node-forge 0.7.5 → 0.8.2

package/flash/package.json

@@ -0,0 +1,28 @@
+{
+  "name": "node-forge-flash",
+  "version": "0.0.0",
+  "private": true,
+  "description": "Flash build support for Forge.",
+  "homepage": "https://github.com/digitalbazaar/forge",
+  "author": {
+    "name": "Digital Bazaar, Inc.",
+    "email": "support@digitalbazaar.com",
+    "url": "http://digitalbazaar.com/"
+  },
+  "devDependencies": {
+    "flex-sdk": ""
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/digitalbazaar/forge"
+  },
+  "bugs": {
+    "url": "https://github.com/digitalbazaar/forge/issues",
+    "email": "support@digitalbazaar.com"
+  },
+  "license": "(BSD-3-Clause OR GPL-2.0)",
+  "scripts": {
+    "build": "mxmlc -debug=false -define=CONFIG::debugging,false -define=CONFIG::release,true -compiler.source-path=. -static-link-runtime-shared-libraries -output=swf/SocketPool.swf SocketPool.as",
+    "build-debug": "mxmlc -debug=true -define=CONFIG::debugging,true -define=CONFIG::release,false -compiler.source-path=. -static-link-runtime-shared-libraries -output=swf/SocketPool.swf SocketPool.as"
+  }
+}

package/lib/aesCipherSuites.js

@@ -16,7 +16,7 @@ var tls = module.exports = forge.tls;
  * Supported cipher suites.
  */
 tls.CipherSuites['TLS_RSA_WITH_AES_128_CBC_SHA'] = {
-  id: [0x00,0x2f],
+  id: [0x00, 0x2f],
   name: 'TLS_RSA_WITH_AES_128_CBC_SHA',
   initSecurityParameters: function(sp) {
     sp.bulk_cipher_algorithm = tls.BulkCipherAlgorithm.aes;
@@ -32,7 +32,7 @@ tls.CipherSuites['TLS_RSA_WITH_AES_128_CBC_SHA'] = {
   initConnectionState: initConnectionState
 };
 tls.CipherSuites['TLS_RSA_WITH_AES_256_CBC_SHA'] = {
-  id: [0x00,0x35],
+  id: [0x00, 0x35],
   name: 'TLS_RSA_WITH_AES_256_CBC_SHA',
   initSecurityParameters: function(sp) {
     sp.bulk_cipher_algorithm = tls.BulkCipherAlgorithm.aes;
@@ -199,10 +199,8 @@ function decrypt_aes_cbc_sha1_padding(blockSize, output, decrypt) {
  *
  * @return true on success, false on failure.
  */
-var count = 0;
 function decrypt_aes_cbc_sha1(record, s) {
   var rval = false;
-  ++count;
 
   var iv;
   if(record.version.minor === tls.Versions.TLS_1_0.minor) {

package/lib/cipherModes.js

@@ -652,7 +652,7 @@ modes.gcm.prototype.encrypt = function(input, output, finish) {
       this._partialOutput.putInt32(input.getInt32() ^ this._outBlock[i]);
     }
 
-    if(partialBytes === 0 || finish) {
+    if(partialBytes <= 0 || finish) {
       // handle overflow prior to hashing
       if(finish) {
         // get block overflow

package/lib/des.js

@@ -7,7 +7,8 @@
  * Paul Tero, July 2001
  * http://www.tero.co.uk/des/
  *
- * Optimised for performance with large blocks by Michael Hayworth, November 2001
+ * Optimised for performance with large blocks by
+ * Michael Hayworth, November 2001
  * http://www.netdealing.com
  *
  * THIS SOFTWARE IS PROVIDED "AS IS" AND

package/lib/kem.js

@@ -53,14 +53,14 @@ forge.kem.rsa.create = function(kdf, options) {
    *   key: the secret key to use for encrypting a message.
    */
   kem.encrypt = function(publicKey, keyLength) {
-    // generate a random r where 1 > r > n
+    // generate a random r where 1 < r < n
     var byteLength = Math.ceil(publicKey.n.bitLength() / 8);
     var r;
     do {
       r = new BigInteger(
         forge.util.bytesToHex(prng.getBytesSync(byteLength)),
         16).mod(publicKey.n);
-    } while(r.equals(BigInteger.ZERO));
+    } while(r.compareTo(BigInteger.ONE) <= 0);
 
