| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323 |
- (function () {
- var C = typeof window === 'undefined' ? require('./Crypto').Crypto : window.Crypto;
- // Shortcuts
- var util = C.util;
- var charenc = C.charenc;
- var UTF8 = charenc.UTF8; // Precomputed SBOX
- var SBOX = [
- 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118, 202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192, 183, 253, 147, 38,
- 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21, 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117, 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214,
- 179, 41, 227, 47, 132, 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207, 208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168, 81,
- 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210, 205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115, 96, 129, 79, 220, 34, 42,
- 144, 136, 70, 238, 184, 20, 222, 94, 11, 219, 224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121, 231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244,
- 234, 101, 122, 174, 8, 186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138, 112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158,
- 225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223, 140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22
- ];
- // Compute inverse SBOX lookup table
- for (var INVSBOX = [], i = 0; i < 256; i++) {
- INVSBOX[SBOX[i]] = i;
- }
- // Compute mulitplication in GF(2^8) lookup tables
- var MULT2 = [];
- var MULT3 = [];
- var MULT9 = [];
- var MULTB = [];
- var MULTD = [];
- var MULTE = [];
- function xtime(a, b) {
- for (var result = 0, i = 0; i < 8; i++) {
- if (b & 1) {
- result ^= a;
- }
- var hiBitSet = a & 128;
- a = (a << 1) & 255;
- if (hiBitSet) {
- a ^= 27;
- }
- b >>>= 1;
- }
- return result;
- }
- for (var i = 0; i < 256; i++) {
- MULT2[i] = xtime(i, 2);
- MULT3[i] = xtime(i, 3);
- MULT9[i] = xtime(i, 9);
- MULTB[i] = xtime(i, 11);
- MULTD[i] = xtime(i, 13);
- MULTE[i] = xtime(i, 14);
- }
- // Precomputed RCon lookup
- var RCON = [0, 1, 2, 4, 8, 16, 32, 64, 128, 27, 54];
- // Inner state
- var state = [[], [], [], []];
- var keylength;
- var nrounds;
- var keyschedule;
- var AES = (C.AES = {
- /**
- * Public API
- */
- encrypt: function (message, password, options) {
- options = options || {};
- // Determine mode
- var mode = options.mode || new C.mode.OFB();
- // Allow mode to override options
- if (mode.fixOptions) {
- mode.fixOptions(options);
- }
- var // Convert to bytes if message is a string
- m = message.constructor == String ? UTF8.stringToBytes(message) : message;
- var // Generate random IV
- iv = options.iv || util.randomBytes(AES._blocksize * 4);
- var // Generate key
- k =
- password.constructor == String
- ? // Derive key from passphrase
- C.PBKDF2(password, iv, 32, {
- asBytes: true
- })
- : // else, assume byte array representing cryptographic key
- password; // Encrypt
- AES._init(k);
- mode.encrypt(AES, m, iv);
- // Return ciphertext
- m = options.iv ? m : iv.concat(m);
- return options && options.asBytes ? m : util.bytesToBase64(m);
- },
- decrypt: function (ciphertext, password, options) {
- options = options || {};
- // Determine mode
- var mode = options.mode || new C.mode.OFB();
- // Allow mode to override options
- if (mode.fixOptions) {
- mode.fixOptions(options);
- }
- var // Convert to bytes if ciphertext is a string
- c = ciphertext.constructor == String ? util.base64ToBytes(ciphertext) : ciphertext;
- var // Separate IV and message
- iv = options.iv || c.splice(0, AES._blocksize * 4);
- var // Generate key
- k =
- password.constructor == String
- ? // Derive key from passphrase
- C.PBKDF2(password, iv, 32, {
- asBytes: true
- })
- : // else, assume byte array representing cryptographic key
- password; // Decrypt
- AES._init(k);
- mode.decrypt(AES, c, iv);
- // Return plaintext
- return options && options.asBytes ? c : UTF8.bytesToString(c);
- },
- /**
- * Package private methods and properties
- */
- _blocksize: 4,
- _encryptblock: function (m, offset) {
- // Set input
- for (var row = 0; row < AES._blocksize; row++) {
- for (var col = 0; col < 4; col++) {
- state[row][col] = m[offset + col * 4 + row];
- }
- }
- // Add round key
- for (var row = 0; row < 4; row++) {
- for (var col = 0; col < 4; col++) {
- state[row][col] ^= keyschedule[col][row];
- }
- }
- for (var round = 1; round < nrounds; round++) {
- // Sub bytes
- for (var row = 0; row < 4; row++) {
- for (var col = 0; col < 4; col++) {
