From 51bb88ea5e7b8cde7f0fa843c8a132644a132792 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian=20Kwieci=C5=84ski?= Date: Tue, 2 Apr 2019 12:55:17 +0200 Subject: [PATCH 01/50] add grunt-cli to devDepencies --- package.json | 1 + 1 file changed, 1 insertion(+) diff --git a/package.json b/package.json index ef49d55..e3db0ae 100644 --- a/package.json +++ b/package.json @@ -25,6 +25,7 @@ "devDependencies": { "fmd": "~0.0.3", "grunt": "^0.4.5", + "grunt-cli": "^1.3.2", "grunt-contrib-clean": "^0.6.0", "grunt-contrib-copy": "^0.6.0", "grunt-contrib-jshint": "^0.10.0", From 150d88df6706834e825671d6b5914c6df3937710 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian=20Kwieci=C5=84ski?= Date: Tue, 2 Apr 2019 15:14:00 +0200 Subject: [PATCH 02/50] Fix 3DES encryption with 64- and 128-bit keys --- src/tripledes.js | 15 ++++++++++++--- test/tripledes-test.js | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+), 3 deletions(-) diff --git a/src/tripledes.js b/src/tripledes.js index 8771943..0777c7c 100644 --- a/src/tripledes.js +++ b/src/tripledes.js @@ -712,11 +712,20 @@ // Shortcuts var key = this._key; var keyWords = key.words; + // Make sure the key length is valid (64, 128 or >= 192 bit) + if (keyWords.length !== 2 && keyWords.length !== 4 && keyWords.length < 6) { + throw new Error('Invalid key length - 3DES requires the key length to be 64, 128, 192 or >192.'); + } + + // Extend the key according to the keying options defined in 3DES standard + var key1 = keyWords.slice(0, 2); + var key2 = keyWords.length < 4 ? keyWords.slice(0, 2) : keyWords.slice(2, 4); + var key3 = keyWords.length < 6 ? keyWords.slice(0, 2) : keyWords.slice(4, 6); // Create DES instances - this._des1 = DES.createEncryptor(WordArray.create(keyWords.slice(0, 2))); - this._des2 = DES.createEncryptor(WordArray.create(keyWords.slice(2, 4))); - this._des3 = DES.createEncryptor(WordArray.create(keyWords.slice(4, 6))); + this._des1 = DES.createEncryptor(WordArray.create(key1)); + this._des2 = DES.createEncryptor(WordArray.create(key2)); + this._des3 = DES.createEncryptor(WordArray.create(key3)); }, encryptBlock: function (M, offset) { diff --git a/test/tripledes-test.js b/test/tripledes-test.js index b531bc8..dcc7f4a 100644 --- a/test/tripledes-test.js +++ b/test/tripledes-test.js @@ -62,6 +62,39 @@ YUI.add('algo-tripledes-test', function (Y) { Y.Assert.areEqual(expectedIv, iv.toString()); }, + test64BitKey: function() { + var message = C.enc.Hex.parse('00112233445566778899aabbccddeeff'); + var key = C.enc.Hex.parse('0011223344556677'); + var extendedKey = C.enc.Hex.parse('001122334455667700112233445566770011223344556677') + + var output1 = C.TripleDES.encrypt(message, key, { mode: C.mode.ECB }).toString(); + var output2 = C.TripleDES.encrypt(message, extendedKey, { mode: C.mode.ECB }).toString(); + + Y.Assert.areEqual(output1, output2); + }, + + test128BitKey: function() { + var message = C.enc.Hex.parse('00112233445566778899aabbccddeeff'); + var key = C.enc.Hex.parse('00112233445566778899aabbccddeeff'); + var extendedKey = C.enc.Hex.parse('00112233445566778899aabbccddeeff0011223344556677') + + var output1 = C.TripleDES.encrypt(message, key, { mode: C.mode.ECB }).toString(); + var output2 = C.TripleDES.encrypt(message, extendedKey, { mode: C.mode.ECB }).toString(); + + Y.Assert.areEqual(output1, output2); + }, + + test256BitKey: function() { + var message = C.enc.Hex.parse('00112233445566778899aabbccddeeff'); + var key = C.enc.Hex.parse('00112233445566778899aabbccddeeff0112233445566778899aabbccddeeff0'); + var truncatedKey = C.enc.Hex.parse('00112233445566778899aabbccddeeff0112233445566778') + + var output1 = C.TripleDES.encrypt(message, key, { mode: C.mode.ECB }).toString(); + var output2 = C.TripleDES.encrypt(message, truncatedKey, { mode: C.mode.ECB }).toString(); + + Y.Assert.areEqual(output1, output2); + }, + testHelper: function () { // Save original random method var random = C.lib.WordArray.random; From ec5a2222128385e92b33b8aa97f43e15b78aa828 Mon Sep 17 00:00:00 2001 From: pearson Date: Mon, 19 Aug 2019 17:22:48 +0800 Subject: [PATCH 03/50] modify the comments in core.js --- src/core.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/core.js b/src/core.js index fd95ea5..a169607 100644 --- a/src/core.js +++ b/src/core.js @@ -3,7 +3,8 @@ */ var CryptoJS = CryptoJS || (function (Math, undefined) { /* - * Local polyfil of Object.create + * Local polyfill of Object.create + */ var create = Object.create || (function () { function F() {} From b405ff597fb3ac76a7bdfbc72dca10ba1079b1d5 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Mon, 10 Feb 2020 19:18:54 +0100 Subject: [PATCH 04/50] Add secure random using native crypto module. --- src/core.js | 52 +++++++++++++++++++++++++++++++--------------------- 1 file changed, 31 insertions(+), 21 deletions(-) diff --git a/src/core.js b/src/core.js index fd95ea5..b814c3b 100644 --- a/src/core.js +++ b/src/core.js @@ -2,6 +2,34 @@ * CryptoJS core components. */ var CryptoJS = CryptoJS || (function (Math, undefined) { + + /* + * Cryptographically secure pseudorandom number generator + * + * As Math.random() is cryptographically not safe to use + */ + var secureRandom = function () { + // Native crypto module on NodeJS environment + try { + // Crypto from global object + var crypto = global.crypto; + + // Create a random float number between 0 and 1 + return Number('0.' + crypto.randomBytes(3).readUIntBE(0, 3)); + } catch (err) {} + + // Native crypto module in Browser environment + try { + // Support experimental crypto module in IE 11 + var crypto = window.crypto || window.msCrypto; + + // Create a random float number between 0 and 1 + return Number('0.' + window.crypto.getRandomValues(new Uint32Array(1))[0]); + } catch (err) {} + + throw new Error('Native crypto module could not be used to get secure random number.'); + }; + /* * Local polyfil of Object.create */ @@ -289,26 +317,8 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { random: function (nBytes) { var words = []; - var r = function (m_w) { - var m_w = m_w; - var m_z = 0x3ade68b1; - var mask = 0xffffffff; - - return function () { - m_z = (0x9069 * (m_z & 0xFFFF) + (m_z >> 0x10)) & mask; - m_w = (0x4650 * (m_w & 0xFFFF) + (m_w >> 0x10)) & mask; - var result = ((m_z << 0x10) + m_w) & mask; - result /= 0x100000000; - result += 0.5; - return result * (Math.random() > 0.5 ? 