summaryrefslogtreecommitdiff
path: root/frontend/beta/js/Clipperz/Crypto/Base.js
Side-by-side diff
Diffstat (limited to 'frontend/beta/js/Clipperz/Crypto/Base.js') (more/less context) (ignore whitespace changes)
-rw-r--r--frontend/beta/js/Clipperz/Crypto/Base.js22
1 files changed, 10 insertions, 12 deletions
diff --git a/frontend/beta/js/Clipperz/Crypto/Base.js b/frontend/beta/js/Clipperz/Crypto/Base.js
index d3a8e36..9acfc49 100644
--- a/frontend/beta/js/Clipperz/Crypto/Base.js
+++ b/frontend/beta/js/Clipperz/Crypto/Base.js
@@ -1,406 +1,404 @@
/*
-Copyright 2008-2011 Clipperz Srl
+Copyright 2008-2013 Clipperz Srl
-This file is part of Clipperz Community Edition.
-Clipperz Community Edition is an online password manager.
+This file is part of Clipperz, the online password manager.
For further information about its features and functionalities please
refer to http://www.clipperz.com.
-* Clipperz Community Edition is free software: you can redistribute
- it and/or modify it under the terms of the GNU Affero General Public
- License as published by the Free Software Foundation, either version
- 3 of the License, or (at your option) any later version.
+* Clipperz is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
-* Clipperz Community Edition is distributed in the hope that it will
- be useful, but WITHOUT ANY WARRANTY; without even the implied
- warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+* Clipperz is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU Affero General Public License for more details.
* You should have received a copy of the GNU Affero General Public
- License along with Clipperz Community Edition. If not, see
- <http://www.gnu.org/licenses/>.
+ License along with Clipperz. If not, see http://www.gnu.org/licenses/.
*/
try { if (typeof(Clipperz.Base) == 'undefined') { throw ""; }} catch (e) {
throw "Clipperz.Crypto.Base depends on Clipperz.Base!";
}
if (typeof(Clipperz.Crypto) == 'undefined') { Clipperz.Crypto = {}; }
if (typeof(Clipperz.Crypto.Base) == 'undefined') { Clipperz.Crypto.Base = {}; }
Clipperz.Crypto.Base.VERSION = "0.1";
Clipperz.Crypto.Base.NAME = "Clipperz.Crypto.Base";
//#############################################################################
// Downloaded on March 30, 2006 from http://anmar.eu.org/projects/jssha2/files/jssha2-0.3.zip (jsSha2/sha256.js)
//#############################################################################
/* A JavaScript implementation of the Secure Hash Algorithm, SHA-256
* Version 0.3 Copyright Angel Marin 2003-2004 - http://anmar.eu.org/
* Distributed under the BSD License
* Some bits taken from Paul Johnston's SHA-1 implementation
*/
var chrsz = 8; /* bits per input character. 8 - ASCII; 16 - Unicode */
function safe_add (x, y) {
var lsw = (x & 0xFFFF) + (y & 0xFFFF);
var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
return (msw << 16) | (lsw & 0xFFFF);
}
function S (X, n) {return ( X >>> n ) | (X << (32 - n));}
function R (X, n) {return ( X >>> n );}
function Ch(x, y, z) {return ((x & y) ^ ((~x) & z));}
function Maj(x, y, z) {return ((x & y) ^ (x & z) ^ (y & z));}
function Sigma0256(x) {return (S(x, 2) ^ S(x, 13) ^ S(x, 22));}
