denoland-deno/ext/node/polyfills/internal/crypto/pbkdf2.ts

// Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
import { Buffer } from "internal:deno_node/buffer.ts";
import { createHash } from "internal:deno_node/internal/crypto/hash.ts";
import { HASH_DATA } from "internal:deno_node/internal/crypto/types.ts";

export const MAX_ALLOC = Math.pow(2, 30) - 1;

export type NormalizedAlgorithms =
  | "md5"
  | "ripemd160"
  | "sha1"
  | "sha224"
  | "sha256"
  | "sha384"
  | "sha512";

export type Algorithms =
  | "md5"
  | "ripemd160"
  | "rmd160"
  | "sha1"
  | "sha224"
  | "sha256"
  | "sha384"
  | "sha512";

const createHasher = (algorithm: string) => (value: Uint8Array) =>
  Buffer.from(createHash(algorithm).update(value).digest() as Buffer);

function getZeroes(zeros: number) {
  return Buffer.alloc(zeros);
}

const sizes = {
  md5: 16,
  sha1: 20,
  sha224: 28,
  sha256: 32,
  sha384: 48,
  sha512: 64,
  rmd160: 20,
  ripemd160: 20,
};

function toBuffer(bufferable: HASH_DATA) {
  if (bufferable instanceof Uint8Array || typeof bufferable === "string") {
    return Buffer.from(bufferable as Uint8Array);
  } else {
    return Buffer.from(bufferable.buffer);
  }
}

export class Hmac {
  hash: (value: Uint8Array) => Buffer;
  ipad1: Buffer;
  opad: Buffer;
  alg: string;
  blocksize: number;
  size: number;
  ipad2: Buffer;

  constructor(alg: Algorithms, key: Buffer, saltLen: number) {
    this.hash = createHasher(alg);

    const blocksize = alg === "sha512" || alg === "sha384" ? 128 : 64;

    if (key.length > blocksize) {
      key = this.hash(key);
    } else if (key.length < blocksize) {
      key = Buffer.concat([key, getZeroes(blocksize - key.length)], blocksize);
    }

    const ipad = Buffer.allocUnsafe(blocksize + sizes[alg]);
    const opad = Buffer.allocUnsafe(blocksize + sizes[alg]);
    for (let i = 0; i < blocksize; i++) {
      ipad[i] = key[i] ^ 0x36;
      opad[i] = key[i] ^ 0x5c;
    }

    const ipad1 = Buffer.allocUnsafe(blocksize + saltLen + 4);
    ipad.copy(ipad1, 0, 0, blocksize);

    this.ipad1 = ipad1;
    this.ipad2 = ipad;
    this.opad = opad;
    this.alg = alg;
    this.blocksize = blocksize;
    this.size = sizes[alg];
  }

  run(data: Buffer, ipad: Buffer) {
    data.copy(ipad, this.blocksize);
    const h = this.hash(ipad);
    h.copy(this.opad, this.blocksize);
    return this.hash(this.opad);
  }
}

/**
 * @param iterations Needs to be higher or equal than zero
 * @param keylen  Needs to be higher or equal than zero but less than max allocation size (2^30)
 * @param digest Algorithm to be used for encryption
 */
export function pbkdf2Sync(
  password: HASH_DATA,
  salt: HASH_DATA,
  iterations: number,
  keylen: number,
  digest: Algorithms = "sha1",
): Buffer {
  if (typeof iterations !== "number" || iterations < 0) {
    throw new TypeError("Bad iterations");
  }
  if (typeof keylen !== "number" || keylen < 0 || keylen > MAX_ALLOC) {
    throw new TypeError("Bad key length");
  }

  const bufferedPassword = toBuffer(password);
  const bufferedSalt = toBuffer(salt);

  const hmac = new Hmac(digest, bufferedPassword, bufferedSalt.length);

  const DK = Buffer.allocUnsafe(keylen);
  const block1 = Buffer.allocUnsafe(bufferedSalt.length + 4);
  bufferedSalt.copy(block1, 0, 0, bufferedSalt.length);

  let destPos = 0;
  const hLen = sizes[digest];
  const l = Math.ceil(keylen / hLen);

  for (let i = 1; i <= l; i++) {
    block1.writeUInt32BE(i, bufferedSalt.length);

    const T = hmac.run(block1, hmac.ipad1);
    let U = T;

    for (let j = 1; j < iterations; j++) {
      U = hmac.run(U, hmac.ipad2);
      for (let k = 0; k < hLen; k++) T[k] ^= U[k];
    }

