npm - node-forge - Versions diffs - 0.6.29 → 0.6.33 - Mend

node-forge 0.6.29 → 0.6.33

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/.npmignore CHANGED Viewed

@@ -19,4 +19,5 @@ dist
 js/forge.bundle.js
 js/forge.min.js
 node_modules
+nodejs/coverage
 tests/forge

package/.travis.yml CHANGED Viewed

@@ -1,6 +1,8 @@
 language: node_js
 node_js:
   - "0.10"
+  - "0.12"
+  - iojs
 install: (cd nodejs && npm install)
 script:
   - (cd nodejs && npm test)

package/README.md CHANGED Viewed

@@ -553,6 +553,7 @@ of operation: [ECB][], [CBC][], [CFB][], [OFB][], [CTR][], and [GCM][].
 These algorithms are currently supported:
+* AES-ECB
 * AES-CBC
 * AES-CFB
 * AES-OFB
@@ -582,7 +583,7 @@ var key = forge.pkcs5.pbkdf2('password', salt, numIterations, 16);
 */
 // encrypt some bytes using CBC mode
-// (other modes include: CFB, OFB, CTR, and GCM)
+// (other modes include: ECB, CFB, OFB, CTR, and GCM)
 var cipher = forge.cipher.createCipher('AES-CBC', key);
 cipher.start({iv: iv});
 cipher.update(forge.util.createBuffer(someBytes));

package/bower.json CHANGED Viewed

@@ -1,7 +1,8 @@
 {
   "name": "forge",
-  "version": "0.6.29",
+  "version": "0.6.33",
   "description": "JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.",
+  "moduleType": ["amd"],
   "authors": [
     "Digital Bazaar, Inc."
   ],

package/js/aes.js CHANGED Viewed

@@ -251,6 +251,7 @@ forge.aes._updateBlock = _updateBlock;
 /** Register AES algorithms **/
+registerAlgorithm('AES-ECB', forge.cipher.modes.ecb);
 registerAlgorithm('AES-CBC', forge.cipher.modes.cbc);
 registerAlgorithm('AES-CFB', forge.cipher.modes.cfb);
 registerAlgorithm('AES-OFB', forge.cipher.modes.ofb);

package/js/aesCipherSuites.js CHANGED Viewed

@@ -3,7 +3,7 @@
  *
  * @author Dave Longley
  *
- * Copyright (c) 2009-2014 Digital Bazaar, Inc.
+ * Copyright (c) 2009-2015 Digital Bazaar, Inc.
  *
  */
 (function() {
@@ -232,11 +232,9 @@ function decrypt_aes_cbc_sha1(record, s) {
   // last 20 bytes          = MAC
   var macLen = s.macLength;
-  // create a zero'd out mac
-  var mac = '';
-  for(var i = 0; i < macLen; ++i) {
-    mac += String.fromCharCode(0);
-  }
+  // create a random MAC to check against should the mac length check fail
+  // Note: do this regardless of the failure to keep timing consistent
+  var mac = forge.random.getBytesSync(macLen);
   // get fragment and mac
   var len = cipher.output.length();
@@ -253,10 +251,38 @@ function decrypt_aes_cbc_sha1(record, s) {
   // see if data integrity checks out, update sequence number
   var mac2 = s.macFunction(s.macKey, s.sequenceNumber, record);
   s.updateSequenceNumber();
-  rval = (mac2 === mac) && rval;
+  rval = compareMacs(s.macKey, mac, mac2) && rval;
   return rval;
 }
+/**
+ * Safely compare two MACs. This function will compare two MACs in a way
+ * that protects against timing attacks.
+ *
+ * TODO: Expose elsewhere as a utility API.
+ *
+ * See: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/february/double-hmac-verification/
+ *
+ * @param key the MAC key to use.
+ * @param mac1 as a binary-encoded string of bytes.
+ * @param mac2 as a binary-encoded string of bytes.
+ *
+ * @return true if the MACs are the same, false if not.
+ */
+function compareMacs(key, mac1, mac2) {
+  var hmac = forge.hmac.create();
+  hmac.start('SHA1', key);
+  hmac.update(mac1);
+  mac1 = hmac.digest().getBytes();
+  hmac.start(null, null);
+  hmac.update(mac2);
+  mac2 = hmac.digest().getBytes();
+  return mac1 === mac2;
+}
 } // end module implementation
 /* ########## Begin module wrapper ########## */

