Diffstat (limited to 'frontend/beta/js/Clipperz/Crypto') (more/less context) (ignore whitespace changes)
-rw-r--r-- | frontend/beta/js/Clipperz/Crypto/AES.js | 15 | ||||
-rw-r--r-- | frontend/beta/js/Clipperz/Crypto/Base.js | 15 | ||||
-rw-r--r-- | frontend/beta/js/Clipperz/Crypto/BigInt.js | 15 | ||||
-rw-r--r-- | frontend/beta/js/Clipperz/Crypto/BigInt_scoped.js | 15 | ||||
-rw-r--r-- | frontend/beta/js/Clipperz/Crypto/ECC.js | 15 | ||||
-rw-r--r-- | frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Curve.js | 15 | ||||
-rw-r--r-- | frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/FiniteField.js | 15 | ||||
-rw-r--r-- | frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Point.js | 15 | ||||
-rw-r--r-- | frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Value.js | 15 | ||||
-rw-r--r-- | frontend/beta/js/Clipperz/Crypto/PRNG.js | 15 | ||||
-rw-r--r-- | frontend/beta/js/Clipperz/Crypto/RSA.js | 15 | ||||
-rw-r--r-- | frontend/beta/js/Clipperz/Crypto/SHA.js | 15 | ||||
-rw-r--r-- | frontend/beta/js/Clipperz/Crypto/SRP.js | 15 |
13 files changed, 78 insertions, 117 deletions
diff --git a/frontend/beta/js/Clipperz/Crypto/AES.js b/frontend/beta/js/Clipperz/Crypto/AES.js index a60df5c..7ddda3e 100644 --- a/frontend/beta/js/Clipperz/Crypto/AES.js +++ b/frontend/beta/js/Clipperz/Crypto/AES.js | |||
@@ -1,408 +1,405 @@ | |||
1 | /* | 1 | /* |
2 | 2 | ||
3 | Copyright 2008-2011 Clipperz Srl | 3 | Copyright 2008-2011 Clipperz Srl |
4 | 4 | ||
5 | This file is part of Clipperz's Javascript Crypto Library. | 5 | This file is part of Clipperz Community Edition. |
6 | Javascript Crypto Library provides web developers with an extensive | 6 | Clipperz Community Edition is an online password manager. |
7 | and efficient set of cryptographic functions. The library aims to | ||
8 | obtain maximum execution speed while preserving modularity and | ||
9 | reusability. | ||
10 | For further information about its features and functionalities please | 7 | For further information about its features and functionalities please |
11 | refer to http://www.clipperz.com | 8 | refer to http://www.clipperz.com. |
12 | 9 | ||
13 | * Javascript Crypto Library is free software: you can redistribute | 10 | * Clipperz Community Edition is free software: you can redistribute |
14 | it and/or modify it under the terms of the GNU Affero General Public | 11 | it and/or modify it under the terms of the GNU Affero General Public |
15 | License as published by the Free Software Foundation, either version | 12 | License as published by the Free Software Foundation, either version |
16 | 3 of the License, or (at your option) any later version. | 13 | 3 of the License, or (at your option) any later version. |
17 | 14 | ||
18 | * Javascript Crypto Library is distributed in the hope that it will | 15 | * Clipperz Community Edition is distributed in the hope that it will |
19 | be useful, but WITHOUT ANY WARRANTY; without even the implied | 16 | be useful, but WITHOUT ANY WARRANTY; without even the implied |
20 | warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | 17 | warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
21 | See the GNU Affero General Public License for more details. | 18 | See the GNU Affero General Public License for more details. |
22 | 19 | ||
23 | * You should have received a copy of the GNU Affero General Public | 20 | * You should have received a copy of the GNU Affero General Public |
24 | License along with Javascript Crypto Library. If not, see | 21 | License along with Clipperz Community Edition. If not, see |
25 | <http://www.gnu.org/licenses/>. | 22 | <http://www.gnu.org/licenses/>. |
26 | 23 | ||
27 | */ | 24 | */ |
28 | 25 | ||
29 | try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) { | 26 | try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) { |
30 | throw "Clipperz.Crypto.AES depends on Clipperz.ByteArray!"; | 27 | throw "Clipperz.Crypto.AES depends on Clipperz.ByteArray!"; |
31 | } | 28 | } |
32 | 29 | ||
33 | //Dependency commented to avoid a circular reference | 30 | //Dependency commented to avoid a circular reference |
34 | //try { if (typeof(Clipperz.Crypto.PRNG) == 'undefined') { throw ""; }} catch (e) { | 31 | //try { if (typeof(Clipperz.Crypto.PRNG) == 'undefined') { throw ""; }} catch (e) { |
35 | //throw "Clipperz.Crypto.AES depends on Clipperz.Crypto.PRNG!"; | 32 | //throw "Clipperz.Crypto.AES depends on Clipperz.Crypto.PRNG!"; |
36 | //} | 33 | //} |
37 | 34 | ||
38 | if (typeof(Clipperz.Crypto.AES) == 'undefined') { Clipperz.Crypto.AES = {}; } | 35 | if (typeof(Clipperz.Crypto.AES) == 'undefined') { Clipperz.Crypto.AES = {}; } |
39 | 36 | ||
40 | //############################################################################# | 37 | //############################################################################# |
41 | 38 | ||
42 | Clipperz.Crypto.AES.DeferredExecutionContext = function(args) { | 39 | Clipperz.Crypto.AES.DeferredExecutionContext = function(args) { |
43 | args = args || {}; | 40 | args = args || {}; |
44 | 41 | ||
45 | this._key = args.key; | 42 | this._key = args.key; |
46 | this._message = args.message; | 43 | this._message = args.message; |
47 | this._result = args.message.clone(); | 44 | this._result = args.message.clone(); |
48 | this._nonce = args.nonce; | 45 | this._nonce = args.nonce; |
49 | this._messageLength = this._message.length(); | 46 | this._messageLength = this._message.length(); |
50 | 47 | ||
51 | this._messageArray = this._message.arrayValues(); | 48 | this._messageArray = this._message.arrayValues(); |
52 | this._resultArray = this._result.arrayValues(); | 49 | this._resultArray = this._result.arrayValues(); |
53 | this._nonceArray = this._nonce.arrayValues(); | 50 | this._nonceArray = this._nonce.arrayValues(); |
54 | 51 | ||
55 | this._executionStep = 0; | 52 | this._executionStep = 0; |
56 | 53 | ||
57 | return this; | 54 | return this; |
58 | } | 55 | } |
59 | 56 | ||
60 | Clipperz.Crypto.AES.DeferredExecutionContext.prototype = MochiKit.Base.update(null, { | 57 | Clipperz.Crypto.AES.DeferredExecutionContext.prototype = MochiKit.Base.update(null, { |
61 | 58 | ||
62 | 'key': function() { | 59 | 'key': function() { |
63 | return this._key; | 60 | return this._key; |
64 | }, | 61 | }, |
65 | 62 | ||
66 | 'message': function() { | 63 | 'message': function() { |
67 | return this._message; | 64 | return this._message; |
68 | }, | 65 | }, |
69 | 66 | ||
70 | 'messageLength': function() { | 67 | 'messageLength': function() { |
71 | return this._messageLength; | 68 | return this._messageLength; |
72 | }, | 69 | }, |
73 | 70 | ||
74 | 'result': function() { | 71 | 'result': function() { |
75 | return new Clipperz.ByteArray(this.resultArray()); | 72 | return new Clipperz.ByteArray(this.resultArray()); |
76 | }, | 73 | }, |
77 | 74 | ||
78 | 'nonce': function() { | 75 | 'nonce': function() { |
79 | return this._nonce; | 76 | return this._nonce; |
80 | }, | 77 | }, |
81 | 78 | ||
82 | 'messageArray': function() { | 79 | 'messageArray': function() { |
83 | return this._messageArray; | 80 | return this._messageArray; |
84 | }, | 81 | }, |
85 | 82 | ||
86 | 'resultArray': function() { | 83 | 'resultArray': function() { |
87 | return this._resultArray; | 84 | return this._resultArray; |
88 | }, | 85 | }, |
89 | 86 | ||
90 | 'nonceArray': function() { | 87 | 'nonceArray': function() { |
91 | return this._nonceArray; | 88 | return this._nonceArray; |
92 | }, | 89 | }, |
93 | 90 | ||
94 | 'elaborationChunkSize': function() { | 91 | 'elaborationChunkSize': function() { |
95 | return Clipperz.Crypto.AES.DeferredExecution.chunkSize; | 92 | return Clipperz.Crypto.AES.DeferredExecution.chunkSize; |
96 | }, | 93 | }, |
97 | 94 | ||
98 | 'executionStep': function() { | 95 | 'executionStep': function() { |
99 | return this._executionStep; | 96 | return this._executionStep; |
100 | }, | 97 | }, |
101 | 98 | ||
102 | 'setExecutionStep': function(aValue) { | 99 | 'setExecutionStep': function(aValue) { |
103 | this._executionStep = aValue; | 100 | this._executionStep = aValue; |
104 | }, | 101 | }, |
105 | 102 | ||
106 | 'pause': function(aValue) { | 103 | 'pause': function(aValue) { |
107 | return MochiKit.Async.wait(Clipperz.Crypto.AES.DeferredExecution.pauseTime, aValue); | 104 | return MochiKit.Async.wait(Clipperz.Crypto.AES.DeferredExecution.pauseTime, aValue); |
108 | }, | 105 | }, |
109 | 106 | ||
110 | //----------------------------------------------------------------------------- | 107 | //----------------------------------------------------------------------------- |
111 | __syntaxFix__: "syntax fix" | 108 | __syntaxFix__: "syntax fix" |
112 | 109 | ||
113 | }); | 110 | }); |
114 | 111 | ||
115 | //############################################################################# | 112 | //############################################################################# |
116 | 113 | ||
117 | Clipperz.Crypto.AES.Key = function(args) { | 114 | Clipperz.Crypto.AES.Key = function(args) { |
118 | args = args || {}; | 115 | args = args || {}; |
119 | 116 | ||
120 | this._key = args.key; | 117 | this._key = args.key; |
121 | this._keySize = args.keySize || this.key().length(); | 118 | this._keySize = args.keySize || this.key().length(); |
122 | 119 | ||
123 | if (this.keySize() == 128/8) { | 120 | if (this.keySize() == 128/8) { |
124 | this._b = 176; | 121 | this._b = 176; |
125 | this._numberOfRounds = 10; | 122 | this._numberOfRounds = 10; |
126 | } else if (this.keySize() == 256/8) { | 123 | } else if (this.keySize() == 256/8) { |
127 | this._b = 240; | 124 | this._b = 240; |
128 | this._numberOfRounds = 14; | 125 | this._numberOfRounds = 14; |
129 | } else { | 126 | } else { |
130 | MochiKit.Logging.logError("AES unsupported key size: " + (this.keySize() * 8) + " bits"); | 127 | MochiKit.Logging.logError("AES unsupported key size: " + (this.keySize() * 8) + " bits"); |
131 | throw Clipperz.Crypto.AES.exception.UnsupportedKeySize; | 128 | throw Clipperz.Crypto.AES.exception.UnsupportedKeySize; |
132 | } | 129 | } |
133 | 130 | ||
134 | this._stretchedKey = null; | 131 | this._stretchedKey = null; |
135 | 132 | ||
136 | return this; | 133 | return this; |
137 | } | 134 | } |
138 | 135 | ||
139 | Clipperz.Crypto.AES.Key.prototype = MochiKit.Base.update(null, { | 136 | Clipperz.Crypto.AES.Key.prototype = MochiKit.Base.update(null, { |
140 | 137 | ||
141 | 'asString': function() { | 138 | 'asString': function() { |
142 | return "Clipperz.Crypto.AES.Key (" + this.key().toHexString() + ")"; | 139 | return "Clipperz.Crypto.AES.Key (" + this.key().toHexString() + ")"; |
143 | }, | 140 | }, |
144 | 141 | ||
145 | //----------------------------------------------------------------------------- | 142 | //----------------------------------------------------------------------------- |
146 | 143 | ||
147 | 'key': function() { | 144 | 'key': function() { |
148 | return this._key; | 145 | return this._key; |
149 | }, | 146 | }, |
150 | 147 | ||
151 | 'keySize': function() { | 148 | 'keySize': function() { |
152 | return this._keySize; | 149 | return this._keySize; |
153 | }, | 150 | }, |
154 | 151 | ||
155 | 'b': function() { | 152 | 'b': function() { |
156 | return this._b; | 153 | return this._b; |
157 | }, | 154 | }, |
158 | 155 | ||
159 | 'numberOfRounds': function() { | 156 | 'numberOfRounds': function() { |
160 | return this._numberOfRounds; | 157 | return this._numberOfRounds; |
161 | }, | 158 | }, |
162 | //========================================================================= | 159 | //========================================================================= |
163 | 160 | ||
164 | 'keyScheduleCore': function(aWord, aRoundConstantsIndex) { | 161 | 'keyScheduleCore': function(aWord, aRoundConstantsIndex) { |
165 | varresult; | 162 | varresult; |
166 | var sbox; | 163 | var sbox; |
167 | 164 | ||
168 | sbox = Clipperz.Crypto.AES.sbox(); | 165 | sbox = Clipperz.Crypto.AES.sbox(); |
169 | 166 | ||
170 | result = [sbox[aWord[1]] ^ Clipperz.Crypto.AES.roundConstants()[aRoundConstantsIndex], | 167 | result = [sbox[aWord[1]] ^ Clipperz.Crypto.AES.roundConstants()[aRoundConstantsIndex], |
171 | sbox[aWord[2]], | 168 | sbox[aWord[2]], |
172 | sbox[aWord[3]], | 169 | sbox[aWord[3]], |
173 | sbox[aWord[0]]]; | 170 | sbox[aWord[0]]]; |
174 | 171 | ||
175 | return result; | 172 | return result; |
176 | }, | 173 | }, |
177 | 174 | ||
178 | //----------------------------------------------------------------------------- | 175 | //----------------------------------------------------------------------------- |
179 | 176 | ||
180 | 'xorWithPreviousStretchValues': function(aKey, aWord, aPreviousWordIndex) { | 177 | 'xorWithPreviousStretchValues': function(aKey, aWord, aPreviousWordIndex) { |
181 | varresult; | 178 | varresult; |
182 | var i,c; | 179 | var i,c; |
183 | 180 | ||
184 | result = []; | 181 | result = []; |
185 | c = 4; | 182 | c = 4; |
186 | for (i=0; i<c; i++) { | 183 | for (i=0; i<c; i++) { |
187 | result[i] = aWord[i] ^ aKey.byteAtIndex(aPreviousWordIndex + i); | 184 | result[i] = aWord[i] ^ aKey.byteAtIndex(aPreviousWordIndex + i); |
188 | } | 185 | } |
189 | 186 | ||
190 | return result; | 187 | return result; |
191 | }, | 188 | }, |
192 | 189 | ||
193 | //----------------------------------------------------------------------------- | 190 | //----------------------------------------------------------------------------- |
194 | 191 | ||
195 | 'sboxShakeup': function(aWord) { | 192 | 'sboxShakeup': function(aWord) { |
196 | var result; | 193 | var result; |
197 | var sbox; | 194 | var sbox; |
198 | var i,c; | 195 | var i,c; |
199 | 196 | ||
200 | result = []; | 197 | result = []; |
201 | sbox = Clipperz.Crypto.AES.sbox(); | 198 | sbox = Clipperz.Crypto.AES.sbox(); |
202 | c =4; | 199 | c =4; |
203 | for (i=0; i<c; i++) { | 200 | for (i=0; i<c; i++) { |
204 | result[i] = sbox[aWord[i]]; | 201 | result[i] = sbox[aWord[i]]; |
205 | } | 202 | } |
206 | 203 | ||
207 | return result; | 204 | return result; |
208 | }, | 205 | }, |
209 | 206 | ||
210 | //----------------------------------------------------------------------------- | 207 | //----------------------------------------------------------------------------- |
211 | 208 | ||
212 | 'stretchKey': function(aKey) { | 209 | 'stretchKey': function(aKey) { |
213 | varcurrentWord; | 210 | varcurrentWord; |
214 | varkeyLength; | 211 | varkeyLength; |
215 | varpreviousStretchIndex; | 212 | varpreviousStretchIndex; |
216 | var i,c; | 213 | var i,c; |
217 | 214 | ||
218 | keyLength = aKey.length(); | 215 | keyLength = aKey.length(); |
219 | previousStretchIndex = keyLength - this.keySize(); | 216 | previousStretchIndex = keyLength - this.keySize(); |
220 | 217 | ||
221 | currentWord = [aKey.byteAtIndex(keyLength - 4), | 218 | currentWord = [aKey.byteAtIndex(keyLength - 4), |
222 | aKey.byteAtIndex(keyLength - 3), | 219 | aKey.byteAtIndex(keyLength - 3), |
223 | aKey.byteAtIndex(keyLength - 2), | 220 | aKey.byteAtIndex(keyLength - 2), |
224 | aKey.byteAtIndex(keyLength - 1)]; | 221 | aKey.byteAtIndex(keyLength - 1)]; |
225 | currentWord = this.keyScheduleCore(currentWord, keyLength / this.keySize()); | 222 | currentWord = this.keyScheduleCore(currentWord, keyLength / this.keySize()); |
226 | 223 | ||
227 | if (this.keySize() == 256/8) { | 224 | if (this.keySize() == 256/8) { |
228 | c = 8; | 225 | c = 8; |
229 | } else if (this.keySize() == 128/8){ | 226 | } else if (this.keySize() == 128/8){ |
230 | c = 4; | 227 | c = 4; |
231 | } | 228 | } |
232 | 229 | ||
233 | for (i=0; i<c; i++) { | 230 | for (i=0; i<c; i++) { |
234 | if (i == 4) { | 231 | if (i == 4) { |
235 | //fifth streatch word | 232 | //fifth streatch word |
236 | currentWord = this.sboxShakeup(currentWord); | 233 | currentWord = this.sboxShakeup(currentWord); |
237 | } | 234 | } |
238 | 235 | ||
239 | currentWord = this.xorWithPreviousStretchValues(aKey, currentWord, previousStretchIndex + (i*4)); | 236 | currentWord = this.xorWithPreviousStretchValues(aKey, currentWord, previousStretchIndex + (i*4)); |
240 | aKey.appendBytes(currentWord); | 237 | aKey.appendBytes(currentWord); |
241 | } | 238 | } |
242 | 239 | ||
243 | return aKey; | 240 | return aKey; |
244 | }, | 241 | }, |
245 | 242 | ||
246 | //----------------------------------------------------------------------------- | 243 | //----------------------------------------------------------------------------- |
247 | 244 | ||
248 | 'stretchedKey': function() { | 245 | 'stretchedKey': function() { |
249 | if (this._stretchedKey == null) { | 246 | if (this._stretchedKey == null) { |
250 | var stretchedKey; | 247 | var stretchedKey; |
251 | 248 | ||
252 | stretchedKey = this.key().clone(); | 249 | stretchedKey = this.key().clone(); |
253 | 250 | ||
254 | while (stretchedKey.length() < this.keySize()) { | 251 | while (stretchedKey.length() < this.keySize()) { |
255 | stretchedKey.appendByte(0); | 252 | stretchedKey.appendByte(0); |
256 | } | 253 | } |
257 | 254 | ||
258 | while (stretchedKey.length() < this.b()) { | 255 | while (stretchedKey.length() < this.b()) { |
259 | stretchedKey = this.stretchKey(stretchedKey); | 256 | stretchedKey = this.stretchKey(stretchedKey); |
260 | } | 257 | } |
261 | 258 | ||
262 | this._stretchedKey = stretchedKey.split(0, this.b()); | 259 | this._stretchedKey = stretchedKey.split(0, this.b()); |
263 | } | 260 | } |
264 | 261 | ||
265 | return this._stretchedKey; | 262 | return this._stretchedKey; |
266 | }, | 263 | }, |
267 | 264 | ||
268 | //========================================================================= | 265 | //========================================================================= |
269 | __syntaxFix__: "syntax fix" | 266 | __syntaxFix__: "syntax fix" |
270 | }); | 267 | }); |
271 | 268 | ||
272 | //############################################################################# | 269 | //############################################################################# |
273 | 270 | ||
274 | Clipperz.Crypto.AES.State = function(args) { | 271 | Clipperz.Crypto.AES.State = function(args) { |
275 | args = args || {}; | 272 | args = args || {}; |
276 | 273 | ||
277 | this._data = args.block; | 274 | this._data = args.block; |
278 | this._key = args.key; | 275 | this._key = args.key; |
279 | 276 | ||
280 | return this; | 277 | return this; |
281 | } | 278 | } |
282 | 279 | ||
283 | Clipperz.Crypto.AES.State.prototype = MochiKit.Base.update(null, { | 280 | Clipperz.Crypto.AES.State.prototype = MochiKit.Base.update(null, { |
284 | 281 | ||
285 | 'key': function() { | 282 | 'key': function() { |
286 | return this._key; | 283 | return this._key; |
287 | }, | 284 | }, |
288 | 285 | ||
289 | //----------------------------------------------------------------------------- | 286 | //----------------------------------------------------------------------------- |
290 | 287 | ||
291 | 'data': function() { | 288 | 'data': function() { |
292 | return this._data; | 289 | return this._data; |
293 | }, | 290 | }, |
294 | 291 | ||
295 | 'setData': function(aValue) { | 292 | 'setData': function(aValue) { |
296 | this._data = aValue; | 293 | this._data = aValue; |
297 | }, | 294 | }, |
298 | 295 | ||
299 | //========================================================================= | 296 | //========================================================================= |
300 | 297 | ||
301 | 'addRoundKey': function(aRoundNumber) { | 298 | 'addRoundKey': function(aRoundNumber) { |
302 | //each byte of the state is combined with the round key; each round key is derived from the cipher key using a key schedule. | 299 | //each byte of the state is combined with the round key; each round key is derived from the cipher key using a key schedule. |
303 | vardata; | 300 | vardata; |
304 | varstretchedKey; | 301 | varstretchedKey; |
305 | varfirstStretchedKeyIndex; | 302 | varfirstStretchedKeyIndex; |
306 | var i,c; | 303 | var i,c; |
307 | 304 | ||
308 | data = this.data(); | 305 | data = this.data(); |
309 | stretchedKey = this.key().stretchedKey(); | 306 | stretchedKey = this.key().stretchedKey(); |
310 | firstStretchedKeyIndex = aRoundNumber * (128/8); | 307 | firstStretchedKeyIndex = aRoundNumber * (128/8); |
311 | c = 128/8; | 308 | c = 128/8; |
312 | for (i=0; i<c; i++) { | 309 | for (i=0; i<c; i++) { |
313 | data[i] = data[i] ^ stretchedKey.byteAtIndex(firstStretchedKeyIndex + i); | 310 | data[i] = data[i] ^ stretchedKey.byteAtIndex(firstStretchedKeyIndex + i); |
314 | } | 311 | } |
315 | }, | 312 | }, |
316 | 313 | ||
317 | //----------------------------------------------------------------------------- | 314 | //----------------------------------------------------------------------------- |
318 | 315 | ||
319 | 'subBytes': function() { | 316 | 'subBytes': function() { |
320 | // a non-linear substitution step where each byte is replaced with another according to a lookup table. | 317 | // a non-linear substitution step where each byte is replaced with another according to a lookup table. |
321 | var i,c; | 318 | var i,c; |
322 | vardata; | 319 | vardata; |
323 | var sbox; | 320 | var sbox; |
324 | 321 | ||
325 | data = this.data(); | 322 | data = this.data(); |
326 | sbox = Clipperz.Crypto.AES.sbox(); | 323 | sbox = Clipperz.Crypto.AES.sbox(); |
327 | 324 | ||
328 | c = 16; | 325 | c = 16; |
329 | for (i=0; i<c; i++) { | 326 | for (i=0; i<c; i++) { |
330 | data[i] = sbox[data[i]]; | 327 | data[i] = sbox[data[i]]; |
331 | } | 328 | } |
332 | }, | 329 | }, |
333 | 330 | ||
334 | //----------------------------------------------------------------------------- | 331 | //----------------------------------------------------------------------------- |
335 | 332 | ||
336 | 'shiftRows': function() { | 333 | 'shiftRows': function() { |
337 | //a transposition step where each row of the state is shifted cyclically a certain number of steps. | 334 | //a transposition step where each row of the state is shifted cyclically a certain number of steps. |
338 | varnewValue; | 335 | varnewValue; |
339 | vardata; | 336 | vardata; |
340 | varshiftMapping; | 337 | varshiftMapping; |
341 | vari,c; | 338 | vari,c; |
342 | 339 | ||
343 | newValue = new Array(16); | 340 | newValue = new Array(16); |
344 | data = this.data(); | 341 | data = this.data(); |
345 | shiftMapping = Clipperz.Crypto.AES.shiftRowMapping(); | 342 | shiftMapping = Clipperz.Crypto.AES.shiftRowMapping(); |
346 | // [0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12, 1, 6, 11]; | 343 | // [0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12, 1, 6, 11]; |
347 | c = 16; | 344 | c = 16; |
348 | for (i=0; i<c; i++) { | 345 | for (i=0; i<c; i++) { |
349 | newValue[i] = data[shiftMapping[i]]; | 346 | newValue[i] = data[shiftMapping[i]]; |
350 | } | 347 | } |
351 | for (i=0; i<c; i++) { | 348 | for (i=0; i<c; i++) { |
352 | data[i] = newValue[i]; | 349 | data[i] = newValue[i]; |
353 | } | 350 | } |
354 | }, | 351 | }, |
355 | 352 | ||
356 | //----------------------------------------------------------------------------- | 353 | //----------------------------------------------------------------------------- |
357 | /* | 354 | /* |
358 | 'mixColumnsWithValues': function(someValues) { | 355 | 'mixColumnsWithValues': function(someValues) { |
359 | varresult; | 356 | varresult; |
360 | vara; | 357 | vara; |
361 | var i,c; | 358 | var i,c; |
362 | 359 | ||
363 | c = 4; | 360 | c = 4; |
364 | result = []; | 361 | result = []; |
365 | a = []; | 362 | a = []; |
366 | for (i=0; i<c; i++) { | 363 | for (i=0; i<c; i++) { |
367 | a[i] = []; | 364 | a[i] = []; |
368 | a[i][1] = someValues[i] | 365 | a[i][1] = someValues[i] |
369 | if ((a[i][1] & 0x80) == 0x80) { | 366 | if ((a[i][1] & 0x80) == 0x80) { |
370 | a[i][2] = (a[i][1] << 1) ^ 0x11b; | 367 | a[i][2] = (a[i][1] << 1) ^ 0x11b; |
371 | } else { | 368 | } else { |
372 | a[i][2] = a[i][1] << 1; | 369 | a[i][2] = a[i][1] << 1; |
373 | } | 370 | } |
374 | 371 | ||
375 | a[i][3] = a[i][2] ^ a[i][1]; | 372 | a[i][3] = a[i][2] ^ a[i][1]; |
376 | } | 373 | } |
377 | 374 | ||
378 | for (i=0; i<c; i++) { | 375 | for (i=0; i<c; i++) { |
379 | varx; | 376 | varx; |
380 | 377 | ||
381 | x = Clipperz.Crypto.AES.mixColumnsMatrix()[i]; | 378 | x = Clipperz.Crypto.AES.mixColumnsMatrix()[i]; |
382 | result[i] = a[0][x[0]] ^ a[1][x[1]] ^ a[2][x[2]] ^ a[3][x[3]]; | 379 | result[i] = a[0][x[0]] ^ a[1][x[1]] ^ a[2][x[2]] ^ a[3][x[3]]; |
383 | } | 380 | } |
384 | 381 | ||
385 | return result; | 382 | return result; |
386 | }, | 383 | }, |
387 | 384 | ||
388 | 'mixColumns': function() { | 385 | 'mixColumns': function() { |
389 | //a mixing operation which operates on the columns of the state, combining the four bytes in each column using a linear transformation. | 386 | //a mixing operation which operates on the columns of the state, combining the four bytes in each column using a linear transformation. |
390 | var data; | 387 | var data; |
391 | var i, c; | 388 | var i, c; |
392 | 389 | ||
393 | data = this.data(); | 390 | data = this.data(); |
394 | c = 4; | 391 | c = 4; |
395 | for(i=0; i<c; i++) { | 392 | for(i=0; i<c; i++) { |
396 | varblockIndex; | 393 | varblockIndex; |
397 | var mixedValues; | 394 | var mixedValues; |
398 | 395 | ||
399 | blockIndex = i * 4; | 396 | blockIndex = i * 4; |
400 | mixedValues = this.mixColumnsWithValues([data[blockIndex + 0], | 397 | mixedValues = this.mixColumnsWithValues([data[blockIndex + 0], |
401 | data[blockIndex + 1], | 398 | data[blockIndex + 1], |
402 | data[blockIndex + 2], | 399 | data[blockIndex + 2], |
403 | data[blockIndex + 3]]); | 400 | data[blockIndex + 3]]); |
404 | data[blockIndex + 0] = mixedValues[0]; | 401 | data[blockIndex + 0] = mixedValues[0]; |
405 | data[blockIndex + 1] = mixedValues[1]; | 402 | data[blockIndex + 1] = mixedValues[1]; |
406 | data[blockIndex + 2] = mixedValues[2]; | 403 | data[blockIndex + 2] = mixedValues[2]; |
407 | data[blockIndex + 3] = mixedValues[3]; | 404 | data[blockIndex + 3] = mixedValues[3]; |
408 | } | 405 | } |
diff --git a/frontend/beta/js/Clipperz/Crypto/Base.js b/frontend/beta/js/Clipperz/Crypto/Base.js index b69dcc8..d3a8e36 100644 --- a/frontend/beta/js/Clipperz/Crypto/Base.js +++ b/frontend/beta/js/Clipperz/Crypto/Base.js | |||
@@ -1,408 +1,405 @@ | |||
1 | /* | 1 | /* |
2 | 2 | ||
3 | Copyright 2008-2011 Clipperz Srl | 3 | Copyright 2008-2011 Clipperz Srl |
4 | 4 | ||
5 | This file is part of Clipperz's Javascript Crypto Library. | 5 | This file is part of Clipperz Community Edition. |
6 | Javascript Crypto Library provides web developers with an extensive | 6 | Clipperz Community Edition is an online password manager. |
7 | and efficient set of cryptographic functions. The library aims to | ||
8 | obtain maximum execution speed while preserving modularity and | ||
9 | reusability. | ||
10 | For further information about its features and functionalities please | 7 | For further information about its features and functionalities please |
11 | refer to http://www.clipperz.com | 8 | refer to http://www.clipperz.com. |
12 | 9 | ||
13 | * Javascript Crypto Library is free software: you can redistribute | 10 | * Clipperz Community Edition is free software: you can redistribute |
14 | it and/or modify it under the terms of the GNU Affero General Public | 11 | it and/or modify it under the terms of the GNU Affero General Public |
15 | License as published by the Free Software Foundation, either version | 12 | License as published by the Free Software Foundation, either version |
16 | 3 of the License, or (at your option) any later version. | 13 | 3 of the License, or (at your option) any later version. |
17 | 14 | ||
18 | * Javascript Crypto Library is distributed in the hope that it will | 15 | * Clipperz Community Edition is distributed in the hope that it will |
19 | be useful, but WITHOUT ANY WARRANTY; without even the implied | 16 | be useful, but WITHOUT ANY WARRANTY; without even the implied |
20 | warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | 17 | warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
21 | See the GNU Affero General Public License for more details. | 18 | See the GNU Affero General Public License for more details. |
22 | 19 | ||
23 | * You should have received a copy of the GNU Affero General Public | 20 | * You should have received a copy of the GNU Affero General Public |
24 | License along with Javascript Crypto Library. If not, see | 21 | License along with Clipperz Community Edition. If not, see |
25 | <http://www.gnu.org/licenses/>. | 22 | <http://www.gnu.org/licenses/>. |
26 | 23 | ||
27 | */ | 24 | */ |
28 | 25 | ||
29 | try { if (typeof(Clipperz.Base) == 'undefined') { throw ""; }} catch (e) { | 26 | try { if (typeof(Clipperz.Base) == 'undefined') { throw ""; }} catch (e) { |
30 | throw "Clipperz.Crypto.Base depends on Clipperz.Base!"; | 27 | throw "Clipperz.Crypto.Base depends on Clipperz.Base!"; |
31 | } | 28 | } |
32 | 29 | ||
33 | if (typeof(Clipperz.Crypto) == 'undefined') { Clipperz.Crypto = {}; } | 30 | if (typeof(Clipperz.Crypto) == 'undefined') { Clipperz.Crypto = {}; } |
34 | if (typeof(Clipperz.Crypto.Base) == 'undefined') { Clipperz.Crypto.Base = {}; } | 31 | if (typeof(Clipperz.Crypto.Base) == 'undefined') { Clipperz.Crypto.Base = {}; } |
35 | 32 | ||
36 | Clipperz.Crypto.Base.VERSION = "0.1"; | 33 | Clipperz.Crypto.Base.VERSION = "0.1"; |
37 | Clipperz.Crypto.Base.NAME = "Clipperz.Crypto.Base"; | 34 | Clipperz.Crypto.Base.NAME = "Clipperz.Crypto.Base"; |
38 | 35 | ||
39 | //############################################################################# | 36 | //############################################################################# |
40 | //Downloaded on March 30, 2006 from http://anmar.eu.org/projects/jssha2/files/jssha2-0.3.zip (jsSha2/sha256.js) | 37 | //Downloaded on March 30, 2006 from http://anmar.eu.org/projects/jssha2/files/jssha2-0.3.zip (jsSha2/sha256.js) |
41 | //############################################################################# | 38 | //############################################################################# |
42 | 39 | ||
43 | /* A JavaScript implementation of the Secure Hash Algorithm, SHA-256 | 40 | /* A JavaScript implementation of the Secure Hash Algorithm, SHA-256 |
44 | * Version 0.3 Copyright Angel Marin 2003-2004 - http://anmar.eu.org/ | 41 | * Version 0.3 Copyright Angel Marin 2003-2004 - http://anmar.eu.org/ |
45 | * Distributed under the BSD License | 42 | * Distributed under the BSD License |
46 | * Some bits taken from Paul Johnston's SHA-1 implementation | 43 | * Some bits taken from Paul Johnston's SHA-1 implementation |
47 | */ | 44 | */ |
48 | var chrsz = 8; /* bits per input character. 8 - ASCII; 16 - Unicode */ | 45 | var chrsz = 8; /* bits per input character. 8 - ASCII; 16 - Unicode */ |
49 | function safe_add (x, y) { | 46 | function safe_add (x, y) { |
50 | var lsw = (x & 0xFFFF) + (y & 0xFFFF); | 47 | var lsw = (x & 0xFFFF) + (y & 0xFFFF); |
51 | var msw = (x >> 16) + (y >> 16) + (lsw >> 16); | 48 | var msw = (x >> 16) + (y >> 16) + (lsw >> 16); |
52 | return (msw << 16) | (lsw & 0xFFFF); | 49 | return (msw << 16) | (lsw & 0xFFFF); |
53 | } | 50 | } |
54 | function S (X, n) {return ( X >>> n ) | (X << (32 - n));} | 51 | function S (X, n) {return ( X >>> n ) | (X << (32 - n));} |
55 | function R (X, n) {return ( X >>> n );} | 52 | function R (X, n) {return ( X >>> n );} |
56 | function Ch(x, y, z) {return ((x & y) ^ ((~x) & z));} | 53 | function Ch(x, y, z) {return ((x & y) ^ ((~x) & z));} |
57 | function Maj(x, y, z) {return ((x & y) ^ (x & z) ^ (y & z));} | 54 | function Maj(x, y, z) {return ((x & y) ^ (x & z) ^ (y & z));} |
58 | function Sigma0256(x) {return (S(x, 2) ^ S(x, 13) ^ S(x, 22));} | 55 | function Sigma0256(x) {return (S(x, 2) ^ S(x, 13) ^ S(x, 22));} |
59 | function Sigma1256(x) {return (S(x, 6) ^ S(x, 11) ^ S(x, 25));} | 56 | function Sigma1256(x) {return (S(x, 6) ^ S(x, 11) ^ S(x, 25));} |
60 | function Gamma0256(x) {return (S(x, 7) ^ S(x, 18) ^ R(x, 3));} | 57 | function Gamma0256(x) {return (S(x, 7) ^ S(x, 18) ^ R(x, 3));} |
61 | function Gamma1256(x) {return (S(x, 17) ^ S(x, 19) ^ R(x, 10));} | 58 | function Gamma1256(x) {return (S(x, 17) ^ S(x, 19) ^ R(x, 10));} |
62 | function core_sha256 (m, l) { | 59 | function core_sha256 (m, l) { |
63 | var K = new Array(0x428A2F98,0x71374491,0xB5C0FBCF,0xE9B5DBA5,0x3956C25B,0x59F111F1,0x923F82A4,0xAB1C5ED5,0xD807AA98,0x12835B01,0x243185BE,0x550C7DC3,0x72BE5D74,0x80DEB1FE,0x9BDC06A7,0xC19BF174,0xE49B69C1,0xEFBE4786,0xFC19DC6,0x240CA1CC,0x2DE92C6F,0x4A7484AA,0x5CB0A9DC,0x76F988DA,0x983E5152,0xA831C66D,0xB00327C8,0xBF597FC7,0xC6E00BF3,0xD5A79147,0x6CA6351,0x14292967,0x27B70A85,0x2E1B2138,0x4D2C6DFC,0x53380D13,0x650A7354,0x766A0ABB,0x81C2C92E,0x92722C85,0xA2BFE8A1,0xA81A664B,0xC24B8B70,0xC76C51A3,0xD192E819,0xD6990624,0xF40E3585,0x106AA070,0x19A4C116,0x1E376C08,0x2748774C,0x34B0BCB5,0x391C0CB3,0x4ED8AA4A,0x5B9CCA4F,0x682E6FF3,0x748F82EE,0x78A5636F,0x84C87814,0x8CC70208,0x90BEFFFA,0xA4506CEB,0xBEF9A3F7,0xC67178F2); | 60 | var K = new Array(0x428A2F98,0x71374491,0xB5C0FBCF,0xE9B5DBA5,0x3956C25B,0x59F111F1,0x923F82A4,0xAB1C5ED5,0xD807AA98,0x12835B01,0x243185BE,0x550C7DC3,0x72BE5D74,0x80DEB1FE,0x9BDC06A7,0xC19BF174,0xE49B69C1,0xEFBE4786,0xFC19DC6,0x240CA1CC,0x2DE92C6F,0x4A7484AA,0x5CB0A9DC,0x76F988DA,0x983E5152,0xA831C66D,0xB00327C8,0xBF597FC7,0xC6E00BF3,0xD5A79147,0x6CA6351,0x14292967,0x27B70A85,0x2E1B2138,0x4D2C6DFC,0x53380D13,0x650A7354,0x766A0ABB,0x81C2C92E,0x92722C85,0xA2BFE8A1,0xA81A664B,0xC24B8B70,0xC76C51A3,0xD192E819,0xD6990624,0xF40E3585,0x106AA070,0x19A4C116,0x1E376C08,0x2748774C,0x34B0BCB5,0x391C0CB3,0x4ED8AA4A,0x5B9CCA4F,0x682E6FF3,0x748F82EE,0x78A5636F,0x84C87814,0x8CC70208,0x90BEFFFA,0xA4506CEB,0xBEF9A3F7,0xC67178F2); |
64 | var HASH = new Array(0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19); | 61 | var HASH = new Array(0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19); |
65 | var W = new Array(64); | 62 | var W = new Array(64); |
66 | var a, b, c, d, e, f, g, h, i, j; | 63 | var a, b, c, d, e, f, g, h, i, j; |
67 | var T1, T2; | 64 | var T1, T2; |
68 | /* append padding */ | 65 | /* append padding */ |
69 | m[l >> 5] |= 0x80 << (24 - l % 32); | 66 | m[l >> 5] |= 0x80 << (24 - l % 32); |
70 | m[((l + 64 >> 9) << 4) + 15] = l; | 67 | m[((l + 64 >> 9) << 4) + 15] = l; |
71 | for ( var i = 0; i<m.length; i+=16 ) { | 68 | for ( var i = 0; i<m.length; i+=16 ) { |
72 | a = HASH[0]; b = HASH[1]; c = HASH[2]; d = HASH[3]; e = HASH[4]; f = HASH[5]; g = HASH[6]; h = HASH[7]; | 69 | a = HASH[0]; b = HASH[1]; c = HASH[2]; d = HASH[3]; e = HASH[4]; f = HASH[5]; g = HASH[6]; h = HASH[7]; |
73 | for ( var j = 0; j<64; j++) { | 70 | for ( var j = 0; j<64; j++) { |
74 | if (j < 16) W[j] = m[j + i]; | 71 | if (j < 16) W[j] = m[j + i]; |
75 | else W[j] = safe_add(safe_add(safe_add(Gamma1256(W[j - 2]), W[j - 7]), Gamma0256(W[j - 15])), W[j - 16]); | 72 | else W[j] = safe_add(safe_add(safe_add(Gamma1256(W[j - 2]), W[j - 7]), Gamma0256(W[j - 15])), W[j - 16]); |
76 | T1 = safe_add(safe_add(safe_add(safe_add(h, Sigma1256(e)), Ch(e, f, g)), K[j]), W[j]); | 73 | T1 = safe_add(safe_add(safe_add(safe_add(h, Sigma1256(e)), Ch(e, f, g)), K[j]), W[j]); |
77 | T2 = safe_add(Sigma0256(a), Maj(a, b, c)); | 74 | T2 = safe_add(Sigma0256(a), Maj(a, b, c)); |
