You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

189 lines
6.6 KiB

1 year ago
  1. ;(function (root, factory, undef) {
  2. if (typeof exports === "object") {
  3. // CommonJS
  4. module.exports = exports = factory(require("./core"), require("./enc-base64"), require("./md5"), require("./evpkdf"), require("./cipher-core"));
  5. }
  6. else if (typeof define === "function" && define.amd) {
  7. // AMD
  8. define(["./core", "./enc-base64", "./md5", "./evpkdf", "./cipher-core"], factory);
  9. }
  10. else {
  11. // Global (browser)
  12. factory(root.CryptoJS);
  13. }
  14. }(this, function (CryptoJS) {
  15. (function () {
  16. // Shortcuts
  17. var C = CryptoJS;
  18. var C_lib = C.lib;
  19. var StreamCipher = C_lib.StreamCipher;
  20. var C_algo = C.algo;
  21. // Reusable objects
  22. var S = [];
  23. var C_ = [];
  24. var G = [];
  25. /**
  26. * Rabbit stream cipher algorithm.
  27. *
  28. * This is a legacy version that neglected to convert the key to little-endian.
  29. * This error doesn't affect the cipher's security,
  30. * but it does affect its compatibility with other implementations.
  31. */
  32. var RabbitLegacy = C_algo.RabbitLegacy = StreamCipher.extend({
  33. _doReset: function () {
  34. // Shortcuts
  35. var K = this._key.words;
  36. var iv = this.cfg.iv;
  37. // Generate initial state values
  38. var X = this._X = [
  39. K[0], (K[3] << 16) | (K[2] >>> 16),
  40. K[1], (K[0] << 16) | (K[3] >>> 16),
  41. K[2], (K[1] << 16) | (K[0] >>> 16),
  42. K[3], (K[2] << 16) | (K[1] >>> 16)
  43. ];
  44. // Generate initial counter values
  45. var C = this._C = [
  46. (K[2] << 16) | (K[2] >>> 16), (K[0] & 0xffff0000) | (K[1] & 0x0000ffff),
  47. (K[3] << 16) | (K[3] >>> 16), (K[1] & 0xffff0000) | (K[2] & 0x0000ffff),
  48. (K[0] << 16) | (K[0] >>> 16), (K[2] & 0xffff0000) | (K[3] & 0x0000ffff),
  49. (K[1] << 16) | (K[1] >>> 16), (K[3] & 0xffff0000) | (K[0] & 0x0000ffff)
  50. ];
  51. // Carry bit
  52. this._b = 0;
  53. // Iterate the system four times
  54. for (var i = 0; i < 4; i++) {
  55. nextState.call(this);
  56. }
  57. // Modify the counters
  58. for (var i = 0; i < 8; i++) {
  59. C[i] ^= X[(i + 4) & 7];
  60. }
  61. // IV setup
  62. if (iv) {
  63. // Shortcuts
  64. var IV = iv.words;
  65. var IV_0 = IV[0];
  66. var IV_1 = IV[1];
  67. // Generate four subvectors
  68. var i0 = (((IV_0 << 8) | (IV_0 >>> 24)) & 0x00ff00ff) | (((IV_0 << 24) | (IV_0 >>> 8)) & 0xff00ff00);
  69. var i2 = (((IV_1 << 8) | (IV_1 >>> 24)) & 0x00ff00ff) | (((IV_1 << 24) | (IV_1 >>> 8)) & 0xff00ff00);
  70. var i1 = (i0 >>> 16) | (i2 & 0xffff0000);
  71. var i3 = (i2 << 16) | (i0 & 0x0000ffff);
  72. // Modify counter values
  73. C[0] ^= i0;
  74. C[1] ^= i1;
  75. C[2] ^= i2;
  76. C[3] ^= i3;
  77. C[4] ^= i0;
  78. C[5] ^= i1;
  79. C[6] ^= i2;
  80. C[7] ^= i3;
  81. // Iterate the system four times
  82. for (var i = 0; i < 4; i++) {
  83. nextState.call(this);
  84. }
  85. }
  86. },
  87. _doProcessBlock: function (M, offset) {
  88. // Shortcut
  89. var X = this._X;
  90. // Iterate the system
  91. nextState.call(this);
  92. // Generate four keystream words
  93. S[0] = X[0] ^ (X[5] >>> 16) ^ (X[3] << 16);
  94. S[1] = X[2] ^ (X[7] >>> 16) ^ (X[5] << 16);
  95. S[2] = X[4] ^ (X[1] >>> 16) ^ (X[7] << 16);
  96. S[3] = X[6] ^ (X[3] >>> 16) ^ (X[1] << 16);
  97. for (var i = 0; i < 4; i++) {
  98. // Swap endian
  99. S[i] = (((S[i] << 8) | (S[i] >>> 24)) & 0x00ff00ff) |
  100. (((S[i] << 24) | (S[i] >>> 8)) & 0xff00ff00);
  101. // Encrypt
  102. M[offset + i] ^= S[i];
  103. }
  104. },
  105. blockSize: 128/32,
  106. ivSize: 64/32
  107. });
  108. function nextState() {
  109. // Shortcuts
  110. var X = this._X;
  111. var C = this._C;
  112. // Save old counter values
  113. for (var i = 0; i < 8; i++) {
  114. C_[i] = C[i];
  115. }
  116. // Calculate new counter values
  117. C[0] = (C[0] + 0x4d34d34d + this._b) | 0;
  118. C[1] = (C[1] + 0xd34d34d3 + ((C[0] >>> 0) < (C_[0] >>> 0) ? 1 : 0)) | 0;
  119. C[2] = (C[2] + 0x34d34d34 + ((C[1] >>> 0) < (C_[1] >>> 0) ? 1 : 0)) | 0;
  120. C[3] = (C[3] + 0x4d34d34d + ((C[2] >>> 0) < (C_[2] >>> 0) ? 1 : 0)) | 0;
  121. C[4] = (C[4] + 0xd34d34d3 + ((C[3] >>> 0) < (C_[3] >>> 0) ? 1 : 0)) | 0;
  122. C[5] = (C[5] + 0x34d34d34 + ((C[4] >>> 0) < (C_[4] >>> 0) ? 1 : 0)) | 0;
  123. C[6] = (C[6] + 0x4d34d34d + ((C[5] >>> 0) < (C_[5] >>> 0) ? 1 : 0)) | 0;
  124. C[7] = (C[7] + 0xd34d34d3 + ((C[6] >>> 0) < (C_[6] >>> 0) ? 1 : 0)) | 0;
  125. this._b = (C[7] >>> 0) < (C_[7] >>> 0) ? 1 : 0;
  126. // Calculate the g-values
  127. for (var i = 0; i < 8; i++) {
  128. var gx = X[i] + C[i];
  129. // Construct high and low argument for squaring
  130. var ga = gx & 0xffff;
  131. var gb = gx >>> 16;
  132. // Calculate high and low result of squaring
  133. var gh = ((((ga * ga) >>> 17) + ga * gb) >>> 15) + gb * gb;
  134. var gl = (((gx & 0xffff0000) * gx) | 0) + (((gx & 0x0000ffff) * gx) | 0);
  135. // High XOR low
  136. G[i] = gh ^ gl;
  137. }
  138. // Calculate new state values
  139. X[0] = (G[0] + ((G[7] << 16) | (G[7] >>> 16)) + ((G[6] << 16) | (G[6] >>> 16))) | 0;
  140. X[1] = (G[1] + ((G[0] << 8) | (G[0] >>> 24)) + G[7]) | 0;
  141. X[2] = (G[2] + ((G[1] << 16) | (G[1] >>> 16)) + ((G[0] << 16) | (G[0] >>> 16))) | 0;
  142. X[3] = (G[3] + ((G[2] << 8) | (G[2] >>> 24)) + G[1]) | 0;
  143. X[4] = (G[4] + ((G[3] << 16) | (G[3] >>> 16)) + ((G[2] << 16) | (G[2] >>> 16))) | 0;
  144. X[5] = (G[5] + ((G[4] << 8) | (G[4] >>> 24)) + G[3]) | 0;
  145. X[6] = (G[6] + ((G[5] << 16) | (G[5] >>> 16)) + ((G[4] << 16) | (G[4] >>> 16))) | 0;
  146. X[7] = (G[7] + ((G[6] << 8) | (G[6] >>> 24)) + G[5]) | 0;
  147. }
  148. /**
  149. * Shortcut functions to the cipher's object interface.
  150. *
  151. * @example
  152. *
  153. * var ciphertext = CryptoJS.RabbitLegacy.encrypt(message, key, cfg);
  154. * var plaintext = CryptoJS.RabbitLegacy.decrypt(ciphertext, key, cfg);
  155. */
  156. C.RabbitLegacy = StreamCipher._createHelper(RabbitLegacy);
  157. }());
  158. return CryptoJS.RabbitLegacy;
  159. }));