summaryrefslogtreecommitdiff
path: root/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Curve.js
Unidiff
Diffstat (limited to 'frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Curve.js') (more/less context) (ignore whitespace changes)
-rw-r--r--frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Curve.js461
1 files changed, 461 insertions, 0 deletions
diff --git a/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Curve.js b/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Curve.js
new file mode 100644
index 0000000..042ca6c
--- a/dev/null
+++ b/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Curve.js
@@ -0,0 +1,461 @@
1/*
2
3Copyright 2008-2011 Clipperz Srl
4
5This file is part of Clipperz's Javascript Crypto Library.
6Javascript Crypto Library provides web developers with an extensive
7and efficient set of cryptographic functions. The library aims to
8obtain maximum execution speed while preserving modularity and
9reusability.
10For further information about its features and functionalities please
11refer to http://www.clipperz.com
12
13* Javascript Crypto Library is free software: you can redistribute
14 it and/or modify it under the terms of the GNU Affero General Public
15 License as published by the Free Software Foundation, either version
16 3 of the License, or (at your option) any later version.
17
18* Javascript Crypto Library is distributed in the hope that it will
19 be useful, but WITHOUT ANY WARRANTY; without even the implied
20 warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
21 See the GNU Affero General Public License for more details.
22
23* You should have received a copy of the GNU Affero General Public
24 License along with Javascript Crypto Library. If not, see
25 <http://www.gnu.org/licenses/>.
26
27*/
28
29try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) {
30 throw "Clipperz.Crypto.ECC depends on Clipperz.ByteArray!";
31}
32if (typeof(Clipperz.Crypto.ECC) == 'undefined') { Clipperz.Crypto.ECC = {}; }
33if (typeof(Clipperz.Crypto.ECC.BinaryField) == 'undefined') { Clipperz.Crypto.ECC.BinaryField = {}; }
34
35Clipperz.Crypto.ECC.BinaryField.Curve = function(args) {
36 args = args || {};
37
38 this._modulus = args.modulus;
39
40 this._a = args.a;
41 this._b = args.b;
42 this._G = args.G;
43 this._r = args.r;
44 this._h = args.h;
45
46 this._finiteField = null;
47
48 return this;
49}
50
51Clipperz.Crypto.ECC.BinaryField.Curve.prototype = MochiKit.Base.update(null, {
52
53 'asString': function() {
54 return "Clipperz.Crypto.ECC.BinaryField.Curve";
55 },
56
57 //-----------------------------------------------------------------------------
58
59 'modulus': function() {
60 return this._modulus;
61 },
62
63 'a': function() {
64 return this._a;
65 },
66
67 'b': function() {
68 return this._b;
69 },
70
71 'G': function() {
72 return this._G;
73 },
74
75 'r': function() {
76 return this._r;
77 },
78
79 'h': function() {
80 return this._h;
81 },
82
83 //-----------------------------------------------------------------------------
84
85 'finiteField': function() {
86 if (this._finiteField == null) {
87 this._finiteField = new Clipperz.Crypto.ECC.BinaryField.FiniteField({modulus:this.modulus()})
88 }
89
90 return this._finiteField;
91 },
92
93 //-----------------------------------------------------------------------------
94
95 'negate': function(aPointA) {
96 var result;
97
98 result = new Clipperz.Crypto.ECC.Point({x:aPointA.x(), y:this.finiteField().add(aPointA.y(), aPointA.x())})
99
100 return result;
101 },
102
103 //-----------------------------------------------------------------------------
104
105 'add': function(aPointA, aPointB) {
106 var result;
107
