Skip to content

Commit

Permalink
enhanced support for encrypted PKCS8
Browse files Browse the repository at this point in the history
  • Loading branch information
kjur committed Nov 27, 2023
1 parent 59920c4 commit df54d0b
Show file tree
Hide file tree
Showing 29 changed files with 1,369 additions and 325 deletions.
24 changes: 24 additions & 0 deletions ChangeLog.txt
Original file line number Diff line number Diff line change
@@ -1,6 +1,30 @@

ChangeLog for jsrsasign

enhanced support for encrypted PKCS8
* Changes from 10.8.6 to 10.9.0 (2023-Nov-27)
- KEYUTIL.getPEM is updated not to use weak ciphers (#599)
- default encryptionScheme is changed from des-EDE3-CBC to aes256-CBC
- default prf is changed from hmacWithSHA1 to hmacWithSHA256
- src/keyutil.js
- more encrypted PKCS#8 private key support
- KEYUTIL.getKey now supports encrypted PKCS#8 private key with
aes128-CBC, aes256-CBC encrypted and using hmacWithSHA224/256/384/512 as
psudorandom function.
- KEYUTIL.getPEM now supports such as above encrypted PKCS#8 PEM
priavte key.
- src/crypto.js
- Cipher.decrypt/encrypt now supports symmetric ciphers (des-EDE3-CBC,aes128-CBC,aes256-CBC)
- src/base64x.js
- function inttohex and twoscompl are added
- src/asn1.js
- ASN1Util.bigIntToMinTwosComplementsHex is now DEPRECATED. use twoscompl.
- src/asn1x509.js
- aes*-CBC and hmacWithSHA* OIDs are added
- test/qunit-do-{base64x,crypto-cipher,keyutil-eprv,keyutil,keyutil-p8egen}.html
- update and add some test cases for above
- stop bower support (bower.json removed)

X509.getExtSubjectDirectoryAttributes another bugfix
* Changes from 10.8.5 to 10.8.6 (2023-Apr-26)
- src/x509.js
Expand Down
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ gitadd-all-doc:
git add api/*.html api/symbols/*.html api/symbols/src/*.html LICENSE.txt

gitadd-release:
git add ChangeLog.txt Makefile bower.json jsrsasign-*-min.js min/*.js src/*.js npm/package.json npm/lib/jsrsasign*.js npm/lib/{header,footer,lib}.js src/*.js test/qunit-do-*.html test/x509crl.html README.md npm/README.md tool/*.html npm_util/*.* npm_util/lib/*.* npm/test/t_*.js
git add ChangeLog.txt Makefile jsrsasign-*-min.js min/*.js src/*.js npm/package.json npm/lib/jsrsasign*.js npm/lib/{header,footer,lib}.js src/*.js test/qunit-do-*.html test/x509crl.html README.md npm/README.md tool/*.html npm_util/*.* npm_util/lib/*.* npm/test/t_*.js

gitadd: gitadd-all-doc gitadd-release
@echo done
Expand Down
14 changes: 0 additions & 14 deletions bower.json

This file was deleted.

250 changes: 125 additions & 125 deletions ext/cj/pbkdf2.js
Original file line number Diff line number Diff line change
Expand Up @@ -4,128 +4,128 @@ code.google.com/p/crypto-js
(c) 2009-2013 by Jeff Mott. All rights reserved.
code.google.com/p/crypto-js/wiki/License
*/
(function () {
// Shortcuts
var C = CryptoJS;
var C_lib = C.lib;
var Base = C_lib.Base;
var WordArray = C_lib.WordArray;
var C_algo = C.algo;
var SHA1 = C_algo.SHA1;
var HMAC = C_algo.HMAC;

/**
* Password-Based Key Derivation Function 2 algorithm.
*/
var PBKDF2 = C_algo.PBKDF2 = Base.extend({
/**
* Configuration options.
*
* @property {number} keySize The key size in words to generate. Default: 4 (128 bits)
* @property {Hasher} hasher The hasher to use. Default: SHA1
* @property {number} iterations The number of iterations to perform. Default: 1
*/
cfg: Base.extend({
keySize: 128/32,
hasher: SHA1,
iterations: 1
}),

/**
* Initializes a newly created key derivation function.
*
* @param {Object} cfg (Optional) The configuration options to use for the derivation.
*
* @example
*
* var kdf = CryptoJS.algo.PBKDF2.create();
* var kdf = CryptoJS.algo.PBKDF2.create({ keySize: 8 });
* var kdf = CryptoJS.algo.PBKDF2.create({ keySize: 8, iterations: 1000 });
*/
init: function (cfg) {
this.cfg = this.cfg.extend(cfg);
},

/**
* Computes the Password-Based Key Derivation Function 2.
*
* @param {WordArray|string} password The password.
* @param {WordArray|string} salt A salt.
*
* @return {WordArray} The derived key.
*
* @example
*
* var key = kdf.compute(password, salt);
*/
compute: function (password, salt) {
// Shortcut
var cfg = this.cfg;

// Init HMAC
var hmac = HMAC.create(cfg.hasher, password);

// Initial values
var derivedKey = WordArray.create();
var blockIndex = WordArray.create([0x00000001]);

// Shortcuts
var derivedKeyWords = derivedKey.words;
var blockIndexWords = blockIndex.words;
var keySize = cfg.keySize;
var iterations = cfg.iterations;

