node-forge - npm Package Compare versions

Comparing version 0.6.28 to 0.6.29

bower.json

 {
   "name": "forge",
-  "version": "0.6.28",
+  "version": "0.6.29",
   "description": "JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.",
@@ -5,0 +5,0 @@ "authors": [

js/pbkdf2.js

@@ -16,13 +16,24 @@ /**
 
+var _nodejs = (
+  typeof process !== 'undefined' && process.versions && process.versions.node);
+var crypto;
+if(_nodejs && !forge.disableNativeCode) {
+  crypto = require('crypto');
+}
+
 /**
  * Derives a key from a password.
  *
- * @param p the password as a string of bytes.
- * @param s the salt as a string of bytes.
+ * @param p the password as a binary-encoded string of bytes.
+ * @param s the salt as a binary-encoded string of bytes.
  * @param c the iteration count, a positive integer.
  * @param dkLen the intended length, in bytes, of the derived key,
  *          (max: 2^32 - 1) * hash length of the PRF.
- * @param md the message digest to use in the PRF, defaults to SHA-1.
+ * @param [md] the message digest (or algorithm identifier as a string) to use
+ *          in the PRF, defaults to SHA-1.
+ * @param [callback(err, key)] presence triggers asynchronous version, called
+ *          once the operation completes.
  *
- * @return the derived key, as a string of bytes.
+ * @return the derived key, as a binary-encoded string of bytes, for the
+ *           synchronous version (if no callback is specified).
  */
@@ -34,6 +45,45 @@ forge.pbkdf2 = pkcs5.pbkdf2 = function(p, s, c, dkLen, md, callback) {
   }
-  // default prf to SHA-1
+
+  // use native implementation if possible and not disabled, note that
+  // some node versions only support SHA-1, others allow digest to be changed
+  if(_nodejs && !forge.disableNativeCode && crypto.pbkdf2 &&
+    (md === null || typeof md !== 'object') &&
+    (crypto.pbkdf2Sync.length > 4 || (!md || md === 'sha1'))) {
+    if(typeof md !== 'string') {
+      // default prf to SHA-1
+      md = 'sha1';
+    }
+    s = new Buffer(s, 'binary');
+    if(!callback) {
+      if(crypto.pbkdf2Sync.length === 4) {
+        return crypto.pbkdf2Sync(p, s, c, dkLen).toString('binary');
+      }
+      return crypto.pbkdf2Sync(p, s, c, dkLen, md).toString('binary');
+    }
+    if(crypto.pbkdf2Sync.length === 4) {
+      return crypto.pbkdf2(p, s, c, dkLen, function(err, key) {
+        if(err) {
+          return callback(err);
+        }
+        callback(null, key.toString('binary'));
+      });
+    }
+    return crypto.pbkdf2(p, s, c, dkLen, md, function(err, key) {
+      if(err) {
+        return callback(err);
+      }
+      callback(null, key.toString('binary'));
+    });
+  }
+
   if(typeof md === 'undefined' || md === null) {
+    // default prf to SHA-1
     md = forge.md.sha1.create();
   }
+  if(typeof md === 'string') {
+    if(!(md in forge.md.algorithms)) {
+      throw new Error('Unknown hash algorithm: ' + md);
+    }
+    md = forge.md[md].create();
+  }
 
@@ -40,0 +90,0 @@ var hLen = md.digestLength;

nodejs/test/pbkdf2.js

@@ -42,2 +42,9 @@ (function() {
 
+    it('should derive a password with hmac-sha-256 (passed as an algorithm identifier) c=1000', function() {
+      // Note: might be too slow on old browsers
+      var salt = '4bcda0d1c689fe465c5b8a817f0ddf3d';
+      var dkHex = UTIL.bytesToHex(PBKDF2('password', salt, 1000, 48, 'sha256'));
+      ASSERT.equal(dkHex, '9da8a5f4ae605f35e82e5beac5f362df15c4255d88f738d641466a4107f9970238e768e72af29ac89a1b16ff277b31d2');
+    });
+
     it('should asynchronously derive a password with hmac-sha-1 c=1', function(done) {
@@ -97,2 +104,12 @@ PBKDF2('password', 'salt', 1, 20, function(err, dk) {
     });
+
+    it('should asynchronously derive a password with hmac-sha-256 (passed as an algorithm identifier) c=1000', function(done) {
+      // Note: might be too slow on old browsers
+      var salt = '4bcda0d1c689fe465c5b8a817f0ddf3d';
+      PBKDF2('password', salt, 1000, 48, 'sha256', function(err, dk) {
+        var dkHex = UTIL.bytesToHex(dk);
+        ASSERT.equal(dkHex, '9da8a5f4ae605f35e82e5beac5f362df15c4255d88f738d641466a4107f9970238e768e72af29ac89a1b16ff277b31d2');
+        done();
+      });
+    });
   });
@@ -99,0 +116,0 @@ }

package.json

 {
   "name": "node-forge",
-  "version": "0.6.28",
+  "version": "0.6.29",
   "description": "JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.",
@@ -5,0 +5,0 @@ "homepage": "http://github.com/digitalbazaar/forge",

No alert changes

Improved metrics

Total package byte prevSize

2163239

0.12%

Lines of code

41396

0.15%

No dependency changes