mirror of
https://github.com/gchq/CyberChef.git
synced 2025-06-14 10:14:53 -04:00
101 lines
3.4 KiB
JavaScript
101 lines
3.4 KiB
JavaScript
/**
|
|
* @author aosterhage [aaron.osterhage@gmail.com]
|
|
* @copyright Crown Copyright 2025
|
|
* @license Apache-2.0
|
|
*/
|
|
|
|
import Operation from "../Operation.mjs";
|
|
import OperationError from "../errors/OperationError.mjs";
|
|
import Utils from "../Utils.mjs";
|
|
import forge from "node-forge";
|
|
import { aesKeyWrap } from "../lib/AESKeyWrap.mjs";
|
|
import { toHexFast } from "../lib/Hex.mjs";
|
|
|
|
/**
|
|
* AES Key Wrap With Padding operation
|
|
*/
|
|
class AESKeyWrapWithPadding extends Operation {
|
|
|
|
/**
|
|
* AESKeyWrapWithPadding constructor
|
|
*/
|
|
constructor() {
|
|
super();
|
|
|
|
this.name = "AES Key Wrap With Padding";
|
|
this.module = "Ciphers";
|
|
this.description = "A key wrapping algorithm defined in RFC 3394 combined with a padding convention defined in RFC 5649.<br><br>The padding convention defined in RFC 5649 eliminates the requirement that the length of the key to be wrapped be a multiple of 64 bits, allowing a key of any practical length to be wrapped.";
|
|
this.infoURL = "https://wikipedia.org/wiki/Key_wrap";
|
|
this.inputType = "string";
|
|
this.outputType = "string";
|
|
this.args = [
|
|
{
|
|
"name": "Key (KEK)",
|
|
"type": "toggleString",
|
|
"value": "",
|
|
"toggleValues": ["Hex", "UTF8", "Latin1", "Base64"]
|
|
},
|
|
{
|
|
"name": "Input",
|
|
"type": "option",
|
|
"value": ["Hex", "Raw"]
|
|
},
|
|
{
|
|
"name": "Output",
|
|
"type": "option",
|
|
"value": ["Hex", "Raw"]
|
|
},
|
|
];
|
|
}
|
|
|
|
/**
|
|
* @param {string} input
|
|
* @param {Object[]} args
|
|
* @returns {string}
|
|
*/
|
|
run(input, args) {
|
|
const kek = Utils.convertToByteString(args[0].string, args[0].option),
|
|
inputType = args[1],
|
|
outputType = args[2];
|
|
|
|
if (kek.length !== 16 && kek.length !== 24 && kek.length !== 32) {
|
|
throw new OperationError("KEK must be either 16, 24, or 32 bytes (currently " + kek.length + " bytes)");
|
|
}
|
|
|
|
input = Utils.convertToByteString(input, inputType);
|
|
if (input.length <= 0) {
|
|
throw new OperationError("input must be > 0 bytes");
|
|
}
|
|
|
|
// Construct the "Alternative Initial Value" (AIV).
|
|
const aiv = "\xa6\x59\x59\xa6" + Utils.byteArrayToChars(Utils.intToByteArray(input.length, 4, "big"));;
|
|
|
|
// Pad the input as needed.
|
|
const isMultipleOf8 = (input.length % 8) === 0;
|
|
const paddedLength = input.length + (isMultipleOf8 ? 0 : (8 - (input.length % 8)));
|
|
input = input.padEnd(paddedLength, "\0");
|
|
|
|
let output;
|
|
|
|
if (paddedLength === 8) {
|
|
// Special case where the padded input is one 64-bit block.
|
|
|
|
// Get the cipher ready and disable PKCS#7 padding.
|
|
const cipher = forge.cipher.createCipher("AES-ECB", kek);
|
|
cipher.mode.pad = false;
|
|
|
|
cipher.start();
|
|
cipher.update(forge.util.createBuffer(aiv + input));
|
|
cipher.finish();
|
|
output = cipher.output.getBytes();
|
|
} else {
|
|
// Otherwise, follow the wrapping process from RFC 3394 (AESKeyWrap operation).
|
|
output = aesKeyWrap(input, kek, aiv);
|
|
}
|
|
|
|
return outputType === "Hex" ? toHexFast(Utils.strToArrayBuffer(output)) : output;
|
|
}
|
|
|
|
}
|
|
|
|
export default AESKeyWrapWithPadding;
|