// Generate key
while (derivedKeyWords.length < keySize) {
var block = hmac.update(salt).finalize(blockIndex);
hmac.reset();

// Shortcuts
var blockWords = block.words;
var blockWordsLength = blockWords.length;

// Iterations
var intermediate = block;
for (var i = 1; i < iterations; i++) {
intermediate = hmac.finalize(intermediate);
hmac.reset();

// Shortcut
var intermediateWords = intermediate.words;

// XOR intermediate with block
for (var j = 0; j < blockWordsLength; j++) {
blockWords[j] ^= intermediateWords[j];
}
}

derivedKey.concat(block);
blockIndexWords[0]++;
}
derivedKey.sigBytes = keySize * 4;

return derivedKey;
}
});

/**
* Computes the Password-Based Key Derivation Function 2.
*
* @param {WordArray|string} password The password.
* @param {WordArray|string} salt A salt.
* @param {Object} cfg (Optional) The configuration options to use for this computation.
*
* @return {WordArray} The derived key.
*
* @static
*
* @example
*
* var key = CryptoJS.PBKDF2(password, salt);
* var key = CryptoJS.PBKDF2(password, salt, { keySize: 8 });
* var key = CryptoJS.PBKDF2(password, salt, { keySize: 8, iterations: 1000 });
*/
C.PBKDF2 = function (password, salt, cfg) {
return PBKDF2.create(cfg).compute(password, salt);
};
}());
(function () {
// Shortcuts
var C = CryptoJS;
var C_lib = C.lib;
var Base = C_lib.Base;
var WordArray = C_lib.WordArray;
var C_algo = C.algo;
var SHA1 = C_algo.SHA1;
var HMAC = C_algo.HMAC;

/**
* Password-Based Key Derivation Function 2 algorithm.
*/
var PBKDF2 = C_algo.PBKDF2 = Base.extend({
/**
* Configuration options.
*
* @property {number} keySize The key size in words to generate. Default: 4 (128 bits)
* @property {Hasher} hasher The hasher to use. Default: SHA1
* @property {number} iterations The number of iterations to perform. Default: 1
*/
cfg: Base.extend({
keySize: 128/32,
hasher: SHA1,
iterations: 1
}),

/**
* Initializes a newly created key derivation function.
*
* @param {Object} cfg (Optional) The configuration options to use for the derivation.
*
* @example
*
* var kdf = CryptoJS.algo.PBKDF2.create();
* var kdf = CryptoJS.algo.PBKDF2.create({ keySize: 8 });
* var kdf = CryptoJS.algo.PBKDF2.create({ keySize: 8, iterations: 1000 });
*/
init: function (cfg) {
this.cfg = this.cfg.extend(cfg);
},

/**
* Computes the Password-Based Key Derivation Function 2.
*
* @param {WordArray|string} password The password.
* @param {WordArray|string} salt A salt.
*
* @return {WordArray} The derived key.
*
* @example
*
* var key = kdf.compute(password, salt);
*/
compute: function (password, salt) {
// Shortcut
var cfg = this.cfg;

// Init HMAC
var hmac = HMAC.create(cfg.hasher, password);

// Initial values
var derivedKey = WordArray.create();
var blockIndex = WordArray.create([0x00000001]);

// Shortcuts
var derivedKeyWords = derivedKey.words;
var blockIndexWords = blockIndex.words;
var keySize = cfg.keySize;
var iterations = cfg.iterations;

// Generate key
while (derivedKeyWords.length < keySize) {
var block = hmac.update(salt).finalize(blockIndex);
hmac.reset();

// Shortcuts
var blockWords = block.words;
var blockWordsLength = blockWords.length;

// Iterations
var intermediate = block;
for (var i = 1; i < iterations; i++) {
intermediate = hmac.finalize(intermediate);
hmac.reset();

// Shortcut
var intermediateWords = intermediate.words;

// XOR intermediate with block
for (var j = 0; j < blockWordsLength; j++) {
blockWords[j] ^= intermediateWords[j];
}
}

derivedKey.concat(block);
blockIndexWords[0]++;
}
derivedKey.sigBytes = keySize * 4;

return derivedKey;
}
});

/**
* Computes the Password-Based Key Derivation Function 2.
*
* @param {WordArray|string} password The password.
* @param {WordArray|string} salt A salt.
* @param {Object} cfg (Optional) The configuration options to use for this computation.
*
* @return {WordArray} The derived key.
*
* @static
*
* @example
*
* var key = CryptoJS.PBKDF2(password, salt);
* var key = CryptoJS.PBKDF2(password, salt, { keySize: 8 });
* var key = CryptoJS.PBKDF2(password, salt, { keySize: 8, iterations: 1000 });
*/
C.PBKDF2 = function (password, salt, cfg) {
return PBKDF2.create(cfg).compute(password, salt);
};
}());
16 changes: 8 additions & 8 deletions jsrsasign-all-min.js

Large diffs are not rendered by default.

10 changes: 5 additions & 5 deletions jsrsasign-jwths-min.js

Large diffs are not rendered by default.

12 changes: 6 additions & 6 deletions jsrsasign-rsa-min.js

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion min/asn1-1.0.min.js

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion min/asn1x509-1.0.min.js

Large diffs are not rendered by default.

Loading

0 comments on commit df54d0b

Please sign in to comment.