1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-01-12 09:03:42 -05:00
denoland-deno/ext/node/polyfills/internal/crypto/cipher.ts

364 lines
9.3 KiB
TypeScript
Raw Normal View History

// Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
// Copyright Joyent, Inc. and Node.js contributors. All rights reserved. MIT license.
import { ERR_INVALID_ARG_TYPE } from "ext:deno_node/internal/errors.ts";
import {
validateInt32,
validateObject,
} from "ext:deno_node/internal/validators.mjs";
import { Buffer } from "ext:deno_node/buffer.ts";
import { notImplemented } from "ext:deno_node/_utils.ts";
import type { TransformOptions } from "ext:deno_node/_stream.d.ts";
import { Transform } from "ext:deno_node/_stream.mjs";
import { KeyObject } from "./keys.ts";
import type { BufferEncoding } from "ext:deno_node/_global.d.ts";
import type {
BinaryLike,
Encoding,
} from "ext:deno_node/internal/crypto/types.ts";
import { getDefaultEncoding } from "ext:deno_node/internal/crypto/util.ts";
const { ops } = globalThis.__bootstrap.core;
export type CipherCCMTypes =
| "aes-128-ccm"
| "aes-192-ccm"
| "aes-256-ccm"
| "chacha20-poly1305";
export type CipherGCMTypes = "aes-128-gcm" | "aes-192-gcm" | "aes-256-gcm";
export type CipherOCBTypes = "aes-128-ocb" | "aes-192-ocb" | "aes-256-ocb";
export type CipherKey = BinaryLike | KeyObject;
export interface CipherCCMOptions extends TransformOptions {
authTagLength: number;
}
export interface CipherGCMOptions extends TransformOptions {
authTagLength?: number | undefined;
}
export interface CipherOCBOptions extends TransformOptions {
authTagLength: number;
}
export interface Cipher extends ReturnType<typeof Transform> {
update(
data: string,
inputEncoding?: Encoding,
outputEncoding?: Encoding,
): string;
final(outputEncoding?: BufferEncoding): string;
setAutoPadding(autoPadding?: boolean): this;
}
export type Decipher = Cipher;
export interface CipherCCM extends Cipher {
setAAD(
buffer: ArrayBufferView,
options: {
plaintextLength: number;
},
): this;
getAuthTag(): Buffer;
}
export interface CipherGCM extends Cipher {
setAAD(
buffer: ArrayBufferView,
options?: {
plaintextLength: number;
},
): this;
getAuthTag(): Buffer;
}
export interface CipherOCB extends Cipher {
setAAD(
buffer: ArrayBufferView,
options?: {
plaintextLength: number;
},
): this;
getAuthTag(): Buffer;
}
export interface DecipherCCM extends Decipher {
setAuthTag(buffer: ArrayBufferView): this;
setAAD(
buffer: ArrayBufferView,
options: {
plaintextLength: number;
},
): this;
}
export interface DecipherGCM extends Decipher {
setAuthTag(buffer: ArrayBufferView): this;
setAAD(
buffer: ArrayBufferView,
options?: {
plaintextLength: number;
},
): this;
}
export interface DecipherOCB extends Decipher {
setAuthTag(buffer: ArrayBufferView): this;
setAAD(
buffer: ArrayBufferView,
options?: {
plaintextLength: number;
},
): this;
}
export class Cipheriv extends Transform implements Cipher {
/** CipherContext resource id */
#context: number;
/** plaintext data cache */
#cache: BlockModeCache;
constructor(
cipher: string,
key: CipherKey,
iv: BinaryLike | null,
options?: TransformOptions,
) {
super(options);
this.#cache = new BlockModeCache(false);
this.#context = ops.op_node_create_cipheriv(cipher, key, iv);
}
final(encoding: string = getDefaultEncoding()): Buffer | string {
const buf = new Buffer(16);
ops.op_node_cipheriv_final(this.#context, this.#cache.cache, buf);
return encoding === "buffer" ? buf : buf.toString(encoding);
}
getAuthTag(): Buffer {
notImplemented("crypto.Cipheriv.prototype.getAuthTag");
}
setAAD(
_buffer: ArrayBufferView,
_options?: {
plaintextLength: number;
},
): this {
notImplemented("crypto.Cipheriv.prototype.setAAD");
return this;
}
setAutoPadding(_autoPadding?: boolean): this {
notImplemented("crypto.Cipheriv.prototype.setAutoPadding");
return this;
}
update(
data: string | Buffer | ArrayBufferView,
inputEncoding?: Encoding,
outputEncoding: Encoding = getDefaultEncoding(),
): Buffer | string {
// TODO(kt3k): throw ERR_INVALID_ARG_TYPE if data is not string, Buffer, or ArrayBufferView
if (typeof data === "string" && typeof inputEncoding === "string") {
this.#cache.add(Buffer.from(data, inputEncoding));
} else {
this.#cache.add(data);
}
const input = this.#cache.get();
let output;
if (input === null) {
output = Buffer.alloc(0);
} else {
output = Buffer.allocUnsafe(input.length);
ops.op_node_cipheriv_encrypt(this.#context, input, output);
}
return outputEncoding === "buffer"
? output
: output.toString(outputEncoding);
}
}
/** Caches data and output the chunk of multiple of 16.
