goscript 0.2.1 → 0.2.2

package/gs/builtin/hostio.ts

@@ -344,9 +344,7 @@ function detectHostRuntime(): HostRuntime {
       )
     }
     if (fd === 1 || fd === 2) {
-      fallbackConsoleWriter(fd === 2 ? 'error' : 'log')(
-        decoder.decode(buffer),
-      )
+      fallbackConsoleWriter('log')(decoder.decode(buffer))
       return buffer.length
     }
     throw new HostUnsupportedError()
@@ -381,7 +379,7 @@ function detectHostRuntime(): HostRuntime {
       )
       return
     }
-    fallbackConsoleWriter('error')(data)
+    fallbackConsoleWriter('log')(data)
   }
 
   return {

package/gs/crypto/aes/index.test.ts

@@ -0,0 +1,120 @@
+import { describe, expect, test } from 'vitest'
+
+import * as $ from '@goscript/builtin/index.js'
+import * as cipher from '@goscript/crypto/cipher/index.js'
+
+import { BlockSize, KeySizeError_Error, NewCipher } from './index.js'
+
+describe('crypto/aes WebCrypto override', () => {
+  test.each([
+    [
+      'AES-128',
+      '000102030405060708090a0b0c0d0e0f',
+      '00112233445566778899aabbccddeeff',
+      '69c4e0d86a7b0430d8cdb78070b4c55a',
+    ],
+    [
+      'AES-192',
+      '000102030405060708090a0b0c0d0e0f1011121314151617',
+      '00112233445566778899aabbccddeeff',
+      'dda97ca4864cdfe06eaf70a0ec0d7191',
+    ],
+    [
+      'AES-256',
+      '000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f',
+      '00112233445566778899aabbccddeeff',
+      '8ea2b7ca516745bfeafc49904b496089',
+    ],
+  ])(
+    'encrypts and decrypts a raw %s block',
+    (_name, key, plaintext, ciphertext) => {
+      const [block, err] = NewCipher(hex(key))
+      expect(err).toBeNull()
+
+      const encrypted = new Uint8Array(BlockSize)
+      block!.Encrypt(encrypted, hex(plaintext))
+      expect(toHex(encrypted)).toBe(ciphertext)
+
+      const decrypted = new Uint8Array(BlockSize)
+      block!.Decrypt(decrypted, encrypted)
+      expect(toHex(decrypted)).toBe(plaintext)
+    },
+  )
+
+  test('seals and opens the NIST AES-256-GCM vector', async () => {
+    const [block, blockErr] = NewCipher(
+      hex('0000000000000000000000000000000000000000000000000000000000000000'),
+    )
+    expect(blockErr).toBeNull()
+    expect(block?.BlockSize()).toBe(BlockSize)
+
+    const [aead, aeadErr] = cipher.NewGCM(block)
+    expect(aeadErr).toBeNull()
+    expect(aead?.NonceSize()).toBe(12)
+    expect(aead?.Overhead()).toBe(16)
+
+    const sealed = await aead!.Seal(
+      null,
+      hex('000000000000000000000000'),
+      hex('00000000000000000000000000000000'),
+      null,
+    )
+    expect(toHex(sealed)).toBe(
+      'cea7403d4d606b6e074ec5d3baf39d18d0d1c8a799996bf0265b98b5d48ab919',
+    )
+
+    const [opened, openErr] = await aead!.Open(
+      $.stringToBytes('prefix:'),
+      hex('000000000000000000000000'),
+      sealed,
+      null,
+    )
+    expect(openErr).toBeNull()
+    expect(toHex(opened)).toBe(
+      toHex($.stringToBytes('prefix:')) + '00000000000000000000000000000000',
+    )
+  })
+
+  test('rejects tampered ciphertext', async () => {
+    const [block] = NewCipher(
+      hex('0000000000000000000000000000000000000000000000000000000000000000'),
+    )
+    const [aead] = cipher.NewGCM(block)
+    const sealed = await aead!.Seal(
+      null,
+      hex('000000000000000000000000'),
+      $.stringToBytes('hello'),
+      $.stringToBytes('aad'),
+    )
+    sealed![0] ^= 1
+
+    const [opened, openErr] = await aead!.Open(
+      null,
+      hex('000000000000000000000000'),
+      sealed,
+      $.stringToBytes('aad'),
+    )
+    expect(opened).toBeNull()
+    expect(openErr?.Error()).toBe('cipher: message authentication failed')
+  })
+
+  test('rejects invalid key lengths', () => {
+    const [block, err] = NewCipher(new Uint8Array(31))
+    expect(block).toBeNull()
+    expect(err?.Error()).toBe(KeySizeError_Error(31))
+  })
+})
+
+function hex(input: string): Uint8Array {
+  const out = new Uint8Array(input.length / 2)
+  for (let idx = 0; idx < out.length; idx++) {
+    out[idx] = Number.parseInt(input.slice(idx * 2, idx * 2 + 2), 16)
+  }
+  return out
+}
+
+function toHex(input: Uint8Array | number[] | null): string {
+  return Array.from(input ?? [])
+    .map((value) => value.toString(16).padStart(2, '0'))
+    .join('')
+}

