goscript 0.2.1 → 0.2.3

package/gs/compress/zlib/index.test.ts

@@ -119,22 +119,36 @@ describe('compress/zlib override', () => {
   test('writer and reader honor preset dictionaries', async () => {
     const dict = $.stringToBytes('hello dictionary')
     const compressed = $.markAsStructValue(new bytes.Buffer())
-    const [writer, writerErr] = NewWriterLevelDict(compressed, DefaultCompression, dict)
+    const [writer, writerErr] = NewWriterLevelDict(
+      compressed,
+      DefaultCompression,
+      dict,
+    )
     expect(writerErr).toBeNull()
-    expect(writer!.Write($.stringToBytes('hello dictionary payload'))[1]).toBeNull()
+    expect(
+      writer!.Write($.stringToBytes('hello dictionary payload'))[1],
+    ).toBeNull()
     expect(await writer!.Close()).toBeNull()
 
-    const [missingDictReader, missingDictErr] = NewReader(bytes.NewReader(compressed.Bytes()))
+    const [missingDictReader, missingDictErr] = NewReader(
+      bytes.NewReader(compressed.Bytes()),
+    )
     expect(missingDictReader).toBeNull()
     expect(missingDictErr).toBe(ErrDictionary)
 
-    const [reader, readerErr] = NewReaderDict(bytes.NewReader(compressed.Bytes()), dict)
+    const [reader, readerErr] = NewReaderDict(
+      bytes.NewReader(compressed.Bytes()),
+      dict,
+    )
     expect(readerErr).toBeNull()
     const [out, readErr] = await io.ReadAll(reader!)
     expect(readErr).toBeNull()
     expect($.bytesToString(out)).toBe('hello dictionary payload')
 
-    const [, wrongDictErr] = NewReaderDict(bytes.NewReader(compressed.Bytes()), $.stringToBytes('wrong dictionary'))
+    const [, wrongDictErr] = NewReaderDict(
+      bytes.NewReader(compressed.Bytes()),
+      $.stringToBytes('wrong dictionary'),
+    )
     expect(wrongDictErr).toBe(ErrDictionary)
 
     const corrupt = Uint8Array.from(compressed.Bytes())

package/gs/compress/zlib/index.ts

@@ -37,9 +37,8 @@ export function __goscript_set_ErrHeader(value: $.GoError): void {
 class zlibReader implements Resetter {
   private data: Uint8Array = new Uint8Array(0)
   private offset = 0
-  private pending:
-    | Promise<{ data: Uint8Array | null; err: $.GoError }>
-    | null = null
+  private pending: Promise<{ data: Uint8Array | null; err: $.GoError }> | null =
+    null
 
   constructor(data?: Uint8Array) {
     if (data != null) {
@@ -180,7 +179,11 @@ export function NewReaderDict(
   return [reader as any, null]
 }
 
-function deflate(data: Uint8Array, dict: $.Bytes | null, level: number): Uint8Array {
+function deflate(
+  data: Uint8Array,
+  dict: $.Bytes | null,
+  level: number,
+): Uint8Array {
   const zlib = nodeZlib()
   const opts: Record<string, unknown> = {}
   if (dict != null && $.len(dict) > 0) {
@@ -197,7 +200,10 @@ function deflate(data: Uint8Array, dict: $.Bytes | null, level: number): Uint8Ar
 
 function inflate(data: Uint8Array, dict: $.Bytes | null): Uint8Array {
   const zlib = nodeZlib()
-  const opts = dict != null && $.len(dict) > 0 ? { dictionary: $.bytesToUint8Array(dict) } : undefined
+  const opts =
+    dict != null && $.len(dict) > 0 ?
+      { dictionary: $.bytesToUint8Array(dict) }
+    : undefined
   return new Uint8Array(zlib.inflateSync(data, opts))
 }
 