78 | h = g; g = f; f = e; e = safe_add(d, T1); d = c; c = b; b = a; a = safe_add(T1, T2); | 75 | h = g; g = f; f = e; e = safe_add(d, T1); d = c; c = b; b = a; a = safe_add(T1, T2); |
79 | } | 76 | } |
80 | HASH[0] = safe_add(a, HASH[0]); HASH[1] = safe_add(b, HASH[1]); HASH[2] = safe_add(c, HASH[2]); HASH[3] = safe_add(d, HASH[3]); HASH[4] = safe_add(e, HASH[4]); HASH[5] = safe_add(f, HASH[5]); HASH[6] = safe_add(g, HASH[6]); HASH[7] = safe_add(h, HASH[7]); | 77 | HASH[0] = safe_add(a, HASH[0]); HASH[1] = safe_add(b, HASH[1]); HASH[2] = safe_add(c, HASH[2]); HASH[3] = safe_add(d, HASH[3]); HASH[4] = safe_add(e, HASH[4]); HASH[5] = safe_add(f, HASH[5]); HASH[6] = safe_add(g, HASH[6]); HASH[7] = safe_add(h, HASH[7]); |
81 | } | 78 | } |
82 | return HASH; | 79 | return HASH; |
83 | } | 80 | } |
84 | function str2binb (str) { | 81 | function str2binb (str) { |
85 | var bin = Array(); | 82 | var bin = Array(); |
86 | var mask = (1 << chrsz) - 1; | 83 | var mask = (1 << chrsz) - 1; |
87 | for(var i = 0; i < str.length * chrsz; i += chrsz) | 84 | for(var i = 0; i < str.length * chrsz; i += chrsz) |
88 | bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (24 - i%32); | 85 | bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (24 - i%32); |
89 | return bin; | 86 | return bin; |
90 | } | 87 | } |
91 | function binb2hex (binarray) { | 88 | function binb2hex (binarray) { |
92 | var hexcase = 0; /* hex output format. 0 - lowercase; 1 - uppercase */ | 89 | var hexcase = 0; /* hex output format. 0 - lowercase; 1 - uppercase */ |
93 | var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef"; | 90 | var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef"; |
94 | var str = ""; | 91 | var str = ""; |
95 | for (var i = 0; i < binarray.length * 4; i++) { | 92 | for (var i = 0; i < binarray.length * 4; i++) { |
96 | str += hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8+4)) & 0xF) + hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8 )) & 0xF); | 93 | str += hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8+4)) & 0xF) + hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8 )) & 0xF); |
97 | } | 94 | } |
98 | return str; | 95 | return str; |
99 | } | 96 | } |
100 | function hex_sha256(s){return binb2hex(core_sha256(str2binb(s),s.length * chrsz));} | 97 | function hex_sha256(s){return binb2hex(core_sha256(str2binb(s),s.length * chrsz));} |
101 | 98 | ||
102 | 99 | ||
103 | 100 | ||
104 | //############################################################################# | 101 | //############################################################################# |
105 | //Downloaded on March 30, 2006 from http://www.fourmilab.ch/javascrypt/javascrypt.zip (entropy.js) | 102 | //Downloaded on March 30, 2006 from http://www.fourmilab.ch/javascrypt/javascrypt.zip (entropy.js) |
106 | //############################################################################# | 103 | //############################################################################# |
107 | 104 | ||
108 | // Entropy collection utilities | 105 | // Entropy collection utilities |
109 | 106 | ||
110 | /*Start by declaring static storage and initialise | 107 | /*Start by declaring static storage and initialise |
111 | the entropy vector from the time we come through | 108 | the entropy vector from the time we come through |
112 | here. */ | 109 | here. */ |
113 | 110 | ||
114 | var entropyData = new Array(); // Collected entropy data | 111 | var entropyData = new Array(); // Collected entropy data |
115 | var edlen = 0; // Keyboard array data length | 112 | var edlen = 0; // Keyboard array data length |
116 | 113 | ||
117 | addEntropyTime(); // Start entropy collection with page load time | 114 | addEntropyTime(); // Start entropy collection with page load time |
118 | ce(); // Roll milliseconds into initial entropy | 115 | ce(); // Roll milliseconds into initial entropy |
119 | 116 | ||
120 | //Add a byte to the entropy vector | 117 | //Add a byte to the entropy vector |
121 | 118 | ||
122 | function addEntropyByte(b) { | 119 | function addEntropyByte(b) { |
123 | entropyData[edlen++] = b; | 120 | entropyData[edlen++] = b; |
124 | } | 121 | } |
125 | 122 | ||
126 | /*Capture entropy. When the user presses a key or performs | 123 | /*Capture entropy. When the user presses a key or performs |
127 | various other events for which we can request | 124 | various other events for which we can request |
128 | notification, add the time in 255ths of a second to the | 125 | notification, add the time in 255ths of a second to the |
129 | entropyData array. The name of the function is short | 126 | entropyData array. The name of the function is short |
130 | so it doesn't bloat the form object declarations in | 127 | so it doesn't bloat the form object declarations in |
131 | which it appears in various "onXXX" events. */ | 128 | which it appears in various "onXXX" events. */ |
132 | 129 | ||
133 | function ce() { | 130 | function ce() { |
134 | addEntropyByte(Math.floor((((new Date).getMilliseconds()) * 255) / 999)); | 131 | addEntropyByte(Math.floor((((new Date).getMilliseconds()) * 255) / 999)); |
135 | } | 132 | } |
136 | 133 | ||
137 | //Add a 32 bit quantity to the entropy vector | 134 | //Add a 32 bit quantity to the entropy vector |
138 | 135 | ||
139 | function addEntropy32(w) { | 136 | function addEntropy32(w) { |
140 | var i; | 137 | var i; |
141 | 138 | ||
142 | for (i = 0; i < 4; i++) { | 139 | for (i = 0; i < 4; i++) { |
143 | addEntropyByte(w & 0xFF); | 140 | addEntropyByte(w & 0xFF); |
144 | w >>= 8; | 141 | w >>= 8; |
145 | } | 142 | } |
146 | } | 143 | } |
147 | 144 | ||
148 | /*Add the current time and date (milliseconds since the epoch, | 145 | /*Add the current time and date (milliseconds since the epoch, |
149 | truncated to 32 bits) to the entropy vector. */ | 146 | truncated to 32 bits) to the entropy vector. */ |
150 | 147 | ||
151 | function addEntropyTime() { | 148 | function addEntropyTime() { |
152 | addEntropy32((new Date()).getTime()); | 149 | addEntropy32((new Date()).getTime()); |
153 | } | 150 | } |
154 | 151 | ||
155 | /* Start collection of entropy from mouse movements. The | 152 | /* Start collection of entropy from mouse movements. The |
156 | argument specifies the number of entropy items to be | 153 | argument specifies the number of entropy items to be |
157 | obtained from mouse motion, after which mouse motion | 154 | obtained from mouse motion, after which mouse motion |
158 | will be ignored. Note that you can re-enable mouse | 155 | will be ignored. Note that you can re-enable mouse |
159 | motion collection at any time if not already underway. */ | 156 | motion collection at any time if not already underway. */ |
160 | 157 | ||
161 | var mouseMotionCollect = 0; | 158 | var mouseMotionCollect = 0; |
162 | var oldMoveHandler; // For saving and restoring mouse move handler in IE4 | 159 | var oldMoveHandler; // For saving and restoring mouse move handler in IE4 |
163 | 160 | ||
164 | function mouseMotionEntropy(maxsamp) { | 161 | function mouseMotionEntropy(maxsamp) { |
165 | if (mouseMotionCollect <= 0) { | 162 | if (mouseMotionCollect <= 0) { |
166 | mouseMotionCollect = maxsamp; | 163 | mouseMotionCollect = maxsamp; |
167 | if ((document.implementation.hasFeature("Events", "2.0")) && | 164 | if ((document.implementation.hasFeature("Events", "2.0")) && |
168 | document.addEventListener) { | 165 | document.addEventListener) { |
169 | // Browser supports Document Object Model (DOM) 2 events | 166 | // Browser supports Document Object Model (DOM) 2 events |
170 | document.addEventListener("mousemove", mouseMoveEntropy, false); | 167 | document.addEventListener("mousemove", mouseMoveEntropy, false); |
171 | } else { | 168 | } else { |
172 | if (document.attachEvent) { | 169 | if (document.attachEvent) { |
173 | // Internet Explorer 5 and above event model | 170 | // Internet Explorer 5 and above event model |
174 | document.attachEvent("onmousemove", mouseMoveEntropy); | 171 | document.attachEvent("onmousemove", mouseMoveEntropy); |
175 | } else { | 172 | } else { |
176 | //Internet Explorer 4 event model | 173 | //Internet Explorer 4 event model |
177 | oldMoveHandler = document.onmousemove; | 174 | oldMoveHandler = document.onmousemove; |
178 | document.onmousemove = mouseMoveEntropy; | 175 | document.onmousemove = mouseMoveEntropy; |
179 | } | 176 | } |
180 | } | 177 | } |
181 | //dump("Mouse enable", mouseMotionCollect); | 178 | //dump("Mouse enable", mouseMotionCollect); |
182 | } | 179 | } |
183 | } | 180 | } |
184 | 181 | ||
185 | /*Collect entropy from mouse motion events. Note that | 182 | /*Collect entropy from mouse motion events. Note that |
186 | this is craftily coded to work with either DOM2 or Internet | 183 | this is craftily coded to work with either DOM2 or Internet |
187 | Explorer style events. Note that we don't use every successive | 184 | Explorer style events. Note that we don't use every successive |
188 | mouse movement event. Instead, we XOR the three bytes collected | 185 | mouse movement event. Instead, we XOR the three bytes collected |
189 | from the mouse and use that to determine how many subsequent | 186 | from the mouse and use that to determine how many subsequent |
190 | mouse movements we ignore before capturing the next one. */ | 187 | mouse movements we ignore before capturing the next one. */ |
191 | 188 | ||
192 | var mouseEntropyTime = 0; // Delay counter for mouse entropy collection | 189 | var mouseEntropyTime = 0; // Delay counter for mouse entropy collection |
193 | 190 | ||
194 | function mouseMoveEntropy(e) { | 191 | function mouseMoveEntropy(e) { |
195 | if (!e) { | 192 | if (!e) { |
196 | e = window.event; // Internet Explorer event model | 193 | e = window.event; // Internet Explorer event model |
197 | } | 194 | } |
198 | if (mouseMotionCollect > 0) { | 195 | if (mouseMotionCollect > 0) { |
199 | if (mouseEntropyTime-- <= 0) { | 196 | if (mouseEntropyTime-- <= 0) { |
200 | addEntropyByte(e.screenX & 0xFF); | 197 | addEntropyByte(e.screenX & 0xFF); |
201 | addEntropyByte(e.screenY & 0xFF); | 198 | addEntropyByte(e.screenY & 0xFF); |
202 | ce(); | 199 | ce(); |
203 | mouseMotionCollect--; | 200 | mouseMotionCollect--; |
204 | mouseEntropyTime = (entropyData[edlen - 3] ^ entropyData[edlen - 2] ^ | 201 | mouseEntropyTime = (entropyData[edlen - 3] ^ entropyData[edlen - 2] ^ |
205 | entropyData[edlen - 1]) % 19; | 202 | entropyData[edlen - 1]) % 19; |
206 | //dump("Mouse Move", byteArrayToHex(entropyData.slice(-3))); | 203 | //dump("Mouse Move", byteArrayToHex(entropyData.slice(-3))); |
207 | } | 204 | } |
208 | if (mouseMotionCollect <= 0) { | 205 | if (mouseMotionCollect <= 0) { |
209 | if (document.removeEventListener) { | 206 | if (document.removeEventListener) { |
210 | document.removeEventListener("mousemove", mouseMoveEntropy, false); | 207 | document.removeEventListener("mousemove", mouseMoveEntropy, false); |
211 | } else if (document.detachEvent) { | 208 | } else if (document.detachEvent) { |
212 | document.detachEvent("onmousemove", mouseMoveEntropy); | 209 | document.detachEvent("onmousemove", mouseMoveEntropy); |
213 | } else { | 210 | } else { |
214 | document.onmousemove = oldMoveHandler; | 211 | document.onmousemove = oldMoveHandler; |
215 | } | 212 | } |
216 | //dump("Spung!", 0); | 213 | //dump("Spung!", 0); |
217 | } | 214 | } |
218 | } | 215 | } |
219 | } | 216 | } |
220 | 217 | ||
221 | /*Compute a 32 byte key value from the entropy vector. | 218 | /*Compute a 32 byte key value from the entropy vector. |
222 | We compute the value by taking the MD5 sum of the even | 219 | We compute the value by taking the MD5 sum of the even |
223 | and odd bytes respectively of the entropy vector, then | 220 | and odd bytes respectively of the entropy vector, then |
224 | concatenating the two MD5 sums. */ | 221 | concatenating the two MD5 sums. */ |
225 | 222 | ||
226 | function keyFromEntropy() { | 223 | function keyFromEntropy() { |
227 | var i, k = new Array(32); | 224 | var i, k = new Array(32); |
228 | 225 | ||
229 | if (edlen == 0) { | 226 | if (edlen == 0) { |
230 | alert("Blooie! Entropy vector void at call to keyFromEntropy."); | 227 | alert("Blooie! Entropy vector void at call to keyFromEntropy."); |
231 | } | 228 | } |
232 | //dump("Entropy bytes", edlen); | 229 | //dump("Entropy bytes", edlen); |
233 | 230 | ||
234 | md5_init(); | 231 | md5_init(); |
235 | for (i = 0; i < edlen; i += 2) { | 232 | for (i = 0; i < edlen; i += 2) { |
236 | md5_update(entropyData[i]); | 233 | md5_update(entropyData[i]); |
237 | } | 234 | } |
238 | md5_finish(); | 235 | md5_finish(); |
239 | for (i = 0; i < 16; i++) { | 236 | for (i = 0; i < 16; i++) { |
240 | k[i] = digestBits[i]; | 237 | k[i] = digestBits[i]; |
241 | } | 238 | } |
242 | 239 | ||
243 | md5_init(); | 240 | md5_init(); |
244 | for (i = 1; i < edlen; i += 2) { | 241 | for (i = 1; i < edlen; i += 2) { |
245 | md5_update(entropyData[i]); | 242 | md5_update(entropyData[i]); |
246 | } | 243 | } |
247 | md5_finish(); | 244 | md5_finish(); |
248 | for (i = 0; i < 16; i++) { | 245 | for (i = 0; i < 16; i++) { |
249 | k[i + 16] = digestBits[i]; | 246 | k[i + 16] = digestBits[i]; |
250 | } | 247 | } |
251 | 248 | ||
252 | //dump("keyFromEntropy", byteArrayToHex(k)); | 249 | //dump("keyFromEntropy", byteArrayToHex(k)); |
253 | return k; | 250 | return k; |
254 | } | 251 | } |
255 | 252 | ||
256 | //############################################################################# | 253 | //############################################################################# |
257 | //Downloaded on March 30, 2006 from http://www.fourmilab.ch/javascrypt/javascrypt.zip (aesprng.js) | 254 | //Downloaded on March 30, 2006 from http://www.fourmilab.ch/javascrypt/javascrypt.zip (aesprng.js) |
258 | //############################################################################# | 255 | //############################################################################# |
259 | 256 | ||
260 | 257 | ||
261 | // AES based pseudorandom number generator | 258 | // AES based pseudorandom number generator |
262 | 259 | ||
263 | /* Constructor. Called with an array of 32 byte (0-255) values | 260 | /* Constructor. Called with an array of 32 byte (0-255) values |
264 | containing the initial seed. */ | 261 | containing the initial seed. */ |
265 | 262 | ||
266 | function AESprng(seed) { | 263 | function AESprng(seed) { |
267 | this.key = new Array(); | 264 | this.key = new Array(); |
268 | this.key = seed; | 265 | this.key = seed; |
269 | this.itext = hexToByteArray("9F489613248148F9C27945C6AE62EECA3E3367BB14064E4E6DC67A9F28AB3BD1"); | 266 | this.itext = hexToByteArray("9F489613248148F9C27945C6AE62EECA3E3367BB14064E4E6DC67A9F28AB3BD1"); |
270 | this.nbytes = 0; // Bytes left in buffer | 267 | this.nbytes = 0; // Bytes left in buffer |
271 | 268 | ||
272 | this.next = AESprng_next; | 269 | this.next = AESprng_next; |
273 | this.nextbits = AESprng_nextbits; | 270 | this.nextbits = AESprng_nextbits; |
274 | this.nextInt = AESprng_nextInt; | 271 | this.nextInt = AESprng_nextInt; |
275 | this.round = AESprng_round; | 272 | this.round = AESprng_round; |
276 | 273 | ||
277 | /* Encrypt the initial text with the seed key | 274 | /* Encrypt the initial text with the seed key |
278 | three times, feeding the output of the encryption | 275 | three times, feeding the output of the encryption |
279 | back into the key for the next round. */ | 276 | back into the key for the next round. */ |
280 | 277 | ||
281 | bsb = blockSizeInBits; | 278 | bsb = blockSizeInBits; |
282 | blockSizeInBits = 256; | 279 | blockSizeInBits = 256; |
283 | var i, ct; | 280 | var i, ct; |
284 | for (i = 0; i < 3; i++) { | 281 | for (i = 0; i < 3; i++) { |
285 | this.key = rijndaelEncrypt(this.itext, this.key, "ECB"); | 282 | this.key = rijndaelEncrypt(this.itext, this.key, "ECB"); |
286 | } | 283 | } |
287 | 284 | ||
288 | /* Now make between one and four additional | 285 | /* Now make between one and four additional |
289 | key-feedback rounds, with the number determined | 286 | key-feedback rounds, with the number determined |
290 | by bits from the result of the first three | 287 | by bits from the result of the first three |
291 | rounds. */ | 288 | rounds. */ |
292 | 289 | ||
293 | var n = 1 + (this.key[3] & 2) + (this.key[9] & 1); | 290 | var n = 1 + (this.key[3] & 2) + (this.key[9] & 1); |
294 | for (i = 0; i < n; i++) { | 291 | for (i = 0; i < n; i++) { |
295 | this.key = rijndaelEncrypt(this.itext, this.key, "ECB"); | 292 | this.key = rijndaelEncrypt(this.itext, this.key, "ECB"); |
296 | } | 293 | } |
297 | blockSizeInBits = bsb; | 294 | blockSizeInBits = bsb; |
298 | } | 295 | } |
299 | 296 | ||
300 | function AESprng_round() { | 297 | function AESprng_round() { |
301 | bsb = blockSizeInBits; | 298 | bsb = blockSizeInBits; |
302 | blockSizeInBits = 256; | 299 | blockSizeInBits = 256; |
303 | this.key = rijndaelEncrypt(this.itext, this.key, "ECB"); | 300 | this.key = rijndaelEncrypt(this.itext, this.key, "ECB"); |
304 | this.nbytes = 32; | 301 | this.nbytes = 32; |
305 | blockSizeInBits = bsb; | 302 | blockSizeInBits = bsb; |
306 | } | 303 | } |
307 | 304 | ||
308 | //Return next byte from the generator | 305 | //Return next byte from the generator |
309 | 306 | ||
310 | function AESprng_next() { | 307 | function AESprng_next() { |
311 | if (this.nbytes <= 0) { | 308 | if (this.nbytes <= 0) { |
312 | this.round(); | 309 | this.round(); |
313 | } | 310 | } |
314 | return(this.key[--this.nbytes]); | 311 | return(this.key[--this.nbytes]); |
315 | } | 312 | } |
316 | 313 | ||
317 | //Return n bit integer value (up to maximum integer size) | 314 | //Return n bit integer value (up to maximum integer size) |
318 | 315 | ||
319 | function AESprng_nextbits(n) { | 316 | function AESprng_nextbits(n) { |
320 | var i, w = 0, nbytes = Math.floor((n + 7) / 8); | 317 | var i, w = 0, nbytes = Math.floor((n + 7) / 8); |
321 | 318 | ||
322 | for (i = 0; i < nbytes; i++) { | 319 | for (i = 0; i < nbytes; i++) { |
323 | w = (w << 8) | this.next(); | 320 | w = (w << 8) | this.next(); |
324 | } | 321 | } |
325 | return w & ((1 << n) - 1); | 322 | return w & ((1 << n) - 1); |
326 | } | 323 | } |
327 | 324 | ||
328 | // Return integer between 0 and n inclusive | 325 | // Return integer between 0 and n inclusive |
329 | 326 | ||
330 | function AESprng_nextInt(n) { | 327 | function AESprng_nextInt(n) { |
331 | var p = 1, nb = 0; | 328 | var p = 1, nb = 0; |
332 | 329 | ||
333 | // Determine smallest p, 2^p > n | 330 | // Determine smallest p, 2^p > n |
334 | // nb = log_2 p | 331 | // nb = log_2 p |
335 | 332 | ||
336 | while (n >= p) { | 333 | while (n >= p) { |
337 | p <<= 1; | 334 | p <<= 1; |
338 | nb++; | 335 | nb++; |
339 | } | 336 | } |
340 | p--; | 337 | p--; |
341 | 338 | ||
342 | /* Generate values from 0 through n by first generating | 339 | /* Generate values from 0 through n by first generating |
343 | values v from 0 to (2^p)-1, then discarding any results v > n. | 340 | values v from 0 to (2^p)-1, then discarding any results v > n. |
344 | For the rationale behind this (and why taking | 341 | For the rationale behind this (and why taking |
345 | values mod (n + 1) is biased toward smaller values, see | 342 | values mod (n + 1) is biased toward smaller values, see |
346 | Ferguson and Schneier, "Practical Cryptography", | 343 | Ferguson and Schneier, "Practical Cryptography", |
347 | ISBN 0-471-22357-3, section 10.8). */ | 344 | ISBN 0-471-22357-3, section 10.8). */ |
348 | 345 | ||
349 | while (true) { | 346 | while (true) { |
350 | var v = this.nextbits(nb) & p; | 347 | var v = this.nextbits(nb) & p; |
351 | 348 | ||
352 | if (v <= n) { | 349 | if (v <= n) { |
353 | return v; | 350 | return v; |
354 | } | 351 | } |
355 | } | 352 | } |
356 | } | 353 | } |
357 | 354 | ||
358 | //############################################################################# | 355 | //############################################################################# |
359 | //Downloaded on March 30, 2006 from http://www.fourmilab.ch/javascrypt/javascrypt.zip (md5.js) | 356 | //Downloaded on March 30, 2006 from http://www.fourmilab.ch/javascrypt/javascrypt.zip (md5.js) |
360 | //############################################################################# | 357 | //############################################################################# |
361 | 358 | ||
362 | /* | 359 | /* |
363 | * md5.jvs 1.0b 27/06/96 | 360 | * md5.jvs 1.0b 27/06/96 |
364 | * | 361 | * |
365 | * Javascript implementation of the RSA Data Security, Inc. MD5 | 362 | * Javascript implementation of the RSA Data Security, Inc. MD5 |
366 | * Message-Digest Algorithm. | 363 | * Message-Digest Algorithm. |
367 | * | 364 | * |
368 | * Copyright (c) 1996 Henri Torgemane. All Rights Reserved. | 365 | * Copyright (c) 1996 Henri Torgemane. All Rights Reserved. |
369 | * | 366 | * |
370 | * Permission to use, copy, modify, and distribute this software | 367 | * Permission to use, copy, modify, and distribute this software |
371 | * and its documentation for any purposes and without | 368 | * and its documentation for any purposes and without |
372 | * fee is hereby granted provided that this copyright notice | 369 | * fee is hereby granted provided that this copyright notice |
373 | * appears in all copies. | 370 | * appears in all copies. |
374 | * | 371 | * |
375 | * Of course, this soft is provided "as is" without express or implied | 372 | * Of course, this soft is provided "as is" without express or implied |
376 | * warranty of any kind. | 373 | * warranty of any kind. |
377 | 374 | ||
378 | This version contains some trivial reformatting modifications | 375 | This version contains some trivial reformatting modifications |
379 | by John Walker. | 376 | by John Walker. |
380 | 377 | ||
381 | */ | 378 | */ |
382 | 379 | ||
383 | function array(n) { | 380 | function array(n) { |
384 | for (i = 0; i < n; i++) { | 381 | for (i = 0; i < n; i++) { |
385 | this[i] = 0; | 382 | this[i] = 0; |
386 | } | 383 | } |
387 | this.length = n; | 384 | this.length = n; |
388 | } | 385 | } |
389 | 386 | ||
390 | /* Some basic logical functions had to be rewritten because of a bug in | 387 | /* Some basic logical functions had to be rewritten because of a bug in |
391 | * Javascript.. Just try to compute 0xffffffff >> 4 with it.. | 388 | * Javascript.. Just try to compute 0xffffffff >> 4 with it.. |
392 | * Of course, these functions are slower than the original would be, but | 389 | * Of course, these functions are slower than the original would be, but |
393 | * at least, they work! | 390 | * at least, they work! |
394 | */ | 391 | */ |
395 | 392 | ||
396 | function integer(n) { | 393 | function integer(n) { |
397 | return n % (0xffffffff + 1); | 394 | return n % (0xffffffff + 1); |
398 | } | 395 | } |
399 | 396 | ||
400 | function shr(a, b) { | 397 | function shr(a, b) { |
401 | a = integer(a); | 398 | a = integer(a); |
402 | b = integer(b); | 399 | b = integer(b); |
403 | if (a - 0x80000000 >= 0) { | 400 | if (a - 0x80000000 >= 0) { |
404 | a = a % 0x80000000; | 401 | a = a % 0x80000000; |
405 | a >>= b; | 402 | a >>= b; |
406 | a += 0x40000000 >> (b - 1); | 403 | a += 0x40000000 >> (b - 1); |
407 | } else { | 404 | } else { |
408 | a >>= b; | 405 | a >>= b; |
diff --git a/frontend/beta/js/Clipperz/Crypto/BigInt.js b/frontend/beta/js/Clipperz/Crypto/BigInt.js index d4d05d2..41483a3 100644 --- a/frontend/beta/js/Clipperz/Crypto/BigInt.js +++ b/frontend/beta/js/Clipperz/Crypto/BigInt.js | |||
@@ -1,408 +1,405 @@ | |||
1 | /* | 1 | /* |
2 | 2 | ||
3 | Copyright 2008-2011 Clipperz Srl | 3 | Copyright 2008-2011 Clipperz Srl |
4 | 4 | ||
5 | This file is part of Clipperz's Javascript Crypto Library. | 5 | This file is part of Clipperz Community Edition. |
6 | Javascript Crypto Library provides web developers with an extensive | 6 | Clipperz Community Edition is an online password manager. |
7 | and efficient set of cryptographic functions. The library aims to | ||
8 | obtain maximum execution speed while preserving modularity and | ||
9 | reusability. | ||
10 | For further information about its features and functionalities please | 7 | For further information about its features and functionalities please |
11 | refer to http://www.clipperz.com | 8 | refer to http://www.clipperz.com. |
12 | 9 | ||
13 | * Javascript Crypto Library is free software: you can redistribute | 10 | * Clipperz Community Edition is free software: you can redistribute |
14 | it and/or modify it under the terms of the GNU Affero General Public | 11 | it and/or modify it under the terms of the GNU Affero General Public |
15 | License as published by the Free Software Foundation, either version | 12 | License as published by the Free Software Foundation, either version |
16 | 3 of the License, or (at your option) any later version. | 13 | 3 of the License, or (at your option) any later version. |
17 | 14 | ||
18 | * Javascript Crypto Library is distributed in the hope that it will | 15 | * Clipperz Community Edition is distributed in the hope that it will |
19 | be useful, but WITHOUT ANY WARRANTY; without even the implied | 16 | be useful, but WITHOUT ANY WARRANTY; without even the implied |
20 | warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | 17 | warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
21 | See the GNU Affero General Public License for more details. | 18 | See the GNU Affero General Public License for more details. |
22 | 19 | ||
23 | * You should have received a copy of the GNU Affero General Public | 20 | * You should have received a copy of the GNU Affero General Public |
24 | License along with Javascript Crypto Library. If not, see | 21 | License along with Clipperz Community Edition. If not, see |
25 | <http://www.gnu.org/licenses/>. | 22 | <http://www.gnu.org/licenses/>. |
26 | 23 | ||
27 | */ | 24 | */ |
28 | 25 | ||
29 | if (typeof(Clipperz) == 'undefined') { Clipperz = {}; } | 26 | if (typeof(Clipperz) == 'undefined') { Clipperz = {}; } |
30 | if (typeof(Clipperz.Crypto) == 'undefined') { Clipperz.Crypto = {}; } | 27 | if (typeof(Clipperz.Crypto) == 'undefined') { Clipperz.Crypto = {}; } |
31 | 28 | ||
32 | //############################################################################# | 29 | //############################################################################# |
33 | //Downloaded on March 05, 2007 from http://www.leemon.com/crypto/BigInt.js | 30 | //Downloaded on March 05, 2007 from http://www.leemon.com/crypto/BigInt.js |
34 | //############################################################################# | 31 | //############################################################################# |
35 | 32 | ||
36 | 33 | ||
37 | //////////////////////////////////////////////////////////////////////////////////////// | 34 | //////////////////////////////////////////////////////////////////////////////////////// |
38 | // Big Integer Library v. 5.0 | 35 | // Big Integer Library v. 5.0 |
39 | // Created 2000, last modified 2006 | 36 | // Created 2000, last modified 2006 |
40 | // Leemon Baird | 37 | // Leemon Baird |
41 | // www.leemon.com | 38 | // www.leemon.com |
42 | // | 39 | // |
43 | // This file is public domain. You can use it for any purpose without restriction. | 40 | // This file is public domain. You can use it for any purpose without restriction. |
44 | // I do not guarantee that it is correct, so use it at your own risk. If you use | 41 | // I do not guarantee that it is correct, so use it at your own risk. If you use |
45 | // it for something interesting, I'd appreciate hearing about it. If you find | 42 | // it for something interesting, I'd appreciate hearing about it. If you find |
46 | // any bugs or make any improvements, I'd appreciate hearing about those too. | 43 | // any bugs or make any improvements, I'd appreciate hearing about those too. |
47 | // It would also be nice if my name and address were left in the comments. | 44 | // It would also be nice if my name and address were left in the comments. |
48 | // But none of that is required. | 45 | // But none of that is required. |
49 | // | 46 | // |
50 | // This code defines a bigInt library for arbitrary-precision integers. | 47 | // This code defines a bigInt library for arbitrary-precision integers. |
51 | // A bigInt is an array of integers storing the value in chunks of bpe bits, | 48 | // A bigInt is an array of integers storing the value in chunks of bpe bits, |
52 | // little endian (buff[0] is the least significant word). | 49 | // little endian (buff[0] is the least significant word). |
53 | // Negative bigInts are stored two's complement. | 50 | // Negative bigInts are stored two's complement. |
54 | // Some functions assume their parameters have at least one leading zero element. | 51 | // Some functions assume their parameters have at least one leading zero element. |
55 | // Functions with an underscore at the end of the name have unpredictable behavior in case of overflow, | 52 | // Functions with an underscore at the end of the name have unpredictable behavior in case of overflow, |
56 | // so the caller must make sure overflow won't happen. | 53 | // so the caller must make sure overflow won't happen. |
57 | // For each function where a parameter is modified, that same | 54 | // For each function where a parameter is modified, that same |
58 | // variable must not be used as another argument too. | 55 | // variable must not be used as another argument too. |
59 | // So, you cannot square x by doing multMod_(x,x,n). | 56 | // So, you cannot square x by doing multMod_(x,x,n). |
60 | // You must use squareMod_(x,n) instead, or do y=dup(x); multMod_(x,y,n). | 57 | // You must use squareMod_(x,n) instead, or do y=dup(x); multMod_(x,y,n). |
61 | // | 58 | // |
62 | // These functions are designed to avoid frequent dynamic memory allocation in the inner loop. | 59 | // These functions are designed to avoid frequent dynamic memory allocation in the inner loop. |
63 | // For most functions, if it needs a BigInt as a local variable it will actually use | 60 | // For most functions, if it needs a BigInt as a local variable it will actually use |
64 | // a global, and will only allocate to it when it's not the right size. This ensures | 61 | // a global, and will only allocate to it when it's not the right size. This ensures |
65 | // that when a function is called repeatedly with same-sized parameters, it only allocates | 62 | // that when a function is called repeatedly with same-sized parameters, it only allocates |
66 | // memory on the first call. | 63 | // memory on the first call. |
67 | // | 64 | // |
68 | // Note that for cryptographic purposes, the calls to Math.random() must | 65 | // Note that for cryptographic purposes, the calls to Math.random() must |
69 | // be replaced with calls to a better pseudorandom number generator. | 66 | // be replaced with calls to a better pseudorandom number generator. |
70 | // | 67 | // |
71 | // In the following, "bigInt" means a bigInt with at least one leading zero element, | 68 | // In the following, "bigInt" means a bigInt with at least one leading zero element, |
72 | // and "integer" means a nonnegative integer less than radix. In some cases, integer | 69 | // and "integer" means a nonnegative integer less than radix. In some cases, integer |
73 | // can be negative. Negative bigInts are 2s complement. | 70 | // can be negative. Negative bigInts are 2s complement. |
74 | // | 71 | // |
75 | // The following functions do not modify their inputs, but dynamically allocate memory every time they are called: | 72 | // The following functions do not modify their inputs, but dynamically allocate memory every time they are called: |
76 | // | 73 | // |
77 | // function bigInt2str(x,base) //convert a bigInt into a string in a given base, from base 2 up to base 95 | 74 | // function bigInt2str(x,base) //convert a bigInt into a string in a given base, from base 2 up to base 95 |
78 | // function dup(x) //returns a copy of bigInt x | 75 | // function dup(x) //returns a copy of bigInt x |
79 | // function findPrimes(n) //return array of all primes less than integer n | 76 | // function findPrimes(n) //return array of all primes less than integer n |
80 | // function int2bigInt(t,n,m) //convert integer t to a bigInt with at least n bits and m array elements | 77 | // function int2bigInt(t,n,m) //convert integer t to a bigInt with at least n bits and m array elements |
81 | // function int2bigInt(s,b,n,m) //convert string s in base b to a bigInt with at least n bits and m array elements | 78 | // function int2bigInt(s,b,n,m) //convert string s in base b to a bigInt with at least n bits and m array elements |
82 | // function trim(x,k) //return a copy of x with exactly k leading zero elements | 79 | // function trim(x,k) //return a copy of x with exactly k leading zero elements |
83 | // | 80 | // |
84 | // The following functions do not modify their inputs, so there is never a problem with the result being too big: | 81 | // The following functions do not modify their inputs, so there is never a problem with the result being too big: |
85 | // | 82 | // |
86 | // function bitSize(x) //returns how many bits long the bigInt x is, not counting leading zeros | 83 | // function bitSize(x) //returns how many bits long the bigInt x is, not counting leading zeros |
87 | // function equals(x,y) //is the bigInt x equal to the bigint y? | 84 | // function equals(x,y) //is the bigInt x equal to the bigint y? |
88 | // function equalsInt(x,y) //is bigint x equal to integer y? | 85 | // function equalsInt(x,y) //is bigint x equal to integer y? |
89 | // function greater(x,y) //is x>y? (x and y are nonnegative bigInts) | 86 | // function greater(x,y) //is x>y? (x and y are nonnegative bigInts) |
90 | // function greaterShift(x,y,shift)//is (x <<(shift*bpe)) > y? | 87 | // function greaterShift(x,y,shift)//is (x <<(shift*bpe)) > y? |
91 | // function isZero(x) //is the bigInt x equal to zero? | 88 | // function isZero(x) //is the bigInt x equal to zero? |
92 | // function millerRabin(x,b) //does one round of Miller-Rabin base integer b say that bigInt x is possibly prime (as opposed to definitely composite)? | 89 | // function millerRabin(x,b) //does one round of Miller-Rabin base integer b say that bigInt x is possibly prime (as opposed to definitely composite)? |
93 | // function modInt(x,n) //return x mod n for bigInt x and integer n. | 90 | // function modInt(x,n) //return x mod n for bigInt x and integer n. |
94 | // function negative(x) //is bigInt x negative? | 91 | // function negative(x) //is bigInt x negative? |
95 | // | 92 | // |
96 | // The following functions do not modify their inputs, but allocate memory and call functions with underscores | 93 | // The following functions do not modify their inputs, but allocate memory and call functions with underscores |
97 | // | 94 | // |
98 | // function add(x,y) //return (x+y) for bigInts x and y. | 95 | // function add(x,y) //return (x+y) for bigInts x and y. |
99 | // function addInt(x,n) //return (x+n) where x is a bigInt and n is an integer. | 96 | // function addInt(x,n) //return (x+n) where x is a bigInt and n is an integer. |
