From e6543a2d9b70b4b9d4ff4c19250c32aee2161c37 Mon Sep 17 00:00:00 2001 From: Andrey Polischuk Date: Wed, 14 Aug 2024 16:40:26 +0300 Subject: [PATCH 1/3] feat(crypto): add crypto utils --- .size-limit.json | 4 + README.md | 1 + packages/crypto/README.md | 15 + packages/crypto/aesrsa.ts | 72 ++ packages/crypto/bcrypt.ts | 32 + packages/crypto/bcryptjs.d.ts | 142 ++++ packages/crypto/bcryptjs.js | 1350 +++++++++++++++++++++++++++++++++ packages/crypto/buffers.ts | 263 +++++++ packages/crypto/crypto.ts | 25 + packages/crypto/ecdsa256.ts | 113 +++ packages/crypto/index.test.ts | 74 ++ packages/crypto/index.ts | 21 + packages/crypto/package.json | 18 + packages/crypto/pbkdf2.ts | 44 ++ packages/crypto/pkce.ts | 39 + packages/crypto/tsconfig.json | 9 + packages/crypto/typedoc.json | 5 + yarn.lock | 56 +- 18 files changed, 2277 insertions(+), 6 deletions(-) create mode 100644 packages/crypto/README.md create mode 100644 packages/crypto/aesrsa.ts create mode 100644 packages/crypto/bcrypt.ts create mode 100644 packages/crypto/bcryptjs.d.ts create mode 100644 packages/crypto/bcryptjs.js create mode 100644 packages/crypto/buffers.ts create mode 100644 packages/crypto/crypto.ts create mode 100644 packages/crypto/ecdsa256.ts create mode 100644 packages/crypto/index.test.ts create mode 100644 packages/crypto/index.ts create mode 100644 packages/crypto/package.json create mode 100644 packages/crypto/pbkdf2.ts create mode 100644 packages/crypto/pkce.ts create mode 100644 packages/crypto/tsconfig.json create mode 100644 packages/crypto/typedoc.json diff --git a/.size-limit.json b/.size-limit.json index 27fabe8..7d028c9 100644 --- a/.size-limit.json +++ b/.size-limit.json @@ -3,6 +3,10 @@ "path": "packages/cookie-storage/dist/index.js", "limit": "990 B" }, + { + "path": "packages/crypto/dist/index.js", + "limit": "27.3 KB" + }, { "path": "packages/local-storage/dist/index.js", "limit": "290 B" diff --git a/README.md b/README.md index b7962c5..38ea3b6 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,7 @@ Common utils used by Rambler team ## Packages - [@rambler-tech/cookie-storage](packages/cookie-storage) +- [@rambler-tech/crypto](packages/crypto) - [@rambler-tech/lhci-report](packages/lhci-report) - [@rambler-tech/local-storage](packages/local-storage) - [@rambler-tech/session-storage](packages/session-storage) diff --git a/packages/crypto/README.md b/packages/crypto/README.md new file mode 100644 index 0000000..1b3b7ff --- /dev/null +++ b/packages/crypto/README.md @@ -0,0 +1,15 @@ +# Crypto + +Browser crypto utils + +## Install + +``` +npm install -D @rambler-tech/crypto +``` + +or + +``` +yarn add -D @rambler-tech/crypto +``` diff --git a/packages/crypto/aesrsa.ts b/packages/crypto/aesrsa.ts new file mode 100644 index 0000000..0406608 --- /dev/null +++ b/packages/crypto/aesrsa.ts @@ -0,0 +1,72 @@ +import {getRandomValues, subtle} from './crypto' +import { + bufferFromString, + bufferFromUnicode, + stringFromBuffer, + base64urlFromString +} from './buffers' + +function generateAESKey() { + return subtle.generateKey( + { + name: 'AES-GCM', + length: 256 + }, + true, + ['encrypt', 'decrypt'] + ) +} + +async function encryptAES( + key: CryptoKey, + initVector: Uint8Array, + body: string +) { + const encryptedBody = await subtle.encrypt( + {name: 'AES-GCM', iv: initVector}, + key, + bufferFromUnicode(body) + ) + + return base64urlFromString(stringFromBuffer(encryptedBody)) +} + +function importRSAKey(keyString: string) { + return subtle.importKey( + 'spki', + bufferFromString(window.atob(keyString)), + { + name: 'RSA-OAEP', + hash: {name: 'SHA-256'} + }, + false, + ['wrapKey'] + ) +} + +async function encryptRSA(key: CryptoKey, body: CryptoKey) { + const encryptedBody = await subtle.wrapKey('raw', body, key, { + name: 'RSA-OAEP' + } as RsaOaepParams) + + return base64urlFromString(stringFromBuffer(encryptedBody)) +} + +/** Encrypt with AES and RSA keys */ +export async function encryptAESRSA(keyString: string, body: string) { + // eslint-disable-next-line @typescript-eslint/no-magic-numbers + const initVector = getRandomValues(new Uint8Array(12)) + const initVectorString = base64urlFromString(stringFromBuffer(initVector)) + + const [aesKey, rsaKey] = await Promise.all([ + generateAESKey(), + importRSAKey(keyString) + ]) + + const [encryptedBody, encryptedKey] = await Promise.all([ + encryptAES(aesKey, initVector, body), + encryptRSA(rsaKey, aesKey) + ]) + + return `${encryptedBody}.${encryptedKey}.${initVectorString}` +} diff --git a/packages/crypto/bcrypt.ts b/packages/crypto/bcrypt.ts new file mode 100644 index 0000000..698fd8a --- /dev/null +++ b/packages/crypto/bcrypt.ts @@ -0,0 +1,32 @@ +import sha from 'sha.js' +import {hash} from './bcryptjs' + +/** bcrypt derivation params */ +export interface DeriveBcryptKeyParams { + salt: string + token: string +} + +/** Derive key with bcrypt */ +export async function deriveBcryptKey( + input: string, + {salt, token}: DeriveBcryptKeyParams +) { + const hashString: string = await new Promise((resolve, reject) => { + hash(input, salt, (error, hash) => { + if (error) { + reject(error) + } else { + resolve(hash) + } + }) + }) + + if (!token) { + return hashString + } + + return sha('sha512') + .update(hashString + token) + .digest('hex') +} diff --git a/packages/crypto/bcryptjs.d.ts b/packages/crypto/bcryptjs.d.ts new file mode 100644 index 0000000..2294080 --- /dev/null +++ b/packages/crypto/bcryptjs.d.ts @@ -0,0 +1,142 @@ +// Type definitions for bcryptjs v2.4.0 +// Project: https://github.com/dcodeIO/bcrypt.js +// Definitions by: Joshua Filby +// Rafael Kraut +// Branislav Holý +// Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped +// TypeScript Version: 2.1 + +/** + * Sets the pseudo random number generator to use as a fallback if neither node's crypto module nor the Web Crypto API is available. + * Please note: It is highly important that the PRNG used is cryptographically secure and that it is seeded properly! + * @param random Function taking the number of bytes to generate as its sole argument, returning the corresponding array of cryptographically secure random byte values. + */ +export declare function setRandomFallback( + random: (random: number) => Buffer +): void + +/** + * Synchronously generates a salt. + * @param rounds Number of rounds to use, defaults to 10 if omitted + * @return Resulting salt + * @throws If a random fallback is required but not set + */ +export declare function genSaltSync(rounds?: number): string + +/** + * Asynchronously generates a salt. + * @param rounds Number of rounds to use, defaults to 10 if omitted + * @return Promise with resulting salt, if callback has been omitted + */ +export declare function genSalt(rounds?: number): Promise + +/** + * Asynchronously generates a salt. + * @param callback Callback receiving the error, if any, and the resulting salt + */ +export declare function genSalt( + callback: (err: Error, salt: string) => void +): void + +/** + * Asynchronously generates a salt. + * @param rounds Number of rounds to use, defaults to 10 if omitted + * @param callback Callback receiving the error, if any, and the resulting salt + */ +export declare function genSalt( + rounds: number, + callback: (err: Error, salt: string) => void +): void + +/** + * Synchronously generates a hash for the given string. + * @param s String to hash + * @param salt Salt length to generate or salt to use, default to 10 + * @return Resulting hash + */ +export declare function hashSync(s: string, salt?: number | string): string + +/** + * Asynchronously generates a hash for the given string. + * @param s String to hash + * @param salt Salt length to generate or salt to use + * @return Promise with resulting hash, if callback has been omitted + */ +export declare function hash(s: string, salt: number | string): Promise + +/** + * Asynchronously generates a hash for the given string. + * @param s String to hash + * @param salt Salt length to generate or salt to use + * @param callback Callback receiving the error, if any, and the resulting hash + * @param progressCallback Callback successively called with the percentage of rounds completed (0.0 - 1.0), maximally once per MAX_EXECUTION_TIME = 100 ms. + */ +export declare function hash( + s: string, + salt: number | string, + callback?: (err: Error, hash: string) => void, + progressCallback?: (percent: number) => void +): void + +/** + * Synchronously tests a string against a hash. + * @param s String to compare + * @param hash Hash to test against + * @return true if matching, otherwise false + */ +export declare function compareSync(s: string, hash: string): boolean + +/** + * Asynchronously compares the given data against the given hash. + * @param s Data to compare + * @param hash Data to be compared to + * @return Promise, if callback has been omitted + */ +export declare function compare(s: string, hash: string): Promise + +/** + * Asynchronously compares the given data against the given hash. + * @param s Data to compare + * @param hash Data to be compared to + * @param callback Callback receiving the error, if any, otherwise the result + * @param progressCallback Callback successively called with the percentage of rounds completed (0.0 - 1.0), maximally once per MAX_EXECUTION_TIME = 100 ms. + */ +export declare function compare( + s: string, + hash: string, + callback?: (err: Error, success: boolean) => void, + progressCallback?: (percent: number) => void +): void + +/** + * Gets the number of rounds used to encrypt the specified hash. + * @param hash Hash to extract the used number of rounds from + * @return Number of rounds used + */ +export declare function getRounds(hash: string): number + +/** + * Gets