- state[row][col] = SBOX[state[row][col]];
- }
- }
- // Shift rows
- state[1].push(state[1].shift());
- state[2].push(state[2].shift());
- state[2].push(state[2].shift());
- state[3].unshift(state[3].pop());
- // Mix columns
- for (var col = 0; col < 4; col++) {
- var s0 = state[0][col];
- var s1 = state[1][col];
- var s2 = state[2][col];
- var s3 = state[3][col];
- state[0][col] = MULT2[s0] ^ MULT3[s1] ^ s2 ^ s3;
- state[1][col] = s0 ^ MULT2[s1] ^ MULT3[s2] ^ s3;
- state[2][col] = s0 ^ s1 ^ MULT2[s2] ^ MULT3[s3];
- state[3][col] = MULT3[s0] ^ s1 ^ s2 ^ MULT2[s3];
- }
- // Add round key
- for (var row = 0; row < 4; row++) {
- for (var col = 0; col < 4; col++) {
- state[row][col] ^= keyschedule[round * 4 + col][row];
- }
- }
- }
- // Sub bytes
- for (var row = 0; row < 4; row++) {
- for (var col = 0; col < 4; col++) {
- state[row][col] = SBOX[state[row][col]];
- }
- }
- // Shift rows
- state[1].push(state[1].shift());
- state[2].push(state[2].shift());
- state[2].push(state[2].shift());
- state[3].unshift(state[3].pop());
- // Add round key
- for (var row = 0; row < 4; row++) {
- for (var col = 0; col < 4; col++) {
- state[row][col] ^= keyschedule[nrounds * 4 + col][row];
- }
- }
- // Set output
- for (var row = 0; row < AES._blocksize; row++) {
- for (var col = 0; col < 4; col++) {
- m[offset + col * 4 + row] = state[row][col];
- }
- }
- },
- _decryptblock: function (c, offset) {
- // Set input
- for (var row = 0; row < AES._blocksize; row++) {
- for (var col = 0; col < 4; col++) {
- state[row][col] = c[offset + col * 4 + row];
- }
- }
- // Add round key
- for (var row = 0; row < 4; row++) {
- for (var col = 0; col < 4; col++) {
- state[row][col] ^= keyschedule[nrounds * 4 + col][row];
- }
- }
- for (var round = 1; round < nrounds; round++) {
- // Inv shift rows
- state[1].unshift(state[1].pop());
- state[2].push(state[2].shift());
- state[2].push(state[2].shift());
- state[3].push(state[3].shift());
- // Inv sub bytes
- for (var row = 0; row < 4; row++) {
- for (var col = 0; col < 4; col++) {
- state[row][col] = INVSBOX[state[row][col]];
- }
- }
- // Add round key
- for (var row = 0; row < 4; row++) {
- for (var col = 0; col < 4; col++) {
- state[row][col] ^= keyschedule[(nrounds - round) * 4 + col][row];
- }
- }
- // Inv mix columns
- for (var col = 0; col < 4; col++) {
- var s0 = state[0][col];
- var s1 = state[1][col];
- var s2 = state[2][col];
- var s3 = state[3][col];
- state[0][col] = MULTE[s0] ^ MULTB[s1] ^ MULTD[s2] ^ MULT9[s3];
- state[1][col] = MULT9[s0] ^ MULTE[s1] ^ MULTB[s2] ^ MULTD[s3];
- state[2][col] = MULTD[s0] ^ MULT9[s1] ^ MULTE[s2] ^ MULTB[s3];
- state[3][col] = MULTB[s0] ^ MULTD[s1] ^ MULT9[s2] ^ MULTE[s3];
- }
- }
- // Inv shift rows
- state[1].unshift(state[1].pop());
- state[2].push(state[2].shift());
- state[2].push(state[2].shift());
- state[3].push(state[3].shift());
- // Inv sub bytes
- for (var row = 0; row < 4; row++) {
- for (var col = 0; col < 4; col++) {
- state[row][col] = INVSBOX[state[row][col]];
- }
- }
- // Add round key
- for (var row = 0; row < 4; row++) {
- for (var col = 0; col < 4; col++) {
- state[row][col] ^= keyschedule[col][row];
- }
- }
- // Set output
- for (var row = 0; row < AES._blocksize; row++) {
- for (var col = 0; col < 4; col++) {
- c[offset + col * 4 + row] = state[row][col];
- }
- }
- },
- /**
- * Private methods
- */
- _init: function (k) {
- keylength = k.length / 4;
- nrounds = keylength + 6;
- AES._keyexpansion(k);
- },
- // Generate a key schedule
- _keyexpansion: function (k) {
- keyschedule = [];
- for (var row = 0; row < keylength; row++) {
- keyschedule[row] = [k[row * 4], k[row * 4 + 1], k[row * 4 + 2], k[row * 4 + 3]];
- }
- for (var row = keylength; row < AES._blocksize * (nrounds + 1); row++) {
- var temp = [keyschedule[row - 1][0], keyschedule[row - 1][1], keyschedule[row - 1][2], keyschedule[row - 1][3]];
- if (row % keylength == 0) {
- // Rot word
- temp.push(temp.shift());
- // Sub word
- temp[0] = SBOX[temp[0]];
- temp[1] = SBOX[temp[1]];
- temp[2] = SBOX[temp[2]];
- temp[3] = SBOX[temp[3]];
- temp[0] ^= RCON[row / keylength];
- } else if (keylength > 6 && row % keylength == 4) {
- // Sub word
- temp[0] = SBOX[temp[0]];
- temp[1] = SBOX[temp[1]];
- temp[2] = SBOX[temp[2]];
- temp[3] = SBOX[temp[3]];
- }
- keyschedule[row] = [
- keyschedule[row - keylength][0] ^ temp[0],
- keyschedule[row - keylength][1] ^ temp[1],
- keyschedule[row - keylength][2] ^ temp[2],
- keyschedule[row - keylength][3] ^ temp[3]
- ];
- }
- }
- });
- })();
|