100 | // function expand(x,n) //return a copy of x with at least n elements, adding leading zeros if needed | 97 | // function expand(x,n) //return a copy of x with at least n elements, adding leading zeros if needed |
101 | // function inverseMod(x,n) //return (x**(-1) mod n) for bigInts x and n. If no inverse exists, it returns null | 98 | // function inverseMod(x,n) //return (x**(-1) mod n) for bigInts x and n. If no inverse exists, it returns null |
102 | // function mod(x,n) //return a new bigInt equal to (x mod n) for bigInts x and n. | 99 | // function mod(x,n) //return a new bigInt equal to (x mod n) for bigInts x and n. |
103 | // function mult(x,y) //return x*y for bigInts x and y. This is faster when y<x. | 100 | // function mult(x,y) //return x*y for bigInts x and y. This is faster when y<x. |
104 | // function multMod(x,y,n) //return (x*y mod n) for bigInts x,y,n. For greater speed, let y<x. | 101 | // function multMod(x,y,n) //return (x*y mod n) for bigInts x,y,n. For greater speed, let y<x. |
105 | // function powMod(x,y,n) //return (x**y mod n) where x,y,n are bigInts and ** is exponentiation. 0**0=1. Faster for odd n. | 102 | // function powMod(x,y,n) //return (x**y mod n) where x,y,n are bigInts and ** is exponentiation. 0**0=1. Faster for odd n. |
106 | // function randTruePrime(k) //return a new, random, k-bit, true prime using Maurer's algorithm. | 103 | // function randTruePrime(k) //return a new, random, k-bit, true prime using Maurer's algorithm. |
107 | // function sub(x,y) //return (x-y) for bigInts x and y. Negative answers will be 2s complement | 104 | // function sub(x,y) //return (x-y) for bigInts x and y. Negative answers will be 2s complement |
108 | // | 105 | // |
109 | // The following functions write a bigInt result to one of the parameters, but | 106 | // The following functions write a bigInt result to one of the parameters, but |
110 | // the result is never bigger than the original, so there can't be overflow problems: | 107 | // the result is never bigger than the original, so there can't be overflow problems: |
111 | // | 108 | // |
112 | // function divInt_(x,n) //do x=floor(x/n) for bigInt x and integer n, and return the remainder | 109 | // function divInt_(x,n) //do x=floor(x/n) for bigInt x and integer n, and return the remainder |
113 | // function GCD_(x,y) //set x to the greatest common divisor of bigInts x and y, (y is destroyed). | 110 | // function GCD_(x,y) //set x to the greatest common divisor of bigInts x and y, (y is destroyed). |
114 | // function halve_(x) //do x=floor(|x|/2)*sgn(x) for bigInt x in 2's complement | 111 | // function halve_(x) //do x=floor(|x|/2)*sgn(x) for bigInt x in 2's complement |
115 | // function mod_(x,n) //do x=x mod n for bigInts x and n. | 112 | // function mod_(x,n) //do x=x mod n for bigInts x and n. |
116 | // function rightShift_(x,n) //right shift bigInt x by n bits. 0 <= n < bpe. | 113 | // function rightShift_(x,n) //right shift bigInt x by n bits. 0 <= n < bpe. |
117 | // | 114 | // |
118 | // The following functions write a bigInt result to one of the parameters. The caller is responsible for | 115 | // The following functions write a bigInt result to one of the parameters. The caller is responsible for |
119 | // ensuring it is large enough to hold the result. | 116 | // ensuring it is large enough to hold the result. |
120 | // | 117 | // |
121 | // function addInt_(x,n) //do x=x+n where x is a bigInt and n is an integer | 118 | // function addInt_(x,n) //do x=x+n where x is a bigInt and n is an integer |
122 | // function add_(x,y) //do x=x+y for bigInts x and y | 119 | // function add_(x,y) //do x=x+y for bigInts x and y |
123 | // function addShift_(x,y,ys) //do x=x+(y<<(ys*bpe)) | 120 | // function addShift_(x,y,ys) //do x=x+(y<<(ys*bpe)) |
124 | // function copy_(x,y) //do x=y on bigInts x and y | 121 | // function copy_(x,y) //do x=y on bigInts x and y |
125 | // function copyInt_(x,n) //do x=n on bigInt x and integer n | 122 | // function copyInt_(x,n) //do x=n on bigInt x and integer n |
126 | // function carry_(x) //do carries and borrows so each element of the bigInt x fits in bpe bits. | 123 | // function carry_(x) //do carries and borrows so each element of the bigInt x fits in bpe bits. |
127 | // function divide_(x,y,q,r) //divide_ x by y giving quotient q and remainder r | 124 | // function divide_(x,y,q,r) //divide_ x by y giving quotient q and remainder r |
128 | // function eGCD_(x,y,d,a,b) //sets a,b,d to positive big integers such that d = GCD_(x,y) = a*x-b*y | 125 | // function eGCD_(x,y,d,a,b) //sets a,b,d to positive big integers such that d = GCD_(x,y) = a*x-b*y |
129 | // function inverseMod_(x,n) //do x=x**(-1) mod n, for bigInts x and n. Returns 1 (0) if inverse does (doesn't) exist | 126 | // function inverseMod_(x,n) //do x=x**(-1) mod n, for bigInts x and n. Returns 1 (0) if inverse does (doesn't) exist |
130 | // function inverseModInt_(x,n) //return x**(-1) mod n, for integers x and n. Return 0 if there is no inverse | 127 | // function inverseModInt_(x,n) //return x**(-1) mod n, for integers x and n. Return 0 if there is no inverse |
131 | // function leftShift_(x,n) //left shift bigInt x by n bits. n<bpe. | 128 | // function leftShift_(x,n) //left shift bigInt x by n bits. n<bpe. |
132 | // function linComb_(x,y,a,b) //do x=a*x+b*y for bigInts x and y and integers a and b | 129 | // function linComb_(x,y,a,b) //do x=a*x+b*y for bigInts x and y and integers a and b |
133 | // function linCombShift_(x,y,b,ys) //do x=x+b*(y<<(ys*bpe)) for bigInts x and y, and integers b and ys | 130 | // function linCombShift_(x,y,b,ys) //do x=x+b*(y<<(ys*bpe)) for bigInts x and y, and integers b and ys |
134 | // function mont_(x,y,n,np) //Montgomery multiplication (see comments where the function is defined) | 131 | // function mont_(x,y,n,np) //Montgomery multiplication (see comments where the function is defined) |
135 | // function mult_(x,y) //do x=x*y for bigInts x and y. | 132 | // function mult_(x,y) //do x=x*y for bigInts x and y. |
136 | // function multInt_(x,n) //do x=x*n where x is a bigInt and n is an integer. | 133 | // function multInt_(x,n) //do x=x*n where x is a bigInt and n is an integer. |
137 | // function multMod_(x,y,n) //do x=x*y mod n for bigInts x,y,n. | 134 | // function multMod_(x,y,n) //do x=x*y mod n for bigInts x,y,n. |
138 | // function powMod_(x,y,n) //do x=x**y mod n, where x,y,n are bigInts (n is odd) and ** is exponentiation. 0**0=1. | 135 | // function powMod_(x,y,n) //do x=x**y mod n, where x,y,n are bigInts (n is odd) and ** is exponentiation. 0**0=1. |
139 | // function randBigInt_(b,n,s) //do b = an n-bit random BigInt. if s=1, then nth bit (most significant bit) is set to 1. n>=1. | 136 | // function randBigInt_(b,n,s) //do b = an n-bit random BigInt. if s=1, then nth bit (most significant bit) is set to 1. n>=1. |
140 | // function randTruePrime_(ans,k) //do ans = a random k-bit true random prime (not just probable prime) with 1 in the msb. | 137 | // function randTruePrime_(ans,k) //do ans = a random k-bit true random prime (not just probable prime) with 1 in the msb. |
141 | // function squareMod_(x,n) //do x=x*x mod n for bigInts x,n | 138 | // function squareMod_(x,n) //do x=x*x mod n for bigInts x,n |
142 | // function sub_(x,y) //do x=x-y for bigInts x and y. Negative answers will be 2s complement. | 139 | // function sub_(x,y) //do x=x-y for bigInts x and y. Negative answers will be 2s complement. |
143 | // function subShift_(x,y,ys) //do x=x-(y<<(ys*bpe)). Negative answers will be 2s complement. | 140 | // function subShift_(x,y,ys) //do x=x-(y<<(ys*bpe)). Negative answers will be 2s complement. |
144 | // | 141 | // |
145 | // The following functions are based on algorithms from the _Handbook of Applied Cryptography_ | 142 | // The following functions are based on algorithms from the _Handbook of Applied Cryptography_ |
146 | // powMod_() = algorithm 14.94, Montgomery exponentiation | 143 | // powMod_() = algorithm 14.94, Montgomery exponentiation |
147 | // eGCD_,inverseMod_() = algorithm 14.61, Binary extended GCD_ | 144 | // eGCD_,inverseMod_() = algorithm 14.61, Binary extended GCD_ |
148 | // GCD_() = algorothm 14.57, Lehmer's algorithm | 145 | // GCD_() = algorothm 14.57, Lehmer's algorithm |
149 | // mont_() = algorithm 14.36, Montgomery multiplication | 146 | // mont_() = algorithm 14.36, Montgomery multiplication |
150 | // divide_() = algorithm 14.20 Multiple-precision division | 147 | // divide_() = algorithm 14.20 Multiple-precision division |
151 | // squareMod_() = algorithm 14.16 Multiple-precision squaring | 148 | // squareMod_() = algorithm 14.16 Multiple-precision squaring |
152 | // randTruePrime_() = algorithm 4.62, Maurer's algorithm | 149 | // randTruePrime_() = algorithm 4.62, Maurer's algorithm |
153 | // millerRabin() = algorithm 4.24, Miller-Rabin algorithm | 150 | // millerRabin() = algorithm 4.24, Miller-Rabin algorithm |
154 | // | 151 | // |
155 | // Profiling shows: | 152 | // Profiling shows: |
156 | // randTruePrime_() spends: | 153 | // randTruePrime_() spends: |
157 | // 10% of its time in calls to powMod_() | 154 | // 10% of its time in calls to powMod_() |
158 | // 85% of its time in calls to millerRabin() | 155 | // 85% of its time in calls to millerRabin() |
159 | // millerRabin() spends: | 156 | // millerRabin() spends: |
160 | // 99% of its time in calls to powMod_() (always with a base of 2) | 157 | // 99% of its time in calls to powMod_() (always with a base of 2) |
161 | // powMod_() spends: | 158 | // powMod_() spends: |
162 | // 94% of its time in calls to mont_() (almost always with x==y) | 159 | // 94% of its time in calls to mont_() (almost always with x==y) |
163 | // | 160 | // |
164 | // This suggests there are several ways to speed up this library slightly: | 161 | // This suggests there are several ways to speed up this library slightly: |
165 | // - convert powMod_ to use a Montgomery form of k-ary window (or maybe a Montgomery form of sliding window) | 162 | // - convert powMod_ to use a Montgomery form of k-ary window (or maybe a Montgomery form of sliding window) |
166 | // -- this should especially focus on being fast when raising 2 to a power mod n | 163 | // -- this should especially focus on being fast when raising 2 to a power mod n |
167 | // - convert randTruePrime_() to use a minimum r of 1/3 instead of 1/2 with the appropriate change to the test | 164 | // - convert randTruePrime_() to use a minimum r of 1/3 instead of 1/2 with the appropriate change to the test |
168 | // - tune the parameters in randTruePrime_(), including c, m, and recLimit | 165 | // - tune the parameters in randTruePrime_(), including c, m, and recLimit |
169 | // - speed up the single loop in mont_() that takes 95% of the runtime, perhaps by reducing checking | 166 | // - speed up the single loop in mont_() that takes 95% of the runtime, perhaps by reducing checking |
170 | // within the loop when all the parameters are the same length. | 167 | // within the loop when all the parameters are the same length. |
171 | // | 168 | // |
172 | // There are several ideas that look like they wouldn't help much at all: | 169 | // There are several ideas that look like they wouldn't help much at all: |
173 | // - replacing trial division in randTruePrime_() with a sieve (that speeds up something taking almost no time anyway) | 170 | // - replacing trial division in randTruePrime_() with a sieve (that speeds up something taking almost no time anyway) |
174 | // - increase bpe from 15 to 30 (that would help if we had a 32*32->64 multiplier, but not with JavaScript's 32*32->32) | 171 | // - increase bpe from 15 to 30 (that would help if we had a 32*32->64 multiplier, but not with JavaScript's 32*32->32) |
175 | // - speeding up mont_(x,y,n,np) when x==y by doing a non-modular, non-Montgomery square | 172 | // - speeding up mont_(x,y,n,np) when x==y by doing a non-modular, non-Montgomery square |
176 | // followed by a Montgomery reduction. The intermediate answer will be twice as long as x, so that | 173 | // followed by a Montgomery reduction. The intermediate answer will be twice as long as x, so that |
177 | // method would be slower. This is unfortunate because the code currently spends almost all of its time | 174 | // method would be slower. This is unfortunate because the code currently spends almost all of its time |
178 | // doing mont_(x,x,...), both for randTruePrime_() and powMod_(). A faster method for Montgomery squaring | 175 | // doing mont_(x,x,...), both for randTruePrime_() and powMod_(). A faster method for Montgomery squaring |
179 | // would have a large impact on the speed of randTruePrime_() and powMod_(). HAC has a couple of poorly-worded | 176 | // would have a large impact on the speed of randTruePrime_() and powMod_(). HAC has a couple of poorly-worded |
180 | // sentences that seem to imply it's faster to do a non-modular square followed by a single | 177 | // sentences that seem to imply it's faster to do a non-modular square followed by a single |
181 | // Montgomery reduction, but that's obviously wrong. | 178 | // Montgomery reduction, but that's obviously wrong. |
182 | //////////////////////////////////////////////////////////////////////////////////////// | 179 | //////////////////////////////////////////////////////////////////////////////////////// |
183 | 180 | ||
184 | //globals | 181 | //globals |
185 | bpe=0; //bits stored per array element | 182 | bpe=0; //bits stored per array element |
186 | mask=0; //AND this with an array element to chop it down to bpe bits | 183 | mask=0; //AND this with an array element to chop it down to bpe bits |
187 | radix=mask+1; //equals 2^bpe. A single 1 bit to the left of the last bit of mask. | 184 | radix=mask+1; //equals 2^bpe. A single 1 bit to the left of the last bit of mask. |
188 | 185 | ||
189 | //the digits for converting to different bases | 186 | //the digits for converting to different bases |
190 | digitsStr='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_=!@#$%^&*()[]{}|;:,.<>/?`~ \\\'\"+-'; | 187 | digitsStr='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_=!@#$%^&*()[]{}|;:,.<>/?`~ \\\'\"+-'; |
191 | 188 | ||
192 | //initialize the global variables | 189 | //initialize the global variables |
193 | for (bpe=0; (1<<(bpe+1)) > (1<<bpe); bpe++); //bpe=number of bits in the mantissa on this platform | 190 | for (bpe=0; (1<<(bpe+1)) > (1<<bpe); bpe++); //bpe=number of bits in the mantissa on this platform |
194 | bpe>>=1; //bpe=number of bits in one element of the array representing the bigInt | 191 | bpe>>=1; //bpe=number of bits in one element of the array representing the bigInt |
195 | mask=(1<<bpe)-1; //AND the mask with an integer to get its bpe least significant bits | 192 | mask=(1<<bpe)-1; //AND the mask with an integer to get its bpe least significant bits |
196 | radix=mask+1; //2^bpe. a single 1 bit to the left of the first bit of mask | 193 | radix=mask+1; //2^bpe. a single 1 bit to the left of the first bit of mask |
197 | one=int2bigInt(1,1,1); //constant used in powMod_() | 194 | one=int2bigInt(1,1,1); //constant used in powMod_() |
198 | 195 | ||
199 | //the following global variables are scratchpad memory to | 196 | //the following global variables are scratchpad memory to |
200 | //reduce dynamic memory allocation in the inner loop | 197 | //reduce dynamic memory allocation in the inner loop |
201 | t=new Array(0); | 198 | t=new Array(0); |
202 | ss=t; //used in mult_() | 199 | ss=t; //used in mult_() |
203 | s0=t; //used in multMod_(), squareMod_() | 200 | s0=t; //used in multMod_(), squareMod_() |
204 | s1=t; //used in powMod_(), multMod_(), squareMod_() | 201 | s1=t; //used in powMod_(), multMod_(), squareMod_() |
205 | s2=t; //used in powMod_(), multMod_() | 202 | s2=t; //used in powMod_(), multMod_() |
206 | s3=t; //used in powMod_() | 203 | s3=t; //used in powMod_() |
207 | s4=t; s5=t; //used in mod_() | 204 | s4=t; s5=t; //used in mod_() |
208 | s6=t; //used in bigInt2str() | 205 | s6=t; //used in bigInt2str() |
209 | s7=t; //used in powMod_() | 206 | s7=t; //used in powMod_() |
210 | T=t; //used in GCD_() | 207 | T=t; //used in GCD_() |
211 | sa=t; //used in mont_() | 208 | sa=t; //used in mont_() |
212 | mr_x1=t; mr_r=t; mr_a=t; //used in millerRabin() | 209 | mr_x1=t; mr_r=t; mr_a=t; //used in millerRabin() |
213 | eg_v=t; eg_u=t; eg_A=t; eg_B=t; eg_C=t; eg_D=t; //used in eGCD_(), inverseMod_() | 210 | eg_v=t; eg_u=t; eg_A=t; eg_B=t; eg_C=t; eg_D=t; //used in eGCD_(), inverseMod_() |
214 | md_q1=t; md_q2=t; md_q3=t; md_r=t; md_r1=t; md_r2=t; md_tt=t; //used in mod_() | 211 | md_q1=t; md_q2=t; md_q3=t; md_r=t; md_r1=t; md_r2=t; md_tt=t; //used in mod_() |
215 | 212 | ||
216 | primes=t; pows=t; s_i=t; s_i2=t; s_R=t; s_rm=t; s_q=t; s_n1=t; | 213 | primes=t; pows=t; s_i=t; s_i2=t; s_R=t; s_rm=t; s_q=t; s_n1=t; |
217 | s_a=t; s_r2=t; s_n=t; s_b=t; s_d=t; s_x1=t; s_x2=t, s_aa=t; //used in randTruePrime_() | 214 | s_a=t; s_r2=t; s_n=t; s_b=t; s_d=t; s_x1=t; s_x2=t, s_aa=t; //used in randTruePrime_() |
218 | 215 | ||
219 | //////////////////////////////////////////////////////////////////////////////////////// | 216 | //////////////////////////////////////////////////////////////////////////////////////// |
220 | 217 | ||
221 | //return array of all primes less than integer n | 218 | //return array of all primes less than integer n |
222 | function findPrimes(n) { | 219 | function findPrimes(n) { |
223 | var i,s,p,ans; | 220 | var i,s,p,ans; |
224 | s=new Array(n); | 221 | s=new Array(n); |
225 | for (i=0;i<n;i++) | 222 | for (i=0;i<n;i++) |
226 | s[i]=0; | 223 | s[i]=0; |
227 | s[0]=2; | 224 | s[0]=2; |
228 | p=0; //first p elements of s are primes, the rest are a sieve | 225 | p=0; //first p elements of s are primes, the rest are a sieve |
229 | for(;s[p]<n;) { //s[p] is the pth prime | 226 | for(;s[p]<n;) { //s[p] is the pth prime |
230 | for(i=s[p]*s[p]; i<n; i+=s[p]) //mark multiples of s[p] | 227 | for(i=s[p]*s[p]; i<n; i+=s[p]) //mark multiples of s[p] |
231 | s[i]=1; | 228 | s[i]=1; |
232 | p++; | 229 | p++; |
233 | s[p]=s[p-1]+1; | 230 | s[p]=s[p-1]+1; |
234 | for(; s[p]<n && s[s[p]]; s[p]++); //find next prime (where s[p]==0) | 231 | for(; s[p]<n && s[s[p]]; s[p]++); //find next prime (where s[p]==0) |
235 | } | 232 | } |
236 | ans=new Array(p); | 233 | ans=new Array(p); |
237 | for(i=0;i<p;i++) | 234 | for(i=0;i<p;i++) |
238 | ans[i]=s[i]; | 235 | ans[i]=s[i]; |
239 | return ans; | 236 | return ans; |
240 | } | 237 | } |
241 | 238 | ||
242 | //does a single round of Miller-Rabin base b consider x to be a possible prime? | 239 | //does a single round of Miller-Rabin base b consider x to be a possible prime? |
243 | //x is a bigInt, and b is an integer | 240 | //x is a bigInt, and b is an integer |
244 | function millerRabin(x,b) { | 241 | function millerRabin(x,b) { |
245 | var i,j,k,s; | 242 | var i,j,k,s; |
246 | 243 | ||
247 | if (mr_x1.length!=x.length) { | 244 | if (mr_x1.length!=x.length) { |
248 | mr_x1=dup(x); | 245 | mr_x1=dup(x); |
249 | mr_r=dup(x); | 246 | mr_r=dup(x); |
250 | mr_a=dup(x); | 247 | mr_a=dup(x); |
251 | } | 248 | } |
252 | 249 | ||
253 | copyInt_(mr_a,b); | 250 | copyInt_(mr_a,b); |
254 | copy_(mr_r,x); | 251 | copy_(mr_r,x); |
255 | copy_(mr_x1,x); | 252 | copy_(mr_x1,x); |
256 | 253 | ||
257 | addInt_(mr_r,-1); | 254 | addInt_(mr_r,-1); |
258 | addInt_(mr_x1,-1); | 255 | addInt_(mr_x1,-1); |
259 | 256 | ||
260 | //s=the highest power of two that divides mr_r | 257 | //s=the highest power of two that divides mr_r |
261 | k=0; | 258 | k=0; |
262 | for (i=0;i<mr_r.length;i++) | 259 | for (i=0;i<mr_r.length;i++) |
263 | for (j=1;j<mask;j<<=1) | 260 | for (j=1;j<mask;j<<=1) |
264 | if (x[i] & j) { | 261 | if (x[i] & j) { |
265 | s=(k<mr_r.length+bpe ? k : 0); | 262 | s=(k<mr_r.length+bpe ? k : 0); |
266 | i=mr_r.length; | 263 | i=mr_r.length; |
267 | j=mask; | 264 | j=mask; |
268 | } else | 265 | } else |
269 | k++; | 266 | k++; |
270 | 267 | ||
271 | if (s) | 268 | if (s) |
272 | rightShift_(mr_r,s); | 269 | rightShift_(mr_r,s); |
273 | 270 | ||
274 | powMod_(mr_a,mr_r,x); | 271 | powMod_(mr_a,mr_r,x); |
275 | 272 | ||
276 | if (!equalsInt(mr_a,1) && !equals(mr_a,mr_x1)) { | 273 | if (!equalsInt(mr_a,1) && !equals(mr_a,mr_x1)) { |
277 | j=1; | 274 | j=1; |
278 | while (j<=s-1 && !equals(mr_a,mr_x1)) { | 275 | while (j<=s-1 && !equals(mr_a,mr_x1)) { |
279 | squareMod_(mr_a,x); | 276 | squareMod_(mr_a,x); |
280 | if (equalsInt(mr_a,1)) { | 277 | if (equalsInt(mr_a,1)) { |
281 | return 0; | 278 | return 0; |
282 | } | 279 | } |
283 | j++; | 280 | j++; |
284 | } | 281 | } |
285 | if (!equals(mr_a,mr_x1)) { | 282 | if (!equals(mr_a,mr_x1)) { |
286 | return 0; | 283 | return 0; |
287 | } | 284 | } |
288 | } | 285 | } |
289 | return 1; | 286 | return 1; |
290 | } | 287 | } |
291 | 288 | ||
292 | //returns how many bits long the bigInt is, not counting leading zeros. | 289 | //returns how many bits long the bigInt is, not counting leading zeros. |
293 | function bitSize(x) { | 290 | function bitSize(x) { |
294 | var j,z,w; | 291 | var j,z,w; |
295 | for (j=x.length-1; (x[j]==0) && (j>0); j--); | 292 | for (j=x.length-1; (x[j]==0) && (j>0); j--); |
296 | for (z=0,w=x[j]; w; (w>>=1),z++); | 293 | for (z=0,w=x[j]; w; (w>>=1),z++); |
297 | z+=bpe*j; | 294 | z+=bpe*j; |
298 | return z; | 295 | return z; |
299 | } | 296 | } |
300 | 297 | ||
301 | //return a copy of x with at least n elements, adding leading zeros if needed | 298 | //return a copy of x with at least n elements, adding leading zeros if needed |
302 | function expand(x,n) { | 299 | function expand(x,n) { |
303 | var ans=int2bigInt(0,(x.length>n ? x.length : n)*bpe,0); | 300 | var ans=int2bigInt(0,(x.length>n ? x.length : n)*bpe,0); |
304 | copy_(ans,x); | 301 | copy_(ans,x); |
305 | return ans; | 302 | return ans; |
306 | } | 303 | } |
307 | 304 | ||
308 | //return a k-bit true random prime using Maurer's algorithm. | 305 | //return a k-bit true random prime using Maurer's algorithm. |
309 | function randTruePrime(k) { | 306 | function randTruePrime(k) { |
310 | var ans=int2bigInt(0,k,0); | 307 | var ans=int2bigInt(0,k,0); |
311 | randTruePrime_(ans,k); | 308 | randTruePrime_(ans,k); |
312 | return trim(ans,1); | 309 | return trim(ans,1); |
313 | } | 310 | } |
314 | 311 | ||
315 | //return a new bigInt equal to (x mod n) for bigInts x and n. | 312 | //return a new bigInt equal to (x mod n) for bigInts x and n. |
316 | function mod(x,n) { | 313 | function mod(x,n) { |
317 | var ans=dup(x); | 314 | var ans=dup(x); |
318 | mod_(ans,n); | 315 | mod_(ans,n); |
319 | return trim(ans,1); | 316 | return trim(ans,1); |
320 | } | 317 | } |
321 | 318 | ||
322 | //return (x+n) where x is a bigInt and n is an integer. | 319 | //return (x+n) where x is a bigInt and n is an integer. |
323 | function addInt(x,n) { | 320 | function addInt(x,n) { |
324 | var ans=expand(x,x.length+1); | 321 | var ans=expand(x,x.length+1); |
325 | addInt_(ans,n); | 322 | addInt_(ans,n); |
326 | return trim(ans,1); | 323 | return trim(ans,1); |
327 | } | 324 | } |
328 | 325 | ||
329 | //return x*y for bigInts x and y. This is faster when y<x. | 326 | //return x*y for bigInts x and y. This is faster when y<x. |
330 | function mult(x,y) { | 327 | function mult(x,y) { |
331 | var ans=expand(x,x.length+y.length); | 328 | var ans=expand(x,x.length+y.length); |
332 | mult_(ans,y); | 329 | mult_(ans,y); |
333 | return trim(ans,1); | 330 | return trim(ans,1); |
334 | } | 331 | } |
335 | 332 | ||
336 | //return (x**y mod n) where x,y,n are bigInts and ** is exponentiation. 0**0=1. Faster for odd n. | 333 | //return (x**y mod n) where x,y,n are bigInts and ** is exponentiation. 0**0=1. Faster for odd n. |
337 | function powMod(x,y,n) { | 334 | function powMod(x,y,n) { |
338 | var ans=expand(x,n.length); | 335 | var ans=expand(x,n.length); |
339 | powMod_(ans,trim(y,2),trim(n,2),0); //this should work without the trim, but doesn't | 336 | powMod_(ans,trim(y,2),trim(n,2),0); //this should work without the trim, but doesn't |
340 | return trim(ans,1); | 337 | return trim(ans,1); |
341 | } | 338 | } |
342 | 339 | ||
343 | //return (x-y) for bigInts x and y. Negative answers will be 2s complement | 340 | //return (x-y) for bigInts x and y. Negative answers will be 2s complement |
344 | function sub(x,y) { | 341 | function sub(x,y) { |
345 | var ans=expand(x,(x.length>y.length ? x.length+1 : y.length+1)); | 342 | var ans=expand(x,(x.length>y.length ? x.length+1 : y.length+1)); |
346 | sub_(ans,y); | 343 | sub_(ans,y); |
347 | return trim(ans,1); | 344 | return trim(ans,1); |
348 | } | 345 | } |
349 | 346 | ||
350 | //return (x+y) for bigInts x and y. | 347 | //return (x+y) for bigInts x and y. |
351 | function add(x,y) { | 348 | function add(x,y) { |
352 | var ans=expand(x,(x.length>y.length ? x.length+1 : y.length+1)); | 349 | var ans=expand(x,(x.length>y.length ? x.length+1 : y.length+1)); |
353 | add_(ans,y); | 350 | add_(ans,y); |
354 | return trim(ans,1); | 351 | return trim(ans,1); |
355 | } | 352 | } |
356 | 353 | ||
357 | //return (x**(-1) mod n) for bigInts x and n. If no inverse exists, it returns null | 354 | //return (x**(-1) mod n) for bigInts x and n. If no inverse exists, it returns null |
358 | function inverseMod(x,n) { | 355 | function inverseMod(x,n) { |
359 | var ans=expand(x,n.length); | 356 | var ans=expand(x,n.length); |
360 | var s; | 357 | var s; |
361 | s=inverseMod_(ans,n); | 358 | s=inverseMod_(ans,n); |
362 | return s ? trim(ans,1) : null; | 359 | return s ? trim(ans,1) : null; |
363 | } | 360 | } |
364 | 361 | ||
365 | //return (x*y mod n) for bigInts x,y,n. For greater speed, let y<x. | 362 | //return (x*y mod n) for bigInts x,y,n. For greater speed, let y<x. |
366 | function multMod(x,y,n) { | 363 | function multMod(x,y,n) { |
367 | var ans=expand(x,n.length); | 364 | var ans=expand(x,n.length); |
368 | multMod_(ans,y,n); | 365 | multMod_(ans,y,n); |
369 | return trim(ans,1); | 366 | return trim(ans,1); |
370 | } | 367 | } |
371 | 368 | ||
372 | //generate a k-bit true random prime using Maurer's algorithm, | 369 | //generate a k-bit true random prime using Maurer's algorithm, |
373 | //and put it into ans. The bigInt ans must be large enough to hold it. | 370 | //and put it into ans. The bigInt ans must be large enough to hold it. |
374 | function randTruePrime_(ans,k) { | 371 | function randTruePrime_(ans,k) { |
375 | var c,m,pm,dd,j,r,B,divisible,z,zz,recSize; | 372 | var c,m,pm,dd,j,r,B,divisible,z,zz,recSize; |
376 | 373 | ||
377 | if (primes.length==0) | 374 | if (primes.length==0) |
378 | primes=findPrimes(30000); //check for divisibility by primes <=30000 | 375 | primes=findPrimes(30000); //check for divisibility by primes <=30000 |
379 | 376 | ||
380 | if (pows.length==0) { | 377 | if (pows.length==0) { |
381 | pows=new Array(512); | 378 | pows=new Array(512); |
382 | for (j=0;j<512;j++) { | 379 | for (j=0;j<512;j++) { |
383 | pows[j]=Math.pow(2,j/511.-1.); | 380 | pows[j]=Math.pow(2,j/511.-1.); |
384 | } | 381 | } |
385 | } | 382 | } |
386 | 383 | ||
387 | //c and m should be tuned for a particular machine and value of k, to maximize speed | 384 | //c and m should be tuned for a particular machine and value of k, to maximize speed |
388 | //this was: c=primes[primes.length-1]/k/k; //check using all the small primes. (c=0.1 in HAC) | 385 | //this was: c=primes[primes.length-1]/k/k; //check using all the small primes. (c=0.1 in HAC) |
389 | c=0.1; | 386 | c=0.1; |
390 | m=20; //generate this k-bit number by first recursively generating a number that has between k/2 and k-m bits | 387 | m=20; //generate this k-bit number by first recursively generating a number that has between k/2 and k-m bits |
391 | recLimit=20; /*must be at least 2 (was 29)*/ //stop recursion when k <=recLimit | 388 | recLimit=20; /*must be at least 2 (was 29)*/ //stop recursion when k <=recLimit |
392 | 389 | ||
393 | if (s_i2.length!=ans.length) { | 390 | if (s_i2.length!=ans.length) { |
394 | s_i2=dup(ans); | 391 | s_i2=dup(ans); |
395 | s_R =dup(ans); | 392 | s_R =dup(ans); |
396 | s_n1=dup(ans); | 393 | s_n1=dup(ans); |
397 | s_r2=dup(ans); | 394 | s_r2=dup(ans); |
398 | s_d =dup(ans); | 395 | s_d =dup(ans); |
399 | s_x1=dup(ans); | 396 | s_x1=dup(ans); |
400 | s_x2=dup(ans); | 397 | s_x2=dup(ans); |
401 | s_b =dup(ans); | 398 | s_b =dup(ans); |
402 | s_n =dup(ans); | 399 | s_n =dup(ans); |
403 | s_i =dup(ans); | 400 | s_i =dup(ans); |
404 | s_rm=dup(ans); | 401 | s_rm=dup(ans); |
405 | s_q =dup(ans); | 402 | s_q =dup(ans); |
406 | s_a =dup(ans); | 403 | s_a =dup(ans); |
407 | s_aa=dup(ans); | 404 | s_aa=dup(ans); |
408 | } | 405 | } |
diff --git a/frontend/beta/js/Clipperz/Crypto/BigInt_scoped.js b/frontend/beta/js/Clipperz/Crypto/BigInt_scoped.js index e91e823..f91c7e9 100644 --- a/frontend/beta/js/Clipperz/Crypto/BigInt_scoped.js +++ b/frontend/beta/js/Clipperz/Crypto/BigInt_scoped.js | |||
@@ -1,408 +1,405 @@ | |||
1 | /* | 1 | /* |
2 | 2 | ||
3 | Copyright 2008-2011 Clipperz Srl | 3 | Copyright 2008-2011 Clipperz Srl |
4 | 4 | ||
5 | This file is part of Clipperz's Javascript Crypto Library. | 5 | This file is part of Clipperz Community Edition. |
6 | Javascript Crypto Library provides web developers with an extensive | 6 | Clipperz Community Edition is an online password manager. |
7 | and efficient set of cryptographic functions. The library aims to | ||
8 | obtain maximum execution speed while preserving modularity and | ||
9 | reusability. | ||
10 | For further information about its features and functionalities please | 7 | For further information about its features and functionalities please |
11 | refer to http://www.clipperz.com | 8 | refer to http://www.clipperz.com. |
12 | 9 | ||
13 | * Javascript Crypto Library is free software: you can redistribute | 10 | * Clipperz Community Edition is free software: you can redistribute |
14 | it and/or modify it under the terms of the GNU Affero General Public | 11 | it and/or modify it under the terms of the GNU Affero General Public |
15 | License as published by the Free Software Foundation, either version | 12 | License as published by the Free Software Foundation, either version |
16 | 3 of the License, or (at your option) any later version. | 13 | 3 of the License, or (at your option) any later version. |
17 | 14 | ||
18 | * Javascript Crypto Library is distributed in the hope that it will | 15 | * Clipperz Community Edition is distributed in the hope that it will |
19 | be useful, but WITHOUT ANY WARRANTY; without even the implied | 16 | be useful, but WITHOUT ANY WARRANTY; without even the implied |
20 | warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | 17 | warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
21 | See the GNU Affero General Public License for more details. | 18 | See the GNU Affero General Public License for more details. |
22 | 19 | ||
23 | * You should have received a copy of the GNU Affero General Public | 20 | * You should have received a copy of the GNU Affero General Public |
24 | License along with Javascript Crypto Library. If not, see | 21 | License along with Clipperz Community Edition. If not, see |
25 | <http://www.gnu.org/licenses/>. | 22 | <http://www.gnu.org/licenses/>. |
26 | 23 | ||
27 | */ | 24 | */ |
28 | 25 | ||
29 | if (typeof(Clipperz) == 'undefined') { Clipperz = {}; } | 26 | if (typeof(Clipperz) == 'undefined') { Clipperz = {}; } |
30 | if (typeof(Clipperz.Crypto) == 'undefined') { Clipperz.Crypto = {}; } | 27 | if (typeof(Clipperz.Crypto) == 'undefined') { Clipperz.Crypto = {}; } |
31 | 28 | ||
32 | if (typeof(Leemon) == 'undefined') { Leemon = {}; } | 29 | if (typeof(Leemon) == 'undefined') { Leemon = {}; } |
33 | if (typeof(Baird.Crypto) == 'undefined') { Baird.Crypto = {}; } | 30 | if (typeof(Baird.Crypto) == 'undefined') { Baird.Crypto = {}; } |
34 | if (typeof(Baird.Crypto.BigInt) == 'undefined') { Baird.Crypto.BigInt = {}; } | 31 | if (typeof(Baird.Crypto.BigInt) == 'undefined') { Baird.Crypto.BigInt = {}; } |
35 | 32 | ||
36 | 33 | ||
37 | //############################################################################# | 34 | //############################################################################# |
38 | //Downloaded on March 05, 2007 from http://www.leemon.com/crypto/BigInt.js | 35 | //Downloaded on March 05, 2007 from http://www.leemon.com/crypto/BigInt.js |
39 | //############################################################################# | 36 | //############################################################################# |
40 | 37 | ||
41 | //////////////////////////////////////////////////////////////////////////////////////// | 38 | //////////////////////////////////////////////////////////////////////////////////////// |
42 | // Big Integer Library v. 5.0 | 39 | // Big Integer Library v. 5.0 |
43 | // Created 2000, last modified 2006 | 40 | // Created 2000, last modified 2006 |
44 | // Leemon Baird | 41 | // Leemon Baird |
45 | // www.leemon.com | 42 | // www.leemon.com |
46 | // | 43 | // |
47 | // This file is public domain. You can use it for any purpose without restriction. | 44 | // This file is public domain. You can use it for any purpose without restriction. |
48 | // I do not guarantee that it is correct, so use it at your own risk. If you use | 45 | // I do not guarantee that it is correct, so use it at your own risk. If you use |
49 | // it for something interesting, I'd appreciate hearing about it. If you find | 46 | // it for something interesting, I'd appreciate hearing about it. If you find |
50 | // any bugs or make any improvements, I'd appreciate hearing about those too. | 47 | // any bugs or make any improvements, I'd appreciate hearing about those too. |
51 | // It would also be nice if my name and address were left in the comments. | 48 | // It would also be nice if my name and address were left in the comments. |
52 | // But none of that is required. | 49 | // But none of that is required. |
53 | // | 50 | // |
54 | // This code defines a bigInt library for arbitrary-precision integers. | 51 | // This code defines a bigInt library for arbitrary-precision integers. |
55 | // A bigInt is an array of integers storing the value in chunks of bpe bits, | 52 | // A bigInt is an array of integers storing the value in chunks of bpe bits, |
56 | // little endian (buff[0] is the least significant word). | 53 | // little endian (buff[0] is the least significant word). |
57 | // Negative bigInts are stored two's complement. | 54 | // Negative bigInts are stored two's complement. |
58 | // Some functions assume their parameters have at least one leading zero element. | 55 | // Some functions assume their parameters have at least one leading zero element. |
59 | // Functions with an underscore at the end of the name have unpredictable behavior in case of overflow, | 56 | // Functions with an underscore at the end of the name have unpredictable behavior in case of overflow, |
60 | // so the caller must make sure overflow won't happen. | 57 | // so the caller must make sure overflow won't happen. |
61 | // For each function where a parameter is modified, that same | 58 | // For each function where a parameter is modified, that same |