package/js/cipher.js CHANGED Viewed

@@ -128,6 +128,8 @@ var BlockCipher = forge.cipher.BlockCipher = function(options) {
  * bytes, then it must be Nb (16) bytes in length. If the IV is given in as
  * 32-bit integers, then it must be 4 integers long.
  *
+ * Note: an IV is not required or used in ECB mode.
+ *
  * For GCM-mode, the IV must be given as a binary-encoded string of bytes or
  * a byte buffer. The number of bytes should be 12 (96 bits) as recommended
  * by NIST SP-800-38D but another length may be given.
@@ -187,7 +189,7 @@ BlockCipher.prototype.update = function(input) {
 BlockCipher.prototype.finish = function(pad) {
   // backwards-compatibility w/deprecated padding API
   // Note: will overwrite padding functions even after another start() call
-  if(pad && this.mode.name === 'CBC') {
+  if(pad && (this.mode.name === 'ECB' || this.mode.name === 'CBC')) {
     this.mode.pad = function(input) {
       return pad(this.blockSize, input, false);
     };

package/js/x509.js CHANGED Viewed

@@ -2092,7 +2092,7 @@ function _fillMissingExtensionFields(e, options) {
   }
   if(typeof e.value !== 'undefined') {
-    return;
+    return e;
   }
   // handle missing value:

package/nodejs/.istanbul.yml ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ instrumentation:
2	+ root: ..

package/nodejs/package.json CHANGED Viewed

@@ -1,17 +1,24 @@
 {
-    "name": "forge-nodejs-example",
-    "version": "0.1.0",
-    "private": true,
-    "main": "server.js",
-    "dependencies": {
-        "express": "~3.1.0",
-        "mocha": "~1.8.2",
-        "chai": "~1.5.0",
-        "grunt": "~0.4.1",
-        "grunt-mocha": "~0.3.1"
-    },
-    "scripts": {
-        "test": "mocha -t 20000 -R spec test/*.js",
-        "run": "node server"
-    }
+  "name": "forge-nodejs-example",
+  "version": "0.1.0",
+  "private": true,
+  "main": "server.js",
+  "dependencies": {
+    "express": "~3.1.0",
+    "mocha": "~1.21.5",
+    "chai": "~1.10.0",
+    "grunt": "~0.4.5",
+    "grunt-mocha": "~0.4.12"
+  },
+  "scripts": {
+    "run": "node server",
+    "test": "mocha -t 30000 -R spec test/*.js",
+    "coverage": "rm -rf coverage && ./node_modules/.bin/istanbul cover ./node_modules/.bin/_mocha -- -u exports -t 30000 -R spec test/*.js",
+    "coverage-lcov": "rm -rf coverage && ./node_modules/.bin/istanbul cover ./node_modules/.bin/_mocha --report lcovonly -- -u exports -t 30000 -R spec test/*.js",
+    "coverage-report": "./node_modules/.bin/istanbul report"
+  },
+  "devDependencies": {
+    "istanbul": "^0.3.14",
+    "mocha-lcov-reporter": "0.0.2"
+  }
 }