1 : -1); - } - }; - - for (var i = 0, rcache; i < nBytes; i += 4) { - var _r = r((rcache || Math.random()) * 0x100000000); - - rcache = _r() * 0x3ade67b7; - words.push((_r() * 0x100000000) | 0); + for (var i = 0; i < nBytes; i += 4) { + words.push((secureRandom() * 0x100000000) | 0); } return new WordArray.init(words, nBytes); @@ -540,7 +550,7 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { */ _process: function (doFlush) { var processedWords; - + // Shortcuts var data = this._data; var dataWords = data.words; From eb61233396b78e7e655da22a225b831ffc1e493e Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Mon, 10 Feb 2020 19:19:52 +0100 Subject: [PATCH 05/50] Fix this context in callbacks using arrow funtions. --- grunt/tasks/modularize.js | 108 +++++++++++++++++++------------------- 1 file changed, 53 insertions(+), 55 deletions(-) diff --git a/grunt/tasks/modularize.js b/grunt/tasks/modularize.js index f97d57b..6432ba7 100644 --- a/grunt/tasks/modularize.js +++ b/grunt/tasks/modularize.js @@ -2,7 +2,7 @@ var _ = require("lodash"), - fmd = require("fmd"); + fmd = require("fmd"); module.exports = function (grunt) { @@ -14,78 +14,76 @@ module.exports = function (grunt) { modules = {}, config = { - target: this.target + '/', - factories: ["commonjs", "amd", "global"], - trim_whitespace: true, - new_line: "unix", - indent: "\t" - }; + target: this.target + '/', + factories: ["commonjs", "amd", "global"], + trim_whitespace: true, + new_line: "unix", + indent: "\t" + }; // Prepare Factory-Module-Definition settings - _.each(options, function (conf, name) { + _.each(options, (conf, name) => { var sources = [], - opts = { - depends: {} - }, + opts = { + depends: {} + }, - deps = []; + deps = []; - if (conf.exports) { - opts.exports = conf.exports; - } + if (conf.exports) { + opts.exports = conf.exports; + } - if (conf.global) { - opts.global = conf.global; - } + if (conf.global) { + opts.global = conf.global; + } // Find and add self as source - _.each(this.filesSrc, function (source) { - if (grunt.file.exists(source + name + ".js")) { - sources.push(source + name + ".js"); - } - }, this); + _.each(this.filesSrc, (source) => { + if (grunt.file.exists(source + name + ".js")) { + sources.push(source + name + ".js"); + } + }); if (conf.pack) { - // Collect all components - deps = _.chain(conf.components) - .map(function (depName) { - return options[depName].components; - }) - .flatten() - .uniq() - .without(name) - .sort(function (a, b) { - return options[a].components.indexOf(b) === -1 ? -1 : 1; - }) - .value(); + // Collect all components + deps = _.chain(conf.components) + .map(depName => options[depName].components) + .flatten() + .uniq() + .without(name) + .sort((a, b) => { + return options[a].components.indexOf(b) === -1 ? -1 : 1; + }) + .value(); // Add components as source files -> results a single file - _.each(this.filesSrc, function (source) { - _.each(deps, function (depName) { - if (grunt.file.exists(source + depName + ".js")) { - sources.push(source + depName + ".js"); - } - }); - }, this); + _.each(this.filesSrc, (source) => { + _.each(deps, (depName) => { + if (grunt.file.exists(source + depName + ".js")) { + sources.push(source + depName + ".js"); + } + }); + }); } else { - // Read components and add them as dependecies - _.each(_.without(conf.components, name), function (value, i) { - opts.depends['./' + value] = value === "core" ? "CryptoJS" : null; - }); - } + // Read components and add them as dependecies + _.each(_.without(conf.components, name), (value, i) => { + opts.depends['./' + value] = value === "core" ? "CryptoJS" : null; + }); + } - // Remove duplicates - sources = _.uniq(sources); + // Remove duplicates + sources = _.uniq(sources); // Add module settings to fmd definition - modules[name] = [sources, opts]; - }, this); + modules[name] = [sources, opts]; + }); - // Build packege modules - fmd(config) - .define(modules) - .build(function (createdFiles) { + // Build packege modules + fmd(config) + .define(modules) + .build(() => { done(); }); From 77d1bddbe79bca7dabdd43d01d2c1c8a00eae21d Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Mon, 10 Feb 2020 19:55:52 +0100 Subject: [PATCH 06/50] Bump version. --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index e3db0ae..c05efb5 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "crypto-js", "title": "crypto-js", "description": "JavaScript library of crypto standards.", - "version": "3.1.9", + "version": "3.2.0", "homepage": "http://github.com/brix/crypto-js", "author": { "name": "Evan Vosberg", From 9d1a45024f744bb3a5008c5015d715a38fb1dec1 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Mon, 10 Feb 2020 20:16:36 +0100 Subject: [PATCH 07/50] Fix jshint window / global warning. --- src/core.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/core.js b/src/core.js index 9b52388..50678ad 100644 --- a/src/core.js +++ b/src/core.js @@ -1,3 +1,5 @@ +/*globals window, global*/ + /** * CryptoJS core components. */ From 3b4c51fc42fb51ba5b702cf0de93da8f82f7b2b7 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Mon, 10 Feb 2020 20:20:52 +0100 Subject: [PATCH 08/50] Update jshint config for arrow functions in grunt task. --- .jshintrc | 62 +++++++++++++++++++-------------------- grunt/tasks/modularize.js | 1 + package.json | 2 +- 3 files changed, 33 insertions(+), 32 deletions(-) diff --git a/.jshintrc b/.jshintrc index 7672d3a..72c2b12 100644 --- a/.jshintrc +++ b/.jshintrc @@ -1,33 +1,33 @@ { - "bitwise" : false, // Prohibits the use of bitwise operators (not confuse & with &&) - "curly" : true, // Requires to always put curly braces around blocks in loops and conditionals - "eqeqeq" : false, // Prohibits the use of == and != in favor of === and !