diff --git a/CHANGELOG.md b/CHANGELOG.md index 0f205fe9..1d13e56d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,12 @@ All major and minor version changes will be documented in this file. Details of ## Details +### [10.4.0] - 2023-03-24 +- Added 'Generate De Bruijn Sequence' operation [@gchq77703] | [#493] + +### [10.3.0] - 2023-03-24 +- Added 'Argon2' and 'Argon2 compare' operations [@Xenonym] | [#661] + ### [10.2.0] - 2023-03-23 - Added 'Derive HKDF key' operation [@mikecat] | [#1528] @@ -365,6 +371,8 @@ All major and minor version changes will be documented in this file. Details of +[10.4.0]: https://github.com/gchq/CyberChef/releases/tag/v10.4.0 +[10.3.0]: https://github.com/gchq/CyberChef/releases/tag/v10.3.0 [10.2.0]: https://github.com/gchq/CyberChef/releases/tag/v10.2.0 [10.1.0]: https://github.com/gchq/CyberChef/releases/tag/v10.1.0 [10.0.0]: https://github.com/gchq/CyberChef/releases/tag/v10.0.0 @@ -514,6 +522,8 @@ All major and minor version changes will be documented in this file. Details of [@valdelaseras]: https://github.com/valdelaseras [@brun0ne]: https://github.com/brun0ne [@joostrijneveld]: https://github.com/joostrijneveld +[@Xenonym]: https://github.com/Xenonym +[@gchq77703]: https://github.com/gchq77703 [8ad18b]: https://github.com/gchq/CyberChef/commit/8ad18bc7db6d9ff184ba3518686293a7685bf7b7 [9a33498]: https://github.com/gchq/CyberChef/commit/9a33498fed26a8df9c9f35f39a78a174bf50a513 @@ -629,4 +639,6 @@ All major and minor version changes will be documented in this file. Details of [#1498]: https://github.com/gchq/CyberChef/pull/1498 [#1499]: https://github.com/gchq/CyberChef/pull/1499 [#1528]: https://github.com/gchq/CyberChef/pull/1528 +[#661]: https://github.com/gchq/CyberChef/pull/661 +[#493]: https://github.com/gchq/CyberChef/pull/493 diff --git a/package-lock.json b/package-lock.json index 3b70990a..148af3df 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "cyberchef", - "version": "10.2.0", + "version": "10.4.0", "lockfileVersion": 1, "requires": true, "dependencies": { @@ -2481,6 +2481,11 @@ "integrity": "sha512-e0hDa9H2Z9AwFkk2qDlwhoMYE4eToKarchkQHovNdLTCYMHZHeRjI71crOh+dio4K6u1IcwubQqo79Ga4CyAQA==", "dev": true }, + "argon2-browser": { + "version": "1.18.0", + "resolved": "https://registry.npmjs.org/argon2-browser/-/argon2-browser-1.18.0.tgz", + "integrity": "sha512-ImVAGIItnFnvET1exhsQB7apRztcoC5TnlSqernMJDUjbc/DLq3UEYeXFrLPrlaIl8cVfwnXb6wX2KpFf2zxHw==" + }, "argparse": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", @@ -2863,6 +2868,12 @@ "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz", "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==" }, + "base64-loader": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/base64-loader/-/base64-loader-1.0.0.tgz", + "integrity": "sha512-p32+F8dg+ANGx7s8QsZS74ZPHfIycmC2yZcoerzFgbersIYWitPbbF39G6SBx3gyvzyLH5nt1ooocxr0IHuWKA==", + "dev": true + }, "basic-auth": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/basic-auth/-/basic-auth-2.0.1.tgz", diff --git a/package.json b/package.json index cb9762ad..f5e22875 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "cyberchef", - "version": "10.2.0", + "version": "10.4.0", "description": "The Cyber Swiss Army Knife for encryption, encoding, compression and data analysis.", "author": "n1474335 ", "homepage": "https://gchq.github.io/CyberChef", @@ -54,6 +54,7 @@ "babel-loader": "^9.1.2", "babel-plugin-dynamic-import-node": "^2.3.3", "babel-plugin-transform-builtin-extend": "1.1.2", + "base64-loader": "^1.0.0", "chromedriver": "^110.0.0", "cli-progress": "^3.12.0", "colors": "^1.4.0", @@ -94,6 +95,7 @@ "@astronautlabs/amf": "^0.0.6", "@babel/polyfill": "^7.12.1", "@blu3r4y/lzma": "^2.3.3", + "argon2-browser": "^1.18.0", "arrive": "^2.4.1", "avsc": "^5.7.7", "bcryptjs": "^2.4.3", @@ -179,8 +181,8 @@ "start": "npx grunt dev", "build": "npx grunt prod", "node": "npx grunt node", - "repl": "node --experimental-modules --experimental-json-modules --experimental-specifier-resolution=node --no-warnings src/node/repl.mjs", - "test": "npx grunt configTests && node --experimental-modules --experimental-json-modules --no-warnings --no-deprecation --openssl-legacy-provider tests/node/index.mjs && node --experimental-modules --experimental-json-modules --no-warnings --no-deprecation --openssl-legacy-provider tests/operations/index.mjs", + "repl": "node --experimental-modules --experimental-json-modules --experimental-specifier-resolution=node --no-experimental-fetch --no-warnings src/node/repl.mjs", + "test": "npx grunt configTests && node --experimental-modules --experimental-json-modules --no-warnings --no-deprecation --openssl-legacy-provider --no-experimental-fetch tests/node/index.mjs && node --experimental-modules --experimental-json-modules --no-warnings --no-deprecation --openssl-legacy-provider --no-experimental-fetch tests/operations/index.mjs", "testnodeconsumer": "npx grunt testnodeconsumer", "testui": "npx grunt testui", "testuidev": "npx nightwatch --env=dev", diff --git a/src/core/config/Categories.json b/src/core/config/Categories.json index aeaa2701..5dd9d702 100644 --- a/src/core/config/Categories.json +++ b/src/core/config/Categories.json @@ -381,6 +381,8 @@ "Bcrypt", "Bcrypt compare", "Bcrypt parse", + "Argon2", + "Argon2 compare", "Scrypt", "NT Hash", "LM Hash", @@ -488,6 +490,7 @@ "P-list Viewer", "Disassemble x86", "Pseudo-Random Number Generator", + "Generate De Bruijn Sequence", "Generate UUID", "Analyse UUID", "Generate TOTP", diff --git a/src/core/operations/Argon2.mjs b/src/core/operations/Argon2.mjs new file mode 100644 index 00000000..4feb881c --- /dev/null +++ b/src/core/operations/Argon2.mjs @@ -0,0 +1,117 @@ +/** + * @author Tan Zhen Yong [tzy@beyondthesprawl.com] + * @copyright Crown Copyright 2019 + * @license Apache-2.0 + */ + +import Operation from "../Operation.mjs"; +import OperationError from "../errors/OperationError.mjs"; +import Utils from "../Utils.mjs"; +import argon2 from "argon2-browser"; + +/** + * Argon2 operation + */ +class Argon2 extends Operation { + + /** + * Argon2 constructor + */ + constructor() { + super(); + + this.name = "Argon2"; + this.module = "Crypto"; + this.description = "Argon2 is a key derivation function that was selected as the winner of the Password Hashing Competition in July 2015. It was designed by Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich from the University of Luxembourg.

Enter the password in the input to generate its hash."; + this.infoURL = "https://wikipedia.org/wiki/Argon2"; + this.inputType = "string"; + this.outputType = "string"; + this.args = [ + { + "name": "Salt", + "type": "toggleString", + "value": "somesalt", + "toggleValues": ["UTF8", "Hex", "Base64", "Latin1"] + }, + { + "name": "Iterations", + "type": "number", + "value": 3 + }, + { + "name": "Memory (KiB)", + "type": "number", + "value": 4096 + }, + { + "name": "Parallelism", + "type": "number", + "value": 1 + }, + { + "name": "Hash length (bytes)", + "type": "number", + "value": 32 + }, + { + "name": "Type", + "type": "option", + "value": ["Argon2i", "Argon2d", "Argon2id"], + "defaultIndex": 0 + }, + { + "name": "Output format", + "type": "option", + "value": ["Encoded hash", "Hex hash", "Raw hash"] + } + ]; + } + + /** + * @param {string} input + * @param {Object[]} args + * @returns {string} + */ + async run(input, args) { + const argon2Types = { + "Argon2i": argon2.ArgonType.Argon2i, + "Argon2d": argon2.ArgonType.Argon2d, + "Argon2id": argon2.ArgonType.Argon2id + }; + + const salt = Utils.convertToByteString(args[0].string || "", args[0].option), + time = args[1], + mem = args[2], + parallelism = args[3], + hashLen = args[4], + type = argon2Types[args[5]], + outFormat = args[6]; + + try { + const result = await argon2.hash({ + pass: input, + salt, + time, + mem, + parallelism, + hashLen, + type, + }); + + switch (outFormat) { + case "Hex hash": + return result.hashHex; + case "Raw hash": + return Utils.arrayBufferToStr(result.hash); + case "Encoded hash": + default: + return result.encoded; + } + } catch (err) { + throw new OperationError(`Error: ${err.message}`); + } + } + +} + +export default Argon2; diff --git a/src/core/operations/Argon2Compare.mjs b/src/core/operations/Argon2Compare.mjs new file mode 100644 index 00000000..68e48ed0 --- /dev/null +++ b/src/core/operations/Argon2Compare.mjs @@ -0,0 +1,58 @@ +/** + * @author Tan Zhen Yong [tzy@beyondthesprawl.com] + * @copyright Crown Copyright 2019 + * @license Apache-2.0 + */ + +import Operation from "../Operation.mjs"; +import argon2 from "argon2-browser"; + +/** + * Argon2 compare operation + */ +class Argon2Compare extends Operation { + + /** + * Argon2Compare constructor + */ + constructor() { + super(); + + this.name = "Argon2 compare"; + this.module = "Crypto"; + this.description = "Tests whether the input matches the given Argon2 hash. To test multiple possible passwords, use the 'Fork' operation."; + this.infoURL = "https://wikipedia.org/wiki/Argon2"; + this.inputType = "string"; + this.outputType = "string"; + this.args = [ + { + "name": "Encoded hash", + "type": "string", + "value": "" + } + ]; + } + + /** + * @param {string} input + * @param {Object[]} args + * @returns {string} + */ + async run(input, args) { + const encoded = args[0]; + + try { + await argon2.verify({ + pass: input, + encoded + }); + + return `Match: ${input}`; + } catch (err) { + return "No match"; + } + } + +} + +export default Argon2Compare; diff --git a/src/core/operations/GenerateDeBruijnSequence.mjs b/src/core/operations/GenerateDeBruijnSequence.mjs new file mode 100644 index 00000000..f28d421f --- /dev/null +++ b/src/core/operations/GenerateDeBruijnSequence.mjs @@ -0,0 +1,85 @@ +/** + * @author gchq77703 [gchq77703@gchq.gov.uk] + * @copyright Crown Copyright 2019 + * @license Apache-2.0 + */ + +import Operation from "../Operation.mjs"; +import OperationError from "../errors/OperationError.mjs"; + +/** + * Generate De Bruijn Sequence operation + */ +class GenerateDeBruijnSequence extends Operation { + + /** + * GenerateDeBruijnSequence constructor + */ + constructor() { + super(); + + this.name = "Generate De Bruijn Sequence"; + this.module = "Default"; + this.description = "Generates rolling keycode combinations given a certain alphabet size and key length."; + this.infoURL = "https://wikipedia.org/wiki/De_Bruijn_sequence"; + this.inputType = "string"; + this.outputType = "string"; + this.args = [ + { + name: "Alphabet size (k)", + type: "number", + value: 2 + }, + { + name: "Key length (n)", + type: "number", + value: 3 + } + ]; + } + + /** + * @param {string} input + * @param {Object[]} args + * @returns {string} + */ + run(input, args) { + const [k, n] = args; + + if (k < 2 || k > 9) { + throw new OperationError("Invalid alphabet size, required to be between 2 and 9 (inclusive)."); + } + + if (n < 2) { + throw new OperationError("Invalid key length, required to be at least 2."); + } + + if (Math.pow(k, n) > 50000) { + throw new OperationError("Too many permutations, please reduce k^n to under 50,000."); + } + + const a = new Array(k * n).fill(0); + const sequence = []; + + (function db(t = 1, p = 1) { + if (t > n) { + if (n % p !== 0) return; + for (let j = 1; j <= p; j++) { + sequence.push(a[j]); + } + return; + } + + a[t] = a[t - p]; + db(t + 1, p); + for (let j = a[t - p] + 1; j < k; j++) { + a[t] = j; + db(t + 1, t); + } + })(); + + return sequence.join(""); + } +} + +export default GenerateDeBruijnSequence; diff --git a/src/web/html/index.html b/src/web/html/index.html index 92d52771..c602c275 100755 --- a/src/web/html/index.html +++ b/src/web/html/index.html @@ -61,7 +61,7 @@ "Symlinking emacs and vim to ed...", "Training branch predictor...", "Timing cache hits...", - "Speculatively executing recipes..." + "Speculatively executing recipes...", "Adding LLM hallucinations..." ]; diff --git a/tests/operations/index.mjs