[Pkg-javascript-commits] [node-browserify-aes] 15/43: use safe-buffer
Bastien Roucariès
rouca at moszumanska.debian.org
Thu Sep 7 14:41:57 UTC 2017
This is an automated email from the git hooks/post-receive script.
rouca pushed a commit to branch master
in repository node-browserify-aes.
commit 77dd35c6138fd0baa14ef139febc8c1de3b1fe66
Author: Daniel Cousens <github at dcousens.com>
Date: Fri May 19 12:40:30 2017 +1000
use safe-buffer
---
authCipher.js | 71 +++++++++++++++++++++++++++------------------------------
decrypter.js | 22 +++++++++---------
encrypter.js | 44 ++++++++++++++++++++---------------
ghash.js | 29 ++++++++++++++---------
modes/cfb.js | 20 ++++++++--------
modes/cfb1.js | 26 +++++++++++++--------
modes/cfb8.js | 12 ++++++++--
modes/ecb.js | 1 +
package.json | 3 ++-
streamCipher.js | 21 +++++++++--------
10 files changed, 140 insertions(+), 109 deletions(-)
diff --git a/authCipher.js b/authCipher.js
index 1107a01..6d01891 100644
--- a/authCipher.js
+++ b/authCipher.js
@@ -1,4 +1,5 @@
var aes = require('./aes')
+var Buffer = require('safe-buffer').Buffer
var Transform = require('cipher-base')
var inherits = require('inherits')
var GHASH = require('./ghash')
@@ -7,32 +8,32 @@ inherits(StreamCipher, Transform)
module.exports = StreamCipher
function StreamCipher (mode, key, iv, decrypt) {
- if (!(this instanceof StreamCipher)) {
- return new StreamCipher(mode, key, iv)
- }
+ if (!(this instanceof StreamCipher)) return new StreamCipher(mode, key, iv)
Transform.call(this)
- this._finID = Buffer.concat([iv, new Buffer([0, 0, 0, 1])])
- iv = Buffer.concat([iv, new Buffer([0, 0, 0, 2])])
+
+ this._finID = Buffer.concat([iv, Buffer.from([0, 0, 0, 1])])
+ iv = Buffer.concat([iv, Buffer.from([0, 0, 0, 2])])
+
this._cipher = new aes.AES(key)
- this._prev = new Buffer(iv.length)
- this._cache = new Buffer('')
- this._secCache = new Buffer('')
+ this._prev = Buffer.from(iv)
+ this._cache = Buffer.allocUnsafe(0)
+ this._secCache = Buffer.allocUnsafe(0)
this._decrypt = decrypt
this._alen = 0
this._len = 0
- iv.copy(this._prev)
this._mode = mode
- var h = new Buffer(4)
- h.fill(0)
+
+ var h = Buffer.alloc(4, 0)
this._ghash = new GHASH(this._cipher.encryptBlock(h))
this._authTag = null
this._called = false
}
+
StreamCipher.prototype._update = function (chunk) {
if (!this._called && this._alen) {
var rump = 16 - (this._alen % 16)
if (rump < 16) {
- rump = new Buffer(rump)
+ rump = Buffer.from(rump)
rump.fill(0)
this._ghash.update(rump)
}
@@ -47,42 +48,36 @@ StreamCipher.prototype._update = function (chunk) {
this._len += chunk.length
return out
}
+
StreamCipher.prototype._final = function () {
- if (this._decrypt && !this._authTag) {
- throw new Error('Unsupported state or unable to authenticate data')
- }
+ if (this._decrypt && !this._authTag) throw new Error('Unsupported state or unable to authenticate data')
+
var tag = xor(this._ghash.final(this._alen * 8, this._len * 8), this._cipher.encryptBlock(this._finID))
- if (this._decrypt) {
- if (xorTest(tag, this._authTag)) {
- throw new Error('Unsupported state or unable to authenticate data')
- }
- } else {
- this._authTag = tag
- }
+ if (this._decrypt && xorTest(tag, this._authTag)) throw new Error('Unsupported state or unable to authenticate data')
