Diffstat (limited to 'frontend/beta/js/Clipperz/Crypto') (more/less context) (ignore whitespace changes)
| -rw-r--r-- | frontend/beta/js/Clipperz/Crypto/AES.js | 22 | ||||
| -rw-r--r-- | frontend/beta/js/Clipperz/Crypto/Base.js | 22 | ||||
| -rw-r--r-- | frontend/beta/js/Clipperz/Crypto/BigInt.js | 22 | ||||
| -rw-r--r-- | frontend/beta/js/Clipperz/Crypto/BigInt_scoped.js | 22 | ||||
| -rw-r--r-- | frontend/beta/js/Clipperz/Crypto/ECC.js | 22 | ||||
| -rw-r--r-- | frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Curve.js | 22 | ||||
| -rw-r--r-- | frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/FiniteField.js | 22 | ||||
| -rw-r--r-- | frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Point.js | 22 | ||||
| -rw-r--r-- | frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Value.js | 22 | ||||
| -rw-r--r-- | frontend/beta/js/Clipperz/Crypto/PRNG.js | 22 | ||||
| -rw-r--r-- | frontend/beta/js/Clipperz/Crypto/RSA.js | 22 | ||||
| -rw-r--r-- | frontend/beta/js/Clipperz/Crypto/SHA.js | 22 | ||||
| -rw-r--r-- | frontend/beta/js/Clipperz/Crypto/SRP.js | 22 |
13 files changed, 130 insertions, 156 deletions
diff --git a/frontend/beta/js/Clipperz/Crypto/AES.js b/frontend/beta/js/Clipperz/Crypto/AES.js index 7ddda3e..a5c63fb 100644 --- a/frontend/beta/js/Clipperz/Crypto/AES.js +++ b/frontend/beta/js/Clipperz/Crypto/AES.js @@ -1,406 +1,404 @@ /* -Copyright 2008-2011 Clipperz Srl +Copyright 2008-2013 Clipperz Srl -This file is part of Clipperz Community Edition. -Clipperz Community Edition is an online password manager. +This file is part of Clipperz, the online password manager. For further information about its features and functionalities please refer to http://www.clipperz.com. -* Clipperz Community Edition is free software: you can redistribute - it and/or modify it under the terms of the GNU Affero General Public - License as published by the Free Software Foundation, either version - 3 of the License, or (at your option) any later version. +* Clipperz is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. -* Clipperz Community Edition is distributed in the hope that it will - be useful, but WITHOUT ANY WARRANTY; without even the implied - warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +* Clipperz is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. * You should have received a copy of the GNU Affero General Public - License along with Clipperz Community Edition. If not, see - <http://www.gnu.org/licenses/>. + License along with Clipperz. If not, see http://www.gnu.org/licenses/. */ try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) { throw "Clipperz.Crypto.AES depends on Clipperz.ByteArray!"; } // Dependency commented to avoid a circular reference //try { if (typeof(Clipperz.Crypto.PRNG) == 'undefined') { throw ""; }} catch (e) { // throw "Clipperz.Crypto.AES depends on Clipperz.Crypto.PRNG!"; //} if (typeof(Clipperz.Crypto.AES) == 'undefined') { Clipperz.Crypto.AES = {}; } //############################################################################# Clipperz.Crypto.AES.DeferredExecutionContext = function(args) { args = args || {}; this._key = args.key; this._message = args.message; this._result = args.message.clone(); this._nonce = args.nonce; this._messageLength = this._message.length(); this._messageArray = this._message.arrayValues(); this._resultArray = this._result.arrayValues(); this._nonceArray = this._nonce.arrayValues(); this._executionStep = 0; return this; } Clipperz.Crypto.AES.DeferredExecutionContext.prototype = MochiKit.Base.update(null, { 'key': function() { return this._key; }, 'message': function() { return this._message; }, 'messageLength': function() { return this._messageLength; }, 'result': function() { return new Clipperz.ByteArray(this.resultArray()); }, 'nonce': function() { return this._nonce; }, 'messageArray': function() { return this._messageArray; }, 'resultArray': function() { return this._resultArray; }, 'nonceArray': function() { return this._nonceArray; }, 'elaborationChunkSize': function() { return Clipperz.Crypto.AES.DeferredExecution.chunkSize; }, 'executionStep': function() { return this._executionStep; }, 'setExecutionStep': function(aValue) { this._executionStep = aValue; }, 'pause': function(aValue) { return MochiKit.Async.wait(Clipperz.Crypto.AES.DeferredExecution.pauseTime, aValue); }, //----------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); //############################################################################# Clipperz.Crypto.AES.Key = function(args) { args = args || {}; this._key = args.key; this._keySize = args.keySize || this.key().length(); if (this.keySize() == 128/8) { this._b = 176; this._numberOfRounds = 10; } else if (this.keySize() == 256/8) { this._b = 240; this._numberOfRounds = 14; } else { MochiKit.Logging.logError("AES unsupported key size: " + (this.keySize() * 8) + " bits"); throw Clipperz.Crypto.AES.exception.UnsupportedKeySize; } this._stretchedKey = null; return this; } Clipperz.Crypto.AES.Key.prototype = MochiKit.Base.update(null, { 'asString': function() { return "Clipperz.Crypto.AES.Key (" + this.key().toHexString() + ")"; }, //----------------------------------------------------------------------------- 'key': function() { return this._key; }, 'keySize': function() { return this._keySize; }, 'b': function() { return this._b; }, 'numberOfRounds': function() { return this._numberOfRounds; }, //========================================================================= 'keyScheduleCore': function(aWord, aRoundConstantsIndex) { var result; var sbox; sbox = Clipperz.Crypto.AES.sbox(); result = [ sbox[aWord[1]] ^ Clipperz.Crypto.AES.roundConstants()[aRoundConstantsIndex], sbox[aWord[2]], sbox[aWord[3]], sbox[aWord[0]] ]; return result; }, //----------------------------------------------------------------------------- 'xorWithPreviousStretchValues': function(aKey, aWord, aPreviousWordIndex) { var result; var i,c; result = []; c = 4; for (i=0; i<c; i++) { result[i] = aWord[i] ^ aKey.byteAtIndex(aPreviousWordIndex + i); } return result; }, //----------------------------------------------------------------------------- 'sboxShakeup': function(aWord) { var result; var sbox; var i,c; result = []; sbox = Clipperz.Crypto.AES.sbox(); c =4; for (i=0; i<c; i++) { result[i] = sbox[aWord[i]]; } return result; }, //----------------------------------------------------------------------------- 'stretchKey': function(aKey) { var currentWord; var keyLength; var previousStretchIndex; var i,c; keyLength = aKey.length(); previousStretchIndex = keyLength - this.keySize(); currentWord = [ aKey.byteAtIndex(keyLength - 4), aKey.byteAtIndex(keyLength - 3), aKey.byteAtIndex(keyLength - 2), aKey.byteAtIndex(keyLength - 1) ]; currentWord = this.keyScheduleCore(currentWord, keyLength / this.keySize()); if (this.keySize() == 256/8) { c = 8; } else if (this.keySize() == 128/8){ c = 4; } for (i=0; i<c; i++) { if (i == 4) { // fifth streatch word currentWord = this.sboxShakeup(currentWord); } currentWord = this.xorWithPreviousStretchValues(aKey, currentWord, previousStretchIndex + (i*4)); aKey.appendBytes(currentWord); } return aKey; }, //----------------------------------------------------------------------------- 'stretchedKey': function() { if (this._stretchedKey == null) { var stretchedKey; stretchedKey = this.key().clone(); while (stretchedKey.length() < this.keySize()) { stretchedKey.appendByte(0); } while (stretchedKey.length() < this.b()) { stretchedKey = this.stretchKey(stretchedKey); } this._stretchedKey = stretchedKey.split(0, this.b()); } return this._stretchedKey; }, //========================================================================= __syntaxFix__: "syntax fix" }); //############################################################################# Clipperz.Crypto.AES.State = function(args) { args = args || {}; this._data = args.block; this._key = args.key; return this; } Clipperz.Crypto.AES.State.prototype = MochiKit.Base.update(null, { 'key': function() { return this._key; }, //----------------------------------------------------------------------------- 'data': function() { return this._data; }, 'setData': function(aValue) { this._data = aValue; }, //========================================================================= 'addRoundKey': function(aRoundNumber) { // each byte of the state is combined with the round key; each round key is derived from the cipher key using a key schedule. var data; var stretchedKey; var firstStretchedKeyIndex; var i,c; data = this.data(); stretchedKey = this.key().stretchedKey(); firstStretchedKeyIndex = aRoundNumber * (128/8); c = 128/8; for (i=0; i<c; i++) { data[i] = data[i] ^ stretchedKey.byteAtIndex(firstStretchedKeyIndex + i); } }, //----------------------------------------------------------------------------- 'subBytes': function() { // a non-linear substitution step where each byte is replaced with another according to a lookup table. var i,c; var data; var sbox; data = this.data(); sbox = Clipperz.Crypto.AES.sbox(); c = 16; for (i=0; i<c; i++) { data[i] = sbox[data[i]]; } }, //----------------------------------------------------------------------------- 'shiftRows': function() { // a transposition step where each row of the state is shifted cyclically a certain number of steps. var newValue; var data; var shiftMapping; var i,c; newValue = new Array(16); data = this.data(); shiftMapping = Clipperz.Crypto.AES.shiftRowMapping(); // [0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12, 1, 6, 11]; c = 16; for (i=0; i<c; i++) { newValue[i] = data[shiftMapping[i]]; } for (i=0; i<c; i++) { data[i] = newValue[i]; } }, //----------------------------------------------------------------------------- /* 'mixColumnsWithValues': function(someValues) { var result; var a; var i,c; c = 4; result = []; a = []; for (i=0; i<c; i++) { a[i] = []; a[i][1] = someValues[i] if ((a[i][1] & 0x80) == 0x80) { a[i][2] = (a[i][1] << 1) ^ 0x11b; } else { a[i][2] = a[i][1] << 1; } a[i][3] = a[i][2] ^ a[i][1]; } for (i=0; i<c; i++) { var x; x = Clipperz.Crypto.AES.mixColumnsMatrix()[i]; result[i] = a[0][x[0]] ^ a[1][x[1]] ^ a[2][x[2]] ^ a[3][x[3]]; } return result; }, 'mixColumns': function() { // a mixing operation which operates on the columns of the state, combining the four bytes in each column using a linear transformation. var data; var i, c; data = this.data(); c = 4; for(i=0; i<c; i++) { var blockIndex; var mixedValues; blockIndex = i * 4; mixedValues = this.mixColumnsWithValues([ data[blockIndex + 0], data[blockIndex + 1], data[blockIndex + 2], data[blockIndex + 3]]); data[blockIndex + 0] = mixedValues[0]; data[blockIndex + 1] = mixedValues[1]; data[blockIndex + 2] = mixedValues[2]; data[blockIndex + 3] = mixedValues[3]; } }, diff --git a/frontend/beta/js/Clipperz/Crypto/Base.js b/frontend/beta/js/Clipperz/Crypto/Base.js index d3a8e36..9acfc49 100644 --- a/frontend/beta/js/Clipperz/Crypto/Base.js +++ b/frontend/beta/js/Clipperz/Crypto/Base.js @@ -1,406 +1,404 @@ /* -Copyright 2008-2011 Clipperz Srl +Copyright 2008-2013 Clipperz Srl -This file is part of Clipperz Community Edition. -Clipperz Community Edition is an online password manager. +This file is part of Clipperz, the online password manager. For further information about its features and functionalities please refer to http://www.clipperz.com. -* Clipperz Community Edition is free software: you can redistribute - it and/or modify it under the terms of the GNU Affero General Public - License as published by the Free Software Foundation, either version - 3 of the License, or (at your option) any later version. +* Clipperz is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. -* Clipperz Community Edition is distributed in the hope that it will - be useful, but WITHOUT ANY WARRANTY; without even the implied - warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +* Clipperz is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. * You should have received a copy of the GNU Affero General Public - License along with Clipperz Community Edition. If not, see - <http://www.gnu.org/licenses/>. + License along with Clipperz. If not, see http://www.gnu.org/licenses/. */ try { if (typeof(Clipperz.Base) == 'undefined') { throw ""; }} catch (e) { throw "Clipperz.Crypto.Base depends on Clipperz.Base!"; } if (typeof(Clipperz.Crypto) == 'undefined') { Clipperz.Crypto = {}; } if (typeof(Clipperz.Crypto.Base) == 'undefined') { Clipperz.Crypto.Base = {}; } Clipperz.Crypto.Base.VERSION = "0.1"; Clipperz.Crypto.Base.NAME = "Clipperz.Crypto.Base"; //############################################################################# // Downloaded on March 30, 2006 from http://anmar.eu.org/projects/jssha2/files/jssha2-0.3.zip (jsSha2/sha256.js) //############################################################################# /* A JavaScript implementation of the Secure Hash Algorithm, SHA-256 * Version 0.3 Copyright Angel Marin 2003-2004 - http://anmar.eu.org/ * Distributed under the BSD License * Some bits taken from Paul Johnston's SHA-1 implementation */ var chrsz = 8; /* bits per input character. 8 - ASCII; 16 - Unicode */ function safe_add (x, y) { var lsw = (x & 0xFFFF) + (y & 0xFFFF); var msw = (x >> 16) + (y >> 16) + (lsw >> 16); return (msw << 16) | (lsw & 0xFFFF); } function S (X, n) {return ( X >>> n ) | (X << (32 - n));} function R (X, n) {return ( X >>> n );} function Ch(x, y, z) {return ((x & y) ^ ((~x) & z));} function Maj(x, y, z) {return ((x & y) ^ (x & z) ^ (y & z));} function Sigma0256(x) {return (S(x, 2) ^ S(x, 13) ^ S(x, 22));} function Sigma1256(x) {return (S(x, 6) ^ S(x, 11) ^ S(x, 25));} function Gamma0256(x) {return (S(x, 7) ^ S(x, 18) ^ R(x, 3));} function Gamma1256(x) {return (S(x, 17) ^ S(x, 19) ^ R(x, 10));} function core_sha256 (m, l) { var K = new Array(0x428A2F98,0x71374491,0xB5C0FBCF,0xE9B5DBA5,0x3956C25B,0x59F111F1,0x923F82A4,0xAB1C5ED5,0xD807AA98,0x12835B01,0x243185BE,0x550C7DC3,0x72BE5D74,0x80DEB1FE,0x9BDC06A7,0xC19BF174,0xE49B69C1,0xEFBE4786,0xFC19DC6,0x240CA1CC,0x2DE92C6F,0x4A7484AA,0x5CB0A9DC,0x76F988DA,0x983E5152,0xA831C66D,0xB00327C8,0xBF597FC7,0xC6E00BF3,0xD5A79147,0x6CA6351,0x14292967,0x27B70A85,0x2E1B2138,0x4D2C6DFC,0x53380D13,0x650A7354,0x766A0ABB,0x81C2C92E,0x92722C85,0xA2BFE8A1,0xA81A664B,0xC24B8B70,0xC76C51A3,0xD192E819,0xD6990624,0xF40E3585,0x106AA070,0x19A4C116,0x1E376C08,0x2748774C,0x34B0BCB5,0x391C0CB3,0x4ED8AA4A,0x5B9CCA4F,0x682E6FF3,0x748F82EE,0x78A5636F,0x84C87814,0x8CC70208,0x90BEFFFA,0xA4506CEB,0xBEF9A3F7,0xC67178F2); var HASH = new Array(0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19); var W = new Array(64); var a, b, c, d, e, f, g, h, i, j; var T1, T2; /* append padding */ m[l >> 5] |= 0x80 << (24 - l % 32); m[((l + 64 >> 9) << 4) + 15] = l; for ( var i = 0; i<m.length; i+=16 ) { a = HASH[0]; b = HASH[1]; c = HASH[2]; d = HASH[3]; e = HASH[4]; f = HASH[5]; g = HASH[6]; h = HASH[7]; for ( var j = 0; j<64; j++) { if (j < 16) W[j] = m[j + i]; else W[j] = safe_add(safe_add(safe_add(Gamma1256(W[j - 2]), W[j - 7]), Gamma0256(W[j - 15])), W[j - 16]); T1 = safe_add(safe_add(safe_add(safe_add(h, Sigma1256(e)), Ch(e, f, g)), K[j]), W[j]); T2 = safe_add(Sigma0256(a), Maj(a, b, c)); h = g; g = f; f = e; e = safe_add(d, T1); d = c; c = b; b = a; a = safe_add(T1, T2); } HASH[0] = safe_add(a, HASH[0]); HASH[1] = safe_add(b, HASH[1]); HASH[2] = safe_add(c, HASH[2]); HASH[3] = safe_add(d, HASH[3]); HASH[4] = safe_add(e, HASH[4]); HASH[5] = safe_add(f, HASH[5]); HASH[6] = safe_add(g, HASH[6]); HASH[7] = safe_add(h, HASH[7]); } return HASH; } function str2binb (str) { var bin = Array(); var mask = (1 << chrsz) - 1; for(var i = 0; i < str.length * chrsz; i += chrsz) bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (24 - i%32); return bin; } function binb2hex (binarray) { var hexcase = 0; /* hex output format. 