javascript - PrivateBin 解密用户脚本上的 DOMException

Question

我正在创建一个解密和读取 PrivateBin 粘贴的用户脚本，但我似乎卡在Uncaught (in promise) DOMException了特定的粘贴上。

以下是用户脚本正确解密的示例粘贴（将所有密码字段留空）：

• https://vim.cx/?05a00ca8863924ef#5ZxxVfHhfZLimj773FyUesrPdzjVfkqcE2ZcVuTydFcz (530,000 'a' 字符),
• https://vim.cx/?4139863ee4036a96#BpNHjasctaSxV8xq4mCa2mMLLQJc4heWAu4h5aKHCCUh (529,999 'a' 字符),
• https://vim.cx/?0cbd4397cda65417#5ktpHHJpgS8HD6Qz1TF1D7kb1apQrMYNjoAtW5xBGLHX（Markdown中的 Hello world）

以下是触发DOMException和无法解密的示例粘贴（将所有密码字段留空）：

• https://vim.cx/?fd5171b42280903f#DvZT5UnA8PnVc24RRwQZjKDaryTehpCunuFJw62Qxxx3
• https://vim.cx/?c03063b169f7b4f0#7YNYp5rmPh4xFKKeRDNjCSXL6ztXa6N36FZYzdsjJdtb
• https://vim.cx/?72cf95753c37d1e6#Bio8YzLQNgtWjYaorX2UGAiCgBqFXbgpZMxquxPBoqop

成功解密的粘贴是使用 PrivateBin 内置 Web 编辑器创建的，我怀疑解密失败的粘贴是使用自定义 PrivateBin 实现创建的。

然后我查看了关于 SO 类似问题的答案，许多人认为这是一个填充问题。然而我不知道如何继续我的调查并解决这个问题，甚至不知道如何确定正确的填充。

关于我的代码到底出了什么问题和/或缺少什么想法？谢谢。

我在 Chromium 89 上使用 Tampermonkey 4.13，并且在 Firefox 88 和 Tampermonkey 4.11 上成功重现了该错误。这是有关错误外观的屏幕截图。

代码：

// ==UserScript==
// @name         PrivateBin Test
// @namespace    http://tampermonkey.net/
// @match        https://vim.cx/*
// @run-at       document-start
// @connect      *
// @grant        GM_xmlhttpRequest
// ==/UserScript==

window.stop()

var base58 = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"
var base64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"

// The MIT License (MIT) (for included copies of other open-source software)
// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

