After much delay, I am pleased to announce that v1.2 of jsSHA has been released!
Over the last several months, I have been contacted by quite a few people asking if I was planning on adding HMAC to jsSHA which, prior to them asking, I had not really considered. I was admittedly less-than-open to the idea since FIPS 198a had all the example keys in hex and adding the ability to take in ASCII representations of hex required another reworking of the internals of the library leading to possibly yet another API change. However, as the months progressed, I became more open to reworking the library again and set out earlier this week to add HMAC. It was not nearly as bad as I expected to add hex support for the HMAC key input and found that, with little trouble, I was able to add it as an input type for the text to be hashed as well. It was basically getting two helpful features for the price of one. The API did change, but I was able to keep backwards compatibility without the need for another silly wrapper script.
Another by product of fiddling with the internals was looking at ways of speeding up the hash calculation. While it works fine for making a hash at a time, it was apparently out-performed by another recent SHA-512 JavaScript library. I made a few changes to the safeAdd functions used by jsSHA by adding versions that supported more than 2 parameters which proved to be quite a performance jump. I am unsure how it stacks up against the competition (if I have to see another long string of hex again soon, I’ll poke my eyes out) but it’s definitely faster than the last release.
This release also marks the addition of a Python 3.X script to help provide proof of the correctness of test vectors (as they always say, “trust but verify”). The FIPS 198a spec only has test vectors and results for HMAC with SHA-1 which is somewhat lacking for testing purposes. I have recently fallen for the ease of Python programming and this was a perfect excuse to fire up my Python interpreter and code away. The script currently just “extends” the test vectors from FIPS 198a to SHA-224, SHA-256, SHA-384, and SHA-512 and does not actually come up with any new input values.
Finally, the last change was the use of a different JavaScript compressor for the non sha.js files. I really don’t have a strong opinion on which compressor to use but I tried out http://javascriptcompressor.com/ and found that “Shrink Variables” option actually reduced the size of the files by a noticeable amount. Although I consider it the easiest of the changes, it probably has the largest impact due to bandwidth savings.
Please post any comments, feedback, or complaints that you have for the newest release!