0 - lowercase; 1 - uppercase */ var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef"; var str = ""; for (var i = 0; i < binarray.length * 4; i++) { str += hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8+4)) & 0xF) + hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8 )) & 0xF); } return str; } function hex_sha256(s){return binb2hex(core_sha256(str2binb(s),s.length * chrsz));} //############################################################################# // Downloaded on March 30, 2006 from http://www.fourmilab.ch/javascrypt/javascrypt.zip (entropy.js) //############################################################################# // Entropy collection utilities /* Start by declaring static storage and initialise the entropy vector from the time we come through here. */ var entropyData = new Array(); // Collected entropy data var edlen = 0; // Keyboard array data length addEntropyTime(); // Start entropy collection with page load time ce(); // Roll milliseconds into initial entropy // Add a byte to the entropy vector function addEntropyByte(b) { entropyData[edlen++] = b; } /* Capture entropy. When the user presses a key or performs various other events for which we can request notification, add the time in 255ths of a second to the entropyData array. The name of the function is short so it doesn't bloat the form object declarations in which it appears in various "onXXX" events. */ function ce() { addEntropyByte(Math.floor((((new Date).getMilliseconds()) * 255) / 999)); } // Add a 32 bit quantity to the entropy vector function addEntropy32(w) { var i; for (i = 0; i < 4; i++) { addEntropyByte(w & 0xFF); w >>= 8; } } /* Add the current time and date (milliseconds since the epoch, truncated to 32 bits) to the entropy vector. */ function addEntropyTime() { addEntropy32((new Date()).getTime()); } /* Start collection of entropy from mouse movements. The argument specifies the number of entropy items to be obtained from mouse motion, after which mouse motion will be ignored. Note that you can re-enable mouse motion collection at any time if not already underway. */ var mouseMotionCollect = 0; var oldMoveHandler; // For saving and restoring mouse move handler in IE4 function mouseMotionEntropy(maxsamp) { if (mouseMotionCollect <= 0) { mouseMotionCollect = maxsamp; if ((document.implementation.hasFeature("Events", "2.0")) && document.addEventListener) { // Browser supports Document Object Model (DOM) 2 events document.addEventListener("mousemove", mouseMoveEntropy, false); } else { if (document.attachEvent) { // Internet Explorer 5 and above event model document.attachEvent("onmousemove", mouseMoveEntropy); } else { // Internet Explorer 4 event model oldMoveHandler = document.onmousemove; document.onmousemove = mouseMoveEntropy; } } //dump("Mouse enable", mouseMotionCollect); } } /* Collect entropy from mouse motion events. Note that this is craftily coded to work with either DOM2 or Internet Explorer style events. Note that we don't use every successive mouse movement event. Instead, we XOR the three bytes collected from the mouse and use that to determine how many subsequent mouse movements we ignore before capturing the next one. */ var mouseEntropyTime = 0; // Delay counter for mouse entropy collection function mouseMoveEntropy(e) { if (!e) { e = window.event; // Internet Explorer event model } if (mouseMotionCollect > 0) { if (mouseEntropyTime-- <= 0) { addEntropyByte(e.screenX & 0xFF); addEntropyByte(e.screenY & 0xFF); ce(); mouseMotionCollect--; mouseEntropyTime = (entropyData[edlen - 3] ^ entropyData[edlen - 2] ^ entropyData[edlen - 1]) % 19; //dump("Mouse Move", byteArrayToHex(entropyData.slice(-3))); } if (mouseMotionCollect <= 0) { if (document.removeEventListener) { document.removeEventListener("mousemove", mouseMoveEntropy, false); } else if (document.detachEvent) { document.detachEvent("onmousemove", mouseMoveEntropy); } else { document.onmousemove = oldMoveHandler; } //dump("Spung!", 0); } } } /* Compute a 32 byte key value from the entropy vector. We compute the value by taking the MD5 sum of the even and odd bytes respectively of the entropy vector, then concatenating the two MD5 sums. */ function keyFromEntropy() { var i, k = new Array(32); if (edlen == 0) { alert("Blooie! Entropy vector void at call to keyFromEntropy."); } //dump("Entropy bytes", edlen); md5_init(); for (i = 0; i < edlen; i += 2) { md5_update(entropyData[i]); } md5_finish(); for (i = 0; i < 16; i++) { k[i] = digestBits[i]; } md5_init(); for (i = 1; i < edlen; i += 2) { md5_update(entropyData[i]); } md5_finish(); for (i = 0; i < 16; i++) { k[i + 16] = digestBits[i]; } //dump("keyFromEntropy", byteArrayToHex(k)); return k; } //############################################################################# // Downloaded on March 30, 2006 from http://www.fourmilab.ch/javascrypt/javascrypt.zip (aesprng.js) //############################################################################# // AES based pseudorandom number generator /* Constructor. Called with an array of 32 byte (0-255) values containing the initial seed. */ function AESprng(seed) { this.key = new Array(); this.key = seed; this.itext = hexToByteArray("9F489613248148F9C27945C6AE62EECA3E3367BB14064E4E6DC67A9F28AB3BD1"); this.nbytes = 0; // Bytes left in buffer this.next = AESprng_next; this.nextbits = AESprng_nextbits; this.nextInt = AESprng_nextInt; this.round = AESprng_round; /* Encrypt the initial text with the seed key three times, feeding the output of the encryption back into the key for the next round. */ bsb = blockSizeInBits; blockSizeInBits = 256; var i, ct; for (i = 0; i < 3; i++) { this.key = rijndaelEncrypt(this.itext, this.key, "ECB"); } /* Now make between one and four additional key-feedback rounds, with the number determined by bits from the result of the first three rounds. */ var n = 1 + (this.key[3] & 2) + (this.key[9] & 1); for (i = 0; i < n; i++) { this.key = rijndaelEncrypt(this.itext, this.key, "ECB"); } blockSizeInBits = bsb; } function AESprng_round() { bsb = blockSizeInBits; blockSizeInBits = 256; this.key = rijndaelEncrypt(this.itext, this.key, "ECB"); this.nbytes = 32; blockSizeInBits = bsb; } // Return next byte from the generator function AESprng_next() { if (this.nbytes <= 0) { this.round(); } return(this.key[--this.nbytes]); } // Return n bit integer value (up to maximum integer size) function AESprng_nextbits(n) { var i, w = 0, nbytes = Math.floor((n + 7) / 8); for (i = 0; i < nbytes; i++) { w = (w << 8) | this.next(); } return w & ((1 << n) - 1); } // Return integer between 0 and n inclusive function AESprng_nextInt(n) { var p = 1, nb = 0; // Determine smallest p, 2^p > n // nb = log_2 p while (n >= p) { p <<= 1; nb++; } p--; /* Generate values from 0 through n by first generating values v from 0 to (2^p)-1, then discarding any results v > n. For the rationale behind this (and why taking values mod (n + 1) is biased toward smaller values, see Ferguson and Schneier, "Practical Cryptography", ISBN 0-471-22357-3, section 10.8). */ while (true) { var v = this.nextbits(nb) & p; if (v <= n) { return v; } } } //############################################################################# // Downloaded on March 30, 2006 from http://www.fourmilab.ch/javascrypt/javascrypt.zip (md5.js) //############################################################################# /* * md5.jvs 1.0b 27/06/96 * * Javascript implementation of the RSA Data Security, Inc. MD5 * Message-Digest Algorithm. * * Copyright (c) 1996 Henri Torgemane. All Rights Reserved. * * Permission to use, copy, modify, and distribute this software * and its documentation for any purposes and without * fee is hereby granted provided that this copyright notice * appears in all copies. * * Of course, this soft is provided "as is" without express or implied * warranty of any kind. This version contains some trivial reformatting modifications by John Walker. */ function array(n) { for (i = 0; i < n; i++) { this[i] = 0; } this.length = n; } /* Some basic logical functions had to be rewritten because of a bug in * Javascript.. Just try to compute 0xffffffff >> 4 with it.. * Of course, these functions are slower than the original would be, but * at least, they work! */ function integer(n) { return n % (0xffffffff + 1); } function shr(a, b) { a = integer(a); b = integer(b); if (a - 0x80000000 >= 0) { a = a % 0x80000000; a >>= b; a += 0x40000000 >> (b - 1); } else { a >>= b; } diff --git a/frontend/beta/js/Clipperz/Crypto/BigInt.js b/frontend/beta/js/Clipperz/Crypto/BigInt.js index 41483a3..197cd9a 100644 --- a/frontend/beta/js/Clipperz/Crypto/BigInt.js +++ b/frontend/beta/js/Clipperz/Crypto/BigInt.js @@ -1,406 +1,404 @@ /* -Copyright 2008-2011 Clipperz Srl +Copyright 2008-2013 Clipperz Srl -This file is part of Clipperz Community Edition. -Clipperz Community Edition is an online password manager. +This file is part of Clipperz, the online password manager. For further information about its features and functionalities please refer to http://www.clipperz.com. -* Clipperz Community Edition is free software: you can redistribute - it and/or modify it under the terms of the GNU Affero General Public - License as published by the Free Software Foundation, either version - 3 of the License, or (at your option) any later version. +* Clipperz is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. -* Clipperz Community Edition is distributed in the hope that it will - be useful, but WITHOUT ANY WARRANTY; without even the implied - warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +* Clipperz is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. * You should have received a copy of the GNU Affero General Public - License along with Clipperz Community Edition. If not, see - <http://www.gnu.org/licenses/>. + License along with Clipperz. If not, see http://www.gnu.org/licenses/. */ if (typeof(Clipperz) == 'undefined') { Clipperz = {}; } if (typeof(Clipperz.Crypto) == 'undefined') { Clipperz.Crypto = {}; } //############################################################################# // Downloaded on March 05, 2007 from http://www.leemon.com/crypto/BigInt.js //############################################################################# //////////////////////////////////////////////////////////////////////////////////////// // Big Integer Library v. 5.0 // Created 2000, last modified 2006 // Leemon Baird // www.leemon.com // // This file is public domain. You can use it for any purpose without restriction. // I do not guarantee that it is correct, so use it at your own risk. If you use // it for something interesting, I'd appreciate hearing about it. If you find // any bugs or make any improvements, I'd appreciate hearing about those too. // It would also be nice if my name and address were left in the comments. // But none of that is required. // // This code defines a bigInt library for arbitrary-precision integers. // A bigInt is an array of integers storing the value in chunks of bpe bits, // little endian (buff[0] is the least significant word). // Negative bigInts are stored two's complement. // Some functions assume their parameters have at least one leading zero element. // Functions with an underscore at the end of the name have unpredictable behavior in case of overflow, // so the caller must make sure overflow won't happen. // For each function where a parameter is modified, that same // variable must not be used as another argument too. // So, you cannot square x by doing multMod_(x,x,n). // You must use squareMod_(x,n) instead, or do y=dup(x); multMod_(x,y,n). // // These functions are designed to avoid frequent dynamic memory allocation in the inner loop. // For most functions, if it needs a BigInt as a local variable it will actually use // a global, and will only allocate to it when it's not the right size. This ensures // that when a function is called repeatedly with same-sized parameters, it only allocates // memory on the first call. // // Note that for cryptographic purposes, the calls to Math.random() must // be replaced with calls to a better pseudorandom number generator. // // In the following, "bigInt" means a bigInt with at least one leading zero element, // and "integer" means a nonnegative integer less than radix. In some cases, integer // can be negative. Negative bigInts are 2s complement. // // The following functions do not modify their inputs, but dynamically allocate memory every time they are called: // // function bigInt2str(x,base) //convert a bigInt into a string in a given base, from base 2 up to base 95 // function dup(x) //returns a copy of bigInt x // function findPrimes(n) //return array of all primes less than integer n // function int2bigInt(t,n,m) //convert integer t to a bigInt with at least n bits and m array elements // function int2bigInt(s,b,n,m) //convert string s in base b to a bigInt with at least n bits and m array elements // function trim(x,k) //return a copy of x with exactly k leading zero elements // // The following functions do not modify their inputs, so there is never a problem with the result being too big: // // function bitSize(x) //returns how many bits long the bigInt x is, not counting leading zeros // function equals(x,y) //is the bigInt x equal to the bigint y? // function equalsInt(x,y) //is bigint x equal to integer y? // function greater(x,y) //is x>y? (x and y are nonnegative bigInts) // function greaterShift(x,y,shift)//is (x <<(shift*bpe)) > y? // function isZero(x) //is the bigInt x equal to zero? // function millerRabin(x,b) //does one round of Miller-Rabin base integer b say that bigInt x is possibly prime (as opposed to definitely composite)? // function modInt(x,n) //return x mod n for bigInt x and integer n. // function negative(x) //is bigInt x negative? // // The following functions do not modify their inputs, but allocate memory and call functions with underscores // // function add(x,y) //return (x+y) for bigInts x and y. // function addInt(x,n) //return (x+n) where x is a bigInt and n is an integer. // function expand(x,n) //return a copy of x with at least n elements, adding leading zeros if needed // function inverseMod(x,n) //return (x**(-1) mod n) for bigInts x and n. If no inverse exists, it returns null // function mod(x,n) //return a new bigInt equal to (x mod n) for bigInts x and n. // function mult(x,y) //return x*y for bigInts x and y. This is faster when y<x. // function multMod(x,y,n) //return (x*y mod n) for bigInts x,y,n. For greater speed, let y<x. // function powMod(x,y,n) //return (x**y mod n) where x,y,n are bigInts and ** is exponentiation. 0**0=1. Faster for odd n. // function randTruePrime(k) //return a new, random, k-bit, true prime using Maurer's algorithm. // function sub(x,y) //return (x-y) for bigInts x and y. Negative answers will be 2s complement // // The following functions write a bigInt result to one of the parameters, but // the result is never bigger than the original, so there can't be overflow problems: // // function divInt_(x,n) //do x=floor(x/n) for bigInt x and integer n, and return the remainder // function GCD_(x,y) //set x to the greatest common divisor of bigInts x and y, (y is destroyed). // function halve_(x) //do x=floor(|x|/2)*sgn(x) for bigInt x in 2's complement // function mod_(x,n) //do x=x mod n for bigInts x and n. // function rightShift_(x,n) //right shift bigInt x by n bits. 0 <= n < bpe. // // The following functions write a bigInt result to one of the parameters. The caller is responsible for // ensuring it is large enough to hold the result. // // function addInt_(x,n) //do x=x+n where x is a bigInt and n is an integer // function add_(x,y) //do x=x+y for bigInts x and y // function addShift_(x,y,ys) //do x=x+(y<<(ys*bpe)) // function copy_(x,y) //do x=y on bigInts x and y // function copyInt_(x,n) //do x=n on bigInt x and integer n // function carry_(x) //do carries and borrows so each element of the bigInt x fits in bpe bits. // function divide_(x,y,q,r) //divide_ x by y giving quotient q and remainder r // function eGCD_(x,y,d,a,b) //sets a,b,d to positive big integers such that d = GCD_(x,y) = a*x-b*y // function inverseMod_(x,n) //do x=x**(-1) mod n, for bigInts x and n. Returns 1 (0) if inverse does (doesn't) exist // function inverseModInt_(x,n) //return x**(-1) mod n, for integers x and n. Return 0 if there is no inverse // function leftShift_(x,n) //left shift bigInt x by n bits. n<bpe. // function linComb_(x,y,a,b) //do x=a*x+b*y for bigInts x and y and integers a and b // function linCombShift_(x,y,b,ys) //do x=x+b*(y<<(ys*bpe)) for bigInts x and y, and integers b and ys // function mont_(x,y,n,np) //Montgomery multiplication (see comments where the function is defined) // function mult_(x,y) //do x=x*y for bigInts x and y. // function multInt_(x,n) //do x=x*n where x is a bigInt and n is an integer. // function multMod_(x,y,n) //do x=x*y mod n for bigInts x,y,n. // function powMod_(x,y,n) //do x=x**y mod n, where x,y,n are bigInts (n is odd) and ** is exponentiation. 0**0=1. // function randBigInt_(b,n,s) //do b = an n-bit random BigInt. if s=1, then nth bit (most significant bit) is set to 1. n>=1. // function randTruePrime_(ans,k) //do ans = a random k-bit true random prime (not just probable prime) with 1 in the msb. // function squareMod_(x,n) //do x=x*x mod n for bigInts x,n // function sub_(x,y) //do x=x-y for bigInts x and y. Negative answers will be 2s complement. // function subShift_(x,y,ys) //do x=x-(y<<(ys*bpe)). Negative answers will be 2s complement. // // The following functions are based on algorithms from the _Handbook of Applied Cryptography_ // powMod_() = algorithm 14.94, Montgomery exponentiation // eGCD_,inverseMod_() = algorithm 14.61, Binary extended GCD_ // GCD_() = algorothm 14.57, Lehmer's algorithm // mont_() = algorithm 14.36, Montgomery multiplication // divide_() = algorithm 14.20 Multiple-precision division // squareMod_() = algorithm 14.16 Multiple-precision squaring // randTruePrime_() = algorithm 4.62, Maurer's algorithm // millerRabin() = algorithm 4.24, Miller-Rabin algorithm // // Profiling shows: // randTruePrime_() spends: // 10% of its time in calls to powMod_() // 85% of its time in calls to millerRabin() // millerRabin() spends: // 99% of its time in calls to powMod_() (always with a base of 2) // powMod_() spends: // 94% of its time in calls to mont_() (almost always with x==y) // // This suggests there are several ways to speed up this library slightly: // - convert powMod_ to use a Montgomery form of k-ary window (or maybe a Montgomery form of sliding window) // -- this should especially focus on being fast when raising 2 to a power mod n // - convert randTruePrime_() to use a minimum r of 1/3 instead of 1/2 with the appropriate change to the test // - tune the parameters in randTruePrime_(), including c, m, and recLimit // - speed up the single loop in mont_() that takes 95% of the runtime, perhaps by reducing checking // within the loop when all the parameters are the same length. // // There are several ideas that look like they wouldn't help much at all: // - replacing trial division in randTruePrime_() with a sieve (that speeds up something taking almost no time anyway) // - increase bpe from 15 to 30 (that would help if we had a 32*32->64 multiplier, but not with JavaScript's 32*32->32) // - speeding up mont_(x,y,n,np) when x==y by doing a non-modular, non-Montgomery square // followed by a Montgomery reduction. The intermediate answer will be twice as long as x, so that // method would be slower. This is unfortunate because the code currently spends almost all of its time // doing mont_(x,x,...), both for randTruePrime_() and powMod_(). A faster method for Montgomery squaring // would have a large impact on the speed of randTruePrime_() and powMod_(). HAC has a couple of poorly-worded // sentences that seem to imply it's faster to do a non-modular square followed by a single // Montgomery reduction, but that's obviously wrong. //////////////////////////////////////////////////////////////////////////////////////// //globals bpe=0; //bits stored per array element mask=0; //AND this with an array element to chop it down to bpe bits radix=mask+1; //equals 2^bpe. A single 1 bit to the left of the last bit of mask. //the digits for converting to different bases digitsStr='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_=!@#$%^&*()[]{}|;:,.<>/?