Merge branch 'master' of https://github.com/gchq/CyberChef

2025-05-08 07:21:02 -04:00 · 2023-03-27 09:11:17 -03:00 · 2023-03-27 09:11:17 -03:00 · 3ee424ce92
commit 3ee424ce92
parent 93cbdae32a 1bc88728f0
12 changed files with 368 additions and 6 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -13,6 +13,12 @@ All major and minor version changes will be documented in this file. Details of

 ## Details

+### [10.4.0] - 2023-03-24
+- Added 'Generate De Bruijn Sequence' operation [@gchq77703] | [#493]
+
+### [10.3.0] - 2023-03-24
+- Added 'Argon2' and 'Argon2 compare' operations [@Xenonym] | [#661]
+
 ### [10.2.0] - 2023-03-23
 - Added 'Derive HKDF key' operation [@mikecat] | [#1528]

@ -365,6 +371,8 @@ All major and minor version changes will be documented in this file. Details of



+[10.4.0]: https://github.com/gchq/CyberChef/releases/tag/v10.4.0
+[10.3.0]: https://github.com/gchq/CyberChef/releases/tag/v10.3.0
 [10.2.0]: https://github.com/gchq/CyberChef/releases/tag/v10.2.0
 [10.1.0]: https://github.com/gchq/CyberChef/releases/tag/v10.1.0
 [10.0.0]: https://github.com/gchq/CyberChef/releases/tag/v10.0.0
@ -514,6 +522,8 @@ All major and minor version changes will be documented in this file. Details of
 [@valdelaseras]: https://github.com/valdelaseras
 [@brun0ne]: https://github.com/brun0ne
 [@joostrijneveld]: https://github.com/joostrijneveld
+[@Xenonym]: https://github.com/Xenonym
+[@gchq77703]: https://github.com/gchq77703

 [8ad18b]: https://github.com/gchq/CyberChef/commit/8ad18bc7db6d9ff184ba3518686293a7685bf7b7
 [9a33498]: https://github.com/gchq/CyberChef/commit/9a33498fed26a8df9c9f35f39a78a174bf50a513
@ -629,4 +639,6 @@ All major and minor version changes will be documented in this file. Details of
 [#1498]: https://github.com/gchq/CyberChef/pull/1498
 [#1499]: https://github.com/gchq/CyberChef/pull/1499
 [#1528]: https://github.com/gchq/CyberChef/pull/1528
+[#661]: https://github.com/gchq/CyberChef/pull/661
+[#493]: https://github.com/gchq/CyberChef/pull/493

