author | Clipperz <info@clipperz.com> | 2013-01-31 13:42:04 (UTC) |
---|---|---|
committer | Clipperz <info@clipperz.com> | 2013-01-31 13:42:04 (UTC) |
commit | 07d0357beef5d9328a2dd8d07ad7b39c87ac55e4 (patch) (unidiff) | |
tree | f7a4aed8848302db153c2a211f8e58b944eb4c5b /frontend/beta/js/Clipperz/Crypto/BigInt_scoped.js | |
parent | 767a3dcf48b6ac911c088af5dd7738a728eb6b99 (diff) | |
download | clipperz-07d0357beef5d9328a2dd8d07ad7b39c87ac55e4.zip clipperz-07d0357beef5d9328a2dd8d07ad7b39c87ac55e4.tar.gz clipperz-07d0357beef5d9328a2dd8d07ad7b39c87ac55e4.tar.bz2 |
Updated Copyright claims
- updated reference dates;
- removed reference to Community Edition;
- normalized logging using Clipperz.log[Warn|Error|Debug]
Diffstat (limited to 'frontend/beta/js/Clipperz/Crypto/BigInt_scoped.js') (more/less context) (ignore whitespace changes)
-rw-r--r-- | frontend/beta/js/Clipperz/Crypto/BigInt_scoped.js | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/frontend/beta/js/Clipperz/Crypto/BigInt_scoped.js b/frontend/beta/js/Clipperz/Crypto/BigInt_scoped.js index f91c7e9..bc60330 100644 --- a/frontend/beta/js/Clipperz/Crypto/BigInt_scoped.js +++ b/frontend/beta/js/Clipperz/Crypto/BigInt_scoped.js | |||
@@ -1,214 +1,212 @@ | |||
1 | /* | 1 | /* |
2 | 2 | ||
3 | Copyright 2008-2011 Clipperz Srl | 3 | Copyright 2008-2013 Clipperz Srl |
4 | 4 | ||
5 | This file is part of Clipperz Community Edition. | 5 | This file is part of Clipperz, the online password manager. |
6 | Clipperz Community Edition is an online password manager. | ||
7 | For further information about its features and functionalities please | 6 | For further information about its features and functionalities please |
8 | refer to http://www.clipperz.com. | 7 | refer to http://www.clipperz.com. |
9 | 8 | ||
10 | * Clipperz Community Edition is free software: you can redistribute | 9 | * Clipperz is free software: you can redistribute it and/or modify it |
11 | it and/or modify it under the terms of the GNU Affero General Public | 10 | under the terms of the GNU Affero General Public License as published |
12 | License as published by the Free Software Foundation, either version | 11 | by the Free Software Foundation, either version 3 of the License, or |
13 | 3 of the License, or (at your option) any later version. | 12 | (at your option) any later version. |
14 | 13 | ||
15 | * Clipperz Community Edition is distributed in the hope that it will | 14 | * Clipperz is distributed in the hope that it will be useful, but |
16 | be useful, but WITHOUT ANY WARRANTY; without even the implied | 15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
17 | warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | 16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
18 | See the GNU Affero General Public License for more details. | 17 | See the GNU Affero General Public License for more details. |
19 | 18 | ||
20 | * You should have received a copy of the GNU Affero General Public | 19 | * You should have received a copy of the GNU Affero General Public |
21 | License along with Clipperz Community Edition. If not, see | 20 | License along with Clipperz. If not, see http://www.gnu.org/licenses/. |
22 | <http://www.gnu.org/licenses/>. | ||
23 | 21 | ||
24 | */ | 22 | */ |
25 | 23 | ||
26 | if (typeof(Clipperz) == 'undefined') { Clipperz = {}; } | 24 | if (typeof(Clipperz) == 'undefined') { Clipperz = {}; } |
27 | if (typeof(Clipperz.Crypto) == 'undefined') { Clipperz.Crypto = {}; } | 25 | if (typeof(Clipperz.Crypto) == 'undefined') { Clipperz.Crypto = {}; } |
28 | 26 | ||
29 | if (typeof(Leemon) == 'undefined') { Leemon = {}; } | 27 | if (typeof(Leemon) == 'undefined') { Leemon = {}; } |
