corrade-nucleus-nucleons – Blame information for rev 20
?pathlinks?
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 20 | office | 1 | /*!
|
| 2 | * Crypto-JS contribution from Simon Greatrix
|
||
| 3 | */ |
||
| 4 | |||
| 5 | (function(){ |
||
| 6 | |||
| 7 | var C = (typeof window === 'undefined') ? require('./Crypto').Crypto : window.Crypto; |
||
| 8 | |||
| 9 | // Create pad namespace
|
||
| 10 | var C_pad = C.pad = {}; |
||
| 11 | |||
| 12 | // Calculate the number of padding bytes required.
|
||
| 13 | function _requiredPadding(cipher, message) { |
||
| 14 | var blockSizeInBytes = cipher._blocksize * 4; |
||
| 15 | var reqd = blockSizeInBytes - message.length % blockSizeInBytes; |
||
| 16 | return reqd; |
||
| 17 | }; |
||
| 18 | |||
| 19 | // Remove padding when the final byte gives the number of padding bytes.
|
||
| 20 | var _unpadLength = function (message) { |
||
| 21 | var pad = message.pop(); |
||
| 22 | for (var i = 1; i < pad; i++) { |
||
| 23 | message.pop(); |
||
| 24 | } |
||
| 25 | }; |
||
| 26 | |||
| 27 | // No-operation padding, used for stream ciphers
|
||
| 28 | C_pad.NoPadding = { |
||
| 29 | pad : function (cipher,message) {}, |
||
| 30 | unpad : function (message) {} |
||
| 31 | }; |
||
| 32 | |||
| 33 | // Zero Padding.
|
||
| 34 | //
|
||
| 35 | // If the message is not an exact number of blocks, the final block is
|
||
| 36 | // completed with 0x00 bytes. There is no unpadding.
|
||
| 37 | C_pad.ZeroPadding = { |
||
| 38 | pad : function (cipher, message) { |
||
| 39 | var blockSizeInBytes = cipher._blocksize * 4; |
||
| 40 | var reqd = message.length % blockSizeInBytes; |
||
| 41 | if( reqd!=0 ) { |
||
| 42 | for(reqd = blockSizeInBytes - reqd; reqd>0; reqd--) { |
||
| 43 | message.push(0x00); |
||
| 44 | } |
||
| 45 | } |
||
| 46 | }, |
||
| 47 | |||
| 48 | unpad : function (message) {} |
||
| 49 | }; |
||
| 50 | |||
| 51 | // ISO/IEC 7816-4 padding.
|
||
| 52 | //
|
||
| 53 | // Pads the plain text with an 0x80 byte followed by as many 0x00
|
||
| 54 | // bytes are required to complete the block.
|
||
| 55 | C_pad.iso7816 = { |
||
| 56 | pad : function (cipher, message) { |
||
| 57 | var reqd = _requiredPadding(cipher, message); |
||
| 58 | message.push(0x80); |
||
| 59 | for (; reqd > 1; reqd--) { |
||
| 60 | message.push(0x00); |
||
| 61 | } |
||
| 62 | }, |
||
| 63 | |||
| 64 | unpad : function (message) { |
||
| 65 | while (message.pop() != 0x80) {} |
||
| 66 | } |
||
| 67 | }; |
||
| 68 | |||
| 69 | // ANSI X.923 padding
|
||
| 70 | //
|
||
| 71 | // The final block is padded with zeros except for the last byte of the
|
||
| 72 | // last block which contains the number of padding bytes.
|
||
| 73 | C_pad.ansix923 = { |
||
| 74 | pad : function (cipher, message) { |
||
| 75 | var reqd = _requiredPadding(cipher, message); |
||
| 76 | for (var i = 1; i < reqd; i++) { |
||
| 77 | message.push(0x00); |
||
| 78 | } |
||
| 79 | message.push(reqd); |
||
| 80 | }, |
||
| 81 | |||
| 82 | unpad : _unpadLength |
||
| 83 | }; |
||
| 84 | |||
| 85 | // ISO 10126
|
||
| 86 | //
|
||
| 87 | // The final block is padded with random bytes except for the last
|
||
| 88 | // byte of the last block which contains the number of padding bytes.