@@ -302,11 +308,14 @@ function recordCompressedBytes(
 }
 
 function classifyInflateError(err: unknown): $.GoError {
-  const zerr = err instanceof Error ? err as nodeZlibError : null
+  const zerr = err instanceof Error ? (err as nodeZlibError) : null
   if (zerr?.code === 'Z_NEED_DICT') {
     return ErrDictionary
   }
-  if (zerr?.code === 'Z_DATA_ERROR' && zerr.message.includes('incorrect data check')) {
+  if (
+    zerr?.code === 'Z_DATA_ERROR' &&
+    zerr.message.includes('incorrect data check')
+  ) {
     return ErrChecksum
   }
   return ErrHeader

package/gs/context/context.test.ts

@@ -29,7 +29,9 @@ describe('context override', () => {
     )
 
     expect(
-      ctx.Value($.interfaceValue($.markAsStructValue(new Key()), 'example.key')),
+      ctx.Value(
+        $.interfaceValue($.markAsStructValue(new Key()), 'example.key'),
+      ),
     ).toBe('stored')
   })
 

package/gs/crypto/aes/index.test.ts

@@ -0,0 +1,120 @@
+import { describe, expect, test } from 'vitest'
+
+import * as $ from '@goscript/builtin/index.js'
+import * as cipher from '@goscript/crypto/cipher/index.js'
+
+import { BlockSize, KeySizeError_Error, NewCipher } from './index.js'
+
+describe('crypto/aes WebCrypto override', () => {
+  test.each([
+    [
+      'AES-128',
+      '000102030405060708090a0b0c0d0e0f',
+      '00112233445566778899aabbccddeeff',
+      '69c4e0d86a7b0430d8cdb78070b4c55a',
+    ],
+    [
+      'AES-192',
+      '000102030405060708090a0b0c0d0e0f1011121314151617',
+      '00112233445566778899aabbccddeeff',
+      'dda97ca4864cdfe06eaf70a0ec0d7191',
+    ],
+    [
+      'AES-256',
+      '000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f',
+      '00112233445566778899aabbccddeeff',
+      '8ea2b7ca516745bfeafc49904b496089',
+    ],
+  ])(
+    'encrypts and decrypts a raw %s block',
+    (_name, key, plaintext, ciphertext) => {
+      const [block, err] = NewCipher(hex(key))
+      expect(err).toBeNull()
+
+      const encrypted = new Uint8Array(BlockSize)
+      block!.Encrypt(encrypted, hex(plaintext))
+      expect(toHex(encrypted)).toBe(ciphertext)
+
+      const decrypted = new Uint8Array(BlockSize)
+      block!.Decrypt(decrypted, encrypted)
+      expect(toHex(decrypted)).toBe(plaintext)
+    },
+  )
+
+  test('seals and opens the NIST AES-256-GCM vector', async () => {
+    const [block, blockErr] = NewCipher(
+      hex('0000000000000000000000000000000000000000000000000000000000000000'),
+    )
+    expect(blockErr).toBeNull()
+    expect(block?.BlockSize()).toBe(BlockSize)
+
+    const [aead, aeadErr] = cipher.NewGCM(block)
+    expect(aeadErr).toBeNull()
+    expect(aead?.NonceSize()).toBe(12)
+    expect(aead?.Overhead()).toBe(16)
+
+    const sealed = await aead!.Seal(
+      null,
+      hex('000000000000000000000000'),
+      hex('00000000000000000000000000000000'),
+      null,
+    )
+    expect(toHex(sealed)).toBe(
+      'cea7403d4d606b6e074ec5d3baf39d18d0d1c8a799996bf0265b98b5d48ab919',
+    )
+
+    const [opened, openErr] = await aead!.Open(
+      $.stringToBytes('prefix:'),
+      hex('000000000000000000000000'),
+      sealed,
+      null,
+    )
+    expect(openErr).toBeNull()
+    expect(toHex(opened)).toBe(
+      toHex($.stringToBytes('prefix:')) + '00000000000000000000000000000000',
+    )
+  })
+
+  test('rejects tampered ciphertext', async () => {
+    const [block] = NewCipher(
+      hex('0000000000000000000000000000000000000000000000000000000000000000'),
+    )
+    const [aead] = cipher.NewGCM(block)
+    const sealed = await aead!.Seal(
+      null,
+      hex('000000000000000000000000'),
+      $.stringToBytes('hello'),
+      $.stringToBytes('aad'),
+    )
+    sealed![0] ^= 1
+
+    const [opened, openErr] = await aead!.Open(
+      null,
+      hex('000000000000000000000000'),
+      sealed,
+      $.stringToBytes('aad'),
+    )
+    expect(opened).toBeNull()
+    expect(openErr?.Error()).toBe('cipher: message authentication failed')
+  })
+
+  test('rejects invalid key lengths', () => {
+    const [block, err] = NewCipher(new Uint8Array(31))
+    expect(block).toBeNull()
+    expect(err?.Error()).toBe(KeySizeError_Error(31))
+  })
+})
+
+function hex(input: string): Uint8Array {
+  const out = new Uint8Array(input.length / 2)
+  for (let idx = 0; idx < out.length; idx++) {
+    out[idx] = Number.parseInt(input.slice(idx * 2, idx * 2 + 2), 16)
+  }
+  return out
+}
+
+function toHex(input: Uint8Array | number[] | null): string {
+  return Array.from(input ?? [])
+    .map((value) => value.toString(16).padStart(2, '0'))
+    .join('')
+}