package/nodejs/test/aes.js CHANGED Viewed

@@ -112,6 +112,162 @@ function Tests(ASSERT, CIPHER, AES, UTIL) {
         ASSERT.equal(out.toHex(), '00112233445566778899aabbccddeeff');
     });
+    // AES-128-ECB
+    (function() {
+      var keys = [
+        '2b7e151628aed2a6abf7158809cf4f3c',
+        '2b7e151628aed2a6abf7158809cf4f3c',
+        '2b7e151628aed2a6abf7158809cf4f3c',
+        '2b7e151628aed2a6abf7158809cf4f3c'
+      ];
+      var inputs = [
+        '6bc1bee22e409f96e93d7e117393172a',
+        'ae2d8a571e03ac9c9eb76fac45af8e51',
+        '30c81c46a35ce411e5fbc1191a0a52ef',
+        'f69f2445df4f9b17ad2b417be66c3710'
+      ];
+      var outputs = [
+        '3ad77bb40d7a3660a89ecaf32466ef97',
+        'f5d3d58503b9699de785895a96fdbaaf',
+        '43b1cd7f598ece23881b00e3ed030688',
+        '7b0c785e27e8ad3f8223207104725dd4'
+      ];
+      for(var i = 0; i < keys.length; ++i) {
+        (function(i) {
+          var key = UTIL.hexToBytes(keys[i]);
+          var input = UTIL.hexToBytes(inputs[i]);
+          var output = UTIL.hexToBytes(outputs[i]);
+          it('should aes-128-ecb encrypt: ' + inputs[i], function() {
+            // encrypt w/no padding
+            var cipher = CIPHER.createCipher('AES-ECB', key);
+            cipher.mode.pad = false;
+            cipher.start();
+            cipher.update(UTIL.createBuffer(input));
+            cipher.finish();
+            ASSERT.equal(cipher.output.toHex(), outputs[i]);
+          });
+          it('should aes-128-ecb decrypt: ' + outputs[i], function() {
+            // decrypt w/no padding
+            var cipher = CIPHER.createDecipher('AES-ECB', key);
+            cipher.mode.unpad = false;
+            cipher.start();
+            cipher.update(UTIL.createBuffer(output));
+            cipher.finish();
+            ASSERT.equal(cipher.output.toHex(), inputs[i]);
+          });
+        })(i);
+      }
+    })();
+    // AES-192-ECB
+    (function() {
+      var keys = [
+        '8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b',
+        '8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b',
+        '8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b',
+        '8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b'
+      ];
+      var inputs = [
+        '6bc1bee22e409f96e93d7e117393172a',
+        'ae2d8a571e03ac9c9eb76fac45af8e51',
+        '30c81c46a35ce411e5fbc1191a0a52ef',
+        'f69f2445df4f9b17ad2b417be66c3710'
+      ];
+      var outputs = [
+        'bd334f1d6e45f25ff712a214571fa5cc',
+        '974104846d0ad3ad7734ecb3ecee4eef',
+        'ef7afd2270e2e60adce0ba2face6444e',
+        '9a4b41ba738d6c72fb16691603c18e0e'
+      ];
+      for(var i = 0; i < keys.length; ++i) {
+        (function(i) {
+          var key = UTIL.hexToBytes(keys[i]);
+          var input = UTIL.hexToBytes(inputs[i]);
+          var output = UTIL.hexToBytes(outputs[i]);
+          it('should aes-192-ecb encrypt: ' + inputs[i], function() {
+            // encrypt w/no padding
+            var cipher = CIPHER.createCipher('AES-ECB', key);
+            cipher.mode.pad = false;
+            cipher.start();
+            cipher.update(UTIL.createBuffer(input));
+            cipher.finish();
+            ASSERT.equal(cipher.output.toHex(), outputs[i]);
+          });
+          it('should aes-192-ecb decrypt: ' + outputs[i], function() {
+            // decrypt w/no padding
+            var cipher = CIPHER.createDecipher('AES-ECB', key);
+            cipher.mode.unpad = false;
+            cipher.start();
+            cipher.update(UTIL.createBuffer(output));
+            cipher.finish();
+            ASSERT.equal(cipher.output.toHex(), inputs[i]);
+          });
+        })(i);
+      }
+    })();
+    // AES-256-ECB
+    (function() {
+      var keys = [
+        '603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4',
+        '603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4',
+        '603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4',
+        '603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4'
+      ];
+      var inputs = [
+        '6bc1bee22e409f96e93d7e117393172a',
+        'ae2d8a571e03ac9c9eb76fac45af8e51',
+        '30c81c46a35ce411e5fbc1191a0a52ef',
+        'f69f2445df4f9b17ad2b417be66c3710'
+      ];
+      var outputs = [
+        'f3eed1bdb5d2a03c064b5a7e3db181f8',
+        '591ccb10d410ed26dc5ba74a31362870',
+        'b6ed21b99ca6f4f9f153e7b1beafed1d',
+        '23304b7a39f9f3ff067d8d8f9e24ecc7'
+      ];
+      for(var i = 0; i < keys.length; ++i) {
+        (function(i) {
