deno.land / std@0.166.0 / node / _crypto / crypto_browserify / browserify_aes / auth_cipher.js
نووسراو ببینە
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147// Copyright 2018-2022 the Deno authors. All rights reserved. MIT license.// Copyright 2014-2017 browserify-aes contributors. All rights reserved. MIT license.// Copyright 2013 Maxwell Krohn. All rights reserved. MIT license.// Copyright 2009-2013 Jeff Mott. All rights reserved. MIT license.
// deno-lint-ignore-file no-var no-inner-declarations
import { Buffer } from "../../../buffer.ts";import * as aes from "./aes.js";import Transform from "../cipher_base.js";import { GHASH } from "./ghash.js";import { xor } from "./xor.ts";import { incr32 } from "./incr32.js";
function xorTest(a, b) { var out = 0; if (a.length !== b.length) out++;
var len = Math.min(a.length, b.length); for (var i = 0; i < len; ++i) { out += a[i] ^ b[i]; }
return out;}
function calcIv(self, iv, ck) { if (iv.length === 12) { self._finID = Buffer.concat([iv, Buffer.from([0, 0, 0, 1])]); return Buffer.concat([iv, Buffer.from([0, 0, 0, 2])]); } var ghash = new GHASH(ck); var len = iv.length; var toPad = len % 16; ghash.update(iv); if (toPad) { toPad = 16 - toPad; ghash.update(Buffer.alloc(toPad, 0)); } ghash.update(Buffer.alloc(8, 0)); var ivBits = len * 8; var tail = Buffer.alloc(8); // Fixed from the original // https://github.com/crypto-browserify/browserify-aes/issues/58#issuecomment-451778917 tail.writeUIntBE(ivBits, 2, 6); ghash.update(tail); self._finID = ghash.state; var out = Buffer.from(self._finID); incr32(out); return out;}export function StreamCipher(mode, key, iv, decrypt) { Transform.call(this);
var h = Buffer.alloc(4, 0);
this._cipher = new aes.AES(key); var ck = this._cipher.encryptBlock(h); this._ghash = new GHASH(ck); iv = calcIv(this, iv, ck);
this._prev = Buffer.from(iv); this._cache = Buffer.allocUnsafe(0); this._secCache = Buffer.allocUnsafe(0); this._decrypt = decrypt; this._alen = 0; this._len = 0; this._mode = mode;
this._authTag = null; this._called = false;}
// StreamCipher inherts TransformStreamCipher.prototype = Object.create(Transform.prototype, { constructor: { value: StreamCipher, enumerable: false, writable: true, configurable: true, },});
StreamCipher.prototype._update = function (chunk) { if (!this._called && this._alen) { var rump = 16 - (this._alen % 16); if (rump < 16) { rump = Buffer.alloc(rump, 0); this._ghash.update(rump); } }
this._called = true; var out = this._mode.encrypt(this, chunk); if (this._decrypt) { this._ghash.update(chunk); } else { this._ghash.update(out); } this._len += chunk.length; return out;};
StreamCipher.prototype._final = function () { if (this._decrypt && !this._authTag) { throw new Error("Unsupported state or unable to authenticate data"); }
var tag = xor( this._ghash.final(this._alen * 8, this._len * 8), this._cipher.encryptBlock(this._finID), ); if (this._decrypt && xorTest(tag, this._authTag)) { throw new Error("Unsupported state or unable to authenticate data"); }
this._authTag = tag; this._cipher.scrub();};
StreamCipher.prototype.getAuthTag = function getAuthTag() { if (this._decrypt || !Buffer.isBuffer(this._authTag)) { throw new Error("Attempting to get auth tag in unsupported state"); }
return this._authTag;};
StreamCipher.prototype.setAuthTag = function setAuthTag(tag) { if (!this._decrypt) { throw new Error("Attempting to set auth tag in unsupported state"); }
this._authTag = tag;};
StreamCipher.prototype.setAAD = function setAAD(buf) { if (this._called) { throw new Error("Attempting to set AAD in unsupported state"); }
this._ghash.update(buf); this._alen += buf.length;};
export default StreamCipher;
std
Version Info
a year ago