30 | if (typeof(Baird.Crypto) == 'undefined') { Baird.Crypto = {}; } | 28 | if (typeof(Baird.Crypto) == 'undefined') { Baird.Crypto = {}; } |
31 | if (typeof(Baird.Crypto.BigInt) == 'undefined') { Baird.Crypto.BigInt = {}; } | 29 | if (typeof(Baird.Crypto.BigInt) == 'undefined') { Baird.Crypto.BigInt = {}; } |
32 | 30 | ||
33 | 31 | ||
34 | //############################################################################# | 32 | //############################################################################# |
35 | //Downloaded on March 05, 2007 from http://www.leemon.com/crypto/BigInt.js | 33 | //Downloaded on March 05, 2007 from http://www.leemon.com/crypto/BigInt.js |
36 | //############################################################################# | 34 | //############################################################################# |
37 | 35 | ||
38 | //////////////////////////////////////////////////////////////////////////////////////// | 36 | //////////////////////////////////////////////////////////////////////////////////////// |
39 | // Big Integer Library v. 5.0 | 37 | // Big Integer Library v. 5.0 |
40 | // Created 2000, last modified 2006 | 38 | // Created 2000, last modified 2006 |
41 | // Leemon Baird | 39 | // Leemon Baird |
42 | // www.leemon.com | 40 | // www.leemon.com |
43 | // | 41 | // |
44 | // This file is public domain. You can use it for any purpose without restriction. | 42 | // This file is public domain. You can use it for any purpose without restriction. |
45 | // I do not guarantee that it is correct, so use it at your own risk. If you use | 43 | // I do not guarantee that it is correct, so use it at your own risk. If you use |
46 | // it for something interesting, I'd appreciate hearing about it. If you find | 44 | // it for something interesting, I'd appreciate hearing about it. If you find |
47 | // any bugs or make any improvements, I'd appreciate hearing about those too. | 45 | // any bugs or make any improvements, I'd appreciate hearing about those too. |
48 | // It would also be nice if my name and address were left in the comments. | 46 | // It would also be nice if my name and address were left in the comments. |
49 | // But none of that is required. | 47 | // But none of that is required. |
50 | // | 48 | // |
51 | // This code defines a bigInt library for arbitrary-precision integers. | 49 | // This code defines a bigInt library for arbitrary-precision integers. |
52 | // A bigInt is an array of integers storing the value in chunks of bpe bits, | 50 | // A bigInt is an array of integers storing the value in chunks of bpe bits, |
53 | // little endian (buff[0] is the least significant word). | 51 | // little endian (buff[0] is the least significant word). |
54 | // Negative bigInts are stored two's complement. | 52 | // Negative bigInts are stored two's complement. |
55 | // Some functions assume their parameters have at least one leading zero element. | 53 | // Some functions assume their parameters have at least one leading zero element. |
56 | // Functions with an underscore at the end of the name have unpredictable behavior in case of overflow, | 54 | // Functions with an underscore at the end of the name have unpredictable behavior in case of overflow, |
57 | // so the caller must make sure overflow won't happen. | 55 | // so the caller must make sure overflow won't happen. |
58 | // For each function where a parameter is modified, that same | 56 | // For each function where a parameter is modified, that same |
59 | // variable must not be used as another argument too. | 57 | // variable must not be used as another argument too. |
60 | // So, you cannot square x by doing multMod_(x,x,n). | 58 | // So, you cannot square x by doing multMod_(x,x,n). |
