Diffstat (limited to 'frontend/beta/js/Clipperz/Crypto/BigInt.js') (more/less context) (ignore whitespace changes)
-rw-r--r-- | frontend/beta/js/Clipperz/Crypto/BigInt.js | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/frontend/beta/js/Clipperz/Crypto/BigInt.js b/frontend/beta/js/Clipperz/Crypto/BigInt.js index 41483a3..197cd9a 100644 --- a/frontend/beta/js/Clipperz/Crypto/BigInt.js +++ b/frontend/beta/js/Clipperz/Crypto/BigInt.js | |||
@@ -1,214 +1,212 @@ | |||
1 | /* | 1 | /* |
2 | 2 | ||
3 | Copyright 2008-2011 Clipperz Srl | 3 | Copyright 2008-2013 Clipperz Srl |
4 | 4 | ||
5 | This file is part of Clipperz Community Edition. | 5 | This file is part of Clipperz, the online password manager. |
6 | Clipperz Community Edition is an online password manager. | ||
7 | For further information about its features and functionalities please | 6 | For further information about its features and functionalities please |
8 | refer to http://www.clipperz.com. | 7 | refer to http://www.clipperz.com. |
9 | 8 | ||
10 | * Clipperz Community Edition is free software: you can redistribute | 9 | * Clipperz is free software: you can redistribute it and/or modify it |
11 | it and/or modify it under the terms of the GNU Affero General Public | 10 | under the terms of the GNU Affero General Public License as published |
12 | License as published by the Free Software Foundation, either version | 11 | by the Free Software Foundation, either version 3 of the License, or |
13 | 3 of the License, or (at your option) any later version. | 12 | (at your option) any later version. |
14 | 13 | ||
15 | * Clipperz Community Edition is distributed in the hope that it will | 14 | * Clipperz is distributed in the hope that it will be useful, but |
16 | be useful, but WITHOUT ANY WARRANTY; without even the implied | 15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
17 | warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | 16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
18 | See the GNU Affero General Public License for more details. | 17 | See the GNU Affero General Public License for more details. |
19 | 18 | ||
20 | * You should have received a copy of the GNU Affero General Public | 19 | * You should have received a copy of the GNU Affero General Public |
21 | License along with Clipperz Community Edition. If not, see | 20 | License along with Clipperz. If not, see http://www.gnu.org/licenses/. |
22 | <http://www.gnu.org/licenses/>. | ||
23 | 21 | ||
24 | */ | 22 | */ |
25 | 23 | ||
26 | if (typeof(Clipperz) == 'undefined') { Clipperz = {}; } | 24 | if (typeof(Clipperz) == 'undefined') { Clipperz = {}; } |
27 | if (typeof(Clipperz.Crypto) == 'undefined') { Clipperz.Crypto = {}; } | 25 | if (typeof(Clipperz.Crypto) == 'undefined') { Clipperz.Crypto = {}; } |
28 | 26 | ||
29 | //############################################################################# | 27 | //############################################################################# |
30 | //Downloaded on March 05, 2007 from http://www.leemon.com/crypto/BigInt.js | 28 | //Downloaded on March 05, 2007 from http://www.leemon.com/crypto/BigInt.js |
31 | //############################################################################# | 29 | //############################################################################# |
32 | 30 | ||
33 | 31 | ||
34 | //////////////////////////////////////////////////////////////////////////////////////// | 32 | //////////////////////////////////////////////////////////////////////////////////////// |
35 | // Big Integer Library v. 5.0 | 33 | // Big Integer Library v. 5.0 |
36 | // Created 2000, last modified 2006 | 34 | // Created 2000, last modified 2006 |
37 | // Leemon Baird | 35 | // Leemon Baird |
38 | // www.leemon.com | 36 | // www.leemon.com |
39 | // | 37 | // |
40 | // This file is public domain. You can use it for any purpose without restriction. | 38 | // This file is public domain. You can use it for any purpose without restriction. |
41 | // I do not guarantee that it is correct, so use it at your own risk. If you use | 39 | // I do not guarantee that it is correct, so use it at your own risk. If you use |
