node-forge 0.7.0 → 0.7.4

package/lib/form.js

@@ -17,7 +17,7 @@ var form = module.exports = forge.form = forge.form || {};
 /**
  * Regex for parsing a single name property (handles array brackets).
  */
-var _regex = /(.*?)\[(.*?)\]/g;
+var _regex = /([^\[]*?)\[(.*?)\]/g;
 
 /**
  * Parses a single name property into an array with the name and any

package/lib/index.js

@@ -12,6 +12,7 @@ require('./asn1');
 require('./cipher');
 require('./debug');
 require('./des');
+require('./ed25519');
 require('./hmac');
 require('./kem');
 require('./log');

package/lib/oids.js

@@ -35,6 +35,8 @@ _IN('1.2.840.113549.1.1.11', 'sha256WithRSAEncryption');
 _IN('1.2.840.113549.1.1.12', 'sha384WithRSAEncryption');
 _IN('1.2.840.113549.1.1.13', 'sha512WithRSAEncryption');
 
+_IN('1.2.840.10040.4.3', 'dsa-with-sha1');
+
 _IN('1.3.14.3.2.7', 'desCBC');
 
 _IN('1.3.14.3.2.26', 'sha1');

package/lib/pkcs7.js

@@ -142,9 +142,11 @@ p7.createSignedData = function() {
       msg.contentInfo = null;
       msg.signerInfos = [];
 
-      var certs = msg.rawCapture.certificates.value;
-      for(var i = 0; i < certs.length; ++i) {
-        msg.certificates.push(forge.pki.certificateFromAsn1(certs[i]));
+      if(msg.rawCapture.certificates) {
+        var certs = msg.rawCapture.certificates.value;
+        for(var i = 0; i < certs.length; ++i) {
+          msg.certificates.push(forge.pki.certificateFromAsn1(certs[i]));
+        }
       }
 
       // TODO: parse crls

package/lib/prng.js

@@ -48,7 +48,9 @@ prng.create = function(plugin) {
     // number of reseeds so far
     reseeds: 0,
     // amount of data generated so far
-    generated: 0
+    generated: 0,
+    // no initial key bytes
+    keyBytes: ''
   };
 
   // create 32 entropy pools (each is a message digest)
@@ -85,7 +87,11 @@ prng.create = function(plugin) {
     var formatSeed = ctx.plugin.formatSeed;
     var b = forge.util.createBuffer();
 
-    // reset key for every request
+    // paranoid deviation from Fortuna:
+    // reset key for every request to protect previously
+    // generated random bytes should the key be discovered;
+    // there is no 100ms based reseeding because of this
+    // forced reseed for every `generate` call
     ctx.key = null;
 
     generate();
@@ -139,7 +145,11 @@ prng.create = function(plugin) {
     var formatKey = ctx.plugin.formatKey;
     var formatSeed = ctx.plugin.formatSeed;
 
-    // reset key for every request
+    // paranoid deviation from Fortuna:
+    // reset key for every request to protect previously
+    // generated random bytes should the key be discovered;
+    // there is no 100ms based reseeding because of this
+    // forced reseed for every `generateSync` call
     ctx.key = null;
 
     var b = forge.util.createBuffer();
@@ -205,35 +215,44 @@ prng.create = function(plugin) {
    * Private function that seeds a generator once enough bytes are available.
    */
   function _seed() {
+    // update reseed count
+    ctx.reseeds = (ctx.reseeds === 0xffffffff) ? 0 : ctx.reseeds + 1;
+
+    // goal is to update `key` via:
+    // key = hash(key + s)
+    //   where 's' is all collected entropy from selected pools, then...
+
     // create a plugin-based message digest
     var md = ctx.plugin.md.create();
 
