UNPKG

@hackbg/miscreant-esm

Version:

(ESM port) Misuse resistant symmetric encryption library providing AES-SIV (RFC 5297), AES-PMAC-SIV, and STREAM constructions

miscreant.io

miscreant/miscreant.js

141 lines (140 loc) 4.62 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
"use strict"; var __awaiter = this && this.__awaiter || (function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }); Object.defineProperty(exports, "__esModule", { value: true }); exports.PMAC = void 0; const block_1 = require("../internals/block.dist.cjs"); const constant_time_1 = require("../internals/constant-time.dist.cjs"); const ctz_1 = require("../internals/ctz.dist.cjs"); const xor_1 = require("../internals/xor.dist.cjs"); const PRECOMPUTED_BLOCKS = 31; class PMAC { static importKey(provider, keyData) { return __awaiter(this, void 0, void 0, function* () { const cipher = yield provider.importBlockCipherKey(keyData); const tmp = new block_1.default(); yield cipher.encryptBlock(tmp); const l = new Array(PRECOMPUTED_BLOCKS); for (let i = 0; i < PRECOMPUTED_BLOCKS; i++) { l[i] = tmp.clone(); tmp.dbl(); } const lInv = l[0].clone(); const lastBit = lInv.data[block_1.default.SIZE - 1] & 0x01; for (let i = block_1.default.SIZE - 1; i > 0; i--) { const carry = (0, constant_time_1.select)(lInv.data[i - 1] & 1, 0x80, 0); lInv.data[i] = lInv.data[i] >>> 1 | carry; } lInv.data[0] >>>= 1; lInv.data[0] ^= (0, constant_time_1.select)(lastBit, 0x80, 0); lInv.data[block_1.default.SIZE - 1] ^= (0, constant_time_1.select)(lastBit, block_1.default.R >>> 1, 0); return new PMAC(cipher, l, lInv); }); } constructor(cipher, l, lInv) { this._finished = false; this._cipher = cipher; this._L = l; this._LInv = lInv; this._buffer = new block_1.default(); this._bufferPos = 0; this._counter = 0; this._offset = new block_1.default(); this._tag = new block_1.default(); } reset() { this._buffer.clear(); this._bufferPos = 0; this._counter = 0; this._offset.clear(); this._tag.clear(); this._finished = false; return this; } clear() { this.reset(); this._cipher.clear(); } update(data) { return __awaiter(this, void 0, void 0, function* () { if (this._finished) { throw new Error("pmac: already finished"); } const left = block_1.default.SIZE - this._bufferPos; let dataPos = 0; let dataLength = data.length; if (dataLength > left) { this._buffer.data.set(data.slice(0, left), this._bufferPos); dataPos += left; dataLength -= left; yield this._processBuffer(); } while (dataLength > block_1.default.SIZE) { this._buffer.data.set(data.slice(dataPos, dataPos + block_1.default.SIZE)); dataPos += block_1.default.SIZE; dataLength -= block_1.default.SIZE; yield this._processBuffer(); } if (dataLength > 0) { this._buffer.data.set(data.slice(dataPos, dataPos + dataLength), this._bufferPos); this._bufferPos += dataLength; } return this; }); } finish() { return __awaiter(this, void 0, void 0, function* () { if (this._finished) { throw new Error("pmac: already finished"); } if (this._bufferPos === block_1.default.SIZE) { (0, xor_1.xor)(this._tag.data, this._buffer.data); (0, xor_1.xor)(this._tag.data, this._LInv.data); } else { (0, xor_1.xor)(this._tag.data, this._buffer.data.slice(0, this._bufferPos)); this._tag.data[this._bufferPos] ^= 0x80; } yield this._cipher.encryptBlock(this._tag); this._finished = true; return this._tag.clone().data; }); } _processBuffer() { return __awaiter(this, void 0, void 0, function* () { (0, xor_1.xor)(this._offset.data, this._L[(0, ctz_1.ctz)(this._counter + 1)].data); (0, xor_1.xor)(this._buffer.data, this._offset.data); this._counter++; yield this._cipher.encryptBlock(this._buffer); (0, xor_1.xor)(this._tag.data, this._buffer.data); this._bufferPos = 0; }); } } exports.PMAC = PMAC;