Merge branch 'feature/secure-random' into develop

Author: evanvosberg

grunt/tasks/modularize.js

@@ -2,7 +2,7 @@
 
 var _ = require("lodash"),
 
-	fmd = require("fmd");
+    fmd = require("fmd");
 
 module.exports = function (grunt) {
 
@@ -14,78 +14,76 @@ module.exports = function (grunt) {
             modules = {},
 
             config = {
-    			target: this.target + '/',
-    			factories: ["commonjs", "amd", "global"],
-    			trim_whitespace: true,
-    			new_line: "unix",
-    			indent: "\t"
-    		};
+                target: this.target + '/',
+                factories: ["commonjs", "amd", "global"],
+                trim_whitespace: true,
+                new_line: "unix",
+                indent: "\t"
+            };
 
         // Prepare Factory-Module-Definition settings
-        _.each(options, function (conf, name) {
+        _.each(options, (conf, name) => {
             var sources = [],
 
-				opts = {
-					depends: {}
-				},
+                opts = {
+                    depends: {}
+                },
 
-				deps = [];
+                deps = [];
 
-			if (conf.exports) {
-				opts.exports = conf.exports;
-			}
+            if (conf.exports) {
+                opts.exports = conf.exports;
+            }
 
-			if (conf.global) {
-				opts.global = conf.global;
-			}
+            if (conf.global) {
+                opts.global = conf.global;
+            }
 
             // Find and add self as source
-            _.each(this.filesSrc, function (source) {
-    			if (grunt.file.exists(source + name + ".js")) {
-    				sources.push(source + name + ".js");
-    			}
-            }, this);
+            _.each(this.filesSrc, (source) => {
+                if (grunt.file.exists(source + name + ".js")) {
+                    sources.push(source + name + ".js");
+                }
+            });
 
             if (conf.pack) {
-    			// Collect all components
-    			deps = _.chain(conf.components)
-    			    .map(function (depName) {
-        			    return options[depName].components;
-    			    })
-    			    .flatten()
-    			    .uniq()
-    			    .without(name)
-    			    .sort(function (a, b) {
-            			return options[a].components.indexOf(b) === -1 ? -1 : 1;
-        			})
-        			.value();
+                // Collect all components
+                deps = _.chain(conf.components)
+                    .map(depName => options[depName].components)
+                    .flatten()
+                    .uniq()
+                    .without(name)
+                    .sort((a, b) => {
+                        return options[a].components.indexOf(b) === -1 ? -1 : 1;
+                    })
+                    .value();
 
                 // Add components as source files -> results a single file
-                _.each(this.filesSrc, function (source) {
-                    _.each(deps, function (depName) {
-            			if (grunt.file.exists(source + depName + ".js")) {
-            				sources.push(source + depName + ".js");
-            			}
-        			});
-                }, this);
+                _.each(this.filesSrc, (source) => {
+                    _.each(deps, (depName) => {
+                        if (grunt.file.exists(source + depName + ".js")) {
+                            sources.push(source + depName + ".js");
+                        }
+                    });
+                });
             } else {
-    			// Read components and add them as dependecies
-    			_.each(_.without(conf.components, name), function (value, i) {
-    				opts.depends['./' + value] = value === "core" ? "CryptoJS" : null;
-    			});
-			}
+                // Read components and add them as dependecies
+                _.each(_.without(conf.components, name), (value, i) => {
+                    opts.depends['./' + value] = value === "core" ? "CryptoJS" : null;
+                });
+            }
 
-			// Remove duplicates
-			sources = _.uniq(sources);
+            // Remove duplicates
+            sources = _.uniq(sources);
 
             // Add module settings to fmd definition
-			modules[name] = [sources, opts];
-		}, this);
+            modules[name] = [sources, opts];
+        });
 
-		// Build packege modules
-		fmd(config)
-			.define(modules)
-			.build(function (createdFiles) {
+        // Build packege modules
+        fmd(config)
+            .define(modules)
+            .build(() => {
 
                 done();
             });

src/core.js

@@ -2,6 +2,34 @@
  * CryptoJS core components.
  */
 var CryptoJS = CryptoJS || (function (Math, undefined) {
+
+    /*
+     * Cryptographically secure pseudorandom number generator
+     *
+     * As Math.random() is cryptographically not safe to use
+     */
+    var secureRandom = function () {
+        // Native crypto module on NodeJS environment
+        try {
+            // Crypto from global object
+            var crypto = global.crypto;
+
+            // Create a random float number between 0 and 1
+            return Number('0.' + crypto.randomBytes(3).readUIntBE(0, 3));
+        } catch (err) {}
+
+        // Native crypto module in Browser environment
+        try {
+            // Support experimental crypto module in IE 11
+            var crypto = window.crypto || window.msCrypto;
+
+            // Create a random float number between 0 and 1
+            return Number('0.' + window.crypto.getRandomValues(new Uint32Array(1))[0]);
+        } catch (err) {}
+
+        throw new Error('Native crypto module could not be used to get secure random number.');
+    };
+
     /*
      * Local polyfil of Object.create
      */
@@ -289,26 +317,8 @@ var CryptoJS = CryptoJS || (function (Math, undefined) {
         random: function (nBytes) {
             var words = [];
 
-            var r = function (m_w) {
-                var m_w = m_w;
-                var m_z = 0x3ade68b1;
-                var mask = 0xffffffff;
-
-                return function () {
-                    m_z = (0x9069 * (m_z & 0xFFFF) + (m_z >> 0x10)) & mask;
-                    m_w = (0x4650 * (m_w & 0xFFFF) + (m_w >> 0x10)) & mask;
-                    var result = ((m_z << 0x10) + m_w) & mask;
-                    result /= 0x100000000;
-                    result += 0.5;
-                    return result * (Math.random() > 0.5 ? 1 : -1);
-                }
-            };
-
-            for (var i = 0, rcache; i < nBytes; i += 4) {
-                var _r = r((rcache || Math.random()) * 0x100000000);
-
-                rcache = _r() * 0x3ade67b7;
-                words.push((_r() * 0x100000000) | 0);
+            for (var i = 0; i < nBytes; i += 4) {
+                words.push((secureRandom() * 0x100000000) | 0);
             }
 
             return new WordArray.init(words, nBytes);
@@ -540,7 +550,7 @@ var CryptoJS = CryptoJS || (function (Math, undefined) {
          */
         _process: function (doFlush) {
             var processedWords;
-            
+
             // Shortcuts
             var data = this._data;
             var dataWords = data.words;