function Sigma1256(x) {return (S(x, 6) ^ S(x, 11) ^ S(x, 25));}
function Gamma0256(x) {return (S(x, 7) ^ S(x, 18) ^ R(x, 3));}
function Gamma1256(x) {return (S(x, 17) ^ S(x, 19) ^ R(x, 10));}
function core_sha256 (m, l) {
var K = new Array(0x428A2F98,0x71374491,0xB5C0FBCF,0xE9B5DBA5,0x3956C25B,0x59F111F1,0x923F82A4,0xAB1C5ED5,0xD807AA98,0x12835B01,0x243185BE,0x550C7DC3,0x72BE5D74,0x80DEB1FE,0x9BDC06A7,0xC19BF174,0xE49B69C1,0xEFBE4786,0xFC19DC6,0x240CA1CC,0x2DE92C6F,0x4A7484AA,0x5CB0A9DC,0x76F988DA,0x983E5152,0xA831C66D,0xB00327C8,0xBF597FC7,0xC6E00BF3,0xD5A79147,0x6CA6351,0x14292967,0x27B70A85,0x2E1B2138,0x4D2C6DFC,0x53380D13,0x650A7354,0x766A0ABB,0x81C2C92E,0x92722C85,0xA2BFE8A1,0xA81A664B,0xC24B8B70,0xC76C51A3,0xD192E819,0xD6990624,0xF40E3585,0x106AA070,0x19A4C116,0x1E376C08,0x2748774C,0x34B0BCB5,0x391C0CB3,0x4ED8AA4A,0x5B9CCA4F,0x682E6FF3,0x748F82EE,0x78A5636F,0x84C87814,0x8CC70208,0x90BEFFFA,0xA4506CEB,0xBEF9A3F7,0xC67178F2);
var HASH = new Array(0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19);
var W = new Array(64);
var a, b, c, d, e, f, g, h, i, j;
var T1, T2;
/* append padding */
m[l >> 5] |= 0x80 << (24 - l % 32);
m[((l + 64 >> 9) << 4) + 15] = l;
for ( var i = 0; i<m.length; i+=16 ) {
a = HASH[0]; b = HASH[1]; c = HASH[2]; d = HASH[3]; e = HASH[4]; f = HASH[5]; g = HASH[6]; h = HASH[7];
for ( var j = 0; j<64; j++) {
if (j < 16) W[j] = m[j + i];
else W[j] = safe_add(safe_add(safe_add(Gamma1256(W[j - 2]), W[j - 7]), Gamma0256(W[j - 15])), W[j - 16]);
T1 = safe_add(safe_add(safe_add(safe_add(h, Sigma1256(e)), Ch(e, f, g)), K[j]), W[j]);
T2 = safe_add(Sigma0256(a), Maj(a, b, c));
h = g; g = f; f = e; e = safe_add(d, T1); d = c; c = b; b = a; a = safe_add(T1, T2);
}
HASH[0] = safe_add(a, HASH[0]); HASH[1] = safe_add(b, HASH[1]); HASH[2] = safe_add(c, HASH[2]); HASH[3] = safe_add(d, HASH[3]); HASH[4] = safe_add(e, HASH[4]); HASH[5] = safe_add(f, HASH[5]); HASH[6] = safe_add(g, HASH[6]); HASH[7] = safe_add(h, HASH[7]);
}
return HASH;
}
function str2binb (str) {
var bin = Array();
var mask = (1 << chrsz) - 1;
for(var i = 0; i < str.length * chrsz; i += chrsz)
bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (24 - i%32);
return bin;
}
function binb2hex (binarray) {
var hexcase = 0; /* hex output format. 0 - lowercase; 1 - uppercase */
var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";
var str = "";
for (var i = 0; i < binarray.length * 4; i++) {
str += hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8+4)) & 0xF) + hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8 )) & 0xF);
}
return str;
}
function hex_sha256(s){return binb2hex(core_sha256(str2binb(s),s.length * chrsz));}
//#############################################################################
// Downloaded on March 30, 2006 from http://www.fourmilab.ch/javascrypt/javascrypt.zip (entropy.js)
//#############################################################################
// Entropy collection utilities
/* Start by declaring static storage and initialise
the entropy vector from the time we come through
here. */
var entropyData = new Array(); // Collected entropy data
var edlen = 0; // Keyboard array data length
