feat(browser): Implement fallback SHA256 for non-HTTPS environments and enhance browser tests for consistent hashing

This commit is contained in:
Juergen Kunz
2025-06-19 23:03:36 +00:00
parent 0bae2d6eec
commit 23ad99d0e2
7 changed files with 250 additions and 10 deletions

74
changelog.md Normal file
View File

@ -0,0 +1,74 @@
# Changelog
## 2025-06-19 - 3.1.0 - feat(browser)
Implement fallback SHA256 for non-HTTPS environments and enhance browser tests for consistent hashing
- Added a pure JavaScript SHA256 fallback in ts_web/sha256.fallback.ts for environments without crypto.subtle
- Updated ts_web/index.ts to use the fallback when necessary
- Enhanced browser tests in test/test.browser.ts to verify consistent hash outputs
- Reflected new features in documentation updates (readme.plan.md)
## 2025-06-19 - 3.0.4 - feat
Merge isohash functionality into smarthash to enable crossenvironment hash support. This release introduces browsercompatible SHA256 functions via the Web Crypto API and plugins for environment detection and JSON handling.
- Added new plan and implementation steps to merge isohash into smarthash.
- Updated test files to use the new tapbundle import.
- Implemented browserspecific hashing functions in ts_web/index.ts and ts_web/plugins.ts.
- Created browser tests in test/test.browser.ts for SHA256 functions.
- Ensured consistent smarthash functionality across environments.
Note: Several nonbreaking maintenance updates (e.g. description, tsconfig, and npmextra.json adjustments) were applied between 2024 and 2023 alongside version marker commits.
---
## 2023-09-22 to 2022-06-26 - 3.0.0 - Maintenance
Between versions 3.0.3 and 3.0.0, a series of core fixes and organizational improvements were rolled out.
- Multiple “fix(core)” commits addressed various update needs.
- A couple of releases also switched to a new organization scheme.
- Routine maintenance commits ensured stability across these versions.
---
## 2022-06-26 - 2.1.10 - BREAKING CHANGE
A major change was introduced by switching the module system.
- BREAKING CHANGE(core): Switched to ESM, requiring consumers to update their imports accordingly.
---
## 2021-03-01 to 2019-11-21 - 2.1.0 - Maintenance
Across versions 2.1.9 down to 2.1.0, the project received multiple fixes and CI updates.
- Repeated “fix(core)” commits improved internal stability.
- A “fix(ci)” update was also introduced to streamline continuous integration processes.
---
## 2019-11-21 - 2.0.6 - feat
New functionality was added to expand the available hashing algorithms.
- feat(md5): Now creates MD5 hashes, broadening the projects cryptographic capabilities.
---
## 2019-07-04 to 2018-09-07 - 2.0.0 - Maintenance
This range of releases was dedicated to refining core functionality and enhancing security.
- Numerous “fix(core)” commits ensured consistent behavior.
- A “fix(snyk)” commit added a .snyk file and marked the project as Open Source for improved security auditing.
---
## 2018-09-07 - 1.0.4 - BREAKING CHANGE
A breaking change was introduced by renaming the package scope.
- BREAKING CHANGE(scope): Changed the package name to @pushrocks/smarthash, requiring updates for consumers referencing the old name.
---
## 2016-08-16 to 2016-05-23 - 1.0.0 - Initial Setup
During the early days of the project, core implementation and structure were established.
- Early commits included the initial implementation (“implementation is ready”), package metadata adjustments (e.g. “update package tags”, “fix README”), and structural additions (“add structure”).
- The journey began with the Initial commit on 2016-05-23, setting the groundwork for future development.

View File

@ -37,4 +37,9 @@ Merge the functionality from @push.rocks/isohash into @push.rocks/smarthash to p
- The web version uses native Web Crypto API for performance
- The Node.js version continues using the existing crypto implementation
- API remains consistent across both environments
- No breaking changes to existing smarthash functionality
- No breaking changes to existing smarthash functionality
## Additional Features Implemented
- **Fallback for non-HTTPS environments**: Added pure JavaScript SHA256 implementation that automatically activates when crypto.subtle is not available (e.g., HTTP or file:// protocols)
- **Comprehensive browser tests**: Created test.browser.ts with specific browser environment tests
- **Cross-environment consistency**: Ensured hash outputs match across Node.js and browser implementations

View File

@ -62,4 +62,16 @@ tap.test('md5FromString should throw in browser environment', async () => {
await expect(smarthash.md5FromString('test')).rejects.toThrow();
});
tap.test('sha256 produces consistent results across environments', async () => {
// Test that our implementation produces the same hash as Node.js crypto
const testHash = await smarthash.sha256FromString('test');
const expectedHash = '9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08';
expect(testHash).toEqual(expectedHash);
// Test with different string
const testHash2 = await smarthash.sha256FromString('hello world');
const expectedHash2 = 'b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9';
expect(testHash2).toEqual(expectedHash2);
});
export default tap.start();

View File

@ -1,8 +1,8 @@
/**
* autocreated commitinfo by @pushrocks/commitinfo
* autocreated commitinfo by @push.rocks/commitinfo
*/
export const commitinfo = {
name: '@push.rocks/smarthash',
version: '3.0.4',
description: 'simplified access to node hash functions'
version: '3.1.0',
description: 'Cross-environment hash functions (SHA256 and MD5) for Node.js and browsers, with support for strings, streams, and files.'
}

