }
+        if (iv.length !== 8) {
+            throw new OperationError("IV must be 8 bytes (currently " + iv.length + " bytes)");
+        }
+        const inputData = Utils.convertToByteString(input, inputType);
+        if (inputData.length % 8 !== 0 || inputData.length < 24) {
+            throw new OperationError("input must be 8n (n>=3) bytes (currently " + inputData.length + " bytes)");
+        }
+
+        const cipher = forge.cipher.createCipher("AES-ECB", kek);
+        cipher.start();
+        cipher.update(forge.util.createBuffer(""));
+        cipher.finish();
+        const paddingBlock = cipher.output.getBytes();
+
+        const decipher = forge.cipher.createDecipher("AES-ECB", kek);
+
+        let A = inputData.substring(0, 8);
+        const R = [];
+        for (let i = 8; i < inputData.length; i += 8) {
+            R.push(inputData.substring(i, i + 8));
+        }
+        let cntLower = R.length >>> 0;
+        let cntUpper = (R.length / ((1 << 30) * 4)) >>> 0;
+        cntUpper = cntUpper * 6 + ((cntLower * 6 / ((1 << 30) * 4)) >>> 0);
+        cntLower = cntLower * 6 >>> 0;
+        for (let j = 5; j >= 0; j--) {
+            for (let i = R.length - 1; i >= 0; i--) {
+                const aBuffer = Utils.strToArrayBuffer(A);
+                const aView = new DataView(aBuffer);
+                aView.setUint32(0, aView.getUint32(0) ^ cntUpper);
+                aView.setUint32(4, aView.getUint32(4) ^ cntLower);
+                A = Utils.arrayBufferToStr(aBuffer, false);
+                decipher.start();
+                decipher.update(forge.util.createBuffer(A + R[i] + paddingBlock));
+                decipher.finish();
+                const B = decipher.output.getBytes();
+                A = B.substring(0, 8);
+                R[i] = B.substring(8, 16);
+                cntLower--;
+                if (cntLower < 0) {
+                    cntUpper--;
+                    cntLower = 0xffffffff;
+                }
+            }
+        }
+        if (A !== iv) {
+            throw new OperationError("IV mismatch");
+        }
+        const P = R.join("");
+
+        if (outputType === "Hex") {
+            return toHexFast(Utils.strToArrayBuffer(P));
+        }
+        return P;
+    }
+
+}
+
+export default AESKeyUnwrap;

package/src/core/operations/AESKeyWrap.mjs

@@ -0,0 +1,115 @@
+/**
+ * @author mikecat
+ * @copyright Crown Copyright 2022
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+import Utils from "../Utils.mjs";
+import { toHexFast } from "../lib/Hex.mjs";
+import forge from "node-forge";
+import OperationError from "../errors/OperationError.mjs";
+
+/**
+ * AES Key Wrap operation
+ */
+class AESKeyWrap extends Operation {
+
+    /**
+     * AESKeyWrap constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "AES Key Wrap";
+        this.module = "Ciphers";
+        this.description = "A key wrapping algorithm defined in RFC3394, which is used to protect keys in untrusted storage or communications, using AES.<br><br>This algorithm uses an AES key (KEK: key-encryption key) and a 64-bit IV to encrypt 64-bit blocks.";
+        this.infoURL = "https://wikipedia.org/wiki/Key_wrap";
+        this.inputType = "string";
+        this.outputType = "string";
+        this.args = [
+            {
+                "name": "Key (KEK)",
+                "type": "toggleString",
+                "value": "",
+                "toggleValues": ["Hex", "UTF8", "Latin1", "Base64"]
+            },
+            {
+                "name": "IV",
+                "type": "toggleString",
+                "value": "a6a6a6a6a6a6a6a6",
+                "toggleValues": ["Hex", "UTF8", "Latin1", "Base64"]
+            },
+            {
+                "name": "Input",
+                "type": "option",
+                "value": ["Hex", "Raw"]
+            },
+            {
+                "name": "Output",
+                "type": "option",
+                "value": ["Hex", "Raw"]
+            },
+        ];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        const kek = Utils.convertToByteString(args[0].string, args[0].option),
+            iv = Utils.convertToByteString(args[1].string, args[1].option),
+            inputType = args[2],
+            outputType = args[3];
+
+        if (kek.length !== 16 && kek.length !== 24 && kek.length !== 32) {
+            throw new OperationError("KEK must be either 16, 24, or 32 bytes (currently " + kek.length + " bytes)");
+        }
+        if (iv.length !== 8) {
+            throw new OperationError("IV must be 8 bytes (currently " + iv.length + " bytes)");
+        }
+        const inputData = Utils.convertToByteString(input, inputType);
+        if (inputData.length % 8 !== 0 || inputData.length < 16) {
+            throw new OperationError("input must be 8n (n>=2) bytes (currently " + inputData.length + " bytes)");
+        }
+
+        const cipher = forge.cipher.createCipher("AES-ECB", kek);
+
+        let A = iv;
+        const R = [];
+        for (let i = 0; i < inputData.length; i += 8) {
+            R.push(inputData.substring(i, i + 8));
+        }
+        let cntLower = 1, cntUpper = 0;
+        for (let j = 0; j < 6; j++) {
+            for (let i = 0; i < R.length; i++) {
+                cipher.start();
+                cipher.update(forge.util.createBuffer(A + R[i]));
+                cipher.finish();
+                const B = cipher.output.getBytes();
+                const msbBuffer = Utils.strToArrayBuffer(B.substring(0, 8));
+                const msbView = new DataView(msbBuffer);
+                msbView.setUint32(0, msbView.getUint32(0) ^ cntUpper);
+                msbView.setUint32(4, msbView.getUint32(4) ^ cntLower);
+                A = Utils.arrayBufferToStr(msbBuffer, false);
+                R[i] = B.substring(8, 16);
+                cntLower++;
+                if (cntLower > 0xffffffff) {
+                    cntUpper++;
+                    cntLower = 0;
+                }
+            }
+        }
+        const C = A + R.join("");
+
+        if (outputType === "Hex") {
+            return toHexFast(Utils.strToArrayBuffer(C));
+        }
+        return C;
+    }
+
+}
+
+export default AESKeyWrap;