42 | // it for something interesting, I'd appreciate hearing about it. If you find | 40 | // it for something interesting, I'd appreciate hearing about it. If you find |
43 | // any bugs or make any improvements, I'd appreciate hearing about those too. | 41 | // any bugs or make any improvements, I'd appreciate hearing about those too. |
44 | // It would also be nice if my name and address were left in the comments. | 42 | // It would also be nice if my name and address were left in the comments. |
45 | // But none of that is required. | 43 | // But none of that is required. |
46 | // | 44 | // |
47 | // This code defines a bigInt library for arbitrary-precision integers. | 45 | // This code defines a bigInt library for arbitrary-precision integers. |
48 | // A bigInt is an array of integers storing the value in chunks of bpe bits, | 46 | // A bigInt is an array of integers storing the value in chunks of bpe bits, |
49 | // little endian (buff[0] is the least significant word). | 47 | // little endian (buff[0] is the least significant word). |
50 | // Negative bigInts are stored two's complement. | 48 | // Negative bigInts are stored two's complement. |
51 | // Some functions assume their parameters have at least one leading zero element. | 49 | // Some functions assume their parameters have at least one leading zero element. |
52 | // Functions with an underscore at the end of the name have unpredictable behavior in case of overflow, | 50 | // Functions with an underscore at the end of the name have unpredictable behavior in case of overflow, |
53 | // so the caller must make sure overflow won't happen. | 51 | // so the caller must make sure overflow won't happen. |
54 | // For each function where a parameter is modified, that same | 52 | // For each function where a parameter is modified, that same |
55 | // variable must not be used as another argument too. | 53 | // variable must not be used as another argument too. |
56 | // So, you cannot square x by doing multMod_(x,x,n). | 54 | // So, you cannot square x by doing multMod_(x,x,n). |
57 | // You must use squareMod_(x,n) instead, or do y=dup(x); multMod_(x,y,n). | 55 | // You must use squareMod_(x,n) instead, or do y=dup(x); multMod_(x,y,n). |
58 | // | 56 | // |
59 | // These functions are designed to avoid frequent dynamic memory allocation in the inner loop. | 57 | // These functions are designed to avoid frequent dynamic memory allocation in the inner loop. |
60 | // For most functions, if it needs a BigInt as a local variable it will actually use | 58 | // For most functions, if it needs a BigInt as a local variable it will actually use |
61 | // a global, and will only allocate to it when it's not the right size. This ensures | 59 | // a global, and will only allocate to it when it's not the right size. This ensures |
62 | // that when a function is called repeatedly with same-sized parameters, it only allocates | 60 | // that when a function is called repeatedly with same-sized parameters, it only allocates |
63 | // memory on the first call. | 61 | // memory on the first call. |
64 | // | 62 | // |
65 | // Note that for cryptographic purposes, the calls to Math.random() must | 63 | // Note that for cryptographic purposes, the calls to Math.random() must |
66 | // be replaced with calls to a better pseudorandom number generator. | 64 | // be replaced with calls to a better pseudorandom number generator. |
67 | // | 65 | // |
68 | // In the following, "bigInt" means a bigInt with at least one leading zero element, | 66 | // In the following, "bigInt" means a bigInt with at least one leading zero element, |
69 | // and "integer" means a nonnegative integer less than radix. In some cases, integer | 67 | // and "integer" means a nonnegative integer less than radix. In some cases, integer |
70 | // can be negative. Negative bigInts are 2s complement. | 68 | // can be negative. Negative bigInts are 2s complement. |
71 | // | 69 | // |
72 | // The following functions do not modify their inputs, but dynamically allocate memory every time they are called: | 70 | // The following functions do not modify their inputs, but dynamically allocate memory every time they are called: |
