suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8728db2b08
fork-openpgpjs/src/crypto/cfb.js

319 lines
11 KiB
JavaScript
Raw Blame History

// Modified by ProtonTech AG
// Modified by Recurity Labs GmbH
// modified version of http://www.hanewin.net/encrypt/PGdecode.js:
/* OpenPGP encryption using RSA/AES
* Copyright 2005-2006 Herbert Hanewinkel, www.haneWIN.de
* version 2.0, check www.haneWIN.de for the latest version
* This software is provided as-is, without express or implied warranty.
* Permission to use, copy, modify, distribute or sell this software, with or
* without fee, for any purpose and by any individual or organization, is hereby
* granted, provided that the above copyright notice and this paragraph appear
* in all copies. Distribution as a part of an application or binary must
* include the above copyright notice in the documentation and/or other
* materials provided with the application or distribution.
*/
/**
* @requires crypto/cipher
* @module crypto/cfb
*/
'use strict';
import cipher from './cipher';
export default {
/**
* This function encrypts a given with the specified prefixrandom
* using the specified blockcipher to encrypt a message
* @param {Uint8Array} prefixrandom random bytes of block_size length
* to be used in prefixing the data
* @param {String} cipherfn the algorithm cipher class to encrypt
* data in one block_size encryption, {@link module:crypto/cipher}.
* @param {Uint8Array} plaintext data to be encrypted
* @param {Uint8Array} key key to be used to encrypt the plaintext.
* This will be passed to the cipherfn
* @param {Boolean} resync a boolean value specifying if a resync of the
* IV should be used or not. The encrypteddatapacket uses the
* "old" style with a resync. Encryption within an
* encryptedintegrityprotecteddata packet is not resyncing the IV.
* @return {Uint8Array} encrypted data
*/
encrypt: function(prefixrandom, cipherfn, plaintext, key, resync) {
cipherfn = new cipher[cipherfn](key);
var block_size = cipherfn.blockSize;
var FR = new Uint8Array(block_size);
var FRE = new Uint8Array(block_size);
var new_prefix = new Uint8Array(prefixrandom.length+2);
new_prefix.set(prefixrandom);
new_prefix[prefixrandom.length] = prefixrandom[block_size-2];
new_prefix[prefixrandom.length+1] = prefixrandom[block_size-1];
prefixrandom = new_prefix;
var ciphertext = new Uint8Array(plaintext.length + 2 + block_size * 2);
var i, n, begin;
var offset = resync ? 0 : 2;
// 1. The feedback register (FR) is set to the IV, which is all zeros.
for (i = 0; i < block_size; i++) {
FR[i] = 0;
}
// 2. FR is encrypted to produce FRE (FR Encrypted). This is the
// encryption of an all-zero value.
FRE = cipherfn.encrypt(FR);
// 3. FRE is xored with the first BS octets of random data prefixed to
// the plaintext to produce C[1] through C[BS], the first BS octets
// of ciphertext.
for (i = 0; i < block_size; i++) {
ciphertext[i] = FRE[i] ^ prefixrandom[i];
}
// 4. FR is loaded with C[1] through C[BS].
FR.set(ciphertext.subarray(0, block_size));
// 5. FR is encrypted to produce FRE, the encryption of the first BS
// octets of ciphertext.
FRE = cipherfn.encrypt(FR);
// 6. The left two octets of FRE get xored with the next two octets of
// data that were prefixed to the plaintext. This produces C[BS+1]
// and C[BS+2], the next two octets of ciphertext.
ciphertext[block_size] = FRE[0] ^ prefixrandom[block_size];
ciphertext[block_size + 1] = FRE[1] ^ prefixrandom[block_size + 1];
if (resync) {
// 7. (The resync step) FR is loaded with C[3] through C[BS+2].
FR.set(ciphertext.subarray(2, block_size + 2));
} else {
FR.set(ciphertext.subarray(0, block_size));
}
// 8. FR is encrypted to produce FRE.
FRE = cipherfn.encrypt(FR);
// 9. FRE is xored with the first BS octets of the given plaintext, now
// that we have finished encrypting the BS+2 octets of prefixed
// data. This produces C[BS+3] through C[BS+(BS+2)], the next BS
// octets of ciphertext.
for (i = 0; i < block_size; i++) {
ciphertext[block_size + 2 + i] = FRE[i + offset] ^ plaintext[i];
}
for (n = block_size; n < plaintext.length + offset; n += block_size) {
// 10. FR is loaded with C[BS+3] to C[BS + (BS+2)] (which is C11-C18 for
// an 8-octet block).
begin = n + 2 - offset;
FR.set(ciphertext.subarray(begin, begin + block_size));
// 11. FR is encrypted to produce FRE.
FRE = cipherfn.encrypt(FR);
// 12. FRE is xored with the next BS octets of plaintext, to produce
// the next BS octets of ciphertext. These are loaded into FR, and
// the process is repeated until the plaintext is used up.
for (i = 0; i < block_size; i++) {
ciphertext[block_size + begin + i] = FRE[i] ^ plaintext[n + i - offset];
}
}
ciphertext = ciphertext.subarray(0, plaintext.length + 2 + block_size);
return ciphertext;
},
/**
* Decrypts the prefixed data for the Modification Detection Code (MDC) computation
* @param {String} cipherfn.encrypt Cipher function to use,
* @see module:crypto/cipher.
