From 5bfe6d5b9b5c1606c7b710b3261afe35f2dc88d9 Mon Sep 17 00:00:00 2001 From: Mike Quade Date: Fri, 17 Mar 2017 19:43:52 -0300 Subject: [PATCH 01/20] fixed infinite loop bug in zero padding unpad --- src/pad-zeropadding.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/pad-zeropadding.js b/src/pad-zeropadding.js index 76bb279..2b82b58 100644 --- a/src/pad-zeropadding.js +++ b/src/pad-zeropadding.js @@ -17,9 +17,11 @@ CryptoJS.pad.ZeroPadding = { // Unpad var i = data.sigBytes - 1; - while (!((dataWords[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff)) { - i--; + for (var i = data.sigBytes - 1; i >= 0; i--) { + if (((dataWords[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff)) { + data.sigBytes = i + 1; + break; + } } - data.sigBytes = i + 1; } }; From 88c99ab9eeae72c870bc727fbe3aea55c8c08bb3 Mon Sep 17 00:00:00 2001 From: Dan Dascalescu Date: Wed, 31 May 2017 21:11:19 -0700 Subject: [PATCH 02/20] Add ES6 import example --- README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/README.md b/README.md index 1f4b0ef..d947b1d 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,18 @@ npm install crypto-js ### Usage +ES6 import for typical API call signing use case: + +```javascript +import sha256 from 'crypto-js/sha256'; +import hmacSHA512 from 'crypto-js/hmac-sha512'; +import Base64 from 'crypto-js/enc-base64'; + +const message, nonce, path, privateKey; // ... +const hashDigest = sha256(nonce + message); +const hmacDigest = Base64.stringify(hmacSHA512(path + hashDigest, privateKey)); +``` + Modular include: ```javascript From 3b7e884007b00a578ca2d5df4e84efba3d66a5fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Viktor=20Sz=C3=A9pe?= Date: Sun, 23 Jul 2017 19:15:56 +0200 Subject: [PATCH 03/20] npm calls tests "test" --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index e83a8ed..3e6dac3 100644 --- a/package.json +++ b/package.json @@ -18,7 +18,7 @@ "license": "MIT", "scripts": { "build": "grunt build", - "check": "grunt default" + "test": "grunt default" }, "main": "index.js", "dependencies": {}, From 9d7a54cd5951480fb77d34b74fd40cdb3bf2c7d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Viktor=20Sz=C3=A9pe?= Date: Sun, 23 Jul 2017 19:21:56 +0200 Subject: [PATCH 04/20] Travis configuration --- .travis.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .travis.yml diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..b4fb795 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,14 @@ +dist: trusty +sudo: false + +language: node_js +node_js: + - "6" + - "7" + +before_script: + - npm install build + +cache: + directories: + - "node_modules" From 64b5a3297ba10807cc71efd727792f41695bc5b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Viktor=20Sz=C3=A9pe?= Date: Sun, 23 Jul 2017 19:38:16 +0200 Subject: [PATCH 05/20] Make grunt-cli available globally --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index b4fb795..cca89fb 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,6 +7,7 @@ node_js: - "7" before_script: + - npm install -g grunt-cli - npm install build cache: From 918e68038e5e0c9f9e02f40f3d28c3cdea4d8c3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Viktor=20Sz=C3=A9pe?= Date: Sun, 23 Jul 2017 19:40:26 +0200 Subject: [PATCH 06/20] Add Travis badge --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d947b1d..be70bdb 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# crypto-js +# crypto-js [![Build Status](https://travis-ci.org/brix/crypto-js.svg?branch=develop)](https://travis-ci.org/brix/crypto-js) JavaScript library of crypto standards. From 7e4cf2f308a3eb3b848d6b9d0dd7b23736eb4aca Mon Sep 17 00:00:00 2001 From: Aaron Schmidt Date: Mon, 24 Jul 2017 13:19:07 +1200 Subject: [PATCH 07/20] Putting (bits1 | bits2) expression into a variable (fix for iOS 6 bug) Previously fixed here: https://github.com/brix/crypto-js/pull/40 More info: https://github.com/Runscope/crypto-js/issues/80 --- src/enc-base64.