62 | // variable must not be used as another argument too. | 59 | // variable must not be used as another argument too. |
63 | // So, you cannot square x by doing multMod_(x,x,n). | 60 | // So, you cannot square x by doing multMod_(x,x,n). |
64 | // You must use squareMod_(x,n) instead, or do y=dup(x); multMod_(x,y,n). | 61 | // You must use squareMod_(x,n) instead, or do y=dup(x); multMod_(x,y,n). |
65 | // | 62 | // |
66 | // These functions are designed to avoid frequent dynamic memory allocation in the inner loop. | 63 | // These functions are designed to avoid frequent dynamic memory allocation in the inner loop. |
67 | // For most functions, if it needs a BigInt as a local variable it will actually use | 64 | // For most functions, if it needs a BigInt as a local variable it will actually use |
68 | // a global, and will only allocate to it when it's not the right size. This ensures | 65 | // a global, and will only allocate to it when it's not the right size. This ensures |
69 | // that when a function is called repeatedly with same-sized parameters, it only allocates | 66 | // that when a function is called repeatedly with same-sized parameters, it only allocates |
70 | // memory on the first call. | 67 | // memory on the first call. |
71 | // | 68 | // |
72 | // Note that for cryptographic purposes, the calls to Math.random() must | 69 | // Note that for cryptographic purposes, the calls to Math.random() must |
73 | // be replaced with calls to a better pseudorandom number generator. | 70 | // be replaced with calls to a better pseudorandom number generator. |
74 | // | 71 | // |
75 | // In the following, "bigInt" means a bigInt with at least one leading zero element, | 72 | // In the following, "bigInt" means a bigInt with at least one leading zero element, |
76 | // and "integer" means a nonnegative integer less than radix. In some cases, integer | 73 | // and "integer" means a nonnegative integer less than radix. In some cases, integer |
77 | // can be negative. Negative bigInts are 2s complement. | 74 | // can be negative. Negative bigInts are 2s complement. |
78 | // | 75 | // |
79 | // The following functions do not modify their inputs, but dynamically allocate memory every time they are called: | 76 | // The following functions do not modify their inputs, but dynamically allocate memory every time they are called: |
80 | // | 77 | // |
81 | // function bigInt2str(x,base) //convert a bigInt into a string in a given base, from base 2 up to base 95 | 78 | // function bigInt2str(x,base) //convert a bigInt into a string in a given base, from base 2 up to base 95 |
82 | // function dup(x) //returns a copy of bigInt x | 79 | // function dup(x) //returns a copy of bigInt x |
83 | // function findPrimes(n) //return array of all primes less than integer n | 80 | // function findPrimes(n) //return array of all primes less than integer n |
84 | // function int2bigInt(t,n,m) //convert integer t to a bigInt with at least n bits and m array elements | 81 | // function int2bigInt(t,n,m) //convert integer t to a bigInt with at least n bits and m array elements |
85 | // function str2bigInt(s,b,n,m) //convert string s in base b to a bigInt with at least n bits and m array elements | 82 | // function str2bigInt(s,b,n,m) //convert string s in base b to a bigInt with at least n bits and m array elements |
86 | // function trim(x,k) //return a copy of x with exactly k leading zero elements | 83 | // function trim(x,k) //return a copy of x with exactly k leading zero elements |
87 | // | 84 | // |
88 | // The following functions do not modify their inputs, so there is never a problem with the result being too big: | 85 | // The following functions do not modify their inputs, so there is never a problem with the result being too big: |
89 | // | 86 | // |
90 | // function bitSize(x) //returns how many bits long the bigInt x is, not counting leading zeros | 87 | // function bitSize(x) //returns how many bits long the bigInt x is, not counting leading zeros |
91 | // function equals(x,y) //is the bigInt x equal to the bigint y? | 88 | // function equals(x,y) //is the bigInt x equal to the bigint y? |
92 | // function equalsInt(x,y) //is bigint x equal to integer y? | 89 | // function equalsInt(x,y) //is bigint x equal to integer y? |
93 | // function greater(x,y) //is x>y? (x and y are nonnegative bigInts) | 90 | // function greater(x,y) //is x>y? (x and y are nonnegative bigInts) |
94 | // function greaterShift(x,y,shift)//is (x <<(shift*bpe)) > y? | 91 | // function greaterShift(x,y,shift)//is (x <<(shift*bpe)) > y? |
95 | // function isZero(x) //is the bigInt x equal to zero? | 92 | // function isZero(x) //is the bigInt x equal to zero? |
96 | // function millerRabin(x,b) //does one round of Miller-Rabin base integer b say that bigInt x is possibly prime (as opposed to definitely composite)? | 93 | // function millerRabin(x,b) //does one round of Miller-Rabin base integer b say that bigInt x is possibly prime (as opposed to definitely composite)? |
97 | // function modInt(x,n) //return x mod n for bigInt x and integer n. | 94 | // function modInt(x,n) //return x mod n for bigInt x and integer n. |
98 | // function negative(x) //is bigInt x negative? | 95 | // function negative(x) //is bigInt x negative? |
99 | // | 96 | // |
100 | // The following functions do not modify their inputs, but allocate memory and call functions with underscores | 97 | // The following functions do not modify their inputs, but allocate memory and call functions with underscores |
101 | // | 98 | // |
102 | // function add(x,y) //return (x+y) for bigInts x and y. | 99 | // function add(x,y) //return (x+y) for bigInts x and y. |
103 | // function addInt(x,n) //return (x+n) where x is a bigInt and n is an integer. | 100 | // function addInt(x,n) //return (x+n) where x is a bigInt and n is an integer. |
104 | // function expand(x,n) //return a copy of x with at least n elements, adding leading zeros if needed | 101 | // function expand(x,n) //return a copy of x with at least n elements, adding leading zeros if needed |
105 | // function inverseMod(x,n) //return (x**(-1) mod n) for bigInts x and n. If no inverse exists, it returns null | 102 | // function inverseMod(x,n) //return (x**(-1) mod n) for bigInts x and n. If no inverse exists, it returns null |
106 | // function mod(x,n) //return a new bigInt equal to (x mod n) for bigInts x and n. | 103 | // function mod(x,n) //return a new bigInt equal to (x mod n) for bigInts x and n. |
107 | // function mult(x,y) //return x*y for bigInts x and y. This is faster when y<x. | 104 | // function mult(x,y) //return x*y for bigInts x and y. This is faster when y<x. |
108 | // function multMod(x,y,n) //return (x*y mod n) for bigInts x,y,n. For greater speed, let y<x. | 105 | // function multMod(x,y,n) //return (x*y mod n) for bigInts x,y,n. For greater speed, let y<x. |
109 | // function powMod(x,y,n) //return (x**y mod n) where x,y,n are bigInts and ** is exponentiation. 0**0=1. Faster for odd n. | 106 | // function powMod(x,y,n) //return (x**y mod n) where x,y,n are bigInts and ** is exponentiation. 0**0=1. Faster for odd n. |
110 | // function randTruePrime(k) //return a new, random, k-bit, true prime using Maurer's algorithm. | 107 | // function randTruePrime(k) //return a new, random, k-bit, true prime using Maurer's algorithm. |
111 | // function sub(x,y) //return (x-y) for bigInts x and y. Negative answers will be 2s complement | 108 | // function sub(x,y) //return (x-y) for bigInts x and y. Negative answers will be 2s complement |
112 | // | 109 | // |
113 | // The following functions write a bigInt result to one of the parameters, but | 110 | // The following functions write a bigInt result to one of the parameters, but |
114 | // the result is never bigger than the original, so there can't be overflow problems: | 111 | // the result is never bigger than the original, so there can't be overflow problems: |
115 | // | 112 | // |
116 | // function divInt_(x,n) //do x=floor(x/n) for bigInt x and integer n, and return the remainder | 113 | // function divInt_(x,n) //do x=floor(x/n) for bigInt x and integer n, and return the remainder |
117 | // function GCD_(x,y) //set x to the greatest common divisor of bigInts x and y, (y is destroyed). | 114 | // function GCD_(x,y) //set x to the greatest common divisor of bigInts x and y, (y is destroyed). |
118 | // function halve_(x) //do x=floor(|x|/2)*sgn(x) for bigInt x in 2's complement | 115 | // function halve_(x) //do x=floor(|x|/2)*sgn(x) for bigInt x in 2's complement |
119 | // function mod_(x,n) //do x=x mod n for bigInts x and n. | 116 | // function mod_(x,n) //do x=x mod n for bigInts x and n. |
120 | // function rightShift_(x,n) //right shift bigInt x by n bits. 0 <= n < bpe. | 117 | // function rightShift_(x,n) //right shift bigInt x by n bits. 0 <= n < bpe. |
121 | // | 118 | // |
122 | // The following functions write a bigInt result to one of the parameters. The caller is responsible for | 119 | // The following functions write a bigInt result to one of the parameters. The caller is responsible for |
123 | // ensuring it is large enough to hold the result. | 120 | // ensuring it is large enough to hold the result. |
124 | // | 121 | // |
125 | // function addInt_(x,n) //do x=x+n where x is a bigInt and n is an integer | 122 | // function addInt_(x,n) //do x=x+n where x is a bigInt and n is an integer |
126 | // function add_(x,y) //do x=x+y for bigInts x and y | 123 | // function add_(x,y) //do x=x+y for bigInts x and y |
127 | // function addShift_(x,y,ys) //do x=x+(y<<(ys*bpe)) | 124 | // function addShift_(x,y,ys) //do x=x+(y<<(ys*bpe)) |
128 | // function copy_(x,y) //do x=y on bigInts x and y | 125 | // function copy_(x,y) //do x=y on bigInts x and y |
129 | // function copyInt_(x,n) //do x=n on bigInt x and integer n | 126 | // function copyInt_(x,n) //do x=n on bigInt x and integer n |
130 | // function carry_(x) //do carries and borrows so each element of the bigInt x fits in bpe bits. | 127 | // function carry_(x) //do carries and borrows so each element of the bigInt x fits in bpe bits. |
131 | // function divide_(x,y,q,r) //divide_ x by y giving quotient q and remainder r | 128 | // function divide_(x,y,q,r) //divide_ x by y giving quotient q and remainder r |
132 | // function eGCD_(x,y,d,a,b) //sets a,b,d to positive big integers such that d = GCD_(x,y) = a*x-b*y | 129 | // function eGCD_(x,y,d,a,b) //sets a,b,d to positive big integers such that d = GCD_(x,y) = a*x-b*y |
133 | // function inverseMod_(x,n) //do x=x**(-1) mod n, for bigInts x and n. Returns 1 (0) if inverse does (doesn't) exist | 130 | // function inverseMod_(x,n) //do x=x**(-1) mod n, for bigInts x and n. Returns 1 (0) if inverse does (doesn't) exist |
134 | // function inverseModInt_(x,n) //return x**(-1) mod n, for integers x and n. Return 0 if there is no inverse | 131 | // function inverseModInt_(x,n) //return x**(-1) mod n, for integers x and n. Return 0 if there is no inverse |
135 | // function leftShift_(x,n) //left shift bigInt x by n bits. n<bpe. | 132 | // function leftShift_(x,n) //left shift bigInt x by n bits. n<bpe. |
136 | // function linComb_(x,y,a,b) //do x=a*x+b*y for bigInts x and y and integers a and b | 133 | // function linComb_(x,y,a,b) //do x=a*x+b*y for bigInts x and y and integers a and b |
137 | // function linCombShift_(x,y,b,ys) //do x=x+b*(y<<(ys*bpe)) for bigInts x and y, and integers b and ys | 134 | // function linCombShift_(x,y,b,ys) //do x=x+b*(y<<(ys*bpe)) for bigInts x and y, and integers b and ys |
138 | // function mont_(x,y,n,np) //Montgomery multiplication (see comments where the function is defined) | 135 | // function mont_(x,y,n,np) //Montgomery multiplication (see comments where the function is defined) |
139 | // function mult_(x,y) //do x=x*y for bigInts x and y. | 136 | // function mult_(x,y) //do x=x*y for bigInts x and y. |
140 | // function multInt_(x,n) //do x=x*n where x is a bigInt and n is an integer. | 137 | // function multInt_(x,n) //do x=x*n where x is a bigInt and n is an integer. |
141 | // function multMod_(x,y,n) //do x=x*y mod n for bigInts x,y,n. | 138 | // function multMod_(x,y,n) //do x=x*y mod n for bigInts x,y,n. |
142 | // function powMod_(x,y,n) //do x=x**y mod n, where x,y,n are bigInts (n is odd) and ** is exponentiation. 0**0=1. | 139 | // function powMod_(x,y,n) //do x=x**y mod n, where x,y,n are bigInts (n is odd) and ** is exponentiation. 0**0=1. |
143 | // function randBigInt_(b,n,s) //do b = an n-bit random BigInt. if s=1, then nth bit (most significant bit) is set to 1. n>=1. | 140 | // function randBigInt_(b,n,s) //do b = an n-bit random BigInt. if s=1, then nth bit (most significant bit) is set to 1. n>=1. |
144 | // function randTruePrime_(ans,k) //do ans = a random k-bit true random prime (not just probable prime) with 1 in the msb. | 141 | // function randTruePrime_(ans,k) //do ans = a random k-bit true random prime (not just probable prime) with 1 in the msb. |
145 | // function squareMod_(x,n) //do x=x*x mod n for bigInts x,n | 142 | // function squareMod_(x,n) //do x=x*x mod n for bigInts x,n |
146 | // function sub_(x,y) //do x=x-y for bigInts x and y. Negative answers will be 2s complement. | 143 | // function sub_(x,y) //do x=x-y for bigInts x and y. Negative answers will be 2s complement. |
147 | // function subShift_(x,y,ys) //do x=x-(y<<(ys*bpe)). Negative answers will be 2s complement. | 144 | // function subShift_(x,y,ys) //do x=x-(y<<(ys*bpe)). Negative answers will be 2s complement. |
148 | // | 145 | // |
149 | // The following functions are based on algorithms from the _Handbook of Applied Cryptography_ | 146 | // The following functions are based on algorithms from the _Handbook of Applied Cryptography_ |
150 | // powMod_() = algorithm 14.94, Montgomery exponentiation | 147 | // powMod_() = algorithm 14.94, Montgomery exponentiation |
151 | // eGCD_,inverseMod_() = algorithm 14.61, Binary extended GCD_ | 148 | // eGCD_,inverseMod_() = algorithm 14.61, Binary extended GCD_ |
152 | // GCD_() = algorothm 14.57, Lehmer's algorithm | 149 | // GCD_() = algorothm 14.57, Lehmer's algorithm |
153 | // mont_() = algorithm 14.36, Montgomery multiplication | 150 | // mont_() = algorithm 14.36, Montgomery multiplication |
154 | // divide_() = algorithm 14.20 Multiple-precision division | 151 | // divide_() = algorithm 14.20 Multiple-precision division |
155 | // squareMod_() = algorithm 14.16 Multiple-precision squaring | 152 | // squareMod_() = algorithm 14.16 Multiple-precision squaring |
156 | // randTruePrime_() = algorithm 4.62, Maurer's algorithm | 153 | // randTruePrime_() = algorithm 4.62, Maurer's algorithm |
157 | // millerRabin() = algorithm 4.24, Miller-Rabin algorithm | 154 | // millerRabin() = algorithm 4.24, Miller-Rabin algorithm |
158 | // | 155 | // |
159 | // Profiling shows: | 156 | // Profiling shows: |
160 | // randTruePrime_() spends: | 157 | // randTruePrime_() spends: |
161 | // 10% of its time in calls to powMod_() | 158 | // 10% of its time in calls to powMod_() |
162 | // 85% of its time in calls to millerRabin() | 159 | // 85% of its time in calls to millerRabin() |
163 | // millerRabin() spends: | 160 | // millerRabin() spends: |
164 | // 99% of its time in calls to powMod_() (always with a base of 2) | 161 | // 99% of its time in calls to powMod_() (always with a base of 2) |
165 | // powMod_() spends: | 162 | // powMod_() spends: |
166 | // 94% of its time in calls to mont_() (almost always with x==y) | 163 | // 94% of its time in calls to mont_() (almost always with x==y) |
167 | // | 164 | // |
168 | // This suggests there are several ways to speed up this library slightly: | 165 | // This suggests there are several ways to speed up this library slightly: |
169 | // - convert powMod_ to use a Montgomery form of k-ary window (or maybe a Montgomery form of sliding window) | 166 | // - convert powMod_ to use a Montgomery form of k-ary window (or maybe a Montgomery form of sliding window) |
170 | // -- this should especially focus on being fast when raising 2 to a power mod n | 167 | // -- this should especially focus on being fast when raising 2 to a power mod n |
171 | // - convert randTruePrime_() to use a minimum r of 1/3 instead of 1/2 with the appropriate change to the test | 168 | // - convert randTruePrime_() to use a minimum r of 1/3 instead of 1/2 with the appropriate change to the test |
172 | // - tune the parameters in randTruePrime_(), including c, m, and recLimit | 169 | // - tune the parameters in randTruePrime_(), including c, m, and recLimit |
173 | // - speed up the single loop in mont_() that takes 95% of the runtime, perhaps by reducing checking | 170 | // - speed up the single loop in mont_() that takes 95% of the runtime, perhaps by reducing checking |
174 | // within the loop when all the parameters are the same length. | 171 | // within the loop when all the parameters are the same length. |
175 | // | 172 | // |
176 | // There are several ideas that look like they wouldn't help much at all: | 173 | // There are several ideas that look like they wouldn't help much at all: |
177 | // - replacing trial division in randTruePrime_() with a sieve (that speeds up something taking almost no time anyway) | 174 | // - replacing trial division in randTruePrime_() with a sieve (that speeds up something taking almost no time anyway) |
178 | // - increase bpe from 15 to 30 (that would help if we had a 32*32->64 multiplier, but not with JavaScript's 32*32->32) | 175 | // - increase bpe from 15 to 30 (that would help if we had a 32*32->64 multiplier, but not with JavaScript's 32*32->32) |
179 | // - speeding up mont_(x,y,n,np) when x==y by doing a non-modular, non-Montgomery square | 176 | // - speeding up mont_(x,y,n,np) when x==y by doing a non-modular, non-Montgomery square |
180 | // followed by a Montgomery reduction. The intermediate answer will be twice as long as x, so that | 177 | // followed by a Montgomery reduction. The intermediate answer will be twice as long as x, so that |
181 | // method would be slower. This is unfortunate because the code currently spends almost all of its time | 178 | // method would be slower. This is unfortunate because the code currently spends almost all of its time |
182 | // doing mont_(x,x,...), both for randTruePrime_() and powMod_(). A faster method for Montgomery squaring | 179 | // doing mont_(x,x,...), both for randTruePrime_() and powMod_(). A faster method for Montgomery squaring |
183 | // would have a large impact on the speed of randTruePrime_() and powMod_(). HAC has a couple of poorly-worded | 180 | // would have a large impact on the speed of randTruePrime_() and powMod_(). HAC has a couple of poorly-worded |
184 | // sentences that seem to imply it's faster to do a non-modular square followed by a single | 181 | // sentences that seem to imply it's faster to do a non-modular square followed by a single |
185 | // Montgomery reduction, but that's obviously wrong. | 182 | // Montgomery reduction, but that's obviously wrong. |
186 | //////////////////////////////////////////////////////////////////////////////////////// | 183 | //////////////////////////////////////////////////////////////////////////////////////// |
187 | 184 | ||
188 | // | 185 | // |
189 | //The whole library has been moved into the Baird.Crypto.BigInt scope by Giulio Cesare Solaroli <giulio.cesare@clipperz.com> | 186 | //The whole library has been moved into the Baird.Crypto.BigInt scope by Giulio Cesare Solaroli <giulio.cesare@clipperz.com> |
190 | // | 187 | // |
191 | Baird.Crypto.BigInt.VERSION = "5.0"; | 188 | Baird.Crypto.BigInt.VERSION = "5.0"; |
192 | Baird.Crypto.BigInt.NAME = "Baird.Crypto.BigInt"; | 189 | Baird.Crypto.BigInt.NAME = "Baird.Crypto.BigInt"; |
193 | 190 | ||
194 | MochiKit.Base.update(Baird.Crypto.BigInt, { | 191 | MochiKit.Base.update(Baird.Crypto.BigInt, { |
195 | //globals | 192 | //globals |
196 | 'bpe': 0, //bits stored per array element | 193 | 'bpe': 0, //bits stored per array element |
197 | 'mask': 0, //AND this with an array element to chop it down to bpe bits | 194 | 'mask': 0, //AND this with an array element to chop it down to bpe bits |
198 | 'radix': Baird.Crypto.BigInt.mask + 1,//equals 2^bpe. A single 1 bit to the left of the last bit of mask. | 195 | 'radix': Baird.Crypto.BigInt.mask + 1,//equals 2^bpe. A single 1 bit to the left of the last bit of mask. |
199 | 196 | ||
200 | //the digits for converting to different bases | 197 | //the digits for converting to different bases |
201 | 'digitsStr': '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_=!@#$%^&*()[]{}|;:,.<>/?`~ \\\'\"+-', | 198 | 'digitsStr': '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_=!@#$%^&*()[]{}|;:,.<>/?`~ \\\'\"+-', |
202 | 199 | ||
203 | //initialize the global variables | 200 | //initialize the global variables |
204 | for (bpe=0; (1<<(bpe+1)) > (1<<bpe); bpe++); //bpe=number of bits in the mantissa on this platform | 201 | for (bpe=0; (1<<(bpe+1)) > (1<<bpe); bpe++); //bpe=number of bits in the mantissa on this platform |
205 | bpe>>=1; //bpe=number of bits in one element of the array representing the bigInt | 202 | bpe>>=1; //bpe=number of bits in one element of the array representing the bigInt |
206 | mask=(1<<bpe)-1; //AND the mask with an integer to get its bpe least significant bits | 203 | mask=(1<<bpe)-1; //AND the mask with an integer to get its bpe least significant bits |
207 | radix=mask+1; //2^bpe. a single 1 bit to the left of the first bit of mask | 204 | radix=mask+1; //2^bpe. a single 1 bit to the left of the first bit of mask |
208 | one=int2bigInt(1,1,1); //constant used in powMod_() | 205 | one=int2bigInt(1,1,1); //constant used in powMod_() |
209 | 206 | ||
210 | //the following global variables are scratchpad memory to | 207 | //the following global variables are scratchpad memory to |
211 | //reduce dynamic memory allocation in the inner loop | 208 | //reduce dynamic memory allocation in the inner loop |
212 | t=new Array(0); | 209 | t=new Array(0); |
213 | ss=t; //used in mult_() | 210 | ss=t; //used in mult_() |
214 | s0=t; //used in multMod_(), squareMod_() | 211 | s0=t; //used in multMod_(), squareMod_() |
215 | s1=t; //used in powMod_(), multMod_(), squareMod_() | 212 | s1=t; //used in powMod_(), multMod_(), squareMod_() |
216 | s2=t; //used in powMod_(), multMod_() | 213 | s2=t; //used in powMod_(), multMod_() |
217 | s3=t; //used in powMod_() | 214 | s3=t; //used in powMod_() |
218 | s4=t; s5=t; //used in mod_() | 215 | s4=t; s5=t; //used in mod_() |
219 | s6=t; //used in bigInt2str() | 216 | s6=t; //used in bigInt2str() |
220 | s7=t; //used in powMod_() | 217 | s7=t; //used in powMod_() |
221 | T=t; //used in GCD_() | 218 | T=t; //used in GCD_() |
222 | sa=t; //used in mont_() | 219 | sa=t; //used in mont_() |
223 | mr_x1=t; mr_r=t; mr_a=t; //used in millerRabin() | 220 | mr_x1=t; mr_r=t; mr_a=t; //used in millerRabin() |
224 | eg_v=t; eg_u=t; eg_A=t; eg_B=t; eg_C=t; eg_D=t; //used in eGCD_(), inverseMod_() | 221 | eg_v=t; eg_u=t; eg_A=t; eg_B=t; eg_C=t; eg_D=t; //used in eGCD_(), inverseMod_() |
225 | md_q1=t; md_q2=t; md_q3=t; md_r=t; md_r1=t; md_r2=t; md_tt=t; //used in mod_() | 222 | md_q1=t; md_q2=t; md_q3=t; md_r=t; md_r1=t; md_r2=t; md_tt=t; //used in mod_() |
226 | 223 | ||
227 | primes=t; pows=t; s_i=t; s_i2=t; s_R=t; s_rm=t; s_q=t; s_n1=t; | 224 | primes=t; pows=t; s_i=t; s_i2=t; s_R=t; s_rm=t; s_q=t; s_n1=t; |
228 | s_a=t; s_r2=t; s_n=t; s_b=t; s_d=t; s_x1=t; s_x2=t, s_aa=t; //used in randTruePrime_() | 225 | s_a=t; s_r2=t; s_n=t; s_b=t; s_d=t; s_x1=t; s_x2=t, s_aa=t; //used in randTruePrime_() |
229 | 226 | ||
230 | //////////////////////////////////////////////////////////////////////////////////////// | 227 | //////////////////////////////////////////////////////////////////////////////////////// |
231 | 228 | ||
232 | //return array of all primes less than integer n | 229 | //return array of all primes less than integer n |
233 | 'findPrimes': function(n) { | 230 | 'findPrimes': function(n) { |
234 | var i,s,p,ans; | 231 | var i,s,p,ans; |
235 | s=new Array(n); | 232 | s=new Array(n); |
236 | for (i=0;i<n;i++) | 233 | for (i=0;i<n;i++) |
237 | s[i]=0; | 234 | s[i]=0; |
238 | s[0]=2; | 235 | s[0]=2; |
239 | p=0; //first p elements of s are primes, the rest are a sieve | 236 | p=0; //first p elements of s are primes, the rest are a sieve |
240 | for(;s[p]<n;) { //s[p] is the pth prime | 237 | for(;s[p]<n;) { //s[p] is the pth prime |
241 | for(i=s[p]*s[p]; i<n; i+=s[p]) //mark multiples of s[p] | 238 | for(i=s[p]*s[p]; i<n; i+=s[p]) //mark multiples of s[p] |
242 | s[i]=1; | 239 | s[i]=1; |
243 | p++; | 240 | p++; |
244 | s[p]=s[p-1]+1; | 241 | s[p]=s[p-1]+1; |
245 | for(; s[p]<n && s[s[p]]; s[p]++); //find next prime (where s[p]==0) | 242 | for(; s[p]<n && s[s[p]]; s[p]++); //find next prime (where s[p]==0) |
246 | } | 243 | } |
247 | ans=new Array(p); | 244 | ans=new Array(p); |
248 | for(i=0;i<p;i++) | 245 | for(i=0;i<p;i++) |
249 | ans[i]=s[i]; | 246 | ans[i]=s[i]; |
250 | return ans; | 247 | return ans; |
251 | }, | 248 | }, |
252 | 249 | ||
253 | //does a single round of Miller-Rabin base b consider x to be a possible prime? | 250 | //does a single round of Miller-Rabin base b consider x to be a possible prime? |
254 | //x is a bigInt, and b is an integer | 251 | //x is a bigInt, and b is an integer |
255 | 'millerRabin': function(x,b) { | 252 | 'millerRabin': function(x,b) { |
256 | var i,j,k,s; | 253 | var i,j,k,s; |
257 | 254 | ||
258 | if (mr_x1.length!=x.length) { | 255 | if (mr_x1.length!=x.length) { |
259 | mr_x1=dup(x); | 256 | mr_x1=dup(x); |
260 | mr_r=dup(x); | 257 | mr_r=dup(x); |
261 | mr_a=dup(x); | 258 | mr_a=dup(x); |
262 | } | 259 | } |
263 | 260 | ||
264 | copyInt_(mr_a,b); | 261 | copyInt_(mr_a,b); |
265 | copy_(mr_r,x); | 262 | copy_(mr_r,x); |
266 | copy_(mr_x1,x); | 263 | copy_(mr_x1,x); |
267 | 264 | ||
268 | addInt_(mr_r,-1); | 265 | addInt_(mr_r,-1); |
269 | addInt_(mr_x1,-1); | 266 | addInt_(mr_x1,-1); |
270 | 267 | ||
271 | //s=the highest power of two that divides mr_r | 268 | //s=the highest power of two that divides mr_r |
272 | k=0; | 269 | k=0; |
273 | for (i=0;i<mr_r.length;i++) | 270 | for (i=0;i<mr_r.length;i++) |
274 | for (j=1;j<mask;j<<=1) | 271 | for (j=1;j<mask;j<<=1) |
275 | if (x[i] & j) { | 272 | if (x[i] & j) { |
276 | s=(k<mr_r.length+bpe ? k : 0); | 273 | s=(k<mr_r.length+bpe ? k : 0); |
277 | i=mr_r.length; | 274 | i=mr_r.length; |
278 | j=mask; | 275 | j=mask; |
279 | } else | 276 | } else |
280 | k++; | 277 | k++; |
281 | 278 | ||
282 | if (s) | 279 | if (s) |
283 | rightShift_(mr_r,s); | 280 | rightShift_(mr_r,s); |
284 | 281 | ||
285 | powMod_(mr_a,mr_r,x); | 282 | powMod_(mr_a,mr_r,x); |
286 | 283 | ||
287 | if (!equalsInt(mr_a,1) && !equals(mr_a,mr_x1)) { | 284 | if (!equalsInt(mr_a,1) && !equals(mr_a,mr_x1)) { |
288 | j=1; | 285 | j=1; |
289 | while (j<=s-1 && !equals(mr_a,mr_x1)) { | 286 | while (j<=s-1 && !equals(mr_a,mr_x1)) { |
290 | squareMod_(mr_a,x); | 287 | squareMod_(mr_a,x); |
291 | if (equalsInt(mr_a,1)) { | 288 | if (equalsInt(mr_a,1)) { |
292 | return 0; | 289 | return 0; |
293 | } | 290 | } |
294 | j++; | 291 | j++; |
295 | } | 292 | } |
296 | if (!equals(mr_a,mr_x1)) { | 293 | if (!equals(mr_a,mr_x1)) { |
297 | return 0; | 294 | return 0; |
298 | } | 295 | } |
299 | } | 296 | } |
300 | 297 | ||
301 | return 1; | 298 | return 1; |
302 | }, | 299 | }, |
303 | 300 | ||
304 | //returns how many bits long the bigInt is, not counting leading zeros. | 301 | //returns how many bits long the bigInt is, not counting leading zeros. |
305 | 'bitSize': function(x) { | 302 | 'bitSize': function(x) { |
306 | var j,z,w; | 303 | var j,z,w; |
307 | for (j=x.length-1; (x[j]==0) && (j>0); j--); | 304 | for (j=x.length-1; (x[j]==0) && (j>0); j--); |
308 | for (z=0,w=x[j]; w; (w>>=1),z++); | 305 | for (z=0,w=x[j]; w; (w>>=1),z++); |
309 | z+=bpe*j; | 306 | z+=bpe*j; |
310 | return z; | 307 | return z; |
311 | }, | 308 | }, |
312 | 309 | ||
313 | //return a copy of x with at least n elements, adding leading zeros if needed | 310 | //return a copy of x with at least n elements, adding leading zeros if needed |
314 | 'expand': function(x,n) { | 311 | 'expand': function(x,n) { |
315 | var ans=int2bigInt(0,(x.length>n ? x.length : n)*bpe,0); | 312 | var ans=int2bigInt(0,(x.length>n ? x.length : n)*bpe,0); |
316 | copy_(ans,x); | 313 | copy_(ans,x); |
317 | return ans; | 314 | return ans; |
318 | }, | 315 | }, |
319 | 316 | ||
320 | //return a k-bit true random prime using Maurer's algorithm. | 317 | //return a k-bit true random prime using Maurer's algorithm. |
321 | 'randTruePrime': function(k) { | 318 | 'randTruePrime': function(k) { |
322 | var ans=int2bigInt(0,k,0); | 319 | var ans=int2bigInt(0,k,0); |
323 | randTruePrime_(ans,k); | 320 | randTruePrime_(ans,k); |
324 | return trim(ans,1); | 321 | return trim(ans,1); |
325 | }, | 322 | }, |
326 | 323 | ||
327 | //return a new bigInt equal to (x mod n) for bigInts x and n. | 324 | //return a new bigInt equal to (x mod n) for bigInts x and n. |
328 | 'mod': function(x,n) { | 325 | 'mod': function(x,n) { |
329 | var ans=dup(x); | 326 | var ans=dup(x); |
330 | mod_(ans,n); | 327 | mod_(ans,n); |
331 | return trim(ans,1); | 328 | return trim(ans,1); |
332 | }, | 329 | }, |
333 | 330 | ||
334 | //return (x+n) where x is a bigInt and n is an integer. | 331 | //return (x+n) where x is a bigInt and n is an integer. |
335 | 'addInt': function(x,n) { | 332 | 'addInt': function(x,n) { |
336 | var ans=expand(x,x.length+1); | 333 | var ans=expand(x,x.length+1); |
337 | addInt_(ans,n); | 334 | addInt_(ans,n); |
338 | return trim(ans,1); | 335 | return trim(ans,1); |
339 | }, | 336 | }, |
340 | 337 | ||
341 | //return x*y for bigInts x and y. This is faster when y<x. | 338 | //return x*y for bigInts x and y. This is faster when y<x. |
342 | 'mult': function(x,y) { | 339 | 'mult': function(x,y) { |
343 | var ans=expand(x,x.length+y.length); | 340 | var ans=expand(x,x.length+y.length); |
344 | mult_(ans,y); | 341 | mult_(ans,y); |
345 | return trim(ans,1); | 342 | return trim(ans,1); |
346 | }, | 343 | }, |
347 | 344 | ||
348 | //return (x**y mod n) where x,y,n are bigInts and ** is exponentiation. 0**0=1. Faster for odd n. | 345 | //return (x**y mod n) where x,y,n are bigInts and ** is exponentiation. 0**0=1. Faster for odd n. |
349 | 'powMod': function(x,y,n) { | 346 | 'powMod': function(x,y,n) { |
350 | var ans=expand(x,n.length); | 347 | var ans=expand(x,n.length); |
351 | powMod_(ans,trim(y,2),trim(n,2),0); //this should work without the trim, but doesn't | 348 | powMod_(ans,trim(y,2),trim(n,2),0); //this should work without the trim, but doesn't |
352 | return trim(ans,1); | 349 | return trim(ans,1); |
353 | }, | 350 | }, |
354 | 351 | ||
355 | //return (x-y) for bigInts x and y. Negative answers will be 2s complement | 352 | //return (x-y) for bigInts x and y. Negative answers will be 2s complement |
356 | 'sub': function(x,y) { | 353 | 'sub': function(x,y) { |
357 | var ans=expand(x,(x.length>y.length ? x.length+1 : y.length+1)); | 354 | var ans=expand(x,(x.length>y.length ? x.length+1 : y.length+1)); |
358 | sub_(ans,y); | 355 | sub_(ans,y); |
359 | return trim(ans,1); | 356 | return trim(ans,1); |
360 | }, | 357 | }, |
361 | 358 | ||
362 | //return (x+y) for bigInts x and y. | 359 | //return (x+y) for bigInts x and y. |
363 | 'add': function(x,y) { | 360 | 'add': function(x,y) { |
364 | var ans=expand(x,(x.length>y.length ? x.length+1 : y.length+1)); | 361 | var ans=expand(x,(x.length>y.length ? x.length+1 : y.length+1)); |
365 | add_(ans,y); | 362 | add_(ans,y); |
366 | return trim(ans,1); | 363 | return trim(ans,1); |
367 | }, | 364 | }, |
368 | 365 | ||
369 | //return (x**(-1) mod n) for bigInts x and n. If no inverse exists, it returns null | 366 | //return (x**(-1) mod n) for bigInts x and n. If no inverse exists, it returns null |
370 | 'inverseMod': function(x,n) { | 367 | 'inverseMod': function(x,n) { |
371 | var ans=expand(x,n.length); | 368 | var ans=expand(x,n.length); |
372 | var s; | 369 | var s; |
373 | s=inverseMod_(ans,n); | 370 | s=inverseMod_(ans,n); |
374 | return s ? trim(ans,1) : null; | 371 | return s ? trim(ans,1) : null; |
375 | }, | 372 | }, |
376 | 373 | ||
377 | //return (x*y mod n) for bigInts x,y,n. For greater speed, let y<x. | 374 | //return (x*y mod n) for bigInts x,y,n. For greater speed, let y<x. |
378 | 'multMod': function(x,y,n) { | 375 | 'multMod': function(x,y,n) { |
379 | var ans=expand(x,n.length); | 376 | var ans=expand(x,n.length); |
380 | multMod_(ans,y,n); | 377 | multMod_(ans,y,n); |
381 | return trim(ans,1); | 378 | return trim(ans,1); |
382 | }, | 379 | }, |
383 | 380 | ||
384 | //generate a k-bit true random prime using Maurer's algorithm, | 381 | //generate a k-bit true random prime using Maurer's algorithm, |
385 | //and put it into ans. The bigInt ans must be large enough to hold it. | 382 | //and put it into ans. The bigInt ans must be large enough to hold it. |
386 | 'randTruePrime_': function(ans,k) { | 383 | 'randTruePrime_': function(ans,k) { |
387 | var c,m,pm,dd,j,r,B,divisible,z,zz,recSize; | 384 | var c,m,pm,dd,j,r,B,divisible,z,zz,recSize; |
388 | 385 | ||
389 | if (primes.length==0) | 386 | if (primes.length==0) |
390 | primes=findPrimes(30000); //check for divisibility by primes <=30000 | 387 | primes=findPrimes(30000); //check for divisibility by primes <=30000 |
391 | 388 | ||
392 | if (pows.length==0) { | 389 | if (pows.length==0) { |
393 | pows=new Array(512); | 390 | pows=new Array(512); |
394 | for (j=0;j<512;j++) { | 391 | for (j=0;j<512;j++) { |
395 | pows[j]=Math.pow(2,j/511.-1.); | 392 | pows[j]=Math.pow(2,j/511.-1.); |
396 | } | 393 | } |
397 | } | 394 | } |
398 | 395 | ||
399 | //c and m should be tuned for a particular machine and value of k, to maximize speed | 396 | //c and m should be tuned for a particular machine and value of k, to maximize speed |
400 | //this was: c=primes[primes.length-1]/k/k; //check using all the small primes. (c=0.1 in HAC) | 397 | //this was: c=primes[primes.length-1]/k/k; //check using all the small primes. (c=0.1 in HAC) |
401 | c=0.1; | 398 | c=0.1; |
402 | m=20; //generate this k-bit number by first recursively generating a number that has between k/2 and k-m bits | 399 | m=20; //generate this k-bit number by first recursively generating a number that has between k/2 and k-m bits |
403 | recLimit=20; /*must be at least 2 (was 29)*/ //stop recursion when k <=recLimit | 400 | recLimit=20; /*must be at least 2 (was 29)*/ //stop recursion when k <=recLimit |
404 | 401 | ||
405 | if (s_i2.length!=ans.length) { | 402 | if (s_i2.length!=ans.length) { |
406 | s_i2=dup(ans); | 403 | s_i2=dup(ans); |
407 | s_R =dup(ans); | 404 | s_R =dup(ans); |
408 | s_n1=dup(ans); | 405 | s_n1=dup(ans); |
diff --git a/frontend/beta/js/Clipperz/Crypto/ECC.js b/frontend/beta/js/Clipperz/Crypto/ECC.js index c3dcec3..bdfd9be 100644 --- a/frontend/beta/js/Clipperz/Crypto/ECC.js +++ b/frontend/beta/js/Clipperz/Crypto/ECC.js | |||
@@ -1,408 +1,405 @@ | |||
1 | /* | 1 | /* |
2 | 2 | ||
3 | Copyright 2008-2011 Clipperz Srl | 3 | Copyright 2008-2011 Clipperz Srl |
4 | 4 | ||