* @param {Uint8Array} key Uint8Array representation of key to be used to check the mdc
* This will be passed to the cipherfn
* @param {Uint8Array} ciphertext The encrypted data
* @return {Uint8Array} plaintext Data of D(ciphertext) with blocksize length +2
*/
mdc: function(cipherfn, key, ciphertext) {
cipherfn = new cipher[cipherfn](key);
var block_size = cipherfn.blockSize;
var iblock = new Uint8Array(block_size);
var ablock = new Uint8Array(block_size);
var i;
// initialisation vector
for (i = 0; i < block_size; i++) {
iblock[i] = 0;
}
iblock = cipherfn.encrypt(iblock);
for (i = 0; i < block_size; i++) {
ablock[i] = ciphertext[i];
iblock[i] ^= ablock[i];
}
ablock = cipherfn.encrypt(ablock);
var result = new Uint8Array(iblock.length + 2);
result.set(iblock);
result[iblock.length] = ablock[0] ^ ciphertext[block_size];
result[iblock.length + 1] = ablock[1] ^ ciphertext[block_size + 1];
return result;
},
/**
* This function decrypts a given plaintext using the specified
* blockcipher to decrypt a message
* @param {String} cipherfn the algorithm cipher class to decrypt
* data in one block_size encryption, {@link module:crypto/cipher}.
* @param {Uint8Array} key Uint8Array representation of key to be used to decrypt the ciphertext.
* This will be passed to the cipherfn
* @param {Uint8Array} ciphertext to be decrypted
* @param {Boolean} resync a boolean value specifying if a resync of the
* IV should be used or not. The encrypteddatapacket uses the
* "old" style with a resync. Decryption within an
* encryptedintegrityprotecteddata packet is not resyncing the IV.
* @return {Uint8Array} the plaintext data
*/
decrypt: function(cipherfn, key, ciphertext, resync) {
cipherfn = new cipher[cipherfn](key);
var block_size = cipherfn.blockSize;
var iblock = new Uint8Array(block_size);
var ablock = new Uint8Array(block_size);
var i, j, n;
var text = new Uint8Array(ciphertext.length - block_size);
// initialisation vector
for (i = 0; i < block_size; i++) {
iblock[i] = 0;
}
iblock = cipherfn.encrypt(iblock);
for (i = 0; i < block_size; i++) {
ablock[i] = ciphertext[i];
iblock[i] ^= ablock[i];
}
ablock = cipherfn.encrypt(ablock);
// test check octets
if (iblock[block_size - 2] !== (ablock[0] ^ ciphertext[block_size]) ||
iblock[block_size - 1] !== (ablock[1] ^ ciphertext[block_size + 1])) {
throw new Error('CFB decrypt: invalid key');
}
/* RFC4880: Tag 18 and Resync:
* [...] Unlike the Symmetrically Encrypted Data Packet, no
* special CFB resynchronization is done after encrypting this prefix
* data. See "OpenPGP CFB Mode" below for more details.
*/
j = 0;
if (resync) {
for (i = 0; i < block_size; i++) {
iblock[i] = ciphertext[i + 2];
}
for (n = block_size + 2; n < ciphertext.length; n += block_size) {
ablock = cipherfn.encrypt(iblock);
for (i = 0; i < block_size && i + n < ciphertext.length; i++) {
iblock[i] = ciphertext[n + i];
if(j < text.length) {
text[j] = ablock[i] ^ iblock[i];
j++;
}
}
}
} else {
for (i = 0; i < block_size; i++) {
iblock[i] = ciphertext[i];
}
for (n = block_size; n < ciphertext.length; n += block_size) {
ablock = cipherfn.encrypt(iblock);
for (i = 0; i < block_size && i + n < ciphertext.length; i++) {
iblock[i] = ciphertext[n + i];
if(j < text.length) {
text[j] = ablock[i] ^ iblock[i];
j++;
}
}
}
}
n = resync ? 0 : 2;
text = text.subarray(n, ciphertext.length - block_size - 2 + n);
return text;
},
normalEncrypt: function(cipherfn, key, plaintext, iv) {
cipherfn = new cipher[cipherfn](key);
var block_size = cipherfn.blockSize;
var blocki = new Uint8Array(block_size);
var blockc = new Uint8Array(block_size);
var pos = 0;
var cyphertext = new Uint8Array(plaintext.length);
var i, j = 0;
if (iv === null) {
for (i = 0; i < block_size; i++) {
blockc[i] = 0;
}
}
else {
for (i = 0; i < block_size; i++) {
blockc[i] = iv[i];
}
}
while (plaintext.length > block_size * pos) {
var encblock = cipherfn.encrypt(blockc);
blocki = plaintext.subarray((pos * block_size), (pos * block_size) + block_size);
for (i = 0; i < blocki.length; i++) {
blockc[i] = blocki[i] ^ encblock[i];
cyphertext[j++] = blockc[i];
}
pos++;
}
return cyphertext;
},
normalDecrypt: function(cipherfn, key, ciphertext, iv) {
cipherfn = new cipher[cipherfn](key);
var block_size = cipherfn.blockSize;
var blockp;
var pos = 0;
var plaintext = new Uint8Array(ciphertext.length);
var offset = 0;
var i, j = 0;
if (iv === null) {
blockp = new Uint8Array(block_size);
for (i = 0; i < block_size; i++) {
blockp[i] = 0;
}
}
else {
blockp = iv.subarray(0, block_size);
}
while (ciphertext.length > (block_size * pos)) {
var decblock = cipherfn.encrypt(blockp);
blockp = ciphertext.subarray((pos * (block_size)) + offset, (pos * (block_size)) + (block_size) + offset);
for (i = 0; i < blockp.length; i++) {
plaintext[j++] = blockp[i] ^ decblock[i];
}
pos++;
}
return plaintext;
}
};
Reference in New Issue View Git Blame Copy Permalink