== - "eqnull" : true, // Suppresses warnings about == null comparisons - "immed" : true, // Requires immediate invocations to be wrapped in parens e.g. `(function () { } ());` - "latedef" : true, // Prohibits the use of a variable before it was defined - "newcap" : false, // Requires to capitalize names of constructor functions - "noarg" : true, // Prohibits the use of arguments.caller and arguments.callee - "strict" : false, // Requires all functions to run in ECMAScript 5's strict mode - "undef" : true, // Require non-global variables to be declared (prevents global leaks) - "asi" : true, // Suppresses warnings about missing semicolons - "funcscope" : false, - "shadow" : true, - "expr" : true, - "-W041" : true, - "-W018" : true, - "globals": { - "CryptoJS" : true, - "escape" : true, - "unescape" : true, - "Int8Array" : true, - "Int16Array" : true, - "Int32Array" : true, - "Uint8Array" : true, - "Uint16Array" : true, - "Uint32Array" : true, - "Uint8ClampedArray" : true, - "ArrayBuffer" : true, - "Float32Array" : true, - "Float64Array" : true - } + "bitwise": false, // Prohibits the use of bitwise operators (not confuse & with &&) + "curly": true, // Requires to always put curly braces around blocks in loops and conditionals + "eqeqeq": false, // Prohibits the use of == and != in favor of === and !== + "eqnull": true, // Suppresses warnings about == null comparisons + "immed": true, // Requires immediate invocations to be wrapped in parens e.g. `(function () { } ());` + "latedef": false, // Prohibits the use of a variable before it was defined + "newcap": false, // Requires to capitalize names of constructor functions + "noarg": true, // Prohibits the use of arguments.caller and arguments.callee + "strict": false, // Requires all functions to run in ECMAScript 5's strict mode + "undef": true, // Require non-global variables to be declared (prevents global leaks) + "asi": true, // Suppresses warnings about missing semicolons + "funcscope": false, + "shadow": true, + "expr": true, + "-W041": true, + "-W018": true, + "globals": { + "CryptoJS": true, + "escape": true, + "unescape": true, + "Int8Array": true, + "Int16Array": true, + "Int32Array": true, + "Uint8Array": true, + "Uint16Array": true, + "Uint32Array": true, + "Uint8ClampedArray": true, + "ArrayBuffer": true, + "Float32Array": true, + "Float64Array": true + } } diff --git a/grunt/tasks/modularize.js b/grunt/tasks/modularize.js index 6432ba7..0fc3b46 100644 --- a/grunt/tasks/modularize.js +++ b/grunt/tasks/modularize.js @@ -1,4 +1,5 @@ /*jshint node: true*/ +/*jshint esversion: 6*/ var _ = require("lodash"), diff --git a/package.json b/package.json index c05efb5..6be41db 100644 --- a/package.json +++ b/package.json @@ -28,7 +28,7 @@ "grunt-cli": "^1.3.2", "grunt-contrib-clean": "^0.6.0", "grunt-contrib-copy": "^0.6.0", - "grunt-contrib-jshint": "^0.10.0", + "grunt-contrib-jshint": "^2.1.0", "grunt-jsonlint": "^1.0.4", "grunt-update-json": "^0.2.0", "load-grunt-config": "^0.16.0", From e4ac157d8b75b962d6538fc0b996e5d4d5a9466b Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Tue, 11 Feb 2020 11:11:04 +0100 Subject: [PATCH 09/50] Do not convert into float number. --- src/core.js | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/src/core.js b/src/core.js index 50678ad..6f90c42 100644 --- a/src/core.js +++ b/src/core.js @@ -10,14 +10,13 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { * * As Math.random() is cryptographically not safe to use */ - var secureRandom = function () { + var cryptoSecureRandomInt = function () { // Native crypto module on NodeJS environment try { - // Crypto from global object - var crypto = global.crypto; + // Native rypto from global object or import via require + var crypto = global.crypto || require('crypto'); - // Create a random float number between 0 and 1 - return Number('0.' + crypto.randomBytes(3).readUIntBE(0, 3)); + return crypto.randomBytes(4).readInt32LE(); } catch (err) {} // Native crypto module in Browser environment @@ -25,8 +24,7 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { // Support experimental crypto module in IE 11 var crypto = window.crypto || window.msCrypto; - // Create a random float number between 0 and 1 - return Number('0.' + window.crypto.getRandomValues(new Uint32Array(1))[0]); + return (crypto.getRandomValues(new Uint32Array(1))[0]) | 1; } catch (err) {} throw new Error('Native crypto module could not be used to get secure random number.'); @@ -321,7 +319,7 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { var words = []; for (var i = 0; i < nBytes; i += 4) { - words.push((secureRandom() * 0x100000000) | 0); + words.push((cryptoSecureRandomInt()); } return new WordArray.init(words, nBytes); From 7e2710a14c46cbae97f5fda305a5f670fc377c9d Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Tue, 11 Feb 2020 14:20:30 +0100 Subject: [PATCH 10/50] Fix typo in comment. --- src/core.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core.js b/src/core.js index 6f90c42..109cbd7 100644 --- a/src/core.js +++ b/src/core.js @@ -13,7 +13,7 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { var cryptoSecureRandomInt = function () { // Native crypto module on NodeJS environment try { - // Native rypto from global object or import via require + // Native crypto from global object or import via require var crypto = global.crypto || require('crypto'); return crypto.randomBytes(4).readInt32LE(); From 8623234c1527f1e1bc6984e975e1d14ba5f86799 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Tue, 11 Feb 2020 14:22:23 +0100 Subject: [PATCH 11/50] Fix syntax typo. --- src/core.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core.js b/src/core.js index 109cbd7..02ac9dc 100644 --- a/src/core.js +++ b/src/core.js @@ -319,7 +319,7 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { var words = []; for (var i = 0; i < nBytes; i += 4) { - words.push((cryptoSecureRandomInt()); + words.push(cryptoSecureRandomInt()); } return new WordArray.init(words, nBytes); From 0241952f572d5343d40848f17d045aa4e42ec553 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Tue, 11 Feb 2020 16:04:04 +0100 Subject: [PATCH 12/50] Remove the `| 1` left over from the previous float number operation. --- src/core.