// fflate block start
// https://github.com/101arrowz/fflate
// The MIT License (MIT) Copyright (c) 2020 Arjun Barrett
var r=Uint8Array,n=Uint16Array,e=Uint32Array,a=new r([0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0,0,0,0]),f=new r([0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13,0,0]),t=new r([16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15]),i=function(r,a){for(var f=new n(31),t=0;t<31;++t)f[t]=a+=1<<r[t-1];var i=new e(f[30]);for(t=1;t<30;++t)for(var o=f[t];o<f[t+1];++o)i[o]=o-f[t]<<5|t;return[f,i]},o=function(r){for(var n=r[0],e=1;e<r.length;++e)r[e]>n&&(n=r[e]);return n},v=i(a,2),l=v[0],u=v[1];l[28]=258,u[258]=28;for(var w=i(f,0),c=w[0],h=(w[1],new n(32768)),s=0;s<32768;++s){var b=(43690&s)>>>1|(21845&s)<<1;b=(61680&(b=(52428&b)>>>2|(13107&b)<<2))>>>4|(3855&b)<<4,h[s]=((65280&b)>>>8|(255&b)<<8)>>>1}var d=function(r,e,a){for(var f=r.length,t=0,i=new n(e);t<f;++t)++i[r[t]-1];var o,v=new n(e);for(t=0;t<e;++t)v[t]=v[t-1]+i[t-1]<<1;if(a){o=new n(1<<e);var l=15-e;for(t=0;t<f;++t)if(r[t])for(var u=t<<4|r[t],w=e-r[t],c=v[r[t]-1]++<<w,s=c|(1<<w)-1;c<=s;++c)o[h[c]>>>l]=u}else for(o=new n(f),t=0;t<f;++t)r[t]&&(o[t]=h[v[r[t]-1]++]>>>15-r[t]);return o},p=new r(288);for(s=0;s<144;++s)p[s]=8;for(s=144;s<256;++s)p[s]=9;for(s=256;s<280;++s)p[s]=7;for(s=280;s<288;++s)p[s]=8;var y=new r(32);for(s=0;s<32;++s)y[s]=5;var g=d(p,9,1),k=d(y,5,1),x=function(r,n,e){var a=n/8|0;return(r[a]|r[a+1]<<8)>>(7&n)&e},E=function(r,n){var e=n/8|0;return(r[e]|r[e+1]<<8|r[e+2]<<16)>>(7&n)};function inflateSync(i,v,u){var w=i.length;if(!w||u&&!u.l&&w<5)return v||new r(0);var h=!v||u,s=!u||u.i;u||(u={}),v||(v=new r(3*w));var b,p=function(n){var e=v.length;if(n>e){var a=new r(Math.max(2*e,n));a.set(v),v=a}},y=u.f||0,F=u.p||0,O=u.b||0,m=u.l,A=u.d,U=u.m,M=u.n,S=8*w;do{if(!m){u.f=y=x(i,F,1);var j=x(i,F+1,3);if(F+=3,!j){var q=i[(N=((b=F)/8|0)+(7&b&&1)+4)-4]|i[N-3]<<8,z=N+q;if(z>w){if(s)throw"unexpected EOF";break}h&&p(O+q),v.set(i.subarray(N,z),O),u.b=O+=q,u.p=F=8*z;continue}if(1==j)m=g,A=k,U=9,M=5;else{if(2!=j)throw"invalid block type";var B=x(i,F,31)+257,C=x(i,F+10,15)+4,D=B+x(i,F+5,31)+1;F+=14;for(var G=new r(D),H=new r(19),I=0;I<C;++I)H[t[I]]=x(i,F+3*I,7);F+=3*C;var J=o(H),K=(1<<J)-1,L=d(H,J,1);for(I=0;I<D;){var N,P=L[x(i,F,K)];if(F+=15&P,(N=P>>>4)<16)G[I++]=N;else{var Q=0,R=0;for(16==N?(R=3+x(i,F,3),F+=2,Q=G[I-1]):17==N?(R=3+x(i,F,7),F+=3):18==N&&(R=11+x(i,F,127),F+=7);R--;)G[I++]=Q}}var T=G.subarray(0,B),V=G.subarray(B);U=o(T),M=o(V),m=d(T,U,1),A=d(V,M,1)}if(F>S){if(s)throw"unexpected EOF";break}}h&&p(O+131072);for(var W=(1<<U)-1,X=(1<<M)-1,Y=F;;Y=F){var Z=(Q=m[E(i,F)&W])>>>4;if((F+=15&Q)>S){if(s)throw"unexpected EOF";break}if(!Q)throw"invalid length/literal";if(Z<256)v[O++]=Z;else{if(256==Z){Y=F,m=null;break}var $=Z-254;if(Z>264){var _=a[I=Z-257];$=x(i,F,(1<<_)-1)+l[I],F+=_}var rr=A[E(i,F)&X],nr=rr>>>4;if(!rr)throw"invalid distance";F+=15&rr;V=c[nr];if(nr>3){_=f[nr];V+=E(i,F)&(1<<_)-1,F+=_}if(F>S){if(s)throw"unexpected EOF";break}h&&p(O+131072);for(var er=O+$;O<er;O+=4)v[O]=v[O-V],v[O+1]=v[O+1-V],v[O+2]=v[O+2-V],v[O+3]=v[O+3-V];O=er}}u.l=m,u.p=Y,u.b=O,m&&(y=1,u.m=U,u.d=A,u.n=M)}while(!y);return O==v.length?v:function(a,f,t){(null==f||f<0)&&(f=0),(null==t||t>a.length)&&(t=a.length);var i=new(a instanceof n?n:a instanceof e?e:r)(t-f);return i.set(a.subarray(f,t)),i}(v,0,O)};
// fflate block end