package/gs/crypto/aes/index.ts

@@ -0,0 +1,76 @@
+import * as $ from '@goscript/builtin/index.js'
+import type * as cipher from '@goscript/crypto/cipher/index.js'
+import { ecb } from '@noble/ciphers/aes.js'
+
+export const BlockSize = 16
+
+export type KeySizeError = number
+
+export class AESBlock implements cipher.Block {
+  private keyPromise: Promise<CryptoKey> | null = null
+
+  constructor(private readonly key: Uint8Array) {}
+
+  BlockSize(): number {
+    return BlockSize
+  }
+
+  Encrypt(dst: $.Bytes, src: $.Bytes): void {
+    const srcBytes = $.bytesToUint8Array(src)
+    if (srcBytes.length < BlockSize) {
+      $.panic('crypto/aes: input not full block')
+    }
+    if ($.len(dst) < BlockSize) {
+      $.panic('crypto/aes: output not full block')
+    }
+    const out = ecb(this.key, { disablePadding: true }).encrypt(
+      srcBytes.subarray(0, BlockSize),
+    )
+    $.copy(dst as Uint8Array, out)
+  }
+
+  Decrypt(dst: $.Bytes, src: $.Bytes): void {
+    const srcBytes = $.bytesToUint8Array(src)
+    if (srcBytes.length < BlockSize) {
+      $.panic('crypto/aes: input not full block')
+    }
+    if ($.len(dst) < BlockSize) {
+      $.panic('crypto/aes: output not full block')
+    }
+    const out = ecb(this.key, { disablePadding: true }).decrypt(
+      srcBytes.subarray(0, BlockSize),
+    )
+    $.copy(dst as Uint8Array, out)
+  }
+
+  async webCryptoKey(): Promise<CryptoKey> {
+    this.keyPromise ??= subtleCrypto().importKey(
+      'raw',
+      this.key as unknown as BufferSource,
+      'AES-GCM',
+      false,
+      ['encrypt', 'decrypt'],
+    )
+    return this.keyPromise
+  }
+}
+
+export function KeySizeError_Error(k: KeySizeError): string {
+  return `crypto/aes: invalid key size ${k}`
+}
+
+export function NewCipher(key: $.Bytes): [cipher.Block | null, $.GoError] {
+  const k = $.len(key)
+  if (k !== 16 && k !== 24 && k !== 32) {
+    return [null, $.newError(KeySizeError_Error(k))]
+  }
+  return [new AESBlock($.bytesToUint8Array(key).slice()), null]
+}
+
+function subtleCrypto(): SubtleCrypto {
+  const subtle = globalThis.crypto?.subtle
+  if (subtle == null) {
+    throw new Error('crypto/aes: WebCrypto AES-GCM is unavailable')
+  }
+  return subtle
+}