--- a/package-lock.json
+++ b/package-lock.json
@ -1,6 +1,6 @@
 {
  "name": "cyberchef",
-  "version": "10.2.0",
+  "version": "10.4.0",
  "lockfileVersion": 1,
  "requires": true,
  "dependencies": {
@ -2481,6 +2481,11 @@
      "integrity": "sha512-e0hDa9H2Z9AwFkk2qDlwhoMYE4eToKarchkQHovNdLTCYMHZHeRjI71crOh+dio4K6u1IcwubQqo79Ga4CyAQA==",
      "dev": true
    },
+    "argon2-browser": {
+      "version": "1.18.0",
+      "resolved": "https://registry.npmjs.org/argon2-browser/-/argon2-browser-1.18.0.tgz",
+      "integrity": "sha512-ImVAGIItnFnvET1exhsQB7apRztcoC5TnlSqernMJDUjbc/DLq3UEYeXFrLPrlaIl8cVfwnXb6wX2KpFf2zxHw=="
+    },
    "argparse": {
      "version": "2.0.1",
      "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz",
@ -2863,6 +2868,12 @@
      "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz",
      "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA=="
    },
+    "base64-loader": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/base64-loader/-/base64-loader-1.0.0.tgz",
+      "integrity": "sha512-p32+F8dg+ANGx7s8QsZS74ZPHfIycmC2yZcoerzFgbersIYWitPbbF39G6SBx3gyvzyLH5nt1ooocxr0IHuWKA==",
+      "dev": true
+    },
    "basic-auth": {
      "version": "2.0.1",
      "resolved": "https://registry.npmjs.org/basic-auth/-/basic-auth-2.0.1.tgz",
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "cyberchef",
-  "version": "10.2.0",
+  "version": "10.4.0",
  "description": "The Cyber Swiss Army Knife for encryption, encoding, compression and data analysis.",
  "author": "n1474335 <n1474335@gmail.com>",
  "homepage": "https://gchq.github.io/CyberChef",
@ -54,6 +54,7 @@
    "babel-loader": "^9.1.2",
    "babel-plugin-dynamic-import-node": "^2.3.3",
    "babel-plugin-transform-builtin-extend": "1.1.2",
+    "base64-loader": "^1.0.0",
    "chromedriver": "^110.0.0",
    "cli-progress": "^3.12.0",
    "colors": "^1.4.0",
@ -94,6 +95,7 @@
    "@astronautlabs/amf": "^0.0.6",
    "@babel/polyfill": "^7.12.1",
    "@blu3r4y/lzma": "^2.3.3",
+    "argon2-browser": "^1.18.0",
    "arrive": "^2.4.1",
    "avsc": "^5.7.7",
    "bcryptjs": "^2.4.3",
@ -179,8 +181,8 @@
    "start": "npx grunt dev",
    "build": "npx grunt prod",
    "node": "npx grunt node",
-    "repl": "node --experimental-modules --experimental-json-modules --experimental-specifier-resolution=node --no-warnings src/node/repl.mjs",
-    "test": "npx grunt configTests && node --experimental-modules --experimental-json-modules --no-warnings --no-deprecation --openssl-legacy-provider tests/node/index.mjs && node --experimental-modules --experimental-json-modules --no-warnings --no-deprecation --openssl-legacy-provider tests/operations/index.mjs",
+    "repl": "node --experimental-modules --experimental-json-modules --experimental-specifier-resolution=node --no-experimental-fetch --no-warnings src/node/repl.mjs",
+    "test": "npx grunt configTests && node --experimental-modules --experimental-json-modules --no-warnings --no-deprecation --openssl-legacy-provider --no-experimental-fetch tests/node/index.mjs && node --experimental-modules --experimental-json-modules --no-warnings --no-deprecation --openssl-legacy-provider --no-experimental-fetch tests/operations/index.mjs",
    "testnodeconsumer": "npx grunt testnodeconsumer",
    "testui": "npx grunt testui",
    "testuidev": "npx nightwatch --env=dev",
--- a/src/core/config/Categories.json
+++ b/src/core/config/Categories.json
@ -381,6 +381,8 @@
            "Bcrypt",
            "Bcrypt compare",
            "Bcrypt parse",
+            "Argon2",
+            "Argon2 compare",
            "Scrypt",
            "NT Hash",
            "LM Hash",
@ -488,6 +490,7 @@
            "P-list Viewer",
            "Disassemble x86",
            "Pseudo-Random Number Generator",
+            "Generate De Bruijn Sequence",
            "Generate UUID",
            "Analyse UUID",
            "Generate TOTP",
--- a/src/core/operations/Argon2.mjs
+++ b/src/core/operations/Argon2.mjs
@ -0,0 +1,117 @@
+/**
+ * @author Tan Zhen Yong [tzy@beyondthesprawl.com]
+ * @copyright Crown Copyright 2019
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+import OperationError from "../errors/OperationError.mjs";
+import Utils from "../Utils.mjs";
+import argon2 from "argon2-browser";
+
+/**
+ * Argon2 operation
+ */
+class Argon2 extends Operation {
+
+    /**
+     * Argon2 constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "Argon2";
+        this.module = "Crypto";
+        this.description = "Argon2 is a key derivation function that was selected as the winner of the Password Hashing Competition in July 2015. It was designed by Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich from the University of Luxembourg.<br><br>Enter the password in the input to generate its hash.";
+        this.infoURL = "https://wikipedia.org/wiki/Argon2";
+        this.inputType = "string";
+        this.outputType = "string";
+        this.args = [
+            {
+                "name": "Salt",
+                "type": "toggleString",
+                "value": "somesalt",
+                "toggleValues": ["UTF8", "Hex", "Base64", "Latin1"]
+            },
+            {
+                "name": "Iterations",
+                "type": "number",
+                "value": 3
+            },
+            {
+                "name": "Memory (KiB)",
+                "type": "number",
+                "value": 4096
+            },
+            {
+                "name": "Parallelism",
+                "type": "number",
+                "value": 1
+            },
+            {
+                "name": "Hash length (bytes)",
+                "type": "number",
+                "value": 32
+            },
+            {