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/enc-base64.js b/src/enc-base64.js index 67fce1d..a32b9a4 100644 --- a/src/enc-base64.js +++ b/src/enc-base64.js @@ -106,7 +106,8 @@ if (i % 4) { var bits1 = reverseMap[base64Str.charCodeAt(i - 1)] << ((i % 4) * 2); var bits2 = reverseMap[base64Str.charCodeAt(i)] >>> (6 - (i % 4) * 2); - words[nBytes >>> 2] |= (bits1 | bits2) << (24 - (nBytes % 4) * 8); + var bitsCombined = bits1 | bits2; + words[nBytes >>> 2] |= bitsCombined << (24 - (nBytes % 4) * 8); nBytes++; } } From 3e4f8f6b8a3e511bb2465686e00448aad876771c Mon Sep 17 00:00:00 2001 From: Ali Ghanavatian Date: Fri, 9 Feb 2018 10:50:06 +0330 Subject: [PATCH 08/20] improve documentation --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index d947b1d..f138048 100644 --- a/README.md +++ b/README.md @@ -111,13 +111,13 @@ See: https://code.google.com/p/crypto-js var CryptoJS = require("crypto-js"); // Encrypt -var ciphertext = CryptoJS.AES.encrypt('my message', 'secret key 123'); +var cipherText = CryptoJS.AES.encrypt('my message', 'secret key 123').toString(); // Decrypt -var bytes = CryptoJS.AES.decrypt(ciphertext.toString(), 'secret key 123'); -var plaintext = bytes.toString(CryptoJS.enc.Utf8); +var bytes = CryptoJS.AES.decrypt(ciphertext, 'secret key 123'); +var originalText = bytes.toString(CryptoJS.enc.Utf8); -console.log(plaintext); +console.log(originalText); // 'my message' ``` #### Object encryption @@ -128,13 +128,13 @@ var CryptoJS = require("crypto-js"); var data = [{id: 1}, {id: 2}] // Encrypt -var ciphertext = CryptoJS.AES.encrypt(JSON.stringify(data), 'secret key 123'); +var ciphertext = CryptoJS.AES.encrypt(JSON.stringify(data), 'secret key 123').toString(); // Decrypt -var bytes = CryptoJS.AES.decrypt(ciphertext.toString(), 'secret key 123'); +var bytes = CryptoJS.AES.decrypt(ciphertext, 'secret key 123'); var decryptedData = JSON.parse(bytes.toString(CryptoJS.enc.Utf8)); -console.log(decryptedData); +console.log(decryptedData); // [{id: 1}, {id: 2}] ``` ### List of modules From 19e7ca77b76e93bbf17560dd4756c2e2439892ba Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Thu, 13 Sep 2018 23:57:31 +0200 Subject: [PATCH 09/20] Update dependecy. --- grunt/tasks/modularize.js | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/grunt/tasks/modularize.js b/grunt/tasks/modularize.js index 30e7f7b..f97d57b 100644 --- a/grunt/tasks/modularize.js +++ b/grunt/tasks/modularize.js @@ -53,7 +53,7 @@ module.exports = function (grunt) { return options[depName].components; }) .flatten() - .unique() + .uniq() .without(name) .sort(function (a, b) { return options[a].components.indexOf(b) === -1 ? -1 : 1; @@ -76,7 +76,7 @@ module.exports = function (grunt) { } // Remove duplicates - sources = _.unique(sources); + sources = _.uniq(sources); // Add module settings to fmd definition modules[name] = [sources, opts]; diff --git a/package.json b/package.json index 3e6dac3..ef49d55 100644 --- a/package.json +++ b/package.json @@ -31,7 +31,7 @@ "grunt-jsonlint": "^1.0.4", "grunt-update-json": "^0.2.0", "load-grunt-config": "^0.16.0", - "lodash": "^3.5.0" + "lodash": "^4.17.11" }, "keywords": [ "security", From 70f725bee5f9ade3fc95c2d1c9a72edad45f45d1 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Thu, 13 Sep 2018 23:57:44 +0200 Subject: [PATCH 10/20] Update jshint config. --- grunt/config/jshint.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/grunt/config/jshint.js b/grunt/config/jshint.js index 1a3aa11..7c83ee1 100644 --- a/grunt/config/jshint.js +++ b/grunt/config/jshint.js @@ -5,7 +5,8 @@ module.exports = { dev: { options: { - jshintrc: true + jshintrc: true, + reporterOutput: '' }, files: { src: [ From 89ce2460ab1a10cdd0cefb686966414ce6a2ee6e Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Fri, 14 Sep 2018 00:35:13 +0200 Subject: [PATCH 11/20] Pass jshint test. --- .jshintrc | 19 ++++++++++++++++++- Gruntfile.js | 2 ++ grunt/config/jshint.js | 2 +- src/aes.js | 4 +++- src/cipher-core.js | 28 +++++++++++++++++++--------- src/core.js | 12 +++++++----- src/evpkdf.js | 4 +++- src/mode-cfb.js | 6 ++++-- src/sha3.js | 13 ++++++++----- src/sha512.js | 19 +++++++++++-------- 10 files changed, 76 insertions(+), 33 deletions(-) diff --git a/.jshintrc b/.jshintrc index ae02577..7672d3a 100644 --- a/.jshintrc +++ b/.jshintrc @@ -10,7 +10,24 @@ "strict" : false, // Requires all functions to run in ECMAScript 5's strict mode "undef" : true, // Require non-global variables to be declared (prevents global leaks) "asi" : true, // Suppresses warnings about missing semicolons + "funcscope" : false, + "shadow" : true, + "expr" : true, + "-W041" : true, + "-W018" : true, "globals": { - "CryptoJS": true + "CryptoJS" : true, + "escape" : true, + "unescape" : true, + "Int8Array" : true, + "Int16Array" : true, + "Int32Array" : true, + "Uint8Array" : true, + "Uint16Array" : true, + "Uint32Array" : true, + "Uint8ClampedArray" : true, + "ArrayBuffer" : true, + "Float32Array" : true, + "Float64Array" : true } } diff --git a/Gruntfile.js b/Gruntfile.js index 9f67b00..e083f92 100644 --- a/Gruntfile.js +++ b/Gruntfile.js @@ -29,6 +29,8 @@ module.exports = function (grunt) { } } }); + + // Will load the custom tasks grunt.loadTasks('./grunt/tasks'); diff --git a/grunt/config/jshint.js b/grunt/config/jshint.js index 7c83ee1..1c3cb23 100644 --- a/grunt/config/jshint.js +++ b/grunt/config/jshint.js @@ -5,7 +5,7 @@ module.exports = { dev: { options: { - jshintrc: true, + jshintrc: process.cwd() + '/.jshintrc', reporterOutput: '' }, files: { diff --git a/src/aes.js b/src/aes.js index aaf6e92..2d033c0 100644 --- a/src/aes.js +++ b/src/aes.js @@ -76,6 +76,8 @@ */ var AES = C_algo.AES = BlockCipher.extend({ _doReset: function () { + var t; + // Skip reset of nRounds has been set before and key did not change if (this._nRounds && this._keyPriorReset === this._key) { return; @@ -98,7 +100,7 @@ if (ksRow < keySize) { keySchedule[ksRow] = keyWords[ksRow]; } else { - var t = keySchedule[ksRow - 1]; + t = keySchedule[ksRow - 1]; if (!(ksRow % keySize)) { // Rot word diff --git a/src/cipher-core.js b/src/cipher-core.js index 85ba200..0fe6136 100644 --- a/src/cipher-core.js +++ b/src/cipher-core.js @@ -336,17 +336,19 @@ CryptoJS.lib.Cipher || (function (undefined) { }); function xorBlock(words, offset, blockSize) { + var block; + // Shortcut var iv = this._iv; // Choose mixing block if (iv) { - var block = iv; + block = iv; // Remove IV for subsequent blocks this._iv = undefined; } else { - var block = this._prevBlock; + block = this._prevBlock; } // XOR blocks @@ -438,6 +440,8 @@ CryptoJS.lib.Cipher || (function (undefined) { }), reset: function () { + var modeCreator; + // Reset cipher Cipher.reset.call(this); @@ -448,9 +452,9 @@ CryptoJS.lib.Cipher || (function (undefined) { // Reset block mode if (this._xformMode == this._ENC_XFORM_MODE) { - var modeCreator = mode.createEncryptor; + modeCreator = mode.createEncryptor; } else /* if (this._xformMode == this._DEC_XFORM_MODE) */ { - var modeCreator = mode.createDecryptor; + modeCreator = mode.createDecryptor; // Keep at least one block in the buffer for unpadding this._minBufferSize = 1; } @@ -468,6 +472,8 @@ CryptoJS.lib.Cipher || (function (undefined) { }, _doFinalize: function () { + var finalProcessedBlocks; + // Shortcut var padding = this.cfg.padding; @@ -477,10 +483,10 @@ CryptoJS.lib.Cipher || (function (undefined) { padding.pad(this._data, this.blockSize); // Process final blocks - var finalProcessedBlocks = this._process(!!'flush'); + finalProcessedBlocks = this._process(!!'flush'); } else /* if (this._xformMode == this._DEC_XFORM_MODE) */ { // Process final blocks - var finalProcessedBlocks = this._process(!!'flush'); + finalProcessedBlocks = this._process(!!'flush'); // Unpad data padding.unpad(finalProcessedBlocks); @@ -572,15 +578,17 @@ CryptoJS.lib.Cipher || (function (undefined) { * var openSSLString = CryptoJS.format.OpenSSL.stringify(cipherParams); */ stringify: function (cipherParams) { + var wordArray; + // Shortcuts var ciphertext = cipherParams.ciphertext; var salt = cipherParams.salt; // Format if (salt) { - var wordArray = WordArray.create([0x53616c74, 0x65645f5f]).concat(salt).concat(ciphertext); + wordArray = WordArray.create([0x53616c74, 0x65645f5f]).concat(salt).concat(ciphertext); } else { - var wordArray = ciphertext; + wordArray = ciphertext; } return wordArray.toString(Base64); @@ -600,6 +608,8 @@ CryptoJS.lib.Cipher || (function (undefined) { * var cipherParams = CryptoJS.format.OpenSSL.parse(openSSLString); */ parse: function (openSSLStr) { + var salt; + // Parse base64 var ciphertext = Base64.parse(openSSLStr); @@ -609,7 +619,7 @@ CryptoJS.lib.Cipher || (function (undefined) { // Test for salt if (ciphertextWords[0] == 0x53616c74 && ciphertextWords[1] == 0x65645f5f) { // Extract salt - var salt = WordArray.create(ciphertextWords.slice(2, 4)); + salt = WordArray.create(ciphertextWords.slice(2, 4)); // Remove salt from ciphertext ciphertextWords.splice(0, 4); diff --git a/src/core.js b/src/core.js index 8903bf8..fd95ea5 100644 --- a/src/core.js +++ b/src/core.js @@ -6,7 +6,7 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { * Local polyfil of Object.create */ var create = Object.create || (function () { - function F() {}; + function F() {} return function (obj) { var subtype; @@ -289,7 +289,7 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { random: function (nBytes) { var words = []; - var r = (function (m_w) { + var r = function (m_w) { var m_w = m_w; var m_z = 0x3ade68b1; var mask = 0xffffffff; @@ -300,9 +300,9 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { var result = ((m_z << 0x10) + m_w) & mask; result /= 0x100000000; result += 0.5; - return result * (Math.random() > .5 ? 