|
||
| 89 | C_pad.iso10126 = { |
||
| 90 | pad : function (cipher, message) { |
||
| 91 | var reqd = _requiredPadding(cipher, message); |
||
| 92 | for (var i = 1; i < reqd; i++) { |
||
| 93 | message.push(Math.floor(Math.random() * 256)); |
||
| 94 | } |
||
| 95 | message.push(reqd); |
||
| 96 | }, |
||
| 97 | |||
| 98 | unpad : _unpadLength |
||
| 99 | }; |
||
| 100 | |||
| 101 | // PKCS7 padding
|
||
| 102 | //
|
||
| 103 | // PKCS7 is described in RFC 5652. Padding is in whole bytes. The
|
||
| 104 | // value of each added byte is the number of bytes that are added,
|
||
| 105 | // i.e. N bytes, each of value N are added.
|
||
| 106 | C_pad.pkcs7 = { |
||
| 107 | pad : function (cipher, message) { |
||
| 108 | var reqd = _requiredPadding(cipher, message); |
||
| 109 | for (var i = 0; i < reqd; i++) { |
||
| 110 | message.push(reqd); |
||
| 111 | } |
||
| 112 | }, |
||
| 113 | |||
| 114 | unpad : _unpadLength |
||
| 115 | }; |
||
| 116 | |||
| 117 | // Create mode namespace
|
||
| 118 | var C_mode = C.mode = {}; |
||
| 119 | |||
| 120 | /**
|
||
| 121 | * Mode base "class".
|
||
| 122 | */ |
||
| 123 | var Mode = C_mode.Mode = function (padding) { |
||
| 124 | if (padding) { |
||
| 125 | this._padding = padding; |
||
| 126 | } |
||
| 127 | }; |
||
| 128 | |||
| 129 | Mode.prototype = { |
||
| 130 | encrypt: function (cipher, m, iv) { |
||
| 131 | this._padding.pad(cipher, m); |
||
| 132 | this._doEncrypt(cipher, m, iv); |
||
| 133 | }, |
||
| 134 | |||
| 135 | decrypt: function (cipher, m, iv) { |
||
| 136 | this._doDecrypt(cipher, m, iv); |
||
| 137 | this._padding.unpad(m); |
||
| 138 | }, |
||
| 139 | |||
| 140 | // Default padding
|
||
| 141 | _padding: C_pad.iso7816 |
||
| 142 | }; |
||
| 143 | |||
| 144 | |||
| 145 | /**
|
||
| 146 | * Electronic Code Book mode.
|
||
| 147 | *
|
||
| 148 | * ECB applies the cipher directly against each block of the input.
|
||
| 149 | *
|
||
| 150 | * ECB does not require an initialization vector.
|
||
| 151 | */ |
||
| 152 | var ECB = C_mode.ECB = function () { |
||
| 153 | // Call parent constructor
|
||
| 154 | Mode.apply(this, arguments); |
||
| 155 | }; |
||
| 156 | |||
| 157 | // Inherit from Mode
|
||
| 158 | var ECB_prototype = ECB.prototype = new Mode; |
||
| 159 | |||
| 160 | // Concrete steps for Mode template
|
||
| 161 | ECB_prototype._doEncrypt = function (cipher, m, iv) { |
||
| 162 | var blockSizeInBytes = cipher._blocksize * 4; |
||
| 163 | // Encrypt each block
|
||
| 164 | for (var offset = 0; offset < m.length; offset += blockSizeInBytes) { |
||
| 165 | cipher._encryptblock(m, offset); |
||
| 166 | } |
||
| 167 | }; |
||
| 168 | ECB_prototype._doDecrypt = function (cipher, c, iv) { |
||
| 169 | var blockSizeInBytes = cipher._blocksize * 4; |
||
| 170 | // Decrypt each block
|
||
| 171 | for (var offset = 0; offset < c.length; offset += blockSizeInBytes) { |
||
| 172 | cipher._decryptblock(c, offset); |
||
| 173 | } |
||
| 174 | }; |
||
| 175 | |||
| 176 | // ECB never uses an IV
|
||
| 177 | ECB_prototype.fixOptions = function (options) { |
||
| 178 | options.iv = []; |
||
| 179 | }; |
||
| 180 | |||
| 181 | |||
| 182 | /**
|
||
| 183 | * Cipher block chaining
|
||
| 184 | *
|
||
| 185 | * The first block is XORed with the IV. Subsequent blocks are XOR with the
|
||
| 186 | * previous cipher output.