package/gs/crypto/aes/index.ts

@@ -0,0 +1,76 @@
+import * as $ from '@goscript/builtin/index.js'
+import type * as cipher from '@goscript/crypto/cipher/index.js'
+import { ecb } from '@noble/ciphers/aes.js'
+
+export const BlockSize = 16
+
+export type KeySizeError = number
+
+export class AESBlock implements cipher.Block {
+  private keyPromise: Promise<CryptoKey> | null = null
+
+  constructor(private readonly key: Uint8Array) {}
+
+  BlockSize(): number {
+    return BlockSize
+  }
+
+  Encrypt(dst: $.Bytes, src: $.Bytes): void {
+    const srcBytes = $.bytesToUint8Array(src)
+    if (srcBytes.length < BlockSize) {
+      $.panic('crypto/aes: input not full block')
+    }
+    if ($.len(dst) < BlockSize) {
+      $.panic('crypto/aes: output not full block')
+    }
+    const out = ecb(this.key, { disablePadding: true }).encrypt(
+      srcBytes.subarray(0, BlockSize),
+    )
+    $.copy(dst as Uint8Array, out)
+  }
+
+  Decrypt(dst: $.Bytes, src: $.Bytes): void {
+    const srcBytes = $.bytesToUint8Array(src)
+    if (srcBytes.length < BlockSize) {
+      $.panic('crypto/aes: input not full block')
+    }
+    if ($.len(dst) < BlockSize) {
+      $.panic('crypto/aes: output not full block')
+    }
+    const out = ecb(this.key, { disablePadding: true }).decrypt(
+      srcBytes.subarray(0, BlockSize),
+    )
+    $.copy(dst as Uint8Array, out)
+  }
+
+  async webCryptoKey(): Promise<CryptoKey> {
+    this.keyPromise ??= subtleCrypto().importKey(
+      'raw',
+      this.key as unknown as BufferSource,
+      'AES-GCM',
+      false,
+      ['encrypt', 'decrypt'],
+    )
+    return this.keyPromise
+  }
+}
+
+export function KeySizeError_Error(k: KeySizeError): string {
+  return `crypto/aes: invalid key size ${k}`
+}
+
+export function NewCipher(key: $.Bytes): [cipher.Block | null, $.GoError] {
+  const k = $.len(key)
+  if (k !== 16 && k !== 24 && k !== 32) {
+    return [null, $.newError(KeySizeError_Error(k))]
+  }
+  return [new AESBlock($.bytesToUint8Array(key).slice()), null]
+}
+
+function subtleCrypto(): SubtleCrypto {
+  const subtle = globalThis.crypto?.subtle
+  if (subtle == null) {
+    throw new Error('crypto/aes: WebCrypto AES-GCM is unavailable')
+  }
+  return subtle
+}