addEntropyTime(); // Start entropy collection with page load time
ce(); // Roll milliseconds into initial entropy
// Add a byte to the entropy vector
function addEntropyByte(b) {
entropyData[edlen++] = b;
}
/* Capture entropy. When the user presses a key or performs
various other events for which we can request
notification, add the time in 255ths of a second to the
entropyData array. The name of the function is short
so it doesn't bloat the form object declarations in
which it appears in various "onXXX" events. */
function ce() {
addEntropyByte(Math.floor((((new Date).getMilliseconds()) * 255) / 999));
}
// Add a 32 bit quantity to the entropy vector
function addEntropy32(w) {
var i;
for (i = 0; i < 4; i++) {
addEntropyByte(w & 0xFF);
w >>= 8;
}
}
/* Add the current time and date (milliseconds since the epoch,
truncated to 32 bits) to the entropy vector. */
function addEntropyTime() {
addEntropy32((new Date()).getTime());
}
/* Start collection of entropy from mouse movements. The
argument specifies the number of entropy items to be
obtained from mouse motion, after which mouse motion
will be ignored. Note that you can re-enable mouse
motion collection at any time if not already underway. */
var mouseMotionCollect = 0;
var oldMoveHandler; // For saving and restoring mouse move handler in IE4
function mouseMotionEntropy(maxsamp) {
if (mouseMotionCollect <= 0) {
mouseMotionCollect = maxsamp;
if ((document.implementation.hasFeature("Events", "2.0")) &&
document.addEventListener) {
// Browser supports Document Object Model (DOM) 2 events
document.addEventListener("mousemove", mouseMoveEntropy, false);
} else {
if (document.attachEvent) {
// Internet Explorer 5 and above event model
document.attachEvent("onmousemove", mouseMoveEntropy);
} else {
// Internet Explorer 4 event model
oldMoveHandler = document.onmousemove;
document.onmousemove = mouseMoveEntropy;
}
}
//dump("Mouse enable", mouseMotionCollect);
}
}
/* Collect entropy from mouse motion events. Note that
this is craftily coded to work with either DOM2 or Internet
Explorer style events. Note that we don't use every successive
mouse movement event. Instead, we XOR the three bytes collected
from the mouse and use that to determine how many subsequent
mouse movements we ignore before capturing the next one. */
var mouseEntropyTime = 0; // Delay counter for mouse entropy collection
function mouseMoveEntropy(e) {
if (!e) {
e = window.event; // Internet Explorer event model
}
if (mouseMotionCollect > 0) {
if (mouseEntropyTime-- <= 0) {
addEntropyByte(e.screenX & 0xFF);
addEntropyByte(e.screenY & 0xFF);
ce();
mouseMotionCollect--;
mouseEntropyTime = (entropyData[edlen - 3] ^ entropyData[edlen - 2] ^
entropyData[edlen - 1]) % 19;
//dump("Mouse Move", byteArrayToHex(entropyData.slice(-3)));
}
if (mouseMotionCollect <= 0) {
if (document.removeEventListener) {
document.removeEventListener("mousemove", mouseMoveEntropy, false);
} else if (document.detachEvent) {
document.detachEvent("onmousemove", mouseMoveEntropy);
} else {
document.onmousemove = oldMoveHandler;
}
//dump("Spung!", 0);
}
}
}
/* Compute a 32 byte key value from the entropy vector.