|
||
| 187 | */ |
||
| 188 | var CBC = C_mode.CBC = function () { |
||
| 189 | // Call parent constructor
|
||
| 190 | Mode.apply(this, arguments); |
||
| 191 | }; |
||
| 192 | |||
| 193 | // Inherit from Mode
|
||
| 194 | var CBC_prototype = CBC.prototype = new Mode; |
||
| 195 | |||
| 196 | // Concrete steps for Mode template
|
||
| 197 | CBC_prototype._doEncrypt = function (cipher, m, iv) { |
||
| 198 | var blockSizeInBytes = cipher._blocksize * 4; |
||
| 199 | |||
| 200 | // Encrypt each block
|
||
| 201 | for (var offset = 0; offset < m.length; offset += blockSizeInBytes) { |
||
| 202 | if (offset == 0) { |
||
| 203 | // XOR first block using IV
|
||
| 204 | for (var i = 0; i < blockSizeInBytes; i++) |
||
| 205 | m[i] ^= iv[i]; |
||
| 206 | } else { |
||
| 207 | // XOR this block using previous crypted block
|
||
| 208 | for (var i = 0; i < blockSizeInBytes; i++) |
||
| 209 | m[offset + i] ^= m[offset + i - blockSizeInBytes]; |
||
| 210 | } |
||
| 211 | // Encrypt block
|
||
| 212 | cipher._encryptblock(m, offset); |
||
| 213 | } |
||
| 214 | }; |
||
| 215 | CBC_prototype._doDecrypt = function (cipher, c, iv) { |
||
| 216 | var blockSizeInBytes = cipher._blocksize * 4; |
||
| 217 | |||
| 218 | // At the start, the previously crypted block is the IV
|
||
| 219 | var prevCryptedBlock = iv; |
||
| 220 | |||
| 221 | // Decrypt each block
|
||
| 222 | for (var offset = 0; offset < c.length; offset += blockSizeInBytes) { |
||
| 223 | // Save this crypted block
|
||
| 224 | var thisCryptedBlock = c.slice(offset, offset + blockSizeInBytes); |
||
| 225 | // Decrypt block
|
||
| 226 | cipher._decryptblock(c, offset); |
||
| 227 | // XOR decrypted block using previous crypted block
|
||
| 228 | for (var i = 0; i < blockSizeInBytes; i++) { |
||
| 229 | c[offset + i] ^= prevCryptedBlock[i]; |
||
| 230 | } |
||
| 231 | prevCryptedBlock = thisCryptedBlock; |
||
| 232 | } |
||
| 233 | }; |
||
| 234 | |||
| 235 | |||
| 236 | /**
|
||
| 237 | * Cipher feed back
|
||
| 238 | *
|
||
| 239 | * The cipher output is XORed with the plain text to produce the cipher output,
|
||
| 240 | * which is then fed back into the cipher to produce a bit pattern to XOR the
|
||
| 241 | * next block with.
|
||
| 242 | *
|
||
| 243 | * This is a stream cipher mode and does not require padding.
|
||
| 244 | */ |
||
| 245 | var CFB = C_mode.CFB = function () { |
||
| 246 | // Call parent constructor
|
||
| 247 | Mode.apply(this, arguments); |
||
| 248 | }; |
||
| 249 | |||
| 250 | // Inherit from Mode
|
||
| 251 | var CFB_prototype = CFB.prototype = new Mode; |
||
| 252 | |||
| 253 | // Override padding
|
||
| 254 | CFB_prototype._padding = C_pad.NoPadding; |
||
| 255 | |||
| 256 | // Concrete steps for Mode template
|
||
| 257 | CFB_prototype._doEncrypt = function (cipher, m, iv) { |
||
| 258 | var blockSizeInBytes = cipher._blocksize * 4, |
||
| 259 | keystream = iv.slice(0); |
||
| 260 | |||
| 261 | // Encrypt each byte
|
||
| 262 | for (var i = 0; i < m.length; i++) { |
||
| 263 | |||
| 264 | var j = i % blockSizeInBytes; |
||
| 265 | if (j == 0) cipher._encryptblock(keystream, 0); |
||
| 266 | |||
| 267 | m[i] ^= keystream[j]; |
||
| 268 | keystream[j] = m[i]; |
||
| 269 | } |
||
| 270 | }; |
||
| 271 | CFB_prototype._doDecrypt = function (cipher, c, iv) { |
||
| 272 | var blockSizeInBytes = cipher._blocksize * 4, |
||
| 273 | keystream = iv.slice(0); |
||
| 274 | |||
| 275 | // Encrypt each byte
|
||
| 276 | for (var i = 0; i < c.length; i++) { |
||
| 277 | |||
| 278 | var j = i % blockSizeInBytes; |
||
| 279 | if (j == 0) cipher._encryptblock(keystream, 0); |
||
| 280 | |||
| 281 | var b = c[i]; |
||
| 282 | c[i] ^= keystream[j]; |
||
| 283 | keystream[j] = b; |
||
| 284 | } |
||
| 285 | }; |
||
| 286 | |||
| 287 | |||
| 288 | /**
|
||
| 289 | * Output feed back
|
||
| 290 | *
|
||
| 291 | * The cipher repeatedly encrypts its own output. The output is XORed with the
|
||
| 292 | * plain text to produce the cipher text.