61 | // You must use squareMod_(x,n) instead, or do y=dup(x); multMod_(x,y,n). | 59 | // You must use squareMod_(x,n) instead, or do y=dup(x); multMod_(x,y,n). |
62 | // | 60 | // |
63 | // These functions are designed to avoid frequent dynamic memory allocation in the inner loop. | 61 | // These functions are designed to avoid frequent dynamic memory allocation in the inner loop. |
64 | // For most functions, if it needs a BigInt as a local variable it will actually use | 62 | // For most functions, if it needs a BigInt as a local variable it will actually use |
65 | // a global, and will only allocate to it when it's not the right size. This ensures | 63 | // a global, and will only allocate to it when it's not the right size. This ensures |
66 | // that when a function is called repeatedly with same-sized parameters, it only allocates | 64 | // that when a function is called repeatedly with same-sized parameters, it only allocates |
67 | // memory on the first call. | 65 | // memory on the first call. |
68 | // | 66 | // |
69 | // Note that for cryptographic purposes, the calls to Math.random() must | 67 | // Note that for cryptographic purposes, the calls to Math.random() must |
70 | // be replaced with calls to a better pseudorandom number generator. | 68 | // be replaced with calls to a better pseudorandom number generator. |
71 | // | 69 | // |
72 | // In the following, "bigInt" means a bigInt with at least one leading zero element, | 70 | // In the following, "bigInt" means a bigInt with at least one leading zero element, |
73 | // and "integer" means a nonnegative integer less than radix. In some cases, integer | 71 | // and "integer" means a nonnegative integer less than radix. In some cases, integer |
74 | // can be negative. Negative bigInts are 2s complement. | 72 | // can be negative. Negative bigInts are 2s complement. |
75 | // | 73 | // |
76 | // The following functions do not modify their inputs, but dynamically allocate memory every time they are called: | 74 | // The following functions do not modify their inputs, but dynamically allocate memory every time they are called: |
77 | // | 75 | // |
78 | // function bigInt2str(x,base) //convert a bigInt into a string in a given base, from base 2 up to base 95 | 76 | // function bigInt2str(x,base) //convert a bigInt into a string in a given base, from base 2 up to base 95 |
79 | // function dup(x) //returns a copy of bigInt x | 77 | // function dup(x) //returns a copy of bigInt x |
80 | // function findPrimes(n) //return array of all primes less than integer n | 78 | // function findPrimes(n) //return array of all primes less than integer n |
81 | // function int2bigInt(t,n,m) //convert integer t to a bigInt with at least n bits and m array elements | 79 | // function int2bigInt(t,n,m) //convert integer t to a bigInt with at least n bits and m array elements |
82 | // function str2bigInt(s,b,n,m) //convert string s in base b to a bigInt with at least n bits and m array elements | 80 | // function str2bigInt(s,b,n,m) //convert string s in base b to a bigInt with at least n bits and m array elements |
83 | // function trim(x,k) //return a copy of x with exactly k leading zero elements | 81 | // function trim(x,k) //return a copy of x with exactly k leading zero elements |
84 | // | 82 | // |
85 | // The following functions do not modify their inputs, so there is never a problem with the result being too big: | 83 | // The following functions do not modify their inputs, so there is never a problem with the result being too big: |
86 | // | 84 | // |
87 | // function bitSize(x) //returns how many bits long the bigInt x is, not counting leading zeros | 85 | // function bitSize(x) //returns how many bits long the bigInt x is, not counting leading zeros |