package/gs/crypto/cipher/index.ts

@@ -0,0 +1,345 @@
+import * as $ from '@goscript/builtin/index.js'
+
+export type Block = {
+  BlockSize(): number
+  Decrypt(dst: $.Bytes, src: $.Bytes): void
+  Encrypt(dst: $.Bytes, src: $.Bytes): void
+}
+
+$.registerInterfaceType('cipher.Block', null, [
+  {
+    name: 'BlockSize',
+    args: [],
+    returns: [{ name: '_r0', type: { kind: $.TypeKind.Basic, name: 'int' } }],
+  },
+  {
+    name: 'Decrypt',
+    args: [
+      {
+        name: 'dst',
+        type: {
+          kind: $.TypeKind.Slice,
+          elemType: { kind: $.TypeKind.Basic, name: 'uint8' },
+        },
+      },
+      {
+        name: 'src',
+        type: {
+          kind: $.TypeKind.Slice,
+          elemType: { kind: $.TypeKind.Basic, name: 'uint8' },
+        },
+      },
+    ],
+    returns: [],
+  },
+  {
+    name: 'Encrypt',
+    args: [
+      {
+        name: 'dst',
+        type: {
+          kind: $.TypeKind.Slice,
+          elemType: { kind: $.TypeKind.Basic, name: 'uint8' },
+        },
+      },
+      {
+        name: 'src',
+        type: {
+          kind: $.TypeKind.Slice,
+          elemType: { kind: $.TypeKind.Basic, name: 'uint8' },
+        },
+      },
+    ],
+    returns: [],
+  },
+])
+
+export type AEAD = {
+  NonceSize(): number
+  Open(
+    dst: $.Bytes,
+    nonce: $.Bytes,
+    ciphertext: $.Bytes,
+    additionalData: $.Bytes,
+  ): [$.Bytes, $.GoError] | Promise<[$.Bytes, $.GoError]>
+  Overhead(): number
+  Seal(
+    dst: $.Bytes,
+    nonce: $.Bytes,
+    plaintext: $.Bytes,
+    additionalData: $.Bytes,
+  ): $.Bytes | Promise<$.Bytes>
+}
+
+$.registerInterfaceType('cipher.AEAD', null, [
+  {
+    name: 'NonceSize',
+    args: [],
+    returns: [{ name: '_r0', type: { kind: $.TypeKind.Basic, name: 'int' } }],
+  },
+  {
+    name: 'Open',
+    args: [
+      {
+        name: 'dst',
+        type: {
+          kind: $.TypeKind.Slice,
+          elemType: { kind: $.TypeKind.Basic, name: 'uint8' },
+        },
+      },
+      {
+        name: 'nonce',
+        type: {
+          kind: $.TypeKind.Slice,
+          elemType: { kind: $.TypeKind.Basic, name: 'uint8' },
+        },
+      },
+      {
+        name: 'ciphertext',
+        type: {
+          kind: $.TypeKind.Slice,
+          elemType: { kind: $.TypeKind.Basic, name: 'uint8' },
+        },
+      },
+      {
+        name: 'additionalData',
+        type: {
+          kind: $.TypeKind.Slice,
+          elemType: { kind: $.TypeKind.Basic, name: 'uint8' },
+        },
+      },
+    ],
+    returns: [
+      {
+        name: '_r0',
+        type: {
+          kind: $.TypeKind.Slice,
+          elemType: { kind: $.TypeKind.Basic, name: 'uint8' },
+        },
+      },
+      { name: '_r1', type: 'error' },
+    ],
+  },
+  {
+    name: 'Overhead',
+    args: [],
+    returns: [{ name: '_r0', type: { kind: $.TypeKind.Basic, name: 'int' } }],
+  },
+  {
+    name: 'Seal',
+    args: [
+      {
+        name: 'dst',
+        type: {
+          kind: $.TypeKind.Slice,
+          elemType: { kind: $.TypeKind.Basic, name: 'uint8' },
+        },
+      },
+      {
+        name: 'nonce',
+        type: {