     // prepend r with zeros
     r = forge.util.hexToBytes(r.toString(16));

package/lib/oids.js

@@ -108,9 +108,11 @@ _IN('2.5.4.7', 'localityName');
 _IN('2.5.4.8', 'stateOrProvinceName');
 _IN('2.5.4.10', 'organizationName');
 _IN('2.5.4.11', 'organizationalUnitName');
+_IN('2.5.4.13', 'description');
 
 // X.509 extension OIDs
 _IN('2.16.840.1.113730.1.1', 'nsCertType');
+_IN('2.16.840.1.113730.1.13', 'nsComment'); // deprecated in theory; still widely used
 _I_('2.5.29.1', 'authorityKeyIdentifier'); // deprecated, use .35
 _I_('2.5.29.2', 'keyAttributes'); // obsolete use .37 or .15
 _I_('2.5.29.3', 'certificatePolicies'); // deprecated, use .32

package/lib/pkcs1.js

@@ -119,7 +119,7 @@ pkcs1.encode_rsa_oaep = function(key, message, options) {
 
   var PS = '';
   var PS_length = maxLength - message.length;
-  for (var i = 0; i < PS_length; i++) {
+  for(var i = 0; i < PS_length; i++) {
     PS += '\x00';
   }
 

package/lib/pkcs7.js

@@ -328,8 +328,11 @@ p7.createSignedData = function() {
 
     /**
      * Signs the content.
+     * @param options Options to apply when signing:
+     *    [detached] boolean. If signing should be done in detached mode. Defaults to false.
      */
-    sign: function() {
+    sign: function(options) {
+      options = options || {};
       // auto-generate content info
       if(typeof msg.content !== 'object' || msg.contentInfo === null) {
         // use Data ContentInfo
@@ -349,12 +352,16 @@ p7.createSignedData = function() {
             content = forge.util.encodeUtf8(msg.content);
           }
 
-          msg.contentInfo.value.push(
-            // [0] EXPLICIT content
-            asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
-              asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
-                content)
-            ]));
+          if (options.detached) {
+            msg.detachedContent = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, content);
+          } else {
+            msg.contentInfo.value.push(
+              // [0] EXPLICIT content
+              asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
+                asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
+                  content)
+              ]));
+          }
         }
       }
 
@@ -437,10 +444,22 @@ p7.createSignedData = function() {
   }
 
   function addSignerInfos(mds) {
-    // Note: ContentInfo is a SEQUENCE with 2 values, second value is
-    // the content field and is optional for a ContentInfo but required here
-    // since signers are present
-    if(msg.contentInfo.value.length < 2) {
+    var content;
+
+    if (msg.detachedContent) {
+      // Signature has been made in detached mode.
+      content = msg.detachedContent;
+    } else {
+      // Note: ContentInfo is a SEQUENCE with 2 values, second value is
+      // the content field and is optional for a ContentInfo but required here
+      // since signers are present
+      // get ContentInfo content
+      content = msg.contentInfo.value[1];
+      // skip [0] EXPLICIT content wrapper
+      content = content.value[0];
+    }
+
+    if(!content) {
       throw new Error(
         'Could not sign PKCS#7 message; there is no content to sign.');
     }
@@ -448,11 +467,6 @@ p7.createSignedData = function() {
     // get ContentInfo content type
     var contentType = asn1.derToOid(msg.contentInfo.value[0].value);
 
-    // get ContentInfo content
-    var content = msg.contentInfo.value[1];
-    // skip [0] EXPLICIT content wrapper
-    content = content.value[0];
-
     // serialize content
     var bytes = asn1.toDer(content);
 

package/lib/prng.js

@@ -267,13 +267,12 @@ prng.create = function(plugin) {
   function defaultSeedFile(needed) {
     // use window.crypto.getRandomValues strong source of entropy if available
     var getRandomValues = null;
-    if(typeof window !== 'undefined') {
-      var _crypto = window.crypto || window.msCrypto;
-      if(_crypto && _crypto.getRandomValues) {
-        getRandomValues = function(arr) {
-          return _crypto.getRandomValues(arr);
-        };
-      }
+    var globalScope = forge.util.globalScope;
+    var _crypto = globalScope.crypto || globalScope.msCrypto;
+    if(_crypto && _crypto.getRandomValues) {
+      getRandomValues = function(arr) {
+        return _crypto.getRandomValues(arr);
+      };
     }
 
