65.9K
CodeProject is changing. Read more.
Home

Extensions for the Microsoft AJAX Framework

starIconstarIconstarIconstarIcon
emptyStarIcon
starIcon

4.25/5 (7 votes)

Jul 9, 2007

Ms-PL

3 min read

viewsIcon

55641

downloadIcon

150

Provides cryptographic services including secure encoding and decoding of data, as well as hashing and random number generation, and new methods for JavaScript native objects.

Introduction

Here, I present a JavaScript library that extends the Microsoft AJAX Framework with new classes. Undoubtedly, the Microsoft AJAX Framework is great. However, it doesn't provide or emulate all the classes and functionality that the .NET Framework does. That's why I decided to extend the Microsoft AJAX Framework with some classes and methods that the .NET BCL provides, and which can be useful in a JavaScript environment.

Currently, the library includes three files: Sys.Core.js, Sys.Text.js, and Sys.Crypto.js.

  • Similar to .NET 3.5 that provides additional classes through the new System.Core.dll, Sys.Core.js provides additional methods for JavaScript native objects and some new classes like Sys.Convert.
  • Sys.Text.js contains classes representing ASCII, Unicode, UTF-7, UTF-8, and UTF-32 character encoding. These classes are helpful for data encoding or decoding and in Cryptography services.
  • Sys.Crypto.js provides cryptographic services including secure encoding and decoding of data, as well as hashing and random number generation, like the System.Security.Cryptography namespace in the .NET Framework.

In this article, I will describe how to use the cryptographic services this library provides.

Let's compare the most current and popular implementation of MD5 - Paul Johnston's implementation in JavaScript, with the one we have in this library. First, Johnston's implementation requires string as an input. What does this mean? This means, you cannot use any encoding you want. For example, if you hash some non-ASCII string with Johnston's implementation and compare it with the hash computed with .NET's widely-known FormsAuthentication.HashPasswordForStoringInConfigFile method, you'll see they do not match. Why? Because, the HashPasswordForStoringInConfigFile method uses UTF-8 that Johnston's implementation is unable to provide. A cryptographic algorithm should not care about strings and encodings. It should work only with bytes, like .NET works. Next is the performance. The Sys.Crypto.MD5CryptoServiceProvider class works about 6 - 8 times faster than Johnston's one (much here depends on the browser).

Let's see how to use the class mentioned above.

Using the code

Using the MD5 algorithm:

var buff = Sys.Text.Encoding.UTF8.getBytes("abc");
var md5 = Sys.Crypto.MD5.create();
var hash = md5.computeHash(buff);

window.alert(Sys.Convert.toBase64String(hash));

Compared with C# code:

byte[] buff = System.Text.Encoding.UTF8.GetBytes("abc");
MD5 md5 = System.Security.Cryptography.MD5.Create();
byte[] hash = md5.ComputeHash(buff);

Console.WriteLine(System.Convert.ToBase64String(hash));

The Sys.Crypto namespace provides classes for the following algorithms: MD5, SHA-1, SHA-256, HMAC, and Rijndael/AES. Let's see how to use them.

SHA1 Algorithm

var buff = Sys.Text.Encoding.UTF8.getBytes("abc");
var sha1= Sys.Crypto.SHA1.create();
var hash = sha1.computeHash(buff);

window.alert(Sys.Convert.toBase64String(hash));

HMAC Algorithm

var hmac = new Sys.Crypto.HMAC("SHA1");
// currently supported SHA256, SHA1, and MD5

var key = Sys.Text.Encoding.BigEndianUnicode.getBytes("Key to mix");

hmac.set_key(key);
// if key is not provided, a random genereted key will be used


var buffer = Sys.Text.Encoding.BigEndianUnicode.getBytes("Hello World!");
var hash = hmac.computeHash(buffer);

window.alert(Sys.Convert.toBase64String(hash));

AES Algorithm

var aes = new Sys.Crypto.Aes.create();

// encrypting

var aesEnc = aes.createEncryptor();
var buffer = Sys.Text.Encoding.ASCII.getBytes("Hello World!");
var encrypted = aesEnc.transform(buffer);

window.alert(Sys.Convert.toBase64String(encrypted));

// decrypting

var aesDec = aes.createDecryptor();
var decrypted = aesDec.transform(encrypted);

window.alert(Sys.Text.Encoding.ASCII.getString(decrypted));

The Sys.Text namespace classes, now, are fixed according to Microsoft KB940521 (security bulletin MS07-040), except the UTF7Encoding class which will be fixed in future or be removed from the library.

Here, I introduce the Sys.Crypto namespace in a nutshell. For complete documentation of this namespace and its base and abstract classes (not mentioned here), see the attached files. Actually, currently, there is no any documentation for the classes in Sys.Core.js. See the source code instead.

In the near future, I plan to release XML (?) and Drawing classes. Well, since we have Silverlight I guess Drawing API is needless. I'm also not sure about XML API although you'll have the same API for all browsers.

Added SHA-256 hash algorithm support.

Any feedback, suggestions, performance improvements, or critics will be welcome and appreciated.

Also available at CodePlex.