+
+ this._authTag = tag
this._cipher.scrub()
}
+
StreamCipher.prototype.getAuthTag = function getAuthTag () {
- if (!this._decrypt && Buffer.isBuffer(this._authTag)) {
- return this._authTag
- } else {
- throw new Error('Attempting to get auth tag in unsupported state')
- }
+ if (this._decrypt || !Buffer.isBuffer(this._authTag)) throw new Error('Attempting to get auth tag in unsupported state')
+
+ return this._authTag
}
+
StreamCipher.prototype.setAuthTag = function setAuthTag (tag) {
- if (this._decrypt) {
- this._authTag = tag
- } else {
- throw new Error('Attempting to set auth tag in unsupported state')
- }
+ if (!this._decrypt) throw new Error('Attempting to set auth tag in unsupported state')
+
+ this._authTag = tag
}
+
StreamCipher.prototype.setAAD = function setAAD (buf) {
- if (!this._called) {
- this._ghash.update(buf)
- this._alen += buf.length
- } else {
- throw new Error('Attempting to set AAD in unsupported state')
- }
+ if (this._called) throw new Error('Attempting to set AAD in unsupported state')
+
+ this._ghash.update(buf)
+ this._alen += buf.length
}
+
function xorTest (a, b) {
var out = 0
if (a.length !== b.length) {
diff --git a/decrypter.js b/decrypter.js
index 0a33aec..37ae849 100644
--- a/decrypter.js
+++ b/decrypter.js
@@ -15,8 +15,7 @@ function Decipher (mode, key, iv) {
this._cache = new Splitter()
this._last = void 0
this._cipher = new aes.AES(key)
- this._prev = new Buffer(iv.length)
- iv.copy(this._prev)
+ this._prev = Buffer.from(iv)
this._mode = mode
this._autopadding = true
}
@@ -43,12 +42,11 @@ Decipher.prototype.setAutoPadding = function (setTo) {
this._autopadding = !!setTo
return this
}
+
function Splitter () {
- if (!(this instanceof Splitter)) {
- return new Splitter()
- }
- this.cache = new Buffer('')
+ this.cache = Buffer.allocUnsafe(0)
}
+
Splitter.prototype.add = function (data) {
this.cache = Buffer.concat([this.cache, data])
}
@@ -68,13 +66,16 @@ Splitter.prototype.get = function (autoPadding) {
return out
}
}
+
return null
}
+
Splitter.prototype.flush = function () {
if (this.cache.length) {
return this.cache
}
}
+
function unpad (last) {
var padded = last[15]
var i = -1
@@ -83,9 +84,8 @@ function unpad (last) {
throw new Error('unable to decrypt data')
}
}
- if (padded === 16) {
- return
- }
+ if (padded === 16) return
+
return last.slice(0, 16 - padded)
}
@@ -106,10 +106,10 @@ function createDecipheriv (suite, password, iv) {
throw new TypeError('invalid suite type')
}
if (typeof iv === 'string') {
- iv = new Buffer(iv)
+ iv = Buffer.from(iv)
}
if (typeof password === 'string') {
- password = new Buffer(password)
+ password = Buffer.from(password)
}
if (password.length !== config.key / 8) {
throw new TypeError('invalid key length ' + password.length)
diff --git a/encrypter.js b/encrypter.js
index e309f32..0a92179 100644
--- a/encrypter.js
+++ b/encrypter.js
@@ -1,34 +1,38 @@
-var aes = require('./aes')
+var AuthCipher = require('./authCipher')
+var Buffer = require('safe-buffer').Buffer
+var StreamCipher = require('./streamCipher')
var Transform = require('cipher-base')
+var aes = require('./aes')
+var ebtk = require('evp_bytestokey')
var inherits = require('inherits')
