UNPKG

miscreant

Version:

Misuse resistant symmetric encryption library providing AES-SIV (RFC 5297), AES-PMAC-SIV, and STREAM constructions

github.com/miscreant/miscreant/tree/master/js/

miscreant/miscreant

115 lines (114 loc) 4.82 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
"use strict"; /** * The STREAM online authenticated encryption construction. * See <https://eprint.iacr.org/2015/189.pdf> for definition. */ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; Object.defineProperty(exports, "__esModule", { value: true }); const aead_1 = require("./aead"); const webcrypto_1 = require("./providers/webcrypto"); /** Size of a nonce required by STREAM in bytes */ exports.NONCE_SIZE = 8; /** Byte flag indicating this is the last block in the STREAM (otherwise 0) */ exports.LAST_BLOCK_FLAG = 1; /** Maximum value of the counter STREAM uses internally to identify messages */ exports.COUNTER_MAX = 0xFFFFFFFF; /** * A STREAM encryptor with a 32-bit counter, generalized for any AEAD algorithm * * This corresponds to the ℰ stream encryptor object as defined in the paper * Online Authenticated-Encryption and its Nonce-Reuse Misuse-Resistance */ class StreamEncryptor { /** Create a new StreamEncryptor instance with the given key */ static importKey(keyData, nonce, alg, provider = new webcrypto_1.WebCryptoProvider()) { return __awaiter(this, void 0, void 0, function* () { return new StreamEncryptor(yield aead_1.AEAD.importKey(keyData, alg, provider), nonce); }); } constructor(aead, nonce) { this._aead = aead; this._nonce_encoder = new NonceEncoder(nonce); } /** Encrypt and authenticate data using the selected AEAD algorithm */ seal(plaintext, lastBlock = false, associatedData = new Uint8Array(0)) { return __awaiter(this, void 0, void 0, function* () { return this._aead.seal(plaintext, this._nonce_encoder.next(lastBlock), associatedData); }); } /** Make a best effort to wipe memory used by this instance */ clear() { this._aead.clear(); return this; } } exports.StreamEncryptor = StreamEncryptor; /** * A STREAM decryptor with a 32-bit counter, generalized for any AEAD algorithm * * This corresponds to the 𝒟 stream decryptor object as defined in the paper * Online Authenticated-Encryption and its Nonce-Reuse Misuse-Resistance */ class StreamDecryptor { /** Create a new StreamDecryptor instance with the given key */ static importKey(keyData, nonce, alg, provider = new webcrypto_1.WebCryptoProvider()) { return __awaiter(this, void 0, void 0, function* () { return new StreamDecryptor(yield aead_1.AEAD.importKey(keyData, alg, provider), nonce); }); } constructor(aead, nonce) { this._aead = aead; this._nonce_encoder = new NonceEncoder(nonce); } /** Decrypt and authenticate data using the selected AEAD algorithm */ open(ciphertext, lastBlock = false, associatedData = new Uint8Array(0)) { return __awaiter(this, void 0, void 0, function* () { return this._aead.open(ciphertext, this._nonce_encoder.next(lastBlock), associatedData); }); } /** Make a best effort to wipe memory used by this instance */ clear() { this._aead.clear(); return this; } } exports.StreamDecryptor = StreamDecryptor; /** Computes STREAM nonces based on the current position in the STREAM. */ class NonceEncoder { constructor(noncePrefix) { if (noncePrefix.length !== exports.NONCE_SIZE) { throw new Error(`STREAM: nonce must be 8-bits (got ${noncePrefix.length}`); } this.buffer = new ArrayBuffer(exports.NONCE_SIZE + 4 + 1); this.view = new DataView(this.buffer); this.array = new Uint8Array(this.buffer); this.array.set(noncePrefix); this.counter = 0; this.finished = false; } /** Compute the next nonce value, incrementing the internal counter */ next(lastBlock) { if (this.finished) { throw new Error("STREAM: already finished"); } this.view.setInt32(8, this.counter, false); if (lastBlock) { this.view.setInt8(12, exports.LAST_BLOCK_FLAG); this.finished = true; } else { this.counter += 1; if (this.counter > exports.COUNTER_MAX) { throw new Error("STREAM counter overflowed"); } } return this.array; } }