108//console.log(">>> ECC.BinaryField.Curve.add");
109 if (aPointA.isZero()) {
110//console.log("--- pointA == zero");
111 result = aPointB;
112 } else if (aPointB.isZero()) {
113//console.log("--- pointB == zero");
114 result = aPointA;
115 } else if ((aPointA.x().compare(aPointB.x()) == 0) && ((aPointA.y().compare(aPointB.y()) != 0) || aPointB.x().isZero())) {
116//console.log("compare A.x - B.x: ", aPointA.x().compare(aPointB.x()));
117//console.log("compare A.y - B.y: ", (aPointA.y().compare(aPointB.y()) != 0));
118//console.log("compare B.x.isZero(): ", aPointB.x().isZero());
119
120//console.log("--- result = zero");
121 result = new Clipperz.Crypto.ECC.BinaryField.Point({x:Clipperz.Crypto.ECC.BinaryField.Value.O, y:Clipperz.Crypto.ECC.BinaryField.Value.O});
122 } else {
123//console.log("--- result = ELSE");
124 varf2m;
125 var x, y;
126 var lambda;
127 var aX, aY, bX, bY;
128
129 aX = aPointA.x()._value;
130 aY = aPointA.y()._value;
131 bX = aPointB.x()._value;
132 bY = aPointB.y()._value;
133
134 f2m = this.finiteField();
135
136 if (aPointA.x().compare(aPointB.x()) != 0) {
137//console.log(" a.x != b.x");
138 lambda =f2m._fastMultiply(
139 f2m._add(aY, bY),
140 f2m._inverse(f2m._add(aX, bX))
141 );
142 x = f2m._add(this.a()._value, f2m._square(lambda));
143 f2m._overwriteAdd(x, lambda);
144 f2m._overwriteAdd(x, aX);
145 f2m._overwriteAdd(x, bX);
146 } else {
147//console.log(" a.x == b.x");
148 lambda = f2m._add(bX, f2m._fastMultiply(bY, f2m._inverse(bX)));
149//console.log(" lambda: " + lambda.asString(16));
150 x = f2m._add(this.a()._value, f2m._square(lambda));
151//console.log(" x (step 1): " + x.asString(16));
152 f2m._overwriteAdd(x, lambda);
153//console.log(" x (step 2): " + x.asString(16));
154 }
155
156 y = f2m._fastMultiply(f2m._add(bX, x), lambda);
157//console.log(" y (step 1): " + y.asString(16));
158 f2m._overwriteAdd(y, x);
159//console.log(" y (step 2): " + y.asString(16));
160 f2m._overwriteAdd(y, bY);
161//console.log(" y (step 3): " + y.asString(16));
162
163 result = new Clipperz.Crypto.ECC.BinaryField.Point({x:new Clipperz.Crypto.ECC.BinaryField.Value(x), y:new Clipperz.Crypto.ECC.BinaryField.Value(y)})
164 }
165//console.log("<<< ECC.BinaryField.Curve.add");
166
167 return result;
168 },
169
170 //-----------------------------------------------------------------------------
171
172 'overwriteAdd': function(aPointA, aPointB) {
173 if (aPointA.isZero()) {
174 // result = aPointB;
175 aPointA._x._value = aPointB._x._value;
176 aPointA._y._value = aPointB._y._value;
177 } else if (aPointB.isZero()) {
178 // result = aPointA;
179 } else if ((aPointA.x().compare(aPointB.x()) == 0) && ((aPointA.y().compare(aPointB.y()) != 0) || aPointB.x().isZero())) {
180 // result = new Clipperz.Crypto.ECC.BinaryField.Point({x:Clipperz.Crypto.ECC.BinaryField.Value.O, y:Clipperz.Crypto.ECC.BinaryField.Value.O});
181 aPointA._x = Clipperz.Crypto.ECC.BinaryField.Value.O;
182 aPointA._y = Clipperz.Crypto.ECC.BinaryField.Value.O;
183 } else {
184 varf2m;
185 var x, y;
186 var lambda;
187 var aX, aY, bX, bY;
188
189 aX = aPointA.x()._value;
190 aY = aPointA.y()._value;
191 bX = aPointB.x()._value;
192 bY = aPointB.y()._value;
193
194 f2m = this.finiteField();
195
196 if (aPointA.x().compare(aPointB.x()) != 0) {
197//console.log(" a.x != b.x");
198 lambda =f2m._fastMultiply(
199 f2m._add(aY, bY),
200 f2m._inverse(f2m._add(aX, bX))
201 );
202 x = f2m._add(this.a()._value, f2m._square(lambda));
203 f2m._overwriteAdd(x, lambda);
204 f2m._overwriteAdd(x, aX);
205 f2m._overwriteAdd(x, bX);
206 } else {
207//console.log(" a.x == b.x");
208 lambda = f2m._add(bX, f2m._fastMultiply(bY, f2m._inverse(bX)));