var modes = require('./modes.json')
-var ebtk = require('evp_bytestokey')
-var StreamCipher = require('./streamCipher')
-var AuthCipher = require('./authCipher')
-inherits(Cipher, Transform)
+
function Cipher (mode, key, iv) {
- if (!(this instanceof Cipher)) {
- return new Cipher(mode, key, iv)
- }
+ if (!(this instanceof Cipher)) return new Cipher(mode, key, iv)
Transform.call(this)
+
this._cache = new Splitter()
this._cipher = new aes.AES(key)
- this._prev = new Buffer(iv.length)
- iv.copy(this._prev)
+ this._prev = Buffer.from(iv)
this._mode = mode
this._autopadding = true
}
+inherits(Cipher, Transform)
+
Cipher.prototype._update = function (data) {
this._cache.add(data)
var chunk
var thing
var out = []
+
while ((chunk = this._cache.get())) {
thing = this._mode.encrypt(this, chunk)
out.push(thing)
}
+
return Buffer.concat(out)
}
+
Cipher.prototype._final = function () {
var chunk = this._cache.flush()
if (this._autopadding) {
@@ -40,17 +44,16 @@ Cipher.prototype._final = function () {
throw new Error('data not multiple of block length')
}
}
+
Cipher.prototype.setAutoPadding = function (setTo) {
this._autopadding = !!setTo
return this
}
function Splitter () {
- if (!(this instanceof Splitter)) {
- return new Splitter()
- }
- this.cache = new Buffer('')
+ this.cache = Buffer.allocUnsafe(0)
}
+
Splitter.prototype.add = function (data) {
this.cache = Buffer.concat([this.cache, data])
}
@@ -63,17 +66,19 @@ Splitter.prototype.get = function () {
}
return null
}
+
Splitter.prototype.flush = function () {
var len = 16 - this.cache.length
- var padBuff = new Buffer(len)
+ var padBuff = Buffer.allocUnsafe(len)
var i = -1
while (++i < len) {
padBuff.writeUInt8(len, i)
}
- var out = Buffer.concat([this.cache, padBuff])
- return out
+
+ return Buffer.concat([this.cache, padBuff])
}
+
var modelist = {
ECB: require('./modes/ecb'),
CBC: require('./modes/cbc'),
@@ -91,10 +96,10 @@ function createCipheriv (suite, password, iv) {
throw new TypeError('invalid suite type')
}
if (typeof iv === 'string') {
- iv = new Buffer(iv)
+ iv = Buffer.from(iv)
}
if (typeof password === 'string') {
- password = new Buffer(password)
+ password = Buffer.from(password)
}
if (password.length !== config.key / 8) {
throw new TypeError('invalid key length ' + password.length)
@@ -109,6 +114,7 @@ function createCipheriv (suite, password, iv) {
}
return new Cipher(modelist[config.mode], password, iv)
}
+
function createCipher (suite, password) {
var config = modes[suite.toLowerCase()]
if (!config) {
diff --git a/ghash.js b/ghash.js
index 0ca143c..12a961c 100644
--- a/ghash.js
+++ b/ghash.js
@@ -1,12 +1,12 @@
-var zeros = new Buffer(16)
-zeros.fill(0)
-module.exports = GHASH
+var Buffer = require('safe-buffer').Buffer
+var zeros = Buffer.alloc(16, 0)
+
function GHASH (key) {
this.h = key
- this.state = new Buffer(16)
- this.state.fill(0)
- this.cache = new Buffer('')
+ this.state = Buffer.alloc(16, 0)
+ this.cache = Buffer.allocUnsafe(0)
}
+
// from http://bitwiseshiftleft.github.io/sjcl/doc/symbols/src/core_gcm.js.html
// by Juho Vähä-Herttua
GHASH.prototype.ghash = function (block) {
@@ -20,17 +20,17 @@ GHASH.prototype.ghash = function (block) {
GHASH.prototype._multiply = function () {
var Vi = toArray(this.h)