b/tests/operations/index.mjs index 1aa12d19..56f432e0 100644 --- a/tests/operations/index.mjs +++ b/tests/operations/index.mjs @@ -133,6 +133,7 @@ import "./tests/Rabbit.mjs"; import "./tests/LevenshteinDistance.mjs"; import "./tests/SwapCase.mjs"; import "./tests/HKDF.mjs"; +import "./tests/GenerateDeBruijnSequence.mjs"; // Cannot test operations that use the File type yet // import "./tests/SplitColourChannels.mjs"; diff --git a/tests/operations/tests/GenerateDeBruijnSequence.mjs b/tests/operations/tests/GenerateDeBruijnSequence.mjs new file mode 100644 index 00000000..24490d1c --- /dev/null +++ b/tests/operations/tests/GenerateDeBruijnSequence.mjs @@ -0,0 +1,33 @@ +/** + * De Brujin Sequence tests. + * + * @author gchq77703 [gchq77703@gchq.gov.uk] + * @copyright Crown Copyright 2017 + * @license Apache-2.0 + */ +import TestRegister from "../../lib/TestRegister.mjs"; + +TestRegister.addTests([ + { + name: "Generate De Bruijn Sequence: Small Sequence", + input: "", + expectedOutput: "00010111", + recipeConfig: [ + { + "op": "Generate De Bruijn Sequence", + "args": [2, 3] + } + ] + }, + { + name: "Generate De Bruijn Sequence: Long Sequence", + input: "", + expectedOutput: "0000010000200003000110001200013000210002200023000310003200033001010010200103001110011200113001210012200123001310013200133002010020200203002110021200213002210022200223002310023200233003010030200303003110031200313003210032200323003310033200333010110101201013010210102201023010310103201033011020110301111011120111301121011220112301131011320113301202012030121101212012130122101222012230123101232012330130201303013110131201313013210132201323013310133201333020210202202023020310203202033021030211102112021130212102122021230213102132021330220302211022120221302221022220222302231022320223302303023110231202313023210232202323023310233202333030310303203033031110311203113031210312203123031310313203133032110321203213032210322203223032310323203233033110331203313033210332203323033310333203333111112111131112211123111321113311212112131122211223112321123311312113131132211323113321133312122121231213212133122131222212223122321223312313123221232312332123331313213133132221322313232132331332213323133321333322222322233223232233323233233333", + recipeConfig: [ + { + "op": "Generate De Bruijn Sequence", + "args": [4, 5] + } + ] + } +]); diff --git a/tests/operations/tests/Hash.mjs b/tests/operations/tests/Hash.mjs index 95a18ffd..4480f65a 100644 --- a/tests/operations/tests/Hash.mjs +++ b/tests/operations/tests/Hash.mjs @@ -1109,7 +1109,7 @@ TestRegister.addTests([ args: ["D-A"] } ] - } + }, /* { // This takes a LONG time to run (over a minute usually). name: "Scrypt: RFC test vector 4", input: "pleaseletmein", @@ -1127,4 +1127,36 @@ TestRegister.addTests([ } ] }, */ + { + name: "Argon2", + input: "argon2password", + expectedOutput: "$argon2i$v=19$m=4096,t=3,p=1$c29tZXNhbHQ$s43my9eBljQADuF/LWCG8vGqwAJzOorKQ0Yog8jFvbw", + recipeConfig: [ + { + op: "Argon2", + args: [ + {"option": "UTF8", "string": "somesalt"}, + 3, + 4096, + 1, + 32, + "Argon2i", + "Encoded hash" + ] + } + ] + }, + { + name: "Argon2 compare", + input: "argon2password", + expectedOutput: "Match: argon2password", + recipeConfig: [ + { + op: "Argon2 compare", + args: [ + "$argon2i$v=19$m=4096,t=3,p=1$c29tZXNhbHQ$s43my9eBljQADuF/LWCG8vGqwAJzOorKQ0Yog8jFvbw" + ] + } + ] + } ]); diff --git a/webpack.config.js b/webpack.config.js index 50c4c731..d318d7c2 100644 --- a/webpack.config.js +++ b/webpack.config.js @@ -114,6 +114,8 @@ module.exports = { } }, module: { + // argon2-browser loads argon2.wasm by itself, so Webpack should not load it + noParse: /argon2\.wasm$/, rules: [ { test: /\.m?js$/, @@ -133,6 +135,12 @@ module.exports = { additionalCode: "var jQuery = false;" } }, + { + // Load argon2.wasm as base64-encoded binary file expected by argon2-browser + test: /argon2\.wasm$/, + loader: "base64-loader", + type: "javascript/auto" + }, { test: /prime.worker.min.js$/, type: "asset/source"