5 | This file is part of Clipperz's Javascript Crypto Library. | 5 | This file is part of Clipperz Community Edition. |
6 | Javascript Crypto Library provides web developers with an extensive | 6 | Clipperz Community Edition is an online password manager. |
7 | and efficient set of cryptographic functions. The library aims to | ||
8 | obtain maximum execution speed while preserving modularity and | ||
9 | reusability. | ||
10 | For further information about its features and functionalities please | 7 | For further information about its features and functionalities please |
11 | refer to http://www.clipperz.com | 8 | refer to http://www.clipperz.com. |
12 | 9 | ||
13 | * Javascript Crypto Library is free software: you can redistribute | 10 | * Clipperz Community Edition is free software: you can redistribute |
14 | it and/or modify it under the terms of the GNU Affero General Public | 11 | it and/or modify it under the terms of the GNU Affero General Public |
15 | License as published by the Free Software Foundation, either version | 12 | License as published by the Free Software Foundation, either version |
16 | 3 of the License, or (at your option) any later version. | 13 | 3 of the License, or (at your option) any later version. |
17 | 14 | ||
18 | * Javascript Crypto Library is distributed in the hope that it will | 15 | * Clipperz Community Edition is distributed in the hope that it will |
19 | be useful, but WITHOUT ANY WARRANTY; without even the implied | 16 | be useful, but WITHOUT ANY WARRANTY; without even the implied |
20 | warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | 17 | warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
21 | See the GNU Affero General Public License for more details. | 18 | See the GNU Affero General Public License for more details. |
22 | 19 | ||
23 | * You should have received a copy of the GNU Affero General Public | 20 | * You should have received a copy of the GNU Affero General Public |
24 | License along with Javascript Crypto Library. If not, see | 21 | License along with Clipperz Community Edition. If not, see |
25 | <http://www.gnu.org/licenses/>. | 22 | <http://www.gnu.org/licenses/>. |
26 | 23 | ||
27 | */ | 24 | */ |
28 | 25 | ||
29 | /* | 26 | /* |
30 | try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) { | 27 | try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) { |
31 | throw "Clipperz.Crypto.ECC depends on Clipperz.ByteArray!"; | 28 | throw "Clipperz.Crypto.ECC depends on Clipperz.ByteArray!"; |
32 | } | 29 | } |
33 | 30 | ||
34 | if (typeof(Clipperz.Crypto.ECC) == 'undefined') { Clipperz.Crypto.ECC = {}; } | 31 | if (typeof(Clipperz.Crypto.ECC) == 'undefined') { Clipperz.Crypto.ECC = {}; } |
35 | 32 | ||
36 | 33 | ||
37 | //############################################################################# | 34 | //############################################################################# |
38 | 35 | ||
39 | Clipperz.Crypto.ECC.BinaryField = {}; | 36 | Clipperz.Crypto.ECC.BinaryField = {}; |
40 | 37 | ||
41 | //############################################################################# | 38 | //############################################################################# |
42 | 39 | ||
43 | Clipperz.Crypto.ECC.BinaryField.AbstractValue = function(aValue, aBase) { | 40 | Clipperz.Crypto.ECC.BinaryField.AbstractValue = function(aValue, aBase) { |
44 | return this; | 41 | return this; |
45 | } | 42 | } |
46 | 43 | ||
47 | Clipperz.Crypto.ECC.BinaryField.AbstractValue.prototype = MochiKit.Base.update(null, { | 44 | Clipperz.Crypto.ECC.BinaryField.AbstractValue.prototype = MochiKit.Base.update(null, { |
48 | 45 | ||
49 | 'asString': function(aBase) { | 46 | 'asString': function(aBase) { |
50 | throw Clipperz.Base.exception.AbstractMethod; | 47 | throw Clipperz.Base.exception.AbstractMethod; |
51 | }, | 48 | }, |
52 | 49 | ||
53 | 'isZero': function() { | 50 | 'isZero': function() { |
54 | throw Clipperz.Base.exception.AbstractMethod; | 51 | throw Clipperz.Base.exception.AbstractMethod; |
55 | }, | 52 | }, |
56 | 53 | ||
57 | 'shiftLeft': function(aNumberOfBitsToShift) { | 54 | 'shiftLeft': function(aNumberOfBitsToShift) { |
58 | throw Clipperz.Base.exception.AbstractMethod; | 55 | throw Clipperz.Base.exception.AbstractMethod; |
59 | }, | 56 | }, |
60 | 57 | ||
61 | 'bitSize': function() { | 58 | 'bitSize': function() { |
62 | throw Clipperz.Base.exception.AbstractMethod; | 59 | throw Clipperz.Base.exception.AbstractMethod; |
63 | }, | 60 | }, |
64 | 61 | ||
65 | 'isBitSet': function(aBitPosition) { | 62 | 'isBitSet': function(aBitPosition) { |
66 | throw Clipperz.Base.exception.AbstractMethod; | 63 | throw Clipperz.Base.exception.AbstractMethod; |
67 | }, | 64 | }, |
68 | 65 | ||
69 | 'xor': function(aValue) { | 66 | 'xor': function(aValue) { |
70 | throw Clipperz.Base.exception.AbstractMethod; | 67 | throw Clipperz.Base.exception.AbstractMethod; |
71 | }, | 68 | }, |
72 | 69 | ||
73 | 'compare': function(aValue) { | 70 | 'compare': function(aValue) { |
74 | throw Clipperz.Base.exception.AbstractMethod; | 71 | throw Clipperz.Base.exception.AbstractMethod; |
75 | }, | 72 | }, |
76 | 73 | ||
77 | //----------------------------------------------------------------------------- | 74 | //----------------------------------------------------------------------------- |
78 | __syntaxFix__: "syntax fix" | 75 | __syntaxFix__: "syntax fix" |
79 | }); | 76 | }); |
80 | 77 | ||
81 | //***************************************************************************** | 78 | //***************************************************************************** |
82 | / * | 79 | / * |
83 | Clipperz.Crypto.ECC.BinaryField.BigIntValue = function(aValue, aBase) { | 80 | Clipperz.Crypto.ECC.BinaryField.BigIntValue = function(aValue, aBase) { |
84 | this._value = new Clipperz.Crypto.BigInt(aValue, aBase); | 81 | this._value = new Clipperz.Crypto.BigInt(aValue, aBase); |
85 | return this; | 82 | return this; |
86 | } | 83 | } |
87 | 84 | ||
88 | Clipperz.Crypto.ECC.BinaryField.BigIntValue.prototype = MochiKit.Base.update(new Clipperz.Crypto.ECC.BinaryField.AbstractValue(), { | 85 | Clipperz.Crypto.ECC.BinaryField.BigIntValue.prototype = MochiKit.Base.update(new Clipperz.Crypto.ECC.BinaryField.AbstractValue(), { |
89 | 86 | ||
90 | 'value': function() { | 87 | 'value': function() { |
91 | return this._value; | 88 | return this._value; |
92 | }, | 89 | }, |
93 | 90 | ||
94 | //----------------------------------------------------------------------------- | 91 | //----------------------------------------------------------------------------- |
95 | 92 | ||
96 | 'isZero': function() { | 93 | 'isZero': function() { |
97 | return (this.value().compare(Clipperz.Crypto.ECC.BinaryField.BigIntValue.O) == 0); | 94 | return (this.value().compare(Clipperz.Crypto.ECC.BinaryField.BigIntValue.O) == 0); |
98 | }, | 95 | }, |
99 | 96 | ||
100 | //----------------------------------------------------------------------------- | 97 | //----------------------------------------------------------------------------- |
101 | 98 | ||
102 | 'asString': function(aBase) { | 99 | 'asString': function(aBase) { |
103 | return this.value().asString(aBase); | 100 | return this.value().asString(aBase); |
104 | }, | 101 | }, |
105 | 102 | ||
106 | //----------------------------------------------------------------------------- | 103 | //----------------------------------------------------------------------------- |
107 | 104 | ||
108 | 'shiftLeft': function(aNumberOfBitsToShift) { | 105 | 'shiftLeft': function(aNumberOfBitsToShift) { |
109 | return new Clipperz.Crypto.ECC.BinaryField.BigIntValue(this.value().shiftLeft(aNumberOfBitsToShift)); | 106 | return new Clipperz.Crypto.ECC.BinaryField.BigIntValue(this.value().shiftLeft(aNumberOfBitsToShift)); |
110 | }, | 107 | }, |
111 | 108 | ||
112 | //----------------------------------------------------------------------------- | 109 | //----------------------------------------------------------------------------- |
113 | 110 | ||
114 | 'bitSize': function() { | 111 | 'bitSize': function() { |
115 | return this.value().bitSize(); | 112 | return this.value().bitSize(); |
116 | }, | 113 | }, |
117 | 114 | ||
118 | //----------------------------------------------------------------------------- | 115 | //----------------------------------------------------------------------------- |
119 | 116 | ||
120 | 'isBitSet': function(aBitPosition) { | 117 | 'isBitSet': function(aBitPosition) { |
121 | return this.value().isBitSet(aBitPosition); | 118 | return this.value().isBitSet(aBitPosition); |
122 | }, | 119 | }, |
123 | 120 | ||
124 | //----------------------------------------------------------------------------- | 121 | //----------------------------------------------------------------------------- |
125 | 122 | ||
126 | 'xor': function(aValue) { | 123 | 'xor': function(aValue) { |
127 | return new Clipperz.Crypto.ECC.BinaryField.BigIntValue(this.value().xor(aValue.value())); | 124 | return new Clipperz.Crypto.ECC.BinaryField.BigIntValue(this.value().xor(aValue.value())); |
128 | }, | 125 | }, |
129 | 126 | ||
130 | //----------------------------------------------------------------------------- | 127 | //----------------------------------------------------------------------------- |
131 | 128 | ||
132 | 'compare': function(aValue) { | 129 | 'compare': function(aValue) { |
133 | return this.value().compare(aValue.value()); | 130 | return this.value().compare(aValue.value()); |
134 | }, | 131 | }, |
135 | 132 | ||
136 | //----------------------------------------------------------------------------- | 133 | //----------------------------------------------------------------------------- |
137 | __syntaxFix__: "syntax fix" | 134 | __syntaxFix__: "syntax fix" |
138 | }); | 135 | }); |
139 | 136 | ||
140 | Clipperz.Crypto.ECC.BinaryField.BigIntValue.O = new Clipperz.Crypto.BigInt(0); | 137 | Clipperz.Crypto.ECC.BinaryField.BigIntValue.O = new Clipperz.Crypto.BigInt(0); |
141 | Clipperz.Crypto.ECC.BinaryField.BigIntValue.I = new Clipperz.Crypto.BigInt(1); | 138 | Clipperz.Crypto.ECC.BinaryField.BigIntValue.I = new Clipperz.Crypto.BigInt(1); |
142 | * / | 139 | * / |
143 | //***************************************************************************** | 140 | //***************************************************************************** |
144 | 141 | ||
145 | Clipperz.Crypto.ECC.BinaryField.WordArrayValue = function(aValue, aBase) { | 142 | Clipperz.Crypto.ECC.BinaryField.WordArrayValue = function(aValue, aBase) { |
146 | if (aValue.constructor == String) { | 143 | if (aValue.constructor == String) { |
147 | varvalue; | 144 | varvalue; |
148 | varstringLength; | 145 | varstringLength; |
149 | var numberOfWords; | 146 | var numberOfWords; |
150 | vari,c; | 147 | vari,c; |
151 | 148 | ||
152 | if (aBase != 16) { | 149 | if (aBase != 16) { |
153 | throw Clipperz.Crypto.ECC.BinaryField.WordArrayValue.exception.UnsupportedBase; | 150 | throw Clipperz.Crypto.ECC.BinaryField.WordArrayValue.exception.UnsupportedBase; |
154 | } | 151 | } |
155 | 152 | ||
156 | value = aValue.replace(/ /g, ''); | 153 | value = aValue.replace(/ /g, ''); |
157 | stringLength = value.length; | 154 | stringLength = value.length; |
158 | numberOfWords = Math.ceil(stringLength / 8); | 155 | numberOfWords = Math.ceil(stringLength / 8); |
159 | this._value = new Array(numberOfWords); | 156 | this._value = new Array(numberOfWords); |
160 | 157 | ||
161 | c = numberOfWords; | 158 | c = numberOfWords; |
162 | for (i=0; i<c; i++) { | 159 | for (i=0; i<c; i++) { |
163 | varword; | 160 | varword; |
164 | 161 | ||
165 | if (i < (c-1)) { | 162 | if (i < (c-1)) { |
166 | word = parseInt(value.substr(stringLength-((i+1)*8), 8), 16); | 163 | word = parseInt(value.substr(stringLength-((i+1)*8), 8), 16); |
167 | } else { | 164 | } else { |
168 | word = parseInt(value.substr(0, stringLength-(i*8)), 16); | 165 | word = parseInt(value.substr(0, stringLength-(i*8)), 16); |
169 | } | 166 | } |
170 | 167 | ||
171 | this._value[i] = word; | 168 | this._value[i] = word; |
172 | } | 169 | } |
173 | } else if (aValue.constructor == Array) { | 170 | } else if (aValue.constructor == Array) { |
174 | var itemsToCopy; | 171 | var itemsToCopy; |
175 | 172 | ||
176 | itemsToCopy = aValue.length; | 173 | itemsToCopy = aValue.length; |
177 | while (aValue[itemsToCopy - 1] == 0) { | 174 | while (aValue[itemsToCopy - 1] == 0) { |
178 | itemsToCopy --; | 175 | itemsToCopy --; |
179 | } | 176 | } |
180 | 177 | ||
181 | this._value = aValue.slice(0, itemsToCopy); | 178 | this._value = aValue.slice(0, itemsToCopy); |
182 | } else if (aValue.constructor == Number) { | 179 | } else if (aValue.constructor == Number) { |
183 | this._value = [aValue]; | 180 | this._value = [aValue]; |
184 | } else { | 181 | } else { |
185 | // throw Clipperz.Crypto.ECC.BinaryField.WordArrayValue.exception.UnsupportedConstructorValueType; | 182 | // throw Clipperz.Crypto.ECC.BinaryField.WordArrayValue.exception.UnsupportedConstructorValueType; |
186 | } | 183 | } |
187 | 184 | ||
188 | return this; | 185 | return this; |
189 | } | 186 | } |
190 | 187 | ||
191 | Clipperz.Crypto.ECC.BinaryField.WordArrayValue.prototype = MochiKit.Base.update(new Clipperz.Crypto.ECC.BinaryField.AbstractValue(), { | 188 | Clipperz.Crypto.ECC.BinaryField.WordArrayValue.prototype = MochiKit.Base.update(new Clipperz.Crypto.ECC.BinaryField.AbstractValue(), { |
192 | 189 | ||
193 | 'value': function() { | 190 | 'value': function() { |
194 | return this._value; | 191 | return this._value; |
195 | }, | 192 | }, |
196 | 193 | ||
197 | //----------------------------------------------------------------------------- | 194 | //----------------------------------------------------------------------------- |
198 | 195 | ||
199 | 'wordSize': function() { | 196 | 'wordSize': function() { |
200 | return this._value.length | 197 | return this._value.length |
201 | }, | 198 | }, |
202 | 199 | ||
203 | //----------------------------------------------------------------------------- | 200 | //----------------------------------------------------------------------------- |
204 | 201 | ||
205 | 'clone': function() { | 202 | 'clone': function() { |
206 | return new Clipperz.Crypto.ECC.BinaryField.WordArrayValue(this._value.slice(0)); | 203 | return new Clipperz.Crypto.ECC.BinaryField.WordArrayValue(this._value.slice(0)); |
207 | }, | 204 | }, |
208 | 205 | ||
209 | //----------------------------------------------------------------------------- | 206 | //----------------------------------------------------------------------------- |
210 | 207 | ||
211 | 'isZero': function() { | 208 | 'isZero': function() { |
212 | return (this.compare(Clipperz.Crypto.ECC.BinaryField.WordArrayValue.O) == 0); | 209 | return (this.compare(Clipperz.Crypto.ECC.BinaryField.WordArrayValue.O) == 0); |
213 | }, | 210 | }, |
214 | 211 | ||
215 | //----------------------------------------------------------------------------- | 212 | //----------------------------------------------------------------------------- |
216 | 213 | ||
217 | 'asString': function(aBase) { | 214 | 'asString': function(aBase) { |
218 | varresult; | 215 | varresult; |
219 | var i,c; | 216 | var i,c; |
220 | 217 | ||
221 | if (aBase != 16) { | 218 | if (aBase != 16) { |
222 | throw Clipperz.Crypto.ECC.BinaryField.WordArrayValue.exception.UnsupportedBase; | 219 | throw Clipperz.Crypto.ECC.BinaryField.WordArrayValue.exception.UnsupportedBase; |
223 | } | 220 | } |
224 | 221 | ||
225 | result = ""; | 222 | result = ""; |
226 | c = this.wordSize(); | 223 | c = this.wordSize(); |
227 | for (i=0; i<c; i++) { | 224 | for (i=0; i<c; i++) { |
228 | varwordAsString; | 225 | varwordAsString; |
229 | 226 | ||
230 | // wordAsString = ("00000000" + this.value()[i].toString(16)); | 227 | // wordAsString = ("00000000" + this.value()[i].toString(16)); |
231 | wordAsString = ("00000000" + this._value[i].toString(16)); | 228 | wordAsString = ("00000000" + this._value[i].toString(16)); |
232 | wordAsString = wordAsString.substring(wordAsString.length - 8); | 229 | wordAsString = wordAsString.substring(wordAsString.length - 8); |
233 | result = wordAsString + result; | 230 | result = wordAsString + result; |
234 | } | 231 | } |
235 | 232 | ||
236 | result = result.replace(/^(00)* SPACEs THAT SHOULD BE REMOVED TO FIX THIS REGEX /, ""); | 233 | result = result.replace(/^(00)* SPACEs THAT SHOULD BE REMOVED TO FIX THIS REGEX /, ""); |
237 | 234 | ||
238 | if (result == "") { | 235 | if (result == "") { |
239 | result = "0"; | 236 | result = "0"; |
240 | } | 237 | } |
241 | 238 | ||
242 | return result; | 239 | return result; |
243 | }, | 240 | }, |
244 | 241 | ||
245 | //----------------------------------------------------------------------------- | 242 | //----------------------------------------------------------------------------- |
246 | 243 | ||
247 | 'shiftLeft': function(aNumberOfBitsToShift) { | 244 | 'shiftLeft': function(aNumberOfBitsToShift) { |
248 | return new Clipperz.Crypto.ECC.BinaryField.WordArrayValue(Clipperz.Crypto.ECC.BinaryField.WordArrayValue.shiftLeft(this._value, aNumberOfBitsToShift)); | 245 | return new Clipperz.Crypto.ECC.BinaryField.WordArrayValue(Clipperz.Crypto.ECC.BinaryField.WordArrayValue.shiftLeft(this._value, aNumberOfBitsToShift)); |
249 | }, | 246 | }, |
250 | 247 | ||
251 | //----------------------------------------------------------------------------- | 248 | //----------------------------------------------------------------------------- |
252 | 249 | ||
253 | 'bitSize': function() { | 250 | 'bitSize': function() { |
254 | return Clipperz.Crypto.ECC.BinaryField.WordArrayValue.bitSize(this._value); | 251 | return Clipperz.Crypto.ECC.BinaryField.WordArrayValue.bitSize(this._value); |
255 | }, | 252 | }, |
256 | 253 | ||
257 | //----------------------------------------------------------------------------- | 254 | //----------------------------------------------------------------------------- |
258 | 255 | ||
259 | 'isBitSet': function(aBitPosition) { | 256 | 'isBitSet': function(aBitPosition) { |
260 | return Clipperz.Crypto.ECC.BinaryField.WordArrayValue.isBitSet(this._value, aBitPosition); | 257 | return Clipperz.Crypto.ECC.BinaryField.WordArrayValue.isBitSet(this._value, aBitPosition); |
261 | }, | 258 | }, |
262 | 259 | ||
263 | //----------------------------------------------------------------------------- | 260 | //----------------------------------------------------------------------------- |
264 | 261 | ||
265 | 'xor': function(aValue) { | 262 | 'xor': function(aValue) { |
266 | return new Clipperz.Crypto.ECC.BinaryField.WordArrayValue(Clipperz.Crypto.ECC.BinaryField.WordArrayValue.xor(this._value, aValue._value)); | 263 | return new Clipperz.Crypto.ECC.BinaryField.WordArrayValue(Clipperz.Crypto.ECC.BinaryField.WordArrayValue.xor(this._value, aValue._value)); |
267 | }, | 264 | }, |
268 | 265 | ||
269 | //----------------------------------------------------------------------------- | 266 | //----------------------------------------------------------------------------- |
270 | 267 | ||
271 | 'compare': function(aValue) { | 268 | 'compare': function(aValue) { |
272 | return Clipperz.Crypto.ECC.BinaryField.WordArrayValue.compare(this._value, aValue._value); | 269 | return Clipperz.Crypto.ECC.BinaryField.WordArrayValue.compare(this._value, aValue._value); |
273 | }, | 270 | }, |
274 | 271 | ||
275 | //----------------------------------------------------------------------------- | 272 | //----------------------------------------------------------------------------- |
276 | __syntaxFix__: "syntax fix" | 273 | __syntaxFix__: "syntax fix" |
277 | }); | 274 | }); |
278 | 275 | ||
279 | Clipperz.Crypto.ECC.BinaryField.WordArrayValue.O = new Clipperz.Crypto.ECC.BinaryField.WordArrayValue('0', 16); | 276 | Clipperz.Crypto.ECC.BinaryField.WordArrayValue.O = new Clipperz.Crypto.ECC.BinaryField.WordArrayValue('0', 16); |
280 | Clipperz.Crypto.ECC.BinaryField.WordArrayValue.I = new Clipperz.Crypto.ECC.BinaryField.WordArrayValue('1', 16); | 277 | Clipperz.Crypto.ECC.BinaryField.WordArrayValue.I = new Clipperz.Crypto.ECC.BinaryField.WordArrayValue('1', 16); |
281 | 278 | ||
282 | Clipperz.Crypto.ECC.BinaryField.WordArrayValue.xor = function(a, b) { | 279 | Clipperz.Crypto.ECC.BinaryField.WordArrayValue.xor = function(a, b) { |
283 | var result; | 280 | var result; |
284 | var resultSize; | 281 | var resultSize; |
285 | var i,c; | 282 | var i,c; |
286 | 283 | ||
287 | resultSize = Math.max(a.length, b.length); | 284 | resultSize = Math.max(a.length, b.length); |
288 | 285 | ||
289 | result = new Array(resultSize); | 286 | result = new Array(resultSize); |
290 | c = resultSize; | 287 | c = resultSize; |
291 | for (i=0; i<c; i++) { | 288 | for (i=0; i<c; i++) { |
292 | // resultValue[i] = (((this.value()[i] || 0) ^ (aValue.value()[i] || 0)) >>> 0); | 289 | // resultValue[i] = (((this.value()[i] || 0) ^ (aValue.value()[i] || 0)) >>> 0); |
293 | result[i] = (((a[i] || 0) ^ (b[i] || 0)) >>> 0); | 290 | result[i] = (((a[i] || 0) ^ (b[i] || 0)) >>> 0); |
294 | } | 291 | } |
295 | 292 | ||
296 | return result; | 293 | return result; |
297 | }; | 294 | }; |
298 | 295 | ||
299 | Clipperz.Crypto.ECC.BinaryField.WordArrayValue.shiftLeft = function(aWordArray, aNumberOfBitsToShift) { | 296 | Clipperz.Crypto.ECC.BinaryField.WordArrayValue.shiftLeft = function(aWordArray, aNumberOfBitsToShift) { |
300 | var numberOfWordsToShift; | 297 | var numberOfWordsToShift; |
301 | varnumberOfBitsToShift; | 298 | varnumberOfBitsToShift; |
302 | var result; | 299 | var result; |
303 | varoverflowValue; | 300 | varoverflowValue; |
304 | vari,c; | 301 | vari,c; |
305 | 302 | ||
306 | numberOfWordsToShift = Math.floor(aNumberOfBitsToShift / 32); | 303 | numberOfWordsToShift = Math.floor(aNumberOfBitsToShift / 32); |
307 | numberOfBitsToShift = aNumberOfBitsToShift % 32; | 304 | numberOfBitsToShift = aNumberOfBitsToShift % 32; |
308 | 305 | ||
309 | result = new Array(aWordArray.length + numberOfWordsToShift); | 306 | result = new Array(aWordArray.length + numberOfWordsToShift); |
310 | 307 | ||
311 | c = numberOfWordsToShift; | 308 | c = numberOfWordsToShift; |
312 | for (i=0; i<c; i++) { | 309 | for (i=0; i<c; i++) { |
313 | result[i] = 0; | 310 | result[i] = 0; |
314 | } | 311 | } |
315 | 312 | ||
316 | overflowValue = 0; | 313 | overflowValue = 0; |
317 | nextOverflowValue = 0; | 314 | nextOverflowValue = 0; |
318 | 315 | ||
319 | c = aWordArray.length; | 316 | c = aWordArray.length; |
320 | for (i=0; i<c; i++) { | 317 | for (i=0; i<c; i++) { |
321 | varvalue; | 318 | varvalue; |
322 | varresultWord; | 319 | varresultWord; |
323 | 320 | ||
324 | // value = this.value()[i]; | 321 | // value = this.value()[i]; |
325 | value = aWordArray[i]; | 322 | value = aWordArray[i]; |
326 | 323 | ||
327 | if (numberOfBitsToShift > 0) { | 324 | if (numberOfBitsToShift > 0) { |
328 | var nextOverflowValue; | 325 | var nextOverflowValue; |
329 | 326 | ||
330 | nextOverflowValue = (value >>> (32 - numberOfBitsToShift)); | 327 | nextOverflowValue = (value >>> (32 - numberOfBitsToShift)); |
331 | value = value & (0xffffffff >>> numberOfBitsToShift); | 328 | value = value & (0xffffffff >>> numberOfBitsToShift); |
332 | resultWord = (((value << numberOfBitsToShift) | overflowValue) >>> 0); | 329 | resultWord = (((value << numberOfBitsToShift) | overflowValue) >>> 0); |
333 | } else { | 330 | } else { |
334 | resultWord = value; | 331 | resultWord = value; |
335 | } | 332 | } |
336 | 333 | ||
337 | result[i+numberOfWordsToShift] = resultWord; | 334 | result[i+numberOfWordsToShift] = resultWord; |
338 | overflowValue = nextOverflowValue; | 335 | overflowValue = nextOverflowValue; |
339 | } | 336 | } |
340 | 337 | ||
341 | if (overflowValue != 0) { | 338 | if (overflowValue != 0) { |
342 | result[aWordArray.length + numberOfWordsToShift] = overflowValue; | 339 | result[aWordArray.length + numberOfWordsToShift] = overflowValue; |
343 | } | 340 | } |
344 | 341 | ||
345 | return result; | 342 | return result; |
346 | }; | 343 | }; |
347 | 344 | ||
348 | Clipperz.Crypto.ECC.BinaryField.WordArrayValue.bitSize = function(aWordArray) { | 345 | Clipperz.Crypto.ECC.BinaryField.WordArrayValue.bitSize = function(aWordArray) { |
349 | varresult; | 346 | varresult; |
350 | varnotNullElements; | 347 | varnotNullElements; |
351 | var mostValuableWord; | 348 | var mostValuableWord; |
352 | var matchingBitsInMostImportantWord; | 349 | var matchingBitsInMostImportantWord; |
353 | var mask; | 350 | var mask; |
354 | var i,c; | 351 | var i,c; |
355 | 352 | ||
356 | notNullElements = aWordArray.length; | 353 | notNullElements = aWordArray.length; |
357 | 354 | ||
358 | if ((aWordArray.length == 1) && (aWordArray[0] == 0)) { | 355 | if ((aWordArray.length == 1) && (aWordArray[0] == 0)) { |
359 | result = 0; | 356 | result = 0; |
360 | } else { | 357 | } else { |
361 | while((aWordArray[notNullElements - 1] == 0) && (notNullElements > 0)) { | 358 | while((aWordArray[notNullElements - 1] == 0) && (notNullElements > 0)) { |
362 | notNullElements --; | 359 | notNullElements --; |
363 | } | 360 | } |
364 | 361 | ||
365 | result = (notNullElements - 1) * 32; | 362 | result = (notNullElements - 1) * 32; |
366 | mostValuableWord = aWordArray[notNullElements - 1]; | 363 | mostValuableWord = aWordArray[notNullElements - 1]; |
367 | 364 | ||
368 | matchingBits = 32; | 365 | matchingBits = 32; |
369 | mask = 0x80000000; | 366 | mask = 0x80000000; |
370 | 367 | ||
371 | while ((matchingBits > 0) && ((mostValuableWord & mask) == 0)) { | 368 | while ((matchingBits > 0) && ((mostValuableWord & mask) == 0)) { |
372 | matchingBits --; | 369 | matchingBits --; |
373 | mask >>>= 1; | 370 | mask >>>= 1; |
374 | } | 371 | } |
375 | 372 | ||
376 | result += matchingBits; | 373 | result += matchingBits; |
377 | } | 374 | } |
378 | 375 | ||
379 | return result; | 376 | return result; |
380 | }; | 377 | }; |
381 | 378 | ||
382 | Clipperz.Crypto.ECC.BinaryField.WordArrayValue.isBitSet = function(aWordArray, aBitPosition) { | 379 | Clipperz.Crypto.ECC.BinaryField.WordArrayValue.isBitSet = function(aWordArray, aBitPosition) { |
383 | var result; | 380 | var result; |
384 | varbyteIndex; | 381 | varbyteIndex; |
385 | var bitIndexInSelectedByte; | 382 | var bitIndexInSelectedByte; |
386 | 383 | ||
387 | byteIndex = Math.floor(aBitPosition / 32); | 384 | byteIndex = Math.floor(aBitPosition / 32); |
388 | bitIndexInSelectedByte = aBitPosition % 32; | 385 | bitIndexInSelectedByte = aBitPosition % 32; |
389 | 386 | ||
390 | if (byteIndex <= aWordArray.length) { | 387 | if (byteIndex <= aWordArray.length) { |
391 | result = ((aWordArray[byteIndex] & (1 << bitIndexInSelectedByte)) != 0); | 388 | result = ((aWordArray[byteIndex] & (1 << bitIndexInSelectedByte)) != 0); |
392 | } else { | 389 | } else { |
393 | result = false; | 390 | result = false; |
394 | } | 391 | } |
395 | 392 | ||
396 | return result; | 393 | return result; |
397 | }; | 394 | }; |
398 | 395 | ||
399 | Clipperz.Crypto.ECC.BinaryField.WordArrayValue.compare = function(a,b) { | 396 | Clipperz.Crypto.ECC.BinaryField.WordArrayValue.compare = function(a,b) { |
400 | varresult; | 397 | varresult; |
401 | var i,c; | 398 | var i,c; |
402 | 399 | ||
403 | result = MochiKit.Base.compare(a.length, b.length); | 400 | result = MochiKit.Base.compare(a.length, b.length); |
404 | 401 | ||
405 | c = a.length; | 402 | c = a.length; |
406 | for (i=0; (i<c) && (result==0); i++) { | 403 | for (i=0; (i<c) && (result==0); i++) { |
407 | //console.log("compare[" + c + " - " + i + " - 1] " + this.value()[c-i-1] + ", " + aValue.value()[c-i-1]); | 404 | //console.log("compare[" + c + " - " + i + " - 1] " + this.value()[c-i-1] + ", " + aValue.value()[c-i-1]); |
408 | // result = MochiKit.Base.compare(this.value()[c-i-1], aValue.value()[c-i-1]); | 405 | // result = MochiKit.Base.compare(this.value()[c-i-1], aValue.value()[c-i-1]); |
diff --git a/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Curve.js b/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Curve.js index 042ca6c..01127c3 100644 --- a/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Curve.js +++ b/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Curve.js | |||
@@ -1,408 +1,405 @@ | |||
1 | /* | 1 | /* |
2 | 2 | ||
3 | Copyright 2008-2011 Clipperz Srl | 3 | Copyright 2008-2011 Clipperz Srl |
4 | 4 | ||
5 | This file is part of Clipperz's Javascript Crypto Library. | 5 | This file is part of Clipperz Community Edition. |
6 | Javascript Crypto Library provides web developers with an extensive | 6 | Clipperz Community Edition is an online password manager. |
7 | and efficient set of cryptographic functions. The library aims to | ||
8 | obtain maximum execution speed while preserving modularity and | ||
9 | reusability. | ||
10 | For further information about its features and functionalities please | 7 | For further information about its features and functionalities please |
11 | refer to http://www.clipperz.com | 8 | refer to http://www.clipperz.com. |
12 | 9 | ||
13 | * Javascript Crypto Library is free software: you can redistribute | 10 | * Clipperz Community Edition is free software: you can redistribute |
14 | it and/or modify it under the terms of the GNU Affero General Public | 11 | it and/or modify it under the terms of the GNU Affero General Public |
15 | License as published by the Free Software Foundation, either version | 12 | License as published by the Free Software Foundation, either version |
16 | 3 of the License, or (at your option) any later version. | 13 | 3 of the License, or (at your option) any later version. |
17 | 14 | ||
18 | * Javascript Crypto Library is distributed in the hope that it will | 15 | * Clipperz Community Edition is distributed in the hope that it will |
19 | be useful, but WITHOUT ANY WARRANTY; without even the implied | 16 | be useful, but WITHOUT ANY WARRANTY; without even the implied |
20 | warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | 17 | warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
21 | See the GNU Affero General Public License for more details. | 18 | See the GNU Affero General Public License for more details. |
22 | 19 | ||
23 | * You should have received a copy of the GNU Affero General Public | 20 | * You should have received a copy of the GNU Affero General Public |
24 | License along with Javascript Crypto Library. If not, see | 21 | License along with Clipperz Community Edition. If not, see |
25 | <http://www.gnu.org/licenses/>. | 22 | <http://www.gnu.org/licenses/>. |
26 | 23 | ||
27 | */ | 24 | */ |
28 | 25 | ||
29 | try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) { | 26 | try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) { |
30 | throw "Clipperz.Crypto.ECC depends on Clipperz.ByteArray!"; | 27 | throw "Clipperz.Crypto.ECC depends on Clipperz.ByteArray!"; |
31 | } | 28 | } |
32 | if (typeof(Clipperz.Crypto.ECC) == 'undefined') { Clipperz.Crypto.ECC = {}; } | 29 | if (typeof(Clipperz.Crypto.ECC) == 'undefined') { Clipperz.Crypto.ECC = {}; } |
33 | if (typeof(Clipperz.Crypto.ECC.BinaryField) == 'undefined') { Clipperz.Crypto.ECC.BinaryField = {}; } | 30 | if (typeof(Clipperz.Crypto.ECC.BinaryField) == 'undefined') { Clipperz.Crypto.ECC.BinaryField = {}; } |
34 | 31 | ||
35 | Clipperz.Crypto.ECC.BinaryField.Curve = function(args) { | 32 | Clipperz.Crypto.ECC.BinaryField.Curve = function(args) { |
36 | args = args || {}; | 33 | args = args || {}; |
37 | 34 | ||
38 | this._modulus = args.modulus; | 35 | this._modulus = args.modulus; |
39 | 36 | ||
40 | this._a = args.a; | 37 | this._a = args.a; |
41 | this._b = args.b; | 38 | this._b = args.b; |
42 | this._G = args.G; | 39 | this._G = args.G; |
43 | this._r = args.r; | 40 | this._r = args.r; |
44 | this._h = args.h; | 41 | this._h = args.h; |
45 | 42 | ||
46 | this._finiteField = null; | 43 | this._finiteField = null; |
47 | 44 | ||
48 | return this; | 45 | return this; |
49 | } | 46 | } |
50 | 47 | ||
51 | Clipperz.Crypto.ECC.BinaryField.Curve.prototype = MochiKit.Base.update(null, { | 48 | Clipperz.Crypto.ECC.BinaryField.Curve.prototype = MochiKit.Base.update(null, { |
52 | 49 | ||
53 | 'asString': function() { | 50 | 'asString': function() { |
54 | return "Clipperz.Crypto.ECC.BinaryField.Curve"; | 51 | return "Clipperz.Crypto.ECC.BinaryField.Curve"; |
55 | }, | 52 | }, |
56 | 53 | ||
57 | //----------------------------------------------------------------------------- | 54 | //----------------------------------------------------------------------------- |
58 | 55 | ||
59 | 'modulus': function() { | 56 | 'modulus': function() { |
60 | return this._modulus; | 57 | return this._modulus; |
61 | }, | 58 | }, |
62 | 59 | ||
63 | 'a': function() { | 60 | 'a': function() { |
64 | return this._a; | 61 | return this._a; |
65 | }, | 62 | }, |
66 | 63 | ||
67 | 'b': function() { | 64 | 'b': function() { |
68 | return this._b; | 65 | return this._b; |
69 | }, | 66 | }, |
70 | 67 | ||
71 | 'G': function() { | 68 | 'G': function() { |
72 | return this._G; | 69 | return this._G; |
73 | }, | 70 | }, |
74 | 71 | ||
75 | 'r': function() { | 72 | 'r': function() { |
76 | return this._r; | 73 | return this._r; |
77 | }, | 74 | }, |
78 | 75 | ||
79 | 'h': function() { | 76 | 'h': function() { |
80 | return this._h; | 77 | return this._h; |
81 | }, | 78 | }, |
82 | 79 | ||
83 | //----------------------------------------------------------------------------- | 80 | //----------------------------------------------------------------------------- |
84 | 81 | ||
85 | 'finiteField': function() { | 82 | 'finiteField': function() { |
86 | if (this._finiteField == null) { | 83 | if (this._finiteField == null) { |
87 | this._finiteField = new Clipperz.Crypto.ECC.BinaryField.FiniteField({modulus:this.modulus()}) | 84 | this._finiteField = new Clipperz.Crypto.ECC.BinaryField.FiniteField({modulus:this.modulus()}) |
88 | } | 85 | } |
89 | 86 | ||
90 | return this._finiteField; | 87 | return this._finiteField; |
91 | }, | 88 | }, |
92 | 89 | ||
93 | //----------------------------------------------------------------------------- | 90 | //----------------------------------------------------------------------------- |
94 | 91 | ||
95 | 'negate': function(aPointA) { | 92 | 'negate': function(aPointA) { |
96 | var result; | 93 | var result; |
97 | 94 | ||
98 | result = new Clipperz.Crypto.ECC.Point({x:aPointA.x(), y:this.finiteField().add(aPointA.y(), aPointA.x())}) | 95 | result = new Clipperz.Crypto.ECC.Point({x:aPointA.x(), y:this.finiteField().add(aPointA.y(), aPointA.x())}) |
99 | 96 | ||
100 | return result; | 97 | return result; |
101 | }, | 98 | }, |
102 | 99 | ||
103 | //----------------------------------------------------------------------------- | 100 | //----------------------------------------------------------------------------- |
104 | 101 | ||
105 | 'add': function(aPointA, aPointB) { | 102 | 'add': function(aPointA, aPointB) { |
106 | var result; | 103 | var result; |
107 | 104 | ||
108 | //console.log(">>> ECC.BinaryField.Curve.add"); | 105 | //console.log(">>> ECC.BinaryField.Curve.add"); |
109 | if (aPointA.isZero()) { | 106 | if (aPointA.isZero()) { |
110 | //console.log("--- pointA == zero"); | 107 | //console.log("--- pointA == zero"); |
