UNPKG

triplesec

Version:

A CommonJS-compliant system for secure encryption of smallish secrets

github.com/keybase/triplesec

keybase/triplesec

292 lines (259 loc) 14.7 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
// Generated by IcedCoffeeScript 108.0.8 (function() { var BlockCipher, G, Global, TwoFish, scrub_vec, __hasProp = {}.hasOwnProperty, __extends = function(child, parent) { for (var key in parent) { if (__hasProp.call(parent, key)) child[key] = parent[key]; } function ctor() { this.constructor = child; } ctor.prototype = parent.prototype; child.prototype = new ctor(); child.__super__ = parent.prototype; return child; }; BlockCipher = require('./algbase').BlockCipher; scrub_vec = require('./util').scrub_vec; Global = (function() { function Global() { this.P = [[0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76, 0x9A, 0x92, 0x80, 0x78, 0xE4, 0xDD, 0xD1, 0x38, 0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C, 0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48, 0xF2, 0xD0, 0x8B, 0x30, 0x84, 0x54, 0xDF, 0x23, 0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82, 0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C, 0xA6, 0xEB, 0xA5, 0xBE, 0x16, 0x0C, 0xE3, 0x61, 0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B, 0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1, 0xE1, 0xE6, 0xBD, 0x45, 0xE2, 0xF4, 0xB6, 0x66, 0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7, 0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA, 0xEA, 0x77, 0x39, 0xAF, 0x33, 0xC9, 0x62, 0x71, 0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8, 0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7, 0xA1, 0x1D, 0xAA, 0xED, 0x06, 0x70, 0xB2, 0xD2, 0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90, 0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB, 0x9E, 0x9C, 0x52, 0x1B, 0x5F, 0x93, 0x0A, 0xEF, 0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B, 0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64, 0x2A, 0xCE, 0xCB, 0x2F, 0xFC, 0x97, 0x05, 0x7A, 0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A, 0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02, 0xB8, 0xDA, 0xB0, 0x17, 0x55, 0x1F, 0x8A, 0x7D, 0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72, 0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34, 0x6E, 0x50, 0xDE, 0x68, 0x65, 0xBC, 0xDB, 0xF8, 0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4, 0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00, 0x6F, 0x9D, 0x36, 0x42, 0x4A, 0x5E, 0xC1, 0xE0], [0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8, 0x4A, 0xD3, 0xE6, 0x6B, 0x45, 0x7D, 0xE8, 0x4B, 0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1, 0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F, 