watermanagement-backend-prod/node_modules/node-forge/lib/cipher.js

/**
 * Cipher base API.
 *
 * @author Dave Longley
 *
 * Copyright (c) 2010-2014 Digital Bazaar, Inc.
 */
var forge = require('./forge');
require('./util');

module.exports = forge.cipher = forge.cipher || {};

// registered algorithms
forge.cipher.algorithms = forge.cipher.algorithms || {};

/**
 * Creates a cipher object that can be used to encrypt data using the given
 * algorithm and key. The algorithm may be provided as a string value for a
 * previously registered algorithm or it may be given as a cipher algorithm
 * API object.
 *
 * @param algorithm the algorithm to use, either a string or an algorithm API
 *          object.
 * @param key the key to use, as a binary-encoded string of bytes or a
 *          byte buffer.
 *
 * @return the cipher.
 */
forge.cipher.createCipher = function(algorithm, key) {
  var api = algorithm;
  if(typeof api === 'string') {
    api = forge.cipher.getAlgorithm(api);
    if(api) {
      api = api();
    }
  }
  if(!api) {
    throw new Error('Unsupported algorithm: ' + algorithm);
  }

  // assume block cipher
  return new forge.cipher.BlockCipher({
    algorithm: api,
    key: key,
    decrypt: false
  });
};

/**
 * Creates a decipher object that can be used to decrypt data using the given
 * algorithm and key. The algorithm may be provided as a string value for a
 * previously registered algorithm or it may be given as a cipher algorithm
 * API object.
 *
 * @param algorithm the algorithm to use, either a string or an algorithm API
 *          object.
 * @param key the key to use, as a binary-encoded string of bytes or a
 *          byte buffer.
 *
 * @return the cipher.
 */
forge.cipher.createDecipher = function(algorithm, key) {
  var api = algorithm;
  if(typeof api === 'string') {
    api = forge.cipher.getAlgorithm(api);
    if(api) {
      api = api();
    }
  }
  if(!api) {
    throw new Error('Unsupported algorithm: ' + algorithm);
  }

  // assume block cipher
  return new forge.cipher.BlockCipher({
    algorithm: api,
    key: key,
    decrypt: true
  });
};

/**
 * Registers an algorithm by name. If the name was already registered, the
 * algorithm API object will be overwritten.
 *
 * @param name the name of the algorithm.
 * @param algorithm the algorithm API object.
 */
forge.cipher.registerAlgorithm = function(name, algorithm) {
  name = name.toUpperCase();
  forge.cipher.algorithms[name] = algorithm;
};

/**
 * Gets a registered algorithm by name.
 *
 * @param name the name of the algorithm.
 *
 * @return the algorithm, if found, null if not.
 */
forge.cipher.getAlgorithm = function(name) {
  name = name.toUpperCase();
  if(name in forge.cipher.algorithms) {
    return forge.cipher.algorithms[name];
  }
  return null;
};

var BlockCipher = forge.cipher.BlockCipher = function(options) {
  this.algorithm = options.algorithm;
  this.mode = this.algorithm.mode;
  this.blockSize = this.mode.blockSize;
  this._finish = false;
  this._input = null;
  this.output = null;
  this._op = options.decrypt ? this.mode.decrypt : this.mode.encrypt;
  this._decrypt = options.decrypt;
  this.algorithm.initialize(options);
};

/**
 * Starts or restarts the encryption or decryption process, whichever
 * was previously configured.
 *
 * For non-GCM mode, the IV may be a binary-encoded string of bytes, an array
 * of bytes, a byte buffer, or an array of 32-bit integers. If the IV is in
 * bytes, then it must be Nb (16) bytes in length. If the IV is given in as
 * 32-bit integers, then it must be 4 integers long.
 *
 * Note: an IV is not required or used in ECB mode.
 *
 * For GCM-mode, the IV must be given as a binary-encoded string of bytes or
 * a byte buffer. The number of bytes should be 12 (96 bits) as recommended
 * by NIST SP-800-38D but another length may be given.
 *
 * @param options the options to use:
 *          iv the initialization vector to use as a binary-encoded string of
 *            bytes, null to reuse the last ciphered block from a previous
 *            update() (this "residue" method is for legacy support only).
 *          additionalData additional authentication data as a binary-encoded
 *            string of bytes, for 'GCM' mode, (default: none).
 *          tagLength desired length of authentication tag, in bits, for
 *            'GCM' mode (0-128, default: 128).
 *          tag the authentication tag to check if decrypting, as a
 *             binary-encoded string of bytes.
 *          output the output the buffer to write to, null to create one.
 */
BlockCipher.prototype.start = function(options) {
  options = options || {};
  var opts = {};
  for(var key in options) {
    opts[key] = options[key];
  }
  opts.decrypt = this._decrypt;
  this._finish = false;
  this._input = forge.util.createBuffer();
  this.output = options.output || forge.util.createBuffer();
  this.mode.start(opts);
};