88 | // function equals(x,y) //is the bigInt x equal to the bigint y? | 86 | // function equals(x,y) //is the bigInt x equal to the bigint y? |
89 | // function equalsInt(x,y) //is bigint x equal to integer y? | 87 | // function equalsInt(x,y) //is bigint x equal to integer y? |
90 | // function greater(x,y) //is x>y? (x and y are nonnegative bigInts) | 88 | // function greater(x,y) //is x>y? (x and y are nonnegative bigInts) |
91 | // function greaterShift(x,y,shift)//is (x <<(shift*bpe)) > y? | 89 | // function greaterShift(x,y,shift)//is (x <<(shift*bpe)) > y? |
92 | // function isZero(x) //is the bigInt x equal to zero? | 90 | // function isZero(x) //is the bigInt x equal to zero? |
93 | // function millerRabin(x,b) //does one round of Miller-Rabin base integer b say that bigInt x is possibly prime (as opposed to definitely composite)? | 91 | // function millerRabin(x,b) //does one round of Miller-Rabin base integer b say that bigInt x is possibly prime (as opposed to definitely composite)? |
94 | // function modInt(x,n) //return x mod n for bigInt x and integer n. | 92 | // function modInt(x,n) //return x mod n for bigInt x and integer n. |
95 | // function negative(x) //is bigInt x negative? | 93 | // function negative(x) //is bigInt x negative? |
96 | // | 94 | // |
97 | // The following functions do not modify their inputs, but allocate memory and call functions with underscores | 95 | // The following functions do not modify their inputs, but allocate memory and call functions with underscores |
98 | // | 96 | // |
99 | // function add(x,y) //return (x+y) for bigInts x and y. | 97 | // function add(x,y) //return (x+y) for bigInts x and y. |
100 | // function addInt(x,n) //return (x+n) where x is a bigInt and n is an integer. | 98 | // function addInt(x,n) //return (x+n) where x is a bigInt and n is an integer. |
101 | // function expand(x,n) //return a copy of x with at least n elements, adding leading zeros if needed | 99 | // function expand(x,n) //return a copy of x with at least n elements, adding leading zeros if needed |
102 | // function inverseMod(x,n) //return (x**(-1) mod n) for bigInts x and n. If no inverse exists, it returns null | 100 | // function inverseMod(x,n) //return (x**(-1) mod n) for bigInts x and n. If no inverse exists, it returns null |
103 | // function mod(x,n) //return a new bigInt equal to (x mod n) for bigInts x and n. | 101 | // function mod(x,n) //return a new bigInt equal to (x mod n) for bigInts x and n. |
104 | // function mult(x,y) //return x*y for bigInts x and y. This is faster when y<x. | 102 | // function mult(x,y) //return x*y for bigInts x and y. This is faster when y<x. |
105 | // function multMod(x,y,n) //return (x*y mod n) for bigInts x,y,n. For greater speed, let y<x. | 103 | // function multMod(x,y,n) //return (x*y mod n) for bigInts x,y,n. For greater speed, let y<x. |
106 | // function powMod(x,y,n) //return (x**y mod n) where x,y,n are bigInts and ** is exponentiation. 0**0=1. Faster for odd n. | 104 | // function powMod(x,y,n) //return (x**y mod n) where x,y,n are bigInts and ** is exponentiation. 0**0=1. Faster for odd n. |
107 | // function randTruePrime(k) //return a new, random, k-bit, true prime using Maurer's algorithm. | 105 | // function randTruePrime(k) //return a new, random, k-bit, true prime using Maurer's algorithm. |
108 | // function sub(x,y) //return (x-y) for bigInts x and y. Negative answers will be 2s complement | 106 | // function sub(x,y) //return (x-y) for bigInts x and y. Negative answers will be 2s complement |
109 | // | 107 | // |