209//console.log(" lambda: " + lambda.asString(16));
210 x = f2m._add(this.a()._value, f2m._square(lambda));
211//console.log(" x (step 1): " + x.asString(16));
212 f2m._overwriteAdd(x, lambda);
213//console.log(" x (step 2): " + x.asString(16));
214 }
215
216 y = f2m._fastMultiply(f2m._add(bX, x), lambda);
217//console.log(" y (step 1): " + y.asString(16));
218 f2m._overwriteAdd(y, x);
219//console.log(" y (step 2): " + y.asString(16));
220 f2m._overwriteAdd(y, bY);
221//console.log(" y (step 3): " + y.asString(16));
222
223 // result = new Clipperz.Crypto.ECC.BinaryField.Point({x:new Clipperz.Crypto.ECC.BinaryField.Value(x), y:new Clipperz.Crypto.ECC.BinaryField.Value(y)})
224 aPointA._x._value = x;
225 aPointA._y._value = y;
226
227 }
228//console.log("<<< ECC.BinaryField.Curve.add");
229
230 return result;
231 },
232
233 //-----------------------------------------------------------------------------
234
235 'multiply': function(aValue, aPoint) {
236 var result;
237
238//console.profile();
239 result = new Clipperz.Crypto.ECC.BinaryField.Point({x:Clipperz.Crypto.ECC.BinaryField.Value.O, y:Clipperz.Crypto.ECC.BinaryField.Value.O});
240
241 if (aValue.isZero() == false) {
242 var k, Q;
243 var i;
244 var countIndex; countIndex = 0;
245
246 if (aValue.compare(Clipperz.Crypto.ECC.BinaryField.Value.O) > 0) {
247 k = aValue;
248 Q = aPoint;
249 } else {
250MochiKit.Logging.logError("The Clipperz.Crypto.ECC.BinaryFields.Value does not work with negative values!!!!");
251 k = aValue.negate();
252 Q = this.negate(aPoint);
253 }
254
255//console.log("k: " + k.toString(16));
256//console.log("k.bitSize: " + k.bitSize());
257 for (i=k.bitSize()-1; i>=0; i--) {
258 result = this.add(result, result);
259 // this.overwriteAdd(result, result);
260 if (k.isBitSet(i)) {
261 result = this.add(result, Q);
262 // this.overwriteAdd(result, Q);
263 }
264
265 // if (countIndex==100) {console.log("multiply.break"); break;} else countIndex++;
266 }
267 }
268//console.profileEnd();
269
270 return result;
271 },
272
273 //-----------------------------------------------------------------------------
274 __syntaxFix__: "syntax fix"
275});
276
277
278//#############################################################################
279
280Clipperz.Crypto.ECC.StandardCurves = {};
281
282MochiKit.Base.update(Clipperz.Crypto.ECC.StandardCurves, {
283/*
284 '_K571': null,
285 'K571': function() {
286 if (Clipperz.Crypto.ECC.StandardCurves._K571 == null) {
287 Clipperz.Crypto.ECC.StandardCurves._K571 = new Clipperz.Crypto.ECC.Curve.Koblitz({
288 exadecimalForm: '80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425',
289 a: new Clipperz.Crypto.BigInt(0),
290 G: new Clipperz.Crypto.ECC.Point({
291 x: new Clipperz.Crypto.BigInt('26eb7a859923fbc82189631f8103fe4ac9ca2970012d5d46024804801841ca44370958493b205e647da304db4ceb08cbbd1ba39494776fb988b47174dca88c7e2945283a01c8972', 16),
292 y: new Clipperz.Crypto.BigInt('349dc807f4fbf374f4aeade3bca95314dd58cec9f307a54ffc61efc006d8a2c9d4979c0ac44aea74fbebbb9f772aedcb620b01a7ba7af1b320430c8591984f601cd4c143ef1c7a3', 16)
293 }),
294 n: new Clipperz.Crypto.BigInt('1932268761508629172347675945465993672149463664853217499328617625725759571144780212268133978522706711834706712800825351461273674974066617311929682421617092503555733685276673', 16),
295 h: new Clipperz.Crypto.BigInt(4)
296 });
297 }
298
299 return Clipperz.Crypto.ECC.StandardCurves._K571;
300 },
301*/
302 //-----------------------------------------------------------------------------
303
304 '_B571': null,
305 'B571': function() { //f(z) = z^571 + z^10 + z^5 + z^2 + 1
306 if (Clipperz.Crypto.ECC.StandardCurves._B571 == null) {