0x5E, 0xBA, 0xAE, 0x5B, 0x8A, 0x00, 0xBC, 0x9D, 0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5, 0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3, 0xB2, 0x73, 0x4C, 0x54, 0x92, 0x74, 0x36, 0x51, 0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96, 0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C, 0x13, 0x95, 0x9C, 0xC7, 0x24, 0x46, 0x3B, 0x70, 0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8, 0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC, 0x03, 0x6F, 0x08, 0xBF, 0x40, 0xE7, 0x2B, 0xE2, 0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9, 0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17, 0x66, 0x94, 0xA1, 0x1D, 0x3D, 0xF0, 0xDE, 0xB3, 0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E, 0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49, 0x81, 0x88, 0xEE, 0x21, 0xC4, 0x1A, 0xEB, 0xD9, 0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01, 0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48, 0x4F, 0xF2, 0x65, 0x8E, 0x78, 0x5C, 0x58, 0x19, 0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64, 0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5, 0xCE, 0xE9, 0x68, 0x44, 0xE0, 0x4D, 0x43, 0x69, 0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E, 0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC, 0x22, 0xC9, 0xC0, 0x9B, 0x89, 0xD4, 0xED, 0xAB, 0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9, 0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2, 0x16, 0x25, 0x86, 0x56, 0x55, 0x09, 0xBE, 0x91]]; this.P_00 = 1; this.P_01 = 0; this.P_02 = 0; this.P_03 = 1; this.P_04 = 1; this.P_10 = 0; this.P_11 = 0; this.P_12 = 1; this.P_13 = 1; this.P_14 = 0; this.P_20 = 1; this.P_21 = 1; this.P_22 = 0; this.P_23 = 0; this.P_24 = 0; this.P_30 = 0; this.P_31 = 1; this.P_32 = 1; this.P_33 = 0; this.P_34 = 1; this.GF256_FDBK = 0x169; this.GF256_FDBK_2 = this.GF256_FDBK / 2; this.GF256_FDBK_4 = this.GF256_FDBK / 4; this.RS_GF_FDBK = 0x14D; this.SK_STEP = 0x02020202; this.SK_BUMP = 0x01010101; this.SK_ROTL = 9; } return Global; })(); G = new Global(); exports.TwoFish = TwoFish = (function(_super) { __extends(TwoFish, _super); TwoFish.blockSize = 4 * 4; TwoFish.prototype.blockSize = TwoFish.blockSize; TwoFish.keySize = 256 / 8; TwoFish.prototype.keySize = TwoFish.keySize; TwoFish.ivSize = TwoFish.blockSize; TwoFish.prototype.ivSize = TwoFish.ivSize; function TwoFish(key) { this._key = key.clone(); this.gMDS0 = []; this.gMDS1 = []; this.gMDS2 = []; this.gMDS3 = []; this.gSubKeys = []; this.gSBox = []; this.k64Cnt = 0; this._doReset(); } TwoFish.prototype.getByte = function(x, n) { return (x >>> (n * 8)) & 0xFF; }; TwoFish.prototype.switchEndianness = function(word) { return ((word & 0xff) << 24) | (((word >> 8) & 0xff) << 16) | (((word >> 16) & 0xff) << 8) | ((word >> 24) & 0xff); }; TwoFish.prototype.LFSR1 = function(x) { return (x >> 1) ^ ((x & 0x01) !