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core.js b/src/core.js index 02ac9dc..c97925b 100644 --- a/src/core.js +++ b/src/core.js @@ -24,7 +24,7 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { // Support experimental crypto module in IE 11 var crypto = window.crypto || window.msCrypto; - return (crypto.getRandomValues(new Uint32Array(1))[0]) | 1; + return crypto.getRandomValues(new Uint32Array(1))[0]; } catch (err) {} throw new Error('Native crypto module could not be used to get secure random number.'); From 20b827da1b70e68180e3fc055a0e1ee43b06843a Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Tue, 11 Feb 2020 16:13:21 +0100 Subject: [PATCH 13/50] Do not simply try catch, cheack availabilty instead. --- src/core.js | 43 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 34 insertions(+), 9 deletions(-) diff --git a/src/core.js b/src/core.js index c97925b..6bfec9b 100644 --- a/src/core.js +++ b/src/core.js @@ -11,22 +11,47 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { * As Math.random() is cryptographically not safe to use */ var cryptoSecureRandomInt = function () { - // Native crypto module on NodeJS environment - try { - // Native crypto from global object or import via require - var crypto = global.crypto || require('crypto'); + var crypto; - return crypto.randomBytes(4).readInt32LE(); + // Native crypto module in Browser environment + try { + if (typeof window !== 'undefined') { + if (window.crypto) { + // Support experimental crypto module in IE 11 + crypto = window.crypto; + } else if (window.msCrypto) { + // Support experimental crypto module in IE 11 + crypto = window.msCrypto; + } + } } catch (err) {} - // Native crypto module in Browser environment + // Native crypto module on NodeJS environment try { - // Support experimental crypto module in IE 11 - var crypto = window.crypto || window.msCrypto; + if (typeof global !== 'undefined' && global.crypto) { + // Native crypto from global + crypto = global.crypto; + } else if (typeof require === 'function') { + // Native crypto import via require + crypto = require('crypto'); + } - return crypto.getRandomValues(new Uint32Array(1))[0]; } catch (err) {} + // Use getRandomValues method + if (crypto && typeof crypto.getRandomValues === 'function') { + try { + return crypto.getRandomValues(new Uint32Array(1))[0]; + } catch (err) {} + } + + // Use randomBytes method + if (crypto && typeof crypto.randomBytes === 'function') { + try { + return crypto.randomBytes(4).readInt32LE(); + } catch (err) {} + } + throw new Error('Native crypto module could not be used to get secure random number.'); }; From 3cbd6c102047abd55f53ccb88d2334d1528ac49f Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Tue, 11 Feb 2020 16:15:25 +0100 Subject: [PATCH 14/50] Update comment. --- src/core.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/core.js b/src/core.js index 6bfec9b..cb21eb1 100644 --- a/src/core.js +++ b/src/core.js @@ -17,7 +17,7 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { try { if (typeof window !== 'undefined') { if (window.crypto) { - // Support experimental crypto module in IE 11 + // Use global crypto module crypto = window.crypto; } else if (window.msCrypto) { // Support experimental crypto module in IE 11 @@ -35,7 +35,6 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { // Native crypto import via require crypto = require('crypto'); } - } catch (err) {} // Use getRandomValues method From 4d5da7a916caf52b60b8561f5b35421e9d53f5a2 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Tue, 11 Feb 2020 19:33:21 +0100 Subject: [PATCH 15/50] Just one if to check whether crypto is defined. --- src/core.js | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/src/core.js b/src/core.js index cb21eb1..e9a32f3 100644 --- a/src/core.js +++ b/src/core.js @@ -37,18 +37,20 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { } } catch (err) {} - // Use getRandomValues method - if (crypto && typeof crypto.getRandomValues === 'function') { - try { - return crypto.getRandomValues(new Uint32Array(1))[0]; - } catch (err) {} - } + if (crypto) { + // Use getRandomValues method + if (typeof crypto.getRandomValues === 'function') { + try { + return crypto.getRandomValues(new Uint32Array(1))[0]; + } catch (err) {} + } - // Use randomBytes method - if (crypto && typeof crypto.randomBytes === 'function') { - try { - return crypto.randomBytes(4).readInt32LE(); - } catch (err) {} + // Use randomBytes method + if (typeof crypto.randomBytes === 'function') { + try { + return crypto.randomBytes(4).readInt32LE(); + } catch (err) {} + } } throw new Error('Native crypto module could not be used to get secure random number.'); From ac288621445018e187e9433c295e2c0ce5367637 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Tue, 11 Feb 2020 19:40:46 +0100 Subject: [PATCH 16/50] Reduce try catch statements. --- src/core.js | 48 +++++++++++++++++++++++------------------------- 1 file changed, 23 insertions(+), 25 deletions(-) diff --git a/src/core.js b/src/core.js index e9a32f3..9e0950f 100644 --- a/src/core.js +++ b/src/core.js @@ -1,4 +1,4 @@ -/*globals window, global*/ +/*globals window, global, require*/ /** * CryptoJS core components. @@ -13,39 +13,37 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { var cryptoSecureRandomInt = function () { var crypto; - // Native crypto module in Browser environment - try { - if (typeof window !== 'undefined') { - if (window.crypto) { - // Use global crypto module - crypto = window.crypto; - } else if (window.msCrypto) { - // Support experimental crypto module in IE 11 - crypto = window.msCrypto; - } - } - } catch (err) {} - - // Native crypto module on NodeJS environment - try { - if (typeof global !== 'undefined' && global.crypto) { - // Native crypto from global - crypto = global.crypto; - } else if (typeof require === 'function') { - // Native crypto import via require + // Native crypto from window (Browser) + if (typeof window !== 'undefined' && window.crypto) { + crypto = window.crypto; + } + + // Native (experimental IE 11) crypto from window (Browser) + if (!crypto && typeof window !== 'undefined' && window.msCrypto) { + crypto = window.msCrypto; + } + + // Native crypto from global (NodeJS) + if (!crypto && typeof global !