the salt portion from a hash. Does not validate the hash. + * @param hash Hash to extract the salt from + * @return Extracted salt part + */ +export declare function getSalt(hash: string): string + +/** + * Encodes a byte array to base64 with up to len bytes of input, using the custom bcrypt alphabet. + * @function + * @param b Byte array + * @param len Maximum input length + */ +export declare function encodeBase64( + b: Readonly>, + len: number +): string + +/** + * Decodes a base64 encoded string to up to len bytes of output, using the custom bcrypt alphabet. + * @function + * @param s String to decode + * @param len Maximum output length + */ +export declare function decodeBase64(s: string, len: number): number[] diff --git a/packages/crypto/bcryptjs.js b/packages/crypto/bcryptjs.js new file mode 100644 index 0000000..b61c1ce --- /dev/null +++ b/packages/crypto/bcryptjs.js @@ -0,0 +1,1350 @@ +/* eslint-disable */ +/* Based on https://github.com/dcodeIO/bcrypt.js realisation */ + +/* + Copyright (c) 2012 Nevins Bartolomeo + Copyright (c) 2012 Shane Girish + Copyright (c) 2014 Daniel Wirtz + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. The name of the author may not be used to endorse or promote products + derived from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * @license bcrypt.js (c) 2013 Daniel Wirtz + * Released under the Apache License, Version 2.0 + * see: https://github.com/dcodeIO/bcrypt.js for details + */ + +/** + * bcrypt namespace. + * @type {Object.} + */ +var bcrypt = {} + +/** + * The random implementation to use as a fallback. + * @type {?function(number):!Array.} + * @inner + */ +var randomFallback = null + +/** + * Generates cryptographically secure random bytes. + * @function + * @param {number} len Bytes length + * @returns {!Array.} Random bytes + * @throws {Error} If no random implementation is available + * @inner + */ +function random(len) { + /* WCA */ try { + var a + ;(self['crypto'] || self['msCrypto'])['getRandomValues']( + (a = new Uint32Array(len)) + ) + return Array.prototype.slice.call(a) + } catch (e) {} + /* fallback */ if (!randomFallback) + throw Error( + 'Neither WebCryptoAPI nor a crypto module is available. Use bcrypt.setRandomFallback to set an alternative' + ) + return randomFallback(len) +} + +// Test if any secure randomness source is available +var randomAvailable = false +try { + random(1) + randomAvailable = true +} catch (e) {} + +// Default fallback, if any +randomFallback = null +/** + * Sets the pseudo random number generator to use as a fallback if neither node's `crypto` module nor the Web Crypto + * API is available. Please note: It is highly important that the PRNG used is cryptographically secure and that it + * is seeded properly! + * @param {?function(number):!Array.} random Function taking the number of bytes to generate as its + * sole argument, returning the corresponding array of cryptographically secure random byte values. + * @see http://nodejs.org/api/crypto.html + * @see http://www.w3.org/TR/WebCryptoAPI/ + */ +bcrypt.setRandomFallback = function (random) { + randomFallback = random +} + +/** + * Synchronously generates a salt. + * @param {number=} rounds Number of rounds to use, defaults to 10 if omitted + * @param {number=} seed_length Not supported. + * @returns {string} Resulting salt + * @throws {Error} If a random fallback is required but not set + * @expose + */ +bcrypt.genSaltSync = function (rounds, seed_length) { + rounds = rounds || GENSALT_DEFAULT_LOG2_ROUNDS + if (typeof rounds !== 'number') + throw Error( + 'Illegal arguments: ' + typeof rounds + ', ' + typeof seed_length + ) + if (rounds < 4) rounds = 4 + else if (rounds > 31) rounds = 31 + var salt = [] + salt.push('$2a$') + if (rounds < 10) salt.push('0') + salt.push(rounds.toString()) + salt.push('$') + salt.push(base64_encode(random(BCRYPT_SALT_LEN), BCRYPT_SALT_LEN)) // May throw + return salt.join('') +} + +/** + * Asynchronously generates a salt. + * @param {(number|function(Error, string=))=} rounds Number of rounds to use, defaults to 10 if omitted + * @param {(number|function(Error, string=))=} seed_length Not supported. + * @param {function(Error, string=)=} callback Callback receiving the error, if any, and the resulting salt + * @returns {!Promise} If `callback` has been omitted + * @throws {Error} If `callback` is present but not a function + * @expose + */ +bcrypt.genSalt = function (rounds, seed_length, callback) { + if (typeof seed_length === 'function') + (callback = seed_length), (seed_length = undefined) // Not supported. + if (typeof rounds === 'function') (callback = rounds), (rounds = undefined) + if (typeof rounds === 'undefined') rounds = GENSALT_DEFAULT_LOG2_ROUNDS + else if (typeof rounds !== 'number') + throw Error('illegal arguments: ' + typeof rounds) + + function _async(callback) { + nextTick(function () { + // Pretty thin, but salting is fast enough + try { + callback(null, bcrypt.genSaltSync(rounds)) + } catch (err) { + callback(err) + } + }) + } + + if (callback) { + if (typeof callback !== 'function') + throw Error('Illegal callback: ' + typeof callback) + _async(callback) + } else + return new Promise(function (resolve, reject) { + _async(function (err, res) { + if (err) { + reject(err) + return + } + resolve(res) + }) + }) +} + +/** + * Synchronously generates a hash for the given string. + * @param {string} s String to hash + * @param {(number|string)=} salt Salt length to generate or salt to use, default to 10 + * @returns {string} Resulting hash + * @expose + */ +bcrypt.hashSync = function (s, salt) { + if (typeof salt === 'undefined') salt = GENSALT_DEFAULT_LOG2_ROUNDS + if (typeof salt === 'number') salt = bcrypt.genSaltSync(salt) + if (typeof s !== 'string' || typeof salt !== 'string') + throw Error('Illegal arguments: ' + typeof s + ', ' + typeof salt) + return _hash(s, salt) +} + +/** + * Asynchronously generates a hash for the given string. + * @param {string} s String to hash + * @param {number|string} salt Salt length to generate or salt to use + * @param {function(Error, string=)=} callback Callback receiving the error, if any, and the resulting hash + * @param {function(number)=} progressCallback Callback successively called with the percentage of rounds completed + * (0.0 - 1.0), maximally once per `MAX_EXECUTION_TIME = 100` ms. + * @returns {!Promise} If `callback` has been omitted + * @throws {Error} If `callback` is present but not a function + * @expose + */ +bcrypt.hash = function (s, salt, callback, progressCallback) { + function _async(callback) { + if (typeof s === 'string' && typeof salt === 'number') + bcrypt.genSalt(salt, function (err, salt) { + _hash(s, salt, callback, progressCallback) + }) + else if (typeof s === 'string' && typeof salt === 'string') + _hash(s, salt, callback, progressCallback) + else + nextTick( + callback.bind( + this, + Error('Illegal arguments: ' + typeof s + ', ' + typeof salt) + ) + ) + } + + if (callback) { + if (typeof callback !== 'function') + throw Error('Illegal callback: ' + typeof callback) + _async(callback) + } else + return new Promise(function (resolve, reject) { + _async(function (err, res) { + if (err) { + reject(err) + return + } + resolve(res) + }) + }) +} + +/** + * Compares two strings of the same length in constant time. + * @param {string} known Must be of the correct length + * @param {string} unknown Must be the same length as `known` + * @returns {boolean} + * @inner + */ +function safeStringCompare(known, unknown) { + var right = 0, + wrong = 0 + for (var i = 0, k = known.length; i < k; ++i) { + if (known.charCodeAt(i) === unknown.charCodeAt(i)) ++right + else ++wrong + } + // Prevent removal of unused variables (never true, actually) + if (right < 0) return false + return wrong === 0 +} + +/** + * Synchronously tests a string against a hash. + * @param {string} s String to compare + * @param {string} hash Hash to test against + * @returns {boolean} true if matching, otherwise false + * @throws {Error} If an argument is illegal + * @expose + */ +bcrypt.compareSync = function (s, hash) { + if (typeof s !== 'string' || typeof hash !== 'string') + throw Error('Illegal arguments: ' + typeof s + ', ' + typeof hash) + if (hash.length !== 60) return false + return safeStringCompare( + bcrypt.hashSync(s, hash.substr(0, hash.length - 31)), + hash + ) +} + +/** + * Asynchronously compares the given data against the given hash. + * @param {string} s Data to compare + * @param {string} hash Data to be compared to + * @param {function(Error, boolean)=} callback Callback receiving the error, if any, otherwise the result + * @param {function(number)=} progressCallback Callback successively called with the percentage of rounds completed + * (0.0 - 1.0), maximally once per `MAX_EXECUTION_TIME = 100` ms. + * @returns {!Promise} If `callback` has been omitted + * @throws {Error} If `callback` is present but not a function + * @expose + */ +bcrypt.compare = function (s, hash, callback, progressCallback) { + function _async(callback) { + if (typeof s !== 'string' || typeof hash !== 'string') { + nextTick( + callback.bind( + this, + Error('Illegal arguments: ' + typeof s + ', ' + typeof hash) + ) + ) + return + } + if (hash.length !== 60) { + nextTick(callback.bind(this, null, false)) + return + } + bcrypt.hash( + s, + hash.substr(0, 29), + function (err, comp) { + if (err) callback(err) + else callback(null, safeStringCompare(comp, hash)) + }, + progressCallback + ) + } + + if (callback) { + if (typeof callback !