-    // digest pool 0's entropy and restart it
-    md.update(ctx.pools[0].digest().getBytes());
-    ctx.pools[0].start();
-
-    // digest the entropy of other pools whose index k meet the
-    // condition '2^k mod n == 0' where n is the number of reseeds
-    var k = 1;
-    for(var i = 1; i < 32; ++i) {
-      // prevent signed numbers from being used
-      k = (k === 31) ? 0x80000000 : (k << 2);
-      if(k % ctx.reseeds === 0) {
-        md.update(ctx.pools[i].digest().getBytes());
-        ctx.pools[i].start();
+    // consume current key bytes
+    md.update(ctx.keyBytes);
+
+    // digest the entropy of pools whose index k meet the
+    // condition 'n mod 2^k == 0' where n is the number of reseeds
+    var _2powK = 1;
+    for(var k = 0; k < 32; ++k) {
+      if(ctx.reseeds % _2powK === 0) {
+        md.update(ctx.pools[k].digest().getBytes());
+        ctx.pools[k].start();
       }
+      _2powK = _2powK << 1;
     }
 
-    // get digest for key bytes and iterate again for seed bytes
-    var keyBytes = md.digest().getBytes();
+    // get digest for key bytes
+    ctx.keyBytes = md.digest().getBytes();
+
+    // paranoid deviation from Fortuna:
+    // update `seed` via `seed = hash(key)`
+    // instead of initializing to zero once and only
+    // ever incrementing it
     md.start();
-    md.update(keyBytes);
+    md.update(ctx.keyBytes);
     var seedBytes = md.digest().getBytes();
 
-    // update
-    ctx.key = ctx.plugin.formatKey(keyBytes);
+    // update state
+    ctx.key = ctx.plugin.formatKey(ctx.keyBytes);
     ctx.seed = ctx.plugin.formatSeed(seedBytes);
-    ctx.reseeds = (ctx.reseeds === 0xffffffff) ? 0 : ctx.reseeds + 1;
     ctx.generated = 0;
   }
 

package/lib/sha512.js

@@ -79,12 +79,26 @@ sha512.create = function(algorithm) {
     _w[wi] = new Array(2);
   }
 
+  // determine digest length by algorithm name (default)
+  var digestLength = 64;
+  switch (algorithm) {
+    case 'SHA-384':
+      digestLength = 48;
+      break;
+    case 'SHA-512/256':
+      digestLength = 32;
+      break;
+    case 'SHA-512/224':
+      digestLength = 28;
+      break;
+  }
+
   // message digest object
   var md = {
     // SHA-512 => sha512
     algorithm: algorithm.replace('-', '').toLowerCase(),
     blockLength: 128,
-    digestLength: 64,
+    digestLength: digestLength,
     // 56-bit length of message so far (does not including padding)
     messageLength: 0,
     // true message length

package/lib/util.js

@@ -3,9 +3,10 @@
  *
  * @author Dave Longley
  *
- * Copyright (c) 2010-2014 Digital Bazaar, Inc.
+ * Copyright (c) 2010-2018 Digital Bazaar, Inc.
  */
 var forge = require('./forge');
+var baseN = require('./baseN');
 
 /* Utilities API */
 var util = module.exports = forge.util = forge.util || {};
@@ -159,14 +160,18 @@ function ByteStringBuffer(b) {
   if(typeof b === 'string') {
     this.data = b;
   } else if(util.isArrayBuffer(b) || util.isArrayBufferView(b)) {
-    // convert native buffer to forge buffer
-    // FIXME: support native buffers internally instead
-    var arr = new Uint8Array(b);
-    try {
-      this.data = String.fromCharCode.apply(null, arr);
-    } catch(e) {
-      for(var i = 0; i < arr.length; ++i) {
-        this.putByte(arr[i]);
+    if(typeof Buffer !== 'undefined' && b instanceof Buffer) {
+      this.data = b.toString('binary');
+    } else {
+      // convert native buffer to forge buffer
+      // FIXME: support native buffers internally instead
+      var arr = new Uint8Array(b);
+      try {
+        this.data = String.fromCharCode.apply(null, arr);
+      } catch(e) {
+        for(var i = 0; i < arr.length; ++i) {
+          this.putByte(arr[i]);
+        }
       }
     }
   } else if(b instanceof ByteStringBuffer ||
@@ -1541,6 +1546,9 @@ var _base64Idx = [
    39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51
 ];
 