1 : -1); + return result * (Math.random() > 0.5 ? 1 : -1); } - }); + }; for (var i = 0, rcache; i < nBytes; i += 4) { var _r = r((rcache || Math.random()) * 0x100000000); @@ -539,6 +539,8 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { * var processedData = bufferedBlockAlgorithm._process(!!'flush'); */ _process: function (doFlush) { + var processedWords; + // Shortcuts var data = this._data; var dataWords = data.words; @@ -571,7 +573,7 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { } // Remove processed words - var processedWords = dataWords.splice(0, nWordsReady); + processedWords = dataWords.splice(0, nWordsReady); data.sigBytes -= nBytesReady; } diff --git a/src/evpkdf.js b/src/evpkdf.js index e0fe703..2bc993e 100644 --- a/src/evpkdf.js +++ b/src/evpkdf.js @@ -53,6 +53,8 @@ * var key = kdf.compute(password, salt); */ compute: function (password, salt) { + var block; + // Shortcut var cfg = this.cfg; @@ -72,7 +74,7 @@ if (block) { hasher.update(block); } - var block = hasher.update(password).finalize(salt); + block = hasher.update(password).finalize(salt); hasher.reset(); // Iterations diff --git a/src/mode-cfb.js b/src/mode-cfb.js index 8d8d449..e750620 100644 --- a/src/mode-cfb.js +++ b/src/mode-cfb.js @@ -34,17 +34,19 @@ CryptoJS.mode.CFB = (function () { }); function generateKeystreamAndEncrypt(words, offset, blockSize, cipher) { + var keystream; + // Shortcut var iv = this._iv; // Generate keystream if (iv) { - var keystream = iv.slice(0); + keystream = iv.slice(0); // Remove IV for subsequent blocks this._iv = undefined; } else { - var keystream = this._prevBlock; + keystream = this._prevBlock; } cipher.encryptBlock(keystream, 0); diff --git a/src/sha3.js b/src/sha3.js index 72ca230..9545fcd 100644 --- a/src/sha3.js +++ b/src/sha3.js @@ -158,6 +158,9 @@ // Rho Pi for (var laneIndex = 1; laneIndex < 25; laneIndex++) { + var tMsw; + var tLsw; + // Shortcuts var lane = state[laneIndex]; var laneMsw = lane.high; @@ -166,11 +169,11 @@ // Rotate lanes if (rhoOffset < 32) { - var tMsw = (laneMsw << rhoOffset) | (laneLsw >>> (32 - rhoOffset)); - var tLsw = (laneLsw << rhoOffset) | (laneMsw >>> (32 - rhoOffset)); + tMsw = (laneMsw << rhoOffset) | (laneLsw >>> (32 - rhoOffset)); + tLsw = (laneLsw << rhoOffset) | (laneMsw >>> (32 - rhoOffset)); } else /* if (rhoOffset >= 32) */ { - var tMsw = (laneLsw << (rhoOffset - 32)) | (laneMsw >>> (64 - rhoOffset)); - var tLsw = (laneMsw << (rhoOffset - 32)) | (laneLsw >>> (64 - rhoOffset)); + tMsw = (laneLsw << (rhoOffset - 32)) | (laneMsw >>> (64 - rhoOffset)); + tLsw = (laneMsw << (rhoOffset - 32)) | (laneLsw >>> (64 - rhoOffset)); } // Transpose lanes @@ -205,7 +208,7 @@ var lane = state[0]; var roundConstant = ROUND_CONSTANTS[round]; lane.high ^= roundConstant.high; - lane.low ^= roundConstant.low;; + lane.low ^= roundConstant.low; } }, diff --git a/src/sha512.js b/src/sha512.js index 8646322..2ca9991 100644 --- a/src/sha512.js +++ b/src/sha512.js @@ -127,13 +127,16 @@ // Rounds for (var i = 0; i < 80; i++) { + var Wil; + var Wih; + // Shortcut var Wi = W[i]; // Extend message if (i < 16) { - var Wih = Wi.high = M[offset + i * 2] | 0; - var Wil = Wi.low = M[offset + i * 2 + 1] | 0; + Wih = Wi.high = M[offset + i * 2] | 0; + Wil = Wi.low = M[offset + i * 2 + 1] | 0; } else { // Gamma0 var gamma0x = W[i - 15]; @@ -158,12 +161,12 @@ var Wi16h = Wi16.high; var Wi16l = Wi16.low; - var Wil = gamma0l + Wi7l; - var Wih = gamma0h + Wi7h + ((Wil >>> 0) < (gamma0l >>> 0) ? 1 : 0); - var Wil = Wil + gamma1l; - var Wih = Wih + gamma1h + ((Wil >>> 0) < (gamma1l >>> 0) ? 1 : 0); - var Wil = Wil + Wi16l; - var Wih = Wih + Wi16h + ((Wil >>> 0) < (Wi16l >>> 0) ? 1 : 0); + Wil = gamma0l + Wi7l; + Wih = gamma0h + Wi7h + ((Wil >>> 0) < (gamma0l >>> 0) ? 1 : 0); + Wil = Wil + gamma1l; + Wih = Wih + gamma1h + ((Wil >>> 0) < (gamma1l >>> 0) ? 