Use webcrypto for aes and sha256

src/checksum.ts

@@ -27,7 +27,20 @@ export function checksum(mod: IChecksumModule, key: Uint8Array, ciphertext: Uint
 
 export async function verifyChecksum(mod: IChecksumModule, key: Uint8Array, ciphertext: Uint8Array): Promise<boolean> {
   if (mod.function === "sha256") {
-    return equalsBytes(hexToBytes(mod.message), sha256(checksumData(key, ciphertext)));
+    if (globalThis?.crypto?.subtle) {
+      return verifyChecksumWebCrypto(mod, key, ciphertext);
+    }
+    return equalsBytes(hexToBytes(mod.message), sha256(checksumData(key as Uint8Array, ciphertext)));
+  } else {
+    throw new Error("Invalid checksum type");
+  }
+}
+
+async function verifyChecksumWebCrypto(mod: IChecksumModule, key: Uint8Array, ciphertext: Uint8Array) {
+  if (mod.function === "sha256") {
+    const data = checksumData(key, ciphertext);
+    const digest = new Uint8Array(await crypto.subtle.digest("SHA-256", data));
+    return equalsBytes(hexToBytes(mod.message), digest);
   } else {
     throw new Error("Invalid checksum type");
   }

src/cipher.ts

@@ -16,6 +16,9 @@ export function defaultAes128CtrModule(): Pick<ICipherModule, "function" | "para
 export async function cipherEncrypt(mod: ICipherModule, key: Uint8Array, data: Uint8Array): Promise<Uint8Array> {
   if (mod.function === "aes-128-ctr") {
     try {
+      if (globalThis?.crypto?.subtle) {
+        return await cipherEncryptWebCrypto(mod, key, data);
+      }
       return await aesEncrypt(
         data,
         key,
@@ -31,9 +34,27 @@ export async function cipherEncrypt(mod: ICipherModule, key: Uint8Array, data: U
   }
 }
 
+export async function cipherEncryptWebCrypto(
+  mod: ICipherModule,
+  key: Uint8Array,
+  data: Uint8Array
+): Promise<Uint8Array> {
+  const cryptoKey = await crypto.subtle.importKey(
+    "raw",
+    key,
+    {name: "AES-CTR"},
+    false,
+    ["encrypt"]
+  );
+  return new Uint8Array(await crypto.subtle.encrypt(pickAlgorithm(mod), cryptoKey, data));
+}
+
 export async function cipherDecrypt(mod: ICipherModule, key: Uint8Array): Promise<Uint8Array> {
   if (mod.function === "aes-128-ctr") {
     try {
+      if (globalThis?.crypto?.subtle) {
+        return await cipherDecryptWebCrypto(mod, key);
+      }
       return await aesDecrypt(
         hexToBytes(mod.message),
         key,
@@ -48,3 +69,22 @@ export async function cipherDecrypt(mod: ICipherModule, key: Uint8Array): Promis
     throw new Error("Invalid cipher type");
   }
 }
+
+async function cipherDecryptWebCrypto(mod: ICipherModule, key: Uint8Array): Promise<Uint8Array> {
+  const cryptoKey = await crypto.subtle.importKey(
+    "raw",
+    key,
+    {name: "AES-CTR"},
+    false,
+    ["decrypt"]
+  );
+  return new Uint8Array(await crypto.subtle.decrypt(pickAlgorithm(mod), cryptoKey, hexToBytes(mod.message)));
+}
+
+function pickAlgorithm(mod: ICipherModule): AesCtrParams {
+  if (mod.function === "aes-128-ctr") {
+    return { name: "AES-CTR", counter: hexToBytes(mod.params.iv), length: 128 };
+  } else {
+    throw new Error("Invalid cipher type");
+  }
+}

src/kdf.ts

@@ -60,7 +60,7 @@ async function doPbkdf2WebCrypto(params: IPbkdf2KdfModule["params"], password: U
   const passwordKey = await crypto.subtle.importKey(
     "raw",
     password,
-    "PBKDF2",
+    {name: "PBKDF2"},
     false,
     ["deriveKey"],
   );
@@ -72,7 +72,7 @@ async function doPbkdf2WebCrypto(params: IPbkdf2KdfModule["params"], password: U
       hash: pickHash(params.prf.slice(5)),
     },
     passwordKey,
-    { name: "AES-GCM", length: params.dklen * 8 },
+    {name: "AES-CTR", length: params.dklen * 8},
     true,
     ["encrypt", "decrypt"]
   );