73 | // | 71 | // |
74 | // function bigInt2str(x,base) //convert a bigInt into a string in a given base, from base 2 up to base 95 | 72 | // function bigInt2str(x,base) //convert a bigInt into a string in a given base, from base 2 up to base 95 |
75 | // function dup(x) //returns a copy of bigInt x | 73 | // function dup(x) //returns a copy of bigInt x |
76 | // function findPrimes(n) //return array of all primes less than integer n | 74 | // function findPrimes(n) //return array of all primes less than integer n |
77 | // function int2bigInt(t,n,m) //convert integer t to a bigInt with at least n bits and m array elements | 75 | // function int2bigInt(t,n,m) //convert integer t to a bigInt with at least n bits and m array elements |
78 | // function int2bigInt(s,b,n,m) //convert string s in base b to a bigInt with at least n bits and m array elements | 76 | // function int2bigInt(s,b,n,m) //convert string s in base b to a bigInt with at least n bits and m array elements |
79 | // function trim(x,k) //return a copy of x with exactly k leading zero elements | 77 | // function trim(x,k) //return a copy of x with exactly k leading zero elements |
80 | // | 78 | // |
81 | // The following functions do not modify their inputs, so there is never a problem with the result being too big: | 79 | // The following functions do not modify their inputs, so there is never a problem with the result being too big: |
82 | // | 80 | // |
83 | // function bitSize(x) //returns how many bits long the bigInt x is, not counting leading zeros | 81 | // function bitSize(x) //returns how many bits long the bigInt x is, not counting leading zeros |
84 | // function equals(x,y) //is the bigInt x equal to the bigint y? | 82 | // function equals(x,y) //is the bigInt x equal to the bigint y? |
85 | // function equalsInt(x,y) //is bigint x equal to integer y? | 83 | // function equalsInt(x,y) //is bigint x equal to integer y? |
86 | // function greater(x,y) //is x>y? (x and y are nonnegative bigInts) | 84 | // function greater(x,y) //is x>y? (x and y are nonnegative bigInts) |
87 | // function greaterShift(x,y,shift)//is (x <<(shift*bpe)) > y? | 85 | // function greaterShift(x,y,shift)//is (x <<(shift*bpe)) > y? |
88 | // function isZero(x) //is the bigInt x equal to zero? | 86 | // function isZero(x) //is the bigInt x equal to zero? |
89 | // function millerRabin(x,b) //does one round of Miller-Rabin base integer b say that bigInt x is possibly prime (as opposed to definitely composite)? | 87 | // function millerRabin(x,b) //does one round of Miller-Rabin base integer b say that bigInt x is possibly prime (as opposed to definitely composite)? |
90 | // function modInt(x,n) //return x mod n for bigInt x and integer n. | 88 | // function modInt(x,n) //return x mod n for bigInt x and integer n. |
91 | // function negative(x) //is bigInt x negative? | 89 | // function negative(x) //is bigInt x negative? |
92 | // | 90 | // |
93 | // The following functions do not modify their inputs, but allocate memory and call functions with underscores | 91 | // The following functions do not modify their inputs, but allocate memory and call functions with underscores |
94 | // | 92 | // |
95 | // function add(x,y) //return (x+y) for bigInts x and y. | 93 | // function add(x,y) //return (x+y) for bigInts x and y. |
96 | // function addInt(x,n) //return (x+n) where x is a bigInt and n is an integer. | 94 | // function addInt(x,n) //return (x+n) where x is a bigInt and n is an integer. |
97 | // function expand(x,n) //return a copy of x with at least n elements, adding leading zeros if needed | 95 | // function expand(x,n) //return a copy of x with at least n elements, adding leading zeros if needed |
98 | // function inverseMod(x,n) //return (x**(-1) mod n) for bigInts x and n. If no inverse exists, it returns null | 96 | // function inverseMod(x,n) //return (x**(-1) mod n) for bigInts x and n. If no inverse exists, it returns null |
99 | // function mod(x,n) //return a new bigInt equal to (x mod n) for bigInts x and n. | 97 | // function mod(x,n) //return a new bigInt equal to (x mod n) for bigInts x and n. |