     var b = forge.util.createBuffer();

package/lib/random.js

@@ -115,14 +115,14 @@ var _ctx = spawnPrng();
 // add other sources of entropy only if window.crypto.getRandomValues is not
 // available -- otherwise this source will be automatically used by the prng
 var getRandomValues = null;
-if(typeof window !== 'undefined') {
-  var _crypto = window.crypto || window.msCrypto;
-  if(_crypto && _crypto.getRandomValues) {
-    getRandomValues = function(arr) {
-      return _crypto.getRandomValues(arr);
-    };
-  }
+var globalScope = forge.util.globalScope;
+var _crypto = globalScope.crypto || globalScope.msCrypto;
+if(_crypto && _crypto.getRandomValues) {
+  getRandomValues = function(arr) {
+    return _crypto.getRandomValues(arr);
+  };
 }
+
 if(forge.options.usePureJavaScript ||
   (!forge.util.isNodejs && !getRandomValues)) {
   // if this is a web worker, do not use weak entropy, instead register to

package/lib/rsa.js

@@ -74,9 +74,14 @@ if(typeof BigInteger === 'undefined') {
   var BigInteger = forge.jsbn.BigInteger;
 }
 
+var _crypto = forge.util.isNodejs ? require('crypto') : null;
+
 // shortcut for asn.1 API
 var asn1 = forge.asn1;
 
+// shortcut for util API
+var util = forge.util;
+
 /*
  * RSA encryption and decryption, see RFC 2313.
  */
@@ -682,7 +687,7 @@ pki.rsa.stepKeyPairGenerationState = function(state, n) {
   var THIRTY = new BigInteger(null);
   THIRTY.fromInt(30);
   var deltaIdx = 0;
-  var op_or = function(x, y) { return x|y; };
+  var op_or = function(x, y) {return x | y;};
 
   // keep stepping until time limit is reached or done
   var t1 = +new Date();
@@ -731,7 +736,7 @@ pki.rsa.stepKeyPairGenerationState = function(state, n) {
         // ensure number is coprime with e
         state.pqState =
           (state.num.subtract(BigInteger.ONE).gcd(state.e)
-          .compareTo(BigInteger.ONE) === 0) ? 3 : 0;
+            .compareTo(BigInteger.ONE) === 0) ? 3 : 0;
       } else if(state.pqState === 3) {
         // store p or q
         state.pqState = 0;
@@ -820,7 +825,7 @@ pki.rsa.stepKeyPairGenerationState = function(state, n) {
  * @param [bits] the size for the private key in bits, defaults to 2048.
  * @param [e] the public exponent to use, defaults to 65537.
  * @param [options] options for key-pair generation, if given then 'bits'
- *          and 'e' must *not* be given:
+ *            and 'e' must *not* be given:
  *          bits the size for the private key in bits, (default: 2048).
  *          e the public exponent to use, (default: 65537 (0x10001)).
  *          workerScript the worker script URL.
@@ -830,7 +835,7 @@ pki.rsa.stepKeyPairGenerationState = function(state, n) {
  *            numbers for each web worker to check per work assignment,
  *            (default: 100).
  *          prng a custom crypto-secure pseudo-random number generator to use,
- *            that must define "getBytesSync".
+ *            that must define "getBytesSync". Disables use of native APIs.
  *          algorithm the algorithm to use (default: 'PRIMEINC').
  * @param [callback(err, keypair)] called once the operation completes.
  *
@@ -883,63 +888,109 @@ pki.rsa.generateKeyPair = function(bits, e, options, callback) {
     e = options.e || 0x10001;
   }
 