    T.copy(DK, destPos);
    destPos += hLen;
  }

  return DK;
}

/**
 * @param iterations Needs to be higher or equal than zero
 * @param keylen  Needs to be higher or equal than zero but less than max allocation size (2^30)
 * @param digest Algorithm to be used for encryption
 */
export function pbkdf2(
  password: HASH_DATA,
  salt: HASH_DATA,
  iterations: number,
  keylen: number,
  digest: Algorithms = "sha1",
  callback: (err: Error | null, derivedKey?: Buffer) => void,
) {
  setTimeout(() => {
    let err = null,
      res;
    try {
      res = pbkdf2Sync(password, salt, iterations, keylen, digest);
    } catch (e) {
      err = e;
    }
    if (err) {
      callback(err instanceof Error ? err : new Error("[non-error thrown]"));
    } else {
      callback(null, res);
    }
  }, 0);
}

export default {
  Hmac,
  MAX_ALLOC,
  pbkdf2,
  pbkdf2Sync,
};
feat(ext/node): embed std/node into the snapshot (#17724) This commit moves "deno_std/node" in "ext/node" crate. The code is transpiled and snapshotted during the build process. During the first pass a minimal amount of work was done to create the snapshot, a lot of code in "ext/node" depends on presence of "Deno" global. This code will be gradually fixed in the follow up PRs to migrate it to import relevant APIs from "internal:" modules. Currently the code from snapshot is not used in any way, and all Node/npm compatibility still uses code from "https://deno.land/std/node" (or from the location specified by "DENO_NODE_COMPAT_URL"). This will also be handled in a follow up PRs. --------- Co-authored-by: crowlkats <crowlkats@toaxl.com> Co-authored-by: Divy Srivastava <dj.srivastava23@gmail.com> Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com> 2023-02-14 11:38:45 -05:00			`// Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.`
refactor(core): include_js_files! 'dir' option doesn't change specifiers (#18019) This commit changes "include_js_files!" macro from "deno_core" in a way that "dir" option doesn't cause specifiers to be rewritten to include it. Example: ``` include_js_files! { dir "js", "hello.js", } ``` The above definition required embedders to use: `import ... from "internal:<ext_name>/js/hello.js"`. But with this change, the "js" directory in which the files are stored is an implementation detail, which for embedders results in: `import ... from "internal:<ext_name>/hello.js"`. The directory the files are stored in, is an implementation detail and in some cases might result in a significant size difference for the snapshot. As an example, in "deno_node" extension, we store the source code in "polyfills" directory; which resulted in each specifier to look like "internal:deno_node/polyfills/<module_name>", but with this change it's "internal:deno_node/<module_name>". Given that "deno_node" has over 100 files, many of them having several import specifiers to the same extension, this change removes 10 characters from each import specifier. 2023-03-04 21:31:38 -05:00			`import { Buffer } from "internal:deno_node/buffer.ts";`
			`import { createHash } from "internal:deno_node/internal/crypto/hash.ts";`
			`import { HASH_DATA } from "internal:deno_node/internal/crypto/types.ts";`
feat(ext/node): embed std/node into the snapshot (#17724) This commit moves "deno_std/node" in "ext/node" crate. The code is transpiled and snapshotted during the build process. During the first pass a minimal amount of work was done to create the snapshot, a lot of code in "ext/node" depends on presence of "Deno" global. This code will be gradually fixed in the follow up PRs to migrate it to import relevant APIs from "internal:" modules. Currently the code from snapshot is not used in any way, and all Node/npm compatibility still uses code from "https://deno.land/std/node" (or from the location specified by "DENO_NODE_COMPAT_URL"). This will also be handled in a follow up PRs. --------- Co-authored-by: crowlkats <crowlkats@toaxl.com> Co-authored-by: Divy Srivastava <dj.srivastava23@gmail.com> Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com> 2023-02-14 11:38:45 -05:00
			`export const MAX_ALLOC = Math.pow(2, 30) - 1;`

			`export type NormalizedAlgorithms =`
			`\| "md5"`
			`\| "ripemd160"`
			`\| "sha1"`
			`\| "sha224"`
			`\| "sha256"`
			`\| "sha384"`
			`\| "sha512";`

			`export type Algorithms =`
			`\| "md5"`
			`\| "ripemd160"`
			`\| "rmd160"`
			`\| "sha1"`
			`\| "sha224"`
			`\| "sha256"`
			`\| "sha384"`
			`\| "sha512";`

			`const createHasher = (algorithm: string) => (value: Uint8Array) =>`
			`Buffer.from(createHash(algorithm).update(value).digest() as Buffer);`

			`function getZeroes(zeros: number) {`
			`return Buffer.alloc(zeros);`
			`}`

			`const sizes = {`
			`md5: 16,`
			`sha1: 20,`
			`sha224: 28,`
			`sha256: 32,`
			`sha384: 48,`
			`sha512: 64,`
			`rmd160: 20,`
			`ripemd160: 20,`
			`};`

			`function toBuffer(bufferable: HASH_DATA) {`
			`if (bufferable instanceof Uint8Array \|\| typeof bufferable === "string") {`
			`return Buffer.from(bufferable as Uint8Array);`
			`} else {`
			`return Buffer.from(bufferable.buffer);`
			`}`
			`}`