100 | // function mult(x,y) //return x*y for bigInts x and y. This is faster when y<x. | 98 | // function mult(x,y) //return x*y for bigInts x and y. This is faster when y<x. |
101 | // function multMod(x,y,n) //return (x*y mod n) for bigInts x,y,n. For greater speed, let y<x. | 99 | // function multMod(x,y,n) //return (x*y mod n) for bigInts x,y,n. For greater speed, let y<x. |
102 | // function powMod(x,y,n) //return (x**y mod n) where x,y,n are bigInts and ** is exponentiation. 0**0=1. Faster for odd n. | 100 | // function powMod(x,y,n) //return (x**y mod n) where x,y,n are bigInts and ** is exponentiation. 0**0=1. Faster for odd n. |
103 | // function randTruePrime(k) //return a new, random, k-bit, true prime using Maurer's algorithm. | 101 | // function randTruePrime(k) //return a new, random, k-bit, true prime using Maurer's algorithm. |
104 | // function sub(x,y) //return (x-y) for bigInts x and y. Negative answers will be 2s complement | 102 | // function sub(x,y) //return (x-y) for bigInts x and y. Negative answers will be 2s complement |
105 | // | 103 | // |
106 | // The following functions write a bigInt result to one of the parameters, but | 104 | // The following functions write a bigInt result to one of the parameters, but |
107 | // the result is never bigger than the original, so there can't be overflow problems: | 105 | // the result is never bigger than the original, so there can't be overflow problems: |
108 | // | 106 | // |
109 | // function divInt_(x,n) //do x=floor(x/n) for bigInt x and integer n, and return the remainder | 107 | // function divInt_(x,n) //do x=floor(x/n) for bigInt x and integer n, and return the remainder |
110 | // function GCD_(x,y) //set x to the greatest common divisor of bigInts x and y, (y is destroyed). | 108 | // function GCD_(x,y) //set x to the greatest common divisor of bigInts x and y, (y is destroyed). |
111 | // function halve_(x) //do x=floor(|x|/2)*sgn(x) for bigInt x in 2's complement | 109 | // function halve_(x) //do x=floor(|x|/2)*sgn(x) for bigInt x in 2's complement |
112 | // function mod_(x,n) //do x=x mod n for bigInts x and n. | 110 | // function mod_(x,n) //do x=x mod n for bigInts x and n. |
113 | // function rightShift_(x,n) //right shift bigInt x by n bits. 0 <= n < bpe. | 111 | // function rightShift_(x,n) //right shift bigInt x by n bits. 0 <= n < bpe. |
114 | // | 112 | // |
115 | // The following functions write a bigInt result to one of the parameters. The caller is responsible for | 113 | // The following functions write a bigInt result to one of the parameters. The caller is responsible for |
116 | // ensuring it is large enough to hold the result. | 114 | // ensuring it is large enough to hold the result. |
117 | // | 115 | // |
118 | // function addInt_(x,n) //do x=x+n where x is a bigInt and n is an integer | 116 | // function addInt_(x,n) //do x=x+n where x is a bigInt and n is an integer |
119 | // function add_(x,y) //do x=x+y for bigInts x and y | 117 | // function add_(x,y) //do x=x+y for bigInts x and y |
120 | // function addShift_(x,y,ys) //do x=x+(y<<(ys*bpe)) | 118 | // function addShift_(x,y,ys) //do x=x+(y<<(ys*bpe)) |
121 | // function copy_(x,y) //do x=y on bigInts x and y | 119 | // function copy_(x,y) //do x=y on bigInts x and y |
122 | // function copyInt_(x,n) //do x=n on bigInt x and integer n | 120 | // function copyInt_(x,n) //do x=n on bigInt x and integer n |
123 | // function carry_(x) //do carries and borrows so each element of the bigInt x fits in bpe bits. | 121 | // function carry_(x) //do carries and borrows so each element of the bigInt x fits in bpe bits. |
124 | // function divide_(x,y,q,r) //divide_ x by y giving quotient q and remainder r | 122 | // function divide_(x,y,q,r) //divide_ x by y giving quotient q and remainder r |
125 | // function eGCD_(x,y,d,a,b) //sets a,b,d to positive big integers such that d = GCD_(x,y) = a*x-b*y | 123 | // function eGCD_(x,y,d,a,b) //sets a,b,d to positive big integers such that d = GCD_(x,y) = a*x-b*y |