/**
 * Updates the next block according to the cipher mode.
 *
 * @param input the buffer to read from.
 */
BlockCipher.prototype.update = function(input) {
  if(input) {
    // input given, so empty it into the input buffer
    this._input.putBuffer(input);
  }

  // do cipher operation until it needs more input and not finished
  while(!this._op.call(this.mode, this._input, this.output, this._finish) &&
    !this._finish) {}

  // free consumed memory from input buffer
  this._input.compact();
};

/**
 * Finishes encrypting or decrypting.
 *
 * @param pad a padding function to use in CBC mode, null for default,
 *          signature(blockSize, buffer, decrypt).
 *
 * @return true if successful, false on error.
 */
BlockCipher.prototype.finish = function(pad) {
  // backwards-compatibility w/deprecated padding API
  // Note: will overwrite padding functions even after another start() call
  if(pad && (this.mode.name === 'ECB' || this.mode.name === 'CBC')) {
    this.mode.pad = function(input) {
      return pad(this.blockSize, input, false);
    };
    this.mode.unpad = function(output) {
      return pad(this.blockSize, output, true);
    };
  }

  // build options for padding and afterFinish functions
  var options = {};
  options.decrypt = this._decrypt;

  // get # of bytes that won't fill a block
  options.overflow = this._input.length() % this.blockSize;

  if(!this._decrypt && this.mode.pad) {
    if(!this.mode.pad(this._input, options)) {
      return false;
    }
  }

  // do final update
  this._finish = true;
  this.update();

  if(this._decrypt && this.mode.unpad) {
    if(!this.mode.unpad(this.output, options)) {
      return false;
    }
  }

  if(this.mode.afterFinish) {
    if(!this.mode.afterFinish(this.output, options)) {
      return false;
    }
  }

  return true;
};
changes 2 years ago			`/**`
			`* Cipher base API.`
			`*`
			`* @author Dave Longley`
			`*`
			`* Copyright (c) 2010-2014 Digital Bazaar, Inc.`
			`*/`
			`var forge = require('./forge');`
			`require('./util');`

			`module.exports = forge.cipher = forge.cipher \|\| {};`

			`// registered algorithms`
			`forge.cipher.algorithms = forge.cipher.algorithms \|\| {};`

			`/**`
			`* Creates a cipher object that can be used to encrypt data using the given`
			`* algorithm and key. The algorithm may be provided as a string value for a`
			`* previously registered algorithm or it may be given as a cipher algorithm`
			`* API object.`
			`*`
			`* @param algorithm the algorithm to use, either a string or an algorithm API`
			`* object.`
			`* @param key the key to use, as a binary-encoded string of bytes or a`
			`* byte buffer.`
			`*`
			`* @return the cipher.`
			`*/`
			`forge.cipher.createCipher = function(algorithm, key) {`
			`var api = algorithm;`
			`if(typeof api === 'string') {`
			`api = forge.cipher.getAlgorithm(api);`
			`if(api) {`
			`api = api();`
			`}`
			`}`
			`if(!api) {`
			`throw new Error('Unsupported algorithm: ' + algorithm);`
			`}`

			`// assume block cipher`
			`return new forge.cipher.BlockCipher({`
			`algorithm: api,`
			`key: key,`
			`decrypt: false`
			`});`
			`};`

			`/**`
			`* Creates a decipher object that can be used to decrypt data using the given`
			`* algorithm and key. The algorithm may be provided as a string value for a`
			`* previously registered algorithm or it may be given as a cipher algorithm`
			`* API object.`
			`*`
			`* @param algorithm the algorithm to use, either a string or an algorithm API`
			`* object.`
			`* @param key the key to use, as a binary-encoded string of bytes or a`
			`* byte buffer.`
			`*`
			`* @return the cipher.`
			`*/`
			`forge.cipher.createDecipher = function(algorithm, key) {`
			`var api = algorithm;`
			`if(typeof api === 'string') {`
			`api = forge.cipher.getAlgorithm(api);`
			`if(api) {`
			`api = api();`
			`}`
			`}`
			`if(!api) {`
			`throw new Error('Unsupported algorithm: ' + algorithm);`
			`}`

			`// assume block cipher`
			`return new forge.cipher.BlockCipher({`
			`algorithm: api,`
			`key: key,`
			`decrypt: true`
			`});`
			`};`

			`/**`
			`* Registers an algorithm by name. If the name was already registered, the`
			`* algorithm API object will be overwritten.`
			`*`
			`* @param name the name of the algorithm.`
			`* @param algorithm the algorithm API object.`
			`*/`
			`forge.cipher.registerAlgorithm = function(name, algorithm) {`
			`name = name.toUpperCase();`
			`forge.cipher.algorithms[name] = algorithm;`
			`};`