307 Clipperz.Crypto.ECC.StandardCurves._B571 = new Clipperz.Crypto.ECC.BinaryField.Curve({
308 modulus: new Clipperz.Crypto.ECC.BinaryField.Value('80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425', 16),
309 a: new Clipperz.Crypto.ECC.BinaryField.Value('1', 16),
310 b: new Clipperz.Crypto.ECC.BinaryField.Value('02f40e7e2221f295de297117b7f3d62f5c6a97ffcb8ceff1cd6ba8ce4a9a18ad84ffabbd8efa59332be7ad6756a66e294afd185a78ff12aa520e4de739baca0c7ffeff7f2955727a', 16),
311 G: new Clipperz.Crypto.ECC.BinaryField.Point({
312 x: new Clipperz.Crypto.ECC.BinaryField.Value('0303001d 34b85629 6c16c0d4 0d3cd775 0a93d1d2 955fa80a a5f40fc8 db7b2abd bde53950 f4c0d293 cdd711a3 5b67fb14 99ae6003 8614f139 4abfa3b4 c850d927 e1e7769c 8eec2d19', 16),
313 y: new Clipperz.Crypto.ECC.BinaryField.Value('037bf273 42da639b 6dccfffe b73d69d7 8c6c27a6 009cbbca 1980f853 3921e8a6 84423e43 bab08a57 6291af8f 461bb2a8 b3531d2f 0485c19b 16e2f151 6e23dd3c 1a4827af 1b8ac15b', 16)
314 }),
315 r: new Clipperz.Crypto.ECC.BinaryField.Value('03ffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff e661ce18 ff559873 08059b18 6823851e c7dd9ca1 161de93d 5174d66e 8382e9bb 2fe84e47', 16),
316 h: new Clipperz.Crypto.ECC.BinaryField.Value('2', 16)
317
318 // S: new Clipperz.Crypto.ECC.BinaryField.Value('2aa058f73a0e33ab486b0f610410c53a7f132310', 10),
319 // n: new Clipperz.Crypto.ECC.BinaryField.Value('03ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe661ce18ff55987308059b186823851ec7dd9ca1161de93d5174d66e8382e9bb2fe84e47', 16),
320 });
321
322 //-----------------------------------------------------------------------------
323 //
324 //Guide to Elliptic Curve Cryptography
325 //Darrel Hankerson, Alfred Menezes, Scott Vanstone
326 //- Pag: 56, Alorithm 2.45 (with a typo!!!)
327 //
328 //-----------------------------------------------------------------------------
329 //
330 // http://www.milw0rm.com/papers/136
331 //
332 // -------------------------------------------------------------------------
333 // Polynomial Reduction Algorithm Modulo f571
334 // -------------------------------------------------------------------------
335 //
336 // Input: Polynomial p(x) of degree 1140 or less, stored as
337 // an array of 2T machinewords.
338 // Output: p(x) mod f571(x)
339 //
340 // FOR i = T-1, ..., 0 DO
341 // SET X := P[i+T]
342 // P[i] := P[i] ^ (X<<5) ^ (X<<7) ^ (X<<10) ^ (X<<15)
343 // P[i+1] := P[i+1] ^ (X>>17) ^ (X>>22) ^ (X>>25) ^ (X>>27)
344 //
345 // SET X := P[T-1] >> 27
346 // P[0] := P[0] ^ X ^ (X<<2) ^ (X<<5) ^ (X<<10)
347 // P[T-1] := P[T-1] & 0x07ffffff
348 //
349 // RETURN P[T-1],...,P[0]
350 //
351 // -------------------------------------------------------------------------
352 //
353 Clipperz.Crypto.ECC.StandardCurves._B571.finiteField().slowModule = Clipperz.Crypto.ECC.StandardCurves._B571.finiteField().module;
354 Clipperz.Crypto.ECC.StandardCurves._B571.finiteField().module = function(aValue) {
355 varresult;
356
357 if (aValue.bitSize() > 1140) {
358 MochiKit.Logging.logWarning("ECC.StandarCurves.B571.finiteField().module: falling back to default implementation");
359 result = Clipperz.Crypto.ECC.StandardCurves._B571.finiteField().slowModule(aValue);
360 } else {
361 varC, T;
362 var i;
363
364//console.log(">>> binaryField.finiteField.(improved)module");
365 // C = aValue.value().slice(0);
366 C = aValue._value.slice(0);
367 for (i=35; i>=18; i--) {
368 T = C[i];
369 C[i-18] = (((C[i-18] ^ (T<<5) ^ (T<<7) ^ (T<<10) ^ (T<<15)) & 0xffffffff) >>> 0);
370 C[i-17] = ((C[i-17] ^ (T>>>27) ^ (T>>>25) ^ (T>>>22) ^ (T>>>17)) >>> 0);
371 }
372 T = (C[17] >>> 27);
373 C[0] = ((C[0] ^ T ^ ((T<<2) ^ (T<<5) ^ (T<<10)) & 0xffffffff) >>> 0);
374 C[17] = (C[17] & 0x07ffffff);
375