var Zi = [0, 0, 0, 0]
- var j, xi, lsb_Vi
+ var j, xi, lsbVi
var i = -1
while (++i < 128) {
- xi = (this.state[~~(i / 8)] & (1 << (7 - i % 8))) !== 0
+ xi = (this.state[~~(i / 8)] & (1 << (7 - (i % 8)))) !== 0
if (xi) {
// Z_i+1 = Z_i ^ V_i
Zi = xor(Zi, Vi)
}
// Store the value of LSB(V_i)
- lsb_Vi = (Vi[3] & 1) !== 0
+ lsbVi = (Vi[3] & 1) !== 0
// V_i+1 = V_i >> 1
for (j = 3; j > 0; j--) {
@@ -39,12 +39,13 @@ GHASH.prototype._multiply = function () {
Vi[0] = Vi[0] >>> 1
// If LSB(V_i) is 1, V_i+1 = (V_i >> 1) ^ R
- if (lsb_Vi) {
+ if (lsbVi) {
Vi[0] = Vi[0] ^ (0xe1 << 24)
}
}
this.state = fromArray(Zi)
}
+
GHASH.prototype.update = function (buf) {
this.cache = Buffer.concat([this.cache, buf])
var chunk
@@ -54,6 +55,7 @@ GHASH.prototype.update = function (buf) {
this.ghash(chunk)
}
}
+
GHASH.prototype.final = function (abl, bl) {
if (this.cache.length) {
this.ghash(Buffer.concat([this.cache, zeros], 16))
@@ -73,21 +75,24 @@ function toArray (buf) {
buf.readUInt32BE(12)
]
}
+
function fromArray (out) {
out = out.map(fixup_uint32)
- var buf = new Buffer(16)
+ var buf = Buffer.allocUnsafe(16)
buf.writeUInt32BE(out[0], 0)
buf.writeUInt32BE(out[1], 4)
buf.writeUInt32BE(out[2], 8)
buf.writeUInt32BE(out[3], 12)
return buf
}
+
var uint_max = Math.pow(2, 32)
function fixup_uint32 (x) {
var ret, x_pos
ret = x > uint_max || x < 0 ? (x_pos = Math.abs(x) % uint_max, x < 0 ? uint_max - x_pos : x_pos) : x
return ret
}
+
function xor (a, b) {
return [
a[0] ^ b[0],
@@ -96,3 +101,5 @@ function xor (a, b) {
a[3] ^ b[3]
]
}
+
+module.exports = GHASH
diff --git a/modes/cfb.js b/modes/cfb.js
index 0bfe4fa..03b2ee9 100644
--- a/modes/cfb.js
+++ b/modes/cfb.js
@@ -1,13 +1,22 @@
+var Buffer = require('safe-buffer').Buffer
var xor = require('buffer-xor')
+function encryptStart (self, data, decrypt) {
+ var len = data.length
+ var out = xor(data, self._cache)
+ self._cache = self._cache.slice(len)
+ self._prev = Buffer.concat([self._prev, decrypt ? data : out])
+ return out
+}
+
exports.encrypt = function (self, data, decrypt) {
- var out = new Buffer('')
+ var out = Buffer.allocUnsafe(0)
var len
while (data.length) {
if (self._cache.length === 0) {
self._cache = self._cipher.encryptBlock(self._prev)
- self._prev = new Buffer('')
+ self._prev = Buffer.allocUnsafe(0)
}
if (self._cache.length <= data.length) {
@@ -22,10 +31,3 @@ exports.encrypt = function (self, data, decrypt) {
return out
}
-function encryptStart (self, data, decrypt) {
- var len = data.length
- var out = xor(data, self._cache)
- self._cache = self._cache.slice(len)
- self._prev = Buffer.concat([self._prev, decrypt ? data : out])
- return out
-}
diff --git a/modes/cfb1.js b/modes/cfb1.js
index 335542e..0ed1366 100644
--- a/modes/cfb1.js
+++ b/modes/cfb1.js
@@ -1,3 +1,5 @@
+var Buffer = require('safe-buffer').Buffer
+
function encryptByte (self, byteParam, decrypt) {
var pad
var i = -1
@@ -13,22 +15,28 @@ function encryptByte (self, byteParam, decrypt) {
}
return out
}
-exports.encrypt = function (self, chunk, decrypt) {
- var len = chunk.length
- var out = new Buffer(len)
+
+function shiftIn (buffer, value) {
+ var len = buffer.length
var i = -1
+ var out = Buffer.allocUnsafe(buffer.length)