+          kind: $.TypeKind.Slice,
+          elemType: { kind: $.TypeKind.Basic, name: 'uint8' },
+        },
+      },
+      {
+        name: 'plaintext',
+        type: {
+          kind: $.TypeKind.Slice,
+          elemType: { kind: $.TypeKind.Basic, name: 'uint8' },
+        },
+      },
+      {
+        name: 'additionalData',
+        type: {
+          kind: $.TypeKind.Slice,
+          elemType: { kind: $.TypeKind.Basic, name: 'uint8' },
+        },
+      },
+    ],
+    returns: [
+      {
+        name: '_r0',
+        type: {
+          kind: $.TypeKind.Slice,
+          elemType: { kind: $.TypeKind.Basic, name: 'uint8' },
+        },
+      },
+    ],
+  },
+])
+
+export type Stream = {
+  XORKeyStream(dst: $.Bytes, src: $.Bytes): void
+}
+
+export type BlockMode = {
+  BlockSize(): number
+  CryptBlocks(dst: $.Bytes, src: $.Bytes): void
+}
+
+type WebCryptoBlock = Block & {
+  webCryptoKey(): Promise<CryptoKey>
+}
+
+class webCryptoGCM implements AEAD {
+  constructor(
+    private readonly block: WebCryptoBlock,
+    private readonly nonceSize: number,
+    private readonly tagSize: number,
+  ) {}
+
+  NonceSize(): number {
+    return this.nonceSize
+  }
+
+  Overhead(): number {
+    return this.tagSize
+  }
+
+  async Seal(
+    dst: $.Bytes,
+    nonce: $.Bytes,
+    plaintext: $.Bytes,
+    additionalData: $.Bytes,
+  ): Promise<$.Bytes> {
+    if ($.len(nonce) !== this.nonceSize) {
+      throw new Error('crypto/cipher: incorrect nonce length given to GCM')
+    }
+    const encrypted = await globalThis.crypto.subtle.encrypt(
+      this.algorithm(nonce, additionalData),
+      await this.block.webCryptoKey(),
+      $.bytesToUint8Array(plaintext) as unknown as BufferSource,
+    )
+    return appendBytes(dst, new Uint8Array(encrypted))
+  }
+
+  async Open(
+    dst: $.Bytes,
+    nonce: $.Bytes,
+    ciphertext: $.Bytes,
+    additionalData: $.Bytes,
+  ): Promise<[$.Bytes, $.GoError]> {
+    if ($.len(nonce) !== this.nonceSize) {
+      throw new Error('crypto/cipher: incorrect nonce length given to GCM')
+    }
+    try {
+      const decrypted = await globalThis.crypto.subtle.decrypt(
+        this.algorithm(nonce, additionalData),
+        await this.block.webCryptoKey(),
+        $.bytesToUint8Array(ciphertext) as unknown as BufferSource,
+      )
+      return [appendBytes(dst, new Uint8Array(decrypted)), null]
+    } catch {
+      return [null, $.newError('cipher: message authentication failed')]
+    }
+  }
+
+  private algorithm(nonce: $.Bytes, additionalData: $.Bytes): AesGcmParams {
+    const params: AesGcmParams = {
+      name: 'AES-GCM',
+      iv: $.bytesToUint8Array(nonce) as unknown as BufferSource,
+      tagLength: this.tagSize * 8,
+    }
+    if ($.len(additionalData) !== 0) {
+      params.additionalData = $.bytesToUint8Array(
+        additionalData,
+      ) as unknown as BufferSource
+    }
+    return params
+  }
+}
+
+export function NewGCM(block: Block | null): [AEAD | null, $.GoError] {
+  return NewGCMWithNonceSize(block, 12)
+}
+
+export function NewGCMWithNonceSize(
+  block: Block | null,
+  size: number,
+): [AEAD | null, $.GoError] {
+  return newGCM(block, size, 16)
+}
+