`~ \\\'\"+-'; //initialize the global variables for (bpe=0; (1<<(bpe+1)) > (1<<bpe); bpe++); //bpe=number of bits in the mantissa on this platform bpe>>=1; //bpe=number of bits in one element of the array representing the bigInt mask=(1<<bpe)-1; //AND the mask with an integer to get its bpe least significant bits radix=mask+1; //2^bpe. a single 1 bit to the left of the first bit of mask one=int2bigInt(1,1,1); //constant used in powMod_() //the following global variables are scratchpad memory to //reduce dynamic memory allocation in the inner loop t=new Array(0); ss=t; //used in mult_() s0=t; //used in multMod_(), squareMod_() s1=t; //used in powMod_(), multMod_(), squareMod_() s2=t; //used in powMod_(), multMod_() s3=t; //used in powMod_() s4=t; s5=t; //used in mod_() s6=t; //used in bigInt2str() s7=t; //used in powMod_() T=t; //used in GCD_() sa=t; //used in mont_() mr_x1=t; mr_r=t; mr_a=t; //used in millerRabin() eg_v=t; eg_u=t; eg_A=t; eg_B=t; eg_C=t; eg_D=t; //used in eGCD_(), inverseMod_() md_q1=t; md_q2=t; md_q3=t; md_r=t; md_r1=t; md_r2=t; md_tt=t; //used in mod_() primes=t; pows=t; s_i=t; s_i2=t; s_R=t; s_rm=t; s_q=t; s_n1=t; s_a=t; s_r2=t; s_n=t; s_b=t; s_d=t; s_x1=t; s_x2=t, s_aa=t; //used in randTruePrime_() //////////////////////////////////////////////////////////////////////////////////////// //return array of all primes less than integer n function findPrimes(n) { var i,s,p,ans; s=new Array(n); for (i=0;i<n;i++) s[i]=0; s[0]=2; p=0; //first p elements of s are primes, the rest are a sieve for(;s[p]<n;) { //s[p] is the pth prime for(i=s[p]*s[p]; i<n; i+=s[p]) //mark multiples of s[p] s[i]=1; p++; s[p]=s[p-1]+1; for(; s[p]<n && s[s[p]]; s[p]++); //find next prime (where s[p]==0) } ans=new Array(p); for(i=0;i<p;i++) ans[i]=s[i]; return ans; } //does a single round of Miller-Rabin base b consider x to be a possible prime? //x is a bigInt, and b is an integer function millerRabin(x,b) { var i,j,k,s; if (mr_x1.length!=x.length) { mr_x1=dup(x); mr_r=dup(x); mr_a=dup(x); } copyInt_(mr_a,b); copy_(mr_r,x); copy_(mr_x1,x); addInt_(mr_r,-1); addInt_(mr_x1,-1); //s=the highest power of two that divides mr_r k=0; for (i=0;i<mr_r.length;i++) for (j=1;j<mask;j<<=1) if (x[i] & j) { s=(k<mr_r.length+bpe ? k : 0); i=mr_r.length; j=mask; } else k++; if (s) rightShift_(mr_r,s); powMod_(mr_a,mr_r,x); if (!equalsInt(mr_a,1) && !equals(mr_a,mr_x1)) { j=1; while (j<=s-1 && !equals(mr_a,mr_x1)) { squareMod_(mr_a,x); if (equalsInt(mr_a,1)) { return 0; } j++; } if (!equals(mr_a,mr_x1)) { return 0; } } return 1; } //returns how many bits long the bigInt is, not counting leading zeros. function bitSize(x) { var j,z,w; for (j=x.length-1; (x[j]==0) && (j>0); j--); for (z=0,w=x[j]; w; (w>>=1),z++); z+=bpe*j; return z; } //return a copy of x with at least n elements, adding leading zeros if needed function expand(x,n) { var ans=int2bigInt(0,(x.length>n ? x.length : n)*bpe,0); copy_(ans,x); return ans; } //return a k-bit true random prime using Maurer's algorithm. function randTruePrime(k) { var ans=int2bigInt(0,k,0); randTruePrime_(ans,k); return trim(ans,1); } //return a new bigInt equal to (x mod n) for bigInts x and n. function mod(x,n) { var ans=dup(x); mod_(ans,n); return trim(ans,1); } //return (x+n) where x is a bigInt and n is an integer. function addInt(x,n) { var ans=expand(x,x.length+1); addInt_(ans,n); return trim(ans,1); } //return x*y for bigInts x and y. This is faster when y<x. function mult(x,y) { var ans=expand(x,x.length+y.length); mult_(ans,y); return trim(ans,1); } //return (x**y mod n) where x,y,n are bigInts and ** is exponentiation. 0**0=1. Faster for odd n. function powMod(x,y,n) { var ans=expand(x,n.length); powMod_(ans,trim(y,2),trim(n,2),0); //this should work without the trim, but doesn't return trim(ans,1); } //return (x-y) for bigInts x and y. Negative answers will be 2s complement function sub(x,y) { var ans=expand(x,(x.length>y.length ? x.length+1 : y.length+1)); sub_(ans,y); return trim(ans,1); } //return (x+y) for bigInts x and y. function add(x,y) { var ans=expand(x,(x.length>y.length ? x.length+1 : y.length+1)); add_(ans,y); return trim(ans,1); } //return (x**(-1) mod n) for bigInts x and n. If no inverse exists, it returns null function inverseMod(x,n) { var ans=expand(x,n.length); var s; s=inverseMod_(ans,n); return s ? trim(ans,1) : null; } //return (x*y mod n) for bigInts x,y,n. For greater speed, let y<x. function multMod(x,y,n) { var ans=expand(x,n.length); multMod_(ans,y,n); return trim(ans,1); } //generate a k-bit true random prime using Maurer's algorithm, //and put it into ans. The bigInt ans must be large enough to hold it. function randTruePrime_(ans,k) { var c,m,pm,dd,j,r,B,divisible,z,zz,recSize; if (primes.length==0) primes=findPrimes(30000); //check for divisibility by primes <=30000 if (pows.length==0) { pows=new Array(512); for (j=0;j<512;j++) { pows[j]=Math.pow(2,j/511.-1.); } } //c and m should be tuned for a particular machine and value of k, to maximize speed //this was: c=primes[primes.length-1]/k/k; //check using all the small primes. (c=0.1 in HAC) c=0.1; m=20; //generate this k-bit number by first recursively generating a number that has between k/2 and k-m bits recLimit=20; /*must be at least 2 (was 29)*/ //stop recursion when k <=recLimit if (s_i2.length!=ans.length) { s_i2=dup(ans); s_R =dup(ans); s_n1=dup(ans); s_r2=dup(ans); s_d =dup(ans); s_x1=dup(ans); s_x2=dup(ans); s_b =dup(ans); s_n =dup(ans); s_i =dup(ans); s_rm=dup(ans); s_q =dup(ans); s_a =dup(ans); s_aa=dup(ans); } diff --git a/frontend/beta/js/Clipperz/Crypto/BigInt_scoped.js b/frontend/beta/js/Clipperz/Crypto/BigInt_scoped.js index f91c7e9..bc60330 100644 --- a/frontend/beta/js/Clipperz/Crypto/BigInt_scoped.js +++ b/frontend/beta/js/Clipperz/Crypto/BigInt_scoped.js @@ -1,406 +1,404 @@ /* -Copyright 2008-2011 Clipperz Srl +Copyright 2008-2013 Clipperz Srl -This file is part of Clipperz Community Edition. -Clipperz Community Edition is an online password manager. +This file is part of Clipperz, the online password manager. For further information about its features and functionalities please refer to http://www.clipperz.com. -* Clipperz Community Edition is free software: you can redistribute - it and/or modify it under the terms of the GNU Affero General Public - License as published by the Free Software Foundation, either version - 3 of the License, or (at your option) any later version. +* Clipperz is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. -* Clipperz Community Edition is distributed in the hope that it will - be useful, but WITHOUT ANY WARRANTY; without even the implied - warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +* Clipperz is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. * You should have received a copy of the GNU Affero General Public - License along with Clipperz Community Edition. If not, see - <http://www.gnu.org/licenses/>. + License along with Clipperz. If not, see http://www.gnu.org/licenses/. */ if (typeof(Clipperz) == 'undefined') { Clipperz = {}; } if (typeof(Clipperz.Crypto) == 'undefined') { Clipperz.Crypto = {}; } if (typeof(Leemon) == 'undefined') { Leemon = {}; } if (typeof(Baird.Crypto) == 'undefined') { Baird.Crypto = {}; } if (typeof(Baird.Crypto.BigInt) == 'undefined') { Baird.Crypto.BigInt = {}; } //############################################################################# // Downloaded on March 05, 2007 from http://www.leemon.com/crypto/BigInt.js //############################################################################# //////////////////////////////////////////////////////////////////////////////////////// // Big Integer Library v. 5.0 // Created 2000, last modified 2006 // Leemon Baird // www.leemon.com // // This file is public domain. You can use it for any purpose without restriction. // I do not guarantee that it is correct, so use it at your own risk. If you use // it for something interesting, I'd appreciate hearing about it. If you find // any bugs or make any improvements, I'd appreciate hearing about those too. // It would also be nice if my name and address were left in the comments. // But none of that is required. // // This code defines a bigInt library for arbitrary-precision integers. // A bigInt is an array of integers storing the value in chunks of bpe bits, // little endian (buff[0] is the least significant word). // Negative bigInts are stored two's complement. // Some functions assume their parameters have at least one leading zero element. // Functions with an underscore at the end of the name have unpredictable behavior in case of overflow, // so the caller must make sure overflow won't happen. // For each function where a parameter is modified, that same // variable must not be used as another argument too. // So, you cannot square x by doing multMod_(x,x,n). // You must use squareMod_(x,n) instead, or do y=dup(x); multMod_(x,y,n). // // These functions are designed to avoid frequent dynamic memory allocation in the inner loop. // For most functions, if it needs a BigInt as a local variable it will actually use // a global, and will only allocate to it when it's not the right size. This ensures // that when a function is called repeatedly with same-sized parameters, it only allocates // memory on the first call. // // Note that for cryptographic purposes, the calls to Math.random() must // be replaced with calls to a better pseudorandom number generator. // // In the following, "bigInt" means a bigInt with at least one leading zero element, // and "integer" means a nonnegative integer less than radix. In some cases, integer // can be negative. Negative bigInts are 2s complement. // // The following functions do not modify their inputs, but dynamically allocate memory every time they are called: // // function bigInt2str(x,base) //convert a bigInt into a string in a given base, from base 2 up to base 95 // function dup(x) //returns a copy of bigInt x // function findPrimes(n) //return array of all primes less than integer n // function int2bigInt(t,n,m) //convert integer t to a bigInt with at least n bits and m array elements // function str2bigInt(s,b,n,m) //convert string s in base b to a bigInt with at least n bits and m array elements // function trim(x,k) //return a copy of x with exactly k leading zero elements // // The following functions do not modify their inputs, so there is never a problem with the result being too big: // // function bitSize(x) //returns how many bits long the bigInt x is, not counting leading zeros // function equals(x,y) //is the bigInt x equal to the bigint y? // function equalsInt(x,y) //is bigint x equal to integer y? // function greater(x,y) //is x>y? (x and y are nonnegative bigInts) // function greaterShift(x,y,shift)//is (x <<(shift*bpe)) > y? // function isZero(x) //is the bigInt x equal to zero? // function millerRabin(x,b) //does one round of Miller-Rabin base integer b say that bigInt x is possibly prime (as opposed to definitely composite)? // function modInt(x,n) //return x mod n for bigInt x and integer n. // function negative(x) //is bigInt x negative? // // The following functions do not modify their inputs, but allocate memory and call functions with underscores // // function add(x,y) //return (x+y) for bigInts x and y. // function addInt(x,n) //return (x+n) where x is a bigInt and n is an integer. // function expand(x,n) //return a copy of x with at least n elements, adding leading zeros if needed // function inverseMod(x,n) //return (x**(-1) mod n) for bigInts x and n. If no inverse exists, it returns null // function mod(x,n) //return a new bigInt equal to (x mod n) for bigInts x and n. // function mult(x,y) //return x*y for bigInts x and y. This is faster when y<x. // function multMod(x,y,n) //return (x*y mod n) for bigInts x,y,n. For greater speed, let y<x. // function powMod(x,y,n) //return (x**y mod n) where x,y,n are bigInts and ** is exponentiation. 0**0=1. Faster for odd n. // function randTruePrime(k) //return a new, random, k-bit, true prime using Maurer's algorithm. // function sub(x,y) //return (x-y) for bigInts x and y. Negative answers will be 2s complement // // The following functions write a bigInt result to one of the parameters, but // the result is never bigger than the original, so there can't be overflow problems: // // function divInt_(x,n) //do x=floor(x/n) for bigInt x and integer n, and return the remainder // function GCD_(x,y) //set x to the greatest common divisor of bigInts x and y, (y is destroyed). // function halve_(x) //do x=floor(|x|/2)*sgn(x) for bigInt x in 2's complement // function mod_(x,n) //do x=x mod n for bigInts x and n. // function rightShift_(x,n) //right shift bigInt x by n bits. 0 <= n < bpe. // // The following functions write a bigInt result to one of the parameters. The caller is responsible for // ensuring it is large enough to hold the result. // // function addInt_(x,n) //do x=x+n where x is a bigInt and n is an integer // function add_(x,y) //do x=x+y for bigInts x and y // function addShift_(x,y,ys) //do x=x+(y<<(ys*bpe)) // function copy_(x,y) //do x=y on bigInts x and y // function copyInt_(x,n) //do x=n on bigInt x and integer n // function carry_(x) //do carries and borrows so each element of the bigInt x fits in bpe bits. // function divide_(x,y,q,r) //divide_ x by y giving quotient q and remainder r // function eGCD_(x,y,d,a,b) //sets a,b,d to positive big integers such that d = GCD_(x,y) = a*x-b*y // function inverseMod_(x,n) //do x=x**(-1) mod n, for bigInts x and n. Returns 1 (0) if inverse does (doesn't) exist // function inverseModInt_(x,n) //return x**(-1) mod n, for integers x and n. Return 0 if there is no inverse // function leftShift_(x,n) //left shift bigInt x by n bits. n<bpe. // function linComb_(x,y,a,b) //do x=a*x+b*y for bigInts x and y and integers a and b // function linCombShift_(x,y,b,ys) //do x=x+b*(y<<(ys*bpe)) for bigInts x and y, and integers b and ys // function mont_(x,y,n,np) //Montgomery multiplication (see comments where the function is defined) // function mult_(x,y) //do x=x*y for bigInts x and y. // function multInt_(x,n) //do x=x*n where x is a bigInt and n is an integer. // function multMod_(x,y,n) //do x=x*y mod n for bigInts x,y,n. // function powMod_(x,y,n) //do x=x**y mod n, where x,y,n are bigInts (n is odd) and ** is exponentiation. 0**0=1. // function randBigInt_(b,n,s) //do b = an n-bit random BigInt. if s=1, then nth bit (most significant bit) is set to 1. n>=1. // function randTruePrime_(ans,k) //do ans = a random k-bit true random prime (not just probable prime) with 1 in the msb. // function squareMod_(x,n) //do x=x*x mod n for bigInts x,n // function sub_(x,y) //do x=x-y for bigInts x and y. Negative answers will be 2s complement. // function subShift_(x,y,ys) //do x=x-(y<<(ys*bpe)). Negative answers will be 2s complement. // // The following functions are based on algorithms from the _Handbook of Applied Cryptography_ // powMod_() = algorithm 14.94, Montgomery exponentiation // eGCD_,inverseMod_() = algorithm 14.61, Binary extended GCD_ // GCD_() = algorothm 14.57, Lehmer's algorithm // mont_() = algorithm 14.36, Montgomery multiplication // divide_() = algorithm 14.20 Multiple-precision division // squareMod_() = algorithm 14.16 Multiple-precision squaring // randTruePrime_() = algorithm 4.62, Maurer's algorithm // millerRabin() = algorithm 4.24, Miller-Rabin algorithm // // Profiling shows: // randTruePrime_() spends: // 10% of its time in calls to powMod_() // 85% of its time in calls to millerRabin() // millerRabin() spends: // 99% of its time in calls to powMod_() (always with a base of 2) // powMod_() spends: // 94% of its time in calls to mont_() (almost always with x==y) // // This suggests there are several ways to speed up this library slightly: // - convert powMod_ to use a Montgomery form of k-ary window (or maybe a Montgomery form of sliding window) // -- this should especially focus on being fast when raising 2 to a power mod n // - convert randTruePrime_() to use a minimum r of 1/3 instead of 1/2 with the appropriate change to the test // - tune the parameters in randTruePrime_(), including c, m, and recLimit // - speed up the single loop in mont_() that takes 95% of the runtime, perhaps by reducing checking // within the loop when all the parameters are the same length. // // There are several ideas that look like they wouldn't help much at all: // - replacing trial division in randTruePrime_() with a sieve (that speeds up something taking almost no time anyway) // - increase bpe from 15 to 30 (that would help if we had a 32*32->64 multiplier, but not with JavaScript's 32*32->32) // - speeding up mont_(x,y,n,np) when x==y by doing a non-modular, non-Montgomery square // followed by a Montgomery reduction. The intermediate answer will be twice as long as x, so that // method would be slower. This is unfortunate because the code currently spends almost all of its time // doing mont_(x,x,...), both for randTruePrime_() and powMod_(). A faster method for Montgomery squaring // would have a large impact on the speed of randTruePrime_() and powMod_(). HAC has a couple of poorly-worded // sentences that seem to imply it's faster to do a non-modular square followed by a single // Montgomery reduction, but that's obviously wrong. //////////////////////////////////////////////////////////////////////////////////////// // // The whole library has been moved into the Baird.Crypto.BigInt scope by Giulio Cesare Solaroli <giulio.cesare@clipperz.com> // Baird.Crypto.BigInt.VERSION = "5.0"; Baird.Crypto.BigInt.NAME = "Baird.Crypto.BigInt"; MochiKit.Base.update(Baird.Crypto.BigInt, { //globals 'bpe': 0, //bits stored per array element 'mask': 0, //AND this with an array element to chop it down to bpe bits 'radix': Baird.Crypto.BigInt.mask + 1, //equals 2^bpe. A single 1 bit to the left of the last bit of mask. //the digits for converting to different bases 'digitsStr': '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_=!@#$%^&*()[]{}|;:,.<>/?