1 : 0); + Wil = Wil + Wi16l; + Wih = Wih + Wi16h + ((Wil >>> 0) < (Wi16l >>> 0) ? 1 : 0); Wi.high = Wih; Wi.low = Wil; From 57e31106691224bc32dfa24defccfdb8419ae2b6 Mon Sep 17 00:00:00 2001 From: Joe K Date: Mon, 24 Sep 2018 10:06:43 -0400 Subject: [PATCH 12/20] Typo in AES Encryption Plain encryption example Changed the var name from `cipherText` to lowercase `ciphertext` so the "AES Encryption > Plain encryption" example works. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 28eb5c4..a654192 100644 --- a/README.md +++ b/README.md @@ -111,7 +111,7 @@ See: https://code.google.com/p/crypto-js var CryptoJS = require("crypto-js"); // Encrypt -var cipherText = CryptoJS.AES.encrypt('my message', 'secret key 123').toString(); +var ciphertext = CryptoJS.AES.encrypt('my message', 'secret key 123').toString(); // Decrypt var bytes = CryptoJS.AES.decrypt(ciphertext, 'secret key 123'); From cfe95b924e179f950373ad98053f3a448538b643 Mon Sep 17 00:00:00 2001 From: entronad Date: Fri, 21 Dec 2018 16:09:21 +0800 Subject: [PATCH 13/20] add missing toString() to hmac test files --- test/hmac-md5-test.js | 4 ++-- test/hmac-sha224-test.js | 4 ++-- test/hmac-sha256-test.js | 4 ++-- test/hmac-sha384-test.js | 4 ++-- test/hmac-sha512-test.js | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/test/hmac-md5-test.js b/test/hmac-md5-test.js index b50bb04..b87aaf9 100644 --- a/test/hmac-md5-test.js +++ b/test/hmac-md5-test.js @@ -17,11 +17,11 @@ YUI.add('algo-hmac-md5-test', function (Y) { }, testVector4: function () { - Y.Assert.areEqual('7ee2a3cc979ab19865704644ce13355c', C.HmacMD5('ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'A')); + Y.Assert.areEqual('7ee2a3cc979ab19865704644ce13355c', C.HmacMD5('ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'A').toString()); }, testVector5: function () { - Y.Assert.areEqual('0e1bd89c43e3e6e3b3f8cf1d5ba4f77a', C.HmacMD5('abcdefghijklmnopqrstuvwxyz', 'A')); + Y.Assert.areEqual('0e1bd89c43e3e6e3b3f8cf1d5ba4f77a', C.HmacMD5('abcdefghijklmnopqrstuvwxyz', 'A').toString()); }, testUpdate: function () { diff --git a/test/hmac-sha224-test.js b/test/hmac-sha224-test.js index 77b1788..4895137 100644 --- a/test/hmac-sha224-test.js +++ b/test/hmac-sha224-test.js @@ -17,11 +17,11 @@ YUI.add('algo-hmac-sha224-test', function (Y) { }, testVector4: function () { - Y.Assert.areEqual('61bf669da4fdcd8e5c3bd09ebbb4a986d3d1b298d3ca05c511f7aeff', C.HmacSHA224('ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'A')); + Y.Assert.areEqual('61bf669da4fdcd8e5c3bd09ebbb4a986d3d1b298d3ca05c511f7aeff', C.HmacSHA224('ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'A').toString()); }, testVector5: function () { - Y.Assert.areEqual('16fc69ada3c3edc1fe9144d6b98d93393833ae442bedf681110a1176', C.HmacSHA224('abcdefghijklmnopqrstuvwxyz', 'A')); + Y.Assert.areEqual('16fc69ada3c3edc1fe9144d6b98d93393833ae442bedf681110a1176', C.HmacSHA224('abcdefghijklmnopqrstuvwxyz', 'A').toString()); }, testUpdate: function () { diff --git a/test/hmac-sha256-test.js b/test/hmac-sha256-test.js index e8c3b1f..f10d89e 100644 --- a/test/hmac-sha256-test.js +++ b/test/hmac-sha256-test.js @@ -17,11 +17,11 @@ YUI.add('algo-hmac-sha256-test', function (Y) { }, testVector4: function () { - Y.Assert.areEqual('a89dc8178c1184a62df87adaa77bf86e93064863d93c5131140b0ae98b866687', C.HmacSHA256('ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'A')); + Y.Assert.areEqual('a89dc8178c1184a62df87adaa77bf86e93064863d93c5131140b0ae98b866687', C.HmacSHA256('ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'A').toString()); }, testVector5: function () { - Y.Assert.areEqual('d8cb78419c02fe20b90f8b77427dd9f81817a751d74c2e484e0ac5fc4e6ca986', C.HmacSHA256('abcdefghijklmnopqrstuvwxyz', 'A')); + Y.Assert.areEqual('d8cb78419c02fe20b90f8b77427dd9f81817a751d74c2e484e0ac5fc4e6ca986', C.HmacSHA256('abcdefghijklmnopqrstuvwxyz', 'A').toString()); }, testUpdate: function () { diff --git a/test/hmac-sha384-test.js b/test/hmac-sha384-test.js index aa89455..ebea5e1 100644 --- a/test/hmac-sha384-test.js +++ b/test/hmac-sha384-test.js @@ -17,11 +17,11 @@ YUI.add('algo-hmac-sha384-test', function (Y) { }, testVector4: function () { - Y.Assert.areEqual('365dfb271adb8e30fe6c74220b75df1b38c2d19b9d37f2e5a0ec2f3f22bd0406bf5b786e98d81b82c36d3d8a1be6cd07', C.HmacSHA384('ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'A')); + Y.Assert.areEqual('365dfb271adb8e30fe6c74220b75df1b38c2d19b9d37f2e5a0ec2f3f22bd0406bf5b786e98d81b82c36d3d8a1be6cd07', C.HmacSHA384('ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'A').toString()); }, testVector5: function () { - Y.Assert.areEqual('a8357d5e84da64140e41545562ae0782e2a58e39c6cd98939fad8d9080e774c84b7eaca4ba07f6dbf0f12eab912c5285', C.HmacSHA384('abcdefghijklmnopqrstuvwxyz', 'A')); + Y.Assert.areEqual('a8357d5e84da64140e41545562ae0782e2a58e39c6cd98939fad8d9080e774c84b7eaca4ba07f6dbf0f12eab912c5285', C.HmacSHA384('abcdefghijklmnopqrstuvwxyz', 'A').toString()); }, testUpdate: function () { diff --git a/test/hmac-sha512-test.js b/test/hmac-sha512-test.js index ceb2c7d..1e5d820 100644 --- a/test/hmac-sha512-test.js +++ b/test/hmac-sha512-test.js @@ -17,11 +17,11 @@ YUI.add('algo-hmac-sha512-test', function (Y) { }, testVector4: function () { - Y.Assert.areEqual('a303979f7c94bb39a8ab6ce05cdbe28f0255da8bb305263e3478ef7e855f0242729bf1d2be55398f14da8e63f0302465a8a3f76c297bd584ad028d18ed7f0195', C.HmacSHA512('ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'A')); + Y.Assert.areEqual('a303979f7c94bb39a8ab6ce05cdbe28f0255da8bb305263e3478ef7e855f0242729bf1d2be55398f14da8e63f0302465a8a3f76c297bd584ad028d18ed7f0195', C.HmacSHA512('ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'A').toString()); }, testVector5: function () { - Y.Assert.areEqual('8c2d56f7628325e62124c0a870ad98d101327fc42696899a06ce0d7121454022fae597e42c25ac3a4c380fd514f553702a5b0afaa9b5a22050902f024368e9d9', C.HmacSHA512('abcdefghijklmnopqrstuvwxyz', 'A')); + Y.Assert.areEqual('8c2d56f7628325e62124c0a870ad98d101327fc42696899a06ce0d7121454022fae597e42c25ac3a4c380fd514f553702a5b0afaa9b5a22050902f024368e9d9', C.HmacSHA512('abcdefghijklmnopqrstuvwxyz', 'A').toString()); }, testUpdate: function () { From 25a323885c10073fca2b6d740a06dce99c58e5eb Mon Sep 17 00:00:00 2001 From: Pedro Gomes Date: Fri, 4 Jan 2019 16:59:54 +0000 Subject: [PATCH 14/20] Update API Documentation --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a654192..bccfad7 100644 --- a/README.md +++ b/README.md @@ -101,7 +101,7 @@ require(["crypto-js"], function (CryptoJS) { ## API -See: https://code.google.com/p/crypto-js +See: https://cryptojs.gitbook.io/docs/ ### AES Encryption From 51bb88ea5e7b8cde7f0fa843c8a132644a132792 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian=20Kwieci=C5=84ski?= Date: Tue, 2 Apr 2019 12:55:17 +0200 Subject: [PATCH 15/20] add grunt-cli to devDepencies --- package.json | 1 + 1 file changed, 1 insertion(+) diff --git a/package.json b/package.json index ef49d55..e3db0ae 100644 --- a/package.json +++ b/package.json @@ -25,6 +25,7 @@ "devDependencies": { "fmd": "~0.0.3", "grunt": "^0.4.5", + "grunt-cli": "^1.3.2", "grunt-contrib-clean": "^0.6.0", "grunt-contrib-copy": "^0.6.0", "grunt-contrib-jshint": "^0.10.0", From 150d88df6706834e825671d6b5914c6df3937710 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian=20Kwieci=C5=84ski?= Date: Tue, 2 Apr 2019 15:14:00 +0200 Subject: [PATCH 16/20] Fix 3DES encryption with 64- and 128-bit keys --- src/tripledes.js | 15 ++++++++++++--- test/tripledes-test.js | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+), 3 deletions(-) diff --git a/src/tripledes.js b/src/tripledes.js index 8771943..0777c7c 100644 --- a/src/tripledes.js +++ b/src/tripledes.js @@ -712,11 +712,20 @@ // Shortcuts var key = this._key; var keyWords = key.words; + // Make sure the key length is valid (64, 128 or >= 192 bit) + if (keyWords.length !== 2 && keyWords.length !== 4 && keyWords.length < 6) { + throw new Error('Invalid key length - 3DES requires the key length to be 64, 128, 192 or >192.'); + } + + // Extend the key according to the keying options defined in 3DES standard + var key1 = keyWords.slice(0, 2); + var key2 = keyWords.length < 4 ? keyWords.slice(0, 2) : keyWords.slice(2, 4); + var key3 = keyWords.length < 6 ? keyWords.slice(0, 2) : keyWords.slice(4, 6); // Create DES instances - this._des1 = DES.createEncryptor(WordArray.create(keyWords.slice(0, 2))); - this._des2 = DES.createEncryptor(WordArray.create(keyWords.slice(2, 4))); - this._des3 = DES.createEncryptor(WordArray.create(keyWords.slice(4, 6))); + this._des1 = DES.createEncryptor(WordArray.create(key1)); + this._des2 = DES.createEncryptor(WordArray.create(key2)); + this._des3 = DES.createEncryptor(WordArray.create(key3)); }, encryptBlock: function (M, offset) { diff --git a/test/tripledes-test.js