== 'function') + throw Error('Illegal callback: ' + typeof callback) + _async(callback) + } else + return new Promise(function (resolve, reject) { + _async(function (err, res) { + if (err) { + reject(err) + return + } + resolve(res) + }) + }) +} + +/** + * Gets the number of rounds used to encrypt the specified hash. + * @param {string} hash Hash to extract the used number of rounds from + * @returns {number} Number of rounds used + * @throws {Error} If `hash` is not a string + * @expose + */ +bcrypt.getRounds = function (hash) { + if (typeof hash !== 'string') throw Error('Illegal arguments: ' + typeof hash) + return parseInt(hash.split('$')[2], 10) +} + +/** + * Gets the salt portion from a hash. Does not validate the hash. + * @param {string} hash Hash to extract the salt from + * @returns {string} Extracted salt part + * @throws {Error} If `hash` is not a string or otherwise invalid + * @expose + */ +bcrypt.getSalt = function (hash) { + if (typeof hash !== 'string') throw Error('Illegal arguments: ' + typeof hash) + if (hash.length !== 60) + throw Error('Illegal hash length: ' + hash.length + ' != 60') + return hash.substring(0, 29) +} + +/** + * Continues with the callback on the next tick. + * @function + * @param {function(...[*])} callback Callback to execute + * @inner + */ +var nextTick = + typeof process !== 'undefined' && + process && + typeof process.nextTick === 'function' + ? typeof setImmediate === 'function' + ? setImmediate + : process.nextTick + : setTimeout + +/** + * Converts a JavaScript string to UTF8 bytes. + * @param {string} str String + * @returns {!Array.} UTF8 bytes + * @inner + */ +function stringToBytes(str) { + var out = [], + i = 0 + utfx.encodeUTF16toUTF8( + function () { + if (i >= str.length) return null + return str.charCodeAt(i++) + }, + function (b) { + out.push(b) + } + ) + return out +} + +// A base64 implementation for the bcrypt algorithm. This is partly non-standard. + +/** + * bcrypt's own non-standard base64 dictionary. + * @type {!Array.} + * @const + * @inner + **/ +var BASE64_CODE = + './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'.split('') + +/** + * @type {!Array.} + * @const + * @inner + **/ +var BASE64_INDEX = [ + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 0, 1, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, + -1, -1, -1, -1, -1, -1, -1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, + 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, -1, -1, -1, -1, -1, -1, 28, + 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, + 48, 49, 50, 51, 52, 53, -1, -1, -1, -1, -1 +] + +/** + * @type {!function(...number):string} + * @inner + */ +var stringFromCharCode = String.fromCharCode + +/** + * Encodes a byte array to base64 with up to len bytes of input. + * @param {!Array.} b Byte array + * @param {number} len Maximum input length + * @returns {string} + * @inner + */ +function base64_encode(b, len) { + var off = 0, + rs = [], + c1, + c2 + if (len <= 0 || len > b.length) throw Error('Illegal len: ' + len) + while (off < len) { + c1 = b[off++] & 0xff + rs.push(BASE64_CODE[(c1 >> 2) & 0x3f]) + c1 = (c1 & 0x03) << 4 + if (off >= len) { + rs.push(BASE64_CODE[c1 & 0x3f]) + break + } + c2 = b[off++] & 0xff + c1 |= (c2 >> 4) & 0x0f + rs.push(BASE64_CODE[c1 & 0x3f]) + c1 = (c2 & 0x0f) << 2 + if (off >= len) { + rs.push(BASE64_CODE[c1 & 0x3f]) + break + } + c2 = b[off++] & 0xff + c1 |= (c2 >> 6) & 0x03 + rs.push(BASE64_CODE[c1 & 0x3f]) + rs.push(BASE64_CODE[c2 & 0x3f]) + } + return rs.join('') +} + +/** + * Decodes a base64 encoded string to up to len bytes of output. + * @param {string} s String to decode + * @param {number} len Maximum output length + * @returns {!Array.} + * @inner + */ +function base64_decode(s, len) { + var off = 0, + slen = s.length, + olen = 0, + rs = [], + c1, + c2, + c3, + c4, + o, + code + if (len <= 0) throw Error('Illegal len: ' + len) + while (off < slen - 1 && olen < len) { + code = s.charCodeAt(off++) + c1 = code < BASE64_INDEX.length ? BASE64_INDEX[code] : -1 + code = s.charCodeAt(off++) + c2 = code < BASE64_INDEX.length ? BASE64_INDEX[code] : -1 + if (c1 == -1 || c2 == -1) break + o = (c1 << 2) >>> 0 + o |= (c2 & 0x30) >> 4 + rs.push(stringFromCharCode(o)) + if (++olen >= len || off >= slen) break + code = s.charCodeAt(off++) + c3 = code < BASE64_INDEX.length ? BASE64_INDEX[code] : -1 + if (c3 == -1) break + o = ((c2 & 0x0f) << 4) >>> 0 + o |= (c3 & 0x3c) >> 2 + rs.push(stringFromCharCode(o)) + if (++olen >= len || off >= slen) break + code = s.charCodeAt(off++) + c4 = code < BASE64_INDEX.length ? BASE64_INDEX[code] : -1 + o = ((c3 & 0x03) << 6) >>> 0 + o |= c4 + rs.push(stringFromCharCode(o)) + ++olen + } + var res = [] + for (off = 0; off < olen; off++) res.push(rs[off].charCodeAt(0)) + return res +} + +/** + * utfx-embeddable (c) 2014 Daniel Wirtz + * Released under the Apache License, Version 2.0 + * see: https://github.com/dcodeIO/utfx for details + */ +var utfx = (function () { + 'use strict' + + /** + * utfx namespace. + * @inner + * @type {!Object.} + */ + var utfx = {} + + /** + * Maximum valid code point. + * @type {number} + * @const + */ + utfx.MAX_CODEPOINT = 0x10ffff + + /** + * Encodes UTF8 code points to UTF8 bytes. + * @param {(!function():number|null) | number} src Code points source, either as a function returning the next code point + * respectively `null` if there are no more code points left or a single numeric code point. + * @param {!function(number)} dst Bytes destination as a function successively called with the next byte + */ + utfx.encodeUTF8 = function (src, dst) { + var cp = null + if (typeof src === 'number') + (cp = src), + (src = function () { + return null + }) + while (cp !== null || (cp = src()) !== null) { + if (cp < 0x80) dst(cp & 0x7f) + else if (cp < 0x800) + dst(((cp >> 6) & 0x1f) | 0xc0), dst((cp & 0x3f) | 0x80) + else if (cp < 0x10000) + dst(((cp >> 12) & 0x0f) | 0xe0), + dst(((cp >> 6) & 0x3f) | 0x80), + dst((cp & 0x3f) | 0x80) + else + dst(((cp >> 18) & 0x07) | 0xf0), + dst(((cp >> 12) & 0x3f) | 0x80), + dst(((cp >> 6) & 0x3f) | 0x80), + dst((cp & 0x3f) | 0x80) + cp = null + } + } + + /** + * Decodes UTF8 bytes to UTF8 code points. + * @param {!function():number|null} src Bytes source as a function returning the next byte respectively `null` if there + * are no more bytes left. + * @param {!function(number)} dst Code points destination as a function successively called with each decoded code point. + * @throws {RangeError} If a starting byte is invalid in UTF8 + * @throws {Error} If the last sequence is truncated. Has an array property `bytes` holding the + * remaining bytes. + */ + utfx.decodeUTF8 = function (src, dst) { + var a, + b, + c, + d, + fail = function (b) { + b = b.slice(0, b.indexOf(null)) + var err = Error(b.toString()) + err.name = 'TruncatedError' + err['bytes'] = b + throw err + } + while ((a = src()) !== null) { + if ((a & 0x80) === 0) dst(a) + else if ((a & 0xe0) === 0xc0) + (b = src()) === null && fail([a, b]), + dst(((a & 0x1f) << 6) | (b & 0x3f)) + else if ((a & 0xf0) === 0xe0) + ((b = src()) === null || (c = src()) === null) && fail([a, b, c]), + dst(((a & 0x0f) << 12) | ((b & 0x3f) << 6) | (c & 0x3f)) + else if ((a & 0xf8) === 0xf0) + ((b = src()) === null || + (c = src()) === null || + (d = src()) === null) && + fail([a, b, c, d]), + dst( + ((a & 0x07) << 18) | + ((b & 0x3f) << 12) | + ((c & 0x3f) << 6) | + (d & 0x3f) + ) + else throw RangeError('Illegal starting byte: ' + a) + } + } + + /** + * Converts UTF16 characters to UTF8 code points. + * @param {!function():number|null} src Characters source as a function returning the next char code respectively + * `null` if there are no more characters left. + * @param {!function(number)} dst Code points destination as a function successively called with each converted code + * point. + */ + utfx.UTF16toUTF8 = function (src, dst) { + var c1, + c2 = null + while (true) { + if ((c1 = c2 !== null ? c2 : src()) === null) break + if (c1 >= 0xd800 && c1 <= 0xdfff) { + if ((c2 = src()) !== null) { + if (c2 >= 0xdc00 && c2 <= 0xdfff) { + dst((c1 - 0xd800) * 0x400 + c2 - 0xdc00 + 0x10000) + c2 = null + continue + } + } + } + dst(c1) + } + if (c2 !== null) dst(c2) + } + + /** + * Converts UTF8 code points to UTF16 characters. + * @param {(!function():number|null) | number} src Code points source, either as a function returning the next code point + * respectively `null` if there are no more code points left or a single numeric code point. + * @param {!function(number)} dst Characters destination as a function successively called with each converted char code. + * @throws {RangeError} If a code point is out of range + */ + utfx.UTF8toUTF16 = function (src, dst) { + var cp = null + if (typeof src === 'number') + (cp = src), + (src = function () { + return null + }) + while (cp !== null || (cp = src()) !== null) { + if (cp <= 0xffff) dst(cp) + else (cp -= 0x10000), dst((cp >> 10) + 0xd800), dst((cp % 0x400) + 0xdc00) + cp = null + } + } + + /** + * Converts and encodes UTF16 characters to UTF8 bytes. + * @param {!function():number|null} src Characters source as a function returning the next char code respectively `null` + * if there are no more characters left. + * @param {!function(number)} dst Bytes destination as a function successively called with the next byte. + */ + utfx.encodeUTF16toUTF8 = function (src, dst) { + utfx.UTF16toUTF8(src, function (cp) { + utfx.encodeUTF8(cp, dst) + }) + } + + /** + * Decodes and converts UTF8 bytes to UTF16 characters. + * @param {!function():number|null} src Bytes source as a function returning the next byte respectively `null` if there + * are no more bytes left. + * @param {!function(number)} dst Characters destination as a function successively called with each converted char code. + * @throws {RangeError} If a starting byte is invalid in UTF8 + * @throws {Error} If the last sequence is truncated. Has an array property `bytes` holding the remaining bytes. + */ + utfx.decodeUTF8toUTF16 = function (src, dst) { + utfx.decodeUTF8(src, function (cp) { + utfx.UTF8toUTF16(cp, dst) + }) + } + + /** + * Calculates the byte length of an UTF8 code point. + * @param {number} cp UTF8 code point + * @returns {number} Byte length + */ + utfx.calculateCodePoint = function (cp) { + return cp < 0x80 ? 