== 'undefined' && global.crypto) { + crypto = global.crypto; + } + + // Native crypto import via require (NodeJS) + if (!crypto && typeof require === 'function') { + try { crypto = require('crypto'); - } - } catch (err) {} + } catch (err) {} + } if (crypto) { - // Use getRandomValues method + // Use getRandomValues method (Browser) if (typeof crypto.getRandomValues === 'function') { try { return crypto.getRandomValues(new Uint32Array(1))[0]; } catch (err) {} } - // Use randomBytes method + // Use randomBytes method (NodeJS) if (typeof crypto.randomBytes === 'function') { try { return crypto.randomBytes(4).readInt32LE(); From 7f809c93bd9264d7031d8e629dcc8b9ec3ecc432 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Tue, 11 Feb 2020 19:58:59 +0100 Subject: [PATCH 17/50] Do not run the detect native crypto module for every cryptoSecureRandomInt call. --- src/core.js | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/src/core.js b/src/core.js index 9e0950f..8ba28ed 100644 --- a/src/core.js +++ b/src/core.js @@ -5,36 +5,36 @@ */ var CryptoJS = CryptoJS || (function (Math, undefined) { + var crypto; + + // Native crypto from window (Browser) + if (typeof window !== 'undefined' && window.crypto) { + crypto = window.crypto; + } + + // Native (experimental IE 11) crypto from window (Browser) + if (!crypto && typeof window !== 'undefined' && window.msCrypto) { + crypto = window.msCrypto; + } + + // Native crypto from global (NodeJS) + if (!crypto && typeof global !== 'undefined' && global.crypto) { + crypto = global.crypto; + } + + // Native crypto import via require (NodeJS) + if (!crypto && typeof require === 'function') { + try { + crypto = require('crypto'); + } catch (err) {} + } + /* * Cryptographically secure pseudorandom number generator * * As Math.random() is cryptographically not safe to use */ var cryptoSecureRandomInt = function () { - var crypto; - - // Native crypto from window (Browser) - if (typeof window !== 'undefined' && window.crypto) { - crypto = window.crypto; - } - - // Native (experimental IE 11) crypto from window (Browser) - if (!crypto && typeof window !== 'undefined' && window.msCrypto) { - crypto = window.msCrypto; - } - - // Native crypto from global (NodeJS) - if (!crypto && typeof global !== 'undefined' && global.crypto) { - crypto = global.crypto; - } - - // Native crypto import via require (NodeJS) - if (!crypto && typeof require === 'function') { - try { - crypto = require('crypto'); - } catch (err) {} - } - if (crypto) { // Use getRandomValues method (Browser) if (typeof crypto.getRandomValues === 'function') { From 409ae7696ff0329765d080476dea76813ea21605 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Tue, 11 Feb 2020 22:25:00 +0100 Subject: [PATCH 18/50] Bump version. --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 6be41db..6e9bfe2 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "crypto-js", "title": "crypto-js", "description": "JavaScript library of crypto standards.", - "version": "3.2.0", + "version": "3.2.1", "homepage": "http://github.com/brix/crypto-js", "author": { "name": "Evan Vosberg", From 78bde5f9f38895dd5761fb0465b84f79db169645 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Tue, 11 Feb 2020 22:49:50 +0100 Subject: [PATCH 19/50] Add release notes. --- README.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/README.md b/README.md index bccfad7..93d9477 100644 --- a/README.md +++ b/README.md @@ -208,3 +208,28 @@ console.log(decryptedData); // [{id: 1}, {id: 2}] - ```crypto-js/pad-iso97971``` - ```crypto-js/pad-zeropadding``` - ```crypto-js/pad-nopadding``` + + +## Release notes + +### 3.2.1 + +The usage of the native crypto module has been fixed. The import and access of the native crypto module has been improved. + +### 3.2.0 + +In this version `Math.random()` has been replaced by the random methods of the native crypto module. + +For this reason CryptoJS might does not run in some JavaScript environments without native crypto module. Such as IE 10 or before. + +If it's absolute required to run CryptoJS in such an environment, stay with `3.1.x` version. Encrypting and decrypting stays compatible. But keep in mind `3.1.x` versions still use `Math.random()` which is cryptographically not secure, as it's not random enough. + +This version came along with `CRITICAL` `BUG`. + +DO NOT USE THIS VERSION! Please, go for a newer version! + +### 3.1.x + +The `3.1.x` are based on the original CryptoJS, wrapped in CommonJS modules. + + From b60b80ca6b87636b36e4ada3c7d7f19faea65b4a Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Tue, 11 Feb 2020 22:59:51 +0100 Subject: [PATCH 20/50] Add test page which uses the created bundle after build to run the tests. --- test/test-build.html | 105 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 105 insertions(+) create mode 100644 test/test-build.html diff --git a/test/test-build.html b/test/test-build.html new file mode 100644 index 0000000..c6eb05c --- /dev/null +++ b/test/test-build.html @@ -0,0 +1,105 @@ + + + + + CryptoJS Test Suite + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From 1d303185c01535a6ee60e33f349f5289565f7fcb Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Wed, 12 Feb 2020 12:46:58 +0100 Subject: [PATCH 21/50] Pull `3.3.0` from `master` into `develop`. --- README.md | 6 ++++++ package.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 93d9477..d1236a3 100644 --- a/README.md +++ b/README.md @@ -212,6 +212,12 @@ console.log(decryptedData); // [{id: 1}, {id: 2}] ## Release notes +### 3.3.0 + +Rollback, `3.3.0` is the same as `3.1.9-1`. + +The move of using native secure crypto module will be shifted to a new `4.x.x` version. As it is a breaking change the impact is too big for a minor release. + ### 3.2.1 The usage of the native crypto module has been fixed. The import and access of the native crypto module has been improved. diff --git a/package.json b/package.json index 6e9bfe2..0587636 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "crypto-js", "title": "crypto-js", "description": "JavaScript library of crypto standards.", - "version": "3.2.1", + "version": "3.3.0", "homepage": "http://github.com/brix/crypto-js", "author": { "name": "Evan Vosberg", From 38b74c03c3f4a1dc37d2fa447e43b5f19da3dfb7 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Wed, 12 Feb 2020 12:48:14 +0100 Subject: [PATCH 22/50] Bump major reslease version. --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 0587636..b7686de 