// base-x block start
// https://github.com/cryptocoinjs/base-x
// The MIT License (MIT) Copyright (c) 2018 base-x contributors Copyright (c) 2014-2018 The Bitcoin Core developers
function base(r){var u8=Uint8Array,lg=Math.log;if(r.length>=255)throw new TypeError("Alphabet too long");for(var o=new u8(256),t=0;t<o.length;t++)o[t]=255;for(var e=0;e<r.length;e++){var n=r.charAt(e),a=n.charCodeAt(0);if(255!==o[a])throw new TypeError(n+" is ambiguous");o[a]=e}var f=r.length,i=r.charAt(0),h=lg(f)/lg(256),v=lg(256)/lg(f);function c(r){if("string"!=typeof r)throw new TypeError("Expected String");if(0===r.length)return new u8(0);var t=0;if(" "!==r[t]){for(var e=0,n=0;r[t]===i;)e++,t++;for(var a=(r.length-t)*h+1>>>0,v=new u8(a);r[t];){var c=o[r.charCodeAt(t)];if(255===c)return;for(var l=0,g=a-1;(0!==c||l<n)&&-1!==g;g--,l++)c+=f*v[g]>>>0,v[g]=c%256>>>0,c=c/256>>>0;if(0!==c)throw new Error("Non-zero carry");n=l,t++}if(" "!==r[t]){for(var w=a-n;w!==a&&0===v[w];)w++;var u=new u8(e+(a-w));u.fill(0,0,e);for(var y=e;w!==a;)u[y++]=v[w++];return u}}}return{encode:function(o){if(Array.isArray(o)&&(o=u8.from(o)),0===o.length)return"";for(var t=0,e=0,n=0,a=o.length;n!==a&&0===o[n];)n++,t++;for(var h=(a-n)*v+1>>>0,c=new u8(h);n!==a;){for(var l=o[n],g=0,w=h-1;(0!==l||g<e)&&-1!==w;w--,g++)l+=256*c[w]>>>0,c[w]=l%f>>>0,l=l/f>>>0;if(0!==l)throw new Error("Non-zero carry");e=g,n++}for(var u=h-e;u!==h&&0===c[u];)u++;for(var y=i.repeat(t);u<h;++u)y+=r.charAt(c[u]);return y},decodeUnsafe:c,decode:function(r){var o=c(r);if(o)return o;throw new Error("Non-base"+f+" character")}}};
// base-x block end

// b64 block start
// Modified from https://github.com/enepomnyaschih/byte-base64
// The MIT License (MIT) Copyright (c) 2020 Egor Nepomnyaschih
function b64(e){var a=new Uint8Array(256).fill(255);base64.split("").forEach(((e,t)=>{a[e.charCodeAt(0)]=t}));a["=".charCodeAt(0)]=0;let t,r=e.endsWith("==")?2:e.endsWith("=")?1:0,h=e.length,n=new Uint8Array(h/4*3);for(let r=0,o=0;r<h;r+=4,o+=3)t=a[e.charCodeAt(r)]<<18|a[e.charCodeAt(r+1)]<<12|a[e.charCodeAt(r+2)]<<6|a[e.charCodeAt(r+3)],n[o]=t>>16,n[o+1]=t>>8&255,n[o+2]=255&t;return n.subarray(0,n.length-r)}
// b64 block end

function u8Append(a, b) {
    const arr = new Uint8Array(a.length + b.length)
    arr.set(a)
    arr.set(b, a.length)
    return arr
}

function getter(url) {
    GM_xmlhttpRequest({
        method: "GET",
        url: url,
        headers: {
            "X-Requested-With": "JSONHttpRequest"
        },
        onload: function(response) {
            decryptor(JSON.parse(response.responseText))
        },
        onerror: function(error) {
            console.log("Error")
            console.log(error)
        },
        ontimeout: function(timeout) {
            console.log("Timeout")
        }
    })
}

getter("https://" + window.location.host + "/?pasteid=" + window.location.search.slice(1))

async function decryptor(response) {
    console.log(response)
    const passphrase = u8Append(
        base(base58).decode(window.location.hash.slice(1)),
        (new TextEncoder()).encode(window.prompt("Enter paste password (leave blank if no password): "))
    )
    const data = b64(response.ct)
    const length = 256 // 256 bits
    const iv = b64(response.adata[0][0]) // 128 bits
    const salt = b64(response.adata[0][1]) // 64 bits
    const iterations = response.adata[0][2] // 100000 iterations
    const tagLength = response.adata[0][4] // 128 bits

    const key = await crypto.subtle.importKey('raw', passphrase, 'PBKDF2', false, ['deriveKey']) // should convert u8 to CryptoKey
    const derived_key = await crypto.subtle.deriveKey(
        {name: 'PBKDF2', salt, iterations, hash: 'SHA-256'},
        key,
        {name: 'AES-GCM', length}, false, ['decrypt']
    )
    const deflated = await crypto.subtle.decrypt({name: 'AES-GCM', iv, additionalData: (new TextEncoder()).encode(JSON.stringify(response.adata)), tagLength},
        derived_key, data
    )

    console.log((new TextDecoder()).decode(inflateSync(new Uint8Array(deflated))))
}