b/test/tripledes-test.js index b531bc8..dcc7f4a 100644 --- a/test/tripledes-test.js +++ b/test/tripledes-test.js @@ -62,6 +62,39 @@ YUI.add('algo-tripledes-test', function (Y) { Y.Assert.areEqual(expectedIv, iv.toString()); }, + test64BitKey: function() { + var message = C.enc.Hex.parse('00112233445566778899aabbccddeeff'); + var key = C.enc.Hex.parse('0011223344556677'); + var extendedKey = C.enc.Hex.parse('001122334455667700112233445566770011223344556677') + + var output1 = C.TripleDES.encrypt(message, key, { mode: C.mode.ECB }).toString(); + var output2 = C.TripleDES.encrypt(message, extendedKey, { mode: C.mode.ECB }).toString(); + + Y.Assert.areEqual(output1, output2); + }, + + test128BitKey: function() { + var message = C.enc.Hex.parse('00112233445566778899aabbccddeeff'); + var key = C.enc.Hex.parse('00112233445566778899aabbccddeeff'); + var extendedKey = C.enc.Hex.parse('00112233445566778899aabbccddeeff0011223344556677') + + var output1 = C.TripleDES.encrypt(message, key, { mode: C.mode.ECB }).toString(); + var output2 = C.TripleDES.encrypt(message, extendedKey, { mode: C.mode.ECB }).toString(); + + Y.Assert.areEqual(output1, output2); + }, + + test256BitKey: function() { + var message = C.enc.Hex.parse('00112233445566778899aabbccddeeff'); + var key = C.enc.Hex.parse('00112233445566778899aabbccddeeff0112233445566778899aabbccddeeff0'); + var truncatedKey = C.enc.Hex.parse('00112233445566778899aabbccddeeff0112233445566778') + + var output1 = C.TripleDES.encrypt(message, key, { mode: C.mode.ECB }).toString(); + var output2 = C.TripleDES.encrypt(message, truncatedKey, { mode: C.mode.ECB }).toString(); + + Y.Assert.areEqual(output1, output2); + }, + testHelper: function () { // Save original random method var random = C.lib.WordArray.random; From ec5a2222128385e92b33b8aa97f43e15b78aa828 Mon Sep 17 00:00:00 2001 From: pearson Date: Mon, 19 Aug 2019 17:22:48 +0800 Subject: [PATCH 17/20] modify the comments in core.js --- src/core.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/core.js b/src/core.js index fd95ea5..a169607 100644 --- a/src/core.js +++ b/src/core.js @@ -3,7 +3,8 @@ */ var CryptoJS = CryptoJS || (function (Math, undefined) { /* - * Local polyfil of Object.create + * Local polyfill of Object.create + */ var create = Object.create || (function () { function F() {} From b405ff597fb3ac76a7bdfbc72dca10ba1079b1d5 Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Mon, 10 Feb 2020 19:18:54 +0100 Subject: [PATCH 18/20] Add secure random using native crypto module. --- src/core.js | 52 +++++++++++++++++++++++++++++++--------------------- 1 file changed, 31 insertions(+), 21 deletions(-) diff --git a/src/core.js b/src/core.js index fd95ea5..b814c3b 100644 --- a/src/core.js +++ b/src/core.js @@ -2,6 +2,34 @@ * CryptoJS core components. */ var CryptoJS = CryptoJS || (function (Math, undefined) { + + /* + * Cryptographically secure pseudorandom number generator + * + * As Math.random() is cryptographically not safe to use + */ + var secureRandom = function () { + // Native crypto module on NodeJS environment + try { + // Crypto from global object + var crypto = global.crypto; + + // Create a random float number between 0 and 1 + return Number('0.' + crypto.randomBytes(3).readUIntBE(0, 3)); + } catch (err) {} + + // Native crypto module in Browser environment + try { + // Support experimental crypto module in IE 11 + var crypto = window.crypto || window.msCrypto; + + // Create a random float number between 0 and 1 + return Number('0.' + window.crypto.getRandomValues(new Uint32Array(1))[0]); + } catch (err) {} + + throw new Error('Native crypto module could not be used to get secure random number.'); + }; + /* * Local polyfil of Object.create */ @@ -289,26 +317,8 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { random: function (nBytes) { var words = []; - var r = function (m_w) { - var m_w = m_w; - var m_z = 0x3ade68b1; - var mask = 0xffffffff; - - return function () { - m_z = (0x9069 * (m_z & 0xFFFF) + (m_z >> 0x10)) & mask; - m_w = (0x4650 * (m_w & 0xFFFF) + (m_w >> 0x10)) & mask; - var result = ((m_z << 0x10) + m_w) & mask; - result /= 0x100000000; - result += 0.5; - return result * (Math.random() > 0.5 ? 