1 : cp < 0x800 ? 2 : cp < 0x10000 ? 3 : 4 + } + + /** + * Calculates the number of UTF8 bytes required to store UTF8 code points. + * @param {(!function():number|null)} src Code points source as a function returning the next code point respectively + * `null` if there are no more code points left. + * @returns {number} The number of UTF8 bytes required + */ + utfx.calculateUTF8 = function (src) { + var cp, + l = 0 + while ((cp = src()) !== null) l += utfx.calculateCodePoint(cp) + return l + } + + /** + * Calculates the number of UTF8 code points respectively UTF8 bytes required to store UTF16 char codes. + * @param {(!function():number|null)} src Characters source as a function returning the next char code respectively + * `null` if there are no more characters left. + * @returns {!Array.} The number of UTF8 code points at index 0 and the number of UTF8 bytes required at index 1. + */ + utfx.calculateUTF16asUTF8 = function (src) { + var n = 0, + l = 0 + utfx.UTF16toUTF8(src, function (cp) { + ++n + l += utfx.calculateCodePoint(cp) + }) + return [n, l] + } + + return utfx +})() + +Date.now = + Date.now || + function () { + return +new Date() + } + +/** + * @type {number} + * @const + * @inner + */ +var BCRYPT_SALT_LEN = 16 + +/** + * @type {number} + * @const + * @inner + */ +var GENSALT_DEFAULT_LOG2_ROUNDS = 10 + +/** + * @type {number} + * @const + * @inner + */ +var BLOWFISH_NUM_ROUNDS = 16 + +/** + * @type {number} + * @const + * @inner + */ +var MAX_EXECUTION_TIME = 100 + +/** + * @type {Array.} + * @const + * @inner + */ +var P_ORIG = [ + 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0, + 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, + 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b +] + +/** + * @type {Array.} + * @const + * @inner + */ +var S_ORIG = [ + 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96, + 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, + 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658, + 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, + 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e, + 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, + 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6, + 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, + 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c, + 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, + 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1, + 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, + 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a, + 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, + 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176, + 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, + 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706, + 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, + 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b, + 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, + 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c, + 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, + 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a, + 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, + 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760, + 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, + 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8, + 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, + 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33, + 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, + 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0, + 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, + 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777, + 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, + 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705, + 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, + 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e, + 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, + 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9, + 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, + 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f, + 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, + 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a, 0x4b7a70e9, 0xb5b32944, + 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266, + 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, 0x193602a5, 0x75094c29, + 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6, + 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, 0x4cdd2086, 0x8470eb26, + 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1, + 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, 0x3e07841c, 0x7fdeae5c, + 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff, + 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, 0xd19113f9, 0x7ca92ff6, + 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7, + 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, 0xe238cd99, 0x3bea0e2f, + 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf, + 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, 0xde9a771f, 0xd9930810, + 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87, + 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, 0xec7aec3a, 0xdb851dfa, + 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16, + 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, 0x71dff89e, 0x10314e55, + 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509, + 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, 0x86e34570, 0xeae96fb1, + 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f, + 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, 0xc6150eba, 0x94e2ea78, + 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960, + 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, 0xe3bc4595, 0xa67bc883, + 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802, + 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, 0x1521b628, 0x29076170, + 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf, + 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, 0xeecc86bc, 0x60622ca7, + 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50, + 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, 0x9b540b19, 0x875fa099, + 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281, + 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, 0x57f584a5, 0x1b227263, + 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128, + 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, 0x5d4a14d9, 0xe864b7e3, + 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0, + 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, 0xd81e799e, 0x86854dc7, + 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3, + 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, 0x095bbf00, 0xad19489d, + 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061, + 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, 0x7cde3759, 0xcbee7460, + 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735, + 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, 0x9e447a2e, 0xc3453484, + 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340, + 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, 0x153e21e7, 0x8fb03d4a, + 0xe6e39f2b, 0xdb83adf7, 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, + 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, + 0x43b7d4b7, 0x500061af, 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, + 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, + 0x7fac6dd0, 0x31cb8504, 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, + 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, + 0x680ec0a4, 0x27a18dee, 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, + 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, + 0xee39d7ab, 0x3b124e8b, 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, + 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, + 0x454056ac, 0xba489527, 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, + 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, + 0x5ef47e1c, 0x9029317c, 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, + 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, + 0x404779a4, 0x5d886e17, 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, + 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, + 0xaf664fd1, 0xcad18115, 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, + 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, + 0x647d0862, 0xe7ccf5f0, 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, + 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, + 0x991be14c, 0xdb6e6b0d, 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, + 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, + 0xa091cf0b, 0xd9155ea3, 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, + 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, + 0x12754ccc, 0x782ef11c, 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, + 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, + 0xd90cec6e, 0xd5abea2a, 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, + 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, + 0x7745ae04, 0xd736fccc, 