marspalepurple / crypto-js Goto Github PK

The CryptoJS files should include a license header, or there should be a 
LICENSE file in the source tree. Right now, one can find the license only by 
visiting the google code page, which might be problematic from a legal 
standpoint.

Problem: Browsers will stop and display a warning when crypto operations takes 
too long to run (like PBKDF2 with large iteration). Means of detection browsers 
use varies, some measure actual time, others measuring # of statements.

Suggested solution: divide up crypto operations into smaller units and run each 
unit through a callback argument. With browsers, callback can be implemented 
using setTimeout or Web worker API. With Node.js, callback can call 
process.nextTick.

What steps will reproduce the problem?
1. in an HTML file, include scripts/crypto-md5/crypto-md5.js (from the 
latest downloadable zip file)
2. also include scripts/crypto-sha1/crypto-sha1.js
3. the Crypto.MD5 function will not be available (you get an error if you 
try to use it)
4. remove scripts/crypto-sha1/crypto-sha1.js
5. the Crypto.MD5 function is now available

What is the expected output? What do you see instead?
I expect to be able to use both the Crypto.MD5 and Crypto.SHA1 (and 
Crypto.SHA256)  in the same page.

What version of the product are you using? On what operating system?
crypto-js 2.0.0
OS is Linux (Ubuntu 9.10)
Browser = Firefox 3.5.8

Please provide any additional information below.
It seems crypto-sha1.js overwrites the Crypto object, thus removing the 
Crypto.MD5 function
This is probably true for all the Crypto.* methods

What steps will reproduce the problem?

Use the latest Chrome dev (6.0.495.0)

Call:
Crypto.util.bytesToBase64(Crypto.HMAC(Crypto.SHA1, "GA", "GA", {asBytes: true}))

What is the expected output? What do you see instead?

Expected: bBg1Ebw0ajGh8E47JCjrZ63PdKI=

Instead I see: o4iKvmV1Ahll2gbgpSLys/9e5pY=

What version of the product are you using? On what operating system?

Chrome  (6.0.495.0) on OSX

Please provide any additional information below.

What steps will reproduce the problem?
1.Run Crypto.util.bytesToWords([0,0,-1,0])

What is the expected output? What do you see instead?
Expected output: 0x0000FF00 (65280).
The produced output: 0xFFFFFF00 (-256).

What version of the product are you using? On what operating system?
2.5.2

Please provide any additional information below.

To fix this problem, the following line inside Crypto.util.bytesToWords

words[b>>5] |= bytes[i] << (24-b%32)

can be replaced with

words[b>>5] |= (bytes[i] & 0xFF) << (24-b%32)

1. DES does not work with mode: ECB, CBC or CTR.
2. DES does not work correctly with mode: OFB.

What steps will reproduce the problem?
1.
var crypted = Crypto.DES.encrypt("Message", "Secret Passphrase", { mode: new 
Crypto.mode.CBC }); - not working.
FireBug console: "a._encryptblock is not a function"

2.
var crypted = Crypto.DES.encrypt("Message", "Secret Passphrase");
    crypted = Crypto.util.base64ToBytes(crypted);
    crypted = Crypto.charenc.Binary.bytesToString(crypted);

    // crypted = plaintext = "Message"
    crypted = crypted.substring(8); 

- the same result with PHP function base64decode 

What version of the product are you using? On what operating system?
Chrome, FF+FireBug and 2.5.1

Please provide any additional information below.
btw a better documentation would be nice

What steps will reproduce the problem?
1. Do this: Crypto.SHA256('\xff')

What is the expected output? What do you see instead?
The hash should be (tested in Python):
a8100ae6aa1940d0b663bb31cd466142ebbdbd5187131b92d93818987832eb89
But is:
ea47fa96cf6d727d3068913da9193fef44aec4ee2c5972e9ac50cf7d637a56cf

What version of the product are you using? On what operating system?
I am using Crypto-js version 2.5.2. I tried the fix in issue #16, but it 
doesn't work (same output).

Please provide any additional information below.
The other hash is one using Python: hashlib.sha256('\xff').hexdigest()

What steps will reproduce the problem?
1. Download file 
http://download.aptana.com/studio3/standalone/3.0.6/win/Aptana_Studio_3_Setup_3.
0.6.exe
2. Calculate SHA256 checksum in Firefox

What is the expected output? What do you see instead?
expected:
33511286209c73e490d558cbfdfbba2caac93632fe58217d3d343aa5fb0ee8b4

result:
d1cdbe54d3319330bb1a921042c696dad794e19009c05d08b7b55518f90b4ed8

What version of the product are you using? On what operating system?
Firefox 8 (Windows 7 x64)

How to fix:

SHA256 function:

change line:
a = t1 + t2;

to:
a = (t1 + t2) >>>0;

I needed compatibility with node.js crypto, so I had to hack AES.js to pass IV 
in. At the same time, IV had to be packaged separately and not part of the 
encrypted result.