+// base58 characters (Bitcoin alphabet)
+var _base58 = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
+
 /**
  * Base64 encodes a 'binary' encoded string of bytes.
  *
@@ -1646,7 +1654,12 @@ util.decodeUtf8 = function(str) {
 util.binary = {
   raw: {},
   hex: {},
-  base64: {}
+  base64: {},
+  base58: {},
+  baseN : {
+    encode: baseN.encode,
+    decode: baseN.decode
+  }
 };
 
 /**
@@ -1803,9 +1816,15 @@ util.binary.base64.decode = function(input, output, offset) {
   }
 
   // make sure result is the exact decoded length
-  return output ?
-         (j - offset) :
-         out.subarray(0, j);
+  return output ? (j - offset) : out.subarray(0, j);
+};
+
+// add support for base58 encoding/decoding with Bitcoin alphabet
+util.binary.base58.encode = function(input, maxline) {
+  return util.binary.baseN.encode(input, _base58, maxline);
+};
+util.binary.base58.decode = function(input, maxline) {
+  return util.binary.baseN.decode(input, _base58, maxline);
 };
 
 // text encoding/decoding tools

package/lib/x509.js

@@ -1085,6 +1085,9 @@ pki.createCertificate = function() {
         case 'sha256WithRSAEncryption':
           md = forge.md.sha256.create();
           break;
+        case 'sha384WithRSAEncryption':
+          md = forge.md.sha384.create();
+          break;
         case 'sha512WithRSAEncryption':
           md = forge.md.sha512.create();
           break;
@@ -1340,6 +1343,9 @@ pki.certificateFromAsn1 = function(obj, computeHash) {
       case 'sha256WithRSAEncryption':
         cert.md = forge.md.sha256.create();
         break;
+      case 'sha384WithRSAEncryption':
+        cert.md = forge.md.sha384.create();
+        break;
       case 'sha512WithRSAEncryption':
         cert.md = forge.md.sha512.create();
         break;
@@ -1681,6 +1687,9 @@ pki.certificationRequestFromAsn1 = function(obj, computeHash) {
       case 'sha256WithRSAEncryption':
         csr.md = forge.md.sha256.create();
         break;
+      case 'sha384WithRSAEncryption':
+        csr.md = forge.md.sha384.create();
+        break;
       case 'sha512WithRSAEncryption':
         csr.md = forge.md.sha512.create();
         break;
@@ -1848,6 +1857,9 @@ pki.createCertificationRequest = function() {
         case 'sha256WithRSAEncryption':
           md = forge.md.sha256.create();
           break;
+        case 'sha384WithRSAEncryption':
+          md = forge.md.sha384.create();
+          break;
         case 'sha512WithRSAEncryption':
           md = forge.md.sha512.create();
           break;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "node-forge",
-  "version": "0.7.0",
+  "version": "0.7.4",
   "description": "JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.",
   "homepage": "https://github.com/digitalbazaar/forge",
   "author": {
@@ -15,31 +15,32 @@
     "Christoph Dorn <christoph@christophdorn.com>"
   ],
   "devDependencies": {
-    "browserify": "^13.1.1",
-    "commander": "^2.9.0",
-    "express": "^4.14.1",
-    "istanbul": "^0.4.5",
+    "browserify": "^16.1.0",
+    "commander": "^2.14.1",
+    "cross-env": "^5.1.3",
+    "express": "^4.16.2",
     "jscs": "^3.0.7",
-    "jshint": "^2.9.4",
-    "karma": "^1.4.1",
-    "karma-browserify": "^5.1.1",
-    "karma-chrome-launcher": "^2.0.0",
-    "karma-edge-launcher": "^0.2.0",
-    "karma-firefox-launcher": "^1.0.0",
+    "jshint": "^2.9.5",
+    "karma": "^2.0.0",
+    "karma-browserify": "^5.2.0",
+    "karma-chrome-launcher": "^2.2.0",
+    "karma-edge-launcher": "^0.4.2",