376 for(i=18; i<=35; i++) {
377 C[i] = 0;
378 }
379
380 result = new Clipperz.Crypto.ECC.BinaryField.Value(C);
381//console.log("<<< binaryField.finiteField.(improved)module");
382 }
383
384 return result;
385 };
386 }
387
388 return Clipperz.Crypto.ECC.StandardCurves._B571;
389 },
390
391 //-----------------------------------------------------------------------------
392
393 '_B283': null,
394 'B283': function() { //f(z) = z^283 + z^12 + z^7 + z^5 + 1
395 if (Clipperz.Crypto.ECC.StandardCurves._B283 == null) {
396 Clipperz.Crypto.ECC.StandardCurves._B283 = new Clipperz.Crypto.ECC.BinaryField.Curve({
397 // modulus: new Clipperz.Crypto.ECC.BinaryField.Value('10000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 000010a1', 16),
398 modulus: new Clipperz.Crypto.ECC.BinaryField.Value('08000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 000010a1', 16),
399 a: new Clipperz.Crypto.ECC.BinaryField.Value('1', 16),
400 b: new Clipperz.Crypto.ECC.BinaryField.Value('027b680a c8b8596d a5a4af8a 19a0303f ca97fd76 45309fa2 a581485a f6263e31 3b79a2f5', 16),
401 G: new Clipperz.Crypto.ECC.BinaryField.Point({
402 x: new Clipperz.Crypto.ECC.BinaryField.Value('05f93925 8db7dd90 e1934f8c 70b0dfec 2eed25b8 557eac9c 80e2e198 f8cdbecd 86b12053', 16),
403 y: new Clipperz.Crypto.ECC.BinaryField.Value('03676854 fe24141c b98fe6d4 b20d02b4 516ff702 350eddb0 826779c8 13f0df45 be8112f4', 16)
404 }),
405 r: new Clipperz.Crypto.ECC.BinaryField.Value('03ffffff ffffffff ffffffff ffffffff ffffef90 399660fc 938a9016 5b042a7c efadb307', 16),
406 h: new Clipperz.Crypto.ECC.BinaryField.Value('2', 16)
407
408 // S: new Clipperz.Crypto.ECC.BinaryField.Value('2aa058f73a0e33ab486b0f610410c53a7f132310', 10),
409 // n: new Clipperz.Crypto.ECC.BinaryField.Value('03ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe661ce18ff55987308059b186823851ec7dd9ca1161de93d5174d66e8382e9bb2fe84e47', 16),
410 });
411
412 //-----------------------------------------------------------------------------
413 //
414 //Guide to Elliptic Curve Cryptography
415 //Darrel Hankerson, Alfred Menezes, Scott Vanstone
416 //- Pag: 56, Alorithm 2.43
417 //
418 //-----------------------------------------------------------------------------
419 Clipperz.Crypto.ECC.StandardCurves._B283.finiteField().slowModule = Clipperz.Crypto.ECC.StandardCurves._B283.finiteField().module;
420 Clipperz.Crypto.ECC.StandardCurves._B283.finiteField().module = function(aValue) {
421 varresult;
422
423 if (aValue.bitSize() > 564) {
424 MochiKit.Logging.logWarning("ECC.StandarCurves.B283.finiteField().module: falling back to default implementation");
425 result = Clipperz.Crypto.ECC.StandardCurves._B283.finiteField().slowModule(aValue);
426 } else {
427 varC, T;
428 var i;
429
430//console.log(">>> binaryField.finiteField.(improved)module");
431 C = aValue._value.slice(0);
432 for (i=17; i>=9; i--) {
433 T = C[i];
434 C[i-9] = (((C[i-9] ^ (T<<5) ^ (T<<10) ^ (T<<12) ^ (T<<17)) & 0xffffffff) >>> 0);
435 C[i-8] = ((C[i-8] ^ (T>>>27) ^ (T>>>22) ^ (T>>>20) ^ (T>>>15)) >>> 0);
436 }
437 T = (C[8] >>> 27);
438 C[0] = ((C[0] ^ T ^ ((T<<5) ^ (T<<7) ^ (T<<12)) & 0xffffffff) >>> 0);
439 C[8] = (C[8] & 0x07ffffff);
440
441 for(i=9; i<=17; i++) {
442 C[i] = 0;
443 }
444
445 result = new Clipperz.Crypto.ECC.BinaryField.Value(C);
446//console.log("<<< binaryField.finiteField.(improved)module");
447 }
448
449 return result;
450 };
451 }
452
453 return Clipperz.Crypto.ECC.StandardCurves._B283;
454 },
455
456 //-----------------------------------------------------------------------------
457 __syntaxFix__: "syntax fix"
458});
459
460//#############################################################################
461