My modified version of AES.js is attached for your review.

Note that options.iv is assumed to be an array in my version.

Thx.

What steps will reproduce the problem?
1. compute has using Crypto.HMAC(Crypto.SHA1, "Message", "Key", { asBytes: true 
}); in IE
2. Repeat step (1) in Safari
3. Compare array of bytes

What is the expected output? What do you see instead?
Output should be the same, but they're different.

What version of the product are you using? On what operating system?
Windows Vista Home Edition, IE 8, Safari 5

This is a request, not an issue.  Is there a chance that we could have the 
Blake-256 and Blake-512 hashing algoritms added to this library?  Thank you.

We are trying to decrypt existing AES crypto that uses the CBC mode. The 
problem is that the upper layers always make sure that the plain text is of 
correct length, and thus no padding mechanism is needed from the encryption 
library. crypto-js however, assumes in CBC mode that the data has been padded 
in a specific way.

We are trying to write a library that is compatible with a piece of existing 
software, so we cannot change that software to add a crypto-js compatible 
padding. Also the other way around, while encrypting the data, the padding 
added by crypto-js CBC code might break the original application while it tries 
to decrypt items created by crypto-js.

We were able to work around this by making our own copy of the cbc mode and 
commenting out the padding related code. However we are hoping the library 
would gain an option for disabling the padding.

This is a feature request, not an issue.

It would be great if this library also supported RSA signing and validation, 
similar to what was done by Kenji Urushima: 
http://www9.atwiki.jp/kurushima/pub/jsrsa/

What steps will reproduce the problem?
1. run Crypto.SHA256("á") in firebug

What is the expected output?
fb9778719d93551b1c88df5f1ab229f83ea30af112fc51017c9f0a383dcf6cb3

What do you see instead?
eb3e85d7fbf56104c8021681e68d771b9b9205b93e9219c8f81f60af703de381

What version of the product are you using?
2.0.0

On what operating system?
Mac/Chrome 7

Currently it seems that symmetric ciphers like AES can work with CBC mode but 
only using random iv. 

Could you add ability to provide iv along with mode in options to AES?

Implement SHA-512.

Existing implementations under BSD license are at:
http://jssha.sourceforge.net/
http://pajhome.org.uk/crypt/md5/sha512.html

What steps will reproduce the problem?
1.
/*** encrypt */
var ciphertext = Crypto.AES.encrypt("plaintext", "Secret Passphrase", { mode: 
new Crypto.mode.CTR });

2.
/*** decrypt */
var plaintext = Crypto.AES.decrypt("ciphertext", "Secret Passphrase", { mode: 
new Crypto.mode.CTR });

3.
/* outoput error: */
malformed URI sequence 6-a*2);return 
j}};n=n.charenc={};n.UTF...rCode(f[b]));return
j.join("")}}})();    <-    2.4.0-...-aes.js (line 10) 


What is the expected output?
// encrypt
ciphertext = "UCscqUZ5g%2BfhZD6LcLj5JzHjrIfxxYFIGgX%2F%2FCj24Rg%3D";
// decrypt
plaintext = "plaintext";

What do you see instead?
/* outoput error: */
malformed URI sequence 6-a*2);return 
j}};n=n.charenc={};n.UTF...rCode(f[b]));return
j.join("")}}})();    <-    2.4.0-...-aes.js (line 10) 


What version of the product are you using? 
bug fixed in version 2.5.3

On what operating system?
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:10.0.2) Gecko/20100101 
Firefox/10.0.2

Please provide any additional information below.
Documentation :
http://localhost/crypto/secretkey/doc/doc_aes_cryptojs.html

3 Dic 2011, 12:06 - [ Error encrypt / decrypt CTR ] bug fixed in version 2.5.3 
http://groups.google.com/group/crypto-js/browse_thread/thread/6e9685b92c6ca99f?p
li=1

When using the HMAC SHA1 functions, the functions do not return the same
data as provided by the RFC2202 (http://www.faqs.org/rfcs/rfc2202.html).

Since some time, WebKit implements a function called 
window.crypto.getRandomValues() that generates cryptographically secure random 
values using the operating system's entropy pool. This feature is just now in 
the process of being integrated into Gecko, too:

https://bugzilla.mozilla.org/show_bug.cgi?id=440046

The attached patch checks if getRandomValues() and, if available, uses it, 
while falling back to Math.random() otherwise. I tested it on both Chromium 
(which has getRandomValues) and Firefox (which currently doesn't) and it seems 
to work fine, with the right code path being used.