111 | result = aPointB; | 108 | result = aPointB; |
112 | } else if (aPointB.isZero()) { | 109 | } else if (aPointB.isZero()) { |
113 | //console.log("--- pointB == zero"); | 110 | //console.log("--- pointB == zero"); |
114 | result = aPointA; | 111 | result = aPointA; |
115 | } else if ((aPointA.x().compare(aPointB.x()) == 0) && ((aPointA.y().compare(aPointB.y()) != 0) || aPointB.x().isZero())) { | 112 | } else if ((aPointA.x().compare(aPointB.x()) == 0) && ((aPointA.y().compare(aPointB.y()) != 0) || aPointB.x().isZero())) { |
116 | //console.log("compare A.x - B.x: ", aPointA.x().compare(aPointB.x())); | 113 | //console.log("compare A.x - B.x: ", aPointA.x().compare(aPointB.x())); |
117 | //console.log("compare A.y - B.y: ", (aPointA.y().compare(aPointB.y()) != 0)); | 114 | //console.log("compare A.y - B.y: ", (aPointA.y().compare(aPointB.y()) != 0)); |
118 | //console.log("compare B.x.isZero(): ", aPointB.x().isZero()); | 115 | //console.log("compare B.x.isZero(): ", aPointB.x().isZero()); |
119 | 116 | ||
120 | //console.log("--- result = zero"); | 117 | //console.log("--- result = zero"); |
121 | result = new Clipperz.Crypto.ECC.BinaryField.Point({x:Clipperz.Crypto.ECC.BinaryField.Value.O, y:Clipperz.Crypto.ECC.BinaryField.Value.O}); | 118 | result = new Clipperz.Crypto.ECC.BinaryField.Point({x:Clipperz.Crypto.ECC.BinaryField.Value.O, y:Clipperz.Crypto.ECC.BinaryField.Value.O}); |
122 | } else { | 119 | } else { |
123 | //console.log("--- result = ELSE"); | 120 | //console.log("--- result = ELSE"); |
124 | varf2m; | 121 | varf2m; |
125 | var x, y; | 122 | var x, y; |
126 | var lambda; | 123 | var lambda; |
127 | var aX, aY, bX, bY; | 124 | var aX, aY, bX, bY; |
128 | 125 | ||
129 | aX = aPointA.x()._value; | 126 | aX = aPointA.x()._value; |
130 | aY = aPointA.y()._value; | 127 | aY = aPointA.y()._value; |
131 | bX = aPointB.x()._value; | 128 | bX = aPointB.x()._value; |
132 | bY = aPointB.y()._value; | 129 | bY = aPointB.y()._value; |
133 | 130 | ||
134 | f2m = this.finiteField(); | 131 | f2m = this.finiteField(); |
135 | 132 | ||
136 | if (aPointA.x().compare(aPointB.x()) != 0) { | 133 | if (aPointA.x().compare(aPointB.x()) != 0) { |
137 | //console.log(" a.x != b.x"); | 134 | //console.log(" a.x != b.x"); |
138 | lambda =f2m._fastMultiply( | 135 | lambda =f2m._fastMultiply( |
139 | f2m._add(aY, bY), | 136 | f2m._add(aY, bY), |
140 | f2m._inverse(f2m._add(aX, bX)) | 137 | f2m._inverse(f2m._add(aX, bX)) |
141 | ); | 138 | ); |
142 | x = f2m._add(this.a()._value, f2m._square(lambda)); | 139 | x = f2m._add(this.a()._value, f2m._square(lambda)); |
143 | f2m._overwriteAdd(x, lambda); | 140 | f2m._overwriteAdd(x, lambda); |
144 | f2m._overwriteAdd(x, aX); | 141 | f2m._overwriteAdd(x, aX); |
145 | f2m._overwriteAdd(x, bX); | 142 | f2m._overwriteAdd(x, bX); |
146 | } else { | 143 | } else { |
147 | //console.log(" a.x == b.x"); | 144 | //console.log(" a.x == b.x"); |
148 | lambda = f2m._add(bX, f2m._fastMultiply(bY, f2m._inverse(bX))); | 145 | lambda = f2m._add(bX, f2m._fastMultiply(bY, f2m._inverse(bX))); |
149 | //console.log(" lambda: " + lambda.asString(16)); | 146 | //console.log(" lambda: " + lambda.asString(16)); |
150 | x = f2m._add(this.a()._value, f2m._square(lambda)); | 147 | x = f2m._add(this.a()._value, f2m._square(lambda)); |
151 | //console.log(" x (step 1): " + x.asString(16)); | 148 | //console.log(" x (step 1): " + x.asString(16)); |
152 | f2m._overwriteAdd(x, lambda); | 149 | f2m._overwriteAdd(x, lambda); |
153 | //console.log(" x (step 2): " + x.asString(16)); | 150 | //console.log(" x (step 2): " + x.asString(16)); |
154 | } | 151 | } |
155 | 152 | ||
156 | y = f2m._fastMultiply(f2m._add(bX, x), lambda); | 153 | y = f2m._fastMultiply(f2m._add(bX, x), lambda); |
157 | //console.log(" y (step 1): " + y.asString(16)); | 154 | //console.log(" y (step 1): " + y.asString(16)); |
158 | f2m._overwriteAdd(y, x); | 155 | f2m._overwriteAdd(y, x); |
159 | //console.log(" y (step 2): " + y.asString(16)); | 156 | //console.log(" y (step 2): " + y.asString(16)); |
160 | f2m._overwriteAdd(y, bY); | 157 | f2m._overwriteAdd(y, bY); |
161 | //console.log(" y (step 3): " + y.asString(16)); | 158 | //console.log(" y (step 3): " + y.asString(16)); |
162 | 159 | ||
163 | result = new Clipperz.Crypto.ECC.BinaryField.Point({x:new Clipperz.Crypto.ECC.BinaryField.Value(x), y:new Clipperz.Crypto.ECC.BinaryField.Value(y)}) | 160 | result = new Clipperz.Crypto.ECC.BinaryField.Point({x:new Clipperz.Crypto.ECC.BinaryField.Value(x), y:new Clipperz.Crypto.ECC.BinaryField.Value(y)}) |
164 | } | 161 | } |
165 | //console.log("<<< ECC.BinaryField.Curve.add"); | 162 | //console.log("<<< ECC.BinaryField.Curve.add"); |
166 | 163 | ||
167 | return result; | 164 | return result; |
168 | }, | 165 | }, |
169 | 166 | ||
170 | //----------------------------------------------------------------------------- | 167 | //----------------------------------------------------------------------------- |
171 | 168 | ||
172 | 'overwriteAdd': function(aPointA, aPointB) { | 169 | 'overwriteAdd': function(aPointA, aPointB) { |
173 | if (aPointA.isZero()) { | 170 | if (aPointA.isZero()) { |
174 | // result = aPointB; | 171 | // result = aPointB; |
175 | aPointA._x._value = aPointB._x._value; | 172 | aPointA._x._value = aPointB._x._value; |
176 | aPointA._y._value = aPointB._y._value; | 173 | aPointA._y._value = aPointB._y._value; |
177 | } else if (aPointB.isZero()) { | 174 | } else if (aPointB.isZero()) { |
178 | // result = aPointA; | 175 | // result = aPointA; |
179 | } else if ((aPointA.x().compare(aPointB.x()) == 0) && ((aPointA.y().compare(aPointB.y()) != 0) || aPointB.x().isZero())) { | 176 | } else if ((aPointA.x().compare(aPointB.x()) == 0) && ((aPointA.y().compare(aPointB.y()) != 0) || aPointB.x().isZero())) { |
180 | // result = new Clipperz.Crypto.ECC.BinaryField.Point({x:Clipperz.Crypto.ECC.BinaryField.Value.O, y:Clipperz.Crypto.ECC.BinaryField.Value.O}); | 177 | // result = new Clipperz.Crypto.ECC.BinaryField.Point({x:Clipperz.Crypto.ECC.BinaryField.Value.O, y:Clipperz.Crypto.ECC.BinaryField.Value.O}); |
181 | aPointA._x = Clipperz.Crypto.ECC.BinaryField.Value.O; | 178 | aPointA._x = Clipperz.Crypto.ECC.BinaryField.Value.O; |
182 | aPointA._y = Clipperz.Crypto.ECC.BinaryField.Value.O; | 179 | aPointA._y = Clipperz.Crypto.ECC.BinaryField.Value.O; |
183 | } else { | 180 | } else { |
184 | varf2m; | 181 | varf2m; |
185 | var x, y; | 182 | var x, y; |
186 | var lambda; | 183 | var lambda; |
187 | var aX, aY, bX, bY; | 184 | var aX, aY, bX, bY; |
188 | 185 | ||
189 | aX = aPointA.x()._value; | 186 | aX = aPointA.x()._value; |
190 | aY = aPointA.y()._value; | 187 | aY = aPointA.y()._value; |
191 | bX = aPointB.x()._value; | 188 | bX = aPointB.x()._value; |
192 | bY = aPointB.y()._value; | 189 | bY = aPointB.y()._value; |
193 | 190 | ||
194 | f2m = this.finiteField(); | 191 | f2m = this.finiteField(); |
195 | 192 | ||
196 | if (aPointA.x().compare(aPointB.x()) != 0) { | 193 | if (aPointA.x().compare(aPointB.x()) != 0) { |
197 | //console.log(" a.x != b.x"); | 194 | //console.log(" a.x != b.x"); |
198 | lambda =f2m._fastMultiply( | 195 | lambda =f2m._fastMultiply( |
199 | f2m._add(aY, bY), | 196 | f2m._add(aY, bY), |
200 | f2m._inverse(f2m._add(aX, bX)) | 197 | f2m._inverse(f2m._add(aX, bX)) |
201 | ); | 198 | ); |
202 | x = f2m._add(this.a()._value, f2m._square(lambda)); | 199 | x = f2m._add(this.a()._value, f2m._square(lambda)); |
203 | f2m._overwriteAdd(x, lambda); | 200 | f2m._overwriteAdd(x, lambda); |
204 | f2m._overwriteAdd(x, aX); | 201 | f2m._overwriteAdd(x, aX); |
205 | f2m._overwriteAdd(x, bX); | 202 | f2m._overwriteAdd(x, bX); |
206 | } else { | 203 | } else { |
207 | //console.log(" a.x == b.x"); | 204 | //console.log(" a.x == b.x"); |
208 | lambda = f2m._add(bX, f2m._fastMultiply(bY, f2m._inverse(bX))); | 205 | lambda = f2m._add(bX, f2m._fastMultiply(bY, f2m._inverse(bX))); |
209 | //console.log(" lambda: " + lambda.asString(16)); | 206 | //console.log(" lambda: " + lambda.asString(16)); |
210 | x = f2m._add(this.a()._value, f2m._square(lambda)); | 207 | x = f2m._add(this.a()._value, f2m._square(lambda)); |
211 | //console.log(" x (step 1): " + x.asString(16)); | 208 | //console.log(" x (step 1): " + x.asString(16)); |
212 | f2m._overwriteAdd(x, lambda); | 209 | f2m._overwriteAdd(x, lambda); |
213 | //console.log(" x (step 2): " + x.asString(16)); | 210 | //console.log(" x (step 2): " + x.asString(16)); |
214 | } | 211 | } |
215 | 212 | ||
216 | y = f2m._fastMultiply(f2m._add(bX, x), lambda); | 213 | y = f2m._fastMultiply(f2m._add(bX, x), lambda); |
217 | //console.log(" y (step 1): " + y.asString(16)); | 214 | //console.log(" y (step 1): " + y.asString(16)); |
218 | f2m._overwriteAdd(y, x); | 215 | f2m._overwriteAdd(y, x); |
219 | //console.log(" y (step 2): " + y.asString(16)); | 216 | //console.log(" y (step 2): " + y.asString(16)); |
220 | f2m._overwriteAdd(y, bY); | 217 | f2m._overwriteAdd(y, bY); |
221 | //console.log(" y (step 3): " + y.asString(16)); | 218 | //console.log(" y (step 3): " + y.asString(16)); |
222 | 219 | ||
223 | // result = new Clipperz.Crypto.ECC.BinaryField.Point({x:new Clipperz.Crypto.ECC.BinaryField.Value(x), y:new Clipperz.Crypto.ECC.BinaryField.Value(y)}) | 220 | // result = new Clipperz.Crypto.ECC.BinaryField.Point({x:new Clipperz.Crypto.ECC.BinaryField.Value(x), y:new Clipperz.Crypto.ECC.BinaryField.Value(y)}) |
224 | aPointA._x._value = x; | 221 | aPointA._x._value = x; |
225 | aPointA._y._value = y; | 222 | aPointA._y._value = y; |
226 | 223 | ||
227 | } | 224 | } |
228 | //console.log("<<< ECC.BinaryField.Curve.add"); | 225 | //console.log("<<< ECC.BinaryField.Curve.add"); |
229 | 226 | ||
230 | return result; | 227 | return result; |
231 | }, | 228 | }, |
232 | 229 | ||
233 | //----------------------------------------------------------------------------- | 230 | //----------------------------------------------------------------------------- |
234 | 231 | ||
235 | 'multiply': function(aValue, aPoint) { | 232 | 'multiply': function(aValue, aPoint) { |
236 | var result; | 233 | var result; |
237 | 234 | ||
238 | //console.profile(); | 235 | //console.profile(); |
239 | result = new Clipperz.Crypto.ECC.BinaryField.Point({x:Clipperz.Crypto.ECC.BinaryField.Value.O, y:Clipperz.Crypto.ECC.BinaryField.Value.O}); | 236 | result = new Clipperz.Crypto.ECC.BinaryField.Point({x:Clipperz.Crypto.ECC.BinaryField.Value.O, y:Clipperz.Crypto.ECC.BinaryField.Value.O}); |
240 | 237 | ||
241 | if (aValue.isZero() == false) { | 238 | if (aValue.isZero() == false) { |
242 | var k, Q; | 239 | var k, Q; |
243 | var i; | 240 | var i; |
244 | var countIndex; countIndex = 0; | 241 | var countIndex; countIndex = 0; |
245 | 242 | ||
246 | if (aValue.compare(Clipperz.Crypto.ECC.BinaryField.Value.O) > 0) { | 243 | if (aValue.compare(Clipperz.Crypto.ECC.BinaryField.Value.O) > 0) { |
247 | k = aValue; | 244 | k = aValue; |
248 | Q = aPoint; | 245 | Q = aPoint; |
249 | } else { | 246 | } else { |
250 | MochiKit.Logging.logError("The Clipperz.Crypto.ECC.BinaryFields.Value does not work with negative values!!!!"); | 247 | MochiKit.Logging.logError("The Clipperz.Crypto.ECC.BinaryFields.Value does not work with negative values!!!!"); |
251 | k = aValue.negate(); | 248 | k = aValue.negate(); |
252 | Q = this.negate(aPoint); | 249 | Q = this.negate(aPoint); |
253 | } | 250 | } |
254 | 251 | ||
255 | //console.log("k: " + k.toString(16)); | 252 | //console.log("k: " + k.toString(16)); |
256 | //console.log("k.bitSize: " + k.bitSize()); | 253 | //console.log("k.bitSize: " + k.bitSize()); |
257 | for (i=k.bitSize()-1; i>=0; i--) { | 254 | for (i=k.bitSize()-1; i>=0; i--) { |
258 | result = this.add(result, result); | 255 | result = this.add(result, result); |
259 | // this.overwriteAdd(result, result); | 256 | // this.overwriteAdd(result, result); |
260 | if (k.isBitSet(i)) { | 257 | if (k.isBitSet(i)) { |
261 | result = this.add(result, Q); | 258 | result = this.add(result, Q); |
262 | // this.overwriteAdd(result, Q); | 259 | // this.overwriteAdd(result, Q); |
263 | } | 260 | } |
264 | 261 | ||
265 | // if (countIndex==100) {console.log("multiply.break"); break;} else countIndex++; | 262 | // if (countIndex==100) {console.log("multiply.break"); break;} else countIndex++; |
266 | } | 263 | } |
267 | } | 264 | } |
268 | //console.profileEnd(); | 265 | //console.profileEnd(); |
269 | 266 | ||
270 | return result; | 267 | return result; |
271 | }, | 268 | }, |
272 | 269 | ||
273 | //----------------------------------------------------------------------------- | 270 | //----------------------------------------------------------------------------- |
274 | __syntaxFix__: "syntax fix" | 271 | __syntaxFix__: "syntax fix" |
275 | }); | 272 | }); |
276 | 273 | ||
277 | 274 | ||
278 | //############################################################################# | 275 | //############################################################################# |
279 | 276 | ||
280 | Clipperz.Crypto.ECC.StandardCurves = {}; | 277 | Clipperz.Crypto.ECC.StandardCurves = {}; |
281 | 278 | ||
282 | MochiKit.Base.update(Clipperz.Crypto.ECC.StandardCurves, { | 279 | MochiKit.Base.update(Clipperz.Crypto.ECC.StandardCurves, { |
283 | /* | 280 | /* |
284 | '_K571': null, | 281 | '_K571': null, |
285 | 'K571': function() { | 282 | 'K571': function() { |
286 | if (Clipperz.Crypto.ECC.StandardCurves._K571 == null) { | 283 | if (Clipperz.Crypto.ECC.StandardCurves._K571 == null) { |
287 | Clipperz.Crypto.ECC.StandardCurves._K571 = new Clipperz.Crypto.ECC.Curve.Koblitz({ | 284 | Clipperz.Crypto.ECC.StandardCurves._K571 = new Clipperz.Crypto.ECC.Curve.Koblitz({ |
288 | exadecimalForm: '80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425', | 285 | exadecimalForm: '80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425', |
289 | a: new Clipperz.Crypto.BigInt(0), | 286 | a: new Clipperz.Crypto.BigInt(0), |
290 | G: new Clipperz.Crypto.ECC.Point({ | 287 | G: new Clipperz.Crypto.ECC.Point({ |
291 | x: new Clipperz.Crypto.BigInt('26eb7a859923fbc82189631f8103fe4ac9ca2970012d5d46024804801841ca44370958493b205e647da304db4ceb08cbbd1ba39494776fb988b47174dca88c7e2945283a01c8972', 16), | 288 | x: new Clipperz.Crypto.BigInt('26eb7a859923fbc82189631f8103fe4ac9ca2970012d5d46024804801841ca44370958493b205e647da304db4ceb08cbbd1ba39494776fb988b47174dca88c7e2945283a01c8972', 16), |
292 | y: new Clipperz.Crypto.BigInt('349dc807f4fbf374f4aeade3bca95314dd58cec9f307a54ffc61efc006d8a2c9d4979c0ac44aea74fbebbb9f772aedcb620b01a7ba7af1b320430c8591984f601cd4c143ef1c7a3', 16) | 289 | y: new Clipperz.Crypto.BigInt('349dc807f4fbf374f4aeade3bca95314dd58cec9f307a54ffc61efc006d8a2c9d4979c0ac44aea74fbebbb9f772aedcb620b01a7ba7af1b320430c8591984f601cd4c143ef1c7a3', 16) |
293 | }), | 290 | }), |
294 | n: new Clipperz.Crypto.BigInt('1932268761508629172347675945465993672149463664853217499328617625725759571144780212268133978522706711834706712800825351461273674974066617311929682421617092503555733685276673', 16), | 291 | n: new Clipperz.Crypto.BigInt('1932268761508629172347675945465993672149463664853217499328617625725759571144780212268133978522706711834706712800825351461273674974066617311929682421617092503555733685276673', 16), |
295 | h: new Clipperz.Crypto.BigInt(4) | 292 | h: new Clipperz.Crypto.BigInt(4) |
296 | }); | 293 | }); |
297 | } | 294 | } |
298 | 295 | ||
299 | return Clipperz.Crypto.ECC.StandardCurves._K571; | 296 | return Clipperz.Crypto.ECC.StandardCurves._K571; |
300 | }, | 297 | }, |
301 | */ | 298 | */ |
302 | //----------------------------------------------------------------------------- | 299 | //----------------------------------------------------------------------------- |
303 | 300 | ||
304 | '_B571': null, | 301 | '_B571': null, |
305 | 'B571': function() { //f(z) = z^571 + z^10 + z^5 + z^2 + 1 | 302 | 'B571': function() { //f(z) = z^571 + z^10 + z^5 + z^2 + 1 |
306 | if (Clipperz.Crypto.ECC.StandardCurves._B571 == null) { | 303 | if (Clipperz.Crypto.ECC.StandardCurves._B571 == null) { |
307 | Clipperz.Crypto.ECC.StandardCurves._B571 = new Clipperz.Crypto.ECC.BinaryField.Curve({ | 304 | Clipperz.Crypto.ECC.StandardCurves._B571 = new Clipperz.Crypto.ECC.BinaryField.Curve({ |
308 | modulus: new Clipperz.Crypto.ECC.BinaryField.Value('80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425', 16), | 305 | modulus: new Clipperz.Crypto.ECC.BinaryField.Value('80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425', 16), |
309 | a: new Clipperz.Crypto.ECC.BinaryField.Value('1', 16), | 306 | a: new Clipperz.Crypto.ECC.BinaryField.Value('1', 16), |
310 | b: new Clipperz.Crypto.ECC.BinaryField.Value('02f40e7e2221f295de297117b7f3d62f5c6a97ffcb8ceff1cd6ba8ce4a9a18ad84ffabbd8efa59332be7ad6756a66e294afd185a78ff12aa520e4de739baca0c7ffeff7f2955727a', 16), | 307 | b: new Clipperz.Crypto.ECC.BinaryField.Value('02f40e7e2221f295de297117b7f3d62f5c6a97ffcb8ceff1cd6ba8ce4a9a18ad84ffabbd8efa59332be7ad6756a66e294afd185a78ff12aa520e4de739baca0c7ffeff7f2955727a', 16), |
311 | G: new Clipperz.Crypto.ECC.BinaryField.Point({ | 308 | G: new Clipperz.Crypto.ECC.BinaryField.Point({ |
312 | x: new Clipperz.Crypto.ECC.BinaryField.Value('0303001d 34b85629 6c16c0d4 0d3cd775 0a93d1d2 955fa80a a5f40fc8 db7b2abd bde53950 f4c0d293 cdd711a3 5b67fb14 99ae6003 8614f139 4abfa3b4 c850d927 e1e7769c 8eec2d19', 16), | 309 | x: new Clipperz.Crypto.ECC.BinaryField.Value('0303001d 34b85629 6c16c0d4 0d3cd775 0a93d1d2 955fa80a a5f40fc8 db7b2abd bde53950 f4c0d293 cdd711a3 5b67fb14 99ae6003 8614f139 4abfa3b4 c850d927 e1e7769c 8eec2d19', 16), |
313 | y: new Clipperz.Crypto.ECC.BinaryField.Value('037bf273 42da639b 6dccfffe b73d69d7 8c6c27a6 009cbbca 1980f853 3921e8a6 84423e43 bab08a57 6291af8f 461bb2a8 b3531d2f 0485c19b 16e2f151 6e23dd3c 1a4827af 1b8ac15b', 16) | 310 | y: new Clipperz.Crypto.ECC.BinaryField.Value('037bf273 42da639b 6dccfffe b73d69d7 8c6c27a6 009cbbca 1980f853 3921e8a6 84423e43 bab08a57 6291af8f 461bb2a8 b3531d2f 0485c19b 16e2f151 6e23dd3c 1a4827af 1b8ac15b', 16) |
314 | }), | 311 | }), |
315 | r: new Clipperz.Crypto.ECC.BinaryField.Value('03ffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff e661ce18 ff559873 08059b18 6823851e c7dd9ca1 161de93d 5174d66e 8382e9bb 2fe84e47', 16), | 312 | r: new Clipperz.Crypto.ECC.BinaryField.Value('03ffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff e661ce18 ff559873 08059b18 6823851e c7dd9ca1 161de93d 5174d66e 8382e9bb 2fe84e47', 16), |
316 | h: new Clipperz.Crypto.ECC.BinaryField.Value('2', 16) | 313 | h: new Clipperz.Crypto.ECC.BinaryField.Value('2', 16) |
317 | 314 | ||
318 | // S: new Clipperz.Crypto.ECC.BinaryField.Value('2aa058f73a0e33ab486b0f610410c53a7f132310', 10), | 315 | // S: new Clipperz.Crypto.ECC.BinaryField.Value('2aa058f73a0e33ab486b0f610410c53a7f132310', 10), |
319 | // n: new Clipperz.Crypto.ECC.BinaryField.Value('03ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe661ce18ff55987308059b186823851ec7dd9ca1161de93d5174d66e8382e9bb2fe84e47', 16), | 316 | // n: new Clipperz.Crypto.ECC.BinaryField.Value('03ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe661ce18ff55987308059b186823851ec7dd9ca1161de93d5174d66e8382e9bb2fe84e47', 16), |
320 | }); | 317 | }); |
321 | 318 | ||
322 | //----------------------------------------------------------------------------- | 319 | //----------------------------------------------------------------------------- |
323 | // | 320 | // |
324 | //Guide to Elliptic Curve Cryptography | 321 | //Guide to Elliptic Curve Cryptography |
325 | //Darrel Hankerson, Alfred Menezes, Scott Vanstone | 322 | //Darrel Hankerson, Alfred Menezes, Scott Vanstone |
326 | //- Pag: 56, Alorithm 2.45 (with a typo!!!) | 323 | //- Pag: 56, Alorithm 2.45 (with a typo!!!) |
327 | // | 324 | // |
328 | //----------------------------------------------------------------------------- | 325 | //----------------------------------------------------------------------------- |
329 | // | 326 | // |
330 | // http://www.milw0rm.com/papers/136 | 327 | // http://www.milw0rm.com/papers/136 |
331 | // | 328 | // |
332 | // ------------------------------------------------------------------------- | 329 | // ------------------------------------------------------------------------- |
333 | // Polynomial Reduction Algorithm Modulo f571 | 330 | // Polynomial Reduction Algorithm Modulo f571 |
334 | // ------------------------------------------------------------------------- | 331 | // ------------------------------------------------------------------------- |
335 | // | 332 | // |
336 | // Input: Polynomial p(x) of degree 1140 or less, stored as | 333 | // Input: Polynomial p(x) of degree 1140 or less, stored as |
337 | // an array of 2T machinewords. | 334 | // an array of 2T machinewords. |
338 | // Output: p(x) mod f571(x) | 335 | // Output: p(x) mod f571(x) |
339 | // | 336 | // |
340 | // FOR i = T-1, ..., 0 DO | 337 | // FOR i = T-1, ..., 0 DO |
341 | // SET X := P[i+T] | 338 | // SET X := P[i+T] |
342 | // P[i] := P[i] ^ (X<<5) ^ (X<<7) ^ (X<<10) ^ (X<<15) | 339 | // P[i] := P[i] ^ (X<<5) ^ (X<<7) ^ (X<<10) ^ (X<<15) |
343 | // P[i+1] := P[i+1] ^ (X>>17) ^ (X>>22) ^ (X>>25) ^ (X>>27) | 340 | // P[i+1] := P[i+1] ^ (X>>17) ^ (X>>22) ^ (X>>25) ^ (X>>27) |
344 | // | 341 | // |
345 | // SET X := P[T-1] >> 27 | 342 | // SET X := P[T-1] >> 27 |
346 | // P[0] := P[0] ^ X ^ (X<<2) ^ (X<<5) ^ (X<<10) | 343 | // P[0] := P[0] ^ X ^ (X<<2) ^ (X<<5) ^ (X<<10) |
347 | // P[T-1] := P[T-1] & 0x07ffffff | 344 | // P[T-1] := P[T-1] & 0x07ffffff |
348 | // | 345 | // |
349 | // RETURN P[T-1],...,P[0] | 346 | // RETURN P[T-1],...,P[0] |
350 | // | 347 | // |
351 | // ------------------------------------------------------------------------- | 348 | // ------------------------------------------------------------------------- |
352 | // | 349 | // |
353 | Clipperz.Crypto.ECC.StandardCurves._B571.finiteField().slowModule = Clipperz.Crypto.ECC.StandardCurves._B571.finiteField().module; | 350 | Clipperz.Crypto.ECC.StandardCurves._B571.finiteField().slowModule = Clipperz.Crypto.ECC.StandardCurves._B571.finiteField().module; |
354 | Clipperz.Crypto.ECC.StandardCurves._B571.finiteField().module = function(aValue) { | 351 | Clipperz.Crypto.ECC.StandardCurves._B571.finiteField().module = function(aValue) { |
355 | varresult; | 352 | varresult; |
356 | 353 | ||
357 | if (aValue.bitSize() > 1140) { | 354 | if (aValue.bitSize() > 1140) { |
358 | MochiKit.Logging.logWarning("ECC.StandarCurves.B571.finiteField().module: falling back to default implementation"); | 355 | MochiKit.Logging.logWarning("ECC.StandarCurves.B571.finiteField().module: falling back to default implementation"); |
359 | result = Clipperz.Crypto.ECC.StandardCurves._B571.finiteField().slowModule(aValue); | 356 | result = Clipperz.Crypto.ECC.StandardCurves._B571.finiteField().slowModule(aValue); |
360 | } else { | 357 | } else { |
361 | varC, T; | 358 | varC, T; |
362 | var i; | 359 | var i; |
363 | 360 | ||
364 | //console.log(">>> binaryField.finiteField.(improved)module"); | 361 | //console.log(">>> binaryField.finiteField.(improved)module"); |
365 | // C = aValue.value().slice(0); | 362 | // C = aValue.value().slice(0); |
366 | C = aValue._value.slice(0); | 363 | C = aValue._value.slice(0); |
367 | for (i=35; i>=18; i--) { | 364 | for (i=35; i>=18; i--) { |
368 | T = C[i]; | 365 | T = C[i]; |
369 | C[i-18] = (((C[i-18] ^ (T<<5) ^ (T<<7) ^ (T<<10) ^ (T<<15)) & 0xffffffff) >>> 0); | 366 | C[i-18] = (((C[i-18] ^ (T<<5) ^ (T<<7) ^ (T<<10) ^ (T<<15)) & 0xffffffff) >>> 0); |
370 | C[i-17] = ((C[i-17] ^ (T>>>27) ^ (T>>>25) ^ (T>>>22) ^ (T>>>17)) >>> 0); | 367 | C[i-17] = ((C[i-17] ^ (T>>>27) ^ (T>>>25) ^ (T>>>22) ^ (T>>>17)) >>> 0); |
371 | } | 368 | } |
372 | T = (C[17] >>> 27); | 369 | T = (C[17] >>> 27); |
373 | C[0] = ((C[0] ^ T ^ ((T<<2) ^ (T<<5) ^ (T<<10)) & 0xffffffff) >>> 0); | 370 | C[0] = ((C[0] ^ T ^ ((T<<2) ^ (T<<5) ^ (T<<10)) & 0xffffffff) >>> 0); |
374 | C[17] = (C[17] & 0x07ffffff); | 371 | C[17] = (C[17] & 0x07ffffff); |
375 | 372 | ||
376 | for(i=18; i<=35; i++) { | 373 | for(i=18; i<=35; i++) { |
377 | C[i] = 0; | 374 | C[i] = 0; |
378 | } | 375 | } |
379 | 376 | ||
380 | result = new Clipperz.Crypto.ECC.BinaryField.Value(C); | 377 | result = new Clipperz.Crypto.ECC.BinaryField.Value(C); |
381 | //console.log("<<< binaryField.finiteField.(improved)module"); | 378 | //console.log("<<< binaryField.finiteField.(improved)module"); |
382 | } | 379 | } |
383 | 380 | ||
384 | return result; | 381 | return result; |
385 | }; | 382 | }; |
386 | } | 383 | } |
387 | 384 | ||
388 | return Clipperz.Crypto.ECC.StandardCurves._B571; | 385 | return Clipperz.Crypto.ECC.StandardCurves._B571; |
389 | }, | 386 | }, |
390 | 387 | ||
391 | //----------------------------------------------------------------------------- | 388 | //----------------------------------------------------------------------------- |
392 | 389 | ||
393 | '_B283': null, | 390 | '_B283': null, |
394 | 'B283': function() { //f(z) = z^283 + z^12 + z^7 + z^5 + 1 | 391 | 'B283': function() { //f(z) = z^283 + z^12 + z^7 + z^5 + 1 |
395 | if (Clipperz.Crypto.ECC.StandardCurves._B283 == null) { | 392 | if (Clipperz.Crypto.ECC.StandardCurves._B283 == null) { |
396 | Clipperz.Crypto.ECC.StandardCurves._B283 = new Clipperz.Crypto.ECC.BinaryField.Curve({ | 393 | Clipperz.Crypto.ECC.StandardCurves._B283 = new Clipperz.Crypto.ECC.BinaryField.Curve({ |
397 | // modulus: new Clipperz.Crypto.ECC.BinaryField.Value('10000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 000010a1', 16), | 394 | // modulus: new Clipperz.Crypto.ECC.BinaryField.Value('10000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 000010a1', 16), |
398 | modulus: new Clipperz.Crypto.ECC.BinaryField.Value('08000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 000010a1', 16), | 395 | modulus: new Clipperz.Crypto.ECC.BinaryField.Value('08000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 000010a1', 16), |
399 | a: new Clipperz.Crypto.ECC.BinaryField.Value('1', 16), | 396 | a: new Clipperz.Crypto.ECC.BinaryField.Value('1', 16), |
400 | b: new Clipperz.Crypto.ECC.BinaryField.Value('027b680a c8b8596d a5a4af8a 19a0303f ca97fd76 45309fa2 a581485a f6263e31 3b79a2f5', 16), | 397 | b: new Clipperz.Crypto.ECC.BinaryField.Value('027b680a c8b8596d a5a4af8a 19a0303f ca97fd76 45309fa2 a581485a f6263e31 3b79a2f5', 16), |
401 | G: new Clipperz.Crypto.ECC.BinaryField.Point({ | 398 | G: new Clipperz.Crypto.ECC.BinaryField.Point({ |
402 | x: new Clipperz.Crypto.ECC.BinaryField.Value('05f93925 8db7dd90 e1934f8c 70b0dfec 2eed25b8 557eac9c 80e2e198 f8cdbecd 86b12053', 16), | 399 | x: new Clipperz.Crypto.ECC.BinaryField.Value('05f93925 8db7dd90 e1934f8c 70b0dfec 2eed25b8 557eac9c 80e2e198 f8cdbecd 86b12053', 16), |
403 | y: new Clipperz.Crypto.ECC.BinaryField.Value('03676854 fe24141c b98fe6d4 b20d02b4 516ff702 350eddb0 826779c8 13f0df45 be8112f4', 16) | 400 | y: new Clipperz.Crypto.ECC.BinaryField.Value('03676854 fe24141c b98fe6d4 b20d02b4 516ff702 350eddb0 826779c8 13f0df45 be8112f4', 16) |
404 | }), | 401 | }), |
405 | r: new Clipperz.Crypto.ECC.BinaryField.Value('03ffffff ffffffff ffffffff ffffffff ffffef90 399660fc 938a9016 5b042a7c efadb307', 16), | 402 | r: new Clipperz.Crypto.ECC.BinaryField.Value('03ffffff ffffffff ffffffff ffffffff ffffef90 399660fc 938a9016 5b042a7c efadb307', 16), |
406 | h: new Clipperz.Crypto.ECC.BinaryField.Value('2', 16) | 403 | h: new Clipperz.Crypto.ECC.BinaryField.Value('2', 16) |
407 | 404 | ||
408 | // S: new Clipperz.Crypto.ECC.BinaryField.Value('2aa058f73a0e33ab486b0f610410c53a7f132310', 10), | 405 | // S: new Clipperz.Crypto.ECC.BinaryField.Value('2aa058f73a0e33ab486b0f610410c53a7f132310', 10), |
diff --git a/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/FiniteField.js b/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/FiniteField.js index 3ddf2ec..650b479 100644 --- a/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/FiniteField.js +++ b/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/FiniteField.js | |||
@@ -1,408 +1,405 @@ | |||
1 | /* | 1 | /* |
2 | 2 | ||
3 | Copyright 2008-2011 Clipperz Srl | 3 | Copyright 2008-2011 Clipperz Srl |
4 | 4 | ||
5 | This file is part of Clipperz's Javascript Crypto Library. | 5 | This file is part of Clipperz Community Edition. |
6 | Javascript Crypto Library provides web developers with an extensive | 6 | Clipperz Community Edition is an online password manager. |
7 | and efficient set of cryptographic functions. The library aims to | ||
8 | obtain maximum execution speed while preserving modularity and | ||
9 | reusability. | ||
10 | For further information about its features and functionalities please | 7 | For further information about its features and functionalities please |
11 | refer to http://www.clipperz.com | 8 | refer to http://www.clipperz.com. |
12 | 9 | ||
13 | * Javascript Crypto Library is free software: you can redistribute | 10 | * Clipperz Community Edition is free software: you can redistribute |
14 | it and/or modify it under the terms of the GNU Affero General Public | 11 | it and/or modify it under the terms of the GNU Affero General Public |
15 | License as published by the Free Software Foundation, either version | 12 | License as published by the Free Software Foundation, either version |
16 | 3 of the License, or (at your option) any later version. | 13 | 3 of the License, or (at your option) any later version. |
17 | 14 | ||
18 | * Javascript Crypto Library is distributed in the hope that it will | 15 | * Clipperz Community Edition is distributed in the hope that it will |
19 | be useful, but WITHOUT ANY WARRANTY; without even the implied | 16 | be useful, but WITHOUT ANY WARRANTY; without even the implied |
20 | warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | 17 | warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
21 | See the GNU Affero General Public License for more details. | 18 | See the GNU Affero General Public License for more details. |
22 | 19 | ||
23 | * You should have received a copy of the GNU Affero General Public | 20 | * You should have received a copy of the GNU Affero General Public |
24 | License along with Javascript Crypto Library. If not, see | 21 | License along with Clipperz Community Edition. If not, see |
25 | <http://www.gnu.org/licenses/>. | 22 | <http://www.gnu.org/licenses/>. |
26 | 23 | ||
27 | */ | 24 | */ |
28 | 25 | ||
29 | try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) { | 26 | try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) { |
30 | throw "Clipperz.Crypto.ECC depends on Clipperz.ByteArray!"; | 27 | throw "Clipperz.Crypto.ECC depends on Clipperz.ByteArray!"; |
31 | } | 28 | } |
32 | if (typeof(Clipperz.Crypto.ECC) == 'undefined') { Clipperz.Crypto.ECC = {}; } | 29 | if (typeof(Clipperz.Crypto.ECC) == 'undefined') { Clipperz.Crypto.ECC = {}; } |
33 | if (typeof(Clipperz.Crypto.ECC.BinaryField) == 'undefined') { Clipperz.Crypto.ECC.BinaryField = {}; } | 30 | if (typeof(Clipperz.Crypto.ECC.BinaryField) == 'undefined') { Clipperz.Crypto.ECC.BinaryField = {}; } |
34 | 31 | ||
35 | Clipperz.Crypto.ECC.BinaryField.FiniteField = function(args) { | 32 | Clipperz.Crypto.ECC.BinaryField.FiniteField = function(args) { |
36 | args = args || {}; | 33 | args = args || {}; |
37 | this._modulus = args.modulus; | 34 | this._modulus = args.modulus; |
38 | 35 | ||
39 | return this; | 36 | return this; |
40 | } | 37 | } |
41 | 38 | ||
42 | Clipperz.Crypto.ECC.BinaryField.FiniteField.prototype = MochiKit.Base.update(null, { | 39 | Clipperz.Crypto.ECC.BinaryField.FiniteField.prototype = MochiKit.Base.update(null, { |
43 | 40 | ||
44 | 'asString': function() { | 41 | 'asString': function() { |
45 | return "Clipperz.Crypto.ECC.BinaryField.FiniteField (" + this.modulus().asString() + ")"; | 42 | return "Clipperz.Crypto.ECC.BinaryField.FiniteField (" + this.modulus().asString() + ")"; |
46 | }, | 43 | }, |
47 | 44 | ||
48 | //----------------------------------------------------------------------------- | 45 | //----------------------------------------------------------------------------- |
49 | 46 | ||
50 | 'modulus': function() { | 47 | 'modulus': function() { |
51 | return this._modulus; | 48 | return this._modulus; |
52 | }, | 49 | }, |
53 | 50 | ||
54 | //----------------------------------------------------------------------------- | 51 | //----------------------------------------------------------------------------- |
55 | 52 | ||
56 | '_module': function(aValue) { | 53 | '_module': function(aValue) { |
57 | varresult; | 54 | varresult; |
58 | var modulusComparison; | 55 | var modulusComparison; |
59 | //console.log(">>> binaryField.finiteField.(standard)module"); | 56 | //console.log(">>> binaryField.finiteField.(standard)module"); |
60 | 57 | ||
61 | modulusComparison = Clipperz.Crypto.ECC.BinaryField.Value._compare(aValue, this.modulus()._value); | 58 | modulusComparison = Clipperz.Crypto.ECC.BinaryField.Value._compare(aValue, this.modulus()._value); |
62 | 59 | ||
63 | if (modulusComparison < 0) { | 60 | if (modulusComparison < 0) { |
64 | result = aValue; | 61 | result = aValue; |
65 | } else if (modulusComparison == 0) { | 62 | } else if (modulusComparison == 0) { |
66 | result = [0]; | 63 | result = [0]; |
67 | } else { | 64 | } else { |
68 | var modulusBitSize; | 65 | var modulusBitSize; |
69 | var resultBitSize; | 66 | var resultBitSize; |
70 | 67 | ||
71 | result = aValue; | 68 | result = aValue; |
72 | 69 | ||
73 | modulusBitSize = this.modulus().bitSize(); | 70 | modulusBitSize = this.modulus().bitSize(); |
74 | resultBitSize = Clipperz.Crypto.ECC.BinaryField.Value._bitSize(result); | 71 | resultBitSize = Clipperz.Crypto.ECC.BinaryField.Value._bitSize(result); |
75 | while (resultBitSize >= modulusBitSize) { | 72 | while (resultBitSize >= modulusBitSize) { |
76 | Clipperz.Crypto.ECC.BinaryField.Value._overwriteXor(result, Clipperz.Crypto.ECC.BinaryField.Value._shiftLeft(this.modulus()._value, resultBitSize - modulusBitSize)); | 73 | Clipperz.Crypto.ECC.BinaryField.Value._overwriteXor(result, Clipperz.Crypto.ECC.BinaryField.Value._shiftLeft(this.modulus()._value, resultBitSize - modulusBitSize)); |
77 | resultBitSize = Clipperz.Crypto.ECC.BinaryField.Value._bitSize(result); | 74 | resultBitSize = Clipperz.Crypto.ECC.BinaryField.Value._bitSize(result); |
78 | } | 75 | } |
79 | } | 76 | } |
80 | //console.log("<<< binaryField.finiteField.(standard)module"); | 77 | //console.log("<<< binaryField.finiteField.(standard)module"); |
81 | 78 | ||
82 | return result; | 79 | return result; |
83 | }, | 80 | }, |
84 | 81 | ||
85 | 'module': function(aValue) { | 82 | 'module': function(aValue) { |
86 | return new Clipperz.Crypto.ECC.BinaryField.Value(this._module(aValue._value.slice(0))); | 83 | return new Clipperz.Crypto.ECC.BinaryField.Value(this._module(aValue._value.slice(0))); |
87 | }, | 84 | }, |
88 | 85 | ||
89 | //----------------------------------------------------------------------------- | 86 | //----------------------------------------------------------------------------- |
90 | 87 | ||
91 | '_add': function(a, b) { | 88 | '_add': function(a, b) { |
92 | return Clipperz.Crypto.ECC.BinaryField.Value._xor(a, b); | 89 | return Clipperz.Crypto.ECC.BinaryField.Value._xor(a, b); |
93 | }, | 90 | }, |
94 | 91 | ||
95 | '_overwriteAdd': function(a, b) { | 92 | '_overwriteAdd': function(a, b) { |
