UNPKG

tink-crypto

Version:

A multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

github.com/google/tink

google/tink

104 lines 13 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
/** * @license * Copyright 2020 Google LLC * SPDX-License-Identifier: Apache-2.0 */ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; import { Aead } from '../aead/internal/aead'; import { SecurityException } from '../exception/security_exception'; import * as aesCtr from './aes_ctr'; import * as Bytes from './bytes'; import * as hmac from './hmac'; import * as Validators from './validators'; /** * This primitive performs an encrypt-then-Mac operation on plaintext and * additional authenticated data (aad). * * The Mac is computed over `aad || ciphertext || size of aad`, thus it * doesn't violate https://en.wikipedia.org/wiki/Horton_Principle. * * This implementation is based on * http://tools.ietf.org/html/draft-mcgrew-aead-aes-cbc-hmac-sha2-05. * * @final */ export class EncryptThenAuthenticate extends Aead { /** * @param ivSize the IV size in bytes * @param tagSize the MAC tag size in bytes * @throws {InvalidArgumentsException} */ constructor(cipher, ivSize, mac, tagSize) { super(); this.cipher = cipher; this.ivSize = ivSize; this.mac = mac; this.tagSize = tagSize; } /** * The plaintext is encrypted with an {@link IndCpaCipher}, then MAC * is computed over `aad || ciphertext || t` where t is aad's length in bits * represented as 64-bit bigendian unsigned integer. The final ciphertext * format is `ind-cpa ciphertext || mac`. * */ encrypt(plaintext, associatedData = new Uint8Array(0)) { return __awaiter(this, void 0, void 0, function* () { Validators.requireUint8Array(plaintext); const payload = yield this.cipher.encrypt(plaintext); Validators.requireUint8Array(associatedData); const aadLength = Bytes.fromNumber(associatedData.length * 8); const mac = yield this.mac.computeMac(Bytes.concat(associatedData, payload, aadLength)); if (this.tagSize != mac.length) { throw new SecurityException('invalid tag size, expected ' + this.tagSize + ' but got ' + mac.length); } return Bytes.concat(payload, mac); }); } /** */ decrypt(ciphertext, associatedData = new Uint8Array(0)) { return __awaiter(this, void 0, void 0, function* () { Validators.requireUint8Array(ciphertext); if (ciphertext.length < this.ivSize + this.tagSize) { throw new SecurityException('ciphertext too short'); } const payload = new Uint8Array(ciphertext.subarray(0, ciphertext.length - this.tagSize)); Validators.requireUint8Array(associatedData); const aadLength = Bytes.fromNumber(associatedData.length * 8); const input = Bytes.concat(associatedData, payload, aadLength); const tag = new Uint8Array(ciphertext.subarray(payload.length)); const isValidMac = yield this.mac.verifyMac(tag, input); if (!isValidMac) { throw new SecurityException('invalid MAC'); } return this.cipher.decrypt(payload); }); } } /** * @param ivSize the size of the IV * @param hmacHashAlgo accepted names are SHA-1, SHA-256 and SHA-512 * @param tagSize the size of the tag * @throws {InvalidArgumentsException} * @static */ export function aesCtrHmacFromRawKeys(aesKey, ivSize, hmacHashAlgo, hmacKey, tagSize) { return __awaiter(this, void 0, void 0, function* () { Validators.requireUint8Array(aesKey); Validators.requireUint8Array(hmacKey); const cipher = yield aesCtr.fromRawKey(aesKey, ivSize); const mac = yield hmac.fromRawKey(hmacHashAlgo, hmacKey, tagSize); return new EncryptThenAuthenticate(cipher, ivSize, mac, tagSize); }); } //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZW5jcnlwdF90aGVuX2F1dGhlbnRpY2F0ZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3N1YnRsZS9lbmNyeXB0X3RoZW5fYXV0aGVudGljYXRlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOzs7O0dBSUc7Ozs7Ozs7Ozs7QUFFSCxPQUFPLEVBQUMsSUFBSSxFQUFDLE1BQU0sdUJBQXVCLENBQUM7QUFDM0MsT0FBTyxFQUFDLGlCQUFpQixFQUFDLE1BQU0saUNBQWlDLENBQUM7QUFHbEUsT0FBTyxLQUFLLE1BQU0sTUFBTSxXQUFXLENBQUM7QUFDcEMsT0FBTyxLQUFLLEtBQUssTUFBTSxTQUFTLENBQUM7QUFDakMsT0FBTyxLQUFLLElBQUksTUFBTSxRQUFRLENBQUM7QUFFL0IsT0FBTyxLQUFLLFVBQVUsTUFBTSxjQUFjLENBQUM7QUFFM0M7Ozs7Ozs7Ozs7O0dBV0c7QUFDSCxNQUFNLE9BQU8sdUJBQXdCLFNBQVEsSUFBSTtJQUMvQzs7OztPQUlHO0lBQ0gsWUFDcUIsTUFBb0IsRUFBbUIsTUFBYyxFQUNyRCxHQUFRLEVBQW1CLE9BQWU7UUFDN0QsS0FBSyxFQUFFLENBQUM7UUFGVyxXQUFNLEdBQU4sTUFBTSxDQUFjO1FBQW1CLFdBQU0sR0FBTixNQUFNLENBQVE7UUFDckQsUUFBRyxHQUFILEdBQUcsQ0FBSztRQUFtQixZQUFPLEdBQVAsT0FBTyxDQUFRO0lBRS9ELENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDRyxPQUFPLENBQUMsU0FBcUIsRUFBRSxjQUFjLEdBQUcsSUFBSSxVQUFVLENBQUMsQ0FBQyxDQUFDOztZQUVyRSxVQUFVLENBQUMsaUJBQWlCLENBQUMsU0FBUyxDQUFDLENBQUM7WUFDeEMsTUFBTSxPQUFPLEdBQUcsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FBQztZQUNyRCxVQUFVLENBQUMsaUJBQWlCLENBQUMsY0FBYyxDQUFDLENBQUM7WUFDN0MsTUFBTSxTQUFTLEdBQUcsS0FBSyxDQUFDLFVBQVUsQ0FBQyxjQUFjLENBQUMsTUFBTSxHQUFHLENBQUMsQ0FBQyxDQUFDO1lBQzlELE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLEdBQUcsQ0FBQyxVQUFVLENBQ2pDLEtBQUssQ0FBQyxNQUFNLENBQUMsY0FBYyxFQUFFLE9BQU8sRUFBRSxTQUFTLENBQUMsQ0FBQyxDQUFDO1lBQ3RELElBQUksSUFBSSxDQUFDLE9BQU8sSUFBSSxHQUFHLENBQUMsTUFBTSxFQUFFO2dCQUM5QixNQUFNLElBQUksaUJBQWlCLENBQ3ZCLDZCQUE2QixHQUFHLElBQUksQ0FBQyxPQUFPLEdBQUcsV0FBVztvQkFDMUQsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDO2FBQ2pCO1lBQ0QsT0FBTyxLQUFLLENBQUMsTUFBTSxDQUFDLE9BQU8sRUFBRSxHQUFHLENBQUMsQ0FBQztRQUNwQyxDQUFDO0tBQUE7SUFFRDtPQUNHO0lBQ0csT0FBTyxDQUFDLFVBQXNCLEVBQUUsY0FBYyxHQUFHLElBQUksVUFBVSxDQUFDLENBQUMsQ0FBQzs7WUFFdEUsVUFBVSxDQUFDLGlCQUFpQixDQUFDLFVBQVUsQ0FBQyxDQUFDO1lBQ3pDLElBQUksVUFBVSxDQUFDLE1BQU0sR0FBRyxJQUFJLENBQUMsTUFBTSxHQUFHLElBQUksQ0FBQyxPQUFPLEVBQUU7Z0JBQ2xELE1BQU0sSUFBSSxpQkFBaUIsQ0FBQyxzQkFBc0IsQ0FBQyxDQUFDO2FBQ3JEO1lBQ0QsTUFBTSxPQUFPLEdBQUcsSUFBSSxVQUFVLENBQzFCLFVBQVUsQ0FBQyxRQUFRLENBQUMsQ0FBQyxFQUFFLFVBQVUsQ0FBQyxNQUFNLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUM7WUFDOUQsVUFBVSxDQUFDLGlCQUFpQixDQUFDLGNBQWMsQ0FBQyxDQUFDO1lBQzdDLE1BQU0sU0FBUyxHQUFHLEtBQUssQ0FBQyxVQUFVLENBQUMsY0FBYyxDQUFDLE1BQU0sR0FBRyxDQUFDLENBQUMsQ0FBQztZQUM5RCxNQUFNLEtBQUssR0FBRyxLQUFLLENBQUMsTUFBTSxDQUFDLGNBQWMsRUFBRSxPQUFPLEVBQUUsU0FBUyxDQUFDLENBQUM7WUFDL0QsTUFBTSxHQUFHLEdBQUcsSUFBSSxVQUFVLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQztZQUNoRSxNQUFNLFVBQVUsR0FBRyxNQUFNLElBQUksQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLEdBQUcsRUFBRSxLQUFLLENBQUMsQ0FBQztZQUN4RCxJQUFJLENBQUMsVUFBVSxFQUFFO2dCQUNmLE1BQU0sSUFBSSxpQkFBaUIsQ0FBQyxhQUFhLENBQUMsQ0FBQzthQUM1QztZQUNELE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDdEMsQ0FBQztLQUFBO0NBQ0Y7QUFFRDs7Ozs7O0dBTUc7QUFDSCxNQUFNLFVBQWdCLHFCQUFxQixDQUN2QyxNQUFrQixFQUFFLE1BQWMsRUFBRSxZQUFvQixFQUN4RCxPQUFtQixFQUFFLE9BQWU7O1FBQ3RDLFVBQVUsQ0FBQyxpQkFBaUIsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNyQyxVQUFVLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDdEMsTUFBTSxNQUFNLEdBQUcsTUFBTSxNQUFNLENBQUMsVUFBVSxDQUFDLE1BQU0sRUFBRSxNQUFNLENBQUMsQ0FBQztRQUN2RCxNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsWUFBWSxFQUFFLE9BQU8sRUFBRSxPQUFPLENBQUMsQ0FBQztRQUNsRSxPQUFPLElBQUksdUJBQXVCLENBQUMsTUFBTSxFQUFFLE1BQU0sRUFBRSxHQUFHLEVBQUUsT0FBTyxDQUFDLENBQUM7SUFDbkUsQ0FBQztDQUFBIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiBAbGljZW5zZVxuICogQ29weXJpZ2h0IDIwMjAgR29vZ2xlIExMQ1xuICogU1BEWC1MaWNlbnNlLUlkZW50aWZpZXI6IEFwYWNoZS0yLjBcbiAqL1xuXG5pbXBvcnQge0FlYWR9IGZyb20gJy4uL2FlYWQvaW50ZXJuYWwvYWVhZCc7XG5pbXBvcnQge1NlY3VyaXR5RXhjZXB0aW9ufSBmcm9tICcuLi9leGNlcHRpb24vc2VjdXJpdHlfZXhjZXB0aW9uJztcbmltcG9ydCB7TWFjfSBmcm9tICcuLi9tYWMvaW50ZXJuYWwvbWFjJztcblxuaW1wb3J0ICogYXMgYWVzQ3RyIGZyb20gJy4vYWVzX2N0cic7XG5pbXBvcnQgKiBhcyBCeXRlcyBmcm9tICcuL2J5dGVzJztcbmltcG9ydCAqIGFzIGhtYWMgZnJvbSAnLi9obWFjJztcbmltcG9ydCB7SW5kQ3BhQ2lwaGVyfSBmcm9tICcuL2luZF9jcGFfY2lwaGVyJztcbmltcG9ydCAqIGFzIFZhbGlkYXRvcnMgZnJvbSAnLi92YWxpZGF0b3JzJztcblxuLyoqXG4gKiBUaGlzIHByaW1pdGl2ZSBwZXJmb3JtcyBhbiBlbmNyeXB0LXRoZW4tTWFjIG9wZXJhdGlvbiBvbiBwbGFpbnRleHQgYW5kXG4gKiBhZGRpdGlvbmFsIGF1dGhlbnRpY2F0ZWQgZGF0YSAoYWFkKS5cbiAqXG4gKiBUaGUgTWFjIGlzIGNvbXB1dGVkIG92ZXIgYGFhZCB8fCBjaXBoZXJ0ZXh0IHx8IHNpemUgb2YgYWFkYCwgdGh1cyBpdFxuICogZG9lc24ndCB2aW9sYXRlIGh0dHBzOi8vZW4ud2lraXBlZGlhLm9yZy93aWtpL0hvcnRvbl9QcmluY2lwbGUuXG4gKlxuICogVGhpcyBpbXBsZW1lbnRhdGlvbiBpcyBiYXNlZCBvblxuICogaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtbWNncmV3LWFlYWQtYWVzLWNiYy1obWFjLXNoYTItMDUuXG4gKlxuICogQGZpbmFsXG4gKi9cbmV4cG9ydCBjbGFzcyBFbmNyeXB0VGhlbkF1dGhlbnRpY2F0ZSBleHRlbmRzIEFlYWQge1xuICAvKipcbiAgICogQHBhcmFtIGl2U2l6ZSB0aGUgSVYgc2l6ZSBpbiBieXRlc1xuICAgKiBAcGFyYW0gdGFnU2l6ZSB0aGUgTUFDIHRhZyBzaXplIGluIGJ5dGVzXG4gICAqIEB0aHJvd3Mge0ludmFsaWRBcmd1bWVudHNFeGNlcHRpb259XG4gICAqL1xuICBjb25zdHJ1Y3RvcihcbiAgICAgIHByaXZhdGUgcmVhZG9ubHkgY2lwaGVyOiBJbmRDcGFDaXBoZXIsIHByaXZhdGUgcmVhZG9ubHkgaXZTaXplOiBudW1iZXIsXG4gICAgICBwcml2YXRlIHJlYWRvbmx5IG1hYzogTWFjLCBwcml2YXRlIHJlYWRvbmx5IHRhZ1NpemU6IG51bWJlcikge1xuICAgIHN1cGVyKCk7XG4gIH1cblxuICAvKipcbiAgICogVGhlIHBsYWludGV4dCBpcyBlbmNyeXB0ZWQgd2l0aCBhbiB7QGxpbmsgSW5kQ3BhQ2lwaGVyfSwgdGhlbiBNQUNcbiAgICogaXMgY29tcHV0ZWQgb3ZlciBgYWFkIHx8IGNpcGhlcnRleHQgfHwgdGAgd2hlcmUgdCBpcyBhYWQncyBsZW5ndGggaW4gYml0c1xuICAgKiByZXByZXNlbnRlZCBhcyA2NC1iaXQgYmlnZW5kaWFuIHVuc2lnbmVkIGludGVnZXIuIFRoZSBmaW5hbCBjaXBoZXJ0ZXh0XG4gICAqIGZvcm1hdCBpcyBgaW5kLWNwYSBjaXBoZXJ0ZXh0IHx8IG1hY2AuXG4gICAqXG4gICAqL1xuICBhc3luYyBlbmNyeXB0KHBsYWludGV4dDogVWludDhBcnJheSwgYXNzb2NpYXRlZERhdGEgPSBuZXcgVWludDhBcnJheSgwKSk6XG4gICAgICBQcm9taXNlPFVpbnQ4QXJyYXk+IHtcbiAgICBWYWxpZGF0b3JzLnJlcXVpcmVVaW50OEFycmF5KHBsYWludGV4dCk7XG4gICAgY29uc3QgcGF5bG9hZCA9IGF3YWl0IHRoaXMuY2lwaGVyLmVuY3J5cHQocGxhaW50ZXh0KTtcbiAgICBWYWxpZGF0b3JzLnJlcXVpcmVVaW50OEFycmF5KGFzc29jaWF0ZWREYXRhKTtcbiAgICBjb25zdCBhYWRMZW5ndGggPSBCeXRlcy5mcm9tTnVtYmVyKGFzc29jaWF0ZWREYXRhLmxlbmd0aCAqIDgpO1xuICAgIGNvbnN0IG1hYyA9IGF3YWl0IHRoaXMubWFjLmNvbXB1dGVNYWMoXG4gICAgICAgIEJ5dGVzLmNvbmNhdChhc3NvY2lhdGVkRGF0YSwgcGF5bG9hZCwgYWFkTGVuZ3RoKSk7XG4gICAgaWYgKHRoaXMudGFnU2l6ZSAhPSBtYWMubGVuZ3RoKSB7XG4gICAgICB0aHJvdyBuZXcgU2VjdXJpdHlFeGNlcHRpb24oXG4gICAgICAgICAgJ2ludmFsaWQgdGFnIHNpemUsIGV4cGVjdGVkICcgKyB0aGlzLnRhZ1NpemUgKyAnIGJ1dCBnb3QgJyArXG4gICAgICAgICAgbWFjLmxlbmd0aCk7XG4gICAgfVxuICAgIHJldHVybiBCeXRlcy5jb25jYXQocGF5bG9hZCwgbWFjKTtcbiAgfVxuXG4gIC8qKlxuICAgKi9cbiAgYXN5bmMgZGVjcnlwdChjaXBoZXJ0ZXh0OiBVaW50OEFycmF5LCBhc3NvY2lhdGVkRGF0YSA9IG5ldyBVaW50OEFycmF5KDApKTpcbiAgICAgIFByb21pc2U8VWludDhBcnJheT4ge1xuICAgIFZhbGlkYXRvcnMucmVxdWlyZVVpbnQ4QXJyYXkoY2lwaGVydGV4dCk7XG4gICAgaWYgKGNpcGhlcnRleHQubGVuZ3RoIDwgdGhpcy5pdlNpemUgKyB0aGlzLnRhZ1NpemUpIHtcbiAgICAgIHRocm93IG5ldyBTZWN1cml0eUV4Y2VwdGlvbignY2lwaGVydGV4dCB0b28gc2hvcnQnKTtcbiAgICB9XG4gICAgY29uc3QgcGF5bG9hZCA9IG5ldyBVaW50OEFycmF5KFxuICAgICAgICBjaXBoZXJ0ZXh0LnN1YmFycmF5KDAsIGNpcGhlcnRleHQubGVuZ3RoIC0gdGhpcy50YWdTaXplKSk7XG4gICAgVmFsaWRhdG9ycy5yZXF1aXJlVWludDhBcnJheShhc3NvY2lhdGVkRGF0YSk7XG4gICAgY29uc3QgYWFkTGVuZ3RoID0gQnl0ZXMuZnJvbU51bWJlcihhc3NvY2lhdGVkRGF0YS5sZW5ndGggKiA4KTtcbiAgICBjb25zdCBpbnB1dCA9IEJ5dGVzLmNvbmNhdChhc3NvY2lhdGVkRGF0YSwgcGF5bG9hZCwgYWFkTGVuZ3RoKTtcbiAgICBjb25zdCB0YWcgPSBuZXcgVWludDhBcnJheShjaXBoZXJ0ZXh0LnN1YmFycmF5KHBheWxvYWQubGVuZ3RoKSk7XG4gICAgY29uc3QgaXNWYWxpZE1hYyA9IGF3YWl0IHRoaXMubWFjLnZlcmlmeU1hYyh0YWcsIGlucHV0KTtcbiAgICBpZiAoIWlzVmFsaWRNYWMpIHtcbiAgICAgIHRocm93IG5ldyBTZWN1cml0eUV4Y2VwdGlvbignaW52YWxpZCBNQUMnKTtcbiAgICB9XG4gICAgcmV0dXJuIHRoaXMuY2lwaGVyLmRlY3J5cHQocGF5bG9hZCk7XG4gIH1cbn1cblxuLyoqXG4gKiBAcGFyYW0gaXZTaXplIHRoZSBzaXplIG9mIHRoZSBJVlxuICogQHBhcmFtIGhtYWNIYXNoQWxnbyBhY2NlcHRlZCBuYW1lcyBhcmUgU0hBLTEsIFNIQS0yNTYgYW5kIFNIQS01MTJcbiAqIEBwYXJhbSB0YWdTaXplIHRoZSBzaXplIG9mIHRoZSB0YWdcbiAqIEB0aHJvd3Mge0ludmFsaWRBcmd1bWVudHNFeGNlcHRpb259XG4gKiBAc3RhdGljXG4gKi9cbmV4cG9ydCBhc3luYyBmdW5jdGlvbiBhZXNDdHJIbWFjRnJvbVJhd0tleXMoXG4gICAgYWVzS2V5OiBVaW50OEFycmF5LCBpdlNpemU6IG51bWJlciwgaG1hY0hhc2hBbGdvOiBzdHJpbmcsXG4gICAgaG1hY0tleTogVWludDhBcnJheSwgdGFnU2l6ZTogbnVtYmVyKTogUHJvbWlzZTxFbmNyeXB0VGhlbkF1dGhlbnRpY2F0ZT4ge1xuICBWYWxpZGF0b3JzLnJlcXVpcmVVaW50OEFycmF5KGFlc0tleSk7XG4gIFZhbGlkYXRvcnMucmVxdWlyZVVpbnQ4QXJyYXkoaG1hY0tleSk7XG4gIGNvbnN0IGNpcGhlciA9IGF3YWl0IGFlc0N0ci5mcm9tUmF3S2V5KGFlc0tleSwgaXZTaXplKTtcbiAgY29uc3QgbWFjID0gYXdhaXQgaG1hYy5mcm9tUmF3S2V5KGhtYWNIYXNoQWxnbywgaG1hY0tleSwgdGFnU2l6ZSk7XG4gIHJldHVybiBuZXcgRW5jcnlwdFRoZW5BdXRoZW50aWNhdGUoY2lwaGVyLCBpdlNpemUsIG1hYywgdGFnU2l6ZSk7XG59XG4iXX0=