-  // if native code is permitted and a callback is given, use native
-  // key generation code if available and if parameters are acceptable
-  if(!forge.options.usePureJavaScript && callback &&
+  // use native code if permitted, available, and parameters are acceptable
+  if(!forge.options.usePureJavaScript && !options.prng &&
     bits >= 256 && bits <= 16384 && (e === 0x10001 || e === 3)) {
-    if(_detectSubtleCrypto('generateKey') && _detectSubtleCrypto('exportKey')) {
-      // use standard native generateKey
-      return window.crypto.subtle.generateKey({
-        name: 'RSASSA-PKCS1-v1_5',
-        modulusLength: bits,
-        publicExponent: _intToUint8Array(e),
-        hash: {name: 'SHA-256'}
-      }, true /* key can be exported*/, ['sign', 'verify'])
-      .then(function(pair) {
-        return window.crypto.subtle.exportKey('pkcs8', pair.privateKey);
-      // avoiding catch(function(err) {...}) to support IE <= 8
-      }).then(undefined, function(err) {
-        callback(err);
-      }).then(function(pkcs8) {
-        if(pkcs8) {
-          var privateKey = pki.privateKeyFromAsn1(
-            asn1.fromDer(forge.util.createBuffer(pkcs8)));
-          callback(null, {
-            privateKey: privateKey,
-            publicKey: pki.setRsaPublicKey(privateKey.n, privateKey.e)
-          });
-        }
-      });
-    }
-    if(_detectSubtleMsCrypto('generateKey') &&
-      _detectSubtleMsCrypto('exportKey')) {
-      var genOp = window.msCrypto.subtle.generateKey({
-        name: 'RSASSA-PKCS1-v1_5',
-        modulusLength: bits,
-        publicExponent: _intToUint8Array(e),
-        hash: {name: 'SHA-256'}
-      }, true /* key can be exported*/, ['sign', 'verify']);
-      genOp.oncomplete = function(e) {
-        var pair = e.target.result;
-        var exportOp = window.msCrypto.subtle.exportKey(
-          'pkcs8', pair.privateKey);
-        exportOp.oncomplete = function(e) {
-          var pkcs8 = e.target.result;
-          var privateKey = pki.privateKeyFromAsn1(
-            asn1.fromDer(forge.util.createBuffer(pkcs8)));
+    if(callback) {
+      // try native async
+      if(_detectNodeCrypto('generateKeyPair')) {
+        return _crypto.generateKeyPair('rsa', {
+          modulusLength: bits,
+          publicExponent: e,
+          publicKeyEncoding: {
+            type: 'spki',
+            format: 'pem'
+          },
+          privateKeyEncoding: {
+            type: 'pkcs8',
+            format: 'pem'
+          }
+        }, function(err, pub, priv) {
+          if(err) {
+            return callback(err);
+          }
           callback(null, {
-            privateKey: privateKey,
-            publicKey: pki.setRsaPublicKey(privateKey.n, privateKey.e)
+            privateKey: pki.privateKeyFromPem(priv),
+            publicKey: pki.publicKeyFromPem(pub)
           });
+        });
+      }
+      if(_detectSubtleCrypto('generateKey') &&
+        _detectSubtleCrypto('exportKey')) {
+        // use standard native generateKey
+        return util.globalScope.crypto.subtle.generateKey({
+          name: 'RSASSA-PKCS1-v1_5',
+          modulusLength: bits,
+          publicExponent: _intToUint8Array(e),
+          hash: {name: 'SHA-256'}
+        }, true /* key can be exported*/, ['sign', 'verify'])
+        .then(function(pair) {
+          return util.globalScope.crypto.subtle.exportKey(
+            'pkcs8', pair.privateKey);
+        // avoiding catch(function(err) {...}) to support IE <= 8
+        }).then(undefined, function(err) {
+          callback(err);
+        }).then(function(pkcs8) {
+          if(pkcs8) {
+            var privateKey = pki.privateKeyFromAsn1(
+              asn1.fromDer(forge.util.createBuffer(pkcs8)));
+            callback(null, {
+              privateKey: privateKey,
+              publicKey: pki.setRsaPublicKey(privateKey.n, privateKey.e)
+            });
+          }
+        });
+      }
+      if(_detectSubtleMsCrypto('generateKey') &&
+        _detectSubtleMsCrypto('exportKey')) {
+        var genOp = util.globalScope.msCrypto.subtle.generateKey({
+          name: 'RSASSA-PKCS1-v1_5',
+          modulusLength: bits,
+          publicExponent: _intToUint8Array(e),
+          hash: {name: 'SHA-256'}
+        }, true /* key can be exported*/, ['sign', 'verify']);
+        genOp.oncomplete = function(e) {
+          var pair = e.target.result;
+          var exportOp = util.globalScope.msCrypto.subtle.exportKey(
+            'pkcs8', pair.privateKey);
+          exportOp.oncomplete = function(e) {
+            var pkcs8 = e.target.result;
+            var privateKey = pki.privateKeyFromAsn1(
+              asn1.fromDer(forge.util.createBuffer(pkcs8)));
+            callback(null, {
+              privateKey: privateKey,
+              publicKey: pki.setRsaPublicKey(privateKey.n, privateKey.e)
+            });
+          };
+          exportOp.onerror = function(err) {
+            callback(err);
+          };
         };
-        exportOp.onerror = function(err) {
+        genOp.onerror = function(err) {
           callback(err);
         };
-      };
-      genOp.onerror = function(err) {
-        callback(err);
-      };
-      return;
+        return;
+      }
+    } else {
+      // try native sync
+      if(_detectNodeCrypto('generateKeyPairSync')) {
+        var keypair = _crypto.generateKeyPairSync('rsa', {
+          modulusLength: bits,
+          publicExponent: e,
+          publicKeyEncoding: {
+            type: 'spki',
+            format: 'pem'
+          },
+          privateKeyEncoding: {
+            type: 'pkcs8',
+            format: 'pem'
+          }
+        });
+        return {
+          privateKey: pki.privateKeyFromPem(keypair.privateKey),
+          publicKey: pki.publicKeyFromPem(keypair.publicKey)
+        };
+      }
     }
   }
 