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, + 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, + 0xf474ef38, 0x8789bdc2, 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, + 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, + 0x8cd55591, 0xc902de4c, 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, + 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, + 0x4a99a025, 0x1d6efe10, 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, + 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, + 0xa002b5c4, 0x0de6d027, 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, + 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, + 0x53c2dd94, 0xc2c21634, 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, + 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, + 0x1ac15bb4, 0xd39eb8fc, 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, + 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, + 0x362abfce, 0xddc6c837, 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0, + 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742, + 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, + 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79, + 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, + 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a, + 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, + 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1, + 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, + 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797, + 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, + 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6, + 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, + 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba, + 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, + 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5, + 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, + 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce, + 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, + 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd, + 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, + 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb, + 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, + 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc, + 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, + 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc, + 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, + 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a, + 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, + 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a, + 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, + 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b, + 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, + 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e, + 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, + 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623, + 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, + 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a, + 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, + 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3, + 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, + 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c, + 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, + 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6 +] + +/** + * @type {Array.} + * @const + * @inner + */ +var C_ORIG = [ + 0x4f727068, 0x65616e42, 0x65686f6c, 0x64657253, 0x63727944, 0x6f756274 +] + +/** + * @param {Array.} lr + * @param {number} off + * @param {Array.} P + * @param {Array.} S + * @returns {Array.} + * @inner + */ +function _encipher(lr, off, P, S) { + // This is our bottleneck: 1714/1905 ticks / 90% - see profile.txt + var n, + l = lr[off], + r = lr[off + 1] + + l ^= P[0] + + /* + for (var i=0, k=BLOWFISH_NUM_ROUNDS-2; i<=k;) + // Feistel substitution on left word + n = S[l >>> 24], + n += S[0x100 | ((l >> 16) & 0xff)], + n ^= S[0x200 | ((l >> 8) & 0xff)], + n += S[0x300 | (l & 0xff)], + r ^= n ^ P[++i], + // Feistel substitution on right word + n = S[r >>> 24], + n += S[0x100 | ((r >> 16) & 0xff)], + n ^= S[0x200 | ((r >> 8) & 0xff)], + n += S[0x300 | (r & 0xff)], + l ^= n ^ P[++i]; + */ + + //The following is an unrolled version of the above loop. + //Iteration 0 + n = S[l >>> 24] + n += S[0x100 | ((l >> 16) & 0xff)] + n ^= S[0x200 | ((l >> 8) & 0xff)] + n += S[0x300 | (l & 0xff)] + r ^= n ^ P[1] + n = S[r >>> 24] + n += S[0x100 | ((r >> 16) & 0xff)] + n ^= S[0x200 | ((r >> 8) & 0xff)] + n += S[0x300 | (r & 0xff)] + l ^= n ^ P[2] + //Iteration 1 + n = S[l >>> 24] + n += S[0x100 | ((l >> 16) & 0xff)] + n ^= S[0x200 | ((l >> 8) & 0xff)] + n += S[0x300 | (l & 0xff)] + r ^= n ^ P[3] + n = S[r >>> 24] + n += S[0x100 | ((r >> 16) & 0xff)] + n ^= S[0x200 | ((r >> 8) & 0xff)] + n += S[0x300 | (r & 0xff)] + l ^= n ^ P[4] + //Iteration 2 + n = S[l >>> 24] + n += S[0x100 | ((l >> 16) & 0xff)] + n ^= S[0x200 | ((l >> 8) & 0xff)] + n += S[0x300 | (l & 0xff)] + r ^= n ^ P[5] + n = S[r >>> 24] + n += S[0x100 | ((r >> 16) & 0xff)] + n ^= S[0x200 | ((r >> 8) & 0xff)] + n += S[0x300 | (r & 0xff)] + l ^= n ^ P[6] + //Iteration 3 + n = S[l >>> 24] + n += S[0x100 | ((l >> 16) & 0xff)] + n ^= S[0x200 | ((l >> 8) & 0xff)] + n += S[0x300 | (l & 0xff)] + r ^= n ^ P[7] + n = S[r >>> 24] + n += S[0x100 | ((r >> 16) & 0xff)] + n ^= S[0x200 | ((r >> 8) & 0xff)] + n += S[0x300 | (r & 0xff)] + l ^= n ^ P[8] + //Iteration 4 + n = S[l >>> 24] + n += S[0x100 | ((l >> 16) & 0xff)] + n ^= S[0x200 | ((l >> 8) & 0xff)] + n += S[0x300 | (l & 0xff)] + r ^= n ^ P[9] + n = S[r >>> 24] + n += S[0x100 | ((r >> 16) & 0xff)] + n ^= S[0x200 | ((r >> 8) & 0xff)] + n += S[0x300 | (r & 0xff)] + l ^= n ^ P[10] + //Iteration 5 + n = S[l >>> 24] + n += S[0x100 | ((l >> 16) & 0xff)] + n ^= S[0x200 | ((l >> 8) & 0xff)] + n += S[0x300 | (l & 0xff)] + r ^= n ^ P[11] + n = S[r >>> 24] + n += S[0x100 | ((r >> 16) & 0xff)] + n ^= S[0x200 | ((r >> 8) & 0xff)] + n += S[0x300 | (r & 0xff)] + l ^= n ^ P[12] + //Iteration 6 + n = S[l >>> 24] + n += S[0x100 | ((l >> 16) & 0xff)] + n ^= S[0x200 | ((l >> 8) & 0xff)] + n += S[0x300 | (l & 0xff)] + r ^= n ^ P[13] + n = S[r >>> 24] + n += S[0x100 | ((r >> 16) & 0xff)] + n ^= S[0x200 | ((r >> 8) & 0xff)] + n += S[0x300 | (r & 0xff)] + l ^= n ^ P[14] + //Iteration 7 + n = S[l >>> 24] + n += S[0x100 | ((l >> 16) & 0xff)] + n ^= S[0x200 | ((l >> 8) & 0xff)] + n += S[0x300 | (l & 0xff)] + r ^= n ^ P[15] + n = S[r >>> 24] + n += S[0x100 | ((r >> 16) & 0xff)] + n ^= S[0x200 | ((r >> 8) & 0xff)] + n += S[0x300 | (r & 0xff)] + l ^= n ^ P[16] + + lr[off] = r ^ P[BLOWFISH_NUM_ROUNDS + 1] + lr[off + 1] = l + return lr +} + +/** + * @param {Array.} data + * @param {number} offp + * @returns {{key: number, offp: number}} + * @inner + */ +function _streamtoword(data, offp) { + for (var i = 0, word = 0; i < 4; ++i) + (word = (word << 8) | (data[offp] & 0xff)), + (offp = (offp + 1) % data.length) + return {key: word, offp: offp} +} + +/** + * @param {Array.} key + * @param {Array.} P + * @param {Array.} S + * @inner + */ +function _key(key, P, S) { + var offset = 0, + lr = [0, 0], + plen = P.length, + slen = S.length, + sw + for (var i = 0; i < plen; i++) + (sw = _streamtoword(key, offset)), + (offset = sw.offp), + (P[i] = P[i] ^ sw.key) + for (i = 0; i < plen; i += 2) + (lr = _encipher(lr, 0, P, S)), (P[i] = lr[0]), (P[i + 1] = lr[1]) + for (i = 0; i < slen; i += 2) + (lr = _encipher(lr, 0, P, S)), (S[i] = lr[0]), (S[i + 1] = lr[1]) +} + +/** + * Expensive key schedule Blowfish. + * @param {Array.} data + * @param {Array.} key + * @param {Array.} P + * @param {Array.} S + * @inner + */ +function _ekskey(data, key, P, S) { + var offp = 0, + lr = [0, 0], + plen = P.length, + slen = S.length, + sw + for (var i = 0; i < plen; i++) + (sw = _streamtoword(key, offp)), (offp = sw.offp), (P[i] = P[i] ^ sw.key) + offp = 0 + for (i = 0; i < plen; i += 2) + (sw = _streamtoword(data, offp)), + (offp = sw.offp), + (lr[0] ^= sw.key), + (sw = _streamtoword(data, offp)), + (offp = sw.offp), + (lr[1] ^= sw.key), + (lr = _encipher(lr, 0, P, S)), + (P[i] = lr[0]), + (P[i + 1] = lr[1]) + for (i = 0; i < slen; i += 2) + (sw = _streamtoword(data, offp)), + (offp = sw.offp), + (lr[0] ^= sw.key), + (sw = _streamtoword(data, offp)), + (offp = sw.offp), + (lr[1] ^= sw.key), + (lr = _encipher(lr, 0, P, S)), + (S[i] = lr[0]), + (S[i + 1] = lr[1]) +} + +/** + * Internaly crypts a string. + * @param {Array.} b Bytes to crypt + * @param {Array.} salt Salt bytes to use + * @param {number} rounds Number of rounds + * @param {function(Error, Array.=)=} callback Callback receiving the error, if any, and the resulting bytes. If + * omitted, the operation will be performed synchronously. + * @param {function(number)=} progressCallback Callback called with the current progress + * @returns {!Array.|undefined} Resulting bytes if callback has been omitted, otherwise `undefined` + * @inner + */ +function _crypt(b, salt, rounds, callback, progressCallback) { + var cdata = C_ORIG.slice(), + clen = cdata.length, + err + + // Validate + if (rounds < 4 || rounds > 31) { + err = Error('Illegal number of rounds (4-31): ' + rounds) + if (callback) { + nextTick(callback.bind(this, err)) + return + } else throw err + } + if (salt.length !== BCRYPT_SALT_LEN) { + err = Error( + 'Illegal salt length: ' + salt.length + ' != ' + BCRYPT_SALT_LEN + ) + if (callback) { + nextTick(callback.bind(this, err)) + return + } else throw err + } + rounds = (1 << rounds) >>> 0 + + var P, + S, + i = 0, + j + + //Use typed arrays when available - huge speedup! + if (Int32Array) { + P = new Int32Array(P_ORIG) + S = new Int32Array(S_ORIG) + } else { + P = P_ORIG.slice() + S = S_ORIG.slice() + } + + _ekskey(salt, b, P, S) + + /** + * Calcualtes the next round. + * @returns {Array.