== 0 ? G.GF256_FDBK_2 : 0); }; TwoFish.prototype.LFSR2 = function(x) { return (x >> 2) ^ ((x & 0x02) !== 0 ? G.GF256_FDBK_2 : 0) ^ ((x & 0x01) !== 0 ? G.GF256_FDBK_4 : 0); }; TwoFish.prototype.Mx_X = function(x) { return x ^ this.LFSR2(x); }; TwoFish.prototype.Mx_Y = function(x) { return x ^ this.LFSR1(x) ^ this.LFSR2(x); }; TwoFish.prototype.RS_rem = function(x) { var b, g2, g3; b = (x >>> 24) & 0xff; g2 = ((b << 1) ^ ((b & 0x80) !== 0 ? G.RS_GF_FDBK : 0)) & 0xff; g3 = ((b >>> 1) ^ ((b & 0x01) !== 0 ? G.RS_GF_FDBK >>> 1 : 0)) ^ g2; return (x << 8) ^ (g3 << 24) ^ (g2 << 16) ^ (g3 << 8) ^ b; }; TwoFish.prototype.RS_MDS_Encode = function(k0, k1) { var i, r, _i, _j; r = k1; for (i = _i = 0; _i < 4; i = ++_i) { r = this.RS_rem(r); } r ^= k0; for (i = _j = 0; _j < 4; i = ++_j) { r = this.RS_rem(r); } return r; }; TwoFish.prototype.F32 = function(x, k32) { var b0, b1, b2, b3, k0, k1, k2, k3, m, res; b0 = this.getByte(x, 0); b1 = this.getByte(x, 1); b2 = this.getByte(x, 2); b3 = this.getByte(x, 3); k0 = k32[0]; k1 = k32[1]; k2 = k32[2]; k3 = k32[3]; m = this.k64Cnt & 3; res = m === 1 ? this.gMDS0[(G.P[G.P_01][b0] & 0xff) ^ this.getByte(k0, 0)] ^ this.gMDS1[(G.P[G.P_11][b1] & 0xff) ^ this.getByte(k0, 1)] ^ this.gMDS2[(G.P[G.P_21][b2] & 0xff) ^ this.getByte(k0, 2)] ^ this.gMDS3[(G.P[G.P_31][b3] & 0xff) ^ this.getByte(k0, 3)] : (m === 0 ? (b0 = (G.P[G.P_04][b0] & 0xff) ^ this.getByte(k3, 0), b1 = (G.P[G.P_14][b1] & 0xff) ^ this.getByte(k3, 1), b2 = (G.P[G.P_24][b2] & 0xff) ^ this.getByte(k3, 2), b3 = (G.P[G.P_34][b3] & 0xff) ^ this.getByte(k3, 3)) : void 0, m === 0 || m === 3 ? (b0 = (G.P[G.P_03][b0] & 0xff) ^ this.getByte(k2, 0), b1 = (G.P[G.P_13][b1] & 0xff) ^ this.getByte(k2, 1), b2 = (G.P[G.P_23][b2] & 0xff) ^ this.getByte(k2, 2), b3 = (G.P[G.P_33][b3] & 0xff) ^ this.getByte(k2, 3)) : void 0, this.gMDS0[(G.P[G.P_01][(G.P[G.P_02][b0] & 0xff) ^ this.getByte(k1, 0)] & 0xff) ^ this.getByte(k0, 0)] ^ this.gMDS1[(G.P[G.P_11][(G.P[G.P_12][b1] & 0xff) ^ this.getByte(k1, 1)] & 0xff) ^ this.getByte(k0, 1)] ^ this.gMDS2[(G.P[G.P_21][(G.P[G.P_22][b2] & 0xff) ^ this.getByte(k1, 2)] & 0xff) ^ this.getByte(k0, 2)] ^ this.gMDS3[(G.P[G.P_31][(G.P[G.P_32][b3] & 0xff) ^ this.getByte(k1, 3)] & 0xff) ^ this.getByte(k0, 3)]); return res; }; TwoFish.prototype.Fe32_0 = function(x) { return this.gSBox[0x000 + 2 * (x & 0xff)] ^ this.gSBox[0x001 + 2 * ((x >>> 8) & 0xff)] ^ this.gSBox[0x200 + 2 * ((x >>> 16) & 0xff)] ^ this.gSBox[0x201 + 2 * ((x >>> 24) & 0xff)]; }; TwoFish.prototype.Fe32_3 = function(x) { return this.gSBox[0x000 + 2 * ((x >>> 24) & 0xff)] ^ this.gSBox[0x001 + 2 * (x & 