dchest / fast-sha256-js Goto Github PK

SHA-256, HMAC, HKDF and PBKDF2 implementation for JavaScript/TypeScript with typed arrays for modern browsers and Node.js

License: The Unlicense

JavaScript 99.24% Go 0.08% HTML 0.01% TypeScript 0.67%

fast-sha256-js's Introduction

fast-sha256-js

SHA-256 implementation for JavaScript/TypeScript with typed arrays that works in modern browsers and Node.js. Implements the hash function, HMAC, and PBKDF2.

Public domain. No warranty.

Installation

You can install fast-sha256-js via NPM:

$ npm install fast-sha256

or download source code.

Usage

Functions accept and return Uint8Arrays. To convert strings, use external library (for example, nacl.util).

sha256(message)

Returns a SHA-256 hash of the message.

sha256.hmac(key, message)

Returns an HMAC-SHA-256 of the message for the key.

sha256.pbkdf2(password, salt, rounds, dkLen)

Returns a key of length dkLen derived using PBKDF2-HMAC-SHA256 from the given password, salt, and the number of rounds.

sha256.hkdf(key, salt, info?, length?)

Returns a key of the given length derived using HKDF as described in RFC 5869.

There are also classes Hash and HMAC:

new sha256.Hash()

Constructor for hash instance. Should be used with new. Available methods: update(), digest(), reset(), etc.

new sha256.HMAC(key)

Constructor for HMAC instance. Should be used with new. Available methods: update(), digest(), reset(), etc.

See comments in src/sha256.ts for details.

Usage with TypeScript

import sha256, { Hash, HMAC } from "fast-sha256";

sha256(data) // default export is hash

const h = new HMAC(key); // also Hash and HMAC classes
const mac = h.update(data).digest();

// alternatively:

import * as sha256 from "fast-sha256";

sha256.pbkdf2(password, salt, iterations, dkLen); // returns derived key
sha256.hash(data)

const hasher = new sha256.Hash();
hasher.update(data1);
hasher.update(data2);
const result = hasher.digest();

Testing and building

Install development dependencies:

$ npm install

Build JavaScript, minified version, and typings:

$ npm run build

Run tests:

$ npm test

Run tests on a different source file:

$ SHA256_SRC=sha256.min.js npm test

Run benchmark:

$ npm run bench

(or in a browser, open tests/bench.html).

Lint:

$ npm run lint

Notes

While this implementation is pretty fast compared to previous generation implementations, if you need an even faster one, check out asmCrypto.

fast-sha256-js's People

Contributors

Stargazers

Watchers

fast-sha256-js's Issues

Suggestion: input type check

I wonder if an input type check, say in Hash.prototype.update(data), would be appropriate for idiots like me who just assume that a string is fine :)

    Hash.prototype.update = function (data, dataLength) {
        if (typeof data === "string") {
          throw new Error("Input data should be Uint8Array");
        }

I got much better results when I converted my strings to Uint8Array after noticing that my result was different than that produced by sha256sum at the command line.

nacl.util link points to tweetnacl-js which is no longer the home for that

In the README, this link does not point to the split off nacl.util project page.

https://github.com/dchest/fast-sha256-js/blame/master/README.md#L35

sha256.hmac return garbled hash value

I was trying to use the sha256.hmac function to generate hmac sha256 hash, but I got some garbled code.

//convert String to Uint8Array
var msg = new TextEncoder("utf-8").encode("/v2/radios?page=1&size=10&catalog=all:7690d85d-7777-2930-040c-9241b52682ab");
var key  = new TextEncoder("utf-8").encode("q23IN6hB7p"); 
var hash = sha256.hmac(key, msg);
//convert Uint8Array to String
console.log(new TextDecoder("utf-8").decode(hash));  // result is garbled code： gUm7_���������)���V�Ύ����kb�l�T

version: v1.0.0
browser: Chrome 62

PKBDF2 Doesn't appear to generate exepcted values

I am trying to get corresponding values between JavaScript code and Java code. When that didn't happen, I went looking for test vectors, and added this function to my JavaScript, which fails to produce the expected output for the first test vector.

function doTestVectors() {
// Test vectors from https://stackoverflow.com/questions/5130513/pbkdf2-hmac-sha2-test-vectors
result1 = toHexString(sha256.pbkdf2("password", "salt", 1, 32));
expected1 = "120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b";
if (result1 != expected1)
{
alert("Test failed. result1=" + result1);
}
}

It produces:
Test failed. result1=a4a11ce5fbe8f96bf3028035286c2c9274cd4259cbc224e37a73d971923903d3

Perhaps you could add these known good test vectors to the code and then hopefully also get a match?

Same result on Chromium-based browsers

Some problem on Chromium-based browsers. (Maybe in other too.)
For two different passwords returns same result.
For example:

console.log(sha256.pbkdf2('dsddsdsds1', '', 0, 32));
console.log(sha256.pbkdf2('sddsdsdse1', '', 0, 32));

pbkdf2 gives always the same result

pbkdf2 always gives me the same result regardless of the password:

sha256.pbkdf2('b', 'salt', 10, 32).join(',')
"234,39,191,6,86,158,63,177,246,157,96,178,195,13,125,54,91,1,37,107,241,3,140,34,21,102,65,171,57,106,121,67"

sha256.pbkdf2('a', 'salt', 10, 32).join(',')
"234,39,191,6,86,158,63,177,246,157,96,178,195,13,125,54,91,1,37,107,241,3,140,34,21,102,65,171,57,106,121,67"

What am I doing wrong?

[RESEARCH] Почему хэш отличается от ASMCrypto?

Дмитрий,

положим рядом index.html, asmcrypto.js и sha256.min.js (все три в архиве)
посчитаем PBKDF2_HMAC_SHA256 с параметрами password, salt, 1000, 20
сконвертируем вывод Uint8Array в Hex (можно и в Base64, суть вопроса не изменится)

Asmcrypto: 632c2812e46d4604102ba7618e9d6d7d2f8128f6
DmitryChe: d1035cbdf15c9f80ef8c9fc01ae5ec06552943de

Хэши отличаются. Почему?