110 | // The following functions write a bigInt result to one of the parameters, but | 108 | // The following functions write a bigInt result to one of the parameters, but |
111 | // the result is never bigger than the original, so there can't be overflow problems: | 109 | // the result is never bigger than the original, so there can't be overflow problems: |
112 | // | 110 | // |
113 | // function divInt_(x,n) //do x=floor(x/n) for bigInt x and integer n, and return the remainder | 111 | // function divInt_(x,n) //do x=floor(x/n) for bigInt x and integer n, and return the remainder |
114 | // function GCD_(x,y) //set x to the greatest common divisor of bigInts x and y, (y is destroyed). | 112 | // function GCD_(x,y) //set x to the greatest common divisor of bigInts x and y, (y is destroyed). |
115 | // function halve_(x) //do x=floor(|x|/2)*sgn(x) for bigInt x in 2's complement | 113 | // function halve_(x) //do x=floor(|x|/2)*sgn(x) for bigInt x in 2's complement |
116 | // function mod_(x,n) //do x=x mod n for bigInts x and n. | 114 | // function mod_(x,n) //do x=x mod n for bigInts x and n. |
117 | // function rightShift_(x,n) //right shift bigInt x by n bits. 0 <= n < bpe. | 115 | // function rightShift_(x,n) //right shift bigInt x by n bits. 0 <= n < bpe. |
118 | // | 116 | // |
119 | // The following functions write a bigInt result to one of the parameters. The caller is responsible for | 117 | // The following functions write a bigInt result to one of the parameters. The caller is responsible for |
120 | // ensuring it is large enough to hold the result. | 118 | // ensuring it is large enough to hold the result. |
121 | // | 119 | // |
122 | // function addInt_(x,n) //do x=x+n where x is a bigInt and n is an integer | 120 | // function addInt_(x,n) //do x=x+n where x is a bigInt and n is an integer |
123 | // function add_(x,y) //do x=x+y for bigInts x and y | 121 | // function add_(x,y) //do x=x+y for bigInts x and y |
124 | // function addShift_(x,y,ys) //do x=x+(y<<(ys*bpe)) | 122 | // function addShift_(x,y,ys) //do x=x+(y<<(ys*bpe)) |
125 | // function copy_(x,y) //do x=y on bigInts x and y | 123 | // function copy_(x,y) //do x=y on bigInts x and y |
126 | // function copyInt_(x,n) //do x=n on bigInt x and integer n | 124 | // function copyInt_(x,n) //do x=n on bigInt x and integer n |
127 | // function carry_(x) //do carries and borrows so each element of the bigInt x fits in bpe bits. | 125 | // function carry_(x) //do carries and borrows so each element of the bigInt x fits in bpe bits. |
128 | // function divide_(x,y,q,r) //divide_ x by y giving quotient q and remainder r | 126 | // function divide_(x,y,q,r) //divide_ x by y giving quotient q and remainder r |
129 | // function eGCD_(x,y,d,a,b) //sets a,b,d to positive big integers such that d = GCD_(x,y) = a*x-b*y | 127 | // function eGCD_(x,y,d,a,b) //sets a,b,d to positive big integers such that d = GCD_(x,y) = a*x-b*y |
130 | // function inverseMod_(x,n) //do x=x**(-1) mod n, for bigInts x and n. Returns 1 (0) if inverse does (doesn't) exist | 128 | // function inverseMod_(x,n) //do x=x**(-1) mod n, for bigInts x and n. Returns 1 (0) if inverse does (doesn't) exist |
131 | // function inverseModInt_(x,n) //return x**(-1) mod n, for integers x and n. Return 0 if there is no inverse | 129 | // function inverseModInt_(x,n) //return x**(-1) mod n, for integers x and n. Return 0 if there is no inverse |
132 | // function leftShift_(x,n) //left shift bigInt x by n bits. n<bpe. | 130 | // function leftShift_(x,n) //left shift bigInt x by n bits. n<bpe. |
133 | // function linComb_(x,y,a,b) //do x=a*x+b*y for bigInts x and y and integers a and b | 131 | // function linComb_(x,y,a,b) //do x=a*x+b*y for bigInts x and y and integers a and b |
