From 38ca59460091d6f419b0c02ba7670525e795d729 Mon Sep 17 00:00:00 2001 From: Aaron Schmidt Date: Wed, 30 Dec 2015 11:27:16 +1300 Subject: [PATCH 01/79] Putting (bits1 | bits2) expression into a variable Fixes iOS 6.x bug described here: https://code.google.com/p/crypto-js/issues/detail?id=80 --- src/enc-base64.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/enc-base64.js b/src/enc-base64.js index 25cc001..1d09ec9 100644 --- a/src/enc-base64.js +++ b/src/enc-base64.js @@ -90,7 +90,8 @@ if (i % 4) { var bits1 = map.indexOf(base64Str.charAt(i - 1)) << ((i % 4) * 2); var bits2 = map.indexOf(base64Str.charAt(i)) >>> (6 - (i % 4) * 2); - words[nBytes >>> 2] |= (bits1 | bits2) << (24 - (nBytes % 4) * 8); + var bitsCombined = bits1 | bits2; + words[nBytes >>> 2] |= (bitsCombined) << (24 - (nBytes % 4) * 8); nBytes++; } } From a6f72353ed35978ae72aff773f9bfe63877d938c Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Sat, 2 Jan 2016 12:31:02 +0200 Subject: [PATCH 02/79] Make license a separate file and update for year 2016. --- LICENSE | 24 ++++++++++++++++++++++++ README.md | 25 ------------------------- grunt/config/copy.js | 2 +- 3 files changed, 25 insertions(+), 26 deletions(-) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..b0828e5 --- /dev/null +++ b/LICENSE @@ -0,0 +1,24 @@ +# License + +[The MIT License (MIT)](http://opensource.org/licenses/MIT) + +Copyright (c) 2009-2013 Jeff Mott +Copyright (c) 2013-2016 Evan Vosberg + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/README.md b/README.md index 5e4ace1..0ec682f 100644 --- a/README.md +++ b/README.md @@ -196,28 +196,3 @@ console.log(decryptedData); - ```crypto-js/pad-iso97971``` - ```crypto-js/pad-zeropadding``` - ```crypto-js/pad-nopadding``` - -## License - -[The MIT License (MIT)](http://opensource.org/licenses/MIT) - -Copyright (c) 2009-2013 Jeff Mott -Copyright (c) 2013-2015 Evan Vosberg - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. diff --git a/grunt/config/copy.js b/grunt/config/copy.js index 4e6a603..2aa74e2 100644 --- a/grunt/config/copy.js +++ b/grunt/config/copy.js @@ -10,7 +10,7 @@ module.exports = { src: [ 'README.md', 'CONTRIBUTING.md', - 'license.md', + 'LICENSE', 'docs/**/*' ], dest: '<%= meta.build %>' From 058c540cc9585a7899c882d743358543eb34a32c Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Sat, 2 Jan 2016 12:33:43 +0200 Subject: [PATCH 03/79] Bump version. --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index fcf2d13..bccb495 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "crypto-js", "title": "crypto-js", "description": "JavaScript library of crypto standards.", - "version": "3.1.5", + "version": "3.1.6", "homepage": "http://github.com/brix/crypto-js", "author": { "name": "Evan Vosberg", From e2a8b5e2771b7866c0a45cd98419d8831dda2d36 Mon Sep 17 00:00:00 2001 From: lizhe2004 Date: Fri, 8 Jan 2016 13:40:12 +0800 Subject: [PATCH 04/79] correct the package name in requirejs config function --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0ec682f..1f4b0ef 100644 --- a/README.md +++ b/README.md @@ -68,7 +68,7 @@ Including all libraries, for access to extra methods: // Above-mentioned will work or use this simple form require.config({ paths: { - 'require-js': 'path-to/bower_components/crypto-js/crypto-js' + 'crypto-js': 'path-to/bower_components/crypto-js/crypto-js' } }); From d524d10bb72686526307f4d79608634aea31113e Mon Sep 17 00:00:00 2001 From: Piotr Kaminski Date: Mon, 3 Oct 2016 23:30:08 -0700 Subject: [PATCH 05/79] Fix conflated prototype chains when extending. --- src/core.js | 2 +- test/lib-base-test.js | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/core.js b/src/core.js index 22711eb..c318ca7 100644 --- a/src/core.js +++ b/src/core.js @@ -48,7 +48,7 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { } // Create default initializer - if (!subtype.hasOwnProperty('init')) { + if (!subtype.hasOwnProperty('init') || this.init === subtype.init) { subtype.init = function () { subtype.$super.init.apply(this, arguments); }; diff --git a/test/lib-base-test.js b/test/lib-base-test.js index 8d3c715..ed8e642 100644 --- a/test/lib-base-test.js +++ b/test/lib-base-test.js @@ -81,6 +81,12 @@ YUI.add('lib-base-test', function (Y) { this.data.obj.initArg = 'newValue'; Y.Assert.areNotEqual(this.data.obj.initArg, this.data.objClone.initArg); + }, + + testCloneLeavesOriginalInitPrototypeUnchanged: function() { + Y.Assert.areEqual(this.data.obj, this.data.obj.init.prototype); + Y.Assert.areEqual(this.data.objClone, this.data.objClone.init.prototype); + Y.Assert.areNotEqual(this.data.obj.init.prototype, this.data.objClone.init.prototype); } })); }, '$Rev$'); From 950833e01d342235a0dcf69d664a010eada917cf Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Fri, 7 Oct 2016 22:24:35 +0200 Subject: [PATCH 06/79] Bump version. --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index bccb495..9dec147 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "crypto-js", "title": "crypto-js", "description": "JavaScript library of crypto standards.", - "version": "3.1.6", + "version": "3.1.7", "homepage": "http://github.com/brix/crypto-js", "author": { "name": "Evan Vosberg", From 10f7c2cc09b35e7f35149d6be1f9cb36beeb7b2d Mon Sep 17 00:00:00 2001 From: Piotr Kaminski Date: Tue, 11 Oct 2016 23:43:03 -0700 Subject: [PATCH 07/79] Make AES reset a no-op after first call, since data doesn't change. The AES _doReset function sets up a bunch of structures that aren't actually modified when the cipher runs. We can save a bunch of time by re-using previously set up data on subsequent calls to _doReset. --- src/aes.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/aes.js b/src/aes.js index 80eff25..df7e1b2 100644 --- a/src/aes.js +++ b/src/aes.js @@ -76,6 +76,8 @@ */ var AES = C_algo.AES = BlockCipher.extend({ _doReset: function () { + if (this._nRounds) return; + // Shortcuts var key = this._key; var keyWords = key.words; From 2f7fa2b0809f155f05e68f2381e90e441b8125d6 Mon Sep 17 00:00:00 2001 From: Piotr Kaminski Date: Tue, 11 Oct 2016 23:45:20 -0700 Subject: [PATCH 08/79] Improve enc.Base64 parse performance by x10. I replaced the linear map.indexOf() lookup with a reverse lookup table (an array of charCodes turned out to be significantly faster than an object with actual char keys, even though both are O(1)), for a speedup of about x2 on large-ish strings. The change is compatible with reuses of enc.Base64 that provide a different map. I also extracted the inner loop into its own function, since for some reason Chrome was consistently de-optimizing the parse function when the loop was embedded in it. This way, both functions get optimized for an additional speedup of about x5 in my tests. --- src/enc-base64.js | 37 ++++++++++++++++++++++++------------- 1 file changed, 24 insertions(+), 13 deletions(-) diff --git a/src/enc-base64.js b/src/enc-base64.js index 1d09ec9..67fce1d 100644 --- a/src/enc-base64.js +++ b/src/enc-base64.js @@ -73,32 +73,43 @@ // Shortcuts var base64StrLength = base64Str.length; var map = this._map; + var reverseMap = this._reverseMap; + + if (!reverseMap) { + reverseMap = this._reverseMap = []; + for (var j = 0; j < map.length; j++) { + reverseMap[map.charCodeAt(j)] = j; + } + } // Ignore padding var paddingChar = map.charAt(64); if (paddingChar) { var paddingIndex = base64Str.indexOf(paddingChar); - if (paddingIndex != -1) { + if (paddingIndex !== -1) { base64StrLength = paddingIndex; } } // Convert - var words = []; - var nBytes = 0; - for (var i = 0; i < base64StrLength; i++) { - if (i % 4) { - var bits1 = map.indexOf(base64Str.charAt(i - 1)) << ((i % 4) * 2); - var bits2 = map.indexOf(base64Str.charAt(i)) >>> (6 - (i % 4) * 2); - var bitsCombined = bits1 | bits2; - words[nBytes >>> 2] |= (bitsCombined) << (24 - (nBytes % 4) * 8); - nBytes++; - } - } + return parseLoop(base64Str, base64StrLength, reverseMap); - return WordArray.create(words, nBytes); }, _map: 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=' }; + + function parseLoop(base64Str, base64StrLength, reverseMap) { + var words = []; + var nBytes = 0; + for (var i = 0; i < base64StrLength; i++) { + if (i % 4) { + var bits1 = reverseMap[base64Str.charCodeAt(i - 1)] << ((i % 4) * 2); + var bits2 = reverseMap[base64Str.charCodeAt(i)] >>> (6 - (i % 4) * 2); + words[nBytes >>> 2] |= (bits1 | bits2) << (24 - (nBytes % 4) * 8); + nBytes++; + } + } + return WordArray.create(words, nBytes); + } }()); From 8edc21ea8610f2ab8e95c244b690f05bb776062f Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Thu, 27 Oct 2016 02:53:27 +0200 Subject: [PATCH 09/79] Use Object.create() and make manipulating F.prototype a fallback solution. --- src/core.js | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/src/core.js b/src/core.js index c318ca7..8903bf8 100644 --- a/src/core.js +++ b/src/core.js @@ -2,6 +2,25 @@ * CryptoJS core components. */ var CryptoJS = CryptoJS || (function (Math, undefined) { + /* + * Local polyfil of Object.create + */ + var create = Object.create || (function () { + function F() {}; + + return function (obj) { + var subtype; + + F.prototype = obj; + + subtype = new F(); + + F.prototype = null; + + return subtype; + }; + }()) + /** * CryptoJS namespace. */ @@ -16,7 +35,7 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { * Base object for prototypal inheritance. */ var Base = C_lib.Base = (function () { - function F() {} + return { /** @@ -39,8 +58,7 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { */ extend: function (overrides) { // Spawn - F.prototype = this; - var subtype = new F(); + var subtype = create(this); // Augment if (overrides) { From 7ff3a3c828767485c141d0e8dc0dfa7eae96fc31 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Thu, 27 Oct 2016 03:12:06 +0200 Subject: [PATCH 10/79] Only skip _doReset if _key has not been changed since last reset. --- src/aes.js | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/aes.js b/src/aes.js index df7e1b2..aaf6e92 100644 --- a/src/aes.js +++ b/src/aes.js @@ -76,15 +76,18 @@ */ var AES = C_algo.AES = BlockCipher.extend({ _doReset: function () { - if (this._nRounds) return; + // Skip reset of nRounds has been set before and key did not change + if (this._nRounds && this._keyPriorReset === this._key) { + return; + } // Shortcuts - var key = this._key; + var key = this._keyPriorReset = this._key; var keyWords = key.words; var keySize = key.sigBytes / 4; // Compute number of rounds - var nRounds = this._nRounds = keySize + 6 + var nRounds = this._nRounds = keySize + 6; // Compute number of key schedule rows var ksRows = (nRounds + 1) * 4; From 39f543f1d854b8e5288a4c8e3abda4b10f56d75b Mon Sep 17 00:00:00 2001 From: Piotr Kaminski Date: Tue, 11 Oct 2016 23:39:42 -0700 Subject: [PATCH 11/79] On BlockCipher reset, don't recreate _mode, just re-init. Crypto functions that need to reset their cipher a lot (such as CMAC) waste a lot of time repeatedly re-creating the encryptor/decryptor. --- src/cipher-core.js | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/cipher-core.js b/src/cipher-core.js index 15a9e67..151540a 100644 --- a/src/cipher-core.js +++ b/src/cipher-core.js @@ -451,11 +451,15 @@ CryptoJS.lib.Cipher || (function (undefined) { var modeCreator = mode.createEncryptor; } else /* if (this._xformMode == this._DEC_XFORM_MODE) */ { var modeCreator = mode.createDecryptor; - // Keep at least one block in the buffer for unpadding this._minBufferSize = 1; } - this._mode = modeCreator.call(mode, this, iv && iv.words); + if (this._mode && this._modeCreator == modeCreator) { + this._mode.init(this, iv && iv.words); + } else { + this._mode = modeCreator.call(mode, this, iv && iv.words); + this._modeCreator = modeCreator; + } }, _doProcessBlock: function (words, offset) { From 91819e831d6878b2f5322b92e5fc515e2a04a072 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Thu, 27 Oct 2016 14:12:26 +0200 Subject: [PATCH 12/79] Bump version. --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 9dec147..02dbc21 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "crypto-js", "title": "crypto-js", "description": "JavaScript library of crypto standards.", - "version": "3.1.7", + "version": "3.1.8", "homepage": "http://github.com/brix/crypto-js", "author": { "name": "Evan Vosberg", From 7eff3bc9fb46cd5cb5717a9f0038c5f7612373c7 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Sat, 12 Nov 2016 03:15:10 +0100 Subject: [PATCH 13/79] Add missing dependcy of cipher-core. --- grunt/config/modularize.