			`export class Hmac {`
			`hash: (value: Uint8Array) => Buffer;`
			`ipad1: Buffer;`
			`opad: Buffer;`
			`alg: string;`
			`blocksize: number;`
			`size: number;`
			`ipad2: Buffer;`

			`constructor(alg: Algorithms, key: Buffer, saltLen: number) {`
			`this.hash = createHasher(alg);`

			`const blocksize = alg === "sha512" \|\| alg === "sha384" ? 128 : 64;`

			`if (key.length > blocksize) {`
			`key = this.hash(key);`
			`} else if (key.length < blocksize) {`
			`key = Buffer.concat([key, getZeroes(blocksize - key.length)], blocksize);`
			`}`

			`const ipad = Buffer.allocUnsafe(blocksize + sizes[alg]);`
			`const opad = Buffer.allocUnsafe(blocksize + sizes[alg]);`
			`for (let i = 0; i < blocksize; i++) {`
			`ipad[i] = key[i] ^ 0x36;`
			`opad[i] = key[i] ^ 0x5c;`
			`}`

			`const ipad1 = Buffer.allocUnsafe(blocksize + saltLen + 4);`
			`ipad.copy(ipad1, 0, 0, blocksize);`

			`this.ipad1 = ipad1;`
			`this.ipad2 = ipad;`
			`this.opad = opad;`
			`this.alg = alg;`
			`this.blocksize = blocksize;`
			`this.size = sizes[alg];`
			`}`

			`run(data: Buffer, ipad: Buffer) {`
			`data.copy(ipad, this.blocksize);`
			`const h = this.hash(ipad);`
			`h.copy(this.opad, this.blocksize);`
			`return this.hash(this.opad);`
			`}`
			`}`

			`/**`
			`* @param iterations Needs to be higher or equal than zero`
			`* @param keylen Needs to be higher or equal than zero but less than max allocation size (2^30)`
			`* @param digest Algorithm to be used for encryption`
			`*/`
			`export function pbkdf2Sync(`
			`password: HASH_DATA,`
			`salt: HASH_DATA,`
			`iterations: number,`
			`keylen: number,`
			`digest: Algorithms = "sha1",`
			`): Buffer {`
			`if (typeof iterations !== "number" \|\| iterations < 0) {`
			`throw new TypeError("Bad iterations");`
			`}`
			`if (typeof keylen !== "number" \|\| keylen < 0 \|\| keylen > MAX_ALLOC) {`
			`throw new TypeError("Bad key length");`
			`}`

			`const bufferedPassword = toBuffer(password);`
			`const bufferedSalt = toBuffer(salt);`

			`const hmac = new Hmac(digest, bufferedPassword, bufferedSalt.length);`

			`const DK = Buffer.allocUnsafe(keylen);`
			`const block1 = Buffer.allocUnsafe(bufferedSalt.length + 4);`
			`bufferedSalt.copy(block1, 0, 0, bufferedSalt.length);`

			`let destPos = 0;`
			`const hLen = sizes[digest];`
			`const l = Math.ceil(keylen / hLen);`

			`for (let i = 1; i <= l; i++) {`
			`block1.writeUInt32BE(i, bufferedSalt.length);`

			`const T = hmac.run(block1, hmac.ipad1);`
			`let U = T;`

			`for (let j = 1; j < iterations; j++) {`
			`U = hmac.run(U, hmac.ipad2);`
			`for (let k = 0; k < hLen; k++) T[k] ^= U[k];`
			`}`

			`T.copy(DK, destPos);`
			`destPos += hLen;`
			`}`

			`return DK;`
			`}`

			`/**`
			`* @param iterations Needs to be higher or equal than zero`
			`* @param keylen Needs to be higher or equal than zero but less than max allocation size (2^30)`
			`* @param digest Algorithm to be used for encryption`
			`*/`
			`export function pbkdf2(`
			`password: HASH_DATA,`
			`salt: HASH_DATA,`
			`iterations: number,`
			`keylen: number,`
			`digest: Algorithms = "sha1",`
			`callback: (err: Error \| null, derivedKey?: Buffer) => void,`
			`) {`
			`setTimeout(() => {`
			`let err = null,`
			`res;`
			`try {`
			`res = pbkdf2Sync(password, salt, iterations, keylen, digest);`
			`} catch (e) {`
			`err = e;`
			`}`
			`if (err) {`
			`callback(err instanceof Error ? err : new Error("[non-error thrown]"));`
			`} else {`
			`callback(null, res);`
			`}`
			`}, 0);`
			`}`

			`export default {`
			`Hmac,`
			`MAX_ALLOC,`
			`pbkdf2,`
			`pbkdf2Sync,`
			`};`