126 | // function inverseMod_(x,n) //do x=x**(-1) mod n, for bigInts x and n. Returns 1 (0) if inverse does (doesn't) exist | 124 | // function inverseMod_(x,n) //do x=x**(-1) mod n, for bigInts x and n. Returns 1 (0) if inverse does (doesn't) exist |
127 | // function inverseModInt_(x,n) //return x**(-1) mod n, for integers x and n. Return 0 if there is no inverse | 125 | // function inverseModInt_(x,n) //return x**(-1) mod n, for integers x and n. Return 0 if there is no inverse |
128 | // function leftShift_(x,n) //left shift bigInt x by n bits. n<bpe. | 126 | // function leftShift_(x,n) //left shift bigInt x by n bits. n<bpe. |
129 | // function linComb_(x,y,a,b) //do x=a*x+b*y for bigInts x and y and integers a and b | 127 | // function linComb_(x,y,a,b) //do x=a*x+b*y for bigInts x and y and integers a and b |
130 | // function linCombShift_(x,y,b,ys) //do x=x+b*(y<<(ys*bpe)) for bigInts x and y, and integers b and ys | 128 | // function linCombShift_(x,y,b,ys) //do x=x+b*(y<<(ys*bpe)) for bigInts x and y, and integers b and ys |
131 | // function mont_(x,y,n,np) //Montgomery multiplication (see comments where the function is defined) | 129 | // function mont_(x,y,n,np) //Montgomery multiplication (see comments where the function is defined) |
132 | // function mult_(x,y) //do x=x*y for bigInts x and y. | 130 | // function mult_(x,y) //do x=x*y for bigInts x and y. |
133 | // function multInt_(x,n) //do x=x*n where x is a bigInt and n is an integer. | 131 | // function multInt_(x,n) //do x=x*n where x is a bigInt and n is an integer. |
134 | // function multMod_(x,y,n) //do x=x*y mod n for bigInts x,y,n. | 132 | // function multMod_(x,y,n) //do x=x*y mod n for bigInts x,y,n. |
135 | // function powMod_(x,y,n) //do x=x**y mod n, where x,y,n are bigInts (n is odd) and ** is exponentiation. 0**0=1. | 133 | // function powMod_(x,y,n) //do x=x**y mod n, where x,y,n are bigInts (n is odd) and ** is exponentiation. 0**0=1. |
136 | // function randBigInt_(b,n,s) //do b = an n-bit random BigInt. if s=1, then nth bit (most significant bit) is set to 1. n>=1. | 134 | // function randBigInt_(b,n,s) //do b = an n-bit random BigInt. if s=1, then nth bit (most significant bit) is set to 1. n>=1. |
137 | // function randTruePrime_(ans,k) //do ans = a random k-bit true random prime (not just probable prime) with 1 in the msb. | 135 | // function randTruePrime_(ans,k) //do ans = a random k-bit true random prime (not just probable prime) with 1 in the msb. |
138 | // function squareMod_(x,n) //do x=x*x mod n for bigInts x,n | 136 | // function squareMod_(x,n) //do x=x*x mod n for bigInts x,n |
139 | // function sub_(x,y) //do x=x-y for bigInts x and y. Negative answers will be 2s complement. | 137 | // function sub_(x,y) //do x=x-y for bigInts x and y. Negative answers will be 2s complement. |
140 | // function subShift_(x,y,ys) //do x=x-(y<<(ys*bpe)). Negative answers will be 2s complement. | 138 | // function subShift_(x,y,ys) //do x=x-(y<<(ys*bpe)). Negative answers will be 2s complement. |
141 | // | 139 | // |
142 | // The following functions are based on algorithms from the _Handbook of Applied Cryptography_ | 140 | // The following functions are based on algorithms from the _Handbook of Applied Cryptography_ |
143 | // powMod_() = algorithm 14.94, Montgomery exponentiation | 141 | // powMod_() = algorithm 14.94, Montgomery exponentiation |
144 | // eGCD_,inverseMod_() = algorithm 14.61, Binary extended GCD_ | 142 | // eGCD_,inverseMod_() = algorithm 14.61, Binary extended GCD_ |
145 | // GCD_() = algorothm 14.57, Lehmer's algorithm | 143 | // GCD_() = algorothm 14.57, Lehmer's algorithm |
146 | // mont_() = algorithm 14.36, Montgomery multiplication | 144 | // mont_() = algorithm 14.36, Montgomery multiplication |
147 | // divide_() = algorithm 14.20 Multiple-precision division | 145 | // divide_() = algorithm 14.20 Multiple-precision division |
148 | // squareMod_() = algorithm 14.16 Multiple-precision squaring | 146 | // squareMod_() = algorithm 14.16 Multiple-precision squaring |
149 | // randTruePrime_() = algorithm 4.62, Maurer's algorithm | 147 | // randTruePrime_() = algorithm 4.62, Maurer's algorithm |