We compute the value by taking the MD5 sum of the even
and odd bytes respectively of the entropy vector, then
concatenating the two MD5 sums. */
function keyFromEntropy() {
var i, k = new Array(32);
if (edlen == 0) {
alert("Blooie! Entropy vector void at call to keyFromEntropy.");
}
//dump("Entropy bytes", edlen);
md5_init();
for (i = 0; i < edlen; i += 2) {
md5_update(entropyData[i]);
}
md5_finish();
for (i = 0; i < 16; i++) {
k[i] = digestBits[i];
}
md5_init();
for (i = 1; i < edlen; i += 2) {
md5_update(entropyData[i]);
}
md5_finish();
for (i = 0; i < 16; i++) {
k[i + 16] = digestBits[i];
}
//dump("keyFromEntropy", byteArrayToHex(k));
return k;
}
//#############################################################################
// Downloaded on March 30, 2006 from http://www.fourmilab.ch/javascrypt/javascrypt.zip (aesprng.js)
//#############################################################################
// AES based pseudorandom number generator
/* Constructor. Called with an array of 32 byte (0-255) values
containing the initial seed. */
function AESprng(seed) {
this.key = new Array();
this.key = seed;
this.itext = hexToByteArray("9F489613248148F9C27945C6AE62EECA3E3367BB14064E4E6DC67A9F28AB3BD1");
this.nbytes = 0; // Bytes left in buffer
this.next = AESprng_next;
this.nextbits = AESprng_nextbits;
this.nextInt = AESprng_nextInt;
this.round = AESprng_round;
/* Encrypt the initial text with the seed key
three times, feeding the output of the encryption
back into the key for the next round. */
bsb = blockSizeInBits;
blockSizeInBits = 256;
var i, ct;
for (i = 0; i < 3; i++) {
this.key = rijndaelEncrypt(this.itext, this.key, "ECB");
}
/* Now make between one and four additional
key-feedback rounds, with the number determined
by bits from the result of the first three
rounds. */
var n = 1 + (this.key[3] & 2) + (this.key[9] & 1);
for (i = 0; i < n; i++) {
this.key = rijndaelEncrypt(this.itext, this.key, "ECB");
}
blockSizeInBits = bsb;
}
function AESprng_round() {
bsb = blockSizeInBits;
blockSizeInBits = 256;
this.key = rijndaelEncrypt(this.itext, this.key, "ECB");
this.nbytes = 32;
blockSizeInBits = bsb;
}
// Return next byte from the generator
function AESprng_next() {
if (this.nbytes <= 0) {
this.round();
}
return(this.key[--this.nbytes]);
}
// Return n bit integer value (up to maximum integer size)
function AESprng_nextbits(n) {
var i, w = 0, nbytes = Math.floor((n + 7) / 8);
for (i = 0; i < nbytes; i++) {
w = (w << 8) | this.next();
}
return w & ((1 << n) - 1);
}
// Return integer between 0 and n inclusive
function AESprng_nextInt(n) {
var p = 1, nb = 0;
// Determine smallest p, 2^p > n
// nb = log_2 p
while (n >= p) {
p <<= 1;
nb++;
}
p--;
/* Generate values from 0 through n by first generating
values v from 0 to (2^p)-1, then discarding any results v > n.
For the rationale behind this (and why taking
values mod (n + 1) is biased toward smaller values, see
Ferguson and Schneier, "Practical Cryptography",
ISBN 0-471-22357-3, section 10.8). */
while (true) {
var v = this.nextbits(nb) & p;
if (v <= n) {
return v;
}
}
}
//#############################################################################
// Downloaded on March 30, 2006 from http://www.fourmilab.ch/javascrypt/javascrypt.zip (md5.js)
//#############################################################################
/*
* md5.jvs 1.0b 27/06/96
*
* Javascript implementation of the RSA Data Security, Inc. MD5
* Message-Digest Algorithm.
*
* Copyright (c) 1996 Henri Torgemane. All Rights Reserved.
*
* Permission to use, copy, modify, and distribute this software
* and its documentation for any purposes and without
* fee is hereby granted provided that this copyright notice
* appears in all copies.
*
* Of course, this soft is provided "as is" without express or implied
* warranty of any kind.
This version contains some trivial reformatting modifications
by John Walker.
*/
function array(n) {
for (i = 0; i < n; i++) {
this[i] = 0;
}
this.length = n;
}
/* Some basic logical functions had to be rewritten because of a bug in
* Javascript.. Just try to compute 0xffffffff >> 4 with it..
* Of course, these functions are slower than the original would be, but
* at least, they work!
*/
function integer(n) {
return n % (0xffffffff + 1);
}
function shr(a, b) {
a = integer(a);
b = integer(b);
if (a - 0x80000000 >= 0) {
a = a % 0x80000000;
a >>= b;
a += 0x40000000 >> (b - 1);
} else {
a >>= b;
}