+          var key = UTIL.hexToBytes(keys[i]);
+          var input = UTIL.hexToBytes(inputs[i]);
+          var output = UTIL.hexToBytes(outputs[i]);
+          it('should aes-256-ecb encrypt: ' + inputs[i], function() {
+            // encrypt w/no padding
+            var cipher = CIPHER.createCipher('AES-ECB', key);
+            cipher.mode.pad = false;
+            cipher.start();
+            cipher.update(UTIL.createBuffer(input));
+            cipher.finish();
+            ASSERT.equal(cipher.output.toHex(), outputs[i]);
+          });
+          it('should aes-256-ecb decrypt: ' + outputs[i], function() {
+            // decrypt w/no padding
+            var cipher = CIPHER.createDecipher('AES-ECB', key);
+            cipher.mode.unpad = false;
+            cipher.start();
+            cipher.update(UTIL.createBuffer(output));
+            cipher.finish();
+            ASSERT.equal(cipher.output.toHex(), inputs[i]);
+          });
+        })(i);
+      }
+    })();
     // AES-128-CBC
     (function() {
       var keys = [
@@ -160,18 +316,20 @@ function Tests(ASSERT, CIPHER, AES, UTIL) {
           it('should aes-128-cbc encrypt: ' + inputs[i], function() {
             // encrypt w/no padding
             var cipher = CIPHER.createCipher('AES-CBC', key);
+            cipher.mode.pad = false;
             cipher.start({iv: iv});
             cipher.update(UTIL.createBuffer(input));
-            cipher.finish(function(){return true;});
+            cipher.finish();
             ASSERT.equal(cipher.output.toHex(), outputs[i]);
           });
           it('should aes-128-cbc decrypt: ' + outputs[i], function() {
             // decrypt w/no padding
             var cipher = CIPHER.createDecipher('AES-CBC', key);
+            cipher.mode.unpad = false;
             cipher.start({iv: iv});
             cipher.update(UTIL.createBuffer(output));
-            cipher.finish(function(){return true;});
+            cipher.finish();
             var out = (i & 1) ? cipher.output.toHex() : cipher.output.bytes();
             ASSERT.equal(out, inputs[i]);
           });
@@ -219,18 +377,20 @@ function Tests(ASSERT, CIPHER, AES, UTIL) {
           it('should aes-192-cbc encrypt: ' + inputs[i], function() {
             // encrypt w/no padding
             var cipher = CIPHER.createCipher('AES-CBC', key);
+            cipher.mode.pad = false;
             cipher.start({iv: iv});
             cipher.update(UTIL.createBuffer(input));
-            cipher.finish(function(){return true;});
+            cipher.finish();
             ASSERT.equal(cipher.output.toHex(), outputs[i]);
           });
           it('should aes-192-cbc decrypt: ' + outputs[i], function() {
             // decrypt w/no padding
             var cipher = CIPHER.createDecipher('AES-CBC', key);
+            cipher.mode.unpad = false;
             cipher.start({iv: iv});
             cipher.update(UTIL.createBuffer(output));
-            cipher.finish(function(){return true;});
+            cipher.finish();
             var out = cipher.output.toHex();
             ASSERT.equal(out, inputs[i]);
           });
@@ -278,18 +438,20 @@ function Tests(ASSERT, CIPHER, AES, UTIL) {
           it('should aes-256-cbc encrypt: ' + inputs[i], function() {
             // encrypt w/no padding
             var cipher = CIPHER.createCipher('AES-CBC', key);
+            cipher.mode.pad = false;
             cipher.start({iv: iv});
             cipher.update(UTIL.createBuffer(input));
-            cipher.finish(function(){return true;});
+            cipher.finish();
             ASSERT.equal(cipher.output.toHex(), outputs[i]);
           });
           it('should aes-256-cbc decrypt: ' + outputs[i], function() {
             // decrypt w/no padding
             var cipher = CIPHER.createDecipher('AES-CBC', key);
+            cipher.mode.unpad = false;
             cipher.start({iv: iv});
             cipher.update(UTIL.createBuffer(output));
-            cipher.finish(function(){return true;});
+            cipher.finish();
             var out = cipher.output.toHex();
             ASSERT.equal(out, inputs[i]);
           });

package/nodejs/ui/test.js CHANGED Viewed

@@ -1,7 +1,7 @@
 var ASSERT = chai.assert;
 mocha.setup({
     ui: 'bdd',
-    timeout: 20000
+    timeout: 30000
 });
 requirejs.config({
     paths: {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "node-forge",
-  "version": "0.6.29",
+  "version": "0.6.33",
   "description": "JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.",
   "homepage": "http://github.com/digitalbazaar/forge",
   "author": {