134 | // function linCombShift_(x,y,b,ys) //do x=x+b*(y<<(ys*bpe)) for bigInts x and y, and integers b and ys | 132 | // function linCombShift_(x,y,b,ys) //do x=x+b*(y<<(ys*bpe)) for bigInts x and y, and integers b and ys |
135 | // function mont_(x,y,n,np) //Montgomery multiplication (see comments where the function is defined) | 133 | // function mont_(x,y,n,np) //Montgomery multiplication (see comments where the function is defined) |
136 | // function mult_(x,y) //do x=x*y for bigInts x and y. | 134 | // function mult_(x,y) //do x=x*y for bigInts x and y. |
137 | // function multInt_(x,n) //do x=x*n where x is a bigInt and n is an integer. | 135 | // function multInt_(x,n) //do x=x*n where x is a bigInt and n is an integer. |
138 | // function multMod_(x,y,n) //do x=x*y mod n for bigInts x,y,n. | 136 | // function multMod_(x,y,n) //do x=x*y mod n for bigInts x,y,n. |
139 | // function powMod_(x,y,n) //do x=x**y mod n, where x,y,n are bigInts (n is odd) and ** is exponentiation. 0**0=1. | 137 | // function powMod_(x,y,n) //do x=x**y mod n, where x,y,n are bigInts (n is odd) and ** is exponentiation. 0**0=1. |
140 | // function randBigInt_(b,n,s) //do b = an n-bit random BigInt. if s=1, then nth bit (most significant bit) is set to 1. n>=1. | 138 | // function randBigInt_(b,n,s) //do b = an n-bit random BigInt. if s=1, then nth bit (most significant bit) is set to 1. n>=1. |
141 | // function randTruePrime_(ans,k) //do ans = a random k-bit true random prime (not just probable prime) with 1 in the msb. | 139 | // function randTruePrime_(ans,k) //do ans = a random k-bit true random prime (not just probable prime) with 1 in the msb. |
142 | // function squareMod_(x,n) //do x=x*x mod n for bigInts x,n | 140 | // function squareMod_(x,n) //do x=x*x mod n for bigInts x,n |
143 | // function sub_(x,y) //do x=x-y for bigInts x and y. Negative answers will be 2s complement. | 141 | // function sub_(x,y) //do x=x-y for bigInts x and y. Negative answers will be 2s complement. |
144 | // function subShift_(x,y,ys) //do x=x-(y<<(ys*bpe)). Negative answers will be 2s complement. | 142 | // function subShift_(x,y,ys) //do x=x-(y<<(ys*bpe)). Negative answers will be 2s complement. |
145 | // | 143 | // |
146 | // The following functions are based on algorithms from the _Handbook of Applied Cryptography_ | 144 | // The following functions are based on algorithms from the _Handbook of Applied Cryptography_ |
147 | // powMod_() = algorithm 14.94, Montgomery exponentiation | 145 | // powMod_() = algorithm 14.94, Montgomery exponentiation |
148 | // eGCD_,inverseMod_() = algorithm 14.61, Binary extended GCD_ | 146 | // eGCD_,inverseMod_() = algorithm 14.61, Binary extended GCD_ |
149 | // GCD_() = algorothm 14.57, Lehmer's algorithm | 147 | // GCD_() = algorothm 14.57, Lehmer's algorithm |
150 | // mont_() = algorithm 14.36, Montgomery multiplication | 148 | // mont_() = algorithm 14.36, Montgomery multiplication |
151 | // divide_() = algorithm 14.20 Multiple-precision division | 149 | // divide_() = algorithm 14.20 Multiple-precision division |
152 | // squareMod_() = algorithm 14.16 Multiple-precision squaring | 150 | // squareMod_() = algorithm 14.16 Multiple-precision squaring |
153 | // randTruePrime_() = algorithm 4.62, Maurer's algorithm | 151 | // randTruePrime_() = algorithm 4.62, Maurer's algorithm |
154 | // millerRabin() = algorithm 4.24, Miller-Rabin algorithm | 152 | // millerRabin() = algorithm 4.24, Miller-Rabin algorithm |
155 | // | 153 | // |
156 | // Profiling shows: | 154 | // Profiling shows: |
157 | // randTruePrime_() spends: | 155 | // randTruePrime_() spends: |
158 | // 10% of its time in calls to powMod_() | 156 | // 10% of its time in calls to powMod_() |