* Used by CBC, ECB modes of block ciphers */
class BlockModeCache {
cache: Uint8Array;
// The last chunk can be padded when decrypting.
#lastChunkIsNonZero: boolean;
constructor(lastChunkIsNotZero = false) {
this.cache = new Uint8Array(0);
this.#lastChunkIsNonZero = lastChunkIsNotZero;
}
add(data: Uint8Array) {
const cache = this.cache;
this.cache = new Uint8Array(cache.length + data.length);
this.cache.set(cache);
this.cache.set(data, cache.length);
}
/** Gets the chunk of the length of largest multiple of 16.
* Used for preparing data for encryption/decryption */
get(): Uint8Array | null {
let len = this.cache.length;
if (this.#lastChunkIsNonZero) {
// Reduces the available chunk length by 1 to keep the last chunk
len -= 1;
}
if (len < 16) {
return null;
}
len = Math.floor(len / 16) * 16;
const out = this.cache.subarray(0, len);
this.cache = this.cache.subarray(len);
return out;
}
}
export class Decipheriv extends Transform implements Cipher {
/** DecipherContext resource id */
#context: number;
/** ciphertext data cache */
#cache: BlockModeCache;
constructor(
cipher: string,
key: CipherKey,
iv: BinaryLike | null,
options?: TransformOptions,
) {
super(options);
this.#cache = new BlockModeCache(true);
this.#context = ops.op_node_create_decipheriv(cipher, key, iv);
}
final(encoding: string = getDefaultEncoding()): Buffer | string {
let buf = new Buffer(16);
ops.op_node_decipheriv_final(this.#context, this.#cache.cache, buf);
buf = buf.subarray(0, 16 - buf.at(-1)); // Padded in Pkcs7 mode
return encoding === "buffer" ? buf : buf.toString(encoding);
}
setAAD(
_buffer: ArrayBufferView,
_options?: {
plaintextLength: number;
},
): this {
notImplemented("crypto.Decipheriv.prototype.setAAD");
}
setAuthTag(_buffer: BinaryLike, _encoding?: string): this {
notImplemented("crypto.Decipheriv.prototype.setAuthTag");
}
setAutoPadding(_autoPadding?: boolean): this {
notImplemented("crypto.Decipheriv.prototype.setAutoPadding");
}
update(
data: string | Buffer | ArrayBufferView,
inputEncoding?: Encoding,
outputEncoding: Encoding = getDefaultEncoding(),
): Buffer | string {
// TODO(kt3k): throw ERR_INVALID_ARG_TYPE if data is not string, Buffer, or ArrayBufferView
if (typeof data === "string" && typeof inputEncoding === "string") {
this.#cache.add(Buffer.from(data, inputEncoding));
} else {
this.#cache.add(data);
}
const input = this.#cache.get();
let output;
if (input === null) {
output = Buffer.alloc(0);
} else {
output = new Buffer(input.length);
ops.op_node_decipheriv_decrypt(this.#context, input, output);
}
return outputEncoding === "buffer"
? output
: output.toString(outputEncoding);
}
}
export function getCipherInfo(
nameOrNid: string | number,
options?: { keyLength?: number; ivLength?: number },
) {
if (typeof nameOrNid !== "string" && typeof nameOrNid !== "number") {
throw new ERR_INVALID_ARG_TYPE(
"nameOrNid",
["string", "number"],
nameOrNid,
);
}
if (typeof nameOrNid === "number") {
validateInt32(nameOrNid, "nameOrNid");
}
let keyLength, ivLength;
if (options !== undefined) {
validateObject(options, "options");
({ keyLength, ivLength } = options);
if (keyLength !== undefined) {
validateInt32(keyLength, "options.keyLength");
}
if (ivLength !== undefined) {
validateInt32(ivLength, "options.ivLength");
}
}
notImplemented("crypto.getCipherInfo");
}
export function privateEncrypt(
privateKey: ArrayBufferView | string | KeyObject,
buffer: ArrayBufferView | string | KeyObject,
): Buffer {
const padding = privateKey.padding || 1;
return ops.op_node_private_encrypt(privateKey, buffer, padding);
}
export function privateDecrypt(
privateKey: ArrayBufferView | string | KeyObject,
buffer: ArrayBufferView | string | KeyObject,
): Buffer {
const padding = privateKey.padding || 1;
return ops.op_node_private_decrypt(privateKey, buffer, padding);
}
export function publicEncrypt(
publicKey: ArrayBufferView | string | KeyObject,
buffer: ArrayBufferView | string | KeyObject,
): Buffer {
const padding = publicKey.padding || 1;
return ops.op_node_public_encrypt(publicKey, buffer, padding);
}
export function publicDecrypt() {
notImplemented("crypto.publicDecrypt");
}
export default {
privateDecrypt,
privateEncrypt,
publicDecrypt,
publicEncrypt,
Cipheriv,
Decipheriv,
getCipherInfo,
};