package/gs/crypto/cipher/index.ts

@@ -0,0 +1,345 @@
+import * as $ from '@goscript/builtin/index.js'
+
+export type Block = {
+  BlockSize(): number
+  Decrypt(dst: $.Bytes, src: $.Bytes): void
+  Encrypt(dst: $.Bytes, src: $.Bytes): void
+}
+
+$.registerInterfaceType('cipher.Block', null, [
+  {
+    name: 'BlockSize',
+    args: [],
+    returns: [{ name: '_r0', type: { kind: $.TypeKind.Basic, name: 'int' } }],
+  },
+  {
+    name: 'Decrypt',
+    args: [
+      {
+        name: 'dst',
+        type: {
+          kind: $.TypeKind.Slice,
+          elemType: { kind: $.TypeKind.Basic, name: 'uint8' },
+        },
+      },
+      {
+        name: 'src',
+        type: {
+          kind: $.TypeKind.Slice,
+          elemType: { kind: $.TypeKind.Basic, name: 'uint8' },
+        },
+      },
+    ],
+    returns: [],
+  },
+  {
+    name: 'Encrypt',
+    args: [
+      {
+        name: 'dst',
+        type: {
+          kind: $.TypeKind.Slice,
+          elemType: { kind: $.TypeKind.Basic, name: 'uint8' },
+        },
+      },
+      {
+        name: 'src',
+        type: {
+          kind: $.TypeKind.Slice,
+          elemType: { kind: $.TypeKind.Basic, name: 'uint8' },
+        },
+      },
+    ],
+    returns: [],
+  },
+])
+
+export type AEAD = {
+  NonceSize(): number
+  Open(
+    dst: $.Bytes,
+    nonce: $.Bytes,
+    ciphertext: $.Bytes,
+    additionalData: $.Bytes,
+  ): [$.Bytes, $.GoError] | Promise<[$.Bytes, $.GoError]>
+  Overhead(): number
+  Seal(
+    dst: $.Bytes,
+    nonce: $.Bytes,
+    plaintext: $.Bytes,
+    additionalData: $.Bytes,
+  ): $.Bytes | Promise<$.Bytes>
+}
+
+$.registerInterfaceType('cipher.AEAD', null, [
+  {
+    name: 'NonceSize',
+    args: [],
+    returns: [{ name: '_r0', type: { kind: $.TypeKind.Basic, name: 'int' } }],
+  },
+  {
+    name: 'Open',
+    args: [
+      {
+        name: 'dst',
+        type: {
+          kind: $.TypeKind.Slice,
+          elemType: { kind: $.TypeKind.Basic, name: 'uint8' },
+        },
+      },
+      {
+        name: 'nonce',
+        type: {
+          kind: $.TypeKind.Slice,
+          elemType: { kind: $.TypeKind.Basic, name: 'uint8' },
+        },
+      },
+      {
+        name: 'ciphertext',
+        type: {
+          kind: $.TypeKind.Slice,
+          elemType: { kind: $.TypeKind.Basic, name: 'uint8' },
+        },
+      },
+      {
+        name: 'additionalData',
+        type: {
+          kind: $.TypeKind.Slice,
+          elemType: { kind: $.TypeKind.Basic, name: 'uint8' },
+        },
+      },
+    ],
+    returns: [
+      {
+        name: '_r0',
+        type: {
+          kind: $.TypeKind.Slice,
+          elemType: { kind: $.TypeKind.Basic, name: 'uint8' },
+        },
+      },
+      { name: '_r1', type: 'error' },
+    ],
+  },
+  {
+    name: 'Overhead',
+    args: [],
+    returns: [{ name: '_r0', type: { kind: $.TypeKind.Basic, name: 'int' } }],
+  },
+  {
+    name: 'Seal',
+    args: [
+      {
+        name: 'dst',
+        type: {
+          kind: $.TypeKind.Slice,
+          elemType: { kind: $.TypeKind.Basic, name: 'uint8' },
+        },
+      },
+      {
+        name: 'nonce',
+        type: {
+          kind: $.TypeKind.Slice,
+          elemType: { kind: $.TypeKind.Basic, name: 'uint8' },
+        },
+      },
+      {
+        name: 'plaintext',
+        type: {
+          kind: $.TypeKind.Slice,
+          elemType: { kind: $.TypeKind.Basic, name: 'uint8' },
+        },
+      },
+      {
+        name: 'additionalData',
+        type: {
+          kind: $.TypeKind.Slice,
+          elemType: { kind: $.TypeKind.Basic, name: 'uint8' },
+        },
+      },
+    ],
+    returns: [
+      {
+        name: '_r0',
+        type: {
+          kind: $.TypeKind.Slice,
+          elemType: { kind: $.TypeKind.Basic, name: 'uint8' },
+        },
+      },
+    ],
+  },
+])
+
+export type Stream = {
+  XORKeyStream(dst: $.Bytes, src: $.Bytes): void
+}
+
+export type BlockMode = {
+  BlockSize(): number
+  CryptBlocks(dst: $.Bytes, src: $.Bytes): void
+}
+
+type WebCryptoBlock = Block & {
+  webCryptoKey(): Promise<CryptoKey>
+}
+
+class webCryptoGCM implements AEAD {
+  constructor(
+    private readonly block: WebCryptoBlock,
+    private readonly nonceSize: number,
+    private readonly tagSize: number,
+  ) {}
+
+  NonceSize(): number {
+    return this.nonceSize
+  }
+
+  Overhead(): number {
+    return this.tagSize
+  }