159 | // 85% of its time in calls to millerRabin() | 157 | // 85% of its time in calls to millerRabin() |
160 | // millerRabin() spends: | 158 | // millerRabin() spends: |
161 | // 99% of its time in calls to powMod_() (always with a base of 2) | 159 | // 99% of its time in calls to powMod_() (always with a base of 2) |
162 | // powMod_() spends: | 160 | // powMod_() spends: |
163 | // 94% of its time in calls to mont_() (almost always with x==y) | 161 | // 94% of its time in calls to mont_() (almost always with x==y) |
164 | // | 162 | // |
165 | // This suggests there are several ways to speed up this library slightly: | 163 | // This suggests there are several ways to speed up this library slightly: |
166 | // - convert powMod_ to use a Montgomery form of k-ary window (or maybe a Montgomery form of sliding window) | 164 | // - convert powMod_ to use a Montgomery form of k-ary window (or maybe a Montgomery form of sliding window) |
167 | // -- this should especially focus on being fast when raising 2 to a power mod n | 165 | // -- this should especially focus on being fast when raising 2 to a power mod n |
168 | // - convert randTruePrime_() to use a minimum r of 1/3 instead of 1/2 with the appropriate change to the test | 166 | // - convert randTruePrime_() to use a minimum r of 1/3 instead of 1/2 with the appropriate change to the test |
169 | // - tune the parameters in randTruePrime_(), including c, m, and recLimit | 167 | // - tune the parameters in randTruePrime_(), including c, m, and recLimit |
170 | // - speed up the single loop in mont_() that takes 95% of the runtime, perhaps by reducing checking | 168 | // - speed up the single loop in mont_() that takes 95% of the runtime, perhaps by reducing checking |
171 | // within the loop when all the parameters are the same length. | 169 | // within the loop when all the parameters are the same length. |
172 | // | 170 | // |
173 | // There are several ideas that look like they wouldn't help much at all: | 171 | // There are several ideas that look like they wouldn't help much at all: |
174 | // - replacing trial division in randTruePrime_() with a sieve (that speeds up something taking almost no time anyway) | 172 | // - replacing trial division in randTruePrime_() with a sieve (that speeds up something taking almost no time anyway) |
175 | // - increase bpe from 15 to 30 (that would help if we had a 32*32->64 multiplier, but not with JavaScript's 32*32->32) | 173 | // - increase bpe from 15 to 30 (that would help if we had a 32*32->64 multiplier, but not with JavaScript's 32*32->32) |
176 | // - speeding up mont_(x,y,n,np) when x==y by doing a non-modular, non-Montgomery square | 174 | // - speeding up mont_(x,y,n,np) when x==y by doing a non-modular, non-Montgomery square |
177 | // followed by a Montgomery reduction. The intermediate answer will be twice as long as x, so that | 175 | // followed by a Montgomery reduction. The intermediate answer will be twice as long as x, so that |
178 | // method would be slower. This is unfortunate because the code currently spends almost all of its time | 176 | // method would be slower. This is unfortunate because the code currently spends almost all of its time |
179 | // doing mont_(x,x,...), both for randTruePrime_() and powMod_(). A faster method for Montgomery squaring | 177 | // doing mont_(x,x,...), both for randTruePrime_() and powMod_(). A faster method for Montgomery squaring |
180 | // would have a large impact on the speed of randTruePrime_() and powMod_(). HAC has a couple of poorly-worded | 178 | // would have a large impact on the speed of randTruePrime_() and powMod_(). HAC has a couple of poorly-worded |