@@ -1003,7 +1054,7 @@ pki.setRsaPublicKey = pki.rsa.setPublicKey = function(n, e) {
         }
       };
     } else if(['RAW', 'NONE', 'NULL', null].indexOf(scheme) !== -1) {
-      scheme = { encode: function(e) { return e; } };
+      scheme = {encode: function(e) {return e;}};
     } else if(typeof scheme === 'string') {
       throw new Error('Unsupported encryption scheme: "' + scheme + '".');
     }
@@ -1044,37 +1095,37 @@ pki.setRsaPublicKey = pki.rsa.setPublicKey = function(n, e) {
    *
    * @return true if the signature was verified, false if not.
    */
-   key.verify = function(digest, signature, scheme) {
-     if(typeof scheme === 'string') {
-       scheme = scheme.toUpperCase();
-     } else if(scheme === undefined) {
-       scheme = 'RSASSA-PKCS1-V1_5';
-     }
-
-     if(scheme === 'RSASSA-PKCS1-V1_5') {
-       scheme = {
-         verify: function(digest, d) {
-           // remove padding
-           d = _decodePkcs1_v1_5(d, key, true);
-           // d is ASN.1 BER-encoded DigestInfo
-           var obj = asn1.fromDer(d);
-           // compare the given digest to the decrypted one
-           return digest === obj.value[1].value;
-         }
-       };
-     } else if(scheme === 'NONE' || scheme === 'NULL' || scheme === null) {
-       scheme = {
-         verify: function(digest, d) {
-           // remove padding
-           d = _decodePkcs1_v1_5(d, key, true);
-           return digest === d;
-         }
-       };
-     }
-
-     // do rsa decryption w/o any decoding, then verify -- which does decoding
-     var d = pki.rsa.decrypt(signature, key, true, false);
-     return scheme.verify(digest, d, key.n.bitLength());
+  key.verify = function(digest, signature, scheme) {
+    if(typeof scheme === 'string') {
+      scheme = scheme.toUpperCase();
+    } else if(scheme === undefined) {
+      scheme = 'RSASSA-PKCS1-V1_5';
+    }
+
+    if(scheme === 'RSASSA-PKCS1-V1_5') {
+      scheme = {
+        verify: function(digest, d) {
+          // remove padding
+          d = _decodePkcs1_v1_5(d, key, true);
+          // d is ASN.1 BER-encoded DigestInfo
+          var obj = asn1.fromDer(d);
+          // compare the given digest to the decrypted one
+          return digest === obj.value[1].value;
+        }
+      };
+    } else if(scheme === 'NONE' || scheme === 'NULL' || scheme === null) {
+      scheme = {
+        verify: function(digest, d) {
+          // remove padding
+          d = _decodePkcs1_v1_5(d, key, true);
+          return digest === d;
+        }
+      };
+    }
+
+    // do rsa decryption w/o any decoding, then verify -- which does decoding
+    var d = pki.rsa.decrypt(signature, key, true, false);
+    return scheme.verify(digest, d, key.n.bitLength());
   };
 
   return key;
@@ -1132,7 +1183,7 @@ pki.setRsaPrivateKey = pki.rsa.setPrivateKey = function(
     var d = pki.rsa.decrypt(data, key, false, false);
 