+export function NewGCMWithTagSize(
+  block: Block | null,
+  tagSize: number,
+): [AEAD | null, $.GoError] {
+  if (tagSize < 12 || tagSize > 16) {
+    return [null, $.newError('crypto/cipher: incorrect GCM tag size')]
+  }
+  return newGCM(block, 12, tagSize)
+}
+
+export function NewGCMWithRandomNonce(
+  _block: Block | null,
+): [AEAD | null, $.GoError] {
+  return [
+    null,
+    $.newError(
+      'crypto/cipher: NewGCMWithRandomNonce is not implemented in GoScript',
+    ),
+  ]
+}
+
+export function NewCBCDecrypter(_b: Block | null, _iv: $.Bytes): BlockMode {
+  throw new Error('crypto/cipher: CBC is not implemented in GoScript')
+}
+
+export function NewCBCEncrypter(_b: Block | null, _iv: $.Bytes): BlockMode {
+  throw new Error('crypto/cipher: CBC is not implemented in GoScript')
+}
+
+export function NewCFBDecrypter(_b: Block | null, _iv: $.Bytes): Stream {
+  throw new Error('crypto/cipher: CFB is not implemented in GoScript')
+}
+
+export function NewCFBEncrypter(_b: Block | null, _iv: $.Bytes): Stream {
+  throw new Error('crypto/cipher: CFB is not implemented in GoScript')
+}
+
+export function NewCTR(_b: Block | null, _iv: $.Bytes): Stream {
+  throw new Error('crypto/cipher: CTR is not implemented in GoScript')
+}
+
+export function NewOFB(_b: Block | null, _iv: $.Bytes): Stream {
+  throw new Error('crypto/cipher: OFB is not implemented in GoScript')
+}
+
+export class StreamReader {
+  constructor(_init?: Partial<{ S: Stream; R: unknown }>) {}
+}
+
+export class StreamWriter {
+  constructor(_init?: Partial<{ S: Stream; W: unknown }>) {}
+}
+
+function newGCM(
+  block: Block | null,
+  nonceSize: number,
+  tagSize: number,
+): [AEAD | null, $.GoError] {
+  if (block == null || block.BlockSize() !== 16) {
+    return [null, $.newError('cipher: NewGCM requires 128-bit block cipher')]
+  }
+  if (nonceSize <= 0) {
+    return [null, $.newError('crypto/cipher: incorrect GCM nonce size')]
+  }
+  if (!isWebCryptoBlock(block)) {
+    return [
+      null,
+      $.newError(
+        'crypto/cipher: AES-GCM requires a WebCrypto AES block in GoScript',
+      ),
+    ]
+  }
+  return [new webCryptoGCM(block, nonceSize, tagSize), null]
+}
+
+function isWebCryptoBlock(block: Block): block is WebCryptoBlock {
+  return typeof (block as Partial<WebCryptoBlock>).webCryptoKey === 'function'
+}
+
+function appendBytes(dst: $.Bytes, bytes: Uint8Array): $.Bytes {
+  return $.append(dst as any, ...bytes) as $.Bytes
+}

package/gs/crypto/cipher/meta.json

@@ -0,0 +1,6 @@
+{
+  "asyncMethods": {
+    "AEAD.Open": true,
+    "AEAD.Seal": true
+  }
+}

package/gs/crypto/ecdh/index.test.ts

@@ -35,9 +35,13 @@ describe('crypto/ecdh override', () => {
 })
 
 function hex(value: string): Uint8Array {
-  return new Uint8Array(value.match(/../g)!.map((byte) => Number.parseInt(byte, 16)))
+  return new Uint8Array(
+    value.match(/../g)!.map((byte) => Number.parseInt(byte, 16)),
+  )
 }
 
 function toHex(value: Uint8Array | null): string {
-  return Array.from(value ?? [], (byte) => byte.toString(16).padStart(2, '0')).join('')
+  return Array.from(value ?? [], (byte) =>
+    byte.toString(16).padStart(2, '0'),
+  ).join('')
 }