|
||
| 293 | *
|
||
| 294 | * This is a stream cipher mode and does not require padding.
|
||
| 295 | */ |
||
| 296 | var OFB = C_mode.OFB = function () { |
||
| 297 | // Call parent constructor
|
||
| 298 | Mode.apply(this, arguments); |
||
| 299 | }; |
||
| 300 | |||
| 301 | // Inherit from Mode
|
||
| 302 | var OFB_prototype = OFB.prototype = new Mode; |
||
| 303 | |||
| 304 | // Override padding
|
||
| 305 | OFB_prototype._padding = C_pad.NoPadding; |
||
| 306 | |||
| 307 | // Concrete steps for Mode template
|
||
| 308 | OFB_prototype._doEncrypt = function (cipher, m, iv) { |
||
| 309 | |||
| 310 | var blockSizeInBytes = cipher._blocksize * 4, |
||
| 311 | keystream = iv.slice(0); |
||
| 312 | |||
| 313 | // Encrypt each byte
|
||
| 314 | for (var i = 0; i < m.length; i++) { |
||
| 315 | |||
| 316 | // Generate keystream
|
||
| 317 | if (i % blockSizeInBytes == 0) |
||
| 318 | cipher._encryptblock(keystream, 0); |
||
| 319 | |||
| 320 | // Encrypt byte
|
||
| 321 | m[i] ^= keystream[i % blockSizeInBytes]; |
||
| 322 | |||
| 323 | } |
||
| 324 | }; |
||
| 325 | OFB_prototype._doDecrypt = OFB_prototype._doEncrypt; |
||
| 326 | |||
| 327 | /**
|
||
| 328 | * Counter
|
||
| 329 | * @author Gergely Risko
|
||
| 330 | *
|
||
| 331 | * After every block the last 4 bytes of the IV is increased by one
|
||
| 332 | * with carry and that IV is used for the next block.
|
||
| 333 | *
|
||
| 334 | * This is a stream cipher mode and does not require padding.
|
||
| 335 | */ |
||
| 336 | var CTR = C_mode.CTR = function () { |
||
| 337 | // Call parent constructor
|
||
| 338 | Mode.apply(this, arguments); |
||
| 339 | }; |
||
| 340 | |||
| 341 | // Inherit from Mode
|
||
| 342 | var CTR_prototype = CTR.prototype = new Mode; |
||
| 343 | |||
| 344 | // Override padding
|
||
| 345 | CTR_prototype._padding = C_pad.NoPadding; |
||
| 346 | |||
| 347 | CTR_prototype._doEncrypt = function (cipher, m, iv) { |
||
| 348 | var blockSizeInBytes = cipher._blocksize * 4; |
||
| 349 | var counter = iv.slice(0); |
||
| 350 | |||
| 351 | for (var i = 0; i < m.length;) { |
||
| 352 | // do not lose iv
|
||
| 353 | var keystream = counter.slice(0); |
||
| 354 | |||
| 355 | // Generate keystream for next block
|
||
| 356 | cipher._encryptblock(keystream, 0); |
||
| 357 | |||
| 358 | // XOR keystream with block
|
||
| 359 | for (var j = 0; i < m.length && j < blockSizeInBytes; j++, i++) { |
||
| 360 | m[i] ^= keystream[j]; |
||
| 361 | } |
||
| 362 | |||
| 363 | // Increase counter
|
||
| 364 | if(++(counter[blockSizeInBytes-1]) == 256) { |
||
| 365 | counter[blockSizeInBytes-1] = 0; |
||
| 366 | if(++(counter[blockSizeInBytes-2]) == 256) { |
||
| 367 | counter[blockSizeInBytes-2] = 0; |
||
| 368 | if(++(counter[blockSizeInBytes-3]) == 256) { |
||
| 369 | counter[blockSizeInBytes-3] = 0; |
||
| 370 | ++(counter[blockSizeInBytes-4]); |
||
| 371 | } |
||
| 372 | } |
||
| 373 | } |
||
| 374 | } |
||
| 375 | }; |
||
| 376 | CTR_prototype._doDecrypt = CTR_prototype._doEncrypt; |
||
| 377 | |||
| 378 | })(); |