96 | Clipperz.Crypto.ECC.BinaryField.Value._overwriteXor(a, b); | 93 | Clipperz.Crypto.ECC.BinaryField.Value._overwriteXor(a, b); |
97 | }, | 94 | }, |
98 | 95 | ||
99 | 'add': function(a, b) { | 96 | 'add': function(a, b) { |
100 | return new Clipperz.Crypto.ECC.BinaryField.Value(this._add(a._value, b._value)); | 97 | return new Clipperz.Crypto.ECC.BinaryField.Value(this._add(a._value, b._value)); |
101 | }, | 98 | }, |
102 | 99 | ||
103 | //----------------------------------------------------------------------------- | 100 | //----------------------------------------------------------------------------- |
104 | 101 | ||
105 | 'negate': function(aValue) { | 102 | 'negate': function(aValue) { |
106 | return aValue.clone(); | 103 | return aValue.clone(); |
107 | }, | 104 | }, |
108 | 105 | ||
109 | //----------------------------------------------------------------------------- | 106 | //----------------------------------------------------------------------------- |
110 | 107 | ||
111 | '_multiply': function(a, b) { | 108 | '_multiply': function(a, b) { |
112 | var result; | 109 | var result; |
113 | var valueToXor; | 110 | var valueToXor; |
114 | var i,c; | 111 | var i,c; |
115 | 112 | ||
116 | result = [0]; | 113 | result = [0]; |
117 | valueToXor = b; | 114 | valueToXor = b; |
118 | c = Clipperz.Crypto.ECC.BinaryField.Value._bitSize(a); | 115 | c = Clipperz.Crypto.ECC.BinaryField.Value._bitSize(a); |
119 | for (i=0; i<c; i++) { | 116 | for (i=0; i<c; i++) { |
120 | if (Clipperz.Crypto.ECC.BinaryField.Value._isBitSet(a, i) === true) { | 117 | if (Clipperz.Crypto.ECC.BinaryField.Value._isBitSet(a, i) === true) { |
121 | Clipperz.Crypto.ECC.BinaryField.Value._overwriteXor(result, valueToXor); | 118 | Clipperz.Crypto.ECC.BinaryField.Value._overwriteXor(result, valueToXor); |
122 | } | 119 | } |
123 | valueToXor = Clipperz.Crypto.ECC.BinaryField.Value._overwriteShiftLeft(valueToXor, 1); | 120 | valueToXor = Clipperz.Crypto.ECC.BinaryField.Value._overwriteShiftLeft(valueToXor, 1); |
124 | } | 121 | } |
125 | result = this._module(result); | 122 | result = this._module(result); |
126 | 123 | ||
127 | return result; | 124 | return result; |
128 | }, | 125 | }, |
129 | 126 | ||
130 | 'multiply': function(a, b) { | 127 | 'multiply': function(a, b) { |
131 | return new Clipperz.Crypto.ECC.BinaryField.Value(this._multiply(a._value, b._value)); | 128 | return new Clipperz.Crypto.ECC.BinaryField.Value(this._multiply(a._value, b._value)); |
132 | }, | 129 | }, |
133 | 130 | ||
134 | //----------------------------------------------------------------------------- | 131 | //----------------------------------------------------------------------------- |
135 | 132 | ||
136 | '_fastMultiply': function(a, b) { | 133 | '_fastMultiply': function(a, b) { |
137 | var result; | 134 | var result; |
138 | var B; | 135 | var B; |
139 | var i,c; | 136 | var i,c; |
140 | 137 | ||
141 | result = [0]; | 138 | result = [0]; |
142 | B = b.slice(0); //Is this array copy avoidable? | 139 | B = b.slice(0); //Is this array copy avoidable? |
143 | c = 32; | 140 | c = 32; |
144 | for (i=0; i<c; i++) { | 141 | for (i=0; i<c; i++) { |
145 | var ii, cc; | 142 | var ii, cc; |
146 | 143 | ||
147 | cc = a.length; | 144 | cc = a.length; |
148 | for (ii=0; ii<cc; ii++) { | 145 | for (ii=0; ii<cc; ii++) { |
149 | if (((a[ii] >>> i) & 0x01) == 1) { | 146 | if (((a[ii] >>> i) & 0x01) == 1) { |
150 | Clipperz.Crypto.ECC.BinaryField.Value._overwriteXor(result, B, ii); | 147 | Clipperz.Crypto.ECC.BinaryField.Value._overwriteXor(result, B, ii); |
151 | } | 148 | } |
152 | } | 149 | } |
153 | 150 | ||
154 | if (i < (c-1)) { | 151 | if (i < (c-1)) { |
155 | B = Clipperz.Crypto.ECC.BinaryField.Value._overwriteShiftLeft(B, 1); | 152 | B = Clipperz.Crypto.ECC.BinaryField.Value._overwriteShiftLeft(B, 1); |
156 | } | 153 | } |
157 | } | 154 | } |
158 | result = this._module(result); | 155 | result = this._module(result); |
159 | 156 | ||
160 | return result; | 157 | return result; |
161 | }, | 158 | }, |
162 | 159 | ||
163 | 'fastMultiply': function(a, b) { | 160 | 'fastMultiply': function(a, b) { |
164 | return new Clipperz.Crypto.ECC.BinaryField.Value(this._fastMultiply(a._value, b._value)); | 161 | return new Clipperz.Crypto.ECC.BinaryField.Value(this._fastMultiply(a._value, b._value)); |
165 | }, | 162 | }, |
166 | 163 | ||
167 | //----------------------------------------------------------------------------- | 164 | //----------------------------------------------------------------------------- |
168 | // | 165 | // |
169 | //Guide to Elliptic Curve Cryptography | 166 | //Guide to Elliptic Curve Cryptography |
170 | //Darrel Hankerson, Alfred Menezes, Scott Vanstone | 167 | //Darrel Hankerson, Alfred Menezes, Scott Vanstone |
171 | //- Pag: 49, Alorithm 2.34 | 168 | //- Pag: 49, Alorithm 2.34 |
172 | // | 169 | // |
173 | //----------------------------------------------------------------------------- | 170 | //----------------------------------------------------------------------------- |
174 | 171 | ||
175 | '_square': function(aValue) { | 172 | '_square': function(aValue) { |
176 | var result; | 173 | var result; |
177 | var value; | 174 | var value; |
178 | var c,i; | 175 | var c,i; |
179 | var precomputedValues; | 176 | var precomputedValues; |
180 | 177 | ||
181 | value = aValue; | 178 | value = aValue; |
182 | result = new Array(value.length * 2); | 179 | result = new Array(value.length * 2); |
183 | precomputedValues = Clipperz.Crypto.ECC.BinaryField.FiniteField.squarePrecomputedBytes; | 180 | precomputedValues = Clipperz.Crypto.ECC.BinaryField.FiniteField.squarePrecomputedBytes; |
184 | 181 | ||
185 | c = value.length; | 182 | c = value.length; |
186 | for (i=0; i<c; i++) { | 183 | for (i=0; i<c; i++) { |
187 | result[i*2] = precomputedValues[(value[i] & 0x000000ff)]; | 184 | result[i*2] = precomputedValues[(value[i] & 0x000000ff)]; |
188 | result[i*2] |= ((precomputedValues[(value[i] & 0x0000ff00) >>> 8]) << 16); | 185 | result[i*2] |= ((precomputedValues[(value[i] & 0x0000ff00) >>> 8]) << 16); |
189 | 186 | ||
190 | result[i*2 + 1] = precomputedValues[(value[i] & 0x00ff0000) >>> 16]; | 187 | result[i*2 + 1] = precomputedValues[(value[i] & 0x00ff0000) >>> 16]; |
191 | result[i*2 + 1] |= ((precomputedValues[(value[i] & 0xff000000) >>> 24]) << 16); | 188 | result[i*2 + 1] |= ((precomputedValues[(value[i] & 0xff000000) >>> 24]) << 16); |
192 | } | 189 | } |
193 | 190 | ||
194 | return this._module(result); | 191 | return this._module(result); |
195 | }, | 192 | }, |
196 | 193 | ||
197 | 'square': function(aValue) { | 194 | 'square': function(aValue) { |
198 | return new Clipperz.Crypto.ECC.BinaryField.Value(this._square(aValue._value)); | 195 | return new Clipperz.Crypto.ECC.BinaryField.Value(this._square(aValue._value)); |
199 | }, | 196 | }, |
200 | 197 | ||
201 | //----------------------------------------------------------------------------- | 198 | //----------------------------------------------------------------------------- |
202 | 199 | ||
203 | '_inverse': function(aValue) { | 200 | '_inverse': function(aValue) { |
204 | varresult; | 201 | varresult; |
205 | var b, c; | 202 | var b, c; |
206 | var u, v; | 203 | var u, v; |
207 | 204 | ||
208 | // b = Clipperz.Crypto.ECC.BinaryField.Value.I._value; | 205 | // b = Clipperz.Crypto.ECC.BinaryField.Value.I._value; |
209 | b = [1]; | 206 | b = [1]; |
210 | // c = Clipperz.Crypto.ECC.BinaryField.Value.O._value; | 207 | // c = Clipperz.Crypto.ECC.BinaryField.Value.O._value; |
211 | c = [0]; | 208 | c = [0]; |
212 | u = this._module(aValue); | 209 | u = this._module(aValue); |
213 | v = this.modulus()._value.slice(0); | 210 | v = this.modulus()._value.slice(0); |
214 | 211 | ||
215 | while (Clipperz.Crypto.ECC.BinaryField.Value._bitSize(u) > 1) { | 212 | while (Clipperz.Crypto.ECC.BinaryField.Value._bitSize(u) > 1) { |
216 | varbitDifferenceSize; | 213 | varbitDifferenceSize; |
217 | 214 | ||
218 | bitDifferenceSize = Clipperz.Crypto.ECC.BinaryField.Value._bitSize(u) - Clipperz.Crypto.ECC.BinaryField.Value._bitSize(v); | 215 | bitDifferenceSize = Clipperz.Crypto.ECC.BinaryField.Value._bitSize(u) - Clipperz.Crypto.ECC.BinaryField.Value._bitSize(v); |
219 | if (bitDifferenceSize < 0) { | 216 | if (bitDifferenceSize < 0) { |
220 | var swap; | 217 | var swap; |
221 | 218 | ||
222 | swap = u; | 219 | swap = u; |
223 | u = v; | 220 | u = v; |
224 | v = swap; | 221 | v = swap; |
225 | 222 | ||
226 | swap = c; | 223 | swap = c; |
227 | c = b; | 224 | c = b; |
228 | b = swap; | 225 | b = swap; |
229 | 226 | ||
230 | bitDifferenceSize = -bitDifferenceSize; | 227 | bitDifferenceSize = -bitDifferenceSize; |
231 | } | 228 | } |
232 | 229 | ||
233 | u = this._add(u, Clipperz.Crypto.ECC.BinaryField.Value._shiftLeft(v, bitDifferenceSize)); | 230 | u = this._add(u, Clipperz.Crypto.ECC.BinaryField.Value._shiftLeft(v, bitDifferenceSize)); |
234 | b = this._add(b, Clipperz.Crypto.ECC.BinaryField.Value._shiftLeft(c, bitDifferenceSize)); | 231 | b = this._add(b, Clipperz.Crypto.ECC.BinaryField.Value._shiftLeft(c, bitDifferenceSize)); |
235 | // this._overwriteAdd(u, Clipperz.Crypto.ECC.BinaryField.Value._shiftLeft(v, bitDifferenceSize)); | 232 | // this._overwriteAdd(u, Clipperz.Crypto.ECC.BinaryField.Value._shiftLeft(v, bitDifferenceSize)); |
236 | // this._overwriteAdd(b, Clipperz.Crypto.ECC.BinaryField.Value._shiftLeft(c, bitDifferenceSize)); | 233 | // this._overwriteAdd(b, Clipperz.Crypto.ECC.BinaryField.Value._shiftLeft(c, bitDifferenceSize)); |
237 | } | 234 | } |
238 | 235 | ||
239 | result = this._module(b); | 236 | result = this._module(b); |
240 | 237 | ||
241 | return result; | 238 | return result; |
242 | }, | 239 | }, |
243 | 240 | ||
244 | 'inverse': function(aValue) { | 241 | 'inverse': function(aValue) { |
245 | return new Clipperz.Crypto.ECC.BinaryField.Value(this._inverse(aValue._value)); | 242 | return new Clipperz.Crypto.ECC.BinaryField.Value(this._inverse(aValue._value)); |
246 | }, | 243 | }, |
247 | 244 | ||
248 | //----------------------------------------------------------------------------- | 245 | //----------------------------------------------------------------------------- |
249 | __syntaxFix__: "syntax fix" | 246 | __syntaxFix__: "syntax fix" |
250 | }); | 247 | }); |
251 | 248 | ||
252 | 249 | ||
253 | Clipperz.Crypto.ECC.BinaryField.FiniteField.squarePrecomputedBytes = [ | 250 | Clipperz.Crypto.ECC.BinaryField.FiniteField.squarePrecomputedBytes = [ |
254 | 0x0000, // 0 = 0000 0000 -> 0000 0000 0000 0000 | 251 | 0x0000, // 0 = 0000 0000 -> 0000 0000 0000 0000 |
255 | 0x0001, // 1 = 0000 0001 -> 0000 0000 0000 0001 | 252 | 0x0001, // 1 = 0000 0001 -> 0000 0000 0000 0001 |
256 | 0x0004, // 2 = 0000 0010 -> 0000 0000 0000 0100 | 253 | 0x0004, // 2 = 0000 0010 -> 0000 0000 0000 0100 |
257 | 0x0005, // 3 = 0000 0011 -> 0000 0000 0000 0101 | 254 | 0x0005, // 3 = 0000 0011 -> 0000 0000 0000 0101 |
258 | 0x0010, // 4 = 0000 0100 -> 0000 0000 0001 0000 | 255 | 0x0010, // 4 = 0000 0100 -> 0000 0000 0001 0000 |
259 | 0x0011, // 5 = 0000 0101 -> 0000 0000 0001 0001 | 256 | 0x0011, // 5 = 0000 0101 -> 0000 0000 0001 0001 |
260 | 0x0014, // 6 = 0000 0110 -> 0000 0000 0001 0100 | 257 | 0x0014, // 6 = 0000 0110 -> 0000 0000 0001 0100 |
261 | 0x0015, // 7 = 0000 0111 -> 0000 0000 0001 0101 | 258 | 0x0015, // 7 = 0000 0111 -> 0000 0000 0001 0101 |
262 | 0x0040, // 8 = 0000 1000 -> 0000 0000 0100 0000 | 259 | 0x0040, // 8 = 0000 1000 -> 0000 0000 0100 0000 |
263 | 0x0041, // 9 = 0000 1001 -> 0000 0000 0100 0001 | 260 | 0x0041, // 9 = 0000 1001 -> 0000 0000 0100 0001 |
264 | 0x0044, // 10 = 0000 1010 -> 0000 0000 0100 0100 | 261 | 0x0044, // 10 = 0000 1010 -> 0000 0000 0100 0100 |
265 | 0x0045, // 11 = 0000 1011 -> 0000 0000 0100 0101 | 262 | 0x0045, // 11 = 0000 1011 -> 0000 0000 0100 0101 |
266 | 0x0050, // 12 = 0000 1100 -> 0000 0000 0101 0000 | 263 | 0x0050, // 12 = 0000 1100 -> 0000 0000 0101 0000 |
267 | 0x0051, // 13 = 0000 1101 -> 0000 0000 0101 0001 | 264 | 0x0051, // 13 = 0000 1101 -> 0000 0000 0101 0001 |
268 | 0x0054, // 14 = 0000 1110 -> 0000 0000 0101 0100 | 265 | 0x0054, // 14 = 0000 1110 -> 0000 0000 0101 0100 |
269 | 0x0055, // 15 = 0000 1111 -> 0000 0000 0101 0101 | 266 | 0x0055, // 15 = 0000 1111 -> 0000 0000 0101 0101 |
270 | 267 | ||
271 | 0x0100, // 16 = 0001 0000 -> 0000 0001 0000 0000 | 268 | 0x0100, // 16 = 0001 0000 -> 0000 0001 0000 0000 |
272 | 0x0101, // 17 = 0001 0001 -> 0000 0001 0000 0001 | 269 | 0x0101, // 17 = 0001 0001 -> 0000 0001 0000 0001 |
273 | 0x0104, // 18 = 0001 0010 -> 0000 0001 0000 0100 | 270 | 0x0104, // 18 = 0001 0010 -> 0000 0001 0000 0100 |
274 | 0x0105, // 19 = 0001 0011 -> 0000 0001 0000 0101 | 271 | 0x0105, // 19 = 0001 0011 -> 0000 0001 0000 0101 |
275 | 0x0110, // 20 = 0001 0100 -> 0000 0001 0001 0000 | 272 | 0x0110, // 20 = 0001 0100 -> 0000 0001 0001 0000 |
276 | 0x0111, // 21 = 0001 0101 -> 0000 0001 0001 0001 | 273 | 0x0111, // 21 = 0001 0101 -> 0000 0001 0001 0001 |
277 | 0x0114, // 22 = 0001 0110 -> 0000 0001 0001 0100 | 274 | 0x0114, // 22 = 0001 0110 -> 0000 0001 0001 0100 |
278 | 0x0115, // 23 = 0001 0111 -> 0000 0001 0001 0101 | 275 | 0x0115, // 23 = 0001 0111 -> 0000 0001 0001 0101 |
279 | 0x0140, // 24 = 0001 1000 -> 0000 0001 0100 0000 | 276 | 0x0140, // 24 = 0001 1000 -> 0000 0001 0100 0000 |
280 | 0x0141, // 25 = 0001 1001 -> 0000 0001 0100 0001 | 277 | 0x0141, // 25 = 0001 1001 -> 0000 0001 0100 0001 |
281 | 0x0144, // 26 = 0001 1010 -> 0000 0001 0100 0100 | 278 | 0x0144, // 26 = 0001 1010 -> 0000 0001 0100 0100 |
282 | 0x0145, // 27 = 0001 1011 -> 0000 0001 0100 0101 | 279 | 0x0145, // 27 = 0001 1011 -> 0000 0001 0100 0101 |
283 | 0x0150, // 28 = 0001 1100 -> 0000 0001 0101 0000 | 280 | 0x0150, // 28 = 0001 1100 -> 0000 0001 0101 0000 |
284 | 0x0151, // 28 = 0001 1101 -> 0000 0001 0101 0001 | 281 | 0x0151, // 28 = 0001 1101 -> 0000 0001 0101 0001 |
285 | 0x0154, // 30 = 0001 1110 -> 0000 0001 0101 0100 | 282 | 0x0154, // 30 = 0001 1110 -> 0000 0001 0101 0100 |
286 | 0x0155, // 31 = 0001 1111 -> 0000 0001 0101 0101 | 283 | 0x0155, // 31 = 0001 1111 -> 0000 0001 0101 0101 |
287 | 284 | ||
288 | 0x0400, // 32 = 0010 0000 -> 0000 0100 0000 0000 | 285 | 0x0400, // 32 = 0010 0000 -> 0000 0100 0000 0000 |
289 | 0x0401, // 33 = 0010 0001 -> 0000 0100 0000 0001 | 286 | 0x0401, // 33 = 0010 0001 -> 0000 0100 0000 0001 |
290 | 0x0404, // 34 = 0010 0010 -> 0000 0100 0000 0100 | 287 | 0x0404, // 34 = 0010 0010 -> 0000 0100 0000 0100 |
291 | 0x0405, // 35 = 0010 0011 -> 0000 0100 0000 0101 | 288 | 0x0405, // 35 = 0010 0011 -> 0000 0100 0000 0101 |
292 | 0x0410, // 36 = 0010 0100 -> 0000 0100 0001 0000 | 289 | 0x0410, // 36 = 0010 0100 -> 0000 0100 0001 0000 |
293 | 0x0411, // 37 = 0010 0101 -> 0000 0100 0001 0001 | 290 | 0x0411, // 37 = 0010 0101 -> 0000 0100 0001 0001 |
294 | 0x0414, // 38 = 0010 0110 -> 0000 0100 0001 0100 | 291 | 0x0414, // 38 = 0010 0110 -> 0000 0100 0001 0100 |
295 | 0x0415, // 39 = 0010 0111 -> 0000 0100 0001 0101 | 292 | 0x0415, // 39 = 0010 0111 -> 0000 0100 0001 0101 |
296 | 0x0440, // 40 = 0010 1000 -> 0000 0100 0100 0000 | 293 | 0x0440, // 40 = 0010 1000 -> 0000 0100 0100 0000 |
297 | 0x0441, // 41 = 0010 1001 -> 0000 0100 0100 0001 | 294 | 0x0441, // 41 = 0010 1001 -> 0000 0100 0100 0001 |
298 | 0x0444, // 42 = 0010 1010 -> 0000 0100 0100 0100 | 295 | 0x0444, // 42 = 0010 1010 -> 0000 0100 0100 0100 |
299 | 0x0445, // 43 = 0010 1011 -> 0000 0100 0100 0101 | 296 | 0x0445, // 43 = 0010 1011 -> 0000 0100 0100 0101 |
300 | 0x0450, // 44 = 0010 1100 -> 0000 0100 0101 0000 | 297 | 0x0450, // 44 = 0010 1100 -> 0000 0100 0101 0000 |
301 | 0x0451, // 45 = 0010 1101 -> 0000 0100 0101 0001 | 298 | 0x0451, // 45 = 0010 1101 -> 0000 0100 0101 0001 |
302 | 0x0454, // 46 = 0010 1110 -> 0000 0100 0101 0100 | 299 | 0x0454, // 46 = 0010 1110 -> 0000 0100 0101 0100 |
303 | 0x0455, // 47 = 0010 1111 -> 0000 0100 0101 0101 | 300 | 0x0455, // 47 = 0010 1111 -> 0000 0100 0101 0101 |
304 | 301 | ||
305 | 0x0500, // 48 = 0011 0000 -> 0000 0101 0000 0000 | 302 | 0x0500, // 48 = 0011 0000 -> 0000 0101 0000 0000 |
306 | 0x0501, // 49 = 0011 0001 -> 0000 0101 0000 0001 | 303 | 0x0501, // 49 = 0011 0001 -> 0000 0101 0000 0001 |
307 | 0x0504, // 50 = 0011 0010 -> 0000 0101 0000 0100 | 304 | 0x0504, // 50 = 0011 0010 -> 0000 0101 0000 0100 |
308 | 0x0505, // 51 = 0011 0011 -> 0000 0101 0000 0101 | 305 | 0x0505, // 51 = 0011 0011 -> 0000 0101 0000 0101 |
309 | 0x0510, // 52 = 0011 0100 -> 0000 0101 0001 0000 | 306 | 0x0510, // 52 = 0011 0100 -> 0000 0101 0001 0000 |
310 | 0x0511, // 53 = 0011 0101 -> 0000 0101 0001 0001 | 307 | 0x0511, // 53 = 0011 0101 -> 0000 0101 0001 0001 |
311 | 0x0514, // 54 = 0011 0110 -> 0000 0101 0001 0100 | 308 | 0x0514, // 54 = 0011 0110 -> 0000 0101 0001 0100 |
312 | 0x0515, // 55 = 0011 0111 -> 0000 0101 0001 0101 | 309 | 0x0515, // 55 = 0011 0111 -> 0000 0101 0001 0101 |
313 | 0x0540, // 56 = 0011 1000 -> 0000 0101 0100 0000 | 310 | 0x0540, // 56 = 0011 1000 -> 0000 0101 0100 0000 |
314 | 0x0541, // 57 = 0011 1001 -> 0000 0101 0100 0001 | 311 | 0x0541, // 57 = 0011 1001 -> 0000 0101 0100 0001 |
315 | 0x0544, // 58 = 0011 1010 -> 0000 0101 0100 0100 | 312 | 0x0544, // 58 = 0011 1010 -> 0000 0101 0100 0100 |
316 | 0x0545, // 59 = 0011 1011 -> 0000 0101 0100 0101 | 313 | 0x0545, // 59 = 0011 1011 -> 0000 0101 0100 0101 |
317 | 0x0550, // 60 = 0011 1100 -> 0000 0101 0101 0000 | 314 | 0x0550, // 60 = 0011 1100 -> 0000 0101 0101 0000 |
318 | 0x0551, // 61 = 0011 1101 -> 0000 0101 0101 0001 | 315 | 0x0551, // 61 = 0011 1101 -> 0000 0101 0101 0001 |
319 | 0x0554, // 62 = 0011 1110 -> 0000 0101 0101 0100 | 316 | 0x0554, // 62 = 0011 1110 -> 0000 0101 0101 0100 |
320 | 0x0555, // 63 = 0011 1111 -> 0000 0101 0101 0101 | 317 | 0x0555, // 63 = 0011 1111 -> 0000 0101 0101 0101 |
321 | 318 | ||
322 | 0x1000, // 64 = 0100 0000 -> 0001 0000 0000 0000 | 319 | 0x1000, // 64 = 0100 0000 -> 0001 0000 0000 0000 |
323 | 0x1001, // 65 = 0100 0001 -> 0001 0000 0000 0001 | 320 | 0x1001, // 65 = 0100 0001 -> 0001 0000 0000 0001 |
324 | 0x1004, // 66 = 0100 0010 -> 0001 0000 0000 0100 | 321 | 0x1004, // 66 = 0100 0010 -> 0001 0000 0000 0100 |
325 | 0x1005, // 67 = 0100 0011 -> 0001 0000 0000 0101 | 322 | 0x1005, // 67 = 0100 0011 -> 0001 0000 0000 0101 |
326 | 0x1010, // 68 = 0100 0100 -> 0001 0000 0001 0000 | 323 | 0x1010, // 68 = 0100 0100 -> 0001 0000 0001 0000 |
327 | 0x1011, // 69 = 0100 0101 -> 0001 0000 0001 0001 | 324 | 0x1011, // 69 = 0100 0101 -> 0001 0000 0001 0001 |
328 | 0x1014, // 70 = 0100 0110 -> 0001 0000 0001 0100 | 325 | 0x1014, // 70 = 0100 0110 -> 0001 0000 0001 0100 |
329 | 0x1015, // 71 = 0100 0111 -> 0001 0000 0001 0101 | 326 | 0x1015, // 71 = 0100 0111 -> 0001 0000 0001 0101 |
330 | 0x1040, // 72 = 0100 1000 -> 0001 0000 0100 0000 | 327 | 0x1040, // 72 = 0100 1000 -> 0001 0000 0100 0000 |
331 | 0x1041, // 73 = 0100 1001 -> 0001 0000 0100 0001 | 328 | 0x1041, // 73 = 0100 1001 -> 0001 0000 0100 0001 |
332 | 0x1044, // 74 = 0100 1010 -> 0001 0000 0100 0100 | 329 | 0x1044, // 74 = 0100 1010 -> 0001 0000 0100 0100 |
333 | 0x1045, // 75 = 0100 1011 -> 0001 0000 0100 0101 | 330 | 0x1045, // 75 = 0100 1011 -> 0001 0000 0100 0101 |
334 | 0x1050, // 76 = 0100 1100 -> 0001 0000 0101 0000 | 331 | 0x1050, // 76 = 0100 1100 -> 0001 0000 0101 0000 |
335 | 0x1051, // 77 = 0100 1101 -> 0001 0000 0101 0001 | 332 | 0x1051, // 77 = 0100 1101 -> 0001 0000 0101 0001 |
336 | 0x1054, // 78 = 0100 1110 -> 0001 0000 0101 0100 | 333 | 0x1054, // 78 = 0100 1110 -> 0001 0000 0101 0100 |
337 | 0x1055, // 79 = 0100 1111 -> 0001 0000 0101 0101 | 334 | 0x1055, // 79 = 0100 1111 -> 0001 0000 0101 0101 |
338 | 335 | ||
339 | 0x1100, // 80 = 0101 0000 -> 0001 0001 0000 0000 | 336 | 0x1100, // 80 = 0101 0000 -> 0001 0001 0000 0000 |
340 | 0x1101, // 81 = 0101 0001 -> 0001 0001 0000 0001 | 337 | 0x1101, // 81 = 0101 0001 -> 0001 0001 0000 0001 |
341 | 0x1104, // 82 = 0101 0010 -> 0001 0001 0000 0100 | 338 | 0x1104, // 82 = 0101 0010 -> 0001 0001 0000 0100 |
342 | 0x1105, // 83 = 0101 0011 -> 0001 0001 0000 0101 | 339 | 0x1105, // 83 = 0101 0011 -> 0001 0001 0000 0101 |
343 | 0x1110, // 84 = 0101 0100 -> 0001 0001 0001 0000 | 340 | 0x1110, // 84 = 0101 0100 -> 0001 0001 0001 0000 |
344 | 0x1111, // 85 = 0101 0101 -> 0001 0001 0001 0001 | 341 | 0x1111, // 85 = 0101 0101 -> 0001 0001 0001 0001 |
345 | 0x1114, // 86 = 0101 0110 -> 0001 0001 0001 0100 | 342 | 0x1114, // 86 = 0101 0110 -> 0001 0001 0001 0100 |
346 | 0x1115, // 87 = 0101 0111 -> 0001 0001 0001 0101 | 343 | 0x1115, // 87 = 0101 0111 -> 0001 0001 0001 0101 |
347 | 0x1140, // 88 = 0101 1000 -> 0001 0001 0100 0000 | 344 | 0x1140, // 88 = 0101 1000 -> 0001 0001 0100 0000 |
348 | 0x1141, // 89 = 0101 1001 -> 0001 0001 0100 0001 | 345 | 0x1141, // 89 = 0101 1001 -> 0001 0001 0100 0001 |
349 | 0x1144, // 90 = 0101 1010 -> 0001 0001 0100 0100 | 346 | 0x1144, // 90 = 0101 1010 -> 0001 0001 0100 0100 |
350 | 0x1145, // 91 = 0101 1011 -> 0001 0001 0100 0101 | 347 | 0x1145, // 91 = 0101 1011 -> 0001 0001 0100 0101 |
351 | 0x1150, // 92 = 0101 1100 -> 0001 0001 0101 0000 | 348 | 0x1150, // 92 = 0101 1100 -> 0001 0001 0101 0000 |
352 | 0x1151, // 93 = 0101 1101 -> 0001 0001 0101 0001 | 349 | 0x1151, // 93 = 0101 1101 -> 0001 0001 0101 0001 |
353 | 0x1154, // 94 = 0101 1110 -> 0001 0001 0101 0100 | 350 | 0x1154, // 94 = 0101 1110 -> 0001 0001 0101 0100 |
354 | 0x1155, // 95 = 0101 1111 -> 0001 0001 0101 0101 | 351 | 0x1155, // 95 = 0101 1111 -> 0001 0001 0101 0101 |
355 | 352 | ||
356 | 0x1400, // 96 = 0110 0000 -> 0001 0100 0000 0000 | 353 | 0x1400, // 96 = 0110 0000 -> 0001 0100 0000 0000 |
357 | 0x1401, // 97 = 0110 0001 -> 0001 0100 0000 0001 | 354 | 0x1401, // 97 = 0110 0001 -> 0001 0100 0000 0001 |
358 | 0x1404, // 98 = 0110 0010 -> 0001 0100 0000 0100 | 355 | 0x1404, // 98 = 0110 0010 -> 0001 0100 0000 0100 |
359 | 0x1405, // 99 = 0110 0011 -> 0001 0100 0000 0101 | 356 | 0x1405, // 99 = 0110 0011 -> 0001 0100 0000 0101 |
360 | 0x1410, //100 = 0110 0100 -> 0001 0100 0001 0000 | 357 | 0x1410, //100 = 0110 0100 -> 0001 0100 0001 0000 |
361 | 0x1411, //101 = 0110 0101 -> 0001 0100 0001 0001 | 358 | 0x1411, //101 = 0110 0101 -> 0001 0100 0001 0001 |
362 | 0x1414, //102 = 0110 0110 -> 0001 0100 0001 0100 | 359 | 0x1414, //102 = 0110 0110 -> 0001 0100 0001 0100 |
363 | 0x1415, //103 = 0110 0111 -> 0001 0100 0001 0101 | 360 | 0x1415, //103 = 0110 0111 -> 0001 0100 0001 0101 |
364 | 0x1440, //104 = 0110 1000 -> 0001 0100 0100 0000 | 361 | 0x1440, //104 = 0110 1000 -> 0001 0100 0100 0000 |
365 | 0x1441, //105 = 0110 1001 -> 0001 0100 0100 0001 | 362 | 0x1441, //105 = 0110 1001 -> 0001 0100 0100 0001 |
366 | 0x1444, //106 = 0110 1010 -> 0001 0100 0100 0100 | 363 | 0x1444, //106 = 0110 1010 -> 0001 0100 0100 0100 |
367 | 0x1445, //107 = 0110 1011 -> 0001 0100 0100 0101 | 364 | 0x1445, //107 = 0110 1011 -> 0001 0100 0100 0101 |
368 | 0x1450, //108 = 0110 1100 -> 0001 0100 0101 0000 | 365 | 0x1450, //108 = 0110 1100 -> 0001 0100 0101 0000 |
369 | 0x1451, //109 = 0110 1101 -> 0001 0100 0101 0001 | 366 | 0x1451, //109 = 0110 1101 -> 0001 0100 0101 0001 |
370 | 0x1454, //110 = 0110 1110 -> 0001 0100 0101 0100 | 367 | 0x1454, //110 = 0110 1110 -> 0001 0100 0101 0100 |
371 | 0x1455, //111 = 0110 1111 -> 0001 0100 0101 0101 | 368 | 0x1455, //111 = 0110 1111 -> 0001 0100 0101 0101 |
372 | 369 | ||
373 | 0x1500, //112 = 0111 0000 -> 0001 0101 0000 0000 | 370 | 0x1500, //112 = 0111 0000 -> 0001 0101 0000 0000 |
374 | 0x1501, //113 = 0111 0001 -> 0001 0101 0000 0001 | 371 | 0x1501, //113 = 0111 0001 -> 0001 0101 0000 0001 |
375 | 0x1504, //114 = 0111 0010 -> 0001 0101 0000 0100 | 372 | 0x1504, //114 = 0111 0010 -> 0001 0101 0000 0100 |
376 | 0x1505, //115 = 0111 0011 -> 0001 0101 0000 0101 | 373 | 0x1505, //115 = 0111 0011 -> 0001 0101 0000 0101 |
377 | 0x1510, //116 = 0111 0100 -> 0001 0101 0001 0000 | 374 | 0x1510, //116 = 0111 0100 -> 0001 0101 0001 0000 |
378 | 0x1511, //117 = 0111 0101 -> 0001 0101 0001 0001 | 375 | 0x1511, //117 = 0111 0101 -> 0001 0101 0001 0001 |
379 | 0x1514, //118 = 0111 0110 -> 0001 0101 0001 0100 | 376 | 0x1514, //118 = 0111 0110 -> 0001 0101 0001 0100 |
380 | 0x1515, //119 = 0111 0111 -> 0001 0101 0001 0101 | 377 | 0x1515, //119 = 0111 0111 -> 0001 0101 0001 0101 |
381 | 0x1540, //120 = 0111 1000 -> 0001 0101 0100 0000 | 378 | 0x1540, //120 = 0111 1000 -> 0001 0101 0100 0000 |
382 | 0x1541, //121 = 0111 1001 -> 0001 0101 0100 0001 | 379 | 0x1541, //121 = 0111 1001 -> 0001 0101 0100 0001 |
383 | 0x1544, //122 = 0111 1010 -> 0001 0101 0100 0100 | 380 | 0x1544, //122 = 0111 1010 -> 0001 0101 0100 0100 |
384 | 0x1545, //123 = 0111 1011 -> 0001 0101 0100 0101 | 381 | 0x1545, //123 = 0111 1011 -> 0001 0101 0100 0101 |
385 | 0x1550, //124 = 0111 1100 -> 0001 0101 0101 0000 | 382 | 0x1550, //124 = 0111 1100 -> 0001 0101 0101 0000 |
386 | 0x1551, //125 = 0111 1101 -> 0001 0101 0101 0001 | 383 | 0x1551, //125 = 0111 1101 -> 0001 0101 0101 0001 |
387 | 0x1554, //126 = 0111 1110 -> 0001 0101 0101 0100 | 384 | 0x1554, //126 = 0111 1110 -> 0001 0101 0101 0100 |
388 | 0x1555, //127 = 0111 1111 -> 0001 0101 0101 0101 | 385 | 0x1555, //127 = 0111 1111 -> 0001 0101 0101 0101 |
389 | 386 | ||
390 | 0x4000, //128 = 1000 0000 -> 0100 0000 0000 0000 | 387 | 0x4000, //128 = 1000 0000 -> 0100 0000 0000 0000 |
391 | 0x4001, //129 = 1000 0001 -> 0100 0000 0000 0001 | 388 | 0x4001, //129 = 1000 0001 -> 0100 0000 0000 0001 |
392 | 0x4004, //130 = 1000 0010 -> 0100 0000 0000 0100 | 389 | 0x4004, //130 = 1000 0010 -> 0100 0000 0000 0100 |
393 | 0x4005, //131 = 1000 0011 -> 0100 0000 0000 0101 | 390 | 0x4005, //131 = 1000 0011 -> 0100 0000 0000 0101 |
394 | 0x4010, //132 = 1000 0100 -> 0100 0000 0001 0000 | 391 | 0x4010, //132 = 1000 0100 -> 0100 0000 0001 0000 |
395 | 0x4011, //133 = 1000 0101 -> 0100 0000 0001 0001 | 392 | 0x4011, //133 = 1000 0101 -> 0100 0000 0001 0001 |
396 | 0x4014, //134 = 1000 0110 -> 0100 0000 0001 0100 | 393 | 0x4014, //134 = 1000 0110 -> 0100 0000 0001 0100 |
397 | 0x4015, //135 = 1000 0111 -> 0100 0000 0001 0101 | 394 | 0x4015, //135 = 1000 0111 -> 0100 0000 0001 0101 |
398 | 0x4040, //136 = 1000 1000 -> 0100 0000 0100 0000 | 395 | 0x4040, //136 = 1000 1000 -> 0100 0000 0100 0000 |
399 | 0x4041, //137 = 1000 1001 -> 0100 0000 0100 0001 | 396 | 0x4041, //137 = 1000 1001 -> 0100 0000 0100 0001 |
400 | 0x4044, //138 = 1000 1010 -> 0100 0000 0100 0100 | 397 | 0x4044, //138 = 1000 1010 -> 0100 0000 0100 0100 |
401 | 0x4045, //139 = 1000 1011 -> 0100 0000 0100 0101 | 398 | 0x4045, //139 = 1000 1011 -> 0100 0000 0100 0101 |
402 | 0x4050, //140 = 1000 1100 -> 0100 0000 0101 0000 | 399 | 0x4050, //140 = 1000 1100 -> 0100 0000 0101 0000 |
403 | 0x4051, //141 = 1000 1101 -> 0100 0000 0101 0001 | 400 | 0x4051, //141 = 1000 1101 -> 0100 0000 0101 0001 |
404 | 0x4054, //142 = 1000 1110 -> 0100 0000 0101 0100 | 401 | 0x4054, //142 = 1000 1110 -> 0100 0000 0101 0100 |
405 | 0x4055, //143 = 1000 1111 -> 0100 0000 0101 0101 | 402 | 0x4055, //143 = 1000 1111 -> 0100 0000 0101 0101 |
406 | 403 | ||
407 | 0x4100, //144 = 1001 0000 -> 0100 0001 0000 0000 | 404 | 0x4100, //144 = 1001 0000 -> 0100 0001 0000 0000 |
408 | 0x4101, //145 = 1001 0001 -> 0100 0001 0000 0001 | 405 | 0x4101, //145 = 1001 0001 -> 0100 0001 0000 0001 |
diff --git a/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Point.js b/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Point.js index f0739bc..6661839 100644 --- a/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Point.js +++ b/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Point.js | |||
@@ -1,67 +1,64 @@ | |||
1 | /* | 1 | /* |
2 | 2 | ||
3 | Copyright 2008-2011 Clipperz Srl | 3 | Copyright 2008-2011 Clipperz Srl |
4 | 4 | ||
5 | This file is part of Clipperz's Javascript Crypto Library. | 5 | This file is part of Clipperz Community Edition. |
6 | Javascript Crypto Library provides web developers with an extensive | 6 | Clipperz Community Edition is an online password manager. |
7 | and efficient set of cryptographic functions. The library aims to | ||
8 | obtain maximum execution speed while preserving modularity and | ||
9 | reusability. | ||
10 | For further information about its features and functionalities please | 7 | For further information about its features and functionalities please |
11 | refer to http://www.clipperz.com | 8 | refer to http://www.clipperz.com. |
12 | 9 | ||
13 | * Javascript Crypto Library is free software: you can redistribute | 10 | * Clipperz Community Edition is free software: you can redistribute |
14 | it and/or modify it under the terms of the GNU Affero General Public | 11 | it and/or modify it under the terms of the GNU Affero General Public |
15 | License as published by the Free Software Foundation, either version | 12 | License as published by the Free Software Foundation, either version |
16 | 3 of the License, or (at your option) any later version. | 13 | 3 of the License, or (at your option) any later version. |
17 | 14 | ||
18 | * Javascript Crypto Library is distributed in the hope that it will | 15 | * Clipperz Community Edition is distributed in the hope that it will |
19 | be useful, but WITHOUT ANY WARRANTY; without even the implied | 16 | be useful, but WITHOUT ANY WARRANTY; without even the implied |
20 | warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | 17 | warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
21 | See the GNU Affero General Public License for more details. | 18 | See the GNU Affero General Public License for more details. |
22 | 19 | ||
23 | * You should have received a copy of the GNU Affero General Public | 20 | * You should have received a copy of the GNU Affero General Public |
24 | License along with Javascript Crypto Library. If not, see | 21 | License along with Clipperz Community Edition. If not, see |
25 | <http://www.gnu.org/licenses/>. | 22 | <http://www.gnu.org/licenses/>. |
26 | 23 | ||
27 | */ | 24 | */ |
28 | 25 | ||
29 | try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) { | 26 | try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) { |
30 | throw "Clipperz.Crypto.ECC depends on Clipperz.ByteArray!"; | 27 | throw "Clipperz.Crypto.ECC depends on Clipperz.ByteArray!"; |
31 | } | 28 | } |
32 | if (typeof(Clipperz.Crypto.ECC) == 'undefined') { Clipperz.Crypto.ECC = {}; } | 29 | if (typeof(Clipperz.Crypto.ECC) == 'undefined') { Clipperz.Crypto.ECC = {}; } |
33 | if (typeof(Clipperz.Crypto.ECC.BinaryField) == 'undefined') { Clipperz.Crypto.ECC.BinaryField = {}; } | 30 | if (typeof(Clipperz.Crypto.ECC.BinaryField) == 'undefined') { Clipperz.Crypto.ECC.BinaryField = {}; } |
34 | 31 | ||
35 | Clipperz.Crypto.ECC.BinaryField.Point = function(args) { | 32 | Clipperz.Crypto.ECC.BinaryField.Point = function(args) { |
36 | args = args || {}; | 33 | args = args || {}; |
37 | this._x = args.x; | 34 | this._x = args.x; |
38 | this._y = args.y; | 35 | this._y = args.y; |
39 | 36 | ||
40 | return this; | 37 | return this; |
41 | } | 38 | } |
42 | 39 | ||
43 | Clipperz.Crypto.ECC.BinaryField.Point.prototype = MochiKit.Base.update(null, { | 40 | Clipperz.Crypto.ECC.BinaryField.Point.prototype = MochiKit.Base.update(null, { |
44 | 41 | ||
45 | 'asString': function() { | 42 | 'asString': function() { |
46 | return "Clipperz.Crypto.ECC.BinaryField.Point (" + this.x() + ", " + this.y() + ")"; | 43 | return "Clipperz.Crypto.ECC.BinaryField.Point (" + this.x() + ", " + this.y() + ")"; |
47 | }, | 44 | }, |
48 | 45 | ||
49 | //----------------------------------------------------------------------------- | 46 | //----------------------------------------------------------------------------- |
50 | 47 | ||
51 | 'x': function() { | 48 | 'x': function() { |
52 | return this._x; | 49 | return this._x; |
53 | }, | 50 | }, |
54 | 51 | ||
55 | 'y': function() { | 52 | 'y': function() { |
56 | return this._y; | 53 | return this._y; |
57 | }, | 54 | }, |
58 | 55 | ||
59 | //----------------------------------------------------------------------------- | 56 | //----------------------------------------------------------------------------- |
60 | 57 | ||
61 | 'isZero': function() { | 58 | 'isZero': function() { |
62 | return (this.x().isZero() && this.y().isZero()) | 59 | return (this.x().isZero() && this.y().isZero()) |
63 | }, | 60 | }, |
64 | 61 | ||
65 | //----------------------------------------------------------------------------- | 62 | //----------------------------------------------------------------------------- |
66 | __syntaxFix__: "syntax fix" | 63 | __syntaxFix__: "syntax fix" |
67 | }); | 64 | }); |
diff --git a/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Value.js b/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Value.js index 10d055e..b5beafa 100644 --- a/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Value.js +++ b/frontend/beta/js/Clipperz/Crypto/ECC/BinaryField/Value.js | |||
@@ -1,377 +1,374 @@ | |||
1 | /* | 1 | /* |
2 | 2 | ||
3 | Copyright 2008-2011 Clipperz Srl | 3 | Copyright 2008-2011 Clipperz Srl |
4 | 4 | ||
5 | This file is part of Clipperz's Javascript Crypto Library. | 5 | This file is part of Clipperz Community Edition. |
6 | Javascript Crypto Library provides web developers with an extensive | 6 | Clipperz Community Edition is an online password manager. |
7 | and efficient set of cryptographic functions. The library aims to | ||
8 | obtain maximum execution speed while preserving modularity and | ||
9 | reusability. | ||
10 | For further information about its features and functionalities please | 7 | For further information about its features and functionalities please |
11 | refer to http://www.clipperz.com | 8 | refer to http://www.clipperz.com. |
12 | 9 | ||
13 | * Javascript Crypto Library is free software: you can redistribute | 10 | * Clipperz Community Edition is free software: you can redistribute |
14 | it and/or modify it under the terms of the GNU Affero General Public | 11 | it and/or modify it under the terms of the GNU Affero General Public |
15 | License as published by the Free Software Foundation, either version | 12 | License as published by the Free Software Foundation, either version |
16 | 3 of the License, or (at your option) any later version. | 13 | 3 of the License, or (at your option) any later version. |
17 | 14 | ||
18 | * Javascript Crypto Library is distributed in the hope that it will | 15 | * Clipperz Community Edition is distributed in the hope that it will |
19 | be useful, but WITHOUT ANY WARRANTY; without even the implied | 16 | be useful, but WITHOUT ANY WARRANTY; without even the implied |
20 | warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | 17 | warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
21 | See the GNU Affero General Public License for more details. | 18 | See the GNU Affero General Public License for more details. |
22 | 19 | ||
23 | * You should have received a copy of the GNU Affero General Public | 20 | * You should have received a copy of the GNU Affero General Public |
24 | License along with Javascript Crypto Library. If not, see | 21 | License along with Clipperz Community Edition. If not, see |
25 | <http://www.gnu.org/licenses/>. | 22 | <http://www.gnu.org/licenses/>. |
26 | 23 | ||
27 | */ | 24 | */ |
28 | 25 | ||
29 | try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) { | 26 | try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) { |