|undefined} Resulting array if callback has been omitted, otherwise `undefined` + * @inner + */ + function next() { + if (progressCallback) progressCallback(i / rounds) + if (i < rounds) { + var start = Date.now() + for (; i < rounds; ) { + i = i + 1 + _key(b, P, S) + _key(salt, P, S) + if (Date.now() - start > MAX_EXECUTION_TIME) break + } + } else { + for (i = 0; i < 64; i++) + for (j = 0; j < clen >> 1; j++) _encipher(cdata, j << 1, P, S) + var ret = [] + for (i = 0; i < clen; i++) + ret.push(((cdata[i] >> 24) & 0xff) >>> 0), + ret.push(((cdata[i] >> 16) & 0xff) >>> 0), + ret.push(((cdata[i] >> 8) & 0xff) >>> 0), + ret.push((cdata[i] & 0xff) >>> 0) + if (callback) { + callback(null, ret) + return + } else return ret + } + if (callback) nextTick(next) + } + + // Async + if (typeof callback !== 'undefined') { + next() + + // Sync + } else { + var res + while (true) if (typeof (res = next()) !== 'undefined') return res || [] + } +} + +/** + * Internally hashes a string. + * @param {string} s String to hash + * @param {?string} salt Salt to use, actually never null + * @param {function(Error, string=)=} callback Callback receiving the error, if any, and the resulting hash. If omitted, + * hashing is perormed synchronously. + * @param {function(number)=} progressCallback Callback called with the current progress + * @returns {string|undefined} Resulting hash if callback has been omitted, otherwise `undefined` + * @inner + */ +function _hash(s, salt, callback, progressCallback) { + var err + if (typeof s !== 'string' || typeof salt !== 'string') { + err = Error('Invalid string / salt: Not a string') + if (callback) { + nextTick(callback.bind(this, err)) + return + } else throw err + } + + // Validate the salt + var minor, offset + if (salt.charAt(0) !== '$' || salt.charAt(1) !== '2') { + err = Error('Invalid salt version: ' + salt.substring(0, 2)) + if (callback) { + nextTick(callback.bind(this, err)) + return + } else throw err + } + if (salt.charAt(2) === '$') (minor = String.fromCharCode(0)), (offset = 3) + else { + minor = salt.charAt(2) + if ( + (minor !== 'a' && minor !== 'b' && minor !== 'y') || + salt.charAt(3) !== '$' + ) { + err = Error('Invalid salt revision: ' + salt.substring(2, 4)) + if (callback) { + nextTick(callback.bind(this, err)) + return + } else throw err + } + offset = 4 + } + + // Extract number of rounds + if (salt.charAt(offset + 2) > '$') { + err = Error('Missing salt rounds') + if (callback) { + nextTick(callback.bind(this, err)) + return + } else throw err + } + var r1 = parseInt(salt.substring(offset, offset + 1), 10) * 10, + r2 = parseInt(salt.substring(offset + 1, offset + 2), 10), + rounds = r1 + r2, + real_salt = salt.substring(offset + 3, offset + 25) + s += minor >= 'a' ? '\x00' : '' + + var passwordb = stringToBytes(s), + saltb = base64_decode(real_salt, BCRYPT_SALT_LEN) + + /** + * Finishes hashing. + * @param {Array.} bytes Byte array + * @returns {string} + * @inner + */ + function finish(bytes) { + var res = [] + res.push('$2') + if (minor >= 'a') res.push(minor) + res.push('$') + if (rounds < 10) res.push('0') + res.push(rounds.toString()) + res.push('$') + res.push(base64_encode(saltb, saltb.length)) + res.push(base64_encode(bytes, C_ORIG.length * 4 - 1)) + return res.join('') + } + + // Sync + if (typeof callback == 'undefined') + return finish(_crypt(passwordb, saltb, rounds)) + // Async + else { + _crypt( + passwordb, + saltb, + rounds, + function (err, bytes) { + if (err) callback(err, null) + else callback(null, finish(bytes)) + }, + progressCallback + ) + } +} + +/** + * Encodes a byte array to base64 with up to len bytes of input, using the custom bcrypt alphabet. + * @function + * @param {!Array.} b Byte array + * @param {number} len Maximum input length + * @returns {string} + * @expose + */ +bcrypt.encodeBase64 = base64_encode + +/** + * Decodes a base64 encoded string to up to len bytes of output, using the custom bcrypt alphabet. + * @function + * @param {string} s String to decode + * @param {number} len Maximum output length + * @returns {!Array.} + * @expose + */ +bcrypt.decodeBase64 = base64_decode + +module.exports = bcrypt diff --git a/packages/crypto/buffers.ts b/packages/crypto/buffers.ts new file mode 100644 index 0000000..c7f317c --- /dev/null +++ b/packages/crypto/buffers.ts @@ -0,0 +1,263 @@ +/** Get buffer from string */ +export function bufferFromString(string: string) { + const buffer = new ArrayBuffer(string.length) + const bufferView = new Uint8Array(buffer) + + for (let i = 0; i < string.length; i++) { + bufferView[i] = string.charCodeAt(i) + } + + return buffer +} + +/** Get string from buffer */ +export function stringFromBuffer(buffer: ArrayBuffer) { + const bufferView = new Uint8Array(buffer) + let string = '' + + for (let i = 0; i < bufferView.byteLength; i++) { + string += String.fromCharCode(bufferView[i]) + } + + return string +} + +/* eslint-disable max-depth, sonarjs/cognitive-complexity, @typescript-eslint/no-magic-numbers */ +/** + * Get buffer from unicode string + * + * NOTE: based on `buffer` realization + * https://github.com/feross/buffer/blob/795bbb5bda1b39f1370ebd784bea6107b087e3a7/index.js#L1956-L2034 + */ +export function bufferFromUnicode(string: string) { + const bytes = [] + let codePoint + let units = Infinity + let leadSurrogate = null + + for (let i = 0; i < string.length; ++i) { + codePoint = string.charCodeAt(i) + + // is surrogate component + if (codePoint > 0xd7ff && codePoint < 0xe000) { + // last char was a lead + if (!leadSurrogate) { + // no lead yet + if (codePoint > 0xdbff || i + 1 === string.length) { + // unexpected trail + if ((units -= 3) > -1) bytes.push(0xef, 0xbf, 0xbd) + continue + } + + // valid lead + leadSurrogate = codePoint + + continue + } + + // 2 leads in a row + if (codePoint < 0xdc00) { + if ((units -= 3) > -1) bytes.push(0xef, 0xbf, 0xbd) + leadSurrogate = codePoint + continue + } + + // valid surrogate pair + codePoint = + (((leadSurrogate - 0xd800) << 10) | (codePoint - 0xdc00)) + 0x10000 + // eslint-disable-next-line sonarjs/no-collapsible-if + } else if (leadSurrogate) { + // valid bmp char, but last char was a lead + if ((units -= 3) > -1) bytes.push(0xef, 0xbf, 0xbd) + } + + leadSurrogate = null + + // encode utf8 + if (codePoint < 0x80) { + if ((units -= 1) < 0) break + bytes.push(codePoint) + } else if (codePoint < 0x800) { + if ((units -= 2) < 0) break + bytes.push((codePoint >> 0x6) | 0xc0, (codePoint & 0x3f) | 0x80) + } else if (codePoint < 0x10000) { + if ((units -= 3) < 0) break + bytes.push( + (codePoint >> 0xc) | 0xe0, + ((codePoint >> 0x6) & 0x3f) | 0x80, + (codePoint & 0x3f) | 0x80 + ) + } else if (codePoint < 0x110000) { + if ((units -= 4) < 0) break + bytes.push( + (codePoint >> 0x12) | 0xf0, + ((codePoint >> 0xc) & 0x3f) | 0x80, + ((codePoint >> 0x6) & 0x3f) | 0x80, + (codePoint & 0x3f) | 0x80 + ) + } else { + throw new Error('Invalid code point') + } + } + + const buffer = new ArrayBuffer(bytes.length) + const bufferView = new Uint8Array(buffer) + + for (let i = 0; i < bytes.length; ++i) { + if (i >= bufferView.length || i >= bytes.length) { + break + } + + bufferView[i] = bytes[i] + } + + return buffer +} + +// NOTE: based on http://stackoverflow.com/a/22747272/680742, the browser with +// the lowest limit is Chrome, with 0x10000 args. +// We go 1 magnitude less, for safety +const MAX_ARGUMENTS_LENGTH = 0x1000 + +/** + * Get unicode string from buffer + * + * NOTE: based on `buffer` realization + * https://github.com/feross/buffer/blob/795bbb5bda1b39f1370ebd784bea6107b087e3a7/index.js#L954-L1028 + */ +export function unicodeFromBuffer(buffer: ArrayBuffer) { + const bufferView = new Uint8Array(buffer) + const codePoints = [] + let i = 0 + + while (i < bufferView.length) { + const firstByte = bufferView[i] + let codePoint = null + let bytesPerSequence = + // eslint-disable-next-line no-nested-ternary + firstByte > 0xef ? 4 : firstByte > 0xdf ? 3 : firstByte > 0xbf ? 2 : 1 + + if (i + bytesPerSequence <= bufferView.length) { + let secondByte, thirdByte, fourthByte, tempCodePoint + + switch (bytesPerSequence) { + case 1: + if (firstByte < 0x80) { + codePoint = firstByte + } + + break + case 2: + secondByte = bufferView[i + 1] + + if ((secondByte & 0xc0) === 0x80) { + tempCodePoint = ((firstByte & 0x1f) << 0x6) | (secondByte & 0x3f) + + if (tempCodePoint > 0x7f) { + codePoint = tempCodePoint + } + } + + break + case 3: + secondByte = bufferView[i + 1] + thirdByte = bufferView[i + 2] + + if ((secondByte & 0xc0) === 0x80 && (thirdByte & 0xc0) === 0x80) { + tempCodePoint = + ((firstByte & 0xf) << 0xc) | + ((secondByte & 0x3f) << 0x6) | + (thirdByte & 0x3f) + + if ( + tempCodePoint > 0x7ff && + (tempCodePoint < 0xd800 || tempCodePoint > 0xdfff) + ) { + codePoint = tempCodePoint + } + } + + break + + case 4: + secondByte = bufferView[i + 1] + thirdByte = bufferView[i + 2] + fourthByte = bufferView[i + 3] + + if ( + (secondByte & 0xc0) === 0x80 && + (thirdByte & 0xc0) === 0x80 && + (fourthByte & 0xc0) === 0x80 + ) { + tempCodePoint = + ((firstByte & 0xf) << 0x12) | + ((secondByte & 0x3f) << 0xc) | + ((thirdByte & 0x3f) << 0x6) | + (fourthByte & 0x3f) + + if (tempCodePoint > 0xffff && tempCodePoint < 0x110000) { + codePoint = tempCodePoint + } + } + } + } + + if (codePoint === null) { + // we did not generate a valid codePoint so insert a + // replacement char (U+FFFD) and advance only 1 byte + codePoint = 0xfffd + bytesPerSequence = 1 + } else if (codePoint > 0xffff) { + // encode to utf16 (surrogate pair dance) + codePoint -= 0x10000 + codePoints.push(((codePoint >>> 10) & 0x3ff) | 0xd800) + codePoint = 0xdc00 | (codePoint & 0x3ff) + } + + codePoints.push(codePoint) + i += bytesPerSequence + } + + if (codePoints.length <= MAX_ARGUMENTS_LENGTH) { + return String.fromCharCode(...codePoints) // avoid extra slice() + } + + // Decode in chunks to avoid "call stack size exceeded". + let string = '' + let j = 0 + + while (j < codePoints.length) { + string += String.fromCharCode( + ...codePoints.slice(j, (j += MAX_ARGUMENTS_LENGTH)) + ) + } + + return string +} +/* eslint-enable max-depth, sonarjs/cognitive-complexity, @typescript-eslint/no-magic-numbers */ + +/** Get base64url from string */ +export function base64urlFromString(string: string) { + return window + .btoa(string) + .replace(/=/g, '') + .replace(/\+/g, '-') + .replace(/\//g, '_') +} + +/** Get string from base64url */ +export function stringFromBase64Url(string: string) { + return window.atob( + string.replace(/-/g, '+').replace(/_/g, '/').replace(/\n/g, '') + ) +} + +/** Concatenate buffers */ +export function concatBuffers(buffer1: ArrayBuffer, buffer2: ArrayBuffer) { + const result = new Uint8Array(buffer1.byteLength + buffer2.byteLength) + + result.set(new Uint8Array(buffer1), 0) + result.set(new Uint8Array(buffer2), buffer1.byteLength) + + return result.buffer +} diff --git a/packages/crypto/crypto.ts b/packages/crypto/crypto.ts new file mode 100644 index 0000000..89f541b --- /dev/null +++ b/packages/crypto/crypto.ts @@ -0,0 +1,25 @@ +const crypto = + typeof window !== 'undefined' + ? window.crypto || window.msCrypto + : (null as unknown as Crypto) + +export const subtle = crypto?.subtle || crypto?.webkitSubtle + +export function isSupported() { + return !!crypto +} + +type TypedArray = + | Int8Array + | Uint8Array + | Uint8ClampedArray + | Int16Array + | Uint16Array + | Int32Array + | Uint32Array + | Float32Array + | Float64Array + +export function getRandomValues(typedArray: T): T { + return crypto.getRandomValues(typedArray) +} diff --git a/packages/crypto/ecdsa256.ts b/packages/crypto/ecdsa256.ts new file mode 100644 index 0000000..073826e --- /dev/null +++ b/packages/crypto/ecdsa256.ts @@ -0,0 +1,113 @@ +import {getRandomValues, subtle} from './crypto' +import { + bufferFromString, + stringFromBuffer, + base64urlFromString, + stringFromBase64Url, + concatBuffers +} from './buffers' + +/** ECDSA256 attestation */ +export interface ECDSA256Attestation { + id: string + response: { + signature: string + authenticatorDataBytes: string + clientDataJson: string + } +} + +/** Get ECDSA256 attestation */ +export async function getECDSA256Attestation( + challenge: string, + identifier: string, + key: string +): Promise { + // eslint-disable-next-line @typescript-eslint/no-magic-numbers + const authenticatorData = new Uint8Array(10) + + getRandomValues(authenticatorData) + + const clientData = { + type: 'webauthn.get', + origin: window.location.origin, + challenge + } + + const clientDataBytes = bufferFromString(JSON.stringify(clientData)) + const clientDataBytesHash = await subtle.digest('SHA-256', clientDataBytes) + const signatureData = concatBuffers( + new Uint8Array(authenticatorData), + new Uint8Array(clientDataBytesHash) + ) + + const privateKeyPortable = bufferFromString(stringFromBase64Url(key)) + const privateKey = await subtle.importKey( + 'pkcs8', + privateKeyPortable, + { + name: 'ECDSA', + namedCurve: 'P-256' + }, + true, + ['sign'] + ) + const signature = await subtle.sign( + { + name: 'ECDSA', + hash: 'SHA-256' + }, + privateKey, + signatureData + ) + + return { + id: identifier, + response: { + signature: base64urlFromString(stringFromBuffer(signature)), + authenticatorDataBytes: base64urlFromString( + stringFromBuffer(authenticatorData) + ), + clientDataJson: base64urlFromString(stringFromBuffer(clientDataBytes)) + } + } +} + +/** ECDSA256 key */ +export interface ECDSA256Key { + privateKey: string + publicKey: { + x: string + y: string + } +} + +/** Get ECDSA256 key */ +export async function generateECDSA256Key(): Promise { + const {privateKey: privateKey, publicKey: publicKey} = + await subtle.generateKey( + { + name: 'ECDSA', + namedCurve: 'P-256' + }, + true, + ['sign', 'verify'] + ) + const privateKeyBuffer = await subtle.exportKey( + 'pkcs8', + privateKey as CryptoKey + ) + const privateKeyString = base64urlFromString( + stringFromBuffer(privateKeyBuffer) + ) + + const {x, y} = await subtle.exportKey('jwk', publicKey as CryptoKey) + + return { + privateKey: privateKeyString, + publicKey: { + x: x || '', + y: y || '' + } + } +} diff --git a/packages/crypto/index.test.ts b/packages/crypto/index.test.ts new file mode 100644 index 0000000..9bd3ae4 --- /dev/null +++ b/packages/crypto/index.test.ts @@ -0,0 +1,74 @@ +import {randomBytes, createHash} from 'crypto' +import { + bufferFromString, + stringFromBuffer, + bufferFromUnicode, + unicodeFromBuffer, + base64urlFromString, + stringFromBase64Url, + concatBuffers, + deriveBcryptKey +} from '.' +import {setRandomFallback, genSaltSync, hash} from './bcryptjs' + +test('string and buffer transforms', () => { + const string = 'Foobar' + const buffer = new ArrayBuffer(42) + + expect(stringFromBuffer(bufferFromString(string))).toEqual(string) + expect(bufferFromString(stringFromBuffer(buffer))).toEqual(buffer) +}) + +test('unicode and buffer transforms', () => { + const string = 'Foobar' + const cyrillic = 'Привет' + const buffer = new ArrayBuffer(42) + + expect(unicodeFromBuffer(bufferFromUnicode(string))).toEqual(string) + expect(unicodeFromBuffer(bufferFromUnicode(cyrillic))).toEqual(cyrillic) + expect(bufferFromUnicode(unicodeFromBuffer(buffer))).toEqual(buffer) +}) + +test('string and base64url transforms', () => { + const string = 'Foobar=+/' + const base64url = 'Rm9vYmFyPSsv' + + expect(stringFromBase64Url(base64urlFromString(string))).toEqual(string) + expect(base64urlFromString(stringFromBase64Url(base64url))).toEqual(base64url) +}) + +test('concat buffers', () => { + const buffer1 = new Uint8Array([1, 2]) + const buffer2 = new Uint8Array([3, 4]) + + expect(new Uint8Array(concatBuffers(buffer1, buffer2))).toEqual( + new Uint8Array([1, 2, 3, 4]) + ) +}) + +test('deriveBcryptKey', async () => { + const input = 'foo' + const token = 'bar' + + setRandomFallback(randomBytes) + + const salt = genSaltSync(16) + + const hashString = await new Promise((resolve, reject) => { + hash(input, salt, (error, hash) => { + if (error) { + reject(error) + } else { + resolve(hash) + } + }) + }) + + const result = await deriveBcryptKey(input, {salt, token}) + + expect(result).toEqual( + createHash('sha512') + .update(hashString + token) + .digest('hex') + ) +}) diff --git a/packages/crypto/index.ts b/packages/crypto/index.ts new file mode 100644 index 0000000..4b48d19 --- /dev/null +++ b/packages/crypto/index.ts @@ -0,0 +1,21 @@ +/* eslint-disable import/no-unused-modules */ +export {getRandomValues, isSupported, subtle} from './crypto' +export { + bufferFromString, + stringFromBuffer, + bufferFromUnicode, + unicodeFromBuffer, + base64urlFromString, + stringFromBase64Url, + concatBuffers +} from './buffers' +export {encryptAESRSA} from './aesrsa' +export {deriveBcryptKey, type DeriveBcryptKeyParams} from './bcrypt' +export { + generateECDSA256Key, + getECDSA256Attestation, + type ECDSA256Key, + type ECDSA256Attestation +} from './ecdsa256' +export {derivePBKDF2Key} from './pbkdf2' +export {generatePKCE, type PKCE} from './pkce' diff --git a/packages/crypto/package.json b/packages/crypto/package.json new file mode 100644 index 0000000..7d4cd72 --- /dev/null +++ b/packages/crypto/package.json @@ -0,0 +1,18 @@ +{ + "name": "@rambler-tech/crypto", + "version": "0.0.0", + "main": "dist", + "module": "dist", + "types": "dist/index.d.ts", + "license": "MIT", + "sideEffects": false, + "publishConfig": { + "access": "public" + }, + "dependencies": { + "@types/md5": "^2.1.33", + "@types/sha.js": "^2.4.0", + "md5": "^2.2.1", + "sha.js": "^2.4.11" + } +} diff --git a/packages/crypto/pbkdf2.ts b/packages/crypto/pbkdf2.ts new file mode 100644 index 0000000..04e3534 --- /dev/null +++ b/packages/crypto/pbkdf2.ts @@ -0,0 +1,44 @@ +import md5 from 'md5' +import {subtle} from './crypto' +import {bufferFromString, stringFromBuffer} from './buffers' + +/** Derive PBKDF2 key */ +export async function derivePBKDF2Key( + input: string, + {length = 2048, ...creds} +): Promise { + const inputBase64 = window.btoa(input) + const inputBuffer = bufferFromString(inputBase64) + const inputCryptoKey = await subtle.importKey( + 'raw', + inputBuffer, + 'PBKDF2', + false, + ['deriveKey'] + ) + + const saltBase64 = window.btoa(creds.salt) + const saltBuffer = bufferFromString(saltBase64) + + const key = await subtle.deriveKey( + { + name: 'PBKDF2', + hash: 'SHA-1', + salt: saltBuffer, + iterations: 8096 + }, + inputCryptoKey, + {name: 'HMAC', hash: {name: 'SHA-1'}, length}, + true, + ['sign'] + ) + + const keyBuffer = await subtle.exportKey('raw', key) + const keyBase64 = window.btoa(stringFromBuffer(keyBuffer)) + + if (!creds.token) { + return keyBase64 + } + + return md5(keyBase64 + creds.token) +} diff --git a/packages/crypto/pkce.ts b/packages/crypto/pkce.ts new file mode 100644 index 0000000..517743f --- /dev/null +++ b/packages/crypto/pkce.ts @@ -0,0 +1,39 @@ +import sha from 'sha.js' +import {getRandomValues} from './crypto' +import {stringFromBuffer, base64urlFromString} from './buffers' + +function generateCodeVerifier() { + // eslint-disable-next-line @typescript-eslint/no-magic-numbers + const typedArray = new Uint8Array(96) + const codeVerifierBytes = getRandomValues(typedArray) + const codeVerifierString = stringFromBuffer(codeVerifierBytes) + + return base64urlFromString(codeVerifierString) +} + +function generateCodeChallenge(codeVerifier: string) { + const codeChallengeS256 = sha('sha256').update(codeVerifier) + const codeChallengeBytes = codeChallengeS256.digest() + const codeChallengeString = stringFromBuffer(codeChallengeBytes) + + return base64urlFromString(codeChallengeString) +} + +/** PKCE data */ +export interface PKCE { + codeVerifier: string + codeChallenge: string + codeChallengeMethod: string +} + +/** Generate PKCE challenge and verifier */ +export function generatePKCE(): PKCE { + const codeVerifier = generateCodeVerifier() + const codeChallenge = generateCodeChallenge(codeVerifier) + + return { + codeVerifier, + codeChallenge, + codeChallengeMethod: 'S256' + } +} diff --git a/packages/crypto/tsconfig.json b/packages/crypto/tsconfig.json new file mode 100644 index 0000000..b81d8e5 --- /dev/null +++ b/packages/crypto/tsconfig.json @@ -0,0 +1,9 @@ +{ + "extends": "../../tsconfig.json", + "compilerOptions": { + "module": "commonjs", + "baseUrl": ".", + "outDir": "dist" + }, + "include": [".", "../../types"] +} diff --git a/packages/crypto/typedoc.json b/packages/crypto/typedoc.json new file mode 100644 index 0000000..fd9d16b --- /dev/null +++ b/packages/crypto/typedoc.json @@ -0,0 +1,5 @@ +{ + "extends": "@rambler-tech/typedoc-config", + "readme": "../../README.md", + "entryPoints": ["./index.ts"] +} diff --git a/yarn.lock b/yarn.lock index dc335a9..9970533 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1743,6 +1743,11 @@ resolved "https://registry.yarnpkg.com/@types/json5/-/json5-0.0.29.tgz#ee28707ae94e11d2b827bcbe5270bcea7f3e71ee" integrity sha512-dRLjCWHYg4oaA77cxO64oO+7JwCwnIzkZPdrrC71jQmQtlhM556pwKo5bUzqvZndkVbeFLIIi+9TC40JNF5hNQ== +"@types/md5@^2.1.33": + version "2.3.5" + resolved "https://registry.yarnpkg.com/@types/md5/-/md5-2.3.5.tgz#481cef0a896e3a5dcbfc5a8a8b02c05958af48a5" + integrity sha512-/i42wjYNgE6wf0j2bcTX6kuowmdL/6PE4IVitMpm2eYKBUuYCprdcWVK+xEF0gcV6ufMCRhtxmReGfc6hIK7Jw== + "@types/minimatch@^3.0.3": version "3.0.5" resolved "https://registry.yarnpkg.com/@types/minimatch/-/minimatch-3.0.5.tgz#1001cc5e6a3704b83c236027e77f2f58ea010f40" @@ -1785,6 +1790,13 @@ resolved "https://registry.yarnpkg.com/@types/semver/-/semver-7.5.2.tgz#31f6eec1ed7ec23f4f05608d3a2d381df041f564" integrity sha512-7aqorHYgdNO4DM36stTiGO3DvKoex9TQRwsJU6vMaFGyqpBA1MNZkz+PG3gaNUPpTAOYhT1WR7M1JyA3fbS9Cw== +"@types/sha.js@^2.4.0": + version "2.4.4" + resolved "https://registry.yarnpkg.com/@types/sha.js/-/sha.js-2.4.4.tgz#36be3d0bbc02f790617181709831fd4fc4be942d" + integrity sha512-Qukd+D6S2Hm0wLVt2Vh+/eWBIoUt+wF8jWjBsG4F8EFQRwKtYvtXCPcNl2OEUQ1R+eTr3xuSaBYUyM3WD1x/Qw== + dependencies: + "@types/node" "*" + "@types/stack-utils@^2.0.0": version "2.0.1" resolved "https://registry.yarnpkg.com/@types/stack-utils/-/stack-utils-2.0.1.tgz#20f18294f797f2209b5f65c8e3b5c8e8261d127c" @@ -2757,6 +2769,11 @@ chardet@^0.7.0: resolved "https://registry.yarnpkg.com/chardet/-/chardet-0.7.0.tgz#90094849f0937f2eedc2425d0d28a9e5f0cbad9e" integrity sha512-mT8iDcrh03qDGRRmoA2hmBJnxpllMR+0/0qlzjqZES6NdiWDcZkCNAk4rPFZ9Q85r27unkiNNg8ZOiwZXBHwcA== +charenc@0.0.2: + version "0.0.2" + resolved "https://registry.yarnpkg.com/charenc/-/charenc-0.0.2.tgz#c0a1d2f3a7092e03774bfa83f14c0fc5790a8667" + integrity sha512-yrLQ/yVUFXkzg7EDQsPieE/53+0RlaWTs+wBrvW36cyilJ2SaDWfl4Yj7MtLTXleV9uEKefbAGUPv2/iWSooRA== + chokidar@^3.5.3: version "3.5.3" resolved "https://registry.yarnpkg.com/chokidar/-/chokidar-3.5.3.tgz#1cf37c8707b932bd1af1ae22c0432e2acd1903bd" @@ -3114,6 +3131,11 @@ cross-spawn@^7.0.0, cross-spawn@^7.0.2, cross-spawn@^7.0.3: shebang-command "^2.0.0" which "^2.0.1" +crypt@0.0.2: + version "0.0.2" + resolved "https://registry.yarnpkg.com/crypt/-/crypt-0.0.2.tgz#88d7ff7ec0dfb86f713dc87bbb42d044d3e6c41b" + integrity sha512-mCxBlsHFYh9C+HVpiEacem8FEBnMXgU9gy4zmNC+SXAZNB/1idgp/aulFJ4FgCi7GPEVbfyng092GqL2k2rmow== + cssom@^0.5.0: version "0.5.0" resolved "https://registry.yarnpkg.com/cssom/-/cssom-0.5.0.tgz#d254fa92cd8b6fbd83811b9fbaed34663cc17c36" @@ -4817,7 +4839,7 @@ inflight@^1.0.4: once "^1.3.0" wrappy "1" -inherits@2, inherits@^2.0.3, inherits@^2.0.4, inherits@~2.0.3: +inherits@2, inherits@^2.0.1, inherits@^2.0.3, inherits@^2.0.4, inherits@~2.0.3: version "2.0.4" resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.4.tgz#0fa2c64f932917c3433a0ded55363aae37416b7c" integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ== @@ -4923,6 +4945,11 @@ is-boolean-object@^1.1.0: call-bind "^1.0.2" has-tostringtag "^1.0.0" +is-buffer@~1.1.6: + version "1.1.6" + resolved "https://registry.yarnpkg.com/is-buffer/-/is-buffer-1.1.6.tgz#efaa2ea9daa0d7ab2ea13a97b2b8ad51fefbe8be" + integrity sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w== + is-builtin-module@^3.2.1: version "3.2.1" resolved "https://registry.yarnpkg.com/is-builtin-module/-/is-builtin-module-3.2.1.tgz#f03271717d8654cfcaf07ab0463faa3571581169" @@ -6256,6 +6283,15 @@ marked@^4.3.0: resolved "https://registry.yarnpkg.com/marked/-/marked-4.3.0.tgz#796362821b019f734054582038b116481b456cf3" integrity sha512-PRsaiG84bK+AMvxziE/lCFss8juXjNaWzVbN5tXAm4XjeaS9NAHhop+PjQxz2A9h8Q4M/xGmzP8vqNwy6JeK0A== +md5@^2.2.1: + version "2.3.0" + resolved "https://registry.yarnpkg.com/md5/-/md5-2.3.0.tgz#c3da9a6aae3a30b46b7b0c349b87b110dc3bda4f" + integrity sha512-T1GITYmFaKuO91vxyoQMFETst+O71VUPEU3ze5GNzDm0OWdP8v1ziTaAEPUr/3kLsY3Sftgz242A1SetQiDL7g== + dependencies: + charenc "0.0.2" + crypt "0.0.2" + is-buffer "~1.1.6" + memory-fs@^0.2.0: version "0.2.0" resolved "https://registry.yarnpkg.com/memory-fs/-/memory-fs-0.2.0.tgz#f2bb25368bc121e391c2520de92969caee0a0290" @@ -7730,16 +7766,16 @@ safe-array-concat@^1.0.1: has-symbols "^1.0.3" isarray "^2.0.5" +safe-buffer@^5.0.1, safe-buffer@~5.2.0: + version "5.2.1" + resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.2.1.tgz#1eaf9fa9bdb1fdd4ec75f58f9cdb4e6b7827eec6" + integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ== + safe-buffer@~5.1.0, safe-buffer@~5.1.1: version "5.1.2" resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.2.tgz#991ec69d296e0313747d59bdfd2b745c35f8828d" integrity sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g== -safe-buffer@~5.2.0: - version "5.2.1" - resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.2.1.tgz#1eaf9fa9bdb1fdd4ec75f58f9cdb4e6b7827eec6" - integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ== - safe-regex-test@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/safe-regex-test/-/safe-regex-test-1.0.0.tgz#793b874d524eb3640d1873aad03596db2d4f2295" @@ -7815,6 +7851,14 @@ set-function-name@^2.0.0, set-function-name@^2.0.1: functions-have-names "^1.2.3" has-property-descriptors "^1.0.0" +sha.js@^2.4.11: + version "2.4.11" + resolved "https://registry.yarnpkg.com/sha.js/-/sha.js-2.4.11.tgz#37a5cf0b81ecbc6943de109ba2960d1b26584ae7" + integrity sha512-QMEp5B7cftE7APOjk5Y6xgrbWu+WkLVQwk8JNjZ8nKRciZaByEW6MubieAiToS7+dwvrjGhH8jRXz3MVd0AYqQ== + dependencies: + inherits "^2.0.1" + safe-buffer "^5.0.1" + shallow-clone@^3.0.0: version "3.0.1" resolved "https://registry.yarnpkg.com/shallow-clone/-/shallow-clone-3.0.1.tgz#8f2981ad92531f55035b01fb230769a40e02efa3" From 47e8ca767407978b11c8310356d26c987082dda8 Mon Sep 17 00:00:00 2001 From: Andrey Polischuk Date: Wed, 14 Aug 2024 18:41:42 +0300 Subject: [PATCH 2/3] docs: fix docs --- packages/crypto/tsconfig.json | 10 +--------- packages/crypto/typedoc.json | 6 +----- 2 files changed, 2 insertions(+), 14 deletions(-) mode change 100644 => 120000 packages/crypto/tsconfig.json mode change 100644 => 120000 packages/crypto/typedoc.json diff --git a/packages/crypto/tsconfig.json b/packages/crypto/tsconfig.json deleted file mode 100644 index b81d8e5..0000000 --- a/packages/crypto/tsconfig.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "extends": "../../tsconfig.json", - "compilerOptions": { - "module": "commonjs", - "baseUrl": ".", - "outDir": "dist" - }, - "include": [".", "../../types"] -} diff --git a/packages/crypto/tsconfig.json b/packages/crypto/tsconfig.json new file mode 120000 index 0000000..238bf1b --- /dev/null +++ b/packages/crypto/tsconfig.json @@ -0,0 +1 @@ +../../tsconfig.package.json \ No newline at end of file diff --git a/packages/crypto/typedoc.json b/packages/crypto/typedoc.json deleted file mode 100644 index fd9d16b..0000000 --- a/packages/crypto/typedoc.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "extends": "@rambler-tech/typedoc-config", - "readme": "../../README.md", - "entryPoints": ["./index.ts"] -} diff --git a/packages/crypto/typedoc.json b/packages/crypto/typedoc.json new file mode 120000 index 0000000..213b456 --- /dev/null +++ b/packages/crypto/typedoc.json @@ -0,0 +1 @@ +../../typedoc.package.json \ No newline at end of file From 0e40f2c6f5e15462d2e39740903a3816fc0d42dc Mon Sep 17 00:00:00 2001 From: Andrey Polischuk Date: Wed, 14 Aug 2024 18:49:34 +0300 Subject: [PATCH 3/3] docs: fix crypto api docs --- packages/crypto/crypto.ts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/packages/crypto/crypto.ts b/packages/crypto/crypto.ts index 89f541b..c49c607 100644 --- a/packages/crypto/crypto.ts +++ b/packages/crypto/crypto.ts @@ -3,8 +3,10 @@ const crypto = ? window.crypto || window.msCrypto : (null as unknown as Crypto) +/** Web Crypto API */ export const subtle = crypto?.subtle || crypto?.webkitSubtle +/** Check is Web Crypto supported */ export function isSupported() { return !!crypto } @@ -20,6 +22,7 @@ type TypedArray = | Float32Array | Float64Array +/** Get cryptographically strong random values */ export function getRandomValues(typedArray: T): T { return crypto.getRandomValues(typedArray) }