1 : -1); - } - }; - - for (var i = 0, rcache; i < nBytes; i += 4) { - var _r = r((rcache || Math.random()) * 0x100000000); - - rcache = _r() * 0x3ade67b7; - words.push((_r() * 0x100000000) | 0); + for (var i = 0; i < nBytes; i += 4) { + words.push((secureRandom() * 0x100000000) | 0); } return new WordArray.init(words, nBytes); @@ -540,7 +550,7 @@ var CryptoJS = CryptoJS || (function (Math, undefined) { */ _process: function (doFlush) { var processedWords; - + // Shortcuts var data = this._data; var dataWords = data.words; From eb61233396b78e7e655da22a225b831ffc1e493e Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Mon, 10 Feb 2020 19:19:52 +0100 Subject: [PATCH 19/20] Fix this context in callbacks using arrow funtions. --- grunt/tasks/modularize.js | 108 +++++++++++++++++++------------------- 1 file changed, 53 insertions(+), 55 deletions(-) diff --git a/grunt/tasks/modularize.js b/grunt/tasks/modularize.js index f97d57b..6432ba7 100644 --- a/grunt/tasks/modularize.js +++ b/grunt/tasks/modularize.js @@ -2,7 +2,7 @@ var _ = require("lodash"), - fmd = require("fmd"); + fmd = require("fmd"); module.exports = function (grunt) { @@ -14,78 +14,76 @@ module.exports = function (grunt) { modules = {}, config = { - target: this.target + '/', - factories: ["commonjs", "amd", "global"], - trim_whitespace: true, - new_line: "unix", - indent: "\t" - }; + target: this.target + '/', + factories: ["commonjs", "amd", "global"], + trim_whitespace: true, + new_line: "unix", + indent: "\t" + }; // Prepare Factory-Module-Definition settings - _.each(options, function (conf, name) { + _.each(options, (conf, name) => { var sources = [], - opts = { - depends: {} - }, + opts = { + depends: {} + }, - deps = []; + deps = []; - if (conf.exports) { - opts.exports = conf.exports; - } + if (conf.exports) { + opts.exports = conf.exports; + } - if (conf.global) { - opts.global = conf.global; - } + if (conf.global) { + opts.global = conf.global; + } // Find and add self as source - _.each(this.filesSrc, function (source) { - if (grunt.file.exists(source + name + ".js")) { - sources.push(source + name + ".js"); - } - }, this); + _.each(this.filesSrc, (source) => { + if (grunt.file.exists(source + name + ".js")) { + sources.push(source + name + ".js"); + } + }); if (conf.pack) { - // Collect all components - deps = _.chain(conf.components) - .map(function (depName) { - return options[depName].components; - }) - .flatten() - .uniq() - .without(name) - .sort(function (a, b) { - return options[a].components.indexOf(b) === -1 ? -1 : 1; - }) - .value(); + // Collect all components + deps = _.chain(conf.components) + .map(depName => options[depName].components) + .flatten() + .uniq() + .without(name) + .sort((a, b) => { + return options[a].components.indexOf(b) === -1 ? -1 : 1; + }) + .value(); // Add components as source files -> results a single file - _.each(this.filesSrc, function (source) { - _.each(deps, function (depName) { - if (grunt.file.exists(source + depName + ".js")) { - sources.push(source + depName + ".js"); - } - }); - }, this); + _.each(this.filesSrc, (source) => { + _.each(deps, (depName) => { + if (grunt.file.exists(source + depName + ".js")) { + sources.push(source + depName + ".js"); + } + }); + }); } else { - // Read components and add them as dependecies - _.each(_.without(conf.components, name), function (value, i) { - opts.depends['./' + value] = value === "core" ? "CryptoJS" : null; - }); - } + // Read components and add them as dependecies + _.each(_.without(conf.components, name), (value, i) => { + opts.depends['./' + value] = value === "core" ? "CryptoJS" : null; + }); + } - // Remove duplicates - sources = _.uniq(sources); + // Remove duplicates + sources = _.uniq(sources); // Add module settings to fmd definition - modules[name] = [sources, opts]; - }, this); + modules[name] = [sources, opts]; + }); - // Build packege modules - fmd(config) - .define(modules) - .build(function (createdFiles) { + // Build packege modules + fmd(config) + .define(modules) + .build(() => { done(); }); From 77d1bddbe79bca7dabdd43d01d2c1c8a00eae21d Mon Sep 17 00:00:00 2001 From: evanvosberg Date: Mon, 10 Feb 2020 19:55:52 +0100 Subject: [PATCH 20/20] Bump version. --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index e3db0ae..c05efb5 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "crypto-js", "title": "crypto-js", "description": "JavaScript library of crypto standards.", - "version": "3.1.9", + "version": "3.2.0", "homepage": "http://github.com/brix/crypto-js", "author": { "name": "Evan Vosberg",