View File

@ -0,0 +1,8 @@
/**
* autocreated commitinfo by @push.rocks/commitinfo
*/
export const commitinfo = {
name: '@push.rocks/smarthash',
version: '3.1.0',
description: 'Cross-environment hash functions (SHA256 and MD5) for Node.js and browsers, with support for strings, streams, and files.'
}

View File

@ -1,4 +1,5 @@
import * as plugins from './plugins.js';
import { sha256Fallback } from './sha256.fallback.js';
/**
* Convert ArrayBuffer to hex string
@ -21,15 +22,28 @@ const hex = (buffer: ArrayBuffer): string => {
return hexCodes.join("");
};
/**
* Check if crypto.subtle is available
*/
const isCryptoSubtleAvailable = (): boolean => {
return typeof crypto !== 'undefined' && crypto.subtle !== undefined;
};
/**
* Computes sha256 Hash from String
*/
export const sha256FromString = async (stringArg: string): Promise<string> => {
// Get the string as arraybuffer.
const buffer = (new TextEncoder()).encode(stringArg);
const hash = await crypto.subtle.digest("SHA-256", buffer);
const result = hex(hash);
return result;
if (isCryptoSubtleAvailable()) {
const hash = await crypto.subtle.digest("SHA-256", buffer);
const result = hex(hash);
return result;
} else {
// Use fallback for non-HTTPS environments
return sha256Fallback(buffer);
}
};
/**
@ -45,9 +59,15 @@ export const sha256FromStringSync = (stringArg: string): string => {
* Computes sha256 Hash from ArrayBuffer
*/
export const sha256FromBuffer = async (bufferArg: ArrayBuffer | Uint8Array): Promise<string> => {
const hash = await crypto.subtle.digest("SHA-256", bufferArg);
const result = hex(hash);
return result;
if (isCryptoSubtleAvailable()) {
const hash = await crypto.subtle.digest("SHA-256", bufferArg);
const result = hex(hash);
return result;
} else {
// Use fallback for non-HTTPS environments
const uint8Array = bufferArg instanceof Uint8Array ? bufferArg : new Uint8Array(bufferArg);
return sha256Fallback(uint8Array);
}
};
/**

121
ts_web/sha256.fallback.ts Normal file
View File

@ -0,0 +1,121 @@
/**
* Pure JavaScript SHA256 implementation
* Used as fallback when crypto.subtle is not available (non-HTTPS contexts)
*/
/**
* SHA256 constants
*/
const K: number[] = [
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
];
/**
* Initial hash values
*/
const H: number[] = [
0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
];
/**
* Rotate right
*/
function rotr(n: number, b: number): number {
return (n >>> b) | (n << (32 - b));
}
/**
* SHA256 compression function
*/
function sha256Transform(W: number[], H: number[]): void {
let a = H[0];
let b = H[1];
let c = H[2];
let d = H[3];
let e = H[4];
let f = H[5];
let g = H[6];
let h = H[7];
for (let j = 0; j < 64; j++) {
if (j >= 16) {
const s0 = rotr(W[j - 15], 7) ^ rotr(W[j - 15], 18) ^ (W[j - 15] >>> 3);
const s1 = rotr(W[j - 2], 17) ^ rotr(W[j - 2], 19) ^ (W[j - 2] >>> 10);
W[j] = (W[j - 16] + s0 + W[j - 7] + s1) >>> 0;
}
const S1 = rotr(e, 6) ^ rotr(e, 11) ^ rotr(e, 25);
const ch = (e & f) ^ ((~e) & g);
const temp1 = (h + S1 + ch + K[j] + W[j]) >>> 0;
const S0 = rotr(a, 2) ^ rotr(a, 13) ^ rotr(a, 22);
const maj = (a & b) ^ (a & c) ^ (b & c);
const temp2 = (S0 + maj) >>> 0;
h = g;
g = f;
f = e;
e = (d + temp1) >>> 0;
d = c;
c = b;
b = a;
a = (temp1 + temp2) >>> 0;
}
H[0] = (H[0] + a) >>> 0;
H[1] = (H[1] + b) >>> 0;
H[2] = (H[2] + c) >>> 0;
H[3] = (H[3] + d) >>> 0;
H[4] = (H[4] + e) >>> 0;
H[5] = (H[5] + f) >>> 0;
H[6] = (H[6] + g) >>> 0;
H[7] = (H[7] + h) >>> 0;
}
/**
* Calculate SHA256 hash from bytes
*/
export function sha256Fallback(bytes: Uint8Array): string {
const H_copy = [...H];
const msgLen = bytes.length;
const msgBitLen = msgLen * 8;
// Padding
const padLen = (msgLen % 64 < 56) ? 56 - (msgLen % 64) : 120 - (msgLen % 64);
const padded = new Uint8Array(msgLen + padLen + 8);
padded.set(bytes);
padded[msgLen] = 0x80;
// Append length (64-bit big-endian)
const dataView = new DataView(padded.buffer);
dataView.setUint32(padded.length - 8, 0, false); // high 32 bits
dataView.setUint32(padded.length - 4, msgBitLen >>> 0, false); // low 32 bits
// Process blocks
for (let offset = 0; offset < padded.length; offset += 64) {
const W = new Array(64);
// Copy block into W[0..15]
for (let i = 0; i < 16; i++) {
W[i] = dataView.getUint32(offset + i * 4, false);
}
sha256Transform(W, H_copy);
}
// Convert to hex string
let hex = '';
for (let i = 0; i < 8; i++) {
hex += H_copy[i].toString(16).padStart(8, '0');
}
return hex;
}