Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
// 3. Generate an octet string PS consisting of emLen-||M||-2hLen-1 zero octets.
var psLen = emLen - M.length - 2*hLen - 1;
if (psLen < 0)
throw new Error("malformed input");
var PS = new Uint8Array(psLen + 1);
PS.fill(0);
PS[psLen] = 0x01;
// 4. Let pHash = Hash(P)
H.reset();
H.update(P);
var pHash = H.close();
// 5. Concatenate pHash, PS, the message M, ...
var DB = new ArrayBuffer();
DB = DB.concat(pHash, PS, M);
// 6. Generate a random octet string seed of length hLen.
var seed = Crypt.rng(hLen);
// 7. Let dbMask = MGF(seed, emLen - hLen).
var dbMask = this.MGF(seed, emLen - hLen);
// 8. Let maskedDB = DB \xor dbMask.
this.xor(DB, dbMask);
var maskedDB = DB;
// 9. Let seedMask = MGF(maskedDB, hLen).
var seedMask = this.MGF(maskedDB, hLen);
// 10. Let maskedSeed = seed \xor seedMask.
this.xor(seed, seedMask);
var maskedSeed = seed;
// 11. Let EM = maskedSeed || maskedDB.
var EM = maskedSeed;
EM = EM.concat(maskedDB);
return new Arith.Integer(EM);
};
ncomp(a, b, l) {
emeEncode(M, emLen) {
var pssize = emLen - M.byteLength - 2;
if (pssize < 0)
throw new Error("emeEncode malformed input");
var s = new Uint8Array(pssize + 2);
var ps = new Uint8Array(Crypt.rng(pssize));
var i = 0;
s[i++] = 0x02;
for (var j = 0; j < ps.length; j++) {
// make sure of nonzero
var c = ps[j];
if (c == 0)
c = 0xff;
s[i++] = c;
}
s[i++] = 0x00;
return new Arith.Integer(s.buffer.concat(M));
};
emeDecode(EM) {
var mac = this.calculateMac(cipher.hmac, session.writeSeqNum, type, session.protocolVersion, fragment);
var blksz = session.chosenCipher.cipherBlockSize, iv;
var tmps = new SSLStream();
tmps.writeChunk(fragment);
tmps.writeChunk(mac);
if (blksz) {
var length = tmps.bytesWritten + 1;
var padSize = length % blksz;
if (padSize > 0)
padSize = blksz - padSize;
for (var i = 0; i < padSize; i++)
tmps.writeChar(padSize);
tmps.writeChar(padSize);
}
if (session.protocolVersion >= 0x302 && blksz) { // 3.2 or higher && block cipher
iv = Crypt.rng(blksz);
cipher.enc.setIV(iv);
}
fragment = cipher.enc.encrypt(tmps.getChunk());
if (iv)
fragment = iv.concat(fragment);
break;
case SSL.cipherSuite.GCM:
let explicit_nonce = cipher.nonce.toChunk(session.chosenCipher.ivSize);
cipher.nonce.inc();
let nonce = cipher.iv.concat(explicit_nonce);
let additional_data = this.aeadAdditionalData(session.writeSeqNum, type, session.protocolVersion, fragment.byteLength);
fragment = cipher.enc.process(fragment, null, nonce, additional_data, true);
fragment = explicit_nonce.concat(fragment);
break;
}
session.writeSeqNum.inc();
static randint(max, z) {
var i = new Arith.Integer(Crypt.rng(max.sizeof()));
while (i.comp(max) >= 0)
i = z.lsr(i, 1);
return i;
};
static parse(buf, privFlag) {