1 |
var Buffer = require('safe-buffer').Buffer
2 |
var ZEROES = Buffer.alloc(16, 0)
3 |
4 |
function toArray (buf) {
5 |
return [
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
function fromArray (out) {
14 |
var buf = Buffer.allocUnsafe(16)
15 |
buf.writeUInt32BE(out[0] >>> 0, 0)
16 |
buf.writeUInt32BE(out[1] >>> 0, 4)
17 |
buf.writeUInt32BE(out[2] >>> 0, 8)
18 |
buf.writeUInt32BE(out[3] >>> 0, 12)
19 |
return buf
20 |
21 |
22 |
function GHASH (key) {
23 |
this.h = key
24 |
this.state = Buffer.alloc(16, 0)
25 |
this.cache = Buffer.allocUnsafe(0)
26 |
27 |
28 |
// from http://bitwiseshiftleft.github.io/sjcl/doc/symbols/src/core_gcm.js.html
29 |
// by Juho Vähä-Herttua
30 |
GHASH.prototype.ghash = function (block) {
31 |
var i = -1
32 |
while (++i < block.length) {
33 |
this.state[i] ^= block[i]
34 |
35 |
36 |
37 |
38 |
GHASH.prototype._multiply = function () {
39 |
var Vi = toArray(this.h)
40 |
var Zi = [0, 0, 0, 0]
41 |
var j, xi, lsbVi
42 |
var i = -1
43 |
while (++i < 128) {
44 |
xi = (this.state[~~(i / 8)] & (1 << (7 - (i % 8)))) !== 0
45 |
if (xi) {
46 |
// Z_i+1 = Z_i ^ V_i
47 |
Zi[0] ^= Vi[0]
48 |
Zi[1] ^= Vi[1]
49 |
Zi[2] ^= Vi[2]
50 |
Zi[3] ^= Vi[3]
51 |
52 |
53 |
// Store the value of LSB(V_i)
54 |
lsbVi = (Vi[3] & 1) !== 0
55 |
56 |
// V_i+1 = V_i >> 1
57 |
for (j = 3; j > 0; j--) {
58 |
Vi[j] = (Vi[j] >>> 1) | ((Vi[j - 1] & 1) << 31)
59 |
60 |
Vi[0] = Vi[0] >>> 1
61 |
62 |
// If LSB(V_i) is 1, V_i+1 = (V_i >> 1) ^ R
63 |
if (lsbVi) {
64 |
Vi[0] = Vi[0] ^ (0xe1 << 24)
65 |
66 |
67 |
this.state = fromArray(Zi)
68 |
69 |
70 |
GHASH.prototype.update = function (buf) {
71 |
this.cache = Buffer.concat([this.cache, buf])
72 |
var chunk
73 |
while (this.cache.length >= 16) {
74 |
chunk = this.cache.slice(0, 16)
75 |
this.cache = this.cache.slice(16)
76 |
77 |
78 |
79 |
80 |
GHASH.prototype.final = function (abl, bl) {
81 |
if (this.cache.length) {
82 |
this.ghash(Buffer.concat([this.cache, ZEROES], 16))
83 |
84 |
85 |
this.ghash(fromArray([0, abl, 0, bl]))
86 |
return this.state
87 |
88 |
89 |
module.exports = GHASH