+    "karma-firefox-launcher": "^1.1.0",
     "karma-ie-launcher": "^1.0.0",
     "karma-mocha": "^1.3.0",
-    "karma-mocha-reporter": "^2.2.2",
+    "karma-mocha-reporter": "^2.2.5",
     "karma-phantomjs-launcher": "^1.0.2",
     "karma-safari-launcher": "^1.0.0",
-    "karma-sauce-launcher": "^1.1.0",
+    "karma-sauce-launcher": "^1.2.0",
     "karma-sourcemap-loader": "^0.3.7",
     "karma-tap-reporter": "0.0.6",
-    "karma-webpack": "^2.0.2",
-    "mocha": "^3.2.0",
+    "karma-webpack": "^2.0.13",
+    "mocha": "^5.0.1",
     "mocha-lcov-reporter": "^1.2.0",
     "nodejs-websocket": "^1.7.1",
+    "nyc": "^11.5.0",
     "opts": "^1.2.2",
-    "webpack": "^2.2.0"
+    "webpack": "^3.11.0"
   },
   "repository": {
     "type": "git",
@@ -93,20 +94,24 @@
     "prepublish": "npm run build",
     "build": "webpack",
     "test-build": "webpack --config webpack-tests.config.js",
-    "test": "mocha -t 30000 -R spec tests/unit/index.js",
+    "test": "cross-env NODE_ENV=test mocha -t 30000 -R ${REPORTER:-spec} tests/unit/index.js",
     "test-karma": "karma start",
     "test-karma-sauce": "karma start karma-sauce.conf",
     "test-server": "node tests/server.js",
     "test-server-ws": "node tests/websockets/server-ws.js",
     "test-server-webid": "node tests/websockets/server-webid.js",
-    "coverage": "rm -rf coverage && ./node_modules/.bin/istanbul cover ./node_modules/.bin/_mocha -- -u exports -t 30000 -R spec tests/unit/index.js",
-    "coverage-lcov": "rm -rf coverage && ./node_modules/.bin/istanbul cover ./node_modules/.bin/_mocha --report lcovonly -- -u exports -t 30000 -R spec tests/unit/index.js",
-    "coverage-report": "./node_modules/.bin/istanbul report",
+    "coverage": "rm -rf coverage && nyc --reporter=lcov --reporter=text-summary npm test",
+    "coverage-report": "nyc report",
     "jscs": "jscs *.js lib/*.js tests/*.js tests/unit/*.js tests/legacy/*.js tests/issues/*.js tests/websockets/*.js",
     "jshint": "jshint *.js lib/*.js tests/unit/*.js tests/legacy/*.js tests/issues/*.js tests/websockets/*.js",
     "_jscs": "jscs *.js lib/*.js tests/*.js tests/unit/*.js tests/legacy/*.js tests/issues/*.js tests/websockets/*.js",
     "_jshint": "jshint *.js lib/*.js tests/*.js tests/unit/*.js tests/legacy/*.js tests/issues/*.js tests/websockets/*.js"
   },
+  "nyc": {
+    "exclude": [
+      "tests"
+    ]
+  },
   "jspm": {
     "format": "amd"
   },

package/flash/package.json

@@ -1,28 +0,0 @@
-{
-  "name": "node-forge-flash",
-  "version": "0.0.0",
-  "private": true,
-  "description": "Flash build support for Forge.",
-  "homepage": "https://github.com/digitalbazaar/forge",
-  "author": {
-    "name": "Digital Bazaar, Inc.",
-    "email": "support@digitalbazaar.com",
-    "url": "http://digitalbazaar.com/"
-  },
-  "devDependencies": {
-    "flex-sdk": ""
-  },
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/digitalbazaar/forge"
-  },
-  "bugs": {
-    "url": "https://github.com/digitalbazaar/forge/issues",
-    "email": "support@digitalbazaar.com"
-  },
-  "license": "(BSD-3-Clause OR GPL-2.0)",
-  "scripts": {
-    "build": "mxmlc -debug=false -define=CONFIG::debugging,false -define=CONFIG::release,true -compiler.source-path=. -static-link-runtime-shared-libraries -output=swf/SocketPool.swf SocketPool.as",
-    "build-debug": "mxmlc -debug=true -define=CONFIG::debugging,true -define=CONFIG::release,false -compiler.source-path=. -static-link-runtime-shared-libraries -output=swf/SocketPool.swf SocketPool.as"
-  }
-}