+
+  async Seal(
+    dst: $.Bytes,
+    nonce: $.Bytes,
+    plaintext: $.Bytes,
+    additionalData: $.Bytes,
+  ): Promise<$.Bytes> {
+    if ($.len(nonce) !== this.nonceSize) {
+      throw new Error('crypto/cipher: incorrect nonce length given to GCM')
+    }
+    const encrypted = await globalThis.crypto.subtle.encrypt(
+      this.algorithm(nonce, additionalData),
+      await this.block.webCryptoKey(),
+      $.bytesToUint8Array(plaintext) as unknown as BufferSource,
+    )
+    return appendBytes(dst, new Uint8Array(encrypted))
+  }
+
+  async Open(
+    dst: $.Bytes,
+    nonce: $.Bytes,
+    ciphertext: $.Bytes,
+    additionalData: $.Bytes,
+  ): Promise<[$.Bytes, $.GoError]> {
+    if ($.len(nonce) !== this.nonceSize) {
+      throw new Error('crypto/cipher: incorrect nonce length given to GCM')
+    }
+    try {
+      const decrypted = await globalThis.crypto.subtle.decrypt(
+        this.algorithm(nonce, additionalData),
+        await this.block.webCryptoKey(),
+        $.bytesToUint8Array(ciphertext) as unknown as BufferSource,
+      )
+      return [appendBytes(dst, new Uint8Array(decrypted)), null]
+    } catch {
+      return [null, $.newError('cipher: message authentication failed')]
+    }
+  }
+
+  private algorithm(nonce: $.Bytes, additionalData: $.Bytes): AesGcmParams {
+    const params: AesGcmParams = {
+      name: 'AES-GCM',
+      iv: $.bytesToUint8Array(nonce) as unknown as BufferSource,
+      tagLength: this.tagSize * 8,
+    }
+    if ($.len(additionalData) !== 0) {
+      params.additionalData = $.bytesToUint8Array(
+        additionalData,
+      ) as unknown as BufferSource
+    }
+    return params
+  }
+}
+
+export function NewGCM(block: Block | null): [AEAD | null, $.GoError] {
+  return NewGCMWithNonceSize(block, 12)
+}
+
+export function NewGCMWithNonceSize(
+  block: Block | null,
+  size: number,
+): [AEAD | null, $.GoError] {
+  return newGCM(block, size, 16)
+}
+
+export function NewGCMWithTagSize(
+  block: Block | null,
+  tagSize: number,
+): [AEAD | null, $.GoError] {
+  if (tagSize < 12 || tagSize > 16) {
+    return [null, $.newError('crypto/cipher: incorrect GCM tag size')]
+  }
+  return newGCM(block, 12, tagSize)
+}
+
+export function NewGCMWithRandomNonce(
+  _block: Block | null,
+): [AEAD | null, $.GoError] {
+  return [
+    null,
+    $.newError(
+      'crypto/cipher: NewGCMWithRandomNonce is not implemented in GoScript',
+    ),
+  ]
+}
+
+export function NewCBCDecrypter(_b: Block | null, _iv: $.Bytes): BlockMode {
+  throw new Error('crypto/cipher: CBC is not implemented in GoScript')
+}
+
+export function NewCBCEncrypter(_b: Block | null, _iv: $.Bytes): BlockMode {
+  throw new Error('crypto/cipher: CBC is not implemented in GoScript')
+}
+
+export function NewCFBDecrypter(_b: Block | null, _iv: $.Bytes): Stream {
+  throw new Error('crypto/cipher: CFB is not implemented in GoScript')
+}
+
+export function NewCFBEncrypter(_b: Block | null, _iv: $.Bytes): Stream {
+  throw new Error('crypto/cipher: CFB is not implemented in GoScript')
+}
+
+export function NewCTR(_b: Block | null, _iv: $.Bytes): Stream {
+  throw new Error('crypto/cipher: CTR is not implemented in GoScript')
+}
+
+export function NewOFB(_b: Block | null, _iv: $.Bytes): Stream {
+  throw new Error('crypto/cipher: OFB is not implemented in GoScript')
+}
+
+export class StreamReader {
+  constructor(_init?: Partial<{ S: Stream; R: unknown }>) {}
+}
+
+export class StreamWriter {
+  constructor(_init?: Partial<{ S: Stream; W: unknown }>) {}
+}
+
+function newGCM(
+  block: Block | null,
+  nonceSize: number,
+  tagSize: number,
+): [AEAD | null, $.GoError] {
+  if (block == null || block.BlockSize() !== 16) {
+    return [null, $.newError('cipher: NewGCM requires 128-bit block cipher')]
+  }
+  if (nonceSize <= 0) {
+    return [null, $.newError('crypto/cipher: incorrect GCM nonce size')]
+  }
+  if (!isWebCryptoBlock(block)) {
+    return [
+      null,
+      $.newError(
+        'crypto/cipher: AES-GCM requires a WebCrypto AES block in GoScript',
+      ),
+    ]
+  }
+  return [new webCryptoGCM(block, nonceSize, tagSize), null]
+}
+
+function isWebCryptoBlock(block: Block): block is WebCryptoBlock {
+  return typeof (block as Partial<WebCryptoBlock>).webCryptoKey === 'function'
+}
+
+function appendBytes(dst: $.Bytes, bytes: Uint8Array): $.Bytes {
+  return $.append(dst as any, ...bytes) as $.Bytes
+}