30 | throw "Clipperz.Crypto.ECC depends on Clipperz.ByteArray!"; | 27 | throw "Clipperz.Crypto.ECC depends on Clipperz.ByteArray!"; |
31 | } | 28 | } |
32 | if (typeof(Clipperz.Crypto.ECC) == 'undefined') { Clipperz.Crypto.ECC = {}; } | 29 | if (typeof(Clipperz.Crypto.ECC) == 'undefined') { Clipperz.Crypto.ECC = {}; } |
33 | if (typeof(Clipperz.Crypto.ECC.BinaryField) == 'undefined') { Clipperz.Crypto.ECC.BinaryField = {}; } | 30 | if (typeof(Clipperz.Crypto.ECC.BinaryField) == 'undefined') { Clipperz.Crypto.ECC.BinaryField = {}; } |
34 | 31 | ||
35 | Clipperz.Crypto.ECC.BinaryField.Value = function(aValue, aBase) { | 32 | Clipperz.Crypto.ECC.BinaryField.Value = function(aValue, aBase) { |
36 | if (aValue.constructor == String) { | 33 | if (aValue.constructor == String) { |
37 | varvalue; | 34 | varvalue; |
38 | varstringLength; | 35 | varstringLength; |
39 | var numberOfWords; | 36 | var numberOfWords; |
40 | vari,c; | 37 | vari,c; |
41 | 38 | ||
42 | if (aBase != 16) { | 39 | if (aBase != 16) { |
43 | throw Clipperz.Crypto.ECC.BinaryField.Value.exception.UnsupportedBase; | 40 | throw Clipperz.Crypto.ECC.BinaryField.Value.exception.UnsupportedBase; |
44 | } | 41 | } |
45 | 42 | ||
46 | value = aValue.replace(/ /g, ''); | 43 | value = aValue.replace(/ /g, ''); |
47 | stringLength = value.length; | 44 | stringLength = value.length; |
48 | numberOfWords = Math.ceil(stringLength / 8); | 45 | numberOfWords = Math.ceil(stringLength / 8); |
49 | this._value = new Array(numberOfWords); | 46 | this._value = new Array(numberOfWords); |
50 | 47 | ||
51 | c = numberOfWords; | 48 | c = numberOfWords; |
52 | for (i=0; i<c; i++) { | 49 | for (i=0; i<c; i++) { |
53 | varword; | 50 | varword; |
54 | 51 | ||
55 | if (i < (c-1)) { | 52 | if (i < (c-1)) { |
56 | word = parseInt(value.substr(stringLength-((i+1)*8), 8), 16); | 53 | word = parseInt(value.substr(stringLength-((i+1)*8), 8), 16); |
57 | } else { | 54 | } else { |
58 | word = parseInt(value.substr(0, stringLength-(i*8)), 16); | 55 | word = parseInt(value.substr(0, stringLength-(i*8)), 16); |
59 | } | 56 | } |
60 | 57 | ||
61 | this._value[i] = word; | 58 | this._value[i] = word; |
62 | } | 59 | } |
63 | } else if (aValue.constructor == Array) { | 60 | } else if (aValue.constructor == Array) { |
64 | var itemsToCopy; | 61 | var itemsToCopy; |
65 | 62 | ||
66 | itemsToCopy = aValue.length; | 63 | itemsToCopy = aValue.length; |
67 | while (aValue[itemsToCopy - 1] == 0) { | 64 | while (aValue[itemsToCopy - 1] == 0) { |
68 | itemsToCopy --; | 65 | itemsToCopy --; |
69 | } | 66 | } |
70 | 67 | ||
71 | this._value = aValue.slice(0, itemsToCopy); | 68 | this._value = aValue.slice(0, itemsToCopy); |
72 | } else if (aValue.constructor == Number) { | 69 | } else if (aValue.constructor == Number) { |
73 | this._value = [aValue]; | 70 | this._value = [aValue]; |
74 | } else { | 71 | } else { |
75 | // throw Clipperz.Crypto.ECC.BinaryField.Value.exception.UnsupportedConstructorValueType; | 72 | // throw Clipperz.Crypto.ECC.BinaryField.Value.exception.UnsupportedConstructorValueType; |
76 | } | 73 | } |
77 | 74 | ||
78 | return this; | 75 | return this; |
79 | } | 76 | } |
80 | 77 | ||
81 | Clipperz.Crypto.ECC.BinaryField.Value.prototype = MochiKit.Base.update(null, { | 78 | Clipperz.Crypto.ECC.BinaryField.Value.prototype = MochiKit.Base.update(null, { |
82 | 79 | ||
83 | 'value': function() { | 80 | 'value': function() { |
84 | return this._value; | 81 | return this._value; |
85 | }, | 82 | }, |
86 | 83 | ||
87 | //----------------------------------------------------------------------------- | 84 | //----------------------------------------------------------------------------- |
88 | 85 | ||
89 | 'wordSize': function() { | 86 | 'wordSize': function() { |
90 | return this._value.length | 87 | return this._value.length |
91 | }, | 88 | }, |
92 | 89 | ||
93 | //----------------------------------------------------------------------------- | 90 | //----------------------------------------------------------------------------- |
94 | 91 | ||
95 | 'clone': function() { | 92 | 'clone': function() { |
96 | return new Clipperz.Crypto.ECC.BinaryField.Value(this._value.slice(0)); | 93 | return new Clipperz.Crypto.ECC.BinaryField.Value(this._value.slice(0)); |
97 | }, | 94 | }, |
98 | 95 | ||
99 | //----------------------------------------------------------------------------- | 96 | //----------------------------------------------------------------------------- |
100 | 97 | ||
101 | 'isZero': function() { | 98 | 'isZero': function() { |
102 | return (this.compare(Clipperz.Crypto.ECC.BinaryField.Value.O) == 0); | 99 | return (this.compare(Clipperz.Crypto.ECC.BinaryField.Value.O) == 0); |
103 | }, | 100 | }, |
104 | 101 | ||
105 | //----------------------------------------------------------------------------- | 102 | //----------------------------------------------------------------------------- |
106 | 103 | ||
107 | 'asString': function(aBase) { | 104 | 'asString': function(aBase) { |
108 | varresult; | 105 | varresult; |
109 | var i,c; | 106 | var i,c; |
110 | 107 | ||
111 | if (aBase != 16) { | 108 | if (aBase != 16) { |
112 | throw Clipperz.Crypto.ECC.BinaryField.Value.exception.UnsupportedBase; | 109 | throw Clipperz.Crypto.ECC.BinaryField.Value.exception.UnsupportedBase; |
113 | } | 110 | } |
114 | 111 | ||
115 | result = ""; | 112 | result = ""; |
116 | c = this.wordSize(); | 113 | c = this.wordSize(); |
117 | for (i=0; i<c; i++) { | 114 | for (i=0; i<c; i++) { |
118 | varwordAsString; | 115 | varwordAsString; |
119 | 116 | ||
120 | // wordAsString = ("00000000" + this.value()[i].toString(16)); | 117 | // wordAsString = ("00000000" + this.value()[i].toString(16)); |
121 | wordAsString = ("00000000" + this._value[i].toString(16)); | 118 | wordAsString = ("00000000" + this._value[i].toString(16)); |
122 | wordAsString = wordAsString.substring(wordAsString.length - 8); | 119 | wordAsString = wordAsString.substring(wordAsString.length - 8); |
123 | result = wordAsString + result; | 120 | result = wordAsString + result; |
124 | } | 121 | } |
125 | 122 | ||
126 | result = result.replace(/^(00)*/, ""); | 123 | result = result.replace(/^(00)*/, ""); |
127 | 124 | ||
128 | if (result == "") { | 125 | if (result == "") { |
129 | result = "0"; | 126 | result = "0"; |
130 | } | 127 | } |
131 | 128 | ||
132 | return result; | 129 | return result; |
133 | }, | 130 | }, |
134 | 131 | ||
135 | //----------------------------------------------------------------------------- | 132 | //----------------------------------------------------------------------------- |
136 | 133 | ||
137 | 'shiftLeft': function(aNumberOfBitsToShift) { | 134 | 'shiftLeft': function(aNumberOfBitsToShift) { |
138 | return new Clipperz.Crypto.ECC.BinaryField.Value(Clipperz.Crypto.ECC.BinaryField.Value._shiftLeft(this._value, aNumberOfBitsToShift)); | 135 | return new Clipperz.Crypto.ECC.BinaryField.Value(Clipperz.Crypto.ECC.BinaryField.Value._shiftLeft(this._value, aNumberOfBitsToShift)); |
139 | }, | 136 | }, |
140 | 137 | ||
141 | //----------------------------------------------------------------------------- | 138 | //----------------------------------------------------------------------------- |
142 | 139 | ||
143 | 'bitSize': function() { | 140 | 'bitSize': function() { |
144 | return Clipperz.Crypto.ECC.BinaryField.Value._bitSize(this._value); | 141 | return Clipperz.Crypto.ECC.BinaryField.Value._bitSize(this._value); |
145 | }, | 142 | }, |
146 | 143 | ||
147 | //----------------------------------------------------------------------------- | 144 | //----------------------------------------------------------------------------- |
148 | 145 | ||
149 | 'isBitSet': function(aBitPosition) { | 146 | 'isBitSet': function(aBitPosition) { |
150 | return Clipperz.Crypto.ECC.BinaryField.Value._isBitSet(this._value, aBitPosition); | 147 | return Clipperz.Crypto.ECC.BinaryField.Value._isBitSet(this._value, aBitPosition); |
151 | }, | 148 | }, |
152 | 149 | ||
153 | //----------------------------------------------------------------------------- | 150 | //----------------------------------------------------------------------------- |
154 | 151 | ||
155 | 'xor': function(aValue) { | 152 | 'xor': function(aValue) { |
156 | return new Clipperz.Crypto.ECC.BinaryField.Value(Clipperz.Crypto.ECC.BinaryField.Value._xor(this._value, aValue._value)); | 153 | return new Clipperz.Crypto.ECC.BinaryField.Value(Clipperz.Crypto.ECC.BinaryField.Value._xor(this._value, aValue._value)); |
157 | }, | 154 | }, |
158 | 155 | ||
159 | //----------------------------------------------------------------------------- | 156 | //----------------------------------------------------------------------------- |
160 | 157 | ||
161 | 'compare': function(aValue) { | 158 | 'compare': function(aValue) { |
162 | return Clipperz.Crypto.ECC.BinaryField.Value._compare(this._value, aValue._value); | 159 | return Clipperz.Crypto.ECC.BinaryField.Value._compare(this._value, aValue._value); |
163 | }, | 160 | }, |
164 | 161 | ||
165 | //----------------------------------------------------------------------------- | 162 | //----------------------------------------------------------------------------- |
166 | __syntaxFix__: "syntax fix" | 163 | __syntaxFix__: "syntax fix" |
167 | }); | 164 | }); |
168 | 165 | ||
169 | Clipperz.Crypto.ECC.BinaryField.Value.O = new Clipperz.Crypto.ECC.BinaryField.Value('0', 16); | 166 | Clipperz.Crypto.ECC.BinaryField.Value.O = new Clipperz.Crypto.ECC.BinaryField.Value('0', 16); |
170 | Clipperz.Crypto.ECC.BinaryField.Value.I = new Clipperz.Crypto.ECC.BinaryField.Value('1', 16); | 167 | Clipperz.Crypto.ECC.BinaryField.Value.I = new Clipperz.Crypto.ECC.BinaryField.Value('1', 16); |
171 | 168 | ||
172 | Clipperz.Crypto.ECC.BinaryField.Value._xor = function(a, b, aFirstItemOffset) { | 169 | Clipperz.Crypto.ECC.BinaryField.Value._xor = function(a, b, aFirstItemOffset) { |
173 | var result; | 170 | var result; |
174 | var resultSize; | 171 | var resultSize; |
175 | var i,c; | 172 | var i,c; |
176 | var firstItemOffset; | 173 | var firstItemOffset; |
177 | 174 | ||
178 | firstItemOffset = aFirstItemOffset || 0; | 175 | firstItemOffset = aFirstItemOffset || 0; |
179 | resultSize = Math.max((a.length - firstItemOffset), b.length) + firstItemOffset; | 176 | resultSize = Math.max((a.length - firstItemOffset), b.length) + firstItemOffset; |
180 | 177 | ||
181 | result = new Array(resultSize); | 178 | result = new Array(resultSize); |
182 | 179 | ||
183 | c = firstItemOffset; | 180 | c = firstItemOffset; |
184 | for (i=0; i<c; i++) { | 181 | for (i=0; i<c; i++) { |
185 | result[i] = a[i]; | 182 | result[i] = a[i]; |
186 | } | 183 | } |
187 | 184 | ||
188 | c = resultSize; | 185 | c = resultSize; |
189 | for (i=firstItemOffset; i<c; i++) { | 186 | for (i=firstItemOffset; i<c; i++) { |
190 | result[i] = (((a[i] || 0) ^ (b[i - firstItemOffset] || 0)) >>> 0); | 187 | result[i] = (((a[i] || 0) ^ (b[i - firstItemOffset] || 0)) >>> 0); |
191 | } | 188 | } |
192 | 189 | ||
193 | return result; | 190 | return result; |
194 | }; | 191 | }; |
195 | 192 | ||
196 | Clipperz.Crypto.ECC.BinaryField.Value._overwriteXor = function(a, b, aFirstItemOffset) { | 193 | Clipperz.Crypto.ECC.BinaryField.Value._overwriteXor = function(a, b, aFirstItemOffset) { |
197 | var i,c; | 194 | var i,c; |
198 | var firstItemOffset; | 195 | var firstItemOffset; |
199 | 196 | ||
200 | firstItemOffset = aFirstItemOffset || 0; | 197 | firstItemOffset = aFirstItemOffset || 0; |
201 | 198 | ||
202 | c = Math.max((a.length - firstItemOffset), b.length) + firstItemOffset; | 199 | c = Math.max((a.length - firstItemOffset), b.length) + firstItemOffset; |
203 | for (i=firstItemOffset; i<c; i++) { | 200 | for (i=firstItemOffset; i<c; i++) { |
204 | a[i] = (((a[i] || 0) ^ (b[i - firstItemOffset] || 0)) >>> 0); | 201 | a[i] = (((a[i] || 0) ^ (b[i - firstItemOffset] || 0)) >>> 0); |
205 | } | 202 | } |
206 | }; | 203 | }; |
207 | 204 | ||
208 | Clipperz.Crypto.ECC.BinaryField.Value._shiftLeft = function(aWordArray, aNumberOfBitsToShift) { | 205 | Clipperz.Crypto.ECC.BinaryField.Value._shiftLeft = function(aWordArray, aNumberOfBitsToShift) { |
209 | var numberOfWordsToShift; | 206 | var numberOfWordsToShift; |
210 | varnumberOfBitsToShift; | 207 | varnumberOfBitsToShift; |
211 | var result; | 208 | var result; |
212 | varoverflowValue; | 209 | varoverflowValue; |
213 | vari,c; | 210 | vari,c; |
214 | 211 | ||
215 | numberOfWordsToShift = Math.floor(aNumberOfBitsToShift / 32); | 212 | numberOfWordsToShift = Math.floor(aNumberOfBitsToShift / 32); |
216 | numberOfBitsToShift = aNumberOfBitsToShift % 32; | 213 | numberOfBitsToShift = aNumberOfBitsToShift % 32; |
217 | 214 | ||
218 | result = new Array(aWordArray.length + numberOfWordsToShift); | 215 | result = new Array(aWordArray.length + numberOfWordsToShift); |
219 | 216 | ||
220 | c = numberOfWordsToShift; | 217 | c = numberOfWordsToShift; |
221 | for (i=0; i<c; i++) { | 218 | for (i=0; i<c; i++) { |
222 | result[i] = 0; | 219 | result[i] = 0; |
223 | } | 220 | } |
224 | 221 | ||
225 | overflowValue = 0; | 222 | overflowValue = 0; |
226 | nextOverflowValue = 0; | 223 | nextOverflowValue = 0; |
227 | 224 | ||
228 | c = aWordArray.length; | 225 | c = aWordArray.length; |
229 | for (i=0; i<c; i++) { | 226 | for (i=0; i<c; i++) { |
230 | varvalue; | 227 | varvalue; |
231 | varresultWord; | 228 | varresultWord; |
232 | 229 | ||
233 | // value = this.value()[i]; | 230 | // value = this.value()[i]; |
234 | value = aWordArray[i]; | 231 | value = aWordArray[i]; |
235 | 232 | ||
236 | if (numberOfBitsToShift > 0) { | 233 | if (numberOfBitsToShift > 0) { |
237 | var nextOverflowValue; | 234 | var nextOverflowValue; |
238 | 235 | ||
239 | nextOverflowValue = (value >>> (32 - numberOfBitsToShift)); | 236 | nextOverflowValue = (value >>> (32 - numberOfBitsToShift)); |
240 | value = value & (0xffffffff >>> numberOfBitsToShift); | 237 | value = value & (0xffffffff >>> numberOfBitsToShift); |
241 | resultWord = (((value << numberOfBitsToShift) | overflowValue) >>> 0); | 238 | resultWord = (((value << numberOfBitsToShift) | overflowValue) >>> 0); |
242 | } else { | 239 | } else { |
243 | resultWord = value; | 240 | resultWord = value; |
244 | } | 241 | } |
245 | 242 | ||
246 | result[i+numberOfWordsToShift] = resultWord; | 243 | result[i+numberOfWordsToShift] = resultWord; |
247 | overflowValue = nextOverflowValue; | 244 | overflowValue = nextOverflowValue; |
248 | } | 245 | } |
249 | 246 | ||
250 | if (overflowValue != 0) { | 247 | if (overflowValue != 0) { |
251 | result[aWordArray.length + numberOfWordsToShift] = overflowValue; | 248 | result[aWordArray.length + numberOfWordsToShift] = overflowValue; |
252 | } | 249 | } |
253 | 250 | ||
254 | return result; | 251 | return result; |
255 | }; | 252 | }; |
256 | 253 | ||
257 | Clipperz.Crypto.ECC.BinaryField.Value._overwriteShiftLeft = function(aWordArray, aNumberOfBitsToShift) { | 254 | Clipperz.Crypto.ECC.BinaryField.Value._overwriteShiftLeft = function(aWordArray, aNumberOfBitsToShift) { |
258 | var numberOfWordsToShift; | 255 | var numberOfWordsToShift; |
259 | varnumberOfBitsToShift; | 256 | varnumberOfBitsToShift; |
260 | var result; | 257 | var result; |
261 | varoverflowValue; | 258 | varoverflowValue; |
262 | vari,c; | 259 | vari,c; |
263 | 260 | ||
264 | numberOfWordsToShift = Math.floor(aNumberOfBitsToShift / 32); | 261 | numberOfWordsToShift = Math.floor(aNumberOfBitsToShift / 32); |
265 | numberOfBitsToShift = aNumberOfBitsToShift % 32; | 262 | numberOfBitsToShift = aNumberOfBitsToShift % 32; |
266 | 263 | ||
267 | result = new Array(aWordArray.length + numberOfWordsToShift); | 264 | result = new Array(aWordArray.length + numberOfWordsToShift); |
268 | 265 | ||
269 | c = numberOfWordsToShift; | 266 | c = numberOfWordsToShift; |
270 | for (i=0; i<c; i++) { | 267 | for (i=0; i<c; i++) { |
271 | result[i] = 0; | 268 | result[i] = 0; |
272 | } | 269 | } |
273 | 270 | ||
274 | overflowValue = 0; | 271 | overflowValue = 0; |
275 | nextOverflowValue = 0; | 272 | nextOverflowValue = 0; |
276 | 273 | ||
277 | c = aWordArray.length; | 274 | c = aWordArray.length; |
278 | for (i=0; i<c; i++) { | 275 | for (i=0; i<c; i++) { |
279 | varvalue; | 276 | varvalue; |
280 | varresultWord; | 277 | varresultWord; |
281 | 278 | ||
282 | // value = this.value()[i]; | 279 | // value = this.value()[i]; |
283 | value = aWordArray[i]; | 280 | value = aWordArray[i]; |
284 | 281 | ||
285 | if (numberOfBitsToShift > 0) { | 282 | if (numberOfBitsToShift > 0) { |
286 | var nextOverflowValue; | 283 | var nextOverflowValue; |
287 | 284 | ||
288 | nextOverflowValue = (value >>> (32 - numberOfBitsToShift)); | 285 | nextOverflowValue = (value >>> (32 - numberOfBitsToShift)); |
289 | value = value & (0xffffffff >>> numberOfBitsToShift); | 286 | value = value & (0xffffffff >>> numberOfBitsToShift); |
290 | resultWord = (((value << numberOfBitsToShift) | overflowValue) >>> 0); | 287 | resultWord = (((value << numberOfBitsToShift) | overflowValue) >>> 0); |
291 | } else { | 288 | } else { |
292 | resultWord = value; | 289 | resultWord = value; |
293 | } | 290 | } |
294 | 291 | ||
295 | result[i+numberOfWordsToShift] = resultWord; | 292 | result[i+numberOfWordsToShift] = resultWord; |
296 | overflowValue = nextOverflowValue; | 293 | overflowValue = nextOverflowValue; |
297 | } | 294 | } |
298 | 295 | ||
299 | if (overflowValue != 0) { | 296 | if (overflowValue != 0) { |
300 | result[aWordArray.length + numberOfWordsToShift] = overflowValue; | 297 | result[aWordArray.length + numberOfWordsToShift] = overflowValue; |
301 | } | 298 | } |
302 | 299 | ||
303 | return result; | 300 | return result; |
304 | }; | 301 | }; |
305 | 302 | ||
306 | Clipperz.Crypto.ECC.BinaryField.Value._bitSize = function(aWordArray) { | 303 | Clipperz.Crypto.ECC.BinaryField.Value._bitSize = function(aWordArray) { |
307 | varresult; | 304 | varresult; |
308 | varnotNullElements; | 305 | varnotNullElements; |
309 | var mostValuableWord; | 306 | var mostValuableWord; |
310 | var matchingBitsInMostImportantWord; | 307 | var matchingBitsInMostImportantWord; |
311 | var mask; | 308 | var mask; |
312 | var i,c; | 309 | var i,c; |
313 | 310 | ||
314 | notNullElements = aWordArray.length; | 311 | notNullElements = aWordArray.length; |
315 | 312 | ||
316 | if ((aWordArray.length == 1) && (aWordArray[0] == 0)) { | 313 | if ((aWordArray.length == 1) && (aWordArray[0] == 0)) { |
317 | result = 0; | 314 | result = 0; |
318 | } else { | 315 | } else { |
319 | while((aWordArray[notNullElements - 1] == 0) && (notNullElements > 0)) { | 316 | while((aWordArray[notNullElements - 1] == 0) && (notNullElements > 0)) { |
320 | notNullElements --; | 317 | notNullElements --; |
321 | } | 318 | } |
322 | 319 | ||
323 | result = (notNullElements - 1) * 32; | 320 | result = (notNullElements - 1) * 32; |
324 | mostValuableWord = aWordArray[notNullElements - 1]; | 321 | mostValuableWord = aWordArray[notNullElements - 1]; |
325 | 322 | ||
326 | matchingBits = 32; | 323 | matchingBits = 32; |
327 | mask = 0x80000000; | 324 | mask = 0x80000000; |
328 | 325 | ||
329 | while ((matchingBits > 0) && ((mostValuableWord & mask) == 0)) { | 326 | while ((matchingBits > 0) && ((mostValuableWord & mask) == 0)) { |
330 | matchingBits --; | 327 | matchingBits --; |
331 | mask >>>= 1; | 328 | mask >>>= 1; |
332 | } | 329 | } |
333 | 330 | ||
334 | result += matchingBits; | 331 | result += matchingBits; |
335 | } | 332 | } |
336 | 333 | ||
337 | return result; | 334 | return result; |
338 | }; | 335 | }; |
339 | 336 | ||
340 | Clipperz.Crypto.ECC.BinaryField.Value._isBitSet = function(aWordArray, aBitPosition) { | 337 | Clipperz.Crypto.ECC.BinaryField.Value._isBitSet = function(aWordArray, aBitPosition) { |
341 | var result; | 338 | var result; |
342 | varbyteIndex; | 339 | varbyteIndex; |
343 | var bitIndexInSelectedByte; | 340 | var bitIndexInSelectedByte; |
344 | 341 | ||
345 | byteIndex = Math.floor(aBitPosition / 32); | 342 | byteIndex = Math.floor(aBitPosition / 32); |
346 | bitIndexInSelectedByte = aBitPosition % 32; | 343 | bitIndexInSelectedByte = aBitPosition % 32; |
347 | 344 | ||
348 | if (byteIndex <= aWordArray.length) { | 345 | if (byteIndex <= aWordArray.length) { |
349 | result = ((aWordArray[byteIndex] & (1 << bitIndexInSelectedByte)) != 0); | 346 | result = ((aWordArray[byteIndex] & (1 << bitIndexInSelectedByte)) != 0); |
350 | } else { | 347 | } else { |
351 | result = false; | 348 | result = false; |
352 | } | 349 | } |
353 | 350 | ||
354 | return result; | 351 | return result; |
355 | }; | 352 | }; |
356 | 353 | ||
357 | Clipperz.Crypto.ECC.BinaryField.Value._compare = function(a,b) { | 354 | Clipperz.Crypto.ECC.BinaryField.Value._compare = function(a,b) { |
358 | varresult; | 355 | varresult; |
359 | var i,c; | 356 | var i,c; |
360 | 357 | ||
361 | result = MochiKit.Base.compare(a.length, b.length); | 358 | result = MochiKit.Base.compare(a.length, b.length); |
362 | 359 | ||
363 | c = a.length; | 360 | c = a.length; |
364 | for (i=0; (i<c) && (result==0); i++) { | 361 | for (i=0; (i<c) && (result==0); i++) { |
365 | //console.log("compare[" + c + " - " + i + " - 1] " + this.value()[c-i-1] + ", " + aValue.value()[c-i-1]); | 362 | //console.log("compare[" + c + " - " + i + " - 1] " + this.value()[c-i-1] + ", " + aValue.value()[c-i-1]); |
366 | // result = MochiKit.Base.compare(this.value()[c-i-1], aValue.value()[c-i-1]); | 363 | // result = MochiKit.Base.compare(this.value()[c-i-1], aValue.value()[c-i-1]); |
367 | result = MochiKit.Base.compare(a[c-i-1], b[c-i-1]); | 364 | result = MochiKit.Base.compare(a[c-i-1], b[c-i-1]); |
368 | } | 365 | } |
369 | 366 | ||
370 | return result; | 367 | return result; |
371 | }; | 368 | }; |
372 | 369 | ||
373 | 370 | ||
374 | Clipperz.Crypto.ECC.BinaryField.Value['exception']= { | 371 | Clipperz.Crypto.ECC.BinaryField.Value['exception']= { |
375 | 'UnsupportedBase': new MochiKit.Base.NamedError("Clipperz.Crypto.ECC.BinaryField.Value.exception.UnsupportedBase"), | 372 | 'UnsupportedBase': new MochiKit.Base.NamedError("Clipperz.Crypto.ECC.BinaryField.Value.exception.UnsupportedBase"), |
376 | 'UnsupportedConstructorValueType':new MochiKit.Base.NamedError("Clipperz.Crypto.ECC.BinaryField.Value.exception.UnsupportedConstructorValueType") | 373 | 'UnsupportedConstructorValueType':new MochiKit.Base.NamedError("Clipperz.Crypto.ECC.BinaryField.Value.exception.UnsupportedConstructorValueType") |
377 | }; | 374 | }; |
diff --git a/frontend/beta/js/Clipperz/Crypto/PRNG.js b/frontend/beta/js/Clipperz/Crypto/PRNG.js index 770ceb1..39d0045 100644 --- a/frontend/beta/js/Clipperz/Crypto/PRNG.js +++ b/frontend/beta/js/Clipperz/Crypto/PRNG.js | |||
@@ -1,408 +1,405 @@ | |||
1 | /* | 1 | /* |
2 | 2 | ||
3 | Copyright 2008-2011 Clipperz Srl | 3 | Copyright 2008-2011 Clipperz Srl |
4 | 4 | ||
5 | This file is part of Clipperz's Javascript Crypto Library. | 5 | This file is part of Clipperz Community Edition. |
6 | Javascript Crypto Library provides web developers with an extensive | 6 | Clipperz Community Edition is an online password manager. |
7 | and efficient set of cryptographic functions. The library aims to | ||
8 | obtain maximum execution speed while preserving modularity and | ||
9 | reusability. | ||
10 | For further information about its features and functionalities please | 7 | For further information about its features and functionalities please |
11 | refer to http://www.clipperz.com | 8 | refer to http://www.clipperz.com. |
12 | 9 | ||
13 | * Javascript Crypto Library is free software: you can redistribute | 10 | * Clipperz Community Edition is free software: you can redistribute |
14 | it and/or modify it under the terms of the GNU Affero General Public | 11 | it and/or modify it under the terms of the GNU Affero General Public |
15 | License as published by the Free Software Foundation, either version | 12 | License as published by the Free Software Foundation, either version |
16 | 3 of the License, or (at your option) any later version. | 13 | 3 of the License, or (at your option) any later version. |
17 | 14 | ||
18 | * Javascript Crypto Library is distributed in the hope that it will | 15 | * Clipperz Community Edition is distributed in the hope that it will |
19 | be useful, but WITHOUT ANY WARRANTY; without even the implied | 16 | be useful, but WITHOUT ANY WARRANTY; without even the implied |
20 | warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | 17 | warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
21 | See the GNU Affero General Public License for more details. | 18 | See the GNU Affero General Public License for more details. |
22 | 19 | ||
23 | * You should have received a copy of the GNU Affero General Public | 20 | * You should have received a copy of the GNU Affero General Public |
24 | License along with Javascript Crypto Library. If not, see | 21 | License along with Clipperz Community Edition. If not, see |
25 | <http://www.gnu.org/licenses/>. | 22 | <http://www.gnu.org/licenses/>. |
26 | 23 | ||
27 | */ | 24 | */ |
28 | 25 | ||
29 | try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) { | 26 | try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) { |
30 | throw "Clipperz.Crypto.PRNG depends on Clipperz.ByteArray!"; | 27 | throw "Clipperz.Crypto.PRNG depends on Clipperz.ByteArray!"; |
31 | } | 28 | } |
32 | 29 | ||
33 | try { if (typeof(Clipperz.Crypto.SHA) == 'undefined') { throw ""; }} catch (e) { | 30 | try { if (typeof(Clipperz.Crypto.SHA) == 'undefined') { throw ""; }} catch (e) { |
34 | throw "Clipperz.Crypto.PRNG depends on Clipperz.Crypto.SHA!"; | 31 | throw "Clipperz.Crypto.PRNG depends on Clipperz.Crypto.SHA!"; |
35 | } | 32 | } |
36 | 33 | ||
37 | try { if (typeof(Clipperz.Crypto.AES) == 'undefined') { throw ""; }} catch (e) { | 34 | try { if (typeof(Clipperz.Crypto.AES) == 'undefined') { throw ""; }} catch (e) { |
38 | throw "Clipperz.Crypto.PRNG depends on Clipperz.Crypto.AES!"; | 35 | throw "Clipperz.Crypto.PRNG depends on Clipperz.Crypto.AES!"; |
39 | } | 36 | } |
40 | 37 | ||
41 | if (typeof(Clipperz.Crypto.PRNG) == 'undefined') { Clipperz.Crypto.PRNG = {}; } | 38 | if (typeof(Clipperz.Crypto.PRNG) == 'undefined') { Clipperz.Crypto.PRNG = {}; } |
42 | 39 | ||
43 | //############################################################################# | 40 | //############################################################################# |
44 | 41 | ||
45 | Clipperz.Crypto.PRNG.EntropyAccumulator = function(args) { | 42 | Clipperz.Crypto.PRNG.EntropyAccumulator = function(args) { |
46 | args = args || {}; | 43 | args = args || {}; |
47 | //MochiKit.Base.bindMethods(this); | 44 | //MochiKit.Base.bindMethods(this); |
48 | 45 | ||
49 | this._stack = new Clipperz.ByteArray(); | 46 | this._stack = new Clipperz.ByteArray(); |
50 | this._maxStackLengthBeforeHashing = args.maxStackLengthBeforeHashing || 256; | 47 | this._maxStackLengthBeforeHashing = args.maxStackLengthBeforeHashing || 256; |
51 | return this; | 48 | return this; |
52 | } | 49 | } |
53 | 50 | ||
54 | Clipperz.Crypto.PRNG.EntropyAccumulator.prototype = MochiKit.Base.update(null, { | 51 | Clipperz.Crypto.PRNG.EntropyAccumulator.prototype = MochiKit.Base.update(null, { |
55 | 52 | ||
56 | 'toString': function() { | 53 | 'toString': function() { |
57 | return "Clipperz.Crypto.PRNG.EntropyAccumulator"; | 54 | return "Clipperz.Crypto.PRNG.EntropyAccumulator"; |
58 | }, | 55 | }, |
59 | 56 | ||
60 | //------------------------------------------------------------------------- | 57 | //------------------------------------------------------------------------- |
61 | 58 | ||
62 | 'stack': function() { | 59 | 'stack': function() { |
63 | return this._stack; | 60 | return this._stack; |
64 | }, | 61 | }, |
65 | 62 | ||
66 | 'setStack': function(aValue) { | 63 | 'setStack': function(aValue) { |
67 | this._stack = aValue; | 64 | this._stack = aValue; |
68 | }, | 65 | }, |
69 | 66 | ||
70 | 'resetStack': function() { | 67 | 'resetStack': function() { |
71 | this.stack().reset(); | 68 | this.stack().reset(); |
72 | }, | 69 | }, |
73 | 70 | ||
74 | 'maxStackLengthBeforeHashing': function() { | 71 | 'maxStackLengthBeforeHashing': function() { |
75 | return this._maxStackLengthBeforeHashing; | 72 | return this._maxStackLengthBeforeHashing; |
76 | }, | 73 | }, |
77 | 74 | ||
78 | //------------------------------------------------------------------------- | 75 | //------------------------------------------------------------------------- |
79 | 76 | ||
80 | 'addRandomByte': function(aValue) { | 77 | 'addRandomByte': function(aValue) { |
81 | this.stack().appendByte(aValue); | 78 | this.stack().appendByte(aValue); |
82 | 79 | ||
83 | if (this.stack().length() > this.maxStackLengthBeforeHashing()) { | 80 | if (this.stack().length() > this.maxStackLengthBeforeHashing()) { |
84 | this.setStack(Clipperz.Crypto.SHA.sha_d256(this.stack())); | 81 | this.setStack(Clipperz.Crypto.SHA.sha_d256(this.stack())); |
85 | } | 82 | } |
86 | }, | 83 | }, |
87 | 84 | ||
88 | //------------------------------------------------------------------------- | 85 | //------------------------------------------------------------------------- |
89 | __syntaxFix__: "syntax fix" | 86 | __syntaxFix__: "syntax fix" |
90 | }); | 87 | }); |
91 | 88 | ||
92 | //############################################################################# | 89 | //############################################################################# |
93 | 90 | ||
94 | Clipperz.Crypto.PRNG.RandomnessSource = function(args) { | 91 | Clipperz.Crypto.PRNG.RandomnessSource = function(args) { |
95 | args = args || {}; | 92 | args = args || {}; |
96 | MochiKit.Base.bindMethods(this); | 93 | MochiKit.Base.bindMethods(this); |
97 | 94 | ||
98 | this._generator = args.generator || null; | 95 | this._generator = args.generator || null; |
99 | this._sourceId = args.sourceId || null; | 96 | this._sourceId = args.sourceId || null; |
100 | this._boostMode = args.boostMode || false; | 97 | this._boostMode = args.boostMode || false; |
101 | 98 | ||
102 | this._nextPoolIndex = 0; | 99 | this._nextPoolIndex = 0; |
103 | 100 | ||
104 | return this; | 101 | return this; |
105 | } | 102 | } |
106 | 103 | ||
107 | Clipperz.Crypto.PRNG.RandomnessSource.prototype = MochiKit.Base.update(null, { | 104 | Clipperz.Crypto.PRNG.RandomnessSource.prototype = MochiKit.Base.update(null, { |
108 | 105 | ||
109 | 'generator': function() { | 106 | 'generator': function() { |
110 | return this._generator; | 107 | return this._generator; |
111 | }, | 108 | }, |
112 | 109 | ||
113 | 'setGenerator': function(aValue) { | 110 | 'setGenerator': function(aValue) { |
114 | this._generator = aValue; | 111 | this._generator = aValue; |
115 | }, | 112 | }, |
116 | 113 | ||
117 | //------------------------------------------------------------------------- | 114 | //------------------------------------------------------------------------- |
118 | 115 | ||
119 | 'boostMode': function() { | 116 | 'boostMode': function() { |
120 | return this._boostMode; | 117 | return this._boostMode; |
121 | }, | 118 | }, |
122 | 119 | ||
123 | 'setBoostMode': function(aValue) { | 120 | 'setBoostMode': function(aValue) { |
124 | this._boostMode = aValue; | 121 | this._boostMode = aValue; |
125 | }, | 122 | }, |
126 | 123 | ||
127 | //------------------------------------------------------------------------- | 124 | //------------------------------------------------------------------------- |
128 | 125 | ||
129 | 'sourceId': function() { | 126 | 'sourceId': function() { |
130 | return this._sourceId; | 127 | return this._sourceId; |
131 | }, | 128 | }, |
132 | 129 | ||
133 | 'setSourceId': function(aValue) { | 130 | 'setSourceId': function(aValue) { |
134 | this._sourceId = aValue; | 131 | this._sourceId = aValue; |
135 | }, | 132 | }, |
136 | 133 | ||
137 | //------------------------------------------------------------------------- | 134 | //------------------------------------------------------------------------- |
138 | 135 | ||
139 | 'nextPoolIndex': function() { | 136 | 'nextPoolIndex': function() { |
140 | return this._nextPoolIndex; | 137 | return this._nextPoolIndex; |
141 | }, | 138 | }, |
142 | 139 | ||
143 | 'incrementNextPoolIndex': function() { | 140 | 'incrementNextPoolIndex': function() { |
144 | this._nextPoolIndex = ((this._nextPoolIndex + 1) % this.generator().numberOfEntropyAccumulators()); | 141 | this._nextPoolIndex = ((this._nextPoolIndex + 1) % this.generator().numberOfEntropyAccumulators()); |
145 | }, | 142 | }, |
146 | 143 | ||
147 | //------------------------------------------------------------------------- | 144 | //------------------------------------------------------------------------- |
148 | 145 | ||
149 | 'updateGeneratorWithValue': function(aRandomValue) { | 146 | 'updateGeneratorWithValue': function(aRandomValue) { |
150 | if (this.generator() != null) { | 147 | if (this.generator() != null) { |
151 | this.generator().addRandomByte(this.sourceId(), this.nextPoolIndex(), aRandomValue); | 148 | this.generator().addRandomByte(this.sourceId(), this.nextPoolIndex(), aRandomValue); |
152 | this.incrementNextPoolIndex(); | 149 | this.incrementNextPoolIndex(); |
153 | } | 150 | } |
154 | }, | 151 | }, |
155 | 152 | ||
156 | //------------------------------------------------------------------------- | 153 | //------------------------------------------------------------------------- |
157 | __syntaxFix__: "syntax fix" | 154 | __syntaxFix__: "syntax fix" |
158 | }); | 155 | }); |
159 | 156 | ||
160 | //############################################################################# | 157 | //############################################################################# |
161 | 158 | ||
162 | Clipperz.Crypto.PRNG.TimeRandomnessSource = function(args) { | 159 | Clipperz.Crypto.PRNG.TimeRandomnessSource = function(args) { |
163 | args = args || {}; | 160 | args = args || {}; |
164 | //MochiKit.Base.bindMethods(this); | 161 | //MochiKit.Base.bindMethods(this); |
165 | 162 | ||
166 | this._intervalTime = args.intervalTime || 1000; | 163 | this._intervalTime = args.intervalTime || 1000; |
167 | 164 | ||
168 | Clipperz.Crypto.PRNG.RandomnessSource.call(this, args); | 165 | Clipperz.Crypto.PRNG.RandomnessSource.call(this, args); |
169 | 166 | ||
170 | this.collectEntropy(); | 167 | this.collectEntropy(); |
171 | return this; | 168 | return this; |
172 | } | 169 | } |
173 | 170 | ||
174 | Clipperz.Crypto.PRNG.TimeRandomnessSource.prototype = MochiKit.Base.update(new Clipperz.Crypto.PRNG.RandomnessSource, { | 171 | Clipperz.Crypto.PRNG.TimeRandomnessSource.prototype = MochiKit.Base.update(new Clipperz.Crypto.PRNG.RandomnessSource, { |
175 | 172 | ||
176 | 'intervalTime': function() { | 173 | 'intervalTime': function() { |
177 | return this._intervalTime; | 174 | return this._intervalTime; |
178 | }, | 175 | }, |
179 | 176 | ||
180 | //------------------------------------------------------------------------- | 177 | //------------------------------------------------------------------------- |
181 | 178 | ||
182 | 'collectEntropy': function() { | 179 | 'collectEntropy': function() { |
183 | varnow; | 180 | varnow; |
184 | varentropyByte; | 181 | varentropyByte; |
185 | var intