首页 发现 帮助
登录
karmen
/
core
1
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
目录树: 025fdb2730
分支列表 标签列表
core
/
node_modules
/
browserify-aes
/
ghash.js

ghash.js 2.1 KB
文件历史 原始文件

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798 
  1. var zeros = new Buffer(16)
    2. 

  2. zeros.fill(0)
    3. 

  3. module.exports = GHASH
    4. 

  4. function GHASH (key) {
    5. 

  5.   this.h = key
    6. 

  6.   this.state = new Buffer(16)
    7. 

  7.   this.state.fill(0)
    8. 

  8.   this.cache = new Buffer('')
    9. 

  9. }
    10. 

  10. // from http://bitwiseshiftleft.github.io/sjcl/doc/symbols/src/core_gcm.js.html
    11. 

  11. // by Juho Vähä-Herttua
    12. 

  12. GHASH.prototype.ghash = function (block) {
    13. 

  13.   var i = -1
    14. 

  14.   while (++i < block.length) {
    15. 

  15.     this.state[i] ^= block[i]
    16. 

  16.   }
    17. 

  17.   this._multiply()
    18. 

  18. }
    19. 

  19. 

  20. GHASH.prototype._multiply = function () {
    21. 

  21.   var Vi = toArray(this.h)
    22. 

  22.   var Zi = [0, 0, 0, 0]
    23. 

  23.   var j, xi, lsb_Vi
    24. 

  24.   var i = -1
    25. 

  25.   while (++i < 128) {
    26. 

  26.     xi = (this.state[~~(i / 8)] & (1 << (7 - i % 8))) !== 0
    27. 

  27.     if (xi) {
    28. 

  28.       // Z_i+1 = Z_i ^ V_i
    29. 

  29.       Zi = xor(Zi, Vi)
    30. 

  30.     }
    31. 

  31. 

  32.     // Store the value of LSB(V_i)
    33. 

  33.     lsb_Vi = (Vi[3] & 1) !== 0
    34. 

  34. 

  35.     // V_i+1 = V_i >> 1
    36. 

  36.     for (j = 3; j > 0; j--) {
    37. 

  37.       Vi[j] = (Vi[j] >>> 1) | ((Vi[j - 1] & 1) << 31)
    38. 

  38.     }
    39. 

  39.     Vi[0] = Vi[0] >>> 1
    40. 

  40. 

  41.     // If LSB(V_i) is 1, V_i+1 = (V_i >> 1) ^ R
    42. 

  42.     if (lsb_Vi) {
    43. 

  43.       Vi[0] = Vi[0] ^ (0xe1 << 24)
    44. 

  44.     }
    45. 

  45.   }
    46. 

  46.   this.state = fromArray(Zi)
    47. 

  47. }
    48. 

  48. GHASH.prototype.update = function (buf) {
    49. 

  49.   this.cache = Buffer.concat([this.cache, buf])
    50. 

  50.   var chunk
    51. 

  51.   while (this.cache.length >= 16) {
    52. 

  52.     chunk = this.cache.slice(0, 16)
    53. 

  53.     this.cache = this.cache.slice(16)
    54. 

  54.     this.ghash(chunk)
    55. 

  55.   }
    56. 

  56. }
    57. 

  57. GHASH.prototype.final = function (abl, bl) {
    58. 

  58.   if (this.cache.length) {
    59. 

  59.     this.ghash(Buffer.concat([this.cache, zeros], 16))
    60. 

  60.   }
    61. 

  61.   this.ghash(fromArray([
    62. 

  62.     0, abl,
    63. 

  63.     0, bl
    64. 

  64.   ]))
    65. 

  65.   return this.state
    66. 

  66. }
    67. 

  67. 

  68. function toArray (buf) {
    69. 

  69.   return [
    70. 

  70.     buf.readUInt32BE(0),
    71. 

  71.     buf.readUInt32BE(4),
    72. 

  72.     buf.readUInt32BE(8),
    73. 

  73.     buf.readUInt32BE(12)
    74. 

  74.   ]
    75. 

  75. }
    76. 

  76. function fromArray (out) {
    77. 

  77.   out = out.map(fixup_uint32)
    78. 

  78.   var buf = new Buffer(16)
    79. 

  79.   buf.writeUInt32BE(out[0], 0)
    80. 

  80.   buf.writeUInt32BE(out[1], 4)
    81. 

  81.   buf.writeUInt32BE(out[2], 8)
    82. 

  82.   buf.writeUInt32BE(out[3], 12)
    83. 

  83.   return buf
    84. 

  84. }
    85. 

  85. var uint_max = Math.pow(2, 32)
    86. 

  86. function fixup_uint32 (x) {
    87. 

  87.   var ret, x_pos
    88. 

  88.   ret = x > uint_max || x < 0 ? (x_pos = Math.abs(x) % uint_max, x < 0 ? uint_max - x_pos : x_pos) : x
    89. 

  89.   return ret
    90. 

  90. }
    91. 

  91. function xor (a, b) {
    92. 

  92.   return [
    93. 

  93.     a[0] ^ b[0],
    94. 

  94.     a[1] ^ b[1],
    95. 

  95.     a[2] ^ b[2],
    96. 

  96.     a[3] ^ b[3]
    97. 

  97.   ]
    98. 

  98. }
    99.