package/gs/crypto/cipher/meta.json

@@ -0,0 +1,6 @@
+{
+  "asyncMethods": {
+    "AEAD.Open": true,
+    "AEAD.Seal": true
+  }
+}

package/gs/golang.org/x/crypto/chacha20poly1305/index.test.ts

@@ -0,0 +1,91 @@
+import { describe, expect, test } from 'vitest'
+
+import { New, NewX, NonceSize, NonceSizeX, Overhead } from './index.js'
+
+describe('chacha20poly1305 override', () => {
+  test('matches the RFC 8439 ChaCha20-Poly1305 AEAD vector', () => {
+    const [aead, err] = New(
+      hex('808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f'),
+    )
+    expect(err).toBeNull()
+    expect(aead?.NonceSize()).toBe(NonceSize)
+    expect(aead?.Overhead()).toBe(Overhead)
+
+    const nonce = hex('070000004041424344454647')
+    const aad = hex('50515253c0c1c2c3c4c5c6c7')
+    const plaintext = hex(
+      '4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e',
+    )
+    const sealed = aead!.Seal(null, nonce, plaintext, aad)
+    expect(toHex(sealed)).toBe(
+      'd31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691',
+    )
+
+    const [opened, openErr] = aead!.Open(null, nonce, sealed, aad)
+    expect(openErr).toBeNull()
+    expect(toHex(opened)).toBe(toHex(plaintext))
+  })
+
+  test('rejects tampered ciphertexts', () => {
+    const [aead, err] = New(
+      hex('000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f'),
+    )
+    expect(err).toBeNull()
+    const sealed = aead!.Seal(
+      null,
+      hex('000000000000000000000002'),
+      hex('68656c6c6f'),
+      null,
+    )
+    sealed![0] ^= 1
+
+    const [opened, openErr] = aead!.Open(
+      null,
+      hex('000000000000000000000002'),
+      sealed,
+      null,
+    )
+    expect(opened).toBeNull()
+    expect(openErr?.Error()).toBe(
+      'chacha20poly1305: message authentication failed',
+    )
+  })
+
+  test('round trips XChaCha20-Poly1305', () => {
+    const [aead, err] = NewX(
+      hex('1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0'),
+    )
+    expect(err).toBeNull()
+    expect(aead?.NonceSize()).toBe(NonceSizeX)
+    expect(aead?.Overhead()).toBe(Overhead)
+
+    const nonce = hex('000000000102030405060708090a0b0c0d0e0f1011121314')
+    const aad = hex('f33388860000000000004e91')
+    const plaintext = hex('496e7465726f70657261626c6520584368614368613230')
+    const sealed = aead!.Seal(null, nonce, plaintext, aad)
+
+    const [opened, openErr] = aead!.Open(null, nonce, sealed, aad)
+    expect(openErr).toBeNull()
+    expect(toHex(opened)).toBe(toHex(plaintext))
+  })
+
+  test('rejects invalid key length', () => {
+    const [aead, err] = New(new Uint8Array(31))
+    expect(aead).toBeNull()
+    expect(err?.Error()).toBe('chacha20poly1305: bad key length')
+  })
+})
+
+function hex(input: string): Uint8Array {
+  const out = new Uint8Array(input.length / 2)
+  for (let idx = 0; idx < out.length; idx++) {
+    out[idx] = Number.parseInt(input.slice(idx * 2, idx * 2 + 2), 16)
+  }
+  return out
+}
+
+function toHex(input: Uint8Array | number[] | null): string {
+  return Array.from(input ?? [])
+    .map((value) => value.toString(16).padStart(2, '0'))
+    .join('')
+}