150 | // millerRabin() = algorithm 4.24, Miller-Rabin algorithm | 148 | // millerRabin() = algorithm 4.24, Miller-Rabin algorithm |
151 | // | 149 | // |
152 | // Profiling shows: | 150 | // Profiling shows: |
153 | // randTruePrime_() spends: | 151 | // randTruePrime_() spends: |
154 | // 10% of its time in calls to powMod_() | 152 | // 10% of its time in calls to powMod_() |
155 | // 85% of its time in calls to millerRabin() | 153 | // 85% of its time in calls to millerRabin() |
156 | // millerRabin() spends: | 154 | // millerRabin() spends: |
157 | // 99% of its time in calls to powMod_() (always with a base of 2) | 155 | // 99% of its time in calls to powMod_() (always with a base of 2) |
158 | // powMod_() spends: | 156 | // powMod_() spends: |
159 | // 94% of its time in calls to mont_() (almost always with x==y) | 157 | // 94% of its time in calls to mont_() (almost always with x==y) |
160 | // | 158 | // |
161 | // This suggests there are several ways to speed up this library slightly: | 159 | // This suggests there are several ways to speed up this library slightly: |
162 | // - convert powMod_ to use a Montgomery form of k-ary window (or maybe a Montgomery form of sliding window) | 160 | // - convert powMod_ to use a Montgomery form of k-ary window (or maybe a Montgomery form of sliding window) |
163 | // -- this should especially focus on being fast when raising 2 to a power mod n | 161 | // -- this should especially focus on being fast when raising 2 to a power mod n |
164 | // - convert randTruePrime_() to use a minimum r of 1/3 instead of 1/2 with the appropriate change to the test | 162 | // - convert randTruePrime_() to use a minimum r of 1/3 instead of 1/2 with the appropriate change to the test |
165 | // - tune the parameters in randTruePrime_(), including c, m, and recLimit | 163 | // - tune the parameters in randTruePrime_(), including c, m, and recLimit |
166 | // - speed up the single loop in mont_() that takes 95% of the runtime, perhaps by reducing checking | 164 | // - speed up the single loop in mont_() that takes 95% of the runtime, perhaps by reducing checking |
167 | // within the loop when all the parameters are the same length. | 165 | // within the loop when all the parameters are the same length. |
168 | // | 166 | // |
169 | // There are several ideas that look like they wouldn't help much at all: | 167 | // There are several ideas that look like they wouldn't help much at all: |
170 | // - replacing trial division in randTruePrime_() with a sieve (that speeds up something taking almost no time anyway) | 168 | // - replacing trial division in randTruePrime_() with a sieve (that speeds up something taking almost no time anyway) |
171 | // - increase bpe from 15 to 30 (that would help if we had a 32*32->64 multiplier, but not with JavaScript's 32*32->32) | 169 | // - increase bpe from 15 to 30 (that would help if we had a 32*32->64 multiplier, but not with JavaScript's 32*32->32) |
172 | // - speeding up mont_(x,y,n,np) when x==y by doing a non-modular, non-Montgomery square | 170 | // - speeding up mont_(x,y,n,np) when x==y by doing a non-modular, non-Montgomery square |
173 | // followed by a Montgomery reduction. The intermediate answer will be twice as long as x, so that | 171 | // followed by a Montgomery reduction. The intermediate answer will be twice as long as x, so that |
174 | // method would be slower. This is unfortunate because the code currently spends almost all of its time | 172 | // method would be slower. This is unfortunate because the code currently spends almost all of its time |
175 | // doing mont_(x,x,...), both for randTruePrime_() and powMod_(). A faster method for Montgomery squaring | 173 | // doing mont_(x,x,...), both for randTruePrime_() and powMod_(). A faster method for Montgomery squaring |
176 | // would have a large impact on the speed of randTruePrime_() and powMod_(). HAC has a couple of poorly-worded | 174 | // would have a large impact on the speed of randTruePrime_() and powMod_(). HAC has a couple of poorly-worded |