+                "name": "Type",
+                "type": "option",
+                "value": ["Argon2i", "Argon2d", "Argon2id"],
+                "defaultIndex": 0
+            },
+            {
+                "name": "Output format",
+                "type": "option",
+                "value": ["Encoded hash", "Hex hash", "Raw hash"]
+            }
+        ];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    async run(input, args) {
+        const argon2Types = {
+            "Argon2i": argon2.ArgonType.Argon2i,
+            "Argon2d": argon2.ArgonType.Argon2d,
+            "Argon2id": argon2.ArgonType.Argon2id
+        };
+
+        const salt = Utils.convertToByteString(args[0].string || "", args[0].option),
+            time = args[1],
+            mem = args[2],
+            parallelism = args[3],
+            hashLen = args[4],
+            type = argon2Types[args[5]],
+            outFormat = args[6];
+
+        try {
+            const result = await argon2.hash({
+                pass: input,
+                salt,
+                time,
+                mem,
+                parallelism,
+                hashLen,
+                type,
+            });
+
+            switch (outFormat) {
+                case "Hex hash":
+                    return result.hashHex;
+                case "Raw hash":
+                    return Utils.arrayBufferToStr(result.hash);
+                case "Encoded hash":
+                default:
+                    return result.encoded;
+            }
+        } catch (err) {
+            throw new OperationError(`Error: ${err.message}`);
+        }
+    }
+
+}
+
+export default Argon2;
--- a/src/core/operations/Argon2Compare.mjs
+++ b/src/core/operations/Argon2Compare.mjs
@ -0,0 +1,58 @@
+/**
+ * @author Tan Zhen Yong [tzy@beyondthesprawl.com]
+ * @copyright Crown Copyright 2019
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+import argon2 from "argon2-browser";
+
+/**
+ * Argon2 compare operation
+ */
+class Argon2Compare extends Operation {
+
+    /**
+     * Argon2Compare constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "Argon2 compare";
+        this.module = "Crypto";
+        this.description = "Tests whether the input matches the given Argon2 hash. To test multiple possible passwords, use the 'Fork' operation.";
+        this.infoURL = "https://wikipedia.org/wiki/Argon2";
+        this.inputType = "string";
+        this.outputType = "string";
+        this.args = [
+            {
+                "name": "Encoded hash",
+                "type": "string",
+                "value": ""
+            }
+        ];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    async run(input, args) {
+        const encoded = args[0];
+
+        try {
+            await argon2.verify({
+                pass: input,
+                encoded
+            });
+
+            return `Match: ${input}`;
+        } catch (err) {
+            return "No match";
+        }
+    }
+
+}
+
+export default Argon2Compare;
--- a/src/core/operations/GenerateDeBruijnSequence.mjs
+++ b/src/core/operations/GenerateDeBruijnSequence.mjs
@ -0,0 +1,85 @@
+/**
+ * @author gchq77703 [gchq77703@gchq.gov.uk]
+ * @copyright Crown Copyright 2019
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+import OperationError from "../errors/OperationError.mjs";
+
+/**
+ * Generate De Bruijn Sequence operation
+ */
+class GenerateDeBruijnSequence extends Operation {
+
+    /**
+     * GenerateDeBruijnSequence constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "Generate De Bruijn Sequence";
+        this.module = "Default";
+        this.description = "Generates rolling keycode combinations given a certain alphabet size and key length.";
+        this.infoURL = "https://wikipedia.org/wiki/De_Bruijn_sequence";
+        this.inputType = "string";
+        this.outputType = "string";
+        this.args = [
+            {
+                name: "Alphabet size (k)",
+                type: "number",
+                value: 2
+            },
+            {
+                name: "Key length (n)",
+                type: "number",
+                value: 3
+            }
+        ];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        const [k, n] = args;
+
+        if (k < 2 || k > 9) {
+            throw new OperationError("Invalid alphabet size, required to be between 2 and 9 (inclusive).");
+        }
+
+        if (n < 2) {
+            throw new OperationError("Invalid key length, required to be at least 2.");
+        }
+
+        if (Math.pow(k, n) > 50000) {
+            throw new OperationError("Too many permutations, please reduce k^n to under 50,000.");
+        }
+
+        const a = new Array(k * n).fill(0);
+        const sequence = [];
+
+        (function db(t = 1, p = 1) {
+            if (t > n) {
+                if (n % p !== 0) return;
+                for (let j = 1; j <= p; j++) {
+                    sequence.push(a[j]);
+                }
+                return;
+            }
+
+            a[t] = a[t - p];
+            db(t + 1, p);
+            for (let j = a[t - p] + 1; j < k; j++) {
+                a[t] = j;
+                db(t + 1, t);
+            }
+        })();
+
+        return sequence.join("");
+    }
+}
+
+export default GenerateDeBruijnSequence;
--- a/src/web/html/index.html
+++ b/src/web/html/index.html
@ -61,7 +61,7 @@
                "Symlinking emacs and vim to ed...",
                "Training branch predictor...",
                "Timing cache hits...",
-                "Speculatively executing recipes..."
+                "Speculatively executing recipes...",
                "Adding LLM hallucinations..."
            ];