+ buffer = Buffer.concat([buffer, Buffer.from([value])])
+
while (++i < len) {
- out[i] = encryptByte(self, chunk[i], decrypt)
+ out[i] = buffer[i] << 1 | buffer[i + 1] >> (7)
}
+
return out
}
-function shiftIn (buffer, value) {
- var len = buffer.length
+
+exports.encrypt = function (self, chunk, decrypt) {
+ var len = chunk.length
+ var out = Buffer.allocUnsafe(len)
var i = -1
- var out = new Buffer(buffer.length)
- buffer = Buffer.concat([buffer, new Buffer([value])])
+
while (++i < len) {
- out[i] = buffer[i] << 1 | buffer[i + 1] >> (7)
+ out[i] = encryptByte(self, chunk[i], decrypt)
}
+
return out
}
diff --git a/modes/cfb8.js b/modes/cfb8.js
index c967a95..7f0db45 100644
--- a/modes/cfb8.js
+++ b/modes/cfb8.js
@@ -1,15 +1,23 @@
function encryptByte (self, byteParam, decrypt) {
var pad = self._cipher.encryptBlock(self._prev)
var out = pad[0] ^ byteParam
- self._prev = Buffer.concat([self._prev.slice(1), new Buffer([decrypt ? byteParam : out])])
+
+ self._prev = Buffer.concat([
+ self._prev.slice(1),
+ Buffer.from([decrypt ? byteParam : out])
+ ])
+
return out
}
+
exports.encrypt = function (self, chunk, decrypt) {
var len = chunk.length
- var out = new Buffer(len)
+ var out = Buffer.allocUnsafe(len)
var i = -1
+
while (++i < len) {
out[i] = encryptByte(self, chunk[i], decrypt)
}
+
return out
}
diff --git a/modes/ecb.js b/modes/ecb.js
index 4dd97e7..49dfb1e 100644
--- a/modes/ecb.js
+++ b/modes/ecb.js
@@ -1,6 +1,7 @@
exports.encrypt = function (self, block) {
return self._cipher.encryptBlock(block)
}
+
exports.decrypt = function (self, block) {
return self._cipher.decryptBlock(block)
}
diff --git a/package.json b/package.json
index 0aa7c13..e08a3d3 100644
--- a/package.json
+++ b/package.json
@@ -32,7 +32,8 @@
"cipher-base": "^1.0.0",
"create-hash": "^1.1.0",
"evp_bytestokey": "^1.0.0",
- "inherits": "^2.0.1"
+ "inherits": "^2.0.1",
+ "safe-buffer": "^5.0.1"
},
"devDependencies": {
"standard": "^9.0.0",
diff --git a/streamCipher.js b/streamCipher.js
index a55c762..6355732 100644
--- a/streamCipher.js
+++ b/streamCipher.js
@@ -1,25 +1,28 @@
var aes = require('./aes')
+var Buffer = require('safe-buffer').Buffer
var Transform = require('cipher-base')
var inherits = require('inherits')
-inherits(StreamCipher, Transform)
-module.exports = StreamCipher
function StreamCipher (mode, key, iv, decrypt) {
- if (!(this instanceof StreamCipher)) {
- return new StreamCipher(mode, key, iv)
- }
+ if (!(this instanceof StreamCipher)) return new StreamCipher(mode, key, iv)
Transform.call(this)
+
this._cipher = new aes.AES(key)
- this._prev = new Buffer(iv.length)
- this._cache = new Buffer('')
- this._secCache = new Buffer('')
+ this._prev = Buffer.from(iv)
+ this._cache = Buffer.allocUnsafe(0)
+ this._secCache = Buffer.allocUnsafe(0)
this._decrypt = decrypt
- iv.copy(this._prev)
this._mode = mode
}
+
+inherits(StreamCipher, Transform)
+
StreamCipher.prototype._update = function (chunk) {
return this._mode.encrypt(this, chunk, this._decrypt)
}
+
StreamCipher.prototype._final = function () {
this._cipher.scrub()
}
+
+module.exports = StreamCipher
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-javascript/node-browserify-aes.git
More information about the Pkg-javascript-commits
mailing list