What steps will reproduce the problem?
1. Call method Crypto.util.hexToBytes(helloHex);
2. With a hex number with uneven number of digits e.g. 3, 5, 7 and so on (12F, 
34F52)
3. then the result is not correct since the function reads indata in sets of two

What is the expected output? What do you see instead?
input: 1024 
output: [64,0]
should be: [4,0]

What version of the product are you using? On what operating system?
Chrome and 2.5.1

This could be a solution, it might not be perfect but it works
// Convert a hex string to a byte array
hexToBytes: function (hex) {
  hex=(hex.length%2==0?"":"0")+hex;
  for (var bytes = [], c = 0; c < hex.length; c += 2)
    bytes.push(parseInt(hex.substr(c, 2), 16));
  return bytes;
}

I have an application where I want to incrementally compute hashes of data, eg.

  SHA256(A)
  SHA256(A+B)
  SHA256(A+B+C)
  etc.

I don't want this to be an O(n^2) algorithm, so I was wondering if the API 
could support a lower-level object with an API like:

  var sha256 = new Crypto.SHA256()
  sha256.append(A)
  var digestA = sha256.digest();
  sha256.append(B)
  var digestB = sha256.digest();
  // etc.

It seems like the algorithm allows this and that this would be easy to 
implement.  What do you think?

While using crypto-js we have experienced some problems in converting a byte 
string into a list of integers. We occasionally get values bigger than 0xff. 
Which obviously should not happen when converting a bytestring into integers.

We were able to fix the problem by doing a bitwise AND against 0xff before 
outputting the value (see code below). This seemed to fix the issue for us. We 
feel this might be a bug in the library. In case we got it wrong, we'd like to 
gain better understanding about what is happening.

Crypto.charenc.Binary.stringToBytes = function (str) {
  for (var bytes = [], i = 0; i < str.length; i++) {
    bytes.push(str.charCodeAt(i) & 0xff);
  }
  return bytes;
};

Due to the way setTimeout forces the browser to wait at minimum 4 ms before 
resuming the computation it makes the async pbkdf2 very slow, taking a full 10 
seconds with 2000 iterations. I've added a loop forcing it to compute for at 
least 100ms before returning to the browser, this gives it speed without much 
browser lag:

while (i < iterations && ((new Date()).getTime() - start.getTime()) < 100)

I've attached a copy of the source for reference. 

It would be great if Crypto-JS implemented some public key cryptography such as 
RSA or something in the ECC space. Although there are some JavaScript RSA 
implementation floating around in the net, their quality is doubtful and if you 
want to use it in conjunction with the symmetric ciphers and hash functions of 
Crypto-JS (which would not be unusual, I believe) you run into problems because 
of inconsistent interfaces.

What steps will reproduce the problem?
1. Start the Testsuite on Opera 10.53

What is the expected output? What do you see instead?

All tests should pass but these are failing

test util.gt: failed.
Value should be true.
Expected: true (boolean)
Actual: false (boolean)

test util.lt: failed.
Value should be true.
Expected: true (boolean)
Actual: false (boolean)

test util.endian: failed.
Values should be equal.
Expected: 4041261184 (number)
Actual: -253706112 (number)

test enc.UTF8.decode: failed.
Values should be equal.
Expected: 1105365410,3465620992 (string)
Actual: 1105365410,-829346304 (string)

test enc.Base64.decode: failed.
Values should be equal.
Expected: 352033795,3648913408 (string)
Actual: 352033795,-646053888 (object)

test types.WordArray.concat: failed.
Values should be equal.
Expected: 4294967295 (string)
Actual: -1 (string)

test SHA256: failed.
Values should be equal.
Expected: f7846f55cf23e14eebeab5b4e1550cad5b509e3348fbc4efa3a1413d393cb650 
(string)
Actual: 8a19c396a89853b8baf0050e3b4dfeb4f19bae586f6b491249a1fe38ff98faa5 
(string)

Opera
Version 10.53
Build 3374
Platform Win32

What steps will reproduce the problem?
1. Call Crypto.MD5() with a string larger than 4000 characters

What is the expected output? What do you see instead?
The returned MD5 hash string is the correct length, however every character
is a zero.

What version of the product are you using? On what operating system?
Crypto-JS v1.1.0, Firefox 3.5, Windows XP Pro

What steps will reproduce the problem?
1. Replace YUI Compressor with Google Closure compiler
2. See build fail

The following cause errors and/or warnings:

in CBC.js:
while (c.pop() != 0x80) ;

The compiler wants {} instead of ;

in AES.js (twice):
mode = options && options.mode || C.mode.OFB;

The variable mode is not declared.  Prepending "var " to the lines solves this.

What steps will reproduce the problem?
1. cd builder/
2. php -f builder.php
3. Lots of warnings about missing files.

What version of the product are you using? On what operating system?

Using checkout from subversion.


Please provide any additional information below.

The files and rollups arrays in builder/builder.php are all in lower case and 
used for referencing files in the project even though the actual files are 
using mixed casing.

The supplied patch should fixed the issue for my part.