0xff)] ^ this.gSBox[0x200 + 2 * ((x >>> 8) & 0xff)] ^ this.gSBox[0x201 + 2 * ((x >>> 16) & 0xff)]; }; TwoFish.prototype._doReset = function() { var A, B, b0, b1, b2, b3, i, j, k0, k1, k2, k3, k32e, k32o, m, m1, mX, mY, p, q, sBoxKeys, _i, _j, _k, _l, _ref, _ref1, _results; k32e = []; k32o = []; sBoxKeys = []; m1 = []; mX = []; mY = []; this.k64Cnt = this._key.words.length / 2; if (this.k64Cnt < 1) { throw "Key size less than 64 bits"; } if (this.k64Cnt > 4) { throw "Key size larger than 256 bits"; } for (i = _i = 0; _i < 256; i = ++_i) { j = G.P[0][i] & 0xff; m1[0] = j; mX[0] = this.Mx_X(j) & 0xff; mY[0] = this.Mx_Y(j) & 0xff; j = G.P[1][i] & 0xff; m1[1] = j; mX[1] = this.Mx_X(j) & 0xff; mY[1] = this.Mx_Y(j) & 0xff; this.gMDS0[i] = m1[G.P_00] | mX[G.P_00] << 8 | mY[G.P_00] << 16 | mY[G.P_00] << 24; this.gMDS1[i] = mY[G.P_10] | mY[G.P_10] << 8 | mX[G.P_10] << 16 | m1[G.P_10] << 24; this.gMDS2[i] = mX[G.P_20] | mY[G.P_20] << 8 | m1[G.P_20] << 16 | mY[G.P_20] << 24; this.gMDS3[i] = mX[G.P_30] | m1[G.P_30] << 8 | mY[G.P_30] << 16 | mX[G.P_30] << 24; } for (i = _j = 0, _ref = this.k64Cnt; 0 <= _ref ? _j < _ref : _j > _ref; i = 0 <= _ref ? ++_j : --_j) { p = i * 2; k32e[i] = this.switchEndianness(this._key.words[p]); k32o[i] = this.switchEndianness(this._key.words[p + 1]); sBoxKeys[this.k64Cnt - 1 - i] = this.RS_MDS_Encode(k32e[i], k32o[i]); } for (i = _k = 0, _ref1 = 40 / 2; 0 <= _ref1 ? _k < _ref1 : _k > _ref1; i = 0 <= _ref1 ? ++_k : --_k) { q = i * G.SK_STEP; A = this.F32(q, k32e); B = this.F32(q + G.SK_BUMP, k32o); B = B << 8 | B >>> 24; A += B; this.gSubKeys[i * 2] = A; A += B; this.gSubKeys[i * 2 + 1] = A << G.SK_ROTL | A >>> (32 - G.SK_ROTL); } k0 = sBoxKeys[0]; k1 = sBoxKeys[1]; k2 = sBoxKeys[2]; k3 = sBoxKeys[3]; this.gSBox = []; _results = []; for (i = _l = 0; _l < 256; i = ++_l) { b0 = b1 = b2 = b3 = i; m = this.k64Cnt & 3; if (m === 1) { this.gSBox[i * 2] = this.gMDS0[(G.P[G.P_01][b0] & 0xff) ^ this.getByte(k0, 0)]; this.gSBox[i * 2 + 1] = this.gMDS1[(G.P[G.P_11][b1] & 0xff) ^ this.getByte(k0, 1)]; this.gSBox[i * 2 + 0x200] = this.gMDS2[(G.P[G.P_21][b2] & 0xff) ^ this.getByte(k0, 2)]; _results.push(this.gSBox[i * 2 + 0x201] = this.gMDS3[(G.P[G.P_31][b3] & 0xff) ^ this.getByte(k0, 3)]); } else { if (m === 0) { b0 = (G.P[G.P_04][b0] & 0xff) ^ this.getByte(k3, 0); b1 = (G.P[G.P_14][b1] & 0xff) ^ this.getByte(k3, 1); b2 = (G.P[G.P_24][b2] & 0xff) ^ this.getByte(k3, 2); b3 = (G.P[G.P_34][b3] & 0xff) ^ this.getByte(k3, 3); } if (m === 0 || m === 3) { b0 = (G.P[G.P_03][b0] & 0xff) ^ this.getByte(k2, 0); b1 = (G.P[G.P_13][b1] & 0xff) ^ this.getByte(k2, 1); b2 = (G.P[G.P_23][b2] & 0xff) ^ this.getByte(k2, 2); b3 = (G.P[G.P_33][b3] & 0xff) ^ this.getByte(k2, 3); } this.gSBox[i * 