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/grunt/config/modularize.js b/grunt/config/modularize.js index bf7d378..2b4f2cc 100644 --- a/grunt/config/modularize.js +++ b/grunt/config/modularize.js @@ -124,7 +124,7 @@ module.exports = { "core": { "exports": "CryptoJS", "components": ["core"], - "global": "CryptoJS" + "global": "CryptoJS" }, "x64-core": { "exports": "CryptoJS", @@ -134,7 +134,7 @@ module.exports = { "components": ["core", "hmac"] }, "cipher-core": { - "components": ["core", "cipher-core"] + "components": ["core", "evpkdf", "cipher-core"] }, // lib From a5214c4886c2c921827a3faf4a06c58dd4cb81d4 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Wed, 14 Dec 2016 13:31:16 +0200 Subject: [PATCH 14/79] Remember creator on mode object and add test case. --- src/cipher-core.js | 5 +- test/cipher-test.js | 522 ++++++++++++++++++++++++++++++++++++++++++++ test/test.html | 1 + 3 files changed, 526 insertions(+), 2 deletions(-) create mode 100644 test/cipher-test.js diff --git a/src/cipher-core.js b/src/cipher-core.js index 151540a..85ba200 100644 --- a/src/cipher-core.js +++ b/src/cipher-core.js @@ -454,11 +454,12 @@ CryptoJS.lib.Cipher || (function (undefined) { // Keep at least one block in the buffer for unpadding this._minBufferSize = 1; } - if (this._mode && this._modeCreator == modeCreator) { + + if (this._mode && this._mode.__creator == modeCreator) { this._mode.init(this, iv && iv.words); } else { this._mode = modeCreator.call(mode, this, iv && iv.words); - this._modeCreator = modeCreator; + this._mode.__creator = modeCreator; } }, diff --git a/test/cipher-test.js b/test/cipher-test.js new file mode 100644 index 0000000..2529eff --- /dev/null +++ b/test/cipher-test.js @@ -0,0 +1,522 @@ +function extendWithCMAC(C) { + function createExt(C) { + /* + * The MIT License (MIT) + * + * Copyright (c) 2015 artjomb + */ + // put on ext property in CryptoJS + var ext; + if (!C.hasOwnProperty("ext")) { + ext = C.ext = {}; + } else { + ext = C.ext; + } + + // Shortcuts + var Base = C.lib.Base; + var WordArray = C.lib.WordArray; + + // Constants + ext.const_Zero = new WordArray.init([0x00000000, 0x00000000, 0x00000000, 0x00000000]); + ext.const_One = new WordArray.init([0x00000000, 0x00000000, 0x00000000, 0x00000001]); + ext.const_Rb = new WordArray.init([0x00000000, 0x00000000, 0x00000000, 0x00000087]); // 00..0010000111 + ext.const_Rb_Shifted = new WordArray.init([0x80000000, 0x00000000, 0x00000000, 0x00000043]); // 100..001000011 + ext.const_nonMSB = new WordArray.init([0xFFFFFFFF, 0xFFFFFFFF, 0x7FFFFFFF, 0x7FFFFFFF]); // 1^64 || 0^1 || 1^31 || 0^1 || 1^31 + + /** + * Looks into the object to see if it is a WordArray. + * + * @param obj Some object + * + * @returns {boolean} + */ + ext.isWordArray = function(obj) { + return obj && typeof obj.clamp === "function" && typeof obj.concat === "function" && typeof obj.words === "array"; + } + + /** + * This padding is a 1 bit followed by as many 0 bits as needed to fill + * up the block. This implementation doesn't work on bits directly, + * but on bytes. Therefore the granularity is much bigger. + */ + C.pad.OneZeroPadding = { + pad: function (data, blocksize) { + // Shortcut + var blockSizeBytes = blocksize * 4; + + // Count padding bytes + var nPaddingBytes = blockSizeBytes - data.sigBytes % blockSizeBytes; + + // Create padding + var paddingWords = []; + for (var i = 0; i < nPaddingBytes; i += 4) { + var paddingWord = 0x00000000; + if (i === 0) { + paddingWord = 0x80000000; + } + paddingWords.push(paddingWord); + } + var padding = new WordArray.init(paddingWords, nPaddingBytes); + + // Add padding + data.concat(padding); + }, + unpad: function () { + // TODO: implement + } + }; + + /** + * No padding is applied. This is necessary for streaming cipher modes + * like CTR. + */ + C.pad.NoPadding = { + pad: function () {}, + unpad: function () {} + }; + + /** + * Returns the n leftmost bytes of the WordArray. + * + * @param {WordArray} wordArray WordArray to work on + * @param {int} n Bytes to retrieve + * + * @returns new WordArray + */ + ext.leftmostBytes = function(wordArray, n){ + var lmArray = wordArray.clone(); + lmArray.sigBytes = n; + lmArray.clamp(); + return lmArray; + }; + + /** + * Returns the n rightmost bytes of the WordArray. + * + * @param {WordArray} wordArray WordArray to work on + * @param {int} n Bytes to retrieve (must be positive) + * + * @returns new WordArray + */ + ext.rightmostBytes = function(wordArray, n){ + wordArray.clamp(); + var wordSize = 32; + var rmArray = wordArray.clone(); + var bitsToShift = (rmArray.sigBytes - n) * 8; + if (bitsToShift >= wordSize) { + var popCount = Math.floor(bitsToShift/wordSize); + bitsToShift -= popCount * wordSize; + rmArray.words.splice(0, popCount); + rmArray.sigBytes -= popCount * wordSize / 8; + } + if (bitsToShift > 0) { + ext.bitshift(rmArray, bitsToShift); + rmArray.sigBytes -= bitsToShift / 8; + } + return rmArray; + }; + + /** + * Returns the n rightmost words of the WordArray. It assumes + * that the current WordArray has at least n words. + * + * @param {WordArray} wordArray WordArray to work on + * @param {int} n Words to retrieve (must be positive) + * + * @returns popped words as new WordArray + */ + ext.popWords = function(wordArray, n){ + var left = wordArray.words.splice(0, n); + wordArray.sigBytes -= n * 4; + return new WordArray.init(left); + }; + + /** + * Shifts the array to the left and returns the shifted dropped elements + * as WordArray. The initial WordArray must contain at least n bytes and + * they have to be significant. + * + * @param {WordArray} wordArray WordArray to work on (is modified) + * @param {int} n Bytes to shift (must be positive, default 16) + * + * @returns new WordArray + */ + ext.shiftBytes = function(wordArray, n){ + n = n || 16; + var r = n % 4; + n -= r; + + var shiftedArray = new WordArray.init(); + for(var i = 0; i < n; i += 4) { + shiftedArray.words.push(wordArray.words.shift()); + wordArray.sigBytes -= 4; + shiftedArray.sigBytes += 4; + } + if (r > 0) { + shiftedArray.words.push(wordArray.words[0]); + shiftedArray.sigBytes += r; + + ext.bitshift(wordArray, r * 8); + wordArray.sigBytes -= r; + } + return shiftedArray; + }; + + /** + * XORs arr2 to the end of arr1 array. This doesn't modify the current + * array aside from clamping. + * + * @param {WordArray} arr1 Bigger array + * @param {WordArray} arr2 Smaller array to be XORed to the end + * + * @returns new WordArray + */ + ext.xorendBytes = function(arr1, arr2){ + // TODO: more efficient + return ext.leftmostBytes(arr1, arr1.sigBytes-arr2.sigBytes) + .concat(ext.xor(ext.rightmostBytes(arr1, arr2.sigBytes), arr2)); + }; + + /** + * Doubling operation on a 128-bit value. This operation modifies the + * passed array. + * + * @param {WordArray} wordArray WordArray to work on + * + * @returns passed WordArray + */ + ext.dbl = function(wordArray){ + var carry = ext.msb(wordArray); + ext.bitshift(wordArray, 1); + ext.xor(wordArray, carry === 1 ? ext.const_Rb : ext.const_Zero); + return wordArray; + }; + + /** + * Inverse operation on a 128-bit value. This operation modifies the + * passed array. + * + * @param {WordArray} wordArray WordArray to work on + * + * @returns passed WordArray + */ + ext.inv = function(wordArray){ + var carry = wordArray.words[4] & 1; + ext.bitshift(wordArray, -1); + ext.xor(wordArray, carry === 1 ? ext.const_Rb_Shifted : ext.const_Zero); + return wordArray; + }; + + /** + * Check whether the word arrays are equal. + * + * @param {WordArray} arr1 Array 1 + * @param {WordArray} arr2 Array 2 + * + * @returns boolean + */ + ext.equals = function(arr1, arr2){ + if (!arr2 || !arr2.words || arr1.sigBytes !== arr2.sigBytes) { + return false; + } + arr1.clamp(); + arr2.clamp(); + var equal = 0; + for(var i = 0; i < arr1.words.length; i++) { + equal |= arr1.words[i] ^ arr2.words[i]; + } + return equal === 0; + }; + + /** + * Retrieves the most significant bit of the WordArray as an Integer. + * + * @param {WordArray} arr + * + * @returns Integer + */ + ext.msb = function(arr) { + return arr.words[0] >>> 31; + } + } + + function createExtBit(C) { + /* + * The MIT License (MIT) + * + * Copyright (c) 2015 artjomb + */ + // put on ext property in CryptoJS + var ext; + if (!C.hasOwnProperty("ext")) { + ext = C.ext = {}; + } else { + ext = C.ext; + } + + /** + * Shifts the array by n bits to the left. Zero bits are added as the + * least significant bits. This operation modifies the current array. + * + * @param {WordArray} wordArray WordArray to work on + * @param {int} n Bits to shift by + * + * @returns the WordArray that was passed in + */ + ext.bitshift = function(wordArray, n){ + var carry = 0, + words = wordArray.words, + wres, + skipped = 0, + carryMask; + if (n > 0) { + while(n > 31) { + // delete first element: + words.splice(0, 1); + + // add `0` word to the back + words.push(0); + + n -= 32; + skipped++; + } + if (n == 0) { + // 1. nothing to shift if the shift amount is on a word boundary + // 2. This has to be done, because the following algorithm computes + // wrong values only for n==0 + return carry; + } + for(var i = words.length - skipped - 1; i >= 0; i--) { + wres = words[i]; + words[i] <<= n; + words[i] |= carry; + carry = wres >>> (32 - n); + } + } else if (n < 0) { + while(n < -31) { + // insert `0` word to the front: + words.splice(0, 0, 0); + + // remove last element: + words.length--; + + n += 32; + skipped++; + } + if (n == 0) { + // nothing to shift if the shift amount is on a word boundary + return carry; + } + n = -n; + carryMask = (1 << n) - 1; + for(var i = skipped; i < words.length; i++) { + wres = words[i] & carryMask; + words[i] >>>= n; + words[i] |= carry; + carry = wres << (32 - n); + } + } + return carry; + }; + + /** + * Negates all bits in the WordArray. This manipulates the given array. + * + * @param {WordArray} wordArray WordArray to work on + * + * @returns the WordArray that was passed in + */ + ext.neg = function(wordArray){ + var words = wordArray.words; + for(var i = 0; i < words.length; i++) { + words[i] = ~words[i]; + } + return wordArray; + }; + + /** + * Applies XOR on both given word arrays and returns a third resulting + * WordArray. The initial word arrays must have the same length + * (significant bytes). + * + * @param {WordArray} wordArray1 WordArray + * @param {WordArray} wordArray2 WordArray + * + * @returns first passed WordArray (modified) + */ + ext.xor = function(wordArray1, wordArray2){ + for(var i = 0; i < wordArray1.words.length; i++) { + wordArray1.words[i] ^= wordArray2.words[i]; + } + return wordArray1; + }; + + /** + * Logical AND between the two passed arrays. Both arrays must have the + * same length. + * + * @param {WordArray} arr1 Array 1 + * @param {WordArray} arr2 Array 2 + * + * @returns new WordArray + */ + ext.bitand = function(arr1, arr2){ + var newArr = arr1.clone(), + tw = newArr.words, + ow = arr2.words; + for(var i = 0; i < tw.length; i++) { + tw[i] &= ow[i]; + } + return newArr; + }; + } + + function createCMAC(C) { + /* + * The MIT License (MIT) + * + * Copyright (c) 2015 artjomb + */ + // Shortcuts + var Base = C.lib.Base; + var WordArray = C.lib.WordArray; + var AES = C.algo.AES; + var ext = C.ext; + var OneZeroPadding = C.pad.OneZeroPadding; + + var CMAC = C.algo.CMAC = Base.extend({ + /** + * Initializes a newly created CMAC + * + * @param {WordArray} key The secret key + * + * @example + * + * var cmacer = CryptoJS.algo.CMAC.create(key); + */ + init: function(key){ + // generate sub keys... + this._aes = AES.createEncryptor(key, { iv: new WordArray.init(), padding: C.pad.NoPadding }); + + // Step 1 + var L = this._aes.finalize(ext.const_Zero); + + // Step 2 + var K1 = L.clone(); + ext.dbl(K1); + + // Step 3 + if (!this._isTwo) { + var K2 = K1.clone(); + ext.dbl(K2); + } else { + var K2 = L.clone(); + ext.inv(K2); + } + + this._K1 = K1; + this._K2 = K2; + + this._const_Bsize = 16; + + this.reset(); + }, + + reset: function () { + this._x = ext.const_Zero.clone(); + this._counter = 0; + this._buffer = new WordArray.init(); + }, + + update: function (messageUpdate) { + if (!messageUpdate) { + return this; + } + + // Shortcuts + var buffer = this._buffer; + var bsize = this._const_Bsize; + + if (typeof messageUpdate === "string") { + messageUpdate = C.enc.Utf8.parse(messageUpdate); + } + + buffer.concat(messageUpdate); + + while(buffer.sigBytes > bsize){ + var M_i = ext.shiftBytes(buffer, bsize); + ext.xor(this._x, M_i); + this._x.clamp(); + this._aes.reset(); + this._x = this._aes.finalize(this._x); + this._counter++; + } + + // Chainable + return this; + }, + + finalize: function (messageUpdate) { + this.update(messageUpdate); + + // Shortcuts + var buffer = this._buffer; + var bsize = this._const_Bsize; + + var M_last = buffer.clone(); + if (buffer.sigBytes === bsize) { + ext.xor(M_last, this._K1); + } else { + OneZeroPadding.pad(M_last, bsize/4); + ext.xor(M_last, this._K2); + } + + ext.xor(M_last, this._x); + + this.reset(); // Can be used immediately afterwards + + this._aes.reset(); + return this._aes.finalize(M_last); + }, + + _isTwo: false + }); + + /** + * Directly invokes the CMAC and returns the calculated MAC. + * + * @param {WordArray} key The key to be used for CMAC + * @param {WordArray|string} message The data to be MAC'ed (either WordArray or UTF-8 encoded string) + * + * @returns {WordArray} MAC + */ + C.CMAC = function(key, message){ + return CMAC.create(key).finalize(message); + }; + + C.algo.OMAC1 = CMAC; + C.algo.OMAC2 = CMAC.extend({ + _isTwo: true + }); + } + + createExt(C); + createExtBit(C); + createCMAC(C); +} + +YUI.add('cipher-core-test', function (Y) { + var C = CryptoJS; + + // Extend with CMAC to test `cipher-core.js` L:457-462 + extendWithCMAC(C); + + Y.Test.Runner.add(new Y.Test.Case({ + name: 'Cipher', + + testCMAC: function () { + Y.Assert.areEqual('35e1872b95ce5d99bb5dbbbbd79b9b9b', C.CMAC('69c4e0d86a7b0430d8cdb78070b4c55a', 'Test message').toString()); + } + })); +}, '$Rev$'); diff --git a/test/test.html b/test/test.html index 6a05ea6..d469486 100644 --- a/test/test.html +++ b/test/test.html @@ -84,6 +84,7 @@ + From 756e722d8fe3e0dfc95dc0f92af23d19de276f6c Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Wed, 14 Dec 2016 13:32:56 +0200 Subject: [PATCH 15/79] Bump version. --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 02dbc21..e83a8ed 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "crypto-js", "title": "crypto-js", "description": "JavaScript library of crypto standards.", - "version": "3.1.8", + "version": "3.1.9", "homepage": "http://github.com/brix/crypto-js", "author": { "name": "Evan Vosberg", From 5bfe6d5b9b5c1606c7b710b3261afe35f2dc88d9 Mon Sep 17 00:00:00 2001 From: Mike Quade Date: Fri, 17 Mar 2017 19:43:52 -0300 Subject: [PATCH 16/79] fixed infinite loop bug in zero padding unpad --- src/pad-zeropadding.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/pad-zeropadding.js b/src/pad-zeropadding.js index 76bb279..2b82b58 100644 --- a/src/pad-zeropadding.js +++ b/src/pad-zeropadding.js @@ -17,9 +17,11 @@ CryptoJS.pad.ZeroPadding = { // Unpad var i = data.sigBytes - 1; - while (!((dataWords[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff)) { - i--; + for (var i = data.sigBytes - 1; i >= 0; i--) { + if (((dataWords[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff)) { + data.sigBytes = i + 1; + break; + } } - data.sigBytes = i + 1; } }; From 88c99ab9eeae72c870bc727fbe3aea55c8c08bb3 Mon Sep 17 00:00:00 2001 From: Dan Dascalescu Date: Wed, 31 May 2017 21:11:19 -0700 Subject: [PATCH 17/79] Add ES6 import example --- README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/README.md b/README.md index 1f4b0ef..d947b1d 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,18 @@ npm install crypto-js ### Usage +ES6 import for typical API call signing use case: + +```javascript +import sha256 from 'crypto-js/sha256'; +import hmacSHA512 from 'crypto-js/hmac-sha512'; +import Base64 from 'crypto-js/enc-base64'; + +const message, nonce, path, privateKey; // ... +const hashDigest = sha256(nonce + message); +const hmacDigest = Base64.stringify(hmacSHA512(path + hashDigest, privateKey)); +``` + Modular include: ```javascript From 3b7e884007b00a578ca2d5df4e84efba3d66a5fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Viktor=20Sz=C3=A9pe?= Date: Sun, 23 Jul 2017 19:15:56 +0200 Subject: [PATCH 18/79] npm calls tests "test" --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index e83a8ed..3e6dac3 100644 --- a/package.json +++ b/package.json @@ -18,7 +18,7 @@ "license": "MIT", "scripts": { "build": "grunt build", - "check": "grunt default" + "test": "grunt default" }, "main": "index.js", "dependencies": {}, From 9d7a54cd5951480fb77d34b74fd40cdb3bf2c7d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Viktor=20Sz=C3=A9pe?= Date: Sun, 23 Jul 2017 19:21:56 +0200 Subject: [PATCH 19/79] Travis configuration --- .travis.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .travis.yml diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..b4fb795 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,14 @@ +dist: trusty +sudo: false + +language: node_js +node_js: + - "6" + - "7" + +before_script: + - npm install build + +cache: + directories: + - "node_modules" From 64b5a3297ba10807cc71efd727792f41695bc5b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Viktor=20Sz=C3=A9pe?= Date: Sun, 23 Jul 2017 19:38:16 +0200 Subject: [PATCH 20/79] Make grunt-cli available globally --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index b4fb795..cca89fb 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,6 +7,7 @@ node_js: - "7" before_script: + - npm install -g grunt-cli - npm install build cache: From 918e68038e5e0c9f9e02f40f3d28c3cdea4d8c3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Viktor=20Sz=C3=A9pe?= Date: Sun, 23 Jul 2017 19:40:26 +0200 Subject: [PATCH 21/79] Add Travis badge --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d947b1d..be70bdb 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# crypto-js +# crypto-js [![Build Status](https://travis-ci.org/brix/crypto-js.svg?branch=develop)](https://travis-ci.org/brix/crypto-js) JavaScript library of crypto standards. From 7e4cf2f308a3eb3b848d6b9d0dd7b23736eb4aca Mon Sep 17 00:00:00 2001 From: Aaron Schmidt Date: Mon, 24 Jul 2017 13:19:07 +1200 Subject: [PATCH 22/79] Putting (bits1 | bits2) expression into a variable (fix for iOS 6 bug) Previously fixed here: https://github.com/brix/crypto-js/pull/40 More info: https://github.com/Runscope/crypto-js/issues/80 --- src/enc-base64.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/enc-base64.js b/src/enc-base64.js index 67fce1d..a32b9a4 100644 --- a/src/enc-base64.js +++ b/src/enc-base64.js @@ -106,7 +106,8 @@ if (i % 4) { var bits1 = reverseMap[base64Str.charCodeAt(i - 1)] << ((i % 4) * 2); var bits2 = reverseMap[base64Str.charCodeAt(i)] >>> (6 - (i % 4) * 2); - words[nBytes >>> 2] |= (bits1 | bits2) << (24 - (nBytes % 4) * 8); + var bitsCombined = bits1 | bits2; + words[nBytes >>> 2] |= bitsCombined << (24 - (nBytes % 4) * 8); nBytes++; } } From 3e4f8f6b8a3e511bb2465686e00448aad876771c Mon Sep 17 00:00:00 2001 From: Ali Ghanavatian Date: Fri, 9 Feb 2018 10:50:06 +0330 Subject: [PATCH 23/79] improve documentation --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index d947b1d..f138048 100644 --- a/README.md +++ b/README.md @@ -111,13 +111,13 @@ See: https://code.google.com/p/crypto-js var CryptoJS = require("crypto-js"); // Encrypt -var ciphertext = CryptoJS.AES.encrypt('my message', 'secret key 123'); +var cipherText = CryptoJS.AES.encrypt('my message', 'secret key 123').toString(); // Decrypt -var bytes = CryptoJS.AES.decrypt(ciphertext.toString(), 'secret key 123'); -var plaintext = bytes.toString(CryptoJS.enc.Utf8); +var bytes = CryptoJS.AES.decrypt(ciphertext, 'secret key 123'); +var originalText = bytes.toString(CryptoJS.enc.Utf8); -console.log(plaintext); +console.log(originalText); // 'my message' ``` #### Object encryption @@ -128,13 +128,13 @@ var CryptoJS = require("crypto-js"); var data = [{id: 1}, {id: 2}] // Encrypt -var ciphertext = CryptoJS.AES.encrypt(JSON.stringify(data), 'secret key 123'); +var ciphertext = CryptoJS.AES.encrypt(JSON.stringify(data), 'secret key 123').toString(); // Decrypt -var bytes = CryptoJS.AES.decrypt(ciphertext.toString(), 'secret key 123'); +var bytes = CryptoJS.AES.decrypt(ciphertext, 'secret key 123'); var decryptedData = JSON.parse(bytes.toString(CryptoJS.enc.Utf8)); -console.log(decryptedData); +console.log(decryptedData); // [{id: 1}, {id: 2}] ``` ### List of modules From 19e7ca77b76e93bbf17560dd4756c2e2439892ba Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Thu, 13 Sep 2018 23:57:31 +0200 Subject: [PATCH 24/79] Update dependecy. --- grunt/tasks/modularize.js | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/grunt/tasks/modularize.js b/grunt/tasks/modularize.js index 30e7f7b..f97d57b 100644 --- a/grunt/tasks/modularize.js +++ b/grunt/tasks/modularize.js @@ -53,7 +53,7 @@ module.exports = function (grunt) { return options[depName].components; }) .flatten() - .unique() + .uniq() .without(name) .sort(function (a, b) { return options[a].components.indexOf(b) === -1 ? -1 : 1; @@ -76,7 +76,7 @@ module.exports = function (grunt) { } // Remove duplicates - sources = _.unique(sources); + sources = _.uniq(sources); // Add module settings to fmd definition modules[name] = [sources, opts]; diff --git a/package.json b/package.json index 3e6dac3..ef49d55 100644 --- a/package.json +++ b/package.json @@ -31,7 +31,7 @@ "grunt-jsonlint": "^1.0.4", "grunt-update-json": "^0.2.0", "load-grunt-config": "^0.16.0", - "lodash": "^3.5.0" + "lodash": "^4.17.11" }, "keywords": [ "security", From 70f725bee5f9ade3fc95c2d1c9a72edad45f45d1 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Thu, 13 Sep 2018 23:57:44 +0200 Subject: [PATCH 25/79] Update jshint config. --- grunt/config/jshint.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/grunt/config/jshint.js b/grunt/config/jshint.js index 1a3aa11..7c83ee1 100644 --- a/grunt/config/jshint.js +++ b/grunt/config/jshint.js @@ -5,7 +5,8 @@ module.exports = { dev: { options: { - jshintrc: true + jshintrc: true, + reporterOutput: '' }, files: { src: [ From 89ce2460ab1a10cdd0cefb686966414ce6a2ee6e Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Fri, 14 Sep 2018 00:35:13 +0200 Subject: [PATCH 26/79] Pass jshint test. --- .jshintrc | 19 ++++++++++++++++++- Gruntfile.js | 2 ++ grunt/config/jshint.js | 2 +- src/aes.js | 4 +++- src/cipher-core.js | 28 +++++++++++++++++++--------- src/core.js | 12 +++++++----- src/evpkdf.js | 4 +++- src/mode-cfb.js | 6 ++++-- src/sha3.js | 13 ++++++++----- src/sha512.js | 19 +++++++++++-------- 10 files changed, 76 insertions(+), 33 deletions(-) diff --git a/.jshintrc b/.jshintrc index ae02577..7672d3a 100644 --- a/.jshintrc +++ b/.jshintrc @@ -10,7 +10,24 @@ "strict" : false, // Requires all functions to run in ECMAScript 5's strict mode "undef" : true, // Require non-global variables to be declared (prevents global leaks) "asi" : true, // Suppresses warnings about missing semicolons + "funcscope" : false, + "shadow" : true, + "expr" : true, + "-W041" : true, + "-W018" : true, "globals": { - "CryptoJS": true + "CryptoJS" : true, + "escape" : true, + "unescape" : true, + "Int8Array" : true, + "Int16Array" : true, + "Int32Array" : true, + "Uint8Array" : true, + "Uint16Array" : true, + "Uint32Array" : true, + "Uint8ClampedArray" : true, + "ArrayBuffer" : true, + "Float32Array" : true, + "Float64Array" : true } } diff --git a/Gruntfile.js b/Gruntfile.js index 9f67b00..e083f92 100644 --- a/Gruntfile.js +++ b/Gruntfile.js @@ -29,6 +29,8 @@ module.exports = function (grunt) { } } }); + + // Will load the custom tasks grunt.loadTasks('./grunt/tasks'); diff --git a/grunt/config/jshint.js b/grunt/config/jshint.js index 7c83ee1..1c3cb23 100644 --- a/grunt/config/jshint.js +++ b/grunt/config/jshint.js @@ -5,7 +5,7 @@ module.exports = { dev: { options: { - jshintrc: true, + jshintrc: process.cwd() + '/.jshintrc', reporterOutput: '' }, files: { diff --git a/src/aes.js b/src/aes.js index aaf6e92..2d033c0 100644 --- a/src/aes.js +++ b/src/aes.js @@ -76,6 +76,8 @@ */ var AES = C_algo.AES = BlockCipher.extend({ _doReset: function () { + var t; + // Skip reset of nRounds has been set before and key did not change if (this._nRounds && this._keyPriorReset === this._key) { return; @@ -98,7 +100,7 @@ if (ksRow < keySize) { keySchedule[ksRow] = keyWords[ksRow]; } else { - var t = keySchedule[ksRow - 1]; + t = keySchedule[ksRow - 1]; if (!(ksRow % keySize)) { // Rot word diff --git a/src/cipher-core.js b/src/cipher-core.js index 85ba200..0fe6136 100644 --- a/src/cipher-core.js +++ b/src/cipher-core.js @@ -336,17 +336,19 @@ CryptoJS.lib.Cipher || (function (undefined) { }); function xorBlock(words, offset, blockSize) { + var block; + // Shortcut var iv = this._iv; // Choose mixing block if (iv) { - var block = iv; + block = iv; // Remove IV for subsequent blocks this._iv = undefined; } else { - var block = this._prevBlock; + block = this._prevBlock; } // XOR blocks @@ -438,6 +440,8 @@ CryptoJS.lib.Cipher || (function (undefined) { }), reset: function () { + var modeCreator; + // Reset cipher Cipher.reset.call(this); @@ -448,9 +452,9 @@ CryptoJS.lib.Cipher || (function (undefined) { // Reset block mode if (this._xformMode == this._ENC_XFORM_MODE) { - var modeCreator = mode.createEncryptor; + modeCreator = mode.createEncryptor; } else /* if (this._xformMode == this._DEC_XFORM_MODE) */ { - var modeCreator = mode.createDecryptor; + modeCreator = mode.createDecryptor; // Keep at least one block in the buffer for unpadding this._minBufferSize = 1; } @@ -468,6 +472,8 @@ CryptoJS.lib.Cipher || (function (undefined) { }, _doFinalize: function () { + var finalProcessedBlocks; + // Shortcut var padding = this.cfg.padding; @@ -477,10 +483,10 @@ CryptoJS.lib.Cipher || (function (undefined) { padding.pad(this._data, this.blockSize); // Process final blocks - var finalProcessedBlocks = this._process(!!'flush'); + finalProcessedBlocks = this._process(!!'flush'); } else /* if (this._xformMode == this._DEC_XFORM_MODE) */ { // Process final blocks - var finalProcessedBlocks = this._process(!!'flush'); + finalProcessedBlocks = this._process(!!'flush'); // Unpad data padding.unpad(finalProcessedBlocks); @@ -572,15 +578,17 @@ CryptoJS.lib.Cipher || (function (undefined) { * var openSSLString = CryptoJS.format.OpenSSL.stringify(cipherParams); */ stringify: function (cipherParams) { + var wordArray; + // Shortcuts var ciphertext = cipherParams.ciphertext; var salt = cipherParams.salt; // Format if (salt) { - var wordArray = WordArray.create([0x53616c74, 0x65645f5f]).concat(salt).concat(ciphertext); + wordArray = WordArray.create([0x53616c74, 0x65645f5f]).concat(salt).concat(ciphertext); } else { - var wordArray = ciphertext; + wordArray = ciphertext; } return wordArray.toString(Base64); @@ -600,6 +608,8 @@ CryptoJS.lib.Cipher || (function (undefined) { * var cipherParams = CryptoJS.format.OpenSSL.parse(openSSLString); */ parse: function (openSSLStr) { + var salt; + // Parse base64 var ciphertext = Base64.parse(openSSLStr); @@ -609,7 +619,7 @@ CryptoJS.lib.Cipher || (function (undefined) { // Test for salt if (ciphertextWords[0] == 0x53616c74 && ciphertextWords[1] == 0x65645f5f) { // Extract salt - var salt = WordArray.create(ciphertextWords.slice(2, 4)); + salt = WordArray.create(ciphertextWords.slice(2, 4)); // Remove salt from ciphertext ciphertextWords.splice(0, 4); diff --git a/src/core.js b/src/core.js index 8903bf8..fd95ea5 100644 --- a/src/core.js +++ b/src/core.js @@ -6,7 +6,7 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { * Local polyfil of Object.create */ var create = Object.create || (function () { - function F() {}; + function F() {} return function (obj) { var subtype; @@ -289,7 +289,7 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { random: function (nBytes) { var words = []; - var r = (function (m_w) { + var r = function (m_w) { var m_w = m_w; var m_z = 0x3ade68b1; var mask = 0xffffffff; @@ -300,9 +300,9 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { var result = ((m_z << 0x10) + m_w) & mask; result /= 0x100000000; result += 0.5; - return result * (Math.random() > .5 ? 1 : -1); + return result * (Math.random() > 0.5 ? 1 : -1); } - }); + }; for (var i = 0, rcache; i < nBytes; i += 4) { var _r = r((rcache || Math.random()) * 0x100000000); @@ -539,6 +539,8 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { * var processedData = bufferedBlockAlgorithm._process(!!'flush'); */ _process: function (doFlush) { + var processedWords; + // Shortcuts var data = this._data; var dataWords = data.words; @@ -571,7 +573,7 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { } // Remove processed words - var processedWords = dataWords.splice(0, nWordsReady); + processedWords = dataWords.splice(0, nWordsReady); data.sigBytes -= nBytesReady; } diff --git a/src/evpkdf.js b/src/evpkdf.js index e0fe703..2bc993e 100644 --- a/src/evpkdf.js +++ b/src/evpkdf.js @@ -53,6 +53,8 @@ * var key = kdf.compute(password, salt); */ compute: function (password, salt) { + var block; + // Shortcut var cfg = this.cfg; @@ -72,7 +74,7 @@ if (block) { hasher.update(block); } - var block = hasher.update(password).finalize(salt); + block = hasher.update(password).finalize(salt); hasher.reset(); // Iterations diff --git a/src/mode-cfb.js b/src/mode-cfb.js index 8d8d449..e750620 100644 --- a/src/mode-cfb.js +++ b/src/mode-cfb.js @@ -34,17 +34,19 @@ CryptoJS.mode.CFB = (function () { }); function generateKeystreamAndEncrypt(words, offset, blockSize, cipher) { + var keystream; + // Shortcut var iv = this._iv; // Generate keystream if (iv) { - var keystream = iv.slice(0); + keystream = iv.slice(0); // Remove IV for subsequent blocks this._iv = undefined; } else { - var keystream = this._prevBlock; + keystream = this._prevBlock; } cipher.encryptBlock(keystream, 0); diff --git a/src/sha3.js b/src/sha3.js index 72ca230..9545fcd 100644 --- a/src/sha3.js +++ b/src/sha3.js @@ -158,6 +158,9 @@ // Rho Pi for (var laneIndex = 1; laneIndex < 25; laneIndex++) { + var tMsw; + var tLsw; + // Shortcuts var lane = state[laneIndex]; var laneMsw = lane.high; @@ -166,11 +169,11 @@ // Rotate lanes if (rhoOffset < 32) { - var tMsw = (laneMsw << rhoOffset) | (laneLsw >>> (32 - rhoOffset)); - var tLsw = (laneLsw << rhoOffset) | (laneMsw >>> (32 - rhoOffset)); + tMsw = (laneMsw << rhoOffset) | (laneLsw >>> (32 - rhoOffset)); + tLsw = (laneLsw << rhoOffset) | (laneMsw >>> (32 - rhoOffset)); } else /* if (rhoOffset >= 32) */ { - var tMsw = (laneLsw << (rhoOffset - 32)) | (laneMsw >>> (64 - rhoOffset)); - var tLsw = (laneMsw << (rhoOffset - 32)) | (laneLsw >>> (64 - rhoOffset)); + tMsw = (laneLsw << (rhoOffset - 32)) | (laneMsw >>> (64 - rhoOffset)); + tLsw = (laneMsw << (rhoOffset - 32)) | (laneLsw >>> (64 - rhoOffset)); } // Transpose lanes @@ -205,7 +208,7 @@ var lane = state[0]; var roundConstant = ROUND_CONSTANTS[round]; lane.high ^= roundConstant.high; - lane.low ^= roundConstant.low;; + lane.low ^= roundConstant.low; } }, diff --git a/src/sha512.js b/src/sha512.js index 8646322..2ca9991 100644 --- a/src/sha512.js +++ b/src/sha512.js @@ -127,13 +127,16 @@ // Rounds for (var i = 0; i < 80; i++) { + var Wil; + var Wih; + // Shortcut var Wi = W[i]; // Extend message if (i < 16) { - var Wih = Wi.high = M[offset + i * 2] | 0; - var Wil = Wi.low = M[offset + i * 2 + 1] | 0; + Wih = Wi.high = M[offset + i * 2] | 0; + Wil = Wi.low = M[offset + i * 2 + 1] | 0; } else { // Gamma0 var gamma0x = W[i - 15]; @@ -158,12 +161,12 @@ var Wi16h = Wi16.high; var Wi16l = Wi16.low; - var Wil = gamma0l + Wi7l; - var Wih = gamma0h + Wi7h + ((Wil >>> 0) < (gamma0l >>> 0) ? 1 : 0); - var Wil = Wil + gamma1l; - var Wih = Wih + gamma1h + ((Wil >>> 0) < (gamma1l >>> 0) ? 1 : 0); - var Wil = Wil + Wi16l; - var Wih = Wih + Wi16h + ((Wil >>> 0) < (Wi16l >>> 0) ? 1 : 0); + Wil = gamma0l + Wi7l; + Wih = gamma0h + Wi7h + ((Wil >>> 0) < (gamma0l >>> 0) ? 1 : 0); + Wil = Wil + gamma1l; + Wih = Wih + gamma1h + ((Wil >>> 0) < (gamma1l >>> 0) ? 1 : 0); + Wil = Wil + Wi16l; + Wih = Wih + Wi16h + ((Wil >>> 0) < (Wi16l >>> 0) ? 1 : 0); Wi.high = Wih; Wi.low = Wil; From 57e31106691224bc32dfa24defccfdb8419ae2b6 Mon Sep 17 00:00:00 2001 From: Joe K Date: Mon, 24 Sep 2018 10:06:43 -0400 Subject: [PATCH 27/79] Typo in AES Encryption Plain encryption example Changed the var name from `cipherText` to lowercase `ciphertext` so the "AES Encryption > Plain encryption" example works. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 28eb5c4..a654192 100644 --- a/README.md +++ b/README.md @@ -111,7 +111,7 @@ See: https://code.google.com/p/crypto-js var CryptoJS = require("crypto-js"); // Encrypt -var cipherText = CryptoJS.AES.encrypt('my message', 'secret key 123').toString(); +var ciphertext = CryptoJS.AES.encrypt('my message', 'secret key 123').toString(); // Decrypt var bytes = CryptoJS.AES.decrypt(ciphertext, 'secret key 123'); From cfe95b924e179f950373ad98053f3a448538b643 Mon Sep 17 00:00:00 2001 From: entronad Date: Fri, 21 Dec 2018 16:09:21 +0800 Subject: [PATCH 28/79] add missing toString() to hmac test files --- test/hmac-md5-test.js | 4 ++-- test/hmac-sha224-test.js | 4 ++-- test/hmac-sha256-test.js | 4 ++-- test/hmac-sha384-test.js | 4 ++-- test/hmac-sha512-test.js | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/test/hmac-md5-test.js b/test/hmac-md5-test.js index b50bb04..b87aaf9 100644 --- a/test/hmac-md5-test.js +++ b/test/hmac-md5-test.js @@ -17,11 +17,11 @@ YUI.add('algo-hmac-md5-test', function (Y) { }, testVector4: function () { - Y.Assert.areEqual('7ee2a3cc979ab19865704644ce13355c', C.HmacMD5('ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'A')); + Y.Assert.areEqual('7ee2a3cc979ab19865704644ce13355c', C.HmacMD5('ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'A').toString()); }, testVector5: function () { - Y.Assert.areEqual('0e1bd89c43e3e6e3b3f8cf1d5ba4f77a', C.HmacMD5('abcdefghijklmnopqrstuvwxyz', 'A')); + Y.Assert.areEqual('0e1bd89c43e3e6e3b3f8cf1d5ba4f77a', C.HmacMD5('abcdefghijklmnopqrstuvwxyz', 'A').toString()); }, testUpdate: function () { diff --git a/test/hmac-sha224-test.js b/test/hmac-sha224-test.js index 77b1788..4895137 100644 --- a/test/hmac-sha224-test.js +++ b/test/hmac-sha224-test.js @@ -17,11 +17,11 @@ YUI.add('algo-hmac-sha224-test', function (Y) { }, testVector4: function () { - Y.Assert.areEqual('61bf669da4fdcd8e5c3bd09ebbb4a986d3d1b298d3ca05c511f7aeff', C.HmacSHA224('ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'A')); + Y.Assert.areEqual('61bf669da4fdcd8e5c3bd09ebbb4a986d3d1b298d3ca05c511f7aeff', C.HmacSHA224('ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'A').toString()); }, testVector5: function () { - Y.Assert.areEqual('16fc69ada3c3edc1fe9144d6b98d93393833ae442bedf681110a1176', C.HmacSHA224('abcdefghijklmnopqrstuvwxyz', 'A')); + Y.Assert.areEqual('16fc69ada3c3edc1fe9144d6b98d93393833ae442bedf681110a1176', C.HmacSHA224('abcdefghijklmnopqrstuvwxyz', 'A').toString()); }, testUpdate: function () { diff --git a/test/hmac-sha256-test.js b/test/hmac-sha256-test.js index e8c3b1f..f10d89e 100644 --- a/test/hmac-sha256-test.js +++ b/test/hmac-sha256-test.js @@ -17,11 +17,11 @@ YUI.add('algo-hmac-sha256-test', function (Y) { }, testVector4: function () { - Y.Assert.areEqual('a89dc8178c1184a62df87adaa77bf86e93064863d93c5131140b0ae98b866687', C.HmacSHA256('ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'A')); + Y.Assert.areEqual('a89dc8178c1184a62df87adaa77bf86e93064863d93c5131140b0ae98b866687', C.HmacSHA256('ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'A').toString()); }, testVector5: function () { - Y.Assert.areEqual('d8cb78419c02fe20b90f8b77427dd9f81817a751d74c2e484e0ac5fc4e6ca986', C.HmacSHA256('abcdefghijklmnopqrstuvwxyz', 'A')); + Y.Assert.areEqual('d8cb78419c02fe20b90f8b77427dd9f81817a751d74c2e484e0ac5fc4e6ca986', C.HmacSHA256('abcdefghijklmnopqrstuvwxyz', 'A').toString()); }, testUpdate: function () { diff --git a/test/hmac-sha384-test.js b/test/hmac-sha384-test.js index aa89455..ebea5e1 100644 --- a/test/hmac-sha384-test.js +++ b/test/hmac-sha384-test.js @@ -17,11 +17,11 @@ YUI.add('algo-hmac-sha384-test', function (Y) { }, testVector4: function () { - Y.Assert.areEqual('365dfb271adb8e30fe6c74220b75df1b38c2d19b9d37f2e5a0ec2f3f22bd0406bf5b786e98d81b82c36d3d8a1be6cd07', C.HmacSHA384('ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'A')); + Y.Assert.areEqual('365dfb271adb8e30fe6c74220b75df1b38c2d19b9d37f2e5a0ec2f3f22bd0406bf5b786e98d81b82c36d3d8a1be6cd07', C.HmacSHA384('ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'A').toString()); }, testVector5: function () { - Y.Assert.areEqual('a8357d5e84da64140e41545562ae0782e2a58e39c6cd98939fad8d9080e774c84b7eaca4ba07f6dbf0f12eab912c5285', C.HmacSHA384('abcdefghijklmnopqrstuvwxyz', 'A')); + Y.Assert.areEqual('a8357d5e84da64140e41545562ae0782e2a58e39c6cd98939fad8d9080e774c84b7eaca4ba07f6dbf0f12eab912c5285', C.HmacSHA384('abcdefghijklmnopqrstuvwxyz', 'A').toString()); }, testUpdate: function () { diff --git a/test/hmac-sha512-test.js b/test/hmac-sha512-test.js index ceb2c7d..1e5d820 100644 --- a/test/hmac-sha512-test.js +++ b/test/hmac-sha512-test.js @@ -17,11 +17,11 @@ YUI.add('algo-hmac-sha512-test', function (Y) { }, testVector4: function () { - Y.Assert.areEqual('a303979f7c94bb39a8ab6ce05cdbe28f0255da8bb305263e3478ef7e855f0242729bf1d2be55398f14da8e63f0302465a8a3f76c297bd584ad028d18ed7f0195', C.HmacSHA512('ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'A')); + Y.Assert.areEqual('a303979f7c94bb39a8ab6ce05cdbe28f0255da8bb305263e3478ef7e855f0242729bf1d2be55398f14da8e63f0302465a8a3f76c297bd584ad028d18ed7f0195', C.HmacSHA512('ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'A').toString()); }, testVector5: function () { - Y.Assert.areEqual('8c2d56f7628325e62124c0a870ad98d101327fc42696899a06ce0d7121454022fae597e42c25ac3a4c380fd514f553702a5b0afaa9b5a22050902f024368e9d9', C.HmacSHA512('abcdefghijklmnopqrstuvwxyz', 'A')); + Y.Assert.areEqual('8c2d56f7628325e62124c0a870ad98d101327fc42696899a06ce0d7121454022fae597e42c25ac3a4c380fd514f553702a5b0afaa9b5a22050902f024368e9d9', C.HmacSHA512('abcdefghijklmnopqrstuvwxyz', 'A').toString()); }, testUpdate: function () { From 25a323885c10073fca2b6d740a06dce99c58e5eb Mon Sep 17 00:00:00 2001 From: Pedro Gomes Date: Fri, 4 Jan 2019 16:59:54 +0000 Subject: [PATCH 29/79] Update API Documentation --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a654192..bccfad7 100644 --- a/README.md +++ b/README.md @@ -101,7 +101,7 @@ require(["crypto-js"], function (CryptoJS) { ## API -See: https://code.google.com/p/crypto-js +See: https://cryptojs.gitbook.io/docs/ ### AES Encryption From 51bb88ea5e7b8cde7f0fa843c8a132644a132792 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian=20Kwieci=C5=84ski?= Date: Tue, 2 Apr 2019 12:55:17 +0200 Subject: [PATCH 30/79] add grunt-cli to devDepencies --- package.json | 1 + 1 file changed, 1 insertion(+) diff --git a/package.json b/package.json index ef49d55..e3db0ae 100644 --- a/package.json +++ b/package.json @@ -25,6 +25,7 @@ "devDependencies": { "fmd": "~0.0.3", "grunt": "^0.4.5", + "grunt-cli": "^1.3.2", "grunt-contrib-clean": "^0.6.0", "grunt-contrib-copy": "^0.6.0", "grunt-contrib-jshint": "^0.10.0", From 150d88df6706834e825671d6b5914c6df3937710 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian=20Kwieci=C5=84ski?= Date: Tue, 2 Apr 2019 15:14:00 +0200 Subject: [PATCH 31/79] Fix 3DES encryption with 64- and 128-bit keys --- src/tripledes.js | 15 ++++++++++++--- test/tripledes-test.js | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+), 3 deletions(-) diff --git a/src/tripledes.js b/src/tripledes.js index 8771943..0777c7c 100644 --- a/src/tripledes.js +++ b/src/tripledes.js @@ -712,11 +712,20 @@ // Shortcuts var key = this._key; var keyWords = key.words; + // Make sure the key length is valid (64, 128 or >= 192 bit) + if (keyWords.length !== 2 && keyWords.length !== 4 && keyWords.length < 6) { + throw new Error('Invalid key length - 3DES requires the key length to be 64, 128, 192 or >192.'); + } + + // Extend the key according to the keying options defined in 3DES standard + var key1 = keyWords.slice(0, 2); + var key2 = keyWords.length < 4 ? keyWords.slice(0, 2) : keyWords.slice(2, 4); + var key3 = keyWords.length < 6 ? keyWords.slice(0, 2) : keyWords.slice(4, 6); // Create DES instances - this._des1 = DES.createEncryptor(WordArray.create(keyWords.slice(0, 2))); - this._des2 = DES.createEncryptor(WordArray.create(keyWords.slice(2, 4))); - this._des3 = DES.createEncryptor(WordArray.create(keyWords.slice(4, 6))); + this._des1 = DES.createEncryptor(WordArray.create(key1)); + this._des2 = DES.createEncryptor(WordArray.create(key2)); + this._des3 = DES.createEncryptor(WordArray.create(key3)); }, encryptBlock: function (M, offset) { diff --git a/test/tripledes-test.js b/test/tripledes-test.js index b531bc8..dcc7f4a 100644 --- a/test/tripledes-test.js +++ b/test/tripledes-test.js @@ -62,6 +62,39 @@ YUI.add('algo-tripledes-test', function (Y) { Y.Assert.areEqual(expectedIv, iv.toString()); }, + test64BitKey: function() { + var message = C.enc.Hex.parse('00112233445566778899aabbccddeeff'); + var key = C.enc.Hex.parse('0011223344556677'); + var extendedKey = C.enc.Hex.parse('001122334455667700112233445566770011223344556677') + + var output1 = C.TripleDES.encrypt(message, key, { mode: C.mode.ECB }).toString(); + var output2 = C.TripleDES.encrypt(message, extendedKey, { mode: C.mode.ECB }).toString(); + + Y.Assert.areEqual(output1, output2); + }, + + test128BitKey: function() { + var message = C.enc.Hex.parse('00112233445566778899aabbccddeeff'); + var key = C.enc.Hex.parse('00112233445566778899aabbccddeeff'); + var extendedKey = C.enc.Hex.parse('00112233445566778899aabbccddeeff0011223344556677') + + var output1 = C.TripleDES.encrypt(message, key, { mode: C.mode.ECB }).toString(); + var output2 = C.TripleDES.encrypt(message, extendedKey, { mode: C.mode.ECB }).toString(); + + Y.Assert.areEqual(output1, output2); + }, + + test256BitKey: function() { + var message = C.enc.Hex.parse('00112233445566778899aabbccddeeff'); + var key = C.enc.Hex.parse('00112233445566778899aabbccddeeff0112233445566778899aabbccddeeff0'); + var truncatedKey = C.enc.Hex.parse('00112233445566778899aabbccddeeff0112233445566778') + + var output1 = C.TripleDES.encrypt(message, key, { mode: C.mode.ECB }).toString(); + var output2 = C.TripleDES.encrypt(message, truncatedKey, { mode: C.mode.ECB }).toString(); + + Y.Assert.areEqual(output1, output2); + }, + testHelper: function () { // Save original random method var random = C.lib.WordArray.random; From ec5a2222128385e92b33b8aa97f43e15b78aa828 Mon Sep 17 00:00:00 2001 From: pearson Date: Mon, 19 Aug 2019 17:22:48 +0800 Subject: [PATCH 32/79] modify the comments in core.js --- src/core.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/core.js b/src/core.js index fd95ea5..a169607 100644 --- a/src/core.js +++ b/src/core.js @@ -3,7 +3,8 @@ */ var CryptoJS = CryptoJS || (function (Math, undefined) { /* - * Local polyfil of Object.create + * Local polyfill of Object.create + */ var create = Object.create || (function () { function F() {} From b405ff597fb3ac76a7bdfbc72dca10ba1079b1d5 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Mon, 10 Feb 2020 19:18:54 +0100 Subject: [PATCH 33/79] Add secure random using native crypto module. --- src/core.js | 52 +++++++++++++++++++++++++++++++--------------------- 1 file changed, 31 insertions(+), 21 deletions(-) diff --git a/src/core.js b/src/core.js index fd95ea5..b814c3b 100644 --- a/src/core.js +++ b/src/core.js @@ -2,6 +2,34 @@ * CryptoJS core components. */ var CryptoJS = CryptoJS || (function (Math, undefined) { + + /* + * Cryptographically secure pseudorandom number generator + * + * As Math.random() is cryptographically not safe to use + */ + var secureRandom = function () { + // Native crypto module on NodeJS environment + try { + // Crypto from global object + var crypto = global.crypto; + + // Create a random float number between 0 and 1 + return Number('0.' + crypto.randomBytes(3).readUIntBE(0, 3)); + } catch (err) {} + + // Native crypto module in Browser environment + try { + // Support experimental crypto module in IE 11 + var crypto = window.crypto || window.msCrypto; + + // Create a random float number between 0 and 1 + return Number('0.' + window.crypto.getRandomValues(new Uint32Array(1))[0]); + } catch (err) {} + + throw new Error('Native crypto module could not be used to get secure random number.'); + }; + /* * Local polyfil of Object.create */ @@ -289,26 +317,8 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { random: function (nBytes) { var words = []; - var r = function (m_w) { - var m_w = m_w; - var m_z = 0x3ade68b1; - var mask = 0xffffffff; - - return function () { - m_z = (0x9069 * (m_z & 0xFFFF) + (m_z >> 0x10)) & mask; - m_w = (0x4650 * (m_w & 0xFFFF) + (m_w >> 0x10)) & mask; - var result = ((m_z << 0x10) + m_w) & mask; - result /= 0x100000000; - result += 0.5; - return result * (Math.random() > 0.5 ? 1 : -1); - } - }; - - for (var i = 0, rcache; i < nBytes; i += 4) { - var _r = r((rcache || Math.random()) * 0x100000000); - - rcache = _r() * 0x3ade67b7; - words.push((_r() * 0x100000000) | 0); + for (var i = 0; i < nBytes; i += 4) { + words.push((secureRandom() * 0x100000000) | 0); } return new WordArray.init(words, nBytes); @@ -540,7 +550,7 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { */ _process: function (doFlush) { var processedWords; - + // Shortcuts var data = this._data; var dataWords = data.words; From eb61233396b78e7e655da22a225b831ffc1e493e Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Mon, 10 Feb 2020 19:19:52 +0100 Subject: [PATCH 34/79] Fix this context in callbacks using arrow funtions. --- grunt/tasks/modularize.js | 108 +++++++++++++++++++------------------- 1 file changed, 53 insertions(+), 55 deletions(-) diff --git a/grunt/tasks/modularize.js b/grunt/tasks/modularize.js index f97d57b..6432ba7 100644 --- a/grunt/tasks/modularize.js +++ b/grunt/tasks/modularize.js @@ -2,7 +2,7 @@ var _ = require("lodash"), - fmd = require("fmd"); + fmd = require("fmd"); module.exports = function (grunt) { @@ -14,78 +14,76 @@ module.exports = function (grunt) { modules = {}, config = { - target: this.target + '/', - factories: ["commonjs", "amd", "global"], - trim_whitespace: true, - new_line: "unix", - indent: "\t" - }; + target: this.target + '/', + factories: ["commonjs", "amd", "global"], + trim_whitespace: true, + new_line: "unix", + indent: "\t" + }; // Prepare Factory-Module-Definition settings - _.each(options, function (conf, name) { + _.each(options, (conf, name) => { var sources = [], - opts = { - depends: {} - }, + opts = { + depends: {} + }, - deps = []; + deps = []; - if (conf.exports) { - opts.exports = conf.exports; - } + if (conf.exports) { + opts.exports = conf.exports; + } - if (conf.global) { - opts.global = conf.global; - } + if (conf.global) { + opts.global = conf.global; + } // Find and add self as source - _.each(this.filesSrc, function (source) { - if (grunt.file.exists(source + name + ".js")) { - sources.push(source + name + ".js"); - } - }, this); + _.each(this.filesSrc, (source) => { + if (grunt.file.exists(source + name + ".js")) { + sources.push(source + name + ".js"); + } + }); if (conf.pack) { - // Collect all components - deps = _.chain(conf.components) - .map(function (depName) { - return options[depName].components; - }) - .flatten() - .uniq() - .without(name) - .sort(function (a, b) { - return options[a].components.indexOf(b) === -1 ? -1 : 1; - }) - .value(); + // Collect all components + deps = _.chain(conf.components) + .map(depName => options[depName].components) + .flatten() + .uniq() + .without(name) + .sort((a, b) => { + return options[a].components.indexOf(b) === -1 ? -1 : 1; + }) + .value(); // Add components as source files -> results a single file - _.each(this.filesSrc, function (source) { - _.each(deps, function (depName) { - if (grunt.file.exists(source + depName + ".js")) { - sources.push(source + depName + ".js"); - } - }); - }, this); + _.each(this.filesSrc, (source) => { + _.each(deps, (depName) => { + if (grunt.file.exists(source + depName + ".js")) { + sources.push(source + depName + ".js"); + } + }); + }); } else { - // Read components and add them as dependecies - _.each(_.without(conf.components, name), function (value, i) { - opts.depends['./' + value] = value === "core" ? "CryptoJS" : null; - }); - } + // Read components and add them as dependecies + _.each(_.without(conf.components, name), (value, i) => { + opts.depends['./' + value] = value === "core" ? "CryptoJS" : null; + }); + } - // Remove duplicates - sources = _.uniq(sources); + // Remove duplicates + sources = _.uniq(sources); // Add module settings to fmd definition - modules[name] = [sources, opts]; - }, this); + modules[name] = [sources, opts]; + }); - // Build packege modules - fmd(config) - .define(modules) - .build(function (createdFiles) { + // Build packege modules + fmd(config) + .define(modules) + .build(() => { done(); }); From 77d1bddbe79bca7dabdd43d01d2c1c8a00eae21d Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Mon, 10 Feb 2020 19:55:52 +0100 Subject: [PATCH 35/79] Bump version. --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index e3db0ae..c05efb5 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "crypto-js", "title": "crypto-js", "description": "JavaScript library of crypto standards.", - "version": "3.1.9", + "version": "3.2.0", "homepage": "http://github.com/brix/crypto-js", "author": { "name": "Evan Vosberg", From 9d1a45024f744bb3a5008c5015d715a38fb1dec1 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Mon, 10 Feb 2020 20:16:36 +0100 Subject: [PATCH 36/79] Fix jshint window / global warning. --- src/core.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/core.js b/src/core.js index 9b52388..50678ad 100644 --- a/src/core.js +++ b/src/core.js @@ -1,3 +1,5 @@ +/*globals window, global*/ + /** * CryptoJS core components. */ From 3b4c51fc42fb51ba5b702cf0de93da8f82f7b2b7 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Mon, 10 Feb 2020 20:20:52 +0100 Subject: [PATCH 37/79] Update jshint config for arrow functions in grunt task. --- .jshintrc | 62 +++++++++++++++++++-------------------- grunt/tasks/modularize.js | 1 + package.json | 2 +- 3 files changed, 33 insertions(+), 32 deletions(-) diff --git a/.jshintrc b/.jshintrc index 7672d3a..72c2b12 100644 --- a/.jshintrc +++ b/.jshintrc @@ -1,33 +1,33 @@ { - "bitwise" : false, // Prohibits the use of bitwise operators (not confuse & with &&) - "curly" : true, // Requires to always put curly braces around blocks in loops and conditionals - "eqeqeq" : false, // Prohibits the use of == and != in favor of === and !== - "eqnull" : true, // Suppresses warnings about == null comparisons - "immed" : true, // Requires immediate invocations to be wrapped in parens e.g. `(function () { } ());` - "latedef" : true, // Prohibits the use of a variable before it was defined - "newcap" : false, // Requires to capitalize names of constructor functions - "noarg" : true, // Prohibits the use of arguments.caller and arguments.callee - "strict" : false, // Requires all functions to run in ECMAScript 5's strict mode - "undef" : true, // Require non-global variables to be declared (prevents global leaks) - "asi" : true, // Suppresses warnings about missing semicolons - "funcscope" : false, - "shadow" : true, - "expr" : true, - "-W041" : true, - "-W018" : true, - "globals": { - "CryptoJS" : true, - "escape" : true, - "unescape" : true, - "Int8Array" : true, - "Int16Array" : true, - "Int32Array" : true, - "Uint8Array" : true, - "Uint16Array" : true, - "Uint32Array" : true, - "Uint8ClampedArray" : true, - "ArrayBuffer" : true, - "Float32Array" : true, - "Float64Array" : true - } + "bitwise": false, // Prohibits the use of bitwise operators (not confuse & with &&) + "curly": true, // Requires to always put curly braces around blocks in loops and conditionals + "eqeqeq": false, // Prohibits the use of == and != in favor of === and !== + "eqnull": true, // Suppresses warnings about == null comparisons + "immed": true, // Requires immediate invocations to be wrapped in parens e.g. `(function () { } ());` + "latedef": false, // Prohibits the use of a variable before it was defined + "newcap": false, // Requires to capitalize names of constructor functions + "noarg": true, // Prohibits the use of arguments.caller and arguments.callee + "strict": false, // Requires all functions to run in ECMAScript 5's strict mode + "undef": true, // Require non-global variables to be declared (prevents global leaks) + "asi": true, // Suppresses warnings about missing semicolons + "funcscope": false, + "shadow": true, + "expr": true, + "-W041": true, + "-W018": true, + "globals": { + "CryptoJS": true, + "escape": true, + "unescape": true, + "Int8Array": true, + "Int16Array": true, + "Int32Array": true, + "Uint8Array": true, + "Uint16Array": true, + "Uint32Array": true, + "Uint8ClampedArray": true, + "ArrayBuffer": true, + "Float32Array": true, + "Float64Array": true + } } diff --git a/grunt/tasks/modularize.js b/grunt/tasks/modularize.js index 6432ba7..0fc3b46 100644 --- a/grunt/tasks/modularize.js +++ b/grunt/tasks/modularize.js @@ -1,4 +1,5 @@ /*jshint node: true*/ +/*jshint esversion: 6*/ var _ = require("lodash"), diff --git a/package.json b/package.json index c05efb5..6be41db 100644 --- a/package.json +++ b/package.json @@ -28,7 +28,7 @@ "grunt-cli": "^1.3.2", "grunt-contrib-clean": "^0.6.0", "grunt-contrib-copy": "^0.6.0", - "grunt-contrib-jshint": "^0.10.0", + "grunt-contrib-jshint": "^2.1.0", "grunt-jsonlint": "^1.0.4", "grunt-update-json": "^0.2.0", "load-grunt-config": "^0.16.0", From e4ac157d8b75b962d6538fc0b996e5d4d5a9466b Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Tue, 11 Feb 2020 11:11:04 +0100 Subject: [PATCH 38/79] Do not convert into float number. --- src/core.js | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/src/core.js b/src/core.js index 50678ad..6f90c42 100644 --- a/src/core.js +++ b/src/core.js @@ -10,14 +10,13 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { * * As Math.random() is cryptographically not safe to use */ - var secureRandom = function () { + var cryptoSecureRandomInt = function () { // Native crypto module on NodeJS environment try { - // Crypto from global object - var crypto = global.crypto; + // Native rypto from global object or import via require + var crypto = global.crypto || require('crypto'); - // Create a random float number between 0 and 1 - return Number('0.' + crypto.randomBytes(3).readUIntBE(0, 3)); + return crypto.randomBytes(4).readInt32LE(); } catch (err) {} // Native crypto module in Browser environment @@ -25,8 +24,7 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { // Support experimental crypto module in IE 11 var crypto = window.crypto || window.msCrypto; - // Create a random float number between 0 and 1 - return Number('0.' + window.crypto.getRandomValues(new Uint32Array(1))[0]); + return (crypto.getRandomValues(new Uint32Array(1))[0]) | 1; } catch (err) {} throw new Error('Native crypto module could not be used to get secure random number.'); @@ -321,7 +319,7 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { var words = []; for (var i = 0; i < nBytes; i += 4) { - words.push((secureRandom() * 0x100000000) | 0); + words.push((cryptoSecureRandomInt()); } return new WordArray.init(words, nBytes); From 7e2710a14c46cbae97f5fda305a5f670fc377c9d Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Tue, 11 Feb 2020 14:20:30 +0100 Subject: [PATCH 39/79] Fix typo in comment. --- src/core.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core.js b/src/core.js index 6f90c42..109cbd7 100644 --- a/src/core.js +++ b/src/core.js @@ -13,7 +13,7 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { var cryptoSecureRandomInt = function () { // Native crypto module on NodeJS environment try { - // Native rypto from global object or import via require + // Native crypto from global object or import via require var crypto = global.crypto || require('crypto'); return crypto.randomBytes(4).readInt32LE(); From 8623234c1527f1e1bc6984e975e1d14ba5f86799 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Tue, 11 Feb 2020 14:22:23 +0100 Subject: [PATCH 40/79] Fix syntax typo. --- src/core.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core.js b/src/core.js index 109cbd7..02ac9dc 100644 --- a/src/core.js +++ b/src/core.js @@ -319,7 +319,7 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { var words = []; for (var i = 0; i < nBytes; i += 4) { - words.push((cryptoSecureRandomInt()); + words.push(cryptoSecureRandomInt()); } return new WordArray.init(words, nBytes); From 0241952f572d5343d40848f17d045aa4e42ec553 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Tue, 11 Feb 2020 16:04:04 +0100 Subject: [PATCH 41/79] Remove the `| 1` left over from the previous float number operation. --- src/core.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core.js b/src/core.js index 02ac9dc..c97925b 100644 --- a/src/core.js +++ b/src/core.js @@ -24,7 +24,7 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { // Support experimental crypto module in IE 11 var crypto = window.crypto || window.msCrypto; - return (crypto.getRandomValues(new Uint32Array(1))[0]) | 1; + return crypto.getRandomValues(new Uint32Array(1))[0]; } catch (err) {} throw new Error('Native crypto module could not be used to get secure random number.'); From 20b827da1b70e68180e3fc055a0e1ee43b06843a Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Tue, 11 Feb 2020 16:13:21 +0100 Subject: [PATCH 42/79] Do not simply try catch, cheack availabilty instead. --- src/core.js | 43 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 34 insertions(+), 9 deletions(-) diff --git a/src/core.js b/src/core.js index c97925b..6bfec9b 100644 --- a/src/core.js +++ b/src/core.js @@ -11,22 +11,47 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { * As Math.random() is cryptographically not safe to use */ var cryptoSecureRandomInt = function () { - // Native crypto module on NodeJS environment - try { - // Native crypto from global object or import via require - var crypto = global.crypto || require('crypto'); + var crypto; - return crypto.randomBytes(4).readInt32LE(); + // Native crypto module in Browser environment + try { + if (typeof window !== 'undefined') { + if (window.crypto) { + // Support experimental crypto module in IE 11 + crypto = window.crypto; + } else if (window.msCrypto) { + // Support experimental crypto module in IE 11 + crypto = window.msCrypto; + } + } } catch (err) {} - // Native crypto module in Browser environment + // Native crypto module on NodeJS environment try { - // Support experimental crypto module in IE 11 - var crypto = window.crypto || window.msCrypto; + if (typeof global !== 'undefined' && global.crypto) { + // Native crypto from global + crypto = global.crypto; + } else if (typeof require === 'function') { + // Native crypto import via require + crypto = require('crypto'); + } - return crypto.getRandomValues(new Uint32Array(1))[0]; } catch (err) {} + // Use getRandomValues method + if (crypto && typeof crypto.getRandomValues === 'function') { + try { + return crypto.getRandomValues(new Uint32Array(1))[0]; + } catch (err) {} + } + + // Use randomBytes method + if (crypto && typeof crypto.randomBytes === 'function') { + try { + return crypto.randomBytes(4).readInt32LE(); + } catch (err) {} + } + throw new Error('Native crypto module could not be used to get secure random number.'); }; From 3cbd6c102047abd55f53ccb88d2334d1528ac49f Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Tue, 11 Feb 2020 16:15:25 +0100 Subject: [PATCH 43/79] Update comment. --- src/core.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/core.js b/src/core.js index 6bfec9b..cb21eb1 100644 --- a/src/core.js +++ b/src/core.js @@ -17,7 +17,7 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { try { if (typeof window !== 'undefined') { if (window.crypto) { - // Support experimental crypto module in IE 11 + // Use global crypto module crypto = window.crypto; } else if (window.msCrypto) { // Support experimental crypto module in IE 11 @@ -35,7 +35,6 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { // Native crypto import via require crypto = require('crypto'); } - } catch (err) {} // Use getRandomValues method From 4d5da7a916caf52b60b8561f5b35421e9d53f5a2 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Tue, 11 Feb 2020 19:33:21 +0100 Subject: [PATCH 44/79] Just one if to check whether crypto is defined. --- src/core.js | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/src/core.js b/src/core.js index cb21eb1..e9a32f3 100644 --- a/src/core.js +++ b/src/core.js @@ -37,18 +37,20 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { } } catch (err) {} - // Use getRandomValues method - if (crypto && typeof crypto.getRandomValues === 'function') { - try { - return crypto.getRandomValues(new Uint32Array(1))[0]; - } catch (err) {} - } + if (crypto) { + // Use getRandomValues method + if (typeof crypto.getRandomValues === 'function') { + try { + return crypto.getRandomValues(new Uint32Array(1))[0]; + } catch (err) {} + } - // Use randomBytes method - if (crypto && typeof crypto.randomBytes === 'function') { - try { - return crypto.randomBytes(4).readInt32LE(); - } catch (err) {} + // Use randomBytes method + if (typeof crypto.randomBytes === 'function') { + try { + return crypto.randomBytes(4).readInt32LE(); + } catch (err) {} + } } throw new Error('Native crypto module could not be used to get secure random number.'); From ac288621445018e187e9433c295e2c0ce5367637 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Tue, 11 Feb 2020 19:40:46 +0100 Subject: [PATCH 45/79] Reduce try catch statements. --- src/core.js | 48 +++++++++++++++++++++++------------------------- 1 file changed, 23 insertions(+), 25 deletions(-) diff --git a/src/core.js b/src/core.js index e9a32f3..9e0950f 100644 --- a/src/core.js +++ b/src/core.js @@ -1,4 +1,4 @@ -/*globals window, global*/ +/*globals window, global, require*/ /** * CryptoJS core components. @@ -13,39 +13,37 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { var cryptoSecureRandomInt = function () { var crypto; - // Native crypto module in Browser environment - try { - if (typeof window !== 'undefined') { - if (window.crypto) { - // Use global crypto module - crypto = window.crypto; - } else if (window.msCrypto) { - // Support experimental crypto module in IE 11 - crypto = window.msCrypto; - } - } - } catch (err) {} - - // Native crypto module on NodeJS environment - try { - if (typeof global !== 'undefined' && global.crypto) { - // Native crypto from global - crypto = global.crypto; - } else if (typeof require === 'function') { - // Native crypto import via require + // Native crypto from window (Browser) + if (typeof window !== 'undefined' && window.crypto) { + crypto = window.crypto; + } + + // Native (experimental IE 11) crypto from window (Browser) + if (!crypto && typeof window !== 'undefined' && window.msCrypto) { + crypto = window.msCrypto; + } + + // Native crypto from global (NodeJS) + if (!crypto && typeof global !== 'undefined' && global.crypto) { + crypto = global.crypto; + } + + // Native crypto import via require (NodeJS) + if (!crypto && typeof require === 'function') { + try { crypto = require('crypto'); - } - } catch (err) {} + } catch (err) {} + } if (crypto) { - // Use getRandomValues method + // Use getRandomValues method (Browser) if (typeof crypto.getRandomValues === 'function') { try { return crypto.getRandomValues(new Uint32Array(1))[0]; } catch (err) {} } - // Use randomBytes method + // Use randomBytes method (NodeJS) if (typeof crypto.randomBytes === 'function') { try { return crypto.randomBytes(4).readInt32LE(); From 7f809c93bd9264d7031d8e629dcc8b9ec3ecc432 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Tue, 11 Feb 2020 19:58:59 +0100 Subject: [PATCH 46/79] Do not run the detect native crypto module for every cryptoSecureRandomInt call. --- src/core.js | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/src/core.js b/src/core.js index 9e0950f..8ba28ed 100644 --- a/src/core.js +++ b/src/core.js @@ -5,36 +5,36 @@ */ var CryptoJS = CryptoJS || (function (Math, undefined) { + var crypto; + + // Native crypto from window (Browser) + if (typeof window !== 'undefined' && window.crypto) { + crypto = window.crypto; + } + + // Native (experimental IE 11) crypto from window (Browser) + if (!crypto && typeof window !== 'undefined' && window.msCrypto) { + crypto = window.msCrypto; + } + + // Native crypto from global (NodeJS) + if (!crypto && typeof global !== 'undefined' && global.crypto) { + crypto = global.crypto; + } + + // Native crypto import via require (NodeJS) + if (!crypto && typeof require === 'function') { + try { + crypto = require('crypto'); + } catch (err) {} + } + /* * Cryptographically secure pseudorandom number generator * * As Math.random() is cryptographically not safe to use */ var cryptoSecureRandomInt = function () { - var crypto; - - // Native crypto from window (Browser) - if (typeof window !== 'undefined' && window.crypto) { - crypto = window.crypto; - } - - // Native (experimental IE 11) crypto from window (Browser) - if (!crypto && typeof window !== 'undefined' && window.msCrypto) { - crypto = window.msCrypto; - } - - // Native crypto from global (NodeJS) - if (!crypto && typeof global !== 'undefined' && global.crypto) { - crypto = global.crypto; - } - - // Native crypto import via require (NodeJS) - if (!crypto && typeof require === 'function') { - try { - crypto = require('crypto'); - } catch (err) {} - } - if (crypto) { // Use getRandomValues method (Browser) if (typeof crypto.getRandomValues === 'function') { From 409ae7696ff0329765d080476dea76813ea21605 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Tue, 11 Feb 2020 22:25:00 +0100 Subject: [PATCH 47/79] Bump version. --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 6be41db..6e9bfe2 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "crypto-js", "title": "crypto-js", "description": "JavaScript library of crypto standards.", - "version": "3.2.0", + "version": "3.2.1", "homepage": "http://github.com/brix/crypto-js", "author": { "name": "Evan Vosberg", From 78bde5f9f38895dd5761fb0465b84f79db169645 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Tue, 11 Feb 2020 22:49:50 +0100 Subject: [PATCH 48/79] Add release notes. --- README.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/README.md b/README.md index bccfad7..93d9477 100644 --- a/README.md +++ b/README.md @@ -208,3 +208,28 @@ console.log(decryptedData); // [{id: 1}, {id: 2}] - ```crypto-js/pad-iso97971``` - ```crypto-js/pad-zeropadding``` - ```crypto-js/pad-nopadding``` + + +## Release notes + +### 3.2.1 + +The usage of the native crypto module has been fixed. The import and access of the native crypto module has been improved. + +### 3.2.0 + +In this version `Math.random()` has been replaced by the random methods of the native crypto module. + +For this reason CryptoJS might does not run in some JavaScript environments without native crypto module. Such as IE 10 or before. + +If it's absolute required to run CryptoJS in such an environment, stay with `3.1.x` version. Encrypting and decrypting stays compatible. But keep in mind `3.1.x` versions still use `Math.random()` which is cryptographically not secure, as it's not random enough. + +This version came along with `CRITICAL` `BUG`. + +DO NOT USE THIS VERSION! Please, go for a newer version! + +### 3.1.x + +The `3.1.x` are based on the original CryptoJS, wrapped in CommonJS modules. + + From b60b80ca6b87636b36e4ada3c7d7f19faea65b4a Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Tue, 11 Feb 2020 22:59:51 +0100 Subject: [PATCH 49/79] Add test page which uses the created bundle after build to run the tests. --- test/test-build.html | 105 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 105 insertions(+) create mode 100644 test/test-build.html diff --git a/test/test-build.html b/test/test-build.html new file mode 100644 index 0000000..c6eb05c --- /dev/null +++ b/test/test-build.html @@ -0,0 +1,105 @@ + + + + + CryptoJS Test Suite + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From 1d303185c01535a6ee60e33f349f5289565f7fcb Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Wed, 12 Feb 2020 12:46:58 +0100 Subject: [PATCH 50/79] Pull `3.3.0` from `master` into `develop`. --- README.md | 6 ++++++ package.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 93d9477..d1236a3 100644 --- a/README.md +++ b/README.md @@ -212,6 +212,12 @@ console.log(decryptedData); // [{id: 1}, {id: 2}] ## Release notes +### 3.3.0 + +Rollback, `3.3.0` is the same as `3.1.9-1`. + +The move of using native secure crypto module will be shifted to a new `4.x.x` version. As it is a breaking change the impact is too big for a minor release. + ### 3.2.1 The usage of the native crypto module has been fixed. The import and access of the native crypto module has been improved. diff --git a/package.json b/package.json index 6e9bfe2..0587636 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "crypto-js", "title": "crypto-js", "description": "JavaScript library of crypto standards.", - "version": "3.2.1", + "version": "3.3.0", "homepage": "http://github.com/brix/crypto-js", "author": { "name": "Evan Vosberg", From 38b74c03c3f4a1dc37d2fa447e43b5f19da3dfb7 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Wed, 12 Feb 2020 12:48:14 +0100 Subject: [PATCH 51/79] Bump major reslease version. --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 0587636..b7686de 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "crypto-js", "title": "crypto-js", "description": "JavaScript library of crypto standards.", - "version": "3.3.0", + "version": "4.0.0", "homepage": "http://github.com/brix/crypto-js", "author": { "name": "Evan Vosberg", From ba083107c634dd5c4840fab743578176ea4340ce Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Wed, 12 Feb 2020 12:54:38 +0100 Subject: [PATCH 52/79] Add release notes. --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index d1236a3..250c97c 100644 --- a/README.md +++ b/README.md @@ -212,6 +212,14 @@ console.log(decryptedData); // [{id: 1}, {id: 2}] ## Release notes +### 4.0.0 + +This is an update including breaking changes for some environments. + +In this version `Math.random()` has been replaced by the random methods of the native crypto module. + +For this reason CryptoJS might does not run in some JavaScript environments without native crypto module. Such as IE 10 or before or React Native. + ### 3.3.0 Rollback, `3.3.0` is the same as `3.1.9-1`. From 2a801f62c575b28fca5e19921bda58f7bb813f8f Mon Sep 17 00:00:00 2001 From: Gabriel Garcia Date: Wed, 12 Feb 2020 14:41:01 -0800 Subject: [PATCH 53/79] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 250c97c..50c4d57 100644 --- a/README.md +++ b/README.md @@ -218,7 +218,7 @@ This is an update including breaking changes for some environments. In this version `Math.random()` has been replaced by the random methods of the native crypto module. -For this reason CryptoJS might does not run in some JavaScript environments without native crypto module. Such as IE 10 or before or React Native. +For this reason CryptoJS might not run in some JavaScript environments without native crypto module. Such as IE 10 or before or React Native. ### 3.3.0 From 1241fdb81948734ab613f5cd3c976747ba31c1ae Mon Sep 17 00:00:00 2001 From: Lubos Dolezel Date: Sun, 10 May 2020 22:15:56 +0200 Subject: [PATCH 54/79] Support self.crypto in Web Workers --- src/core.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/core.js b/src/core.js index 8ba28ed..5f5d604 100644 --- a/src/core.js +++ b/src/core.js @@ -12,6 +12,11 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { crypto = window.crypto; } + // Native crypto in web worker (Browser) + if (typeof self !== 'undefined' && self.crypto) { + crypto = self.crypto; + } + // Native (experimental IE 11) crypto from window (Browser) if (!crypto && typeof window !== 'undefined' && window.msCrypto) { crypto = window.msCrypto; From 71ad0bcd2cb015021cacdb0120c065e87b7669d2 Mon Sep 17 00:00:00 2001 From: paulmwatson Date: Mon, 11 May 2020 14:44:09 +0200 Subject: [PATCH 55/79] Minor typo fix: varialbes => variables --- src/md5.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/md5.js b/src/md5.js index 5189321..77ae69d 100644 --- a/src/md5.js +++ b/src/md5.js @@ -60,7 +60,7 @@ var M_offset_14 = M[offset + 14]; var M_offset_15 = M[offset + 15]; - // Working varialbes + // Working variables var a = H[0]; var b = H[1]; var c = H[2]; From 1adcb50e99a530b1457988ecabf2475f790c872a Mon Sep 17 00:00:00 2001 From: Frederic R Date: Sat, 20 Jun 2020 15:43:59 +0100 Subject: [PATCH 56/79] =?UTF-8?q?lint=20=F0=9F=9A=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/core.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/core.js b/src/core.js index 8ba28ed..0bdc81c 100644 --- a/src/core.js +++ b/src/core.js @@ -72,7 +72,7 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { return subtype; }; - }()) + }()); /** * CryptoJS namespace. @@ -283,8 +283,8 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { } } else { // Copy one word at a time - for (var i = 0; i < thatSigBytes; i += 4) { - thisWords[(thisSigBytes + i) >>> 2] = thatWords[i >>> 2]; + for (var j = 0; j < thatSigBytes; j += 4) { + thisWords[(thisSigBytes + j) >>> 2] = thatWords[j >>> 2]; } } this.sigBytes += thatSigBytes; From 971c31f0c931f913d22a76ed488d9216ac04e306 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Thu, 19 Nov 2020 01:48:20 +0100 Subject: [PATCH 57/79] Add support for crypto from globalThis. --- src/core.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/core.js b/src/core.js index a8a543e..e1330e7 100644 --- a/src/core.js +++ b/src/core.js @@ -17,6 +17,11 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { crypto = self.crypto; } + // Native crypto from worker + if (typeof globalThis !== 'undefined' && globalThis.crypto) { + crypto = globalThis.crypto; + } + // Native (experimental IE 11) crypto from window (Browser) if (!crypto && typeof window !== 'undefined' && window.msCrypto) { crypto = window.msCrypto; From ae0696fe7c45eb3df7b841931dd18170959aa4b3 Mon Sep 17 00:00:00 2001 From: Spencer17x <1253478653@qq.com> Date: Fri, 18 Jun 2021 20:37:29 +0800 Subject: [PATCH 58/79] feat: add urlsafe --- grunt/config/modularize.js | 8 ++- package.json | 3 +- src/enc-base64url.js | 121 +++++++++++++++++++++++++++++++++++++ test/test1.html | 63 +++++++++++++++++++ 4 files changed, 192 insertions(+), 3 deletions(-) create mode 100644 src/enc-base64url.js create mode 100644 test/test1.html diff --git a/grunt/config/modularize.js b/grunt/config/modularize.js index 2b4f2cc..58053a1 100644 --- a/grunt/config/modularize.js +++ b/grunt/config/modularize.js @@ -13,13 +13,13 @@ module.exports = { "index": { "global": "CryptoJS", "exports": "CryptoJS", - "components": ["core", "x64-core", "lib-typedarrays", "enc-utf16", "enc-base64", "md5", "sha1", "sha256", "sha224", "sha512", "sha384", "sha3", "ripemd160", "hmac", "pbkdf2", "evpkdf", "cipher-core", "mode-cfb", "mode-ctr", "mode-ctr-gladman", "mode-ofb", "mode-ecb", "pad-ansix923", "pad-iso10126", "pad-iso97971", "pad-zeropadding", "pad-nopadding", "format-hex", "aes", "tripledes", "rc4", "rabbit", "rabbit-legacy"] + "components": ["core", "x64-core", "lib-typedarrays", "enc-utf16", "enc-base64", "enc-base64url", "md5", "sha1", "sha256", "sha224", "sha512", "sha384", "sha3", "ripemd160", "hmac", "pbkdf2", "evpkdf", "cipher-core", "mode-cfb", "mode-ctr", "mode-ctr-gladman", "mode-ofb", "mode-ecb", "pad-ansix923", "pad-iso10126", "pad-iso97971", "pad-zeropadding", "pad-nopadding", "format-hex", "aes", "tripledes", "rc4", "rabbit", "rabbit-legacy"] }, "crypto-js": { "pack": true, "global": "CryptoJS", "exports": "CryptoJS", - "components": ["core", "x64-core", "lib-typedarrays", "enc-utf16", "enc-base64", "md5", "sha1", "sha256", "sha224", "sha512", "sha384", "sha3", "ripemd160", "hmac", "pbkdf2", "evpkdf", "cipher-core", "mode-cfb", "mode-ctr", "mode-ctr-gladman", "mode-ofb", "mode-ecb", "pad-ansix923", "pad-iso10126", "pad-iso97971", "pad-zeropadding", "pad-nopadding", "format-hex", "aes", "tripledes", "rc4", "rabbit", "rabbit-legacy"] + "components": ["core", "x64-core", "lib-typedarrays", "enc-utf16", "enc-base64", "enc-base64url", "md5", "sha1", "sha256", "sha224", "sha512", "sha384", "sha3", "ripemd160", "hmac", "pbkdf2", "evpkdf", "cipher-core", "mode-cfb", "mode-ctr", "mode-ctr-gladman", "mode-ofb", "mode-ecb", "pad-ansix923", "pad-iso10126", "pad-iso97971", "pad-zeropadding", "pad-nopadding", "format-hex", "aes", "tripledes", "rc4", "rabbit", "rabbit-legacy"] }, // hash @@ -174,6 +174,10 @@ module.exports = { "exports": "CryptoJS.enc.Base64", "components": ["core", "enc-base64"] }, + "enc-base64url": { + "exports": "CryptoJS.enc.Base64url", + "components": ["core", "enc-base64url"] + }, // mode "mode-cfb": { diff --git a/package.json b/package.json index b7686de..862a6a0 100644 --- a/package.json +++ b/package.json @@ -53,6 +53,7 @@ "CFB", "CTR", "CBC", - "Base64" + "Base64", + "Base64url" ] } diff --git a/src/enc-base64url.js b/src/enc-base64url.js new file mode 100644 index 0000000..661ea39 --- /dev/null +++ b/src/enc-base64url.js @@ -0,0 +1,121 @@ +(function () { + // Shortcuts + var C = CryptoJS; + var C_lib = C.lib; + var WordArray = C_lib.WordArray; + var C_enc = C.enc; + + /** + * Base64url encoding strategy. + */ + var Base64url = C_enc.Base64url = { + /** + * Converts a word array to a Base64url string. + * + * @param {WordArray} wordArray The word array. + * + * @param {boolean} urlSafe Whether to use url safe + * + * @return {string} The Base64url string. + * + * @static + * + * @example + * + * var base64String = CryptoJS.enc.Base64url.stringify(wordArray); + */ + stringify: function (wordArray, urlSafe=true) { + // Shortcuts + var words = wordArray.words; + var sigBytes = wordArray.sigBytes; + var map = urlSafe ? this._safe_map : this._map; + + // Clamp excess bits + wordArray.clamp(); + + // Convert + var base64Chars = []; + for (var i = 0; i < sigBytes; i += 3) { + var byte1 = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff; + var byte2 = (words[(i + 1) >>> 2] >>> (24 - ((i + 1) % 4) * 8)) & 0xff; + var byte3 = (words[(i + 2) >>> 2] >>> (24 - ((i + 2) % 4) * 8)) & 0xff; + + var triplet = (byte1 << 16) | (byte2 << 8) | byte3; + + for (var j = 0; (j < 4) && (i + j * 0.75 < sigBytes); j++) { + base64Chars.push(map.charAt((triplet >>> (6 * (3 - j))) & 0x3f)); + } + } + + // Add padding + var paddingChar = map.charAt(64); + if (paddingChar) { + while (base64Chars.length % 4) { + base64Chars.push(paddingChar); + } + } + + return base64Chars.join(''); + }, + + /** + * Converts a Base64url string to a word array. + * + * @param {string} base64Str The Base64url string. + * + * @param {boolean} urlSafe Whether to use url safe + * + * @return {WordArray} The word array. + * + * @static + * + * @example + * + * var wordArray = CryptoJS.enc.Base64url.parse(base64String); + */ + parse: function (base64Str, urlSafe=true) { + // Shortcuts + var base64StrLength = base64Str.length; + var map = urlSafe ? this._safe_map : this._map; + var reverseMap = this._reverseMap; + + if (!reverseMap) { + reverseMap = this._reverseMap = []; + for (var j = 0; j < map.length; j++) { + reverseMap[map.charCodeAt(j)] = j; + } + } + + // Ignore padding + var paddingChar = map.charAt(64); + if (paddingChar) { + var paddingIndex = base64Str.indexOf(paddingChar); + if (paddingIndex !== -1) { + base64StrLength = paddingIndex; + } + } + + // Convert + return parseLoop(base64Str, base64StrLength, reverseMap); + + }, + + _map: 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=', + _safe_map: 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_', + }; + + function parseLoop(base64Str, base64StrLength, reverseMap) { + var words = []; + var nBytes = 0; + for (var i = 0; i < base64StrLength; i++) { + if (i % 4) { + var bits1 = reverseMap[base64Str.charCodeAt(i - 1)] << ((i % 4) * 2); + var bits2 = reverseMap[base64Str.charCodeAt(i)] >>> (6 - (i % 4) * 2); + var bitsCombined = bits1 | bits2; + words[nBytes >>> 2] |= bitsCombined << (24 - (nBytes % 4) * 8); + nBytes++; + } + } + return WordArray.create(words, nBytes); + } +}()); \ No newline at end of file diff --git a/test/test1.html b/test/test1.html new file mode 100644 index 0000000..731b877 --- /dev/null +++ b/test/test1.html @@ -0,0 +1,63 @@ + + + + + CryptoJS Test Suite + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file From 058b8e7e59320ed3421ef3e36616670e6538a5fb Mon Sep 17 00:00:00 2001 From: hkjpotato Date: Tue, 6 Jul 2021 04:28:57 -0400 Subject: [PATCH 59/79] add browser field to avoid shimming crypto-browserify --- package.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/package.json b/package.json index b7686de..311da4f 100644 --- a/package.json +++ b/package.json @@ -21,6 +21,9 @@ "test": "grunt default" }, "main": "index.js", + "browser": { + "crypto": false + }, "dependencies": {}, "devDependencies": { "fmd": "~0.0.3", From 37275c77270ff49af02c8939f67ed5339da83219 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Thu, 22 Jul 2021 11:40:30 +0300 Subject: [PATCH 60/79] Bump release version. --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index ef873bb..014d83a 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "crypto-js", "title": "crypto-js", "description": "JavaScript library of crypto standards.", - "version": "4.0.0", + "version": "4.1.0", "homepage": "http://github.com/brix/crypto-js", "author": { "name": "Evan Vosberg", From 495890cde84c3c492837e4f3775760f84cc591b4 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Thu, 22 Jul 2021 11:44:54 +0300 Subject: [PATCH 61/79] Update release notes. --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 50c4d57..6f55b03 100644 --- a/README.md +++ b/README.md @@ -212,6 +212,12 @@ console.log(decryptedData); // [{id: 1}, {id: 2}] ## Release notes +### 4.1.0 + +Added url safe variant of base64 encoding. [357](https://github.com/brix/crypto-js/pull/357) + +Avoid webpack to add crypto-browser package. [364](https://github.com/brix/crypto-js/pull/364) + ### 4.0.0 This is an update including breaking changes for some environments. From 56ebdb99b6ddf5a6fe0c7bedaabac0d2f3c76ba3 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Thu, 22 Jul 2021 14:39:48 +0300 Subject: [PATCH 62/79] Include browser field in release package.json. --- grunt/config/update_json.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/grunt/config/update_json.js b/grunt/config/update_json.js index 46a5656..1b92a78 100644 --- a/grunt/config/update_json.js +++ b/grunt/config/update_json.js @@ -19,7 +19,8 @@ module.exports = { 'repository': null, 'keywords': null, 'main': null, - 'dependencies': null + 'dependencies': null, + 'browser': null } }, bower: { @@ -36,6 +37,7 @@ module.exports = { 'keywords': null, 'main': null, 'dependencies': null, + 'browser': null, 'ignore': [] } } From a30519df4bfb6e0b880a3a34436f0526ec5adb87 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Thu, 22 Jul 2021 14:50:27 +0300 Subject: [PATCH 63/79] Fix order of release modules. --- grunt/tasks/modularize.js | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/grunt/tasks/modularize.js b/grunt/tasks/modularize.js index 0fc3b46..228e9ae 100644 --- a/grunt/tasks/modularize.js +++ b/grunt/tasks/modularize.js @@ -55,7 +55,15 @@ module.exports = function (grunt) { .uniq() .without(name) .sort((a, b) => { - return options[a].components.indexOf(b) === -1 ? -1 : 1; + if (options[a].components.includes(b)) { + return 1 + } + + if (options[b].components.includes(a)) { + return -1 + } + + return 0; }) .value(); From 0326a863284ce58421ac809b230710329eae9574 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Thu, 22 Jul 2021 14:51:34 +0300 Subject: [PATCH 64/79] Bump version. --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 014d83a..6726ec7 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "crypto-js", "title": "crypto-js", "description": "JavaScript library of crypto standards.", - "version": "4.1.0", + "version": "4.1.1", "homepage": "http://github.com/brix/crypto-js", "author": { "name": "Evan Vosberg", From 81ed5629ddfd3c5ec6689921060bc91eb4d51c91 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Thu, 22 Jul 2021 14:52:29 +0300 Subject: [PATCH 65/79] Update release notes. --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 6f55b03..23795aa 100644 --- a/README.md +++ b/README.md @@ -212,6 +212,12 @@ console.log(decryptedData); // [{id: 1}, {id: 2}] ## Release notes +### 4.1.1 + +Fix module order in bundled release. + +Include the browser field in the released package.json. + ### 4.1.0 Added url safe variant of base64 encoding. [357](https://github.com/brix/crypto-js/pull/357) From ecfe2e45f5237f1c27ce614c0a1ea442faa257b6 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Thu, 22 Jul 2021 15:01:11 +0300 Subject: [PATCH 66/79] Update dev dependencies. --- package.json | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/package.json b/package.json index 6726ec7..0bddb88 100644 --- a/package.json +++ b/package.json @@ -27,15 +27,15 @@ "dependencies": {}, "devDependencies": { "fmd": "~0.0.3", - "grunt": "^0.4.5", + "grunt": "^1.3.2", "grunt-cli": "^1.3.2", - "grunt-contrib-clean": "^0.6.0", - "grunt-contrib-copy": "^0.6.0", - "grunt-contrib-jshint": "^2.1.0", - "grunt-jsonlint": "^1.0.4", - "grunt-update-json": "^0.2.0", - "load-grunt-config": "^0.16.0", - "lodash": "^4.17.11" + "grunt-contrib-clean": "^2.0.0", + "grunt-contrib-copy": "^1.0.0", + "grunt-contrib-jshint": "^3.0.0", + "grunt-jsonlint": "^2.1.3", + "grunt-update-json": "^0.2.2", + "load-grunt-config": "^4.0.0", + "lodash": "^4.17.21" }, "keywords": [ "security", From dcc3848f5de5208bca73f36c0ed77fa192ee2ea8 Mon Sep 17 00:00:00 2001 From: Alanscut Date: Mon, 30 Aug 2021 14:28:30 +0800 Subject: [PATCH 67/79] fix:The "cfg.salt" parameter don't work --- src/cipher-core.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cipher-core.js b/src/cipher-core.js index 0fe6136..5086638 100644 --- a/src/cipher-core.js +++ b/src/cipher-core.js @@ -819,7 +819,7 @@ CryptoJS.lib.Cipher || (function (undefined) { cfg = this.cfg.extend(cfg); // Derive key and other params - var derivedParams = cfg.kdf.execute(password, cipher.keySize, cipher.ivSize); + var derivedParams = cfg.kdf.execute(password, cipher.keySize, cipher.ivSize, cfg.salt); // Add IV to config cfg.iv = derivedParams.iv; From ca7384f8dc3d25437703b7a1899b9928e6379adc Mon Sep 17 00:00:00 2001 From: Alanscut Date: Tue, 31 Aug 2021 11:37:01 +0800 Subject: [PATCH 68/79] test: add test case,using salt in the config --- test/config-test.js | 26 ++++++++++++++++++++++++++ test/test.html | 1 + 2 files changed, 27 insertions(+) create mode 100644 test/config-test.js diff --git a/test/config-test.js b/test/config-test.js new file mode 100644 index 0000000..090e9fd --- /dev/null +++ b/test/config-test.js @@ -0,0 +1,26 @@ +YUI.add('config-test', function (Y) { + var C = CryptoJS; + + Y.Test.Runner.add(new Y.Test.Case({ + name: 'Config', + + setUp: function () { + this.data = { + saltA: CryptoJS.enc.Hex.parse('AA00000000000000'), + saltB: CryptoJS.enc.Hex.parse('BB00000000000000') + }; + }, + + testEncrypt: function () { + Y.Assert.areEqual(C.AES.encrypt('Test', 'Pass', { salt: this.data.saltA }).toString(), C.AES.encrypt('Test', 'Pass', { salt: this.data.saltA }).toString()); + Y.Assert.areNotEqual(C.AES.encrypt('Test', 'Pass', { salt: this.data.saltA }).toString(), C.AES.encrypt('Test', 'Pass', { salt: this.data.saltB }).toString()); + }, + + testDecrypt: function () { + var encryptedA = C.AES.encrypt('Test', 'Pass', { salt: this.data.saltA }); + var encryptedB = C.AES.encrypt('Test', 'Pass', { salt: this.data.saltB }); + Y.Assert.areEqual('Test', C.AES.decrypt(encryptedA, 'Pass').toString(C.enc.Utf8)); + Y.Assert.areEqual('Test', C.AES.decrypt(encryptedB, 'Pass').toString(C.enc.Utf8)); + } + })); +}, '$Rev$'); \ No newline at end of file diff --git a/test/test.html b/test/test.html index d469486..6ab23c2 100644 --- a/test/test.html +++ b/test/test.html @@ -88,6 +88,7 @@ + + @@ -89,6 +90,7 @@ +