177 | // sentences that seem to imply it's faster to do a non-modular square followed by a single | 175 | // sentences that seem to imply it's faster to do a non-modular square followed by a single |
178 | // Montgomery reduction, but that's obviously wrong. | 176 | // Montgomery reduction, but that's obviously wrong. |
179 | //////////////////////////////////////////////////////////////////////////////////////// | 177 | //////////////////////////////////////////////////////////////////////////////////////// |
180 | 178 | ||
181 | //globals | 179 | //globals |
182 | bpe=0; //bits stored per array element | 180 | bpe=0; //bits stored per array element |
183 | mask=0; //AND this with an array element to chop it down to bpe bits | 181 | mask=0; //AND this with an array element to chop it down to bpe bits |
184 | radix=mask+1; //equals 2^bpe. A single 1 bit to the left of the last bit of mask. | 182 | radix=mask+1; //equals 2^bpe. A single 1 bit to the left of the last bit of mask. |
185 | 183 | ||
186 | //the digits for converting to different bases | 184 | //the digits for converting to different bases |
187 | digitsStr='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_=!@#$%^&*()[]{}|;:,.<>/?`~ \\\'\"+-'; | 185 | digitsStr='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_=!@#$%^&*()[]{}|;:,.<>/?`~ \\\'\"+-'; |
188 | 186 | ||
189 | //initialize the global variables | 187 | //initialize the global variables |
190 | for (bpe=0; (1<<(bpe+1)) > (1<<bpe); bpe++); //bpe=number of bits in the mantissa on this platform | 188 | for (bpe=0; (1<<(bpe+1)) > (1<<bpe); bpe++); //bpe=number of bits in the mantissa on this platform |
191 | bpe>>=1; //bpe=number of bits in one element of the array representing the bigInt | 189 | bpe>>=1; //bpe=number of bits in one element of the array representing the bigInt |
192 | mask=(1<<bpe)-1; //AND the mask with an integer to get its bpe least significant bits | 190 | mask=(1<<bpe)-1; //AND the mask with an integer to get its bpe least significant bits |
193 | radix=mask+1; //2^bpe. a single 1 bit to the left of the first bit of mask | 191 | radix=mask+1; //2^bpe. a single 1 bit to the left of the first bit of mask |
194 | one=int2bigInt(1,1,1); //constant used in powMod_() | 192 | one=int2bigInt(1,1,1); //constant used in powMod_() |
195 | 193 | ||
196 | //the following global variables are scratchpad memory to | 194 | //the following global variables are scratchpad memory to |
197 | //reduce dynamic memory allocation in the inner loop | 195 | //reduce dynamic memory allocation in the inner loop |
198 | t=new Array(0); | 196 | t=new Array(0); |
199 | ss=t; //used in mult_() | 197 | ss=t; //used in mult_() |
200 | s0=t; //used in multMod_(), squareMod_() | 198 | s0=t; //used in multMod_(), squareMod_() |
201 | s1=t; //used in powMod_(), multMod_(), squareMod_() | 199 | s1=t; //used in powMod_(), multMod_(), squareMod_() |
202 | s2=t; //used in powMod_(), multMod_() | 200 | s2=t; //used in powMod_(), multMod_() |
203 | s3=t; //used in powMod_() | 201 | s3=t; //used in powMod_() |
204 | s4=t; s5=t; //used in mod_() | 202 | s4=t; s5=t; //used in mod_() |
205 | s6=t; //used in bigInt2str() | 203 | s6=t; //used in bigInt2str() |
206 | s7=t; //used in powMod_() | 204 | s7=t; //used in powMod_() |
207 | T=t; //used in GCD_() | 205 | T=t; //used in GCD_() |
208 | sa=t; //used in mont_() | 206 | sa=t; //used in mont_() |
209 | mr_x1=t; mr_r=t; mr_a=t; //used in millerRabin() | 207 | mr_x1=t; mr_r=t; mr_a=t; //used in millerRabin() |
210 | eg_v=t; eg_u=t; eg_A=t; eg_B=t; eg_C=t; eg_D=t; //used in eGCD_(), inverseMod_() | 208 | eg_v=t; eg_u=t; eg_A=t; eg_B=t; eg_C=t; eg_D=t; //used in eGCD_(), inverseMod_() |
211 | md_q1=t; md_q2=t; md_q3=t; md_r=t; md_r1=t; md_r2=t; md_tt=t; //used in mod_() | 209 | md_q1=t; md_q2=t; md_q3=t; md_r=t; md_r1=t; md_r2=t; md_tt=t; //used in mod_() |
212 | 210 | ||
213 | primes=t; pows=t; s_i=t; s_i2=t; s_R=t; s_rm=t; s_q=t; s_n1=t; | 211 | primes=t; pows=t; s_i=t; s_i2=t; s_R=t; s_rm=t; s_q=t; s_n1=t; |
214 | s_a=t; s_r2=t; s_n=t; s_b=t; s_d=t; s_x1=t; s_x2=t, s_aa=t; //used in randTruePrime_() | 212 | s_a=t; s_r2=t; s_n=t; s_b=t; s_d=t; s_x1=t; s_x2=t, s_aa=t; //used in randTruePrime_() |