     if(scheme === 'RSAES-PKCS1-V1_5') {
-      scheme = { decode: _decodePkcs1_v1_5 };
+      scheme = {decode: _decodePkcs1_v1_5};
     } else if(scheme === 'RSA-OAEP' || scheme === 'RSAES-OAEP') {
       scheme = {
         decode: function(d, key) {
@@ -1140,7 +1191,7 @@ pki.setRsaPrivateKey = pki.rsa.setPrivateKey = function(
         }
       };
     } else if(['RAW', 'NONE', 'NULL', null].indexOf(scheme) !== -1) {
-      scheme = { decode: function(d) { return d; } };
+      scheme = {decode: function(d) {return d;}};
     } else {
       throw new Error('Unsupported encryption scheme: "' + scheme + '".');
     }
@@ -1182,10 +1233,10 @@ pki.setRsaPrivateKey = pki.rsa.setPrivateKey = function(
     }
 
     if(scheme === undefined || scheme === 'RSASSA-PKCS1-V1_5') {
-      scheme = { encode: emsaPkcs1v15encode };
+      scheme = {encode: emsaPkcs1v15encode};
       bt = 0x01;
     } else if(scheme === 'NONE' || scheme === 'NULL' || scheme === null) {
-      scheme = { encode: function() { return md; } };
+      scheme = {encode: function() {return md;}};
       bt = 0x01;
     }
 
@@ -1220,7 +1271,7 @@ pki.wrapRsaPrivateKey = function(rsaKey) {
     // PrivateKey
     asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
       asn1.toDer(rsaKey).getBytes())
-    ]);
+  ]);
 };
 
 /**
@@ -1727,6 +1778,17 @@ function _getMillerRabinTests(bits) {
   return 2;
 }
 
+/**
+ * Performs feature detection on the Node crypto interface.
+ *
+ * @param fn the feature (function) to detect.
+ *
+ * @return true if detected, false if not.
+ */
+function _detectNodeCrypto(fn) {
+  return forge.util.isNodejs && typeof _crypto[fn] === 'function';
+}
+
 /**
  * Performs feature detection on the SubtleCrypto interface.
  *
@@ -1735,10 +1797,10 @@ function _getMillerRabinTests(bits) {
  * @return true if detected, false if not.
  */
 function _detectSubtleCrypto(fn) {
-  return (typeof window !== 'undefined' &&
-    typeof window.crypto === 'object' &&
-    typeof window.crypto.subtle === 'object' &&
-    typeof window.crypto.subtle[fn] === 'function');
+  return (typeof util.globalScope !== 'undefined' &&
+    typeof util.globalScope.crypto === 'object' &&
+    typeof util.globalScope.crypto.subtle === 'object' &&
+    typeof util.globalScope.crypto.subtle[fn] === 'function');
 }
 
 /**
@@ -1751,10 +1813,10 @@ function _detectSubtleCrypto(fn) {
  * @return true if detected, false if not.
  */
 function _detectSubtleMsCrypto(fn) {
-  return (typeof window !== 'undefined' &&
-    typeof window.msCrypto === 'object' &&
-    typeof window.msCrypto.subtle === 'object' &&
-    typeof window.msCrypto.subtle[fn] === 'function');
+  return (typeof util.globalScope !== 'undefined' &&
+    typeof util.globalScope.msCrypto === 'object' &&
+    typeof util.globalScope.msCrypto.subtle === 'object' &&
+    typeof util.globalScope.msCrypto.subtle[fn] === 'function');
 }
 
 function _intToUint8Array(x) {

package/lib/sha1.js

@@ -113,12 +113,12 @@ sha1.create = function() {
     return md;
   };
 
-   /**
-    * Produces the digest.
-    *
-    * @return a byte buffer containing the digest value.
-    */
-   md.digest = function() {
+  /**
+   * Produces the digest.
+   *
+   * @return a byte buffer containing the digest value.
+   */
+  md.digest = function() {
     /* Note: Here we copy the remaining bytes in the input buffer and
     add the appropriate SHA-1 padding. Then we do the final update
     on a copy of the state so that if the user wants to get

package/lib/sha512.js

@@ -81,7 +81,7 @@ sha512.create = function(algorithm) {
 
   // determine digest length by algorithm name (default)
   var digestLength = 64;
-  switch (algorithm) {
+  switch(algorithm) {
     case 'SHA-384':
       digestLength = 48;
       break;