1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
// Copyright 2018-2022 the Deno authors. All rights reserved. MIT license.import { Buffer } from "../../buffer.ts";import { createHash } from "./hash.ts";import { HASH_DATA } from "./types.ts";
export const MAX_ALLOC = Math.pow(2, 30) - 1;
export type NormalizedAlgorithms =  | "md5"  | "ripemd160"  | "sha1"  | "sha224"  | "sha256"  | "sha384"  | "sha512";
export type Algorithms =  | "md5"  | "ripemd160"  | "rmd160"  | "sha1"  | "sha224"  | "sha256"  | "sha384"  | "sha512";
const createHasher = (algorithm: string) => (value: Uint8Array) =>  Buffer.from(createHash(algorithm).update(value).digest() as Buffer);
function getZeroes(zeros: number) {  return Buffer.alloc(zeros);}
const sizes = {  md5: 16,  sha1: 20,  sha224: 28,  sha256: 32,  sha384: 48,  sha512: 64,  rmd160: 20,  ripemd160: 20,};
function toBuffer(bufferable: HASH_DATA) {  if (bufferable instanceof Uint8Array || typeof bufferable === "string") {    return Buffer.from(bufferable as Uint8Array);  } else {    return Buffer.from(bufferable.buffer);  }}
export class Hmac {  hash: (value: Uint8Array) => Buffer;  ipad1: Buffer;  opad: Buffer;  alg: string;  blocksize: number;  size: number;  ipad2: Buffer;
  constructor(alg: Algorithms, key: Buffer, saltLen: number) {    this.hash = createHasher(alg);
    const blocksize = alg === "sha512" || alg === "sha384" ? 128 : 64;
    if (key.length > blocksize) {      key = this.hash(key);    } else if (key.length < blocksize) {      key = Buffer.concat([key, getZeroes(blocksize - key.length)], blocksize);    }
    const ipad = Buffer.allocUnsafe(blocksize + sizes[alg]);    const opad = Buffer.allocUnsafe(blocksize + sizes[alg]);    for (let i = 0; i < blocksize; i++) {      ipad[i] = key[i] ^ 0x36;      opad[i] = key[i] ^ 0x5c;    }
    const ipad1 = Buffer.allocUnsafe(blocksize + saltLen + 4);    ipad.copy(ipad1, 0, 0, blocksize);
    this.ipad1 = ipad1;    this.ipad2 = ipad;    this.opad = opad;    this.alg = alg;    this.blocksize = blocksize;    this.size = sizes[alg];  }
  run(data: Buffer, ipad: Buffer) {    data.copy(ipad, this.blocksize);    const h = this.hash(ipad);    h.copy(this.opad, this.blocksize);    return this.hash(this.opad);  }}
/** * @param iterations Needs to be higher or equal than zero * @param keylen  Needs to be higher or equal than zero but less than max allocation size (2^30) * @param digest Algorithm to be used for encryption */export function pbkdf2Sync(  password: HASH_DATA,  salt: HASH_DATA,  iterations: number,  keylen: number,  digest: Algorithms = "sha1",): Buffer {  if (typeof iterations !== "number" || iterations < 0) {    throw new TypeError("Bad iterations");  }  if (typeof keylen !== "number" || keylen < 0 || keylen > MAX_ALLOC) {    throw new TypeError("Bad key length");  }
  const bufferedPassword = toBuffer(password);  const bufferedSalt = toBuffer(salt);
  const hmac = new Hmac(digest, bufferedPassword, bufferedSalt.length);
  const DK = Buffer.allocUnsafe(keylen);  const block1 = Buffer.allocUnsafe(bufferedSalt.length + 4);  bufferedSalt.copy(block1, 0, 0, bufferedSalt.length);
  let destPos = 0;  const hLen = sizes[digest];  const l = Math.ceil(keylen / hLen);
  for (let i = 1; i <= l; i++) {    block1.writeUInt32BE(i, bufferedSalt.length);
    const T = hmac.run(block1, hmac.ipad1);    let U = T;
    for (let j = 1; j < iterations; j++) {      U = hmac.run(U, hmac.ipad2);      for (let k = 0; k < hLen; k++) T[k] ^= U[k];    }
    T.copy(DK, destPos);    destPos += hLen;  }
  return DK;}
/** * @param iterations Needs to be higher or equal than zero * @param keylen  Needs to be higher or equal than zero but less than max allocation size (2^30) * @param digest Algorithm to be used for encryption */export function pbkdf2(  password: HASH_DATA,  salt: HASH_DATA,  iterations: number,  keylen: number,  digest: Algorithms = "sha1",  callback: (err: Error | null, derivedKey?: Buffer) => void,) {  setTimeout(() => {    let err = null,      res;    try {      res = pbkdf2Sync(password, salt, iterations, keylen, digest);    } catch (e) {      err = e;    }    if (err) {      callback(err instanceof Error ? err : new Error("[non-error thrown]"));    } else {      callback(null, res);    }  }, 0);}
export default {  Hmac,  MAX_ALLOC,  pbkdf2,  pbkdf2Sync,};