2] = this.gMDS0[(G.P[G.P_01][(G.P[G.P_02][b0] & 0xff) ^ this.getByte(k1, 0)] & 0xff) ^ this.getByte(k0, 0)]; this.gSBox[i * 2 + 1] = this.gMDS1[(G.P[G.P_11][(G.P[G.P_12][b1] & 0xff) ^ this.getByte(k1, 1)] & 0xff) ^ this.getByte(k0, 1)]; this.gSBox[i * 2 + 0x200] = this.gMDS2[(G.P[G.P_21][(G.P[G.P_22][b2] & 0xff) ^ this.getByte(k1, 2)] & 0xff) ^ this.getByte(k0, 2)]; _results.push(this.gSBox[i * 2 + 0x201] = this.gMDS3[(G.P[G.P_31][(G.P[G.P_32][b3] & 0xff) ^ this.getByte(k1, 3)] & 0xff) ^ this.getByte(k0, 3)]); } } return _results; }; TwoFish.prototype.scrub = function() { scrub_vec(this.gSubKeys); scrub_vec(this.gSBox); return this._key.scrub(); }; TwoFish.prototype.decryptBlock = function(M, offset) { var k, r, t0, t1, x0, x1, x2, x3, _i; if (offset == null) { offset = 0; } x2 = this.switchEndianness(M[offset]) ^ this.gSubKeys[4]; x3 = this.switchEndianness(M[offset + 1]) ^ this.gSubKeys[5]; x0 = this.switchEndianness(M[offset + 2]) ^ this.gSubKeys[6]; x1 = this.switchEndianness(M[offset + 3]) ^ this.gSubKeys[7]; k = 8 + 2 * 16 - 1; for (r = _i = 0; _i < 16; r = _i += 2) { t0 = this.Fe32_0(x2); t1 = this.Fe32_3(x3); x1 ^= t0 + 2 * t1 + this.gSubKeys[k--]; x0 = (x0 << 1 | x0 >>> 31) ^ (t0 + t1 + this.gSubKeys[k--]); x1 = x1 >>> 1 | x1 << 31; t0 = this.Fe32_0(x0); t1 = this.Fe32_3(x1); x3 ^= t0 + 2 * t1 + this.gSubKeys[k--]; x2 = (x2 << 1 | x2 >>> 31) ^ (t0 + t1 + this.gSubKeys[k--]); x3 = x3 >>> 1 | x3 << 31; } M[offset] = this.switchEndianness(x0 ^ this.gSubKeys[0]); M[offset + 1] = this.switchEndianness(x1 ^ this.gSubKeys[1]); M[offset + 2] = this.switchEndianness(x2 ^ this.gSubKeys[2]); return M[offset + 3] = this.switchEndianness(x3 ^ this.gSubKeys[3]); }; TwoFish.prototype.encryptBlock = function(M, offset) { var k, r, t0, t1, x0, x1, x2, x3, _i; if (offset == null) { offset = 0; } x0 = this.switchEndianness(M[offset]) ^ this.gSubKeys[0]; x1 = this.switchEndianness(M[offset + 1]) ^ this.gSubKeys[1]; x2 = this.switchEndianness(M[offset + 2]) ^ this.gSubKeys[2]; x3 = this.switchEndianness(M[offset + 3]) ^ this.gSubKeys[3]; k = 8; for (r = _i = 0; _i < 16; r = _i += 2) { t0 = this.Fe32_0(x0); t1 = this.Fe32_3(x1); x2 ^= t0 + t1 + this.gSubKeys[k++]; x2 = x2 >>> 1 | x2 << 31; x3 = (x3 << 1 | x3 >>> 31) ^ (t0 + 2 * t1 + this.gSubKeys[k++]); t0 = this.Fe32_0(x2); t1 = this.Fe32_3(x3); x0 ^= t0 + t1 + this.gSubKeys[k++]; x0 = x0 >>> 1 | x0 << 31; x1 = (x1 << 1 | x1 >>> 31) ^ (t0 + 2 * t1 + this.gSubKeys[k++]); } M[offset] = this.switchEndianness(x2 ^ this.gSubKeys[4]); M[offset + 1] = this.switchEndianness(x3 ^ this.gSubKeys[5]); M[offset + 2] = this.switchEndianness(x0 ^ this.gSubKeys[6]); return M[offset + 3] = this.switchEndianness(x1 ^ this.gSubKeys[7]); }; return TwoFish; })(BlockCipher); }).call(this);