--- a/tests/operations/index.mjs
+++ b/tests/operations/index.mjs
@ -133,6 +133,7 @@ import "./tests/Rabbit.mjs";
 import "./tests/LevenshteinDistance.mjs";
 import "./tests/SwapCase.mjs";
 import "./tests/HKDF.mjs";
+import "./tests/GenerateDeBruijnSequence.mjs";

 // Cannot test operations that use the File type yet
 // import "./tests/SplitColourChannels.mjs";
--- a/tests/operations/tests/GenerateDeBruijnSequence.mjs
+++ b/tests/operations/tests/GenerateDeBruijnSequence.mjs
@ -0,0 +1,33 @@
+/**
+ * De Brujin Sequence tests.
+ *
+ * @author gchq77703 [gchq77703@gchq.gov.uk]
+ * @copyright Crown Copyright 2017
+ * @license Apache-2.0
+ */
+import TestRegister from "../../lib/TestRegister.mjs";
+
+TestRegister.addTests([
+    {
+        name: "Generate De Bruijn Sequence: Small Sequence",
+        input: "",
+        expectedOutput: "00010111",
+        recipeConfig: [
+            {
+                "op": "Generate De Bruijn Sequence",
+                "args": [2, 3]
+            }
+        ]
+    },
+    {
+        name: "Generate De Bruijn Sequence: Long Sequence",
+        input: "",
+        expectedOutput: "0000010000200003000110001200013000210002200023000310003200033001010010200103001110011200113001210012200123001310013200133002010020200203002110021200213002210022200223002310023200233003010030200303003110031200313003210032200323003310033200333010110101201013010210102201023010310103201033011020110301111011120111301121011220112301131011320113301202012030121101212012130122101222012230123101232012330130201303013110131201313013210132201323013310133201333020210202202023020310203202033021030211102112021130212102122021230213102132021330220302211022120221302221022220222302231022320223302303023110231202313023210232202323023310233202333030310303203033031110311203113031210312203123031310313203133032110321203213032210322203223032310323203233033110331203313033210332203323033310333203333111112111131112211123111321113311212112131122211223112321123311312113131132211323113321133312122121231213212133122131222212223122321223312313123221232312332123331313213133132221322313232132331332213323133321333322222322233223232233323233233333",
+        recipeConfig: [
+            {
+                "op": "Generate De Bruijn Sequence",
+                "args": [4, 5]
+            }
+        ]
+    }
+]);
--- a/tests/operations/tests/Hash.mjs
+++ b/tests/operations/tests/Hash.mjs
@ -1109,7 +1109,7 @@ TestRegister.addTests([
                args: ["D-A"]
            }
        ]
-    }
+    },
    /* { // This takes a LONG time to run (over a minute usually).
        name: "Scrypt: RFC test vector 4",
        input: "pleaseletmein",
@ -1127,4 +1127,36 @@ TestRegister.addTests([
            }
        ]
    }, */
+    {
+        name: "Argon2",
+        input: "argon2password",
+        expectedOutput: "$argon2i$v=19$m=4096,t=3,p=1$c29tZXNhbHQ$s43my9eBljQADuF/LWCG8vGqwAJzOorKQ0Yog8jFvbw",
+        recipeConfig: [
+            {
+                op: "Argon2",
+                args: [
+                    {"option": "UTF8", "string": "somesalt"},
+                    3,
+                    4096,
+                    1,
+                    32,
+                    "Argon2i",
+                    "Encoded hash"
+                ]
+            }
+        ]
+    },
+    {
+        name: "Argon2 compare",
+        input: "argon2password",
+        expectedOutput: "Match: argon2password",
+        recipeConfig: [
+            {
+                op: "Argon2 compare",
+                args: [
+                    "$argon2i$v=19$m=4096,t=3,p=1$c29tZXNhbHQ$s43my9eBljQADuF/LWCG8vGqwAJzOorKQ0Yog8jFvbw"
+                ]
+            }
+        ]
+    }
 ]);
--- a/webpack.config.js
+++ b/webpack.config.js
@ -114,6 +114,8 @@ module.exports = {
        }
    },
    module: {
+        // argon2-browser loads argon2.wasm by itself, so Webpack should not load it
+        noParse: /argon2\.wasm$/,
        rules: [
            {
                test: /\.m?js$/,
@ -133,6 +135,12 @@ module.exports = {
                    additionalCode: "var jQuery = false;"
                }
            },
+            {
+                // Load argon2.wasm as base64-encoded binary file expected by argon2-browser
+                test: /argon2\.wasm$/,
+                loader: "base64-loader",
+                type: "javascript/auto"
+            },
            {
                test: /prime.worker.min.js$/,
                type: "asset/source"