			`/**`
			`* Gets a registered algorithm by name.`
			`*`
			`* @param name the name of the algorithm.`
			`*`
			`* @return the algorithm, if found, null if not.`
			`*/`
			`forge.cipher.getAlgorithm = function(name) {`
			`name = name.toUpperCase();`
			`if(name in forge.cipher.algorithms) {`
			`return forge.cipher.algorithms[name];`
			`}`
			`return null;`
			`};`

			`var BlockCipher = forge.cipher.BlockCipher = function(options) {`
			`this.algorithm = options.algorithm;`
			`this.mode = this.algorithm.mode;`
			`this.blockSize = this.mode.blockSize;`
			`this._finish = false;`
			`this._input = null;`
			`this.output = null;`
			`this._op = options.decrypt ? this.mode.decrypt : this.mode.encrypt;`
			`this._decrypt = options.decrypt;`
			`this.algorithm.initialize(options);`
			`};`

			`/**`
			`* Starts or restarts the encryption or decryption process, whichever`
			`* was previously configured.`
			`*`
			`* For non-GCM mode, the IV may be a binary-encoded string of bytes, an array`
			`* of bytes, a byte buffer, or an array of 32-bit integers. If the IV is in`
			`* bytes, then it must be Nb (16) bytes in length. If the IV is given in as`
			`* 32-bit integers, then it must be 4 integers long.`
			`*`
			`* Note: an IV is not required or used in ECB mode.`
			`*`
			`* For GCM-mode, the IV must be given as a binary-encoded string of bytes or`
			`* a byte buffer. The number of bytes should be 12 (96 bits) as recommended`
			`* by NIST SP-800-38D but another length may be given.`
			`*`
			`* @param options the options to use:`
			`* iv the initialization vector to use as a binary-encoded string of`
			`* bytes, null to reuse the last ciphered block from a previous`
			`* update() (this "residue" method is for legacy support only).`
			`* additionalData additional authentication data as a binary-encoded`
			`* string of bytes, for 'GCM' mode, (default: none).`
			`* tagLength desired length of authentication tag, in bits, for`
			`* 'GCM' mode (0-128, default: 128).`
			`* tag the authentication tag to check if decrypting, as a`
			`* binary-encoded string of bytes.`
			`* output the output the buffer to write to, null to create one.`
			`*/`
			`BlockCipher.prototype.start = function(options) {`
			`options = options \|\| {};`
			`var opts = {};`
			`for(var key in options) {`
			`opts[key] = options[key];`
			`}`
			`opts.decrypt = this._decrypt;`
			`this._finish = false;`
			`this._input = forge.util.createBuffer();`
			`this.output = options.output \|\| forge.util.createBuffer();`
			`this.mode.start(opts);`
			`};`

			`/**`
			`* Updates the next block according to the cipher mode.`
			`*`
			`* @param input the buffer to read from.`
			`*/`
			`BlockCipher.prototype.update = function(input) {`
			`if(input) {`
			`// input given, so empty it into the input buffer`
			`this._input.putBuffer(input);`
			`}`

			`// do cipher operation until it needs more input and not finished`
			`while(!this._op.call(this.mode, this._input, this.output, this._finish) &&`
			`!this._finish) {}`

			`// free consumed memory from input buffer`
			`this._input.compact();`
			`};`

			`/**`
			`* Finishes encrypting or decrypting.`
			`*`
			`* @param pad a padding function to use in CBC mode, null for default,`
			`* signature(blockSize, buffer, decrypt).`
			`*`
			`* @return true if successful, false on error.`
			`*/`
			`BlockCipher.prototype.finish = function(pad) {`
			`// backwards-compatibility w/deprecated padding API`
			`// Note: will overwrite padding functions even after another start() call`
			`if(pad && (this.mode.name === 'ECB' \|\| this.mode.name === 'CBC')) {`
			`this.mode.pad = function(input) {`
			`return pad(this.blockSize, input, false);`
			`};`
			`this.mode.unpad = function(output) {`
			`return pad(this.blockSize, output, true);`
			`};`
			`}`

			`// build options for padding and afterFinish functions`
			`var options = {};`
			`options.decrypt = this._decrypt;`

			`// get # of bytes that won't fill a block`
			`options.overflow = this._input.length() % this.blockSize;`

			`if(!this._decrypt && this.mode.pad) {`
			`if(!this.mode.pad(this._input, options)) {`
			`return false;`
			`}`
			`}`

			`// do final update`
			`this._finish = true;`
			`this.update();`

			`if(this._decrypt && this.mode.unpad) {`
			`if(!this.mode.unpad(this.output, options)) {`
			`return false;`
			`}`
			`}`

			`if(this.mode.afterFinish) {`
			`if(!this.mode.afterFinish(this.output, options)) {`
			`return false;`
			`}`
			`}`

			`return true;`
			`};`