181 | // sentences that seem to imply it's faster to do a non-modular square followed by a single | 179 | // sentences that seem to imply it's faster to do a non-modular square followed by a single |
182 | // Montgomery reduction, but that's obviously wrong. | 180 | // Montgomery reduction, but that's obviously wrong. |
183 | //////////////////////////////////////////////////////////////////////////////////////// | 181 | //////////////////////////////////////////////////////////////////////////////////////// |
184 | 182 | ||
185 | // | 183 | // |
186 | //The whole library has been moved into the Baird.Crypto.BigInt scope by Giulio Cesare Solaroli <giulio.cesare@clipperz.com> | 184 | //The whole library has been moved into the Baird.Crypto.BigInt scope by Giulio Cesare Solaroli <giulio.cesare@clipperz.com> |
187 | // | 185 | // |
188 | Baird.Crypto.BigInt.VERSION = "5.0"; | 186 | Baird.Crypto.BigInt.VERSION = "5.0"; |
189 | Baird.Crypto.BigInt.NAME = "Baird.Crypto.BigInt"; | 187 | Baird.Crypto.BigInt.NAME = "Baird.Crypto.BigInt"; |
190 | 188 | ||
191 | MochiKit.Base.update(Baird.Crypto.BigInt, { | 189 | MochiKit.Base.update(Baird.Crypto.BigInt, { |
192 | //globals | 190 | //globals |
193 | 'bpe': 0, //bits stored per array element | 191 | 'bpe': 0, //bits stored per array element |
194 | 'mask': 0, //AND this with an array element to chop it down to bpe bits | 192 | 'mask': 0, //AND this with an array element to chop it down to bpe bits |
195 | 'radix': Baird.Crypto.BigInt.mask + 1,//equals 2^bpe. A single 1 bit to the left of the last bit of mask. | 193 | 'radix': Baird.Crypto.BigInt.mask + 1,//equals 2^bpe. A single 1 bit to the left of the last bit of mask. |
196 | 194 | ||
197 | //the digits for converting to different bases | 195 | //the digits for converting to different bases |
198 | 'digitsStr': '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_=!@#$%^&*()[]{}|;:,.<>/?`~ \\\'\"+-', | 196 | 'digitsStr': '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_=!@#$%^&*()[]{}|;:,.<>/?`~ \\\'\"+-', |
199 | 197 | ||
200 | //initialize the global variables | 198 | //initialize the global variables |
201 | for (bpe=0; (1<<(bpe+1)) > (1<<bpe); bpe++); //bpe=number of bits in the mantissa on this platform | 199 | for (bpe=0; (1<<(bpe+1)) > (1<<bpe); bpe++); //bpe=number of bits in the mantissa on this platform |
202 | bpe>>=1; //bpe=number of bits in one element of the array representing the bigInt | 200 | bpe>>=1; //bpe=number of bits in one element of the array representing the bigInt |
203 | mask=(1<<bpe)-1; //AND the mask with an integer to get its bpe least significant bits | 201 | mask=(1<<bpe)-1; //AND the mask with an integer to get its bpe least significant bits |
204 | radix=mask+1; //2^bpe. a single 1 bit to the left of the first bit of mask | 202 | radix=mask+1; //2^bpe. a single 1 bit to the left of the first bit of mask |
205 | one=int2bigInt(1,1,1); //constant used in powMod_() | 203 | one=int2bigInt(1,1,1); //constant used in powMod_() |
206 | 204 | ||
207 | //the following global variables are scratchpad memory to | 205 | //the following global variables are scratchpad memory to |
208 | //reduce dynamic memory allocation in the inner loop | 206 | //reduce dynamic memory allocation in the inner loop |
209 | t=new Array(0); | 207 | t=new Array(0); |
210 | ss=t; //used in mult_() | 208 | ss=t; //used in mult_() |
211 | s0=t; //used in multMod_(), squareMod_() | 209 | s0=t; //used in multMod_(), squareMod_() |
212 | s1=t; //used in powMod_(), multMod_(), squareMod_() | 210 | s1=t; //used in powMod_(), multMod_(), squareMod_() |
213 | s2=t; //used in powMod_(), multMod_() | 211 | s2=t; //used in powMod_(), multMod_() |
214 | s3=t; //used in powMod_() | 212 | s3=t; //used in powMod_() |