`~ \\\'\"+-', //initialize the global variables for (bpe=0; (1<<(bpe+1)) > (1<<bpe); bpe++); //bpe=number of bits in the mantissa on this platform bpe>>=1; //bpe=number of bits in one element of the array representing the bigInt mask=(1<<bpe)-1; //AND the mask with an integer to get its bpe least significant bits radix=mask+1; //2^bpe. a single 1 bit to the left of the first bit of mask one=int2bigInt(1,1,1); //constant used in powMod_() //the following global variables are scratchpad memory to //reduce dynamic memory allocation in the inner loop t=new Array(0); ss=t; //used in mult_() s0=t; //used in multMod_(), squareMod_() s1=t; //used in powMod_(), multMod_(), squareMod_() s2=t; //used in powMod_(), multMod_() s3=t; //used in powMod_() s4=t; s5=t; //used in mod_() s6=t; //used in bigInt2str() s7=t; //used in powMod_() T=t; //used in GCD_() sa=t; //used in mont_() mr_x1=t; mr_r=t; mr_a=t; //used in millerRabin() eg_v=t; eg_u=t; eg_A=t; eg_B=t; eg_C=t; eg_D=t; //used in eGCD_(), inverseMod_() md_q1=t; md_q2=t; md_q3=t; md_r=t; md_r1=t; md_r2=t; md_tt=t; //used in mod_() primes=t; pows=t; s_i=t; s_i2=t; s_R=t; s_rm=t; s_q=t; s_n1=t; s_a=t; s_r2=t; s_n=t; s_b=t; s_d=t; s_x1=t; s_x2=t, s_aa=t; //used in randTruePrime_() //////////////////////////////////////////////////////////////////////////////////////// //return array of all primes less than integer n 'findPrimes': function(n) { var i,s,p,ans; s=new Array(n); for (i=0;i<n;i++) s[i]=0; s[0]=2; p=0; //first p elements of s are primes, the rest are a sieve for(;s[p]<n;) { //s[p] is the pth prime for(i=s[p]*s[p]; i<n; i+=s[p]) //mark multiples of s[p] s[i]=1; p++; s[p]=s[p-1]+1; for(; s[p]<n && s[s[p]]; s[p]++); //find next prime (where s[p]==0) } ans=new Array(p); for(i=0;i<p;i++) ans[i]=s[i]; return ans; }, //does a single round of Miller-Rabin base b consider x to be a possible prime? //x is a bigInt, and b is an integer 'millerRabin': function(x,b) { var i,j,k,s; if (mr_x1.length!=x.length) { mr_x1=dup(x); mr_r=dup(x); mr_a=dup(x); } copyInt_(mr_a,b); copy_(mr_r,x); copy_(mr_x1,x); addInt_(mr_r,-1); addInt_(mr_x1,-1); //s=the highest power of two that divides mr_r k=0; for (i=0;i<mr_r.length;i++) for (j=1;j<mask;j<<=1) if (x[i] & j) { s=(k<mr_r.length+bpe ? k : 0); i=mr_r.length; j=mask; } else k++; if (s) rightShift_(mr_r,s); powMod_(mr_a,mr_r,x); if (!equalsInt(mr_a,1) && !equals(mr_a,mr_x1)) { j=1; while (j<=s-1 && !equals(mr_a,mr_x1)) { squareMod_(mr_a,x); if (equalsInt(mr_a,1)) { return 0; } j++; } if (!equals(mr_a,mr_x1)) { return 0; } } return 1; }, //returns how many bits long the bigInt is, not counting leading zeros. 'bitSize': function(x) { var j,z,w; for (j=x.length-1; (x[j]==0) && (j>0); j--); for (z=0,w=x[j]; w; (w>>=1),z++); z+=bpe*j; return z; }, //return a copy of x with at least n elements, adding leading zeros if needed 'expand': function(x,n) { var ans=int2bigInt(0,(x.length>n ? x.length : n)*bpe,0); copy_(ans,x); return ans; }, //return a k-bit true random prime using Maurer's algorithm. 'randTruePrime': function(k) { var ans=int2bigInt(0,k,0); randTruePrime_(ans,k); return trim(ans,1); }, //return a new bigInt equal to (x mod n) for bigInts x and n. 'mod': function(x,n) { var ans=dup(x); mod_(ans,n); return trim(ans,1); }, //return (x+n) where x is a bigInt and n is an integer. 'addInt': function(x,n) { var ans=expand(x,x.length+1); addInt_(ans,n); return trim(ans,1); }, //return x*y for bigInts x and y. This is faster when y<x. 'mult': function(x,y) { var ans=expand(x,x.length+y.length); mult_(ans,y); return trim(ans,1); }, //return (x**y mod n) where x,y,n are bigInts and ** is exponentiation. 0**0=1. Faster for odd n. 'powMod': function(x,y,n) { var ans=expand(x,n.length); powMod_(ans,trim(y,2),trim(n,2),0); //this should work without the trim, but doesn't return trim(ans,1); }, //return (x-y) for bigInts x and y. Negative answers will be 2s complement 'sub': function(x,y) { var ans=expand(x,(x.length>y.length ? x.length+1 : y.length+1)); sub_(ans,y); return trim(ans,1); }, //return (x+y) for bigInts x and y. 'add': function(x,y) { var ans=expand(x,(x.length>y.length ? x.length+1 : y.length+1)); add_(ans,y); return trim(ans,1); }, //return (x**(-1) mod n) for bigInts x and n. If no inverse exists, it returns null 'inverseMod': function(x,n) { var ans=expand(x,n.length); var s; s=inverseMod_(ans,n); return s ? trim(ans,1) : null; }, //return (x*y mod n) for bigInts x,y,n. For greater speed, let y<x. 'multMod': function(x,y,n) { var ans=expand(x,n.length); multMod_(ans,y,n); return trim(ans,1); }, //generate a k-bit true random prime using Maurer's algorithm, //and put it into ans. The bigInt ans must be large enough to hold it. 'randTruePrime_': function(ans,k) { var c,m,pm,dd,j,r,B,divisible,z,zz,recSize; if (primes.length==0) primes=findPrimes(30000); //check for divisibility by primes <=30000 if (pows.length==0) { pows=new Array(512); for (j=0;j<512;j++) { pows[j]=Math.pow(2,j/511.-1.); } } //c and m should be tuned for a particular machine and value of k, to maximize speed //this was: c=primes[primes.length-1]/k/k; //check using all the small primes. (c=0.1 in HAC) c=0.1; m=20; //generate this k-bit number by first recursively generating a number that has between k/2 and k-m bits recLimit=20; /*must be at least 2 (was 29)*/ //stop recursion when k <=recLimit if (s_i2.length!=ans.length) { s_i2=dup(ans); s_R =dup(ans); s_n1=dup(ans); s_r2=dup(ans); diff --git a/frontend/beta/js/Clipperz/Crypto/ECC.js b/frontend/beta/js/Clipperz/Crypto/ECC.js index bdfd9be..74eb02f 100644 --- a/frontend/beta/js/Clipperz/Crypto/ECC.js +++ b/frontend/beta/js/Clipperz/Crypto/ECC.js @@ -1,406 +1,404 @@ /* -Copyright 2008-2011 Clipperz Srl +Copyright 2008-2013 Clipperz Srl -This file is part of Clipperz Community Edition. -Clipperz Community Edition is an online password manager. +This file is part of Clipperz, the online password manager. For further information about its features and functionalities please refer to http://www.clipperz.com. -* Clipperz Community Edition is free software: you can redistribute - it and/or modify it under the terms of the GNU Affero General Public - License as published by the Free Software Foundation, either version - 3 of the License, or (at your option) any later version. +* Clipperz is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. -* Clipperz Community Edition is distributed in the hope that it will - be useful, but WITHOUT ANY WARRANTY; without even the implied - warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +* Clipperz is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. * You should have received a copy of the GNU Affero General Public - License along with Clipperz Community Edition. If not, see - <http://www.gnu.org/licenses/>. + License along with Clipperz. If not, see http://www.gnu.org/licenses/. */ /* try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) { throw "Clipperz.Crypto.ECC depends on Clipperz.ByteArray!"; } if (typeof(Clipperz.Crypto.ECC) == 'undefined') { Clipperz.Crypto.ECC = {}; } //############################################################################# Clipperz.Crypto.ECC.BinaryField = {}; //############################################################################# Clipperz.Crypto.ECC.BinaryField.AbstractValue = function(aValue, aBase) { return this; } Clipperz.Crypto.ECC.BinaryField.AbstractValue.prototype = MochiKit.Base.update(null, { 'asString': function(aBase) { throw Clipperz.Base.exception.AbstractMethod; }, 'isZero': function() { throw Clipperz.Base.exception.AbstractMethod; }, 'shiftLeft': function(aNumberOfBitsToShift) { throw Clipperz.Base.exception.AbstractMethod; }, 'bitSize': function() { throw Clipperz.Base.exception.AbstractMethod; }, 'isBitSet': function(aBitPosition) { throw Clipperz.Base.exception.AbstractMethod; }, 'xor': function(aValue) { throw Clipperz.Base.exception.AbstractMethod; }, 'compare': function(aValue) { throw Clipperz.Base.exception.AbstractMethod; }, //----------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); //***************************************************************************** / * Clipperz.Crypto.ECC.BinaryField.BigIntValue = function(aValue, aBase) { this._value = new Clipperz.Crypto.BigInt(aValue, aBase); return this; } Clipperz.Crypto.ECC.BinaryField.BigIntValue.prototype = MochiKit.Base.update(new Clipperz.Crypto.ECC.BinaryField.AbstractValue(), { 'value': function() { return this._value; }, //----------------------------------------------------------------------------- 'isZero': function() { return (this.value().compare(Clipperz.Crypto.ECC.BinaryField.BigIntValue.O) == 0); }, //----------------------------------------------------------------------------- 'asString': function(aBase) { return this.value().asString(aBase); }, //----------------------------------------------------------------------------- 'shiftLeft': function(aNumberOfBitsToShift) { return new Clipperz.Crypto.ECC.BinaryField.BigIntValue(this.value().shiftLeft(aNumberOfBitsToShift)); }, //----------------------------------------------------------------------------- 'bitSize': function() { return this.value().bitSize(); }, //----------------------------------------------------------------------------- 'isBitSet': function(aBitPosition) { return this.value().isBitSet(aBitPosition); }, //----------------------------------------------------------------------------- 'xor': function(aValue) { return new Clipperz.Crypto.ECC.BinaryField.BigIntValue(this.value().xor(aValue.value())); }, //----------------------------------------------------------------------------- 'compare': function(aValue) { return this.value().compare(aValue.value()); }, //----------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); Clipperz.Crypto.ECC.BinaryField.BigIntValue.O = new Clipperz.Crypto.BigInt(0); Clipperz.Crypto.ECC.BinaryField.BigIntValue.I = new Clipperz.Crypto.BigInt(1); * / //***************************************************************************** Clipperz.Crypto.ECC.BinaryField.WordArrayValue = function(aValue, aBase) { if (aValue.constructor == String) { var value; var stringLength; var numberOfWords; var i,c; if (aBase != 16) { throw Clipperz.Crypto.ECC.BinaryField.WordArrayValue.exception.UnsupportedBase; } value = aValue.replace(/ /g, ''); stringLength = value.length; numberOfWords = Math.ceil(stringLength / 8); this._value = new Array(numberOfWords); c = numberOfWords; for (i=0; i<c; i++) { var word; if (i < (c-1)) { word = parseInt(value.substr(stringLength-((i+1)*8), 8), 16); } else { word = parseInt(value.substr(0, stringLength-(i*8)), 16); } this._value[i] = word; } } else if (aValue.constructor == Array) { var itemsToCopy; itemsToCopy = aValue.length; while (aValue[itemsToCopy - 1] == 0) { itemsToCopy --; } this._value = aValue.slice(0, itemsToCopy); } else if (aValue.constructor == Number) { this._value = [aValue]; } else { // throw Clipperz.Crypto.ECC.BinaryField.WordArrayValue.exception.UnsupportedConstructorValueType; } return this; } Clipperz.Crypto.ECC.BinaryField.WordArrayValue.prototype = MochiKit.Base.update(new Clipperz.Crypto.ECC.BinaryField.AbstractValue(), { 'value': function() { return this._value; }, //----------------------------------------------------------------------------- 'wordSize': function() { return this._value.length }, //----------------------------------------------------------------------------- 'clone': function() { return new Clipperz.Crypto.ECC.BinaryField.WordArrayValue(this._value.slice(0)); }, //----------------------------------------------------------------------------- 'isZero': function() { return (this.compare(Clipperz.Crypto.ECC.BinaryField.WordArrayValue.O) == 0); }, //----------------------------------------------------------------------------- 'asString': function(aBase) { var result; var i,c; if (aBase != 16) { throw Clipperz.Crypto.ECC.BinaryField.WordArrayValue.exception.UnsupportedBase; } result = ""; c = this.wordSize(); for (i=0; i<c; i++) { var wordAsString; // wordAsString = ("00000000" + this.value()[i].toString(16)); wordAsString = ("00000000" + this._value[i].toString(16)); wordAsString = wordAsString.substring(wordAsString.length - 8); result = wordAsString + result; } result = result.replace(/^(00)* SPACEs THAT SHOULD BE REMOVED TO FIX THIS REGEX /, ""); if (result == "") { result = "0"; } return result; }, //----------------------------------------------------------------------------- 'shiftLeft': function(aNumberOfBitsToShift) { return new Clipperz.Crypto.ECC.BinaryField.WordArrayValue(Clipperz.Crypto.ECC.BinaryField.WordArrayValue.shiftLeft(this._value, aNumberOfBitsToShift)); }, //----------------------------------------------------------------------------- 'bitSize': function() { return Clipperz.Crypto.ECC.BinaryField.WordArrayValue.bitSize(this._value); }, //----------------------------------------------------------------------------- 'isBitSet': function(aBitPosition) { return Clipperz.Crypto.ECC.BinaryField.WordArrayValue.isBitSet(this._value, aBitPosition); }, //----------------------------------------------------------------------------- 'xor': function(aValue) { return new Clipperz.Crypto.ECC.BinaryField.WordArrayValue(Clipperz.Crypto.ECC.BinaryField.WordArrayValue.xor(this._value, aValue._value)); }, //----------------------------------------------------------------------------- 'compare': function(aValue) { return Clipperz.Crypto.ECC.BinaryField.WordArrayValue.compare(this._value, aValue._value); }, //----------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); Clipperz.Crypto.ECC.BinaryField.WordArrayValue.O = new Clipperz.Crypto.ECC.BinaryField.WordArrayValue('0', 16); Clipperz.Crypto.ECC.BinaryField.WordArrayValue.I = new Clipperz.Crypto.ECC.BinaryField.WordArrayValue('1', 16); Clipperz.Crypto.ECC.BinaryField.WordArrayValue.xor = function(a, b) { var result; var resultSize; var i,c; resultSize = Math.max(a.length, b.length); result = new Array(resultSize); c = resultSize; for (i=0; i<c; i++) { // resultValue[i] = (((this.value()[i] || 0) ^ (aValue.value()[i] || 0)) >>> 0); result[i] = (((a[i] || 0) ^ (b[i] || 0)) >>> 0); } return result; }; Clipperz.Crypto.ECC.BinaryField.WordArrayValue.shiftLeft = function(aWordArray, aNumberOfBitsToShift) { var numberOfWordsToShift; var numberOfBitsToShift; var result; var overflowValue; var i,c; numberOfWordsToShift = Math.floor(aNumberOfBitsToShift / 32); numberOfBitsToShift = aNumberOfBitsToShift % 32; result = new Array(aWordArray.length + numberOfWordsToShift); c = numberOfWordsToShift; for (i=0; i<c; i++) { result[i] = 0; } overflowValue = 0; nextOverflowValue = 0; c = aWordArray.length; for (i=0; i<c; i++) { var value; var resultWord; // value = this.value()[i]; value = aWordArray[i]; if (numberOfBitsToShift > 0) { var nextOverflowValue; nextOverflowValue = (value >>> (32 - numberOfBitsToShift)); value = value & (0xffffffff >>> numberOfBitsToShift); resultWord = (((value << numberOfBitsToShift) | overflowValue) >>> 0); } else { resultWord = value; } result[i+numberOfWordsToShift] = resultWord; overflowValue = nextOverflowValue; } if (overflowValue != 0) { result[aWordArray.length + numberOfWordsToShift] = overflowValue; } return result; }; Clipperz.Crypto.ECC.BinaryField.WordArrayValue.bitSize = function(aWordArray) { var result; var notNullElements; var mostValuableWord; var matchingBitsInMostImportantWord; var mask; var i,c; notNullElements = aWordArray.length; if ((aWordArray.length == 1) && (aWordArray[0] == 0)) { result = 0; } else { while((aWordArray[notNullElements - 1] == 0) && (notNullElements > 0)) { notNullElements --; } result = (notNullElements - 1) * 32; mostValuableWord = aWordArray[notNullElements - 1]; matchingBits = 32; mask = 0x80000000; while ((matchingBits > 0) && ((mostValuableWord & mask) == 0)) { matchingBits --; mask >>>= 1; } result += matchingBits; } return result; }; Clipperz.Crypto.ECC.BinaryField.WordArrayValue.isBitSet = function(aWordArray, aBitPosition) { var result; var byteIndex; var bitIndexInSelectedByte; byteIndex = Math.floor(aBitPosition / 32); bitIndexInSelectedByte = aBitPosition % 32; if (byteIndex <= aWordArray.length) { result = ((aWordArray[byteIndex] & (1 << bitIndexInSelectedByte)) != 0); } else { result = false; } return result; }; Clipperz.Crypto.ECC.BinaryField.WordArrayValue.compare = function(a,b) { var result; var i,c; result = MochiKit.Base.compare(a.length, b.length); c = a.length; for (i=0; (i<c) && (result==0); i++) { //console.log("compare[" + c + " - " + i + " - 1] " + this.value()[c-i-1] + ", " + aValue.value()[c-i-1]); // result = MochiKit.Base.compare(this.value()[c-i-1], aValue.value()[c-i-1]); result = MochiKit.Base.compare(a[c-i-1], b[c-i-1]); diff --git a/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Curve.js b/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Curve.js index 01127c3..c39a075 100644 --- a/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Curve.js +++ b/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Curve.js @@ -1,406 +1,404 @@ /* -Copyright 2008-2011 Clipperz Srl +Copyright 2008-2013 Clipperz Srl -This file is part of Clipperz Community Edition. -Clipperz Community Edition is an online password manager. +This file is part of Clipperz, the online password manager. For further information about its features and functionalities please refer to http://www.clipperz.com. -* Clipperz Community Edition is free software: you can redistribute - it and/or modify it under the terms of the GNU Affero General Public - License as published by the Free Software Foundation, either version - 3 of the License, or (at your option) any later version. +* Clipperz is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. -* Clipperz Community Edition is distributed in the hope that it will - be useful, but WITHOUT ANY WARRANTY; without even the implied - warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +* Clipperz is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. * You should have received a copy of the GNU Affero General Public - License along with Clipperz Community Edition. If not, see - <http://www.gnu.org/licenses/>. + License along with Clipperz. If not, see http://www.gnu.org/licenses/. */ try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) { throw "Clipperz.Crypto.ECC depends on Clipperz.ByteArray!"; } if (typeof(Clipperz.Crypto.ECC) == 'undefined') { Clipperz.Crypto.ECC = {}; } if (typeof(Clipperz.Crypto.ECC.BinaryField) == 'undefined') { Clipperz.Crypto.ECC.BinaryField = {}; } Clipperz.Crypto.ECC.BinaryField.Curve = function(args) { args = args || {}; this._modulus = args.modulus; this._a = args.a; this._b = args.b; this._G = args.G; this._r = args.r; this._h = args.h; this._finiteField = null; return this; } Clipperz.Crypto.ECC.BinaryField.Curve.prototype = MochiKit.Base.update(null, { 'asString': function() { return "Clipperz.Crypto.ECC.BinaryField.Curve"; }, //----------------------------------------------------------------------------- 'modulus': function() { return this._modulus; }, 'a': function() { return this._a; }, 'b': function() { return this._b; }, 'G': function() { return this._G; }, 'r': function() { return this._r; }, 'h': function() { return this._h; }, //----------------------------------------------------------------------------- 'finiteField': function() { if (this._finiteField == null) { this._finiteField = new Clipperz.Crypto.ECC.BinaryField.FiniteField({modulus:this.modulus()}) } return this._finiteField; }, //----------------------------------------------------------------------------- 'negate': function(aPointA) { var result; result = new Clipperz.Crypto.ECC.Point({x:aPointA.x(), y:this.finiteField().add(aPointA.y(), aPointA.x())}) return result; }, //----------------------------------------------------------------------------- 'add': function(aPointA, aPointB) { var result; //console.log(">>> ECC.BinaryField.Curve.add"); if (aPointA.isZero()) { //console.log("--- pointA == zero"); result = aPointB; } else if (aPointB.isZero()) { //console.log("--- pointB == zero"); result = aPointA; } else if ( (aPointA.x().compare(aPointB.x()) == 0) && ((aPointA.y().compare(aPointB.y()) != 0) || aPointB.x().isZero())) { //console.log("compare A.x - B.x: ", aPointA.x().compare(aPointB.x())); //console.log("compare A.y - B.y: ", (aPointA.y().compare(aPointB.y()) != 0)); //console.log("compare B.x.isZero(): ", aPointB.x().isZero()); //console.log("--- result = zero"); result = new Clipperz.Crypto.ECC.BinaryField.Point({x:Clipperz.Crypto.ECC.BinaryField.Value.O, y:Clipperz.Crypto.ECC.BinaryField.Value.O}); } else { //console.log("--- result = ELSE"); var f2m; var x, y; var lambda; var aX, aY, bX, bY; aX = aPointA.x()._value; aY = aPointA.y()._value; bX = aPointB.x()._value; bY = aPointB.y()._value; f2m = this.finiteField(); if (aPointA.x().compare(aPointB.x()) != 0) { //console.log(" a.x != b.x"); lambda = f2m._fastMultiply( f2m._add(aY, bY), f2m._inverse(f2m._add(aX, bX)) ); x = f2m._add(this.a()._value, f2m._square(lambda)); f2m._overwriteAdd(x, lambda); f2m._overwriteAdd(x, aX); f2m._overwriteAdd(x, bX); } else { //console.log(" a.x == b.x"); lambda = f2m._add(bX, f2m._fastMultiply(bY, f2m._inverse(bX))); //console.log(" lambda: " + lambda.asString(16)); x = f2m._add(this.a()._value, f2m._square(lambda)); //console.log(" x (step 1): " + x.asString(16)); f2m._overwriteAdd(x, lambda); //console.log(" x (step 2): " + x.asString(16)); } y = f2m._fastMultiply(f2m._add(bX, x), lambda); //console.log(" y (step 1): " + y.asString(16)); f2m._overwriteAdd(y, x); //console.log(" y (step 2): " + y.asString(16)); f2m._overwriteAdd(y, bY); //console.log(" y (step 3): " + y.asString(16)); result = new Clipperz.Crypto.ECC.BinaryField.Point({x:new Clipperz.Crypto.ECC.BinaryField.Value(x), y:new Clipperz.Crypto.ECC.BinaryField.Value(y)}) } //console.log("<<< ECC.BinaryField.Curve.add"); return result; }, //----------------------------------------------------------------------------- 'overwriteAdd': function(aPointA, aPointB) { if (aPointA.isZero()) { // result = aPointB; aPointA._x._value = aPointB._x._value; aPointA._y._value = aPointB._y._value; } else if (aPointB.isZero()) { // result = aPointA; } else if ( (aPointA.x().compare(aPointB.x()) == 0) && ((aPointA.y().compare(aPointB.y()) != 0) || aPointB.x().isZero())) { // result = new Clipperz.Crypto.ECC.BinaryField.Point({x:Clipperz.Crypto.ECC.BinaryField.Value.O, y:Clipperz.Crypto.ECC.BinaryField.Value.O}); aPointA._x = Clipperz.Crypto.ECC.BinaryField.Value.O; aPointA._y = Clipperz.Crypto.ECC.BinaryField.Value.O; } else { var f2m; var x, y; var lambda; var aX, aY, bX, bY; aX = aPointA.x()._value; aY = aPointA.y()._value; bX = aPointB.x()._value; bY = aPointB.y()._value; f2m = this.finiteField(); if (aPointA.x().compare(aPointB.x()) != 0) { //console.log(" a.x != b.x"); lambda = f2m._fastMultiply( f2m._add(aY, bY), f2m._inverse(f2m._add(aX, bX)) ); x = f2m._add(this.a()._value, f2m._square(lambda)); f2m._overwriteAdd(x, lambda); f2m._overwriteAdd(x, aX); f2m._overwriteAdd(x, bX); } else { //console.log(" a.x == b.x"); lambda = f2m._add(bX, f2m._fastMultiply(bY, f2m._inverse(bX))); //console.log(" lambda: " + lambda.asString(16)); x = f2m._add(this.a()._value, f2m._square(lambda)); //console.log(" x (step 1): " + x.asString(16)); f2m._overwriteAdd(x, lambda); //console.log(" x (step 2): " + x.asString(16)); } y = f2m._fastMultiply(f2m._add(bX, x), lambda); //console.log(" y (step 1): " + y.asString(16)); f2m._overwriteAdd(y, x); //console.log(" y (step 2): " + y.asString(16)); f2m._overwriteAdd(y, bY); //console.log(" y (step 3): " + y.asString(16)); // result = new Clipperz.Crypto.ECC.BinaryField.Point({x:new Clipperz.Crypto.ECC.BinaryField.Value(x), y:new Clipperz.Crypto.ECC.BinaryField.Value(y)}) aPointA._x._value = x; aPointA._y._value = y; } //console.log("<<< ECC.BinaryField.Curve.add"); return result; }, //----------------------------------------------------------------------------- 'multiply': function(aValue, aPoint) { var result; //console.profile(); result = new Clipperz.Crypto.ECC.BinaryField.Point({x:Clipperz.Crypto.ECC.BinaryField.Value.O, y:Clipperz.Crypto.ECC.BinaryField.Value.O}); if (aValue.isZero() == false) { var k, Q; var i; var countIndex; countIndex = 0; if (aValue.compare(Clipperz.Crypto.ECC.BinaryField.Value.O) > 0) { k = aValue; Q = aPoint; } else { MochiKit.Logging.logError("The Clipperz.Crypto.ECC.BinaryFields.Value does not work with negative values!!!!"); k = aValue.negate(); Q = this.negate(aPoint); } //console.log("k: " + k.toString(16)); //console.log("k.bitSize: " + k.bitSize()); for (i=k.bitSize()-1; i>=0; i--) { result = this.add(result, result); // this.overwriteAdd(result, result); if (k.isBitSet(i)) { result = this.add(result, Q); // this.overwriteAdd(result, Q); } // if (countIndex==100) {console.log("multiply.break"); break;} else countIndex++; } } //console.profileEnd(); return result; }, //----------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); //############################################################################# Clipperz.Crypto.ECC.StandardCurves = {}; MochiKit.Base.update(Clipperz.Crypto.ECC.StandardCurves, { /* '_K571': null, 'K571': function() { if (Clipperz.Crypto.ECC.StandardCurves._K571 == null) { Clipperz.Crypto.ECC.StandardCurves._K571 = new Clipperz.Crypto.ECC.Curve.Koblitz({ exadecimalForm: '80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425', a: new Clipperz.Crypto.BigInt(0), G: new Clipperz.Crypto.ECC.Point({ x: new Clipperz.Crypto.BigInt('26eb7a859923fbc82189631f8103fe4ac9ca2970012d5d46024804801841ca44370958493b205e647da304db4ceb08cbbd1ba39494776fb988b47174dca88c7e2945283a01c8972', 16), y: new Clipperz.Crypto.BigInt('349dc807f4fbf374f4aeade3bca95314dd58cec9f307a54ffc61efc006d8a2c9d4979c0ac44aea74fbebbb9f772aedcb620b01a7ba7af1b320430c8591984f601cd4c143ef1c7a3', 16) }), n: new Clipperz.Crypto.BigInt('1932268761508629172347675945465993672149463664853217499328617625725759571144780212268133978522706711834706712800825351461273674974066617311929682421617092503555733685276673', 16), h: new Clipperz.Crypto.BigInt(4) }); } return Clipperz.Crypto.ECC.StandardCurves._K571; }, */ //----------------------------------------------------------------------------- '_B571': null, 'B571': function() { // f(z) = z^571 + z^10 + z^5 + z^2 + 1 if (Clipperz.Crypto.ECC.StandardCurves._B571 == null) { Clipperz.Crypto.ECC.StandardCurves._B571 = new Clipperz.Crypto.ECC.BinaryField.Curve({ modulus: new Clipperz.Crypto.ECC.BinaryField.Value('80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425', 16), a: new Clipperz.Crypto.ECC.BinaryField.Value('1', 16), b: new Clipperz.Crypto.ECC.BinaryField.Value('02f40e7e2221f295de297117b7f3d62f5c6a97ffcb8ceff1cd6ba8ce4a9a18ad84ffabbd8efa59332be7ad6756a66e294afd185a78ff12aa520e4de739baca0c7ffeff7f2955727a', 16), G: new Clipperz.Crypto.ECC.BinaryField.Point({ x: new Clipperz.Crypto.ECC.BinaryField.Value('0303001d 34b85629 6c16c0d4 0d3cd775 0a93d1d2 955fa80a a5f40fc8 db7b2abd bde53950 f4c0d293 cdd711a3 5b67fb14 99ae6003 8614f139 4abfa3b4 c850d927 e1e7769c 8eec2d19', 16), y: new Clipperz.Crypto.ECC.BinaryField.Value('037bf273 42da639b 6dccfffe b73d69d7 8c6c27a6 009cbbca 1980f853 3921e8a6 84423e43 bab08a57 6291af8f 461bb2a8 b3531d2f 0485c19b 16e2f151 6e23dd3c 1a4827af 1b8ac15b', 16) }), r: new Clipperz.Crypto.ECC.BinaryField.Value('03ffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff e661ce18 ff559873 08059b18 6823851e c7dd9ca1 161de93d 5174d66e 8382e9bb 2fe84e47', 16), h: new Clipperz.Crypto.ECC.BinaryField.Value('2', 16) // S: new Clipperz.Crypto.ECC.BinaryField.Value('2aa058f73a0e33ab486b0f610410c53a7f132310', 10), // n: new Clipperz.Crypto.ECC.BinaryField.Value('03ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe661ce18ff55987308059b186823851ec7dd9ca1161de93d5174d66e8382e9bb2fe84e47', 16), }); //----------------------------------------------------------------------------- // // Guide to Elliptic Curve Cryptography // Darrel Hankerson, Alfred Menezes, Scott Vanstone // - Pag: 56, Alorithm 2.45 (with a typo!!!) // //----------------------------------------------------------------------------- // // http://www.milw0rm.com/papers/136 // // ------------------------------------------------------------------------- // Polynomial Reduction Algorithm Modulo f571 // ------------------------------------------------------------------------- // // Input: Polynomial p(x) of degree 1140 or less, stored as // an array of 2T machinewords. // Output: p(x) mod f571(x) // // FOR i = T-1, ..., 0 DO // SET X := P[i+T] // P[i] := P[i] ^ (X<<5) ^ (X<<7) ^ (X<<10) ^ (X<<15) // P[i+1] := P[i+1] ^ (X>>17) ^ (X>>22) ^ (X>>25) ^ (X>>27) // // SET X := P[T-1] >> 27 // P[0] := P[0] ^ X ^ (X<<2) ^ (X<<5) ^ (X<<10) // P[T-1] := P[T-1] & 0x07ffffff // // RETURN P[T-1],...,P[0] // // ------------------------------------------------------------------------- // Clipperz.Crypto.ECC.StandardCurves._B571.finiteField().slowModule = Clipperz.Crypto.ECC.StandardCurves._B571.finiteField().module; Clipperz.Crypto.ECC.StandardCurves._B571.finiteField().module = function(aValue) { var result; if (aValue.bitSize() > 1140) { MochiKit.Logging.logWarning("ECC.StandarCurves.B571.finiteField().module: falling back to default implementation"); result = Clipperz.Crypto.ECC.StandardCurves._B571.finiteField().slowModule(aValue); } else { var C, T; var i; //console.log(">>> binaryField.finiteField.(improved)module"); // C = aValue.value().slice(0); C = aValue._value.slice(0); for (i=35; i>=18; i--) { T = C[i]; C[i-18] = (((C[i-18] ^ (T<<5) ^ (T<<7) ^ (T<<10) ^ (T<<15)) & 0xffffffff) >>> 0); C[i-17] = ((C[i-17] ^ (T>>>27) ^ (T>>>25) ^ (T>>>22) ^ (T>>>17)) >>> 0); } T = (C[17] >>> 27); C[0] = ((C[0] ^ T ^ ((T<<2) ^ (T<<5) ^ (T<<10)) & 0xffffffff) >>> 0); C[17] = (C[17] & 0x07ffffff); for(i=18; i<=35; i++) { C[i] = 0; } result = new Clipperz.Crypto.ECC.BinaryField.Value(C); //console.log("<<< binaryField.finiteField.(improved)module"); } return result; }; } return Clipperz.Crypto.ECC.StandardCurves._B571; }, //----------------------------------------------------------------------------- '_B283': null, 'B283': function() { // f(z) = z^283 + z^12 + z^7 + z^5 + 1 if (Clipperz.Crypto.ECC.StandardCurves._B283 == null) { Clipperz.Crypto.ECC.StandardCurves._B283 = new Clipperz.Crypto.ECC.BinaryField.Curve({ // modulus: new Clipperz.Crypto.ECC.BinaryField.Value('10000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 000010a1', 16), modulus: new Clipperz.Crypto.ECC.BinaryField.Value('08000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 000010a1', 16), a: new Clipperz.Crypto.ECC.BinaryField.Value('1', 16), b: new Clipperz.Crypto.ECC.BinaryField.Value('027b680a c8b8596d a5a4af8a 19a0303f ca97fd76 45309fa2 a581485a f6263e31 3b79a2f5', 16), G: new Clipperz.Crypto.ECC.BinaryField.Point({ x: new Clipperz.Crypto.ECC.BinaryField.Value('05f93925 8db7dd90 e1934f8c 70b0dfec 2eed25b8 557eac9c 80e2e198 f8cdbecd 86b12053', 16), y: new Clipperz.Crypto.ECC.BinaryField.Value('03676854 fe24141c b98fe6d4 b20d02b4 516ff702 350eddb0 826779c8 13f0df45 be8112f4', 16) }), r: new Clipperz.Crypto.ECC.BinaryField.Value('03ffffff ffffffff ffffffff ffffffff ffffef90 399660fc 938a9016 5b042a7c efadb307', 16), h: new Clipperz.Crypto.ECC.BinaryField.Value('2', 16) // S: new Clipperz.Crypto.ECC.BinaryField.Value('2aa058f73a0e33ab486b0f610410c53a7f132310', 10), // n: new Clipperz.Crypto.ECC.BinaryField.Value('03ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe661ce18ff55987308059b186823851ec7dd9ca1161de93d5174d66e8382e9bb2fe84e47', 16), diff --git a/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/FiniteField.js b/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/FiniteField.js index 650b479..de1e6a8 100644 --- a/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/FiniteField.js +++ b/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/FiniteField.js @@ -1,406 +1,404 @@ /* -Copyright 2008-2011 Clipperz Srl +Copyright 2008-2013 Clipperz Srl -This file is part of Clipperz Community Edition. -Clipperz Community Edition is an online password manager. +This file is part of Clipperz, the online password manager. For further information about its features and functionalities please refer to http://www.clipperz.com. -* Clipperz Community Edition is free software: you can redistribute - it and/or modify it under the terms of the GNU Affero General Public - License as published by the Free Software Foundation, either version - 3 of the License, or (at your option) any later version. +* Clipperz is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. -* Clipperz Community Edition is distributed in the hope that it will - be useful, but WITHOUT ANY WARRANTY; without even the implied - warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +* Clipperz is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. * You should have received a copy of the GNU Affero General Public - License along with Clipperz Community Edition. If not, see - <http://www.gnu.org/licenses/>. + License along with Clipperz. If not, see http://www.gnu.org/licenses/. */ try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) { throw "Clipperz.Crypto.ECC depends on Clipperz.ByteArray!"; } if (typeof(Clipperz.Crypto.ECC) == 'undefined') { Clipperz.Crypto.ECC = {}; } if (typeof(Clipperz.Crypto.ECC.BinaryField) == 'undefined') { Clipperz.Crypto.ECC.BinaryField = {}; } Clipperz.Crypto.ECC.BinaryField.FiniteField = function(args) { args = args || {}; this._modulus = args.modulus; return this; } Clipperz.Crypto.ECC.BinaryField.FiniteField.prototype = MochiKit.Base.update(null, { 'asString': function() { return "Clipperz.Crypto.ECC.BinaryField.FiniteField (" + this.modulus().asString() + ")"; }, //----------------------------------------------------------------------------- 'modulus': function() { return this._modulus; }, //----------------------------------------------------------------------------- '_module': function(aValue) { var result; var modulusComparison; //console.log(">>> binaryField.finiteField.(standard)module"); modulusComparison = Clipperz.Crypto.ECC.BinaryField.Value._compare(aValue, this.modulus()._value); if (modulusComparison < 0) { result = aValue; } else if (modulusComparison == 0) { result = [0]; } else { var modulusBitSize; var resultBitSize; result = aValue; modulusBitSize = this.modulus().bitSize(); resultBitSize = Clipperz.Crypto.ECC.BinaryField.Value._bitSize(result); while (resultBitSize >= modulusBitSize) { Clipperz.Crypto.ECC.BinaryField.Value._overwriteXor(result, Clipperz.Crypto.ECC.BinaryField.Value._shiftLeft(this.modulus()._value, resultBitSize - modulusBitSize)); resultBitSize = Clipperz.Crypto.ECC.BinaryField.Value._bitSize(result); } } //console.log("<<< binaryField.finiteField.(standard)module"); return result; }, 'module': function(aValue) { return new Clipperz.Crypto.ECC.BinaryField.Value(this._module(aValue._value.slice(0))); }, //----------------------------------------------------------------------------- '_add': function(a, b) { return Clipperz.Crypto.ECC.BinaryField.Value._xor(a, b); }, '_overwriteAdd': function(a, b) { Clipperz.Crypto.ECC.BinaryField.Value._overwriteXor(a, b); }, 'add': function(a, b) { return new Clipperz.Crypto.ECC.BinaryField.Value(this._add(a._value, b._value)); }, //----------------------------------------------------------------------------- 'negate': function(aValue) { return aValue.clone(); }, //----------------------------------------------------------------------------- '_multiply': function(a, b) { var result; var valueToXor; var i,c; result = [0]; valueToXor = b; c = Clipperz.Crypto.ECC.BinaryField.Value._bitSize(a); for (i=0; i<c; i++) { if (Clipperz.Crypto.ECC.BinaryField.Value._isBitSet(a, i) === true) { Clipperz.Crypto.ECC.BinaryField.Value._overwriteXor(result, valueToXor); } valueToXor = Clipperz.Crypto.ECC.BinaryField.Value._overwriteShiftLeft(valueToXor, 1); } result = this._module(result); return result; }, 'multiply': function(a, b) { return new Clipperz.Crypto.ECC.BinaryField.Value(this._multiply(a._value, b._value)); }, //----------------------------------------------------------------------------- '_fastMultiply': function(a, b) { var result; var B; var i,c; result = [0]; B = b.slice(0); // Is this array copy avoidable? c = 32; for (i=0; i<c; i++) { var ii, cc; cc = a.length; for (ii=0; ii<cc; ii++) { if (((a[ii] >>> i) & 0x01) == 1) { Clipperz.Crypto.ECC.BinaryField.Value._overwriteXor(result, B, ii); } } if (i < (c-1)) { B = Clipperz.Crypto.ECC.BinaryField.Value._overwriteShiftLeft(B, 1); } } result = this._module(result); return result; }, 'fastMultiply': function(a, b) { return new Clipperz.Crypto.ECC.BinaryField.Value(this._fastMultiply(a._value, b._value)); }, //----------------------------------------------------------------------------- // // Guide to Elliptic Curve Cryptography // Darrel Hankerson, Alfred Menezes, Scott Vanstone // - Pag: 49, Alorithm 2.34 // //----------------------------------------------------------------------------- '_square': function(aValue) { var result; var value; var c,i; var precomputedValues; value = aValue; result = new Array(value.length * 2); precomputedValues = Clipperz.Crypto.ECC.BinaryField.FiniteField.squarePrecomputedBytes; c = value.length; for (i=0; i<c; i++) { result[i*2] = precomputedValues[(value[i] & 0x000000ff)]; result[i*2] |= ((precomputedValues[(value[i] & 0x0000ff00) >>> 8]) << 16); result[i*2 + 1] = precomputedValues[(value[i] & 0x00ff0000) >>> 16]; result[i*2 + 1] |= ((precomputedValues[(value[i] & 0xff000000) >>> 24]) << 16); } return this._module(result); }, 'square': function(aValue) { return new Clipperz.Crypto.ECC.BinaryField.Value(this._square(aValue._value)); }, //----------------------------------------------------------------------------- '_inverse': function(aValue) { var result; var b, c; var u, v; // b = Clipperz.Crypto.ECC.BinaryField.Value.I._value; b = [1]; // c = Clipperz.Crypto.ECC.BinaryField.Value.O._value; c = [0]; u = this._module(aValue); v = this.modulus()._value.slice(0); while (Clipperz.Crypto.ECC.BinaryField.Value._bitSize(u) > 1) { var bitDifferenceSize; bitDifferenceSize = Clipperz.Crypto.ECC.BinaryField.Value._bitSize(u) - Clipperz.Crypto.ECC.BinaryField.Value._bitSize(v); if (bitDifferenceSize < 0) { var swap; swap = u; u = v; v = swap; swap = c; c = b; b = swap; bitDifferenceSize = -bitDifferenceSize; } u = this._add(u, Clipperz.Crypto.ECC.BinaryField.Value._shiftLeft(v, bitDifferenceSize)); b = this._add(b, Clipperz.Crypto.ECC.BinaryField.Value._shiftLeft(c, bitDifferenceSize)); // this._overwriteAdd(u, Clipperz.Crypto.ECC.BinaryField.Value._shiftLeft(v, bitDifferenceSize)); // this._overwriteAdd(b, Clipperz.Crypto.ECC.BinaryField.Value._shiftLeft(c, bitDifferenceSize)); } result = this._module(b); return result; }, 'inverse': function(aValue) { return new Clipperz.Crypto.ECC.BinaryField.Value(this._inverse(aValue._value)); }, //----------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); Clipperz.Crypto.ECC.BinaryField.FiniteField.squarePrecomputedBytes = [ 0x0000, // 0 = 0000 0000 -> 0000 0000 0000 0000 0x0001, // 1 = 0000 0001 -> 0000 0000 0000 0001 0x0004, // 2 = 0000 0010 -> 0000 0000 0000 0100 0x0005, // 3 = 0000 0011 -> 0000 0000 0000 0101 0x0010, // 4 = 0000 0100 -> 0000 0000 0001 0000 0x0011, // 5 = 0000 0101 -> 0000 0000 0001 0001 0x0014, // 6 = 0000 0110 -> 0000 0000 0001 0100 0x0015, // 7 = 0000 0111 -> 0000 0000 0001 0101 0x0040, // 8 = 0000 1000 -> 0000 0000 0100 0000 0x0041, // 9 = 0000 1001 -> 0000 0000 0100 0001 0x0044, // 10 = 0000 1010 -> 0000 0000 0100 0100 0x0045, // 11 = 0000 1011 -> 0000 0000 0100 0101 0x0050, // 12 = 0000 1100 -> 0000 0000 0101 0000 0x0051, // 13 = 0000 1101 -> 0000 0000 0101 0001 0x0054, // 14 = 0000 1110 -> 0000 0000 0101 0100 0x0055, // 15 = 0000 1111 -> 0000 0000 0101 0101 0x0100, // 16 = 0001 0000 -> 0000 0001 0000 0000 0x0101, // 17 = 0001 0001 -> 0000 0001 0000 0001 0x0104, // 18 = 0001 0010 -> 0000 0001 0000 0100 0x0105, // 19 = 0001 0011 -> 0000 0001 0000 0101 0x0110, // 20 = 0001 0100 -> 0000 0001 0001 0000 0x0111, // 21 = 0001 0101 -> 0000 0001 0001 0001 0x0114, // 22 = 0001 0110 -> 0000 0001 0001 0100 0x0115, // 23 = 0001 0111 -> 0000 0001 0001 0101 0x0140, // 24 = 0001 1000 -> 0000 0001 0100 0000 0x0141, // 25 = 0001 1001 -> 0000 0001 0100 0001 0x0144, // 26 = 0001 1010 -> 0000 0001 0100 0100 0x0145, // 27 = 0001 1011 -> 0000 0001 0100 0101 0x0150, // 28 = 0001 1100 -> 0000 0001 0101 0000 0x0151, // 28 = 0001 1101 -> 0000 0001 0101 0001 0x0154, // 30 = 0001 1110 -> 0000 0001 0101 0100 0x0155, // 31 = 0001 1111 -> 0000 0001 0101 0101 0x0400, // 32 = 0010 0000 -> 0000 0100 0000 0000 0x0401, // 33 = 0010 0001 -> 0000 0100 0000 0001 0x0404, // 34 = 0010 0010 -> 0000 0100 0000 0100 0x0405, // 35 = 0010 0011 -> 0000 0100 0000 0101 0x0410, // 36 = 0010 0100 -> 0000 0100 0001 0000 0x0411, // 37 = 0010 0101 -> 0000 0100 0001 0001 0x0414, // 38 = 0010 0110 -> 0000 0100 0001 0100 0x0415, // 39 = 0010 0111 -> 0000 0100 0001 0101 0x0440, // 40 = 0010 1000 -> 0000 0100 0100 0000 0x0441, // 41 = 0010 1001 -> 0000 0100 0100 0001 0x0444, // 42 = 0010 1010 -> 0000 0100 0100 0100 0x0445, // 43 = 0010 1011 -> 0000 0100 0100 0101 0x0450, // 44 = 0010 1100 -> 0000 0100 0101 0000 0x0451, // 45 = 0010 1101 -> 0000 0100 0101 0001 0x0454, // 46 = 0010 1110 -> 0000 0100 0101 0100 0x0455, // 47 = 0010 1111 -> 0000 0100 0101 0101 0x0500, // 48 = 0011 0000 -> 0000 0101 0000 0000 0x0501, // 49 = 0011 0001 -> 0000 0101 0000 0001 0x0504, // 50 = 0011 0010 -> 0000 0101 0000 0100 0x0505, // 51 = 0011 0011 -> 0000 0101 0000 0101 0x0510, // 52 = 0011 0100 -> 0000 0101 0001 0000 0x0511, // 53 = 0011 0101 -> 0000 0101 0001 0001 0x0514, // 54 = 0011 0110 -> 0000 0101 0001 0100 0x0515, // 55 = 0011 0111 -> 0000 0101 0001 0101 0x0540, // 56 = 0011 1000 -> 0000 0101 0100 0000 0x0541, // 57 = 0011 1001 -> 0000 0101 0100 0001 0x0544, // 58 = 0011 1010 -> 0000 0101 0100 0100 0x0545, // 59 = 0011 1011 -> 0000 0101 0100 0101 0x0550, // 60 = 0011 1100 -> 0000 0101 0101 0000 0x0551, // 61 = 0011 1101 -> 0000 0101 0101 0001 0x0554, // 62 = 0011 1110 -> 0000 0101 0101 0100 0x0555, // 63 = 0011 1111 -> 0000 0101 0101 0101 0x1000, // 64 = 0100 0000 -> 0001 0000 0000 0000 0x1001, // 65 = 0100 0001 -> 0001 0000 0000 0001 0x1004, // 66 = 0100 0010 -> 0001 0000 0000 0100 0x1005, // 67 = 0100 0011 -> 0001 0000 0000 0101 0x1010, // 68 = 0100 0100 -> 0001 0000 0001 0000 0x1011, // 69 = 0100 0101 -> 0001 0000 0001 0001 0x1014, // 70 = 0100 0110 -> 0001 0000 0001 0100 0x1015, // 71 = 0100 0111 -> 0001 0000 0001 0101 0x1040, // 72 = 0100 1000 -> 0001 0000 0100 0000 0x1041, // 73 = 0100 1001 -> 0001 0000 0100 0001 0x1044, // 74 = 0100 1010 -> 0001 0000 0100 0100 0x1045, // 75 = 0100 1011 -> 0001 0000 0100 0101 0x1050, // 76 = 0100 1100 -> 0001 0000 0101 0000 0x1051, // 77 = 0100 1101 -> 0001 0000 0101 0001 0x1054, // 78 = 0100 1110 -> 0001 0000 0101 0100 0x1055, // 79 = 0100 1111 -> 0001 0000 0101 0101 0x1100, // 80 = 0101 0000 -> 0001 0001 0000 0000 0x1101, // 81 = 0101 0001 -> 0001 0001 0000 0001 0x1104, // 82 = 0101 0010 -> 0001 0001 0000 0100 0x1105, // 83 = 0101 0011 -> 0001 0001 0000 0101 0x1110, // 84 = 0101 0100 -> 0001 0001 0001 0000 0x1111, // 85 = 0101 0101 -> 0001 0001 0001 0001 0x1114, // 86 = 0101 0110 -> 0001 0001 0001 0100 0x1115, // 87 = 0101 0111 -> 0001 0001 0001 0101 0x1140, // 88 = 0101 1000 -> 0001 0001 0100 0000 0x1141, // 89 = 0101 1001 -> 0001 0001 0100 0001 0x1144, // 90 = 0101 1010 -> 0001 0001 0100 0100 0x1145, // 91 = 0101 1011 -> 0001 0001 0100 0101 0x1150, // 92 = 0101 1100 -> 0001 0001 0101 0000 0x1151, // 93 = 0101 1101 -> 0001 0001 0101 0001 0x1154, // 94 = 0101 1110 -> 0001 0001 0101 0100 0x1155, // 95 = 0101 1111 -> 0001 0001 0101 0101 0x1400, // 96 = 0110 0000 -> 0001 0100 0000 0000 0x1401, // 97 = 0110 0001 -> 0001 0100 0000 0001 0x1404, // 98 = 0110 0010 -> 0001 0100 0000 0100 0x1405, // 99 = 0110 0011 -> 0001 0100 0000 0101 0x1410, // 100 = 0110 0100 -> 0001 0100 0001 0000 0x1411, // 101 = 0110 0101 -> 0001 0100 0001 0001 0x1414, // 102 = 0110 0110 -> 0001 0100 0001 0100 0x1415, // 103 = 0110 0111 -> 0001 0100 0001 0101 0x1440, // 104 = 0110 1000 -> 0001 0100 0100 0000 0x1441, // 105 = 0110 1001 -> 0001 0100 0100 0001 0x1444, // 106 = 0110 1010 -> 0001 0100 0100 0100 0x1445, // 107 = 0110 1011 -> 0001 0100 0100 0101 0x1450, // 108 = 0110 1100 -> 0001 0100 0101 0000 0x1451, // 109 = 0110 1101 -> 0001 0100 0101 0001 0x1454, // 110 = 0110 1110 -> 0001 0100 0101 0100 0x1455, // 111 = 0110 1111 -> 0001 0100 0101 0101 0x1500, // 112 = 0111 0000 -> 0001 0101 0000 0000 0x1501, // 113 = 0111 0001 -> 0001 0101 0000 0001 0x1504, // 114 = 0111 0010 -> 0001 0101 0000 0100 0x1505, // 115 = 0111 0011 -> 0001 0101 0000 0101 0x1510, // 116 = 0111 0100 -> 0001 0101 0001 0000 0x1511, // 117 = 0111 0101 -> 0001 0101 0001 0001 0x1514, // 118 = 0111 0110 -> 0001 0101 0001 0100 0x1515, // 119 = 0111 0111 -> 0001 0101 0001 0101 0x1540, // 120 = 0111 1000 -> 0001 0101 0100 0000 0x1541, // 121 = 0111 1001 -> 0001 0101 0100 0001 0x1544, // 122 = 0111 1010 -> 0001 0101 0100 0100 0x1545, // 123 = 0111 1011 -> 0001 0101 0100 0101 0x1550, // 124 = 0111 1100 -> 0001 0101 0101 0000 0x1551, // 125 = 0111 1101 -> 0001 0101 0101 0001 0x1554, // 126 = 0111 1110 -> 0001 0101 0101 0100 0x1555, // 127 = 0111 1111 -> 0001 0101 0101 0101 0x4000, // 128 = 1000 0000 -> 0100 0000 0000 0000 0x4001, // 129 = 1000 0001 -> 0100 0000 0000 0001 0x4004, // 130 = 1000 0010 -> 0100 0000 0000 0100 0x4005, // 131 = 1000 0011 -> 0100 0000 0000 0101 0x4010, // 132 = 1000 0100 -> 0100 0000 0001 0000 0x4011, // 133 = 1000 0101 -> 0100 0000 0001 0001 0x4014, // 134 = 1000 0110 -> 0100 0000 0001 0100 0x4015, // 135 = 1000 0111 -> 0100 0000 0001 0101 0x4040, // 136 = 1000 1000 -> 0100 0000 0100 0000 0x4041, // 137 = 1000 1001 -> 0100 0000 0100 0001 0x4044, // 138 = 1000 1010 -> 0100 0000 0100 0100 0x4045, // 139 = 1000 1011 -> 0100 0000 0100 0101 0x4050, // 140 = 1000 1100 -> 0100 0000 0101 0000 0x4051, // 141 = 1000 1101 -> 0100 0000 0101 0001 0x4054, // 142 = 1000 1110 -> 0100 0000 0101 0100 0x4055, // 143 = 1000 1111 -> 0100 0000 0101 0101 0x4100, // 144 = 1001 0000 -> 0100 0001 0000 0000 0x4101, // 145 = 1001 0001 -> 0100 0001 0000 0001 0x4104, // 146 = 1001 0010 -> 0100 0001 0000 0100 diff --git a/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Point.js b/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Point.js index 6661839..c5db6c6 100644 --- a/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Point.js +++ b/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Point.js @@ -1,64 +1,62 @@ /* -Copyright 2008-2011 Clipperz Srl +Copyright 2008-2013 Clipperz Srl -This file is part of Clipperz Community Edition. -Clipperz Community Edition is an online password manager. +This file is part of Clipperz, the online password manager. For further information about its features and functionalities please refer to http://www.clipperz.com. -* Clipperz Community Edition is free software: you can redistribute - it and/or modify it under the terms of the GNU Affero General Public - License as published by the Free Software Foundation, either version - 3 of the License, or (at your option) any later version. +* Clipperz is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. -* Clipperz Community Edition is distributed in the hope that it will - be useful, but WITHOUT ANY WARRANTY; without even the implied - warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +* Clipperz is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. * You should have received a copy of the GNU Affero General Public - License along with Clipperz Community Edition. If not, see - <http://www.gnu.org/licenses/>. + License along with Clipperz. If not, see http://www.gnu.org/licenses/. */ try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) { throw "Clipperz.Crypto.ECC depends on Clipperz.ByteArray!"; } if (typeof(Clipperz.Crypto.ECC) == 'undefined') { Clipperz.Crypto.ECC = {}; } if (typeof(Clipperz.Crypto.ECC.BinaryField) == 'undefined') { Clipperz.Crypto.ECC.BinaryField = {}; } Clipperz.Crypto.ECC.BinaryField.Point = function(args) { args = args || {}; this._x = args.x; this._y = args.y; return this; } Clipperz.Crypto.ECC.BinaryField.Point.prototype = MochiKit.Base.update(null, { 'asString': function() { return "Clipperz.Crypto.ECC.BinaryField.Point (" + this.x() + ", " + this.y() + ")"; }, //----------------------------------------------------------------------------- 'x': function() { return this._x; }, 'y': function() { return this._y; }, //----------------------------------------------------------------------------- 'isZero': function() { return (this.x().isZero() && this.y().isZero()) }, //----------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); diff --git a/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Value.js b/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Value.js index b5beafa..278c299 100644 --- a/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Value.js +++ b/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Value.js @@ -1,374 +1,372 @@ /* -Copyright 2008-2011 Clipperz Srl +Copyright 2008-2013 Clipperz Srl -This file is part of Clipperz Community Edition. -Clipperz Community Edition is an online password manager. +This file is part of Clipperz, the online password manager. For further information about its features and functionalities please refer to http://www.clipperz.com. -* Clipperz Community Edition is free software: you can redistribute - it and/or modify it under the terms of the GNU Affero General Public - License as published by the Free Software Foundation, either version - 3 of the License, or (at your option) any later version. +* Clipperz is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. -* Clipperz Community Edition is distributed in the hope that it will - be useful, but WITHOUT ANY WARRANTY; without even the implied - warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +* Clipperz is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. * You should have received a copy of the GNU Affero General Public - License along with Clipperz Community Edition. If not, see - <http://www.gnu.org/licenses/>. + License along with Clipperz. If not, see http://www.gnu.org/licenses/. */ try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) { throw "Clipperz.Crypto.ECC depends on Clipperz.ByteArray!"; } if (typeof(Clipperz.Crypto.ECC) == 'undefined') { Clipperz.Crypto.ECC = {}; } if (typeof(Clipperz.Crypto.ECC.BinaryField) == 'undefined') { Clipperz.Crypto.ECC.BinaryField = {}; } Clipperz.Crypto.ECC.BinaryField.Value = function(aValue, aBase) { if (aValue.constructor == String) { var value; var stringLength; var numberOfWords; var i,c; if (aBase != 16) { throw Clipperz.Crypto.ECC.BinaryField.Value.exception.UnsupportedBase; } value = aValue.replace(/ /g, ''); stringLength = value.length; numberOfWords = Math.ceil(stringLength / 8); this._value = new Array(numberOfWords); c = numberOfWords; for (i=0; i<c; i++) { var word; if (i < (c-1)) { word = parseInt(value.substr(stringLength-((i+1)*8), 8), 16); } else { word = parseInt(value.substr(0, stringLength-(i*8)), 16); } this._value[i] = word; } } else if (aValue.constructor == Array) { var itemsToCopy; itemsToCopy = aValue.length; while (aValue[itemsToCopy - 1] == 0) { itemsToCopy --; } this._value = aValue.slice(0, itemsToCopy); } else if (aValue.constructor == Number) { this._value = [aValue]; } else { // throw Clipperz.Crypto.ECC.BinaryField.Value.exception.UnsupportedConstructorValueType; } return this; } Clipperz.Crypto.ECC.BinaryField.Value.prototype = MochiKit.Base.update(null, { 'value': function() { return this._value; }, //----------------------------------------------------------------------------- 'wordSize': function() { return this._value.length }, //----------------------------------------------------------------------------- 'clone': function() { return new Clipperz.Crypto.ECC.BinaryField.Value(this._value.slice(0)); }, //----------------------------------------------------------------------------- 'isZero': function() { return (this.compare(Clipperz.Crypto.ECC.BinaryField.Value.O) == 0); }, //----------------------------------------------------------------------------- 'asString': function(aBase) { var result; var i,c; if (aBase != 16) { throw Clipperz.Crypto.ECC.BinaryField.Value.exception.UnsupportedBase; } result = ""; c = this.wordSize(); for (i=0; i<c; i++) { var wordAsString; // wordAsString = ("00000000" + this.value()[i].toString(16)); wordAsString = ("00000000" + this._value[i].toString(16)); wordAsString = wordAsString.substring(wordAsString.length - 8); result = wordAsString + result; } result = result.replace(/^(00)*/, ""); if (result == "") { result = "0"; } return result; }, //----------------------------------------------------------------------------- 'shiftLeft': function(aNumberOfBitsToShift) { return new Clipperz.Crypto.ECC.BinaryField.Value(Clipperz.Crypto.ECC.BinaryField.Value._shiftLeft(this._value, aNumberOfBitsToShift)); }, //----------------------------------------------------------------------------- 'bitSize': function() { return Clipperz.Crypto.ECC.BinaryField.Value._bitSize(this._value); }, //----------------------------------------------------------------------------- 'isBitSet': function(aBitPosition) { return Clipperz.Crypto.ECC.BinaryField.Value._isBitSet(this._value, aBitPosition); }, //----------------------------------------------------------------------------- 'xor': function(aValue) { return new Clipperz.Crypto.ECC.BinaryField.Value(Clipperz.Crypto.ECC.BinaryField.Value._xor(this._value, aValue._value)); }, //----------------------------------------------------------------------------- 'compare': function(aValue) { return Clipperz.Crypto.ECC.BinaryField.Value._compare(this._value, aValue._value); }, //----------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); Clipperz.Crypto.ECC.BinaryField.Value.O = new Clipperz.Crypto.ECC.BinaryField.Value('0', 16); Clipperz.Crypto.ECC.BinaryField.Value.I = new Clipperz.Crypto.ECC.BinaryField.Value('1', 16); Clipperz.Crypto.ECC.BinaryField.Value._xor = function(a, b, aFirstItemOffset) { var result; var resultSize; var i,c; var firstItemOffset; firstItemOffset = aFirstItemOffset || 0; resultSize = Math.max((a.length - firstItemOffset), b.length) + firstItemOffset; result = new Array(resultSize); c = firstItemOffset; for (i=0; i<c; i++) { result[i] = a[i]; } c = resultSize; for (i=firstItemOffset; i<c; i++) { result[i] = (((a[i] || 0) ^ (b[i - firstItemOffset] || 0)) >>> 0); } return result; }; Clipperz.Crypto.ECC.BinaryField.Value._overwriteXor = function(a, b, aFirstItemOffset) { var i,c; var firstItemOffset; firstItemOffset = aFirstItemOffset || 0; c = Math.max((a.length - firstItemOffset), b.length) + firstItemOffset; for (i=firstItemOffset; i<c; i++) { a[i] = (((a[i] || 0) ^ (b[i - firstItemOffset] || 0)) >>> 0); } }; Clipperz.Crypto.ECC.BinaryField.Value._shiftLeft = function(aWordArray, aNumberOfBitsToShift) { var numberOfWordsToShift; var numberOfBitsToShift; var result; var overflowValue; var i,c; numberOfWordsToShift = Math.floor(aNumberOfBitsToShift / 32); numberOfBitsToShift = aNumberOfBitsToShift % 32; result = new Array(aWordArray.length + numberOfWordsToShift); c = numberOfWordsToShift; for (i=0; i<c; i++) { result[i] = 0; } overflowValue = 0; nextOverflowValue = 0; c = aWordArray.length; for (i=0; i<c; i++) { var value; var resultWord; // value = this.value()[i]; value = aWordArray[i]; if (numberOfBitsToShift > 0) { var nextOverflowValue; nextOverflowValue = (value >>> (32 - numberOfBitsToShift)); value = value & (0xffffffff >>> numberOfBitsToShift); resultWord = (((value << numberOfBitsToShift) | overflowValue) >>> 0); } else { resultWord = value; } result[i+numberOfWordsToShift] = resultWord; overflowValue = nextOverflowValue; } if (overflowValue != 0) { result[aWordArray.length + numberOfWordsToShift] = overflowValue; } return result; }; Clipperz.Crypto.ECC.BinaryField.Value._overwriteShiftLeft = function(aWordArray, aNumberOfBitsToShift) { var numberOfWordsToShift; var numberOfBitsToShift; var result; var overflowValue; var i,c; numberOfWordsToShift = Math.floor(aNumberOfBitsToShift / 32); numberOfBitsToShift = aNumberOfBitsToShift % 32; result = new Array(aWordArray.length + numberOfWordsToShift); c = numberOfWordsToShift; for (i=0; i<c; i++) { result[i] = 0; } overflowValue = 0; nextOverflowValue = 0; c = aWordArray.length; for (i=0; i<c; i++) { var value; var resultWord; // value = this.value()[i]; value = aWordArray[i]; if (numberOfBitsToShift > 0) { var nextOverflowValue; nextOverflowValue = (value >>> (32 - numberOfBitsToShift)); value = value & (0xffffffff >>> numberOfBitsToShift); resultWord = (((value << numberOfBitsToShift) | overflowValue) >>> 0); } else { resultWord = value; } result[i+numberOfWordsToShift] = resultWord; overflowValue = nextOverflowValue; } if (overflowValue != 0) { result[aWordArray.length + numberOfWordsToShift] = overflowValue; } return result; }; Clipperz.Crypto.ECC.BinaryField.Value._bitSize = function(aWordArray) { var result; var notNullElements; var mostValuableWord; var matchingBitsInMostImportantWord; var mask; var i,c; notNullElements = aWordArray.length; if ((aWordArray.length == 1) && (aWordArray[0] == 0)) { result = 0; } else { while((aWordArray[notNullElements - 1] == 0) && (notNullElements > 0)) { notNullElements --; } result = (notNullElements - 1) * 32; mostValuableWord = aWordArray[notNullElements - 1]; matchingBits = 32; mask = 0x80000000; while ((matchingBits > 0) && ((mostValuableWord & mask) == 0)) { matchingBits --; mask >>>= 1; } result += matchingBits; } return result; }; Clipperz.Crypto.ECC.BinaryField.Value._isBitSet = function(aWordArray, aBitPosition) { var result; var byteIndex; var bitIndexInSelectedByte; byteIndex = Math.floor(aBitPosition / 32); bitIndexInSelectedByte = aBitPosition % 32; if (byteIndex <= aWordArray.length) { result = ((aWordArray[byteIndex] & (1 << bitIndexInSelectedByte)) != 0); } else { result = false; } return result; }; Clipperz.Crypto.ECC.BinaryField.Value._compare = function(a,b) { var result; var i,c; result = MochiKit.Base.compare(a.length, b.length); c = a.length; for (i=0; (i<c) && (result==0); i++) { //console.log("compare[" + c + " - " + i + " - 1] " + this.value()[c-i-1] + ", " + aValue.value()[c-i-1]); // result = MochiKit.Base.compare(this.value()[c-i-1], aValue.value()[c-i-1]); result = MochiKit.Base.compare(a[c-i-1], b[c-i-1]); } return result; }; Clipperz.Crypto.ECC.BinaryField.Value['exception']= { 'UnsupportedBase': new MochiKit.Base.NamedError("Clipperz.Crypto.ECC.BinaryField.Value.exception.UnsupportedBase"), 'UnsupportedConstructorValueType': new MochiKit.Base.NamedError("Clipperz.Crypto.ECC.BinaryField.Value.exception.UnsupportedConstructorValueType") }; diff --git a/frontend/beta/js/Clipperz/Crypto/PRNG.js b/frontend/beta/js/Clipperz/Crypto/PRNG.js index 39d0045..b5c3f8a 100644 --- a/frontend/beta/js/Clipperz/Crypto/PRNG.js +++ b/frontend/beta/js/Clipperz/Crypto/PRNG.js @@ -1,406 +1,404 @@ /* -Copyright 2008-2011 Clipperz Srl +Copyright 2008-2013 Clipperz Srl -This file is part of Clipperz Community Edition. -Clipperz Community Edition is an online password manager. +This file is part of Clipperz, the online password manager. For further information about its features and functionalities please refer to http://www.clipperz.com. -* Clipperz Community Edition is free software: you can redistribute - it and/or modify it under the terms of the GNU Affero General Public - License as published by the Free Software Foundation, either version - 3 of the License, or (at your option) any later version. +* Clipperz is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. -* Clipperz Community Edition is distributed in the hope that it will - be useful, but WITHOUT ANY WARRANTY; without even the implied - warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +* Clipperz is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. * You should have received a copy of the GNU Affero General Public - License along with Clipperz Community Edition. If not, see - <http://www.gnu.org/licenses/>. + License along with Clipperz. If not, see http://www.gnu.org/licenses/. */ try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) { throw "Clipperz.Crypto.PRNG depends on Clipperz.ByteArray!"; } try { if (typeof(Clipperz.Crypto.SHA) == 'undefined') { throw ""; }} catch (e) { throw "Clipperz.Crypto.PRNG depends on Clipperz.Crypto.SHA!"; } try { if (typeof(Clipperz.Crypto.AES) == 'undefined') { throw ""; }} catch (e) { throw "Clipperz.Crypto.PRNG depends on Clipperz.Crypto.AES!"; } if (typeof(Clipperz.Crypto.PRNG) == 'undefined') { Clipperz.Crypto.PRNG = {}; } //############################################################################# Clipperz.Crypto.PRNG.EntropyAccumulator = function(args) { args = args || {}; // MochiKit.Base.bindMethods(this); this._stack = new Clipperz.ByteArray(); this._maxStackLengthBeforeHashing = args.maxStackLengthBeforeHashing || 256; return this; } Clipperz.Crypto.PRNG.EntropyAccumulator.prototype = MochiKit.Base.update(null, { 'toString': function() { return "Clipperz.Crypto.PRNG.EntropyAccumulator"; }, //------------------------------------------------------------------------- 'stack': function() { return this._stack; }, 'setStack': function(aValue) { this._stack = aValue; }, 'resetStack': function() { this.stack().reset(); }, 'maxStackLengthBeforeHashing': function() { return this._maxStackLengthBeforeHashing; }, //------------------------------------------------------------------------- 'addRandomByte': function(aValue) { this.stack().appendByte(aValue); if (this.stack().length() > this.maxStackLengthBeforeHashing()) { this.setStack(Clipperz.Crypto.SHA.sha_d256(this.stack())); } }, //------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); //############################################################################# Clipperz.Crypto.PRNG.RandomnessSource = function(args) { args = args || {}; MochiKit.Base.bindMethods(this); this._generator = args.generator || null; this._sourceId = args.sourceId || null; this._boostMode = args.boostMode || false; this._nextPoolIndex = 0; return this; } Clipperz.Crypto.PRNG.RandomnessSource.prototype = MochiKit.Base.update(null, { 'generator': function() { return this._generator; }, 'setGenerator': function(aValue) { this._generator = aValue; }, //------------------------------------------------------------------------- 'boostMode': function() { return this._boostMode; }, 'setBoostMode': function(aValue) { this._boostMode = aValue; }, //------------------------------------------------------------------------- 'sourceId': function() { return this._sourceId; }, 'setSourceId': function(aValue) { this._sourceId = aValue; }, //------------------------------------------------------------------------- 'nextPoolIndex': function() { return this._nextPoolIndex; }, 'incrementNextPoolIndex': function() { this._nextPoolIndex = ((this._nextPoolIndex + 1) % this.generator().numberOfEntropyAccumulators()); }, //------------------------------------------------------------------------- 'updateGeneratorWithValue': function(aRandomValue) { if (this.generator() != null) { this.generator().addRandomByte(this.sourceId(), this.nextPoolIndex(), aRandomValue); this.incrementNextPoolIndex(); } }, //------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); //############################################################################# Clipperz.Crypto.PRNG.TimeRandomnessSource = function(args) { args = args || {}; // MochiKit.Base.bindMethods(this); this._intervalTime = args.intervalTime || 1000; Clipperz.Crypto.PRNG.RandomnessSource.call(this, args); this.collectEntropy(); return this; } Clipperz.Crypto.PRNG.TimeRandomnessSource.prototype = MochiKit.Base.update(new Clipperz.Crypto.PRNG.RandomnessSource, { 'intervalTime': function() { return this._intervalTime; }, //------------------------------------------------------------------------- 'collectEntropy': function() { var now; var entropyByte; var intervalTime; now = new Date(); entropyByte = (now.getTime() & 0xff); intervalTime = this.intervalTime(); if (this.boostMode() == true) { intervalTime = intervalTime / 9; } this.updateGeneratorWithValue(entropyByte); setTimeout(this.collectEntropy, intervalTime); }, //------------------------------------------------------------------------- 'numberOfRandomBits': function() { return 5; }, //------------------------------------------------------------------------- 'pollingFrequency': function() { return 10; }, //------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); //***************************************************************************** Clipperz.Crypto.PRNG.MouseRandomnessSource = function(args) { args = args || {}; Clipperz.Crypto.PRNG.RandomnessSource.call(this, args); this._numberOfBitsToCollectAtEachEvent = 4; this._randomBitsCollector = 0; this._numberOfRandomBitsCollected = 0; MochiKit.Signal.connect(document, 'onmousemove', this, 'collectEntropy'); return this; } Clipperz.Crypto.PRNG.MouseRandomnessSource.prototype = MochiKit.Base.update(new Clipperz.Crypto.PRNG.RandomnessSource, { //------------------------------------------------------------------------- 'numberOfBitsToCollectAtEachEvent': function() { return this._numberOfBitsToCollectAtEachEvent; }, //------------------------------------------------------------------------- 'randomBitsCollector': function() { return this._randomBitsCollector; }, 'setRandomBitsCollector': function(aValue) { this._randomBitsCollector = aValue; }, 'appendRandomBitsToRandomBitsCollector': function(aValue) { var collectedBits; var numberOfRandomBitsCollected; numberOfRandomBitsCollected = this.numberOfRandomBitsCollected(); collectetBits = this.randomBitsCollector() | (aValue << numberOfRandomBitsCollected); this.setRandomBitsCollector(collectetBits); numberOfRandomBitsCollected += this.numberOfBitsToCollectAtEachEvent(); if (numberOfRandomBitsCollected == 8) { this.updateGeneratorWithValue(collectetBits); numberOfRandomBitsCollected = 0; this.setRandomBitsCollector(0); } this.setNumberOfRandomBitsCollected(numberOfRandomBitsCollected) }, //------------------------------------------------------------------------- 'numberOfRandomBitsCollected': function() { return this._numberOfRandomBitsCollected; }, 'setNumberOfRandomBitsCollected': function(aValue) { this._numberOfRandomBitsCollected = aValue; }, //------------------------------------------------------------------------- 'collectEntropy': function(anEvent) { var mouseLocation; var randomBit; var mask; mask = 0xffffffff >>> (32 - this.numberOfBitsToCollectAtEachEvent()); mouseLocation = anEvent.mouse().client; randomBit = ((mouseLocation.x ^ mouseLocation.y) & mask); this.appendRandomBitsToRandomBitsCollector(randomBit) }, //------------------------------------------------------------------------- 'numberOfRandomBits': function() { return 1; }, //------------------------------------------------------------------------- 'pollingFrequency': function() { return 10; }, //------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); //***************************************************************************** Clipperz.Crypto.PRNG.KeyboardRandomnessSource = function(args) { args = args || {}; Clipperz.Crypto.PRNG.RandomnessSource.call(this, args); this._randomBitsCollector = 0; this._numberOfRandomBitsCollected = 0; MochiKit.Signal.connect(document, 'onkeypress', this, 'collectEntropy'); return this; } Clipperz.Crypto.PRNG.KeyboardRandomnessSource.prototype = MochiKit.Base.update(new Clipperz.Crypto.PRNG.RandomnessSource, { //------------------------------------------------------------------------- 'randomBitsCollector': function() { return this._randomBitsCollector; }, 'setRandomBitsCollector': function(aValue) { this._randomBitsCollector = aValue; }, 'appendRandomBitToRandomBitsCollector': function(aValue) { var collectedBits; var numberOfRandomBitsCollected; numberOfRandomBitsCollected = this.numberOfRandomBitsCollected(); collectetBits = this.randomBitsCollector() | (aValue << numberOfRandomBitsCollected); this.setRandomBitsCollector(collectetBits); numberOfRandomBitsCollected ++; if (numberOfRandomBitsCollected == 8) { this.updateGeneratorWithValue(collectetBits); numberOfRandomBitsCollected = 0; this.setRandomBitsCollector(0); } this.setNumberOfRandomBitsCollected(numberOfRandomBitsCollected) }, //------------------------------------------------------------------------- 'numberOfRandomBitsCollected': function() { return this._numberOfRandomBitsCollected; }, 'setNumberOfRandomBitsCollected': function(aValue) { this._numberOfRandomBitsCollected = aValue; }, //------------------------------------------------------------------------- 'collectEntropy': function(anEvent) { /* var mouseLocation; var randomBit; mouseLocation = anEvent.mouse().client; randomBit = ((mouseLocation.x ^ mouseLocation.y) & 0x1); this.appendRandomBitToRandomBitsCollector(randomBit); */ }, //------------------------------------------------------------------------- 'numberOfRandomBits': function() { return 1; }, //------------------------------------------------------------------------- 'pollingFrequency': function() { return 10; }, //------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); //############################################################################# Clipperz.Crypto.PRNG.Fortuna = function(args) { var i,c; args = args || {}; this._key = args.seed || null; if (this._key == null) { this._counter = 0; this._key = new Clipperz.ByteArray(); } else { this._counter = 1; } this._aesKey = null; this._firstPoolReseedLevel = args.firstPoolReseedLevel || 32 || 64; this._numberOfEntropyAccumulators = args.numberOfEntropyAccumulators || 32; diff --git a/frontend/beta/js/Clipperz/Crypto/RSA.js b/frontend/beta/js/Clipperz/Crypto/RSA.js index 6844dba..5a480f1 100644 --- a/frontend/beta/js/Clipperz/Crypto/RSA.js +++ b/frontend/beta/js/Clipperz/Crypto/RSA.js @@ -1,148 +1,146 @@ /* -Copyright 2008-2011 Clipperz Srl +Copyright 2008-2013 Clipperz Srl -This file is part of Clipperz Community Edition. -Clipperz Community Edition is an online password manager. +This file is part of Clipperz, the online password manager. For further information about its features and functionalities please refer to http://www.clipperz.com. -* Clipperz Community Edition is free software: you can redistribute - it and/or modify it under the terms of the GNU Affero General Public - License as published by the Free Software Foundation, either version - 3 of the License, or (at your option) any later version. +* Clipperz is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. -* Clipperz Community Edition is distributed in the hope that it will - be useful, but WITHOUT ANY WARRANTY; without even the implied - warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +* Clipperz is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. * You should have received a copy of the GNU Affero General Public - License along with Clipperz Community Edition. If not, see - <http://www.gnu.org/licenses/>. + License along with Clipperz. If not, see http://www.gnu.org/licenses/. */ try { if (typeof(Clipperz.Crypto.BigInt) == 'undefined') { throw ""; }} catch (e) { throw "Clipperz.Crypto.RSA depends on Clipperz.Crypto.BigInt!"; } if (typeof(Clipperz.Crypto.RSA) == 'undefined') { Clipperz.Crypto.RSA = {}; } Clipperz.Crypto.RSA.VERSION = "0.1"; Clipperz.Crypto.RSA.NAME = "Clipperz.RSA"; //############################################################################# MochiKit.Base.update(Clipperz.Crypto.RSA, { //------------------------------------------------------------------------- 'publicKeyWithValues': function (e, d, n) { var result; result = {}; if (e.isBigInt) { result.e = e; } else { result.e = new Clipperz.Crypto.BigInt(e, 16); } if (d.isBigInt) { result.d = d; } else { result.d = new Clipperz.Crypto.BigInt(d, 16); } if (n.isBigInt) { result.n = n; } else { result.n = new Clipperz.Crypto.BigInt(n, 16); } return result; }, 'privateKeyWithValues': function(e, d, n) { return Clipperz.Crypto.RSA.publicKeyWithValues(e, d, n); }, //----------------------------------------------------------------------------- 'encryptUsingPublicKey': function (aKey, aMessage) { var messageValue; var result; messageValue = new Clipperz.Crypto.BigInt(aMessage, 16); result = messageValue.powerModule(aKey.e, aKey.n); return result.asString(16); }, //............................................................................. 'decryptUsingPublicKey': function (aKey, aMessage) { return Clipperz.Crypto.RSA.encryptUsingPublicKey(aKey, aMessage); }, //----------------------------------------------------------------------------- 'encryptUsingPrivateKey': function (aKey, aMessage) { var messageValue; var result; messageValue = new Clipperz.Crypto.BigInt(aMessage, 16); result = messageValue.powerModule(aKey.d, aKey.n); return result.asString(16); }, //............................................................................. 'decryptUsingPrivateKey': function (aKey, aMessage) { return Clipperz.Crypto.RSA.encryptUsingPrivateKey(aKey, aMessage); }, //----------------------------------------------------------------------------- 'generatePublicKey': function(aNumberOfBits) { var result; var e; var d; var n; e = new Clipperz.Crypto.BigInt("10001", 16); { var p, q; var phi; do { p = Clipperz.Crypto.BigInt.randomPrime(aNumberOfBits); } while (p.module(e).equals(1)); do { q = Clipperz.Crypto.BigInt.randomPrime(aNumberOfBits); } while ((q.equals(p)) || (q.module(e).equals(1))); n = p.multiply(q); phi = (p.subtract(1).multiply(q.subtract(1))); d = e.powerModule(-1, phi); } result = Clipperz.Crypto.RSA.publicKeyWithValues(e, d, n); return result; }, //------------------------------------------------------------------------- __syntaxFix__: "syntax fix" //------------------------------------------------------------------------- }); //############################################################################# diff --git a/frontend/beta/js/Clipperz/Crypto/SHA.js b/frontend/beta/js/Clipperz/Crypto/SHA.js index 635eb90..9605d1c 100644 --- a/frontend/beta/js/Clipperz/Crypto/SHA.js +++ b/frontend/beta/js/Clipperz/Crypto/SHA.js @@ -1,293 +1,291 @@ /* -Copyright 2008-2011 Clipperz Srl +Copyright 2008-2013 Clipperz Srl -This file is part of Clipperz Community Edition. -Clipperz Community Edition is an online password manager. +This file is part of Clipperz, the online password manager. For further information about its features and functionalities please refer to http://www.clipperz.com. -* Clipperz Community Edition is free software: you can redistribute - it and/or modify it under the terms of the GNU Affero General Public - License as published by the Free Software Foundation, either version - 3 of the License, or (at your option) any later version. +* Clipperz is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. -* Clipperz Community Edition is distributed in the hope that it will - be useful, but WITHOUT ANY WARRANTY; without even the implied - warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +* Clipperz is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. * You should have received a copy of the GNU Affero General Public - License along with Clipperz Community Edition. If not, see - <http://www.gnu.org/licenses/>. + License along with Clipperz. If not, see http://www.gnu.org/licenses/. */ try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) { throw "Clipperz.Crypto.PRNG depends on Clipperz.ByteArray!"; } if (typeof(Clipperz.Crypto) == 'undefined') { Clipperz.Crypto = {}; } if (typeof(Clipperz.Crypto.SHA) == 'undefined') { Clipperz.Crypto.SHA = {}; } Clipperz.Crypto.SHA.VERSION = "0.3"; Clipperz.Crypto.SHA.NAME = "Clipperz.Crypto.SHA"; MochiKit.Base.update(Clipperz.Crypto.SHA, { '__repr__': function () { return "[" + this.NAME + " " + this.VERSION + "]"; }, 'toString': function () { return this.__repr__(); }, //----------------------------------------------------------------------------- 'rotateRight': function(aValue, aNumberOfBits) { //Clipperz.Profile.start("Clipperz.Crypto.SHA.rotateRight"); var result; result = (aValue >>> aNumberOfBits) | (aValue << (32 - aNumberOfBits)); //Clipperz.Profile.stop("Clipperz.Crypto.SHA.rotateRight"); return result; }, 'shiftRight': function(aValue, aNumberOfBits) { //Clipperz.Profile.start("Clipperz.Crypto.SHA.shiftRight"); var result; result = aValue >>> aNumberOfBits; //Clipperz.Profile.stop("Clipperz.Crypto.SHA.shiftRight"); return result; }, //----------------------------------------------------------------------------- 'safeAdd': function() { //Clipperz.Profile.start("Clipperz.Crypto.SHA.safeAdd"); var result; var i, c; result = arguments[0]; c = arguments.length; for (i=1; i<c; i++) { var lowerBytesSum; lowerBytesSum = (result & 0xffff) + (arguments[i] & 0xffff); result = (((result >> 16) + (arguments[i] >> 16) + (lowerBytesSum >> 16)) << 16) | (lowerBytesSum & 0xffff); } //Clipperz.Profile.stop("Clipperz.Crypto.SHA.safeAdd"); return result; }, //----------------------------------------------------------------------------- 'sha256_array': function(aValue) { //Clipperz.Profile.start("Clipperz.Crypto.SHA.sha256_array"); var result; var message; var h0, h1, h2, h3, h4, h5, h6, h7; var k; var messageLength; var messageLengthInBits; var _i, _c; var charBits; var rotateRight; var shiftRight; var safeAdd; var bytesPerBlock; var currentMessageIndex; bytesPerBlock = 512/8; rotateRight = Clipperz.Crypto.SHA.rotateRight; shiftRight = Clipperz.Crypto.SHA.shiftRight; safeAdd = Clipperz.Crypto.SHA.safeAdd; charBits = 8; h0 = 0x6a09e667; h1 = 0xbb67ae85; h2 = 0x3c6ef372; h3 = 0xa54ff53a; h4 = 0x510e527f; h5 = 0x9b05688c; h6 = 0x1f83d9ab; h7 = 0x5be0cd19; k = [ 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2]; message = aValue; messageLength = message.length; //Pre-processing: message.push(0x80); // append a single "1" bit to message _c = (512 - (((messageLength + 1) * charBits) % 512) - 64) / charBits; for (_i=0; _i<_c; _i++) { message.push(0x00); // append "0" bits until message length ≡ 448 ≡ -64 (mod 512) } messageLengthInBits = messageLength * charBits; message.push(0x00); // the 4 most high byte are alway 0 as message length is represented with a 32bit value; message.push(0x00); message.push(0x00); message.push(0x00); message.push((messageLengthInBits >> 24) & 0xff); message.push((messageLengthInBits >> 16) & 0xff); message.push((messageLengthInBits >> 8) & 0xff); message.push( messageLengthInBits & 0xff); currentMessageIndex = 0; while(currentMessageIndex < message.length) { var w; var a, b, c, d, e, f, g, h; w = Array(64); _c = 16; for (_i=0; _i<_c; _i++) { var _j; _j = currentMessageIndex + _i*4; w[_i] = (message[_j] << 24) | (message[_j + 1] << 16) | (message[_j + 2] << 8) | (message[_j + 3] << 0); } _c = 64; for (_i=16; _i<_c; _i++) { var s0, s1; s0 = (rotateRight(w[_i-15], 7)) ^ (rotateRight(w[_i-15], 18)) ^ (shiftRight(w[_i-15], 3)); s1 = (rotateRight(w[_i-2], 17)) ^ (rotateRight(w[_i-2], 19)) ^ (shiftRight(w[_i-2], 10)); w[_i] = safeAdd(w[_i-16], s0, w[_i-7], s1); } a=h0; b=h1; c=h2; d=h3; e=h4; f=h5; g=h6; h=h7; _c = 64; for (_i=0; _i<_c; _i++) { var s0, s1, ch, maj, t1, t2; s0 = (rotateRight(a, 2)) ^ (rotateRight(a, 13)) ^ (rotateRight(a, 22)); maj = (a & b) ^ (a & c) ^ (b & c); t2 = safeAdd(s0, maj); s1 = (rotateRight(e, 6)) ^ (rotateRight(e, 11)) ^ (rotateRight(e, 25)); ch = (e & f) ^ ((~e) & g); t1 = safeAdd(h, s1, ch, k[_i], w[_i]); h = g; g = f; f = e; e = safeAdd(d, t1); d = c; c = b; b = a; a = safeAdd(t1, t2); } h0 = safeAdd(h0, a); h1 = safeAdd(h1, b); h2 = safeAdd(h2, c); h3 = safeAdd(h3, d); h4 = safeAdd(h4, e); h5 = safeAdd(h5, f); h6 = safeAdd(h6, g); h7 = safeAdd(h7, h); currentMessageIndex += bytesPerBlock; } result = new Array(256/8); result[0] = (h0 >> 24) & 0xff; result[1] = (h0 >> 16) & 0xff; result[2] = (h0 >> 8) & 0xff; result[3] = h0 & 0xff; result[4] = (h1 >> 24) & 0xff; result[5] = (h1 >> 16) & 0xff; result[6] = (h1 >> 8) & 0xff; result[7] = h1 & 0xff; result[8] = (h2 >> 24) & 0xff; result[9] = (h2 >> 16) & 0xff; result[10] = (h2 >> 8) & 0xff; result[11] = h2 & 0xff; result[12] = (h3 >> 24) & 0xff; result[13] = (h3 >> 16) & 0xff; result[14] = (h3 >> 8) & 0xff; result[15] = h3 & 0xff; result[16] = (h4 >> 24) & 0xff; result[17] = (h4 >> 16) & 0xff; result[18] = (h4 >> 8) & 0xff; result[19] = h4 & 0xff; result[20] = (h5 >> 24) & 0xff; result[21] = (h5 >> 16) & 0xff; result[22] = (h5 >> 8) & 0xff; result[23] = h5 & 0xff; result[24] = (h6 >> 24) & 0xff; result[25] = (h6 >> 16) & 0xff; result[26] = (h6 >> 8) & 0xff; result[27] = h6 & 0xff; result[28] = (h7 >> 24) & 0xff; result[29] = (h7 >> 16) & 0xff; result[30] = (h7 >> 8) & 0xff; result[31] = h7 & 0xff; //Clipperz.Profile.stop("Clipperz.Crypto.SHA.sha256_array"); return result; }, //----------------------------------------------------------------------------- 'sha256': function(aValue) { //Clipperz.Profile.start("Clipperz.Crypto.SHA.sha256"); var result; var resultArray; var valueArray; valueArray = aValue.arrayValues(); resultArray = Clipperz.Crypto.SHA.sha256_array(valueArray); result = new Clipperz.ByteArray(resultArray); //Clipperz.Profile.stop("Clipperz.Crypto.SHA.sha256"); return result; }, //----------------------------------------------------------------------------- 'sha_d256': function(aValue) { //Clipperz.Profile.start("Clipperz.Crypto.SHA.sha_d256"); var result; var resultArray; var valueArray; valueArray = aValue.arrayValues(); resultArray = Clipperz.Crypto.SHA.sha256_array(valueArray); resultArray = Clipperz.Crypto.SHA.sha256_array(resultArray); result = new Clipperz.ByteArray(resultArray); //Clipperz.Profile.stop("Clipperz.Crypto.SHA.sha256"); return result; }, //----------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); diff --git a/frontend/beta/js/Clipperz/Crypto/SRP.js b/frontend/beta/js/Clipperz/Crypto/SRP.js index 3b25275..8cc80ba 100644 --- a/frontend/beta/js/Clipperz/Crypto/SRP.js +++ b/frontend/beta/js/Clipperz/Crypto/SRP.js @@ -1,328 +1,326 @@ /* -Copyright 2008-2011 Clipperz Srl +Copyright 2008-2013 Clipperz Srl -This file is part of Clipperz Community Edition. -Clipperz Community Edition is an online password manager. +This file is part of Clipperz, the online password manager. For further information about its features and functionalities please refer to http://www.clipperz.com. -* Clipperz Community Edition is free software: you can redistribute - it and/or modify it under the terms of the GNU Affero General Public - License as published by the Free Software Foundation, either version - 3 of the License, or (at your option) any later version. +* Clipperz is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. -* Clipperz Community Edition is distributed in the hope that it will - be useful, but WITHOUT ANY WARRANTY; without even the implied - warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +* Clipperz is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. * You should have received a copy of the GNU Affero General Public - License along with Clipperz Community Edition. If not, see - <http://www.gnu.org/licenses/>. + License along with Clipperz. If not, see http://www.gnu.org/licenses/. */ try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) { throw "Clipperz.Crypto.PRNG depends on Clipperz.ByteArray!"; } try { if (typeof(Clipperz.Crypto.BigInt) == 'undefined') { throw ""; }} catch (e) { throw "Clipperz.Crypto.SRP depends on Clipperz.Crypto.BigInt!"; } try { if (typeof(Clipperz.Crypto.PRNG) == 'undefined') { throw ""; }} catch (e) { throw "Clipperz.Crypto.SRP depends on Clipperz.Crypto.PRNG!"; } if (typeof(Clipperz.Crypto.SRP) == 'undefined') { Clipperz.Crypto.SRP = {}; } Clipperz.Crypto.SRP.VERSION = "0.1"; Clipperz.Crypto.SRP.NAME = "Clipperz.Crypto.SRP"; //############################################################################# MochiKit.Base.update(Clipperz.Crypto.SRP, { '_n': null, '_g': null, //------------------------------------------------------------------------- 'n': function() { if (Clipperz.Crypto.SRP._n == null) { Clipperz.Crypto.SRP._n = new Clipperz.Crypto.BigInt("115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3", 16); } return Clipperz.Crypto.SRP._n; }, //------------------------------------------------------------------------- 'g': function() { if (Clipperz.Crypto.SRP._g == null) { Clipperz.Crypto.SRP._g = new Clipperz.Crypto.BigInt(2); // eventually 5 (as suggested on the Diffi-Helmann documentation) } return Clipperz.Crypto.SRP._g; }, //----------------------------------------------------------------------------- 'exception': { 'InvalidValue': new MochiKit.Base.NamedError("Clipperz.Crypto.SRP.exception.InvalidValue") }, //------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); //############################################################################# // // S R P C o n n e c t i o n version 1.0 // //============================================================================= Clipperz.Crypto.SRP.Connection = function (args) { args = args || {}; this._C = args.C; this._P = args.P; this.hash = args.hash; this._a = null; this._A = null; this._s = null; this._B = null; this._x = null; this._u = null; this._K = null; this._M1 = null; this._M2 = null; this._sessionKey = null; return this; } Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { 'toString': function () { return "Clipperz.Crypto.SRP.Connection (username: " + this.username() + "). Status: " + this.statusDescription(); }, //------------------------------------------------------------------------- 'C': function () { return this._C; }, //------------------------------------------------------------------------- 'P': function () { return this._P; }, //------------------------------------------------------------------------- 'a': function () { if (this._a == null) { this._a = new Clipperz.Crypto.BigInt(Clipperz.Crypto.PRNG.defaultRandomGenerator().getRandomBytes(32).toHexString().substring(2), 16); // this._a = new Clipperz.Crypto.BigInt("37532428169486597638072888476611365392249575518156687476805936694442691012367", 10); //MochiKit.Logging.logDebug("SRP a: " + this._a); } return this._a; }, //------------------------------------------------------------------------- 'A': function () { if (this._A == null) { // Warning: this value should be strictly greater than zero: how should we perform this check? this._A = Clipperz.Crypto.SRP.g().powerModule(this.a(), Clipperz.Crypto.SRP.n()); if (this._A.equals(0)) { MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'A' to 0."); throw Clipperz.Crypto.SRP.exception.InvalidValue; } //MochiKit.Logging.logDebug("SRP A: " + this._A); } return this._A; }, //------------------------------------------------------------------------- 's': function () { return this._s; //MochiKit.Logging.logDebug("SRP s: " + this._S); }, 'set_s': function(aValue) { this._s = aValue; }, //------------------------------------------------------------------------- 'B': function () { return this._B; }, 'set_B': function(aValue) { // Warning: this value should be strictly greater than zero: how should we perform this check? if (! aValue.equals(0)) { this._B = aValue; //MochiKit.Logging.logDebug("SRP B: " + this._B); } else { MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to 0."); throw Clipperz.Crypto.SRP.exception.InvalidValue; } }, //------------------------------------------------------------------------- 'x': function () { if (this._x == null) { this._x = new Clipperz.Crypto.BigInt(this.stringHash(this.s().asString(16, 64) + this.P()), 16); //MochiKit.Logging.logDebug("SRP x: " + this._x); } return this._x; }, //------------------------------------------------------------------------- 'u': function () { if (this._u == null) { this._u = new Clipperz.Crypto.BigInt(this.stringHash(this.B().asString()), 16); //MochiKit.Logging.logDebug("SRP u: " + this._u); } return this._u; }, //------------------------------------------------------------------------- 'S': function () { if (this._S == null) { var bigint; var srp; bigint = Clipperz.Crypto.BigInt; srp = Clipperz.Crypto.SRP; this._S = bigint.powerModule( bigint.subtract(this.B(), bigint.powerModule(srp.g(), this.x(), srp.n())), bigint.add(this.a(), bigint.multiply(this.u(), this.x())), srp.n() ) //MochiKit.Logging.logDebug("SRP S: " + this._S); } return this._S; }, //------------------------------------------------------------------------- 'K': function () { if (this._K == null) { this._K = this.stringHash(this.S().asString()); //MochiKit.Logging.logDebug("SRP K: " + this._K); } return this._K; }, //------------------------------------------------------------------------- 'M1': function () { if (this._M1 == null) { this._M1 = this.stringHash(this.A().asString(10) + this.B().asString(10) + this.K()); //MochiKit.Logging.logDebug("SRP M1: " + this._M1); } return this._M1; }, //------------------------------------------------------------------------- 'M2': function () { if (this._M2 == null) { this._M2 = this.stringHash(this.A().asString(10) + this.M1() + this.K()); //MochiKit.Logging.logDebug("SRP M2: " + this._M2); } return this._M2; }, //========================================================================= 'serverSideCredentialsWithSalt': function(aSalt) { var result; var s, x, v; s = aSalt; x = this.stringHash(s + this.P()); v = Clipperz.Crypto.SRP.g().powerModule(new Clipperz.Crypto.BigInt(x, 16), Clipperz.Crypto.SRP.n()); result = {}; result['C'] = this.C(); result['s'] = s; result['v'] = v.asString(16); return result; }, 'serverSideCredentials': function() { var result; var s; s = Clipperz.Crypto.PRNG.defaultRandomGenerator().getRandomBytes(32).toHexString().substring(2); result = this.serverSideCredentialsWithSalt(s); return result; }, //========================================================================= /* 'computeServerSide_S': function(b) { var result; var v; var bigint; var srp; bigint = Clipperz.Crypto.BigInt; srp = Clipperz.Crypto.SRP; v = new Clipperz.Crypto.BigInt(srpConnection.serverSideCredentialsWithSalt(this.s().asString(16, 64)).v, 16); // _S = (this.A().multiply(this.v().modPow(this.u(), this.n()))).modPow(this.b(), this.n()); result = bigint.powerModule( bigint.multiply( this.A(), bigint.powerModule(v, this.u(), srp.n()) ), new Clipperz.Crypto.BigInt(b, 10), srp.n() ); return result; }, */ //========================================================================= 'stringHash': function(aValue) { var result; result = this.hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2); return result; }, //========================================================================= __syntaxFix__: "syntax fix" }); //############################################################################# |