enhanced support for encrypted PKCS8

ChangeLog.txt

@@ -1,6 +1,30 @@
 
 ChangeLog for jsrsasign
 
+enhanced support for encrypted PKCS8
+* Changes from 10.8.6 to 10.9.0 (2023-Nov-27)
+  - KEYUTIL.getPEM is updated not to use weak ciphers (#599)
+    - default encryptionScheme is changed from des-EDE3-CBC to aes256-CBC
+    - default prf is changed from hmacWithSHA1 to hmacWithSHA256
+  - src/keyutil.js
+    - more encrypted PKCS#8 private key support
+      - KEYUTIL.getKey now supports encrypted PKCS#8 private key with
+        aes128-CBC, aes256-CBC encrypted and using hmacWithSHA224/256/384/512 as
+        psudorandom function.
+      - KEYUTIL.getPEM now supports such as above encrypted PKCS#8 PEM 
+        priavte key.
+  - src/crypto.js
+    - Cipher.decrypt/encrypt now supports symmetric ciphers (des-EDE3-CBC,aes128-CBC,aes256-CBC)
+  - src/base64x.js
+    - function inttohex and twoscompl are added
+  - src/asn1.js
+    - ASN1Util.bigIntToMinTwosComplementsHex is now DEPRECATED. use twoscompl.
+  - src/asn1x509.js
+    - aes*-CBC and hmacWithSHA* OIDs are added
+  - test/qunit-do-{base64x,crypto-cipher,keyutil-eprv,keyutil,keyutil-p8egen}.html
+    - update and add some test cases for above
+  - stop bower support (bower.json removed)
+
 X509.getExtSubjectDirectoryAttributes another bugfix
 * Changes from 10.8.5 to 10.8.6 (2023-Apr-26)
   - src/x509.js

Makefile

@@ -88,7 +88,7 @@ gitadd-all-doc:
 	git add api/*.html api/symbols/*.html api/symbols/src/*.html LICENSE.txt
 
 gitadd-release:
-	git add ChangeLog.txt Makefile bower.json jsrsasign-*-min.js min/*.js src/*.js npm/package.json npm/lib/jsrsasign*.js npm/lib/{header,footer,lib}.js src/*.js test/qunit-do-*.html test/x509crl.html README.md npm/README.md tool/*.html npm_util/*.* npm_util/lib/*.* npm/test/t_*.js
+	git add ChangeLog.txt Makefile jsrsasign-*-min.js min/*.js src/*.js npm/package.json npm/lib/jsrsasign*.js npm/lib/{header,footer,lib}.js src/*.js test/qunit-do-*.html test/x509crl.html README.md npm/README.md tool/*.html npm_util/*.* npm_util/lib/*.* npm/test/t_*.js
 
 gitadd: gitadd-all-doc gitadd-release
 	@echo done

ext/cj/pbkdf2.js

@@ -4,128 +4,128 @@ code.google.com/p/crypto-js
 (c) 2009-2013 by Jeff Mott. All rights reserved.
 code.google.com/p/crypto-js/wiki/License
 */
-(function () {
-    // Shortcuts
-    var C = CryptoJS;
-    var C_lib = C.lib;
-    var Base = C_lib.Base;
-    var WordArray = C_lib.WordArray;
-    var C_algo = C.algo;
-    var SHA1 = C_algo.SHA1;
-    var HMAC = C_algo.HMAC;
-
-    /**
-     * Password-Based Key Derivation Function 2 algorithm.
-     */
-    var PBKDF2 = C_algo.PBKDF2 = Base.extend({
-        /**
-         * Configuration options.
-         *
-         * @property {number} keySize The key size in words to generate. Default: 4 (128 bits)
-         * @property {Hasher} hasher The hasher to use. Default: SHA1
-         * @property {number} iterations The number of iterations to perform. Default: 1
-         */
-        cfg: Base.extend({
-            keySize: 128/32,
-            hasher: SHA1,
-            iterations: 1
-        }),
-
-        /**
-         * Initializes a newly created key derivation function.
-         *
-         * @param {Object} cfg (Optional) The configuration options to use for the derivation.
-         *
-         * @example
-         *
-         *     var kdf = CryptoJS.algo.PBKDF2.create();
-         *     var kdf = CryptoJS.algo.PBKDF2.create({ keySize: 8 });
-         *     var kdf = CryptoJS.algo.PBKDF2.create({ keySize: 8, iterations: 1000 });
-         */
-        init: function (cfg) {
-            this.cfg = this.cfg.extend(cfg);
-        },
-
-        /**
-         * Computes the Password-Based Key Derivation Function 2.
-         *
-         * @param {WordArray|string} password The password.
-         * @param {WordArray|string} salt A salt.
-         *
-         * @return {WordArray} The derived key.
-         *
-         * @example
-         *
-         *     var key = kdf.compute(password, salt);
-         */
-        compute: function (password, salt) {
-            // Shortcut
-            var cfg = this.cfg;
-
-            // Init HMAC
-            var hmac = HMAC.create(cfg.hasher, password);
-
-            // Initial values
-            var derivedKey = WordArray.create();
-            var blockIndex = WordArray.create([0x00000001]);
-
-            // Shortcuts
-            var derivedKeyWords = derivedKey.words;
-            var blockIndexWords = blockIndex.words;
-            var keySize = cfg.keySize;
-            var iterations = cfg.iterations;
-
-            // Generate key
-            while (derivedKeyWords.length < keySize) {
-                var block = hmac.update(salt).finalize(blockIndex);
-                hmac.reset();
-
-                // Shortcuts
-                var blockWords = block.words;
-                var blockWordsLength = blockWords.length;
-
-                // Iterations
-                var intermediate = block;
-                for (var i = 1; i < iterations; i++) {
-                    intermediate = hmac.finalize(intermediate);
-                    hmac.reset();
-
-                    // Shortcut
-                    var intermediateWords = intermediate.words;
-
-                    // XOR intermediate with block
-                    for (var j = 0; j < blockWordsLength; j++) {
-                        blockWords[j] ^= intermediateWords[j];
-                    }
-                }
-
-                derivedKey.concat(block);
-                blockIndexWords[0]++;
-            }
-            derivedKey.sigBytes = keySize * 4;
-
-            return derivedKey;
-        }
-    });
-
-    /**
-     * Computes the Password-Based Key Derivation Function 2.
-     *
-     * @param {WordArray|string} password The password.
-     * @param {WordArray|string} salt A salt.
-     * @param {Object} cfg (Optional) The configuration options to use for this computation.
-     *
-     * @return {WordArray} The derived key.
-     *
-     * @static
-     *
-     * @example
-     *
-     *     var key = CryptoJS.PBKDF2(password, salt);
-     *     var key = CryptoJS.PBKDF2(password, salt, { keySize: 8 });
-     *     var key = CryptoJS.PBKDF2(password, salt, { keySize: 8, iterations: 1000 });
-     */
-    C.PBKDF2 = function (password, salt, cfg) {
-        return PBKDF2.create(cfg).compute(password, salt);
-    };
-}());
+(function () {
+    // Shortcuts
+    var C = CryptoJS;
+    var C_lib = C.lib;
+    var Base = C_lib.Base;
+    var WordArray = C_lib.WordArray;
+    var C_algo = C.algo;
+    var SHA1 = C_algo.SHA1;
+    var HMAC = C_algo.HMAC;
+
+    /**
+     * Password-Based Key Derivation Function 2 algorithm.
+     */
+    var PBKDF2 = C_algo.PBKDF2 = Base.extend({
+        /**
+         * Configuration options.
+         *
+         * @property {number} keySize The key size in words to generate. Default: 4 (128 bits)
+         * @property {Hasher} hasher The hasher to use. Default: SHA1
+         * @property {number} iterations The number of iterations to perform. Default: 1
+         */
+        cfg: Base.extend({
+            keySize: 128/32,
+            hasher: SHA1,
+            iterations: 1
+        }),
+
+        /**
+         * Initializes a newly created key derivation function.
+         *
+         * @param {Object} cfg (Optional) The configuration options to use for the derivation.
+         *
+         * @example
+         *
+         *     var kdf = CryptoJS.algo.PBKDF2.create();
+         *     var kdf = CryptoJS.algo.PBKDF2.create({ keySize: 8 });
+         *     var kdf = CryptoJS.algo.PBKDF2.create({ keySize: 8, iterations: 1000 });
+         */
+        init: function (cfg) {
+            this.cfg = this.cfg.extend(cfg);
+        },
+
+        /**
+         * Computes the Password-Based Key Derivation Function 2.
+         *
+         * @param {WordArray|string} password The password.
+         * @param {WordArray|string} salt A salt.
+         *
+         * @return {WordArray} The derived key.
+         *
+         * @example
+         *
+         *     var key = kdf.compute(password, salt);
+         */
+        compute: function (password, salt) {
+            // Shortcut
+            var cfg = this.cfg;
+
+            // Init HMAC
+            var hmac = HMAC.create(cfg.hasher, password);
+
+            // Initial values
+            var derivedKey = WordArray.create();
+            var blockIndex = WordArray.create([0x00000001]);
+
+            // Shortcuts
+            var derivedKeyWords = derivedKey.words;
+            var blockIndexWords = blockIndex.words;
+            var keySize = cfg.keySize;
+            var iterations = cfg.iterations;
+
+            // Generate key
+            while (derivedKeyWords.length < keySize) {
+                var block = hmac.update(salt).finalize(blockIndex);
+                hmac.reset();
+
+                // Shortcuts
+                var blockWords = block.words;
+                var blockWordsLength = blockWords.length;
+
+                // Iterations
+                var intermediate = block;
+                for (var i = 1; i < iterations; i++) {
+                    intermediate = hmac.finalize(intermediate);
+                    hmac.reset();
+
+                    // Shortcut
+                    var intermediateWords = intermediate.words;
+
+                    // XOR intermediate with block
+                    for (var j = 0; j < blockWordsLength; j++) {
+                        blockWords[j] ^= intermediateWords[j];
+                    }
+                }
+
+                derivedKey.concat(block);
+                blockIndexWords[0]++;
+            }
+            derivedKey.sigBytes = keySize * 4;
+
+            return derivedKey;
+        }
+    });
+
+    /**
+     * Computes the Password-Based Key Derivation Function 2.
+     *
+     * @param {WordArray|string} password The password.
+     * @param {WordArray|string} salt A salt.
+     * @param {Object} cfg (Optional) The configuration options to use for this computation.
+     *
+     * @return {WordArray} The derived key.
+     *
+     * @static
+     *
+     * @example
+     *
+     *     var key = CryptoJS.PBKDF2(password, salt);
+     *     var key = CryptoJS.PBKDF2(password, salt, { keySize: 8 });
+     *     var key = CryptoJS.PBKDF2(password, salt, { keySize: 8, iterations: 1000 });
+     */
+    C.PBKDF2 = function (password, salt, cfg) {
+        return PBKDF2.create(cfg).compute(password, salt);
+    };
+}());