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "crypto-js", "title": "crypto-js", "description": "JavaScript library of crypto standards.", - "version": "3.3.0", + "version": "4.0.0", "homepage": "http://github.com/brix/crypto-js", "author": { "name": "Evan Vosberg", From ba083107c634dd5c4840fab743578176ea4340ce Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Wed, 12 Feb 2020 12:54:38 +0100 Subject: [PATCH 23/50] Add release notes. --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index d1236a3..250c97c 100644 --- a/README.md +++ b/README.md @@ -212,6 +212,14 @@ console.log(decryptedData); // [{id: 1}, {id: 2}] ## Release notes +### 4.0.0 + +This is an update including breaking changes for some environments. + +In this version `Math.random()` has been replaced by the random methods of the native crypto module. + +For this reason CryptoJS might does not run in some JavaScript environments without native crypto module. Such as IE 10 or before or React Native. + ### 3.3.0 Rollback, `3.3.0` is the same as `3.1.9-1`. From 2a801f62c575b28fca5e19921bda58f7bb813f8f Mon Sep 17 00:00:00 2001 From: Gabriel Garcia Date: Wed, 12 Feb 2020 14:41:01 -0800 Subject: [PATCH 24/50] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 250c97c..50c4d57 100644 --- a/README.md +++ b/README.md @@ -218,7 +218,7 @@ This is an update including breaking changes for some environments. In this version `Math.random()` has been replaced by the random methods of the native crypto module. -For this reason CryptoJS might does not run in some JavaScript environments without native crypto module. Such as IE 10 or before or React Native. +For this reason CryptoJS might not run in some JavaScript environments without native crypto module. Such as IE 10 or before or React Native. ### 3.3.0 From 1241fdb81948734ab613f5cd3c976747ba31c1ae Mon Sep 17 00:00:00 2001 From: Lubos Dolezel Date: Sun, 10 May 2020 22:15:56 +0200 Subject: [PATCH 25/50] Support self.crypto in Web Workers --- src/core.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/core.js b/src/core.js index 8ba28ed..5f5d604 100644 --- a/src/core.js +++ b/src/core.js @@ -12,6 +12,11 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { crypto = window.crypto; } + // Native crypto in web worker (Browser) + if (typeof self !== 'undefined' && self.crypto) { + crypto = self.crypto; + } + // Native (experimental IE 11) crypto from window (Browser) if (!crypto && typeof window !== 'undefined' && window.msCrypto) { crypto = window.msCrypto; From 71ad0bcd2cb015021cacdb0120c065e87b7669d2 Mon Sep 17 00:00:00 2001 From: paulmwatson Date: Mon, 11 May 2020 14:44:09 +0200 Subject: [PATCH 26/50] Minor typo fix: varialbes => variables --- src/md5.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/md5.js b/src/md5.js index 5189321..77ae69d 100644 --- a/src/md5.js +++ b/src/md5.js @@ -60,7 +60,7 @@ var M_offset_14 = M[offset + 14]; var M_offset_15 = M[offset + 15]; - // Working varialbes + // Working variables var a = H[0]; var b = H[1]; var c = H[2]; From 1adcb50e99a530b1457988ecabf2475f790c872a Mon Sep 17 00:00:00 2001 From: Frederic R Date: Sat, 20 Jun 2020 15:43:59 +0100 Subject: [PATCH 27/50] =?UTF-8?q?lint=20=F0=9F=9A=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/core.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/core.js b/src/core.js index 8ba28ed..0bdc81c 100644 --- a/src/core.js +++ b/src/core.js @@ -72,7 +72,7 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { return subtype; }; - }()) + }()); /** * CryptoJS namespace. @@ -283,8 +283,8 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { } } else { // Copy one word at a time - for (var i = 0; i < thatSigBytes; i += 4) { - thisWords[(thisSigBytes + i) >>> 2] = thatWords[i >>> 2]; + for (var j = 0; j < thatSigBytes; j += 4) { + thisWords[(thisSigBytes + j) >>> 2] = thatWords[j >>> 2]; } } this.sigBytes += thatSigBytes; From 971c31f0c931f913d22a76ed488d9216ac04e306 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Thu, 19 Nov 2020 01:48:20 +0100 Subject: [PATCH 28/50] Add support for crypto from globalThis. --- src/core.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/core.js b/src/core.js index a8a543e..e1330e7 100644 --- a/src/core.js +++ b/src/core.js @@ -17,6 +17,11 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { crypto = self.crypto; } + // Native crypto from worker + if (typeof globalThis !== 'undefined' && globalThis.crypto) { + crypto = globalThis.crypto; + } + // Native (experimental IE 11) crypto from window (Browser) if (!crypto && typeof window !== 'undefined' && window.msCrypto) { crypto = window.msCrypto; From ae0696fe7c45eb3df7b841931dd18170959aa4b3 Mon Sep 17 00:00:00 2001 From: Spencer17x <1253478653@qq.com> Date: Fri, 18 Jun 2021 20:37:29 +0800 Subject: [PATCH 29/50] feat: add urlsafe --- grunt/config/modularize.js | 8 ++- package.json | 3 +- src/enc-base64url.js | 121 +++++++++++++++++++++++++++++++++++++ test/test1.html | 63 +++++++++++++++++++ 4 files changed, 192 insertions(+), 3 deletions(-) create mode 100644 src/enc-base64url.js create mode 100644 test/test1.html diff --git a/grunt/config/modularize.js b/grunt/config/modularize.js index 2b4f2cc..58053a1 100644 --- a/grunt/config/modularize.js +++ b/grunt/config/modularize.js @@ -13,13 +13,13 @@ module.exports = { "index": { "global": "CryptoJS", "exports": "CryptoJS", - "components": ["core", "x64-core", "lib-typedarrays", "enc-utf16", "enc-base64", "md5", "sha1", "sha256", "sha224", "sha512", "sha384", "sha3", "ripemd160", "hmac", "pbkdf2", "evpkdf", "cipher-core", "mode-cfb", "mode-ctr", "mode-ctr-gladman", "mode-ofb", "mode-ecb", "pad-ansix923", "pad-iso10126", "pad-iso97971", "pad-zeropadding", "pad-nopadding", "format-hex", "aes", "tripledes", "rc4", "rabbit", "rabbit-legacy"] + "components": ["core", "x64-core", "lib-typedarrays", "enc-utf16", "enc-base64", "enc-base64url", "md5", "sha1", "sha256", "sha224", "sha512", "sha384", "sha3", "ripemd160", "hmac", "pbkdf2", "evpkdf", "cipher-core", "mode-cfb", "mode-ctr", "mode-ctr-gladman", "mode-ofb", "mode-ecb", "pad-ansix923", "pad-iso10126", "pad-iso97971", "pad-zeropadding", "pad-nopadding", "format-hex", "aes", "tripledes", "rc4", "rabbit", "rabbit-legacy"] }, "crypto-js": { "pack": true, "global": "CryptoJS", "exports": "CryptoJS", - "components": ["core", "x64-core", "lib-typedarrays", "enc-utf16", "enc-base64", "md5", "sha1", "sha256", "sha224", "sha512", "sha384", "sha3", "ripemd160", "hmac", "pbkdf2", "evpkdf", "cipher-core", "mode-cfb", "mode-ctr", "mode-ctr-gladman", "mode-ofb", "mode-ecb", "pad-ansix923", "pad-iso10126", "pad-iso97971", "pad-zeropadding", "pad-nopadding", "format-hex", "aes", "tripledes", "rc4", "rabbit", "rabbit-legacy"] + "components": ["core", "x64-core", "lib-typedarrays", "enc-utf16", "enc-base64", "enc-base64url", "md5", "sha1", "sha256", "sha224", "sha512", "sha384", "sha3", "ripemd160", "hmac", "pbkdf2", "evpkdf", "cipher-core", "mode-cfb", "mode-ctr", "mode-ctr-gladman", "mode-ofb", "mode-ecb", "pad-ansix923", "pad-iso10126", "pad-iso97971", "pad-zeropadding", "pad-nopadding", "format-hex", "aes", "tripledes", "rc4", "rabbit", "rabbit-legacy"] }, // hash @@ -174,6 +174,10 @@ module.exports = { "exports": "CryptoJS.enc.Base64", "components": ["core", "enc-base64"] }, + "enc-base64url": { + "exports": "CryptoJS.enc.Base64url", + "components": ["core", "enc-base64url"] + }, // mode "mode-cfb": { diff --git a/package.json b/package.json index b7686de..862a6a0 100644 --- a/package.json +++ b/package.json @@ -53,6 +53,7 @@ "CFB", "CTR", "CBC", - "Base64" + "Base64", + "Base64url" ] } diff --git a/src/enc-base64url.js b/src/enc-base64url.js new file mode 100644 index 0000000..661ea39 --- /dev/null +++ b/src/enc-base64url.js @@ -0,0 +1,121 @@ +(function () { + // Shortcuts + var C = CryptoJS; + var C_lib = C.lib; + var WordArray = C_lib.WordArray; + var C_enc = C.enc; + + /** + * Base64url encoding strategy. + */ + var Base64url = C_enc.Base64url = { + /** + * Converts a word array to a Base64url string. + * + * @param {WordArray} wordArray The word array. + * + * @param {boolean} urlSafe Whether to use url safe + * + * @return {string} The Base64url string. + * + * @static + * + * @example + * + * var base64String = CryptoJS.enc.Base64url.stringify(wordArray); + */ + stringify: function (wordArray, urlSafe=true) { + // Shortcuts + var words = wordArray.words; + var sigBytes = wordArray.sigBytes; + var map = urlSafe ? this._safe_map : this._map; + + // Clamp excess bits + wordArray.clamp(); + + // Convert + var base64Chars = []; + for (var i = 0; i < sigBytes; i += 3) { + var byte1 = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff; + var byte2 = (words[(i + 1) >>> 2] >>> (24 - ((i + 1) % 4) * 8)) & 0xff; + var byte3 = (words[(i + 2) >>> 2] >>> (24 - ((i + 2) % 4) * 8)) & 0xff; + + var triplet = (byte1 << 16) | (byte2 << 8) | byte3; + + for (var j = 0; (j < 4) && (i + j * 0.75 < sigBytes); j++) { + base64Chars.push(map.charAt((triplet >>> (6 * (3 - j))) & 0x3f)); + } + } + + // Add padding + var paddingChar = map.charAt(64); + if (paddingChar) { + while (base64Chars.length % 4) { + base64Chars.push(paddingChar); + } + } + + return base64Chars.join(''); + }, + + /** + * Converts a Base64url string to a word array. + * + * @param {string} base64Str The Base64url string. + * + * @param {boolean} urlSafe Whether to use url safe + * + * @return {WordArray} The word array. + * + * @static + * + * @example + * + * var wordArray = CryptoJS.enc.Base64url.parse(base64String); + */ + parse: function (base64Str, urlSafe=true) { + // Shortcuts + var base64StrLength = base64Str.length; + var map = urlSafe ? this._safe_map : this._map; + var reverseMap = this._reverseMap; + + if (!reverseMap) { + reverseMap = this._reverseMap = []; + for (var j = 0; j < map.length; j++) { + reverseMap[map.charCodeAt(j)] = j; + } + } + + // Ignore padding + var paddingChar = map.charAt(64); + if (paddingChar) { + var paddingIndex = base64Str.indexOf(paddingChar); + if (paddingIndex !== -1) { + base64StrLength = paddingIndex; + } + } + + // Convert + return parseLoop(base64Str, base64StrLength, reverseMap); + + }, + + _map: 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=', + _safe_map: 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_', + }; + + function parseLoop(base64Str, base64StrLength, reverseMap) { + var words = []; + var nBytes = 0; + for (var i = 0; i < base64StrLength; i++) { + if (i % 4) { + var bits1 = reverseMap[base64Str.charCodeAt(i - 1)] << ((i % 4) * 2); + var bits2 = reverseMap[base64Str.charCodeAt(i)] >>> (6 - (i % 4) * 2); + var bitsCombined = bits1 | bits2; + words[nBytes >>> 2] |= bitsCombined << (24 - (nBytes % 4) * 8); + nBytes++; + } + } + return WordArray.create(words, nBytes); + } +}()); \ No newline at end of file diff --git a/test/test1.html b/test/test1.html new file mode 100644 index 0000000..731b877 --- /dev/null +++ b/test/test1.html @@ -0,0 +1,63 @@ + + + + + CryptoJS Test Suite + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file From 058b8e7e59320ed3421ef3e36616670e6538a5fb Mon Sep 17 00:00:00 2001 From: hkjpotato Date: Tue, 6 Jul 2021 04:28:57 -0400 Subject: [PATCH 30/50] add browser field to avoid shimming crypto-browserify --- package.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/package.json b/package.json index b7686de..311da4f 100644 --- a/package.json +++ b/package.json @@ -21,6 +21,9 @@ "test": "grunt default" }, "main": "index.js", + "browser": { + "crypto": false + }, "dependencies": {}, "devDependencies": { "fmd": "~0.0.3", From 37275c77270ff49af02c8939f67ed5339da83219 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Thu, 22 Jul 2021 11:40:30 +0300 Subject: [PATCH 31/50] Bump release version. --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index ef873bb..014d83a 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "crypto-js", "title": "crypto-js", "description": "JavaScript library of crypto standards.", - "version": "4.0.0", + "version": "4.1.0", "homepage": "http://github.com/brix/crypto-js", "author": { "name": "Evan Vosberg", From 495890cde84c3c492837e4f3775760f84cc591b4 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Thu, 22 Jul 2021 11:44:54 +0300 Subject: [PATCH 32/50] Update release notes. --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 50c4d57..6f55b03 100644 --- a/README.md +++ b/README.md @@ -212,6 +212,12 @@ console.log(decryptedData); // [{id: 1}, {id: 2}] ## Release notes +### 4.1.0 + +Added url safe variant of base64 encoding. [357](https://github.com/brix/crypto-js/pull/357) + +Avoid webpack to add crypto-browser package. [364](https://github.com/brix/crypto-js/pull/364) + ### 4.0.0 This is an update including breaking changes for some environments. From 56ebdb99b6ddf5a6fe0c7bedaabac0d2f3c76ba3 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Thu, 22 Jul 2021 14:39:48 +0300 Subject: [PATCH 33/50] Include browser field in release package.json. --- grunt/config/update_json.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/grunt/config/update_json.js b/grunt/config/update_json.js index 46a5656..1b92a78 100644 --- a/grunt/config/update_json.js +++ b/grunt/config/update_json.js @@ -19,7 +19,8 @@ module.exports = { 'repository': null, 'keywords': null, 'main': null, - 'dependencies': null + 'dependencies': null, + 'browser': null } }, bower: { @@ -36,6 +37,7 @@ module.exports = { 'keywords': null, 'main': null, 'dependencies': null, + 'browser': null, 'ignore': [] } } From a30519df4bfb6e0b880a3a34436f0526ec5adb87 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Thu, 22 Jul 2021 14:50:27 +0300 Subject: [PATCH 34/50] Fix order of release modules. --- grunt/tasks/modularize.js | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/grunt/tasks/modularize.js b/grunt/tasks/modularize.js index 0fc3b46..228e9ae 100644 --- a/grunt/tasks/modularize.js +++ b/grunt/tasks/modularize.js @@ -55,7 +55,15 @@ module.exports = function (grunt) { .uniq() .without(name) .sort((a, b) => { - return options[a].components.indexOf(b) === -1 ? -1 : 1; + if (options[a].components.includes(b)) { + return 1 + } + + if (options[b].components.includes(a)) { + return -1 + } + + return 0; }) .value(); From 0326a863284ce58421ac809b230710329eae9574 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Thu, 22 Jul 2021 14:51:34 +0300 Subject: [PATCH 35/50] Bump version. --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 014d83a..6726ec7 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "crypto-js", "title": "crypto-js", "description": "JavaScript library of crypto standards.", - "version": "4.1.0", + "version": "4.1.1", "homepage": "http://github.com/brix/crypto-js", "author": { "name": "Evan Vosberg", From 81ed5629ddfd3c5ec6689921060bc91eb4d51c91 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Thu, 22 Jul 2021 14:52:29 +0300 Subject: [PATCH 36/50] Update release notes. --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 6f55b03..23795aa 100644 --- a/README.md +++ b/README.md @@ -212,6 +212,12 @@ console.log(decryptedData); // [{id: 1}, {id: 2}] ## Release notes +### 4.1.1 + +Fix module order in bundled release. + +Include the browser field in the released package.json. + ### 4.1.0 Added url safe variant of base64 encoding. [357](https://github.com/brix/crypto-js/pull/357) From ecfe2e45f5237f1c27ce614c0a1ea442faa257b6 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Thu, 22 Jul 2021 15:01:11 +0300 Subject: [PATCH 37/50] Update dev dependencies. --- package.json | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/package.json b/package.json index 6726ec7..0bddb88 100644 --- a/package.json +++ b/package.json @@ -27,15 +27,15 @@ "dependencies": {}, "devDependencies": { "fmd": "~0.0.3", - "grunt": "^0.4.5", + "grunt": "^1.3.2", "grunt-cli": "^1.3.2", - "grunt-contrib-clean": "^0.6.0", - "grunt-contrib-copy": "^0.6.0", - "grunt-contrib-jshint": "^2.1.0", - "grunt-jsonlint": "^1.0.4", - "grunt-update-json": "^0.2.0", - "load-grunt-config": "^0.16.0", - "lodash": "^4.17.11" + "grunt-contrib-clean": "^2.0.0", + "grunt-contrib-copy": "^1.0.0", + "grunt-contrib-jshint": "^3.0.0", + "grunt-jsonlint": "^2.1.3", + "grunt-update-json": "^0.2.2", + "load-grunt-config": "^4.0.0", + "lodash": "^4.17.21" }, "keywords": [ "security", From dcc3848f5de5208bca73f36c0ed77fa192ee2ea8 Mon Sep 17 00:00:00 2001 From: Alanscut Date: Mon, 30 Aug 2021 14:28:30 +0800 Subject: [PATCH 38/50] fix:The "cfg.salt" parameter don't work --- src/cipher-core.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cipher-core.js b/src/cipher-core.js index 0fe6136..5086638 100644 --- a/src/cipher-core.js +++ b/src/cipher-core.js @@ -819,7 +819,7 @@ CryptoJS.lib.Cipher || (function (undefined) { cfg = this.cfg.extend(cfg); // Derive key and other params - var derivedParams = cfg.kdf.execute(password, cipher.keySize, cipher.ivSize); + var derivedParams = cfg.kdf.execute(password, cipher.keySize, cipher.ivSize, cfg.salt); // Add IV to config cfg.iv = derivedParams.iv; From ca7384f8dc3d25437703b7a1899b9928e6379adc Mon Sep 17 00:00:00 2001 From: Alanscut Date: Tue, 31 Aug 2021 11:37:01 +0800 Subject: [PATCH 39/50] test: add test case,using salt in the config --- test/config-test.js | 26 ++++++++++++++++++++++++++ test/test.html | 1 + 2 files changed, 27 insertions(+) create mode 100644 test/config-test.js diff --git a/test/config-test.js b/test/config-test.js new file mode 100644 index 0000000..090e9fd --- /dev/null +++ b/test/config-test.js @@ -0,0 +1,26 @@ +YUI.add('config-test', function (Y) { + var C = CryptoJS; + + Y.Test.Runner.add(new Y.Test.Case({ + name: 'Config', + + setUp: function () { + this.data = { + saltA: CryptoJS.enc.Hex.parse('AA00000000000000'), + saltB: CryptoJS.enc.Hex.parse('BB00000000000000') + }; + }, + + testEncrypt: function () { + Y.Assert.areEqual(C.AES.encrypt('Test', 'Pass', { salt: this.data.saltA }).toString(), C.AES.encrypt('Test', 'Pass', { salt: this.data.saltA }).toString()); + Y.Assert.areNotEqual(C.AES.encrypt('Test', 'Pass', { salt: this.data.saltA }).toString(), C.AES.encrypt('Test', 'Pass', { salt: this.data.saltB }).toString()); + }, + + testDecrypt: function () { + var encryptedA = C.AES.encrypt('Test', 'Pass', { salt: this.data.saltA }); + var encryptedB = C.AES.encrypt('Test', 'Pass', { salt: this.data.saltB }); + Y.Assert.areEqual('Test', C.AES.decrypt(encryptedA, 'Pass').toString(C.enc.Utf8)); + Y.Assert.areEqual('Test', C.AES.decrypt(encryptedB, 'Pass').toString(C.enc.Utf8)); + } + })); +}, '$Rev$'); \ No newline at end of file diff --git a/test/test.html b/test/test.html index d469486..6ab23c2 100644 --- a/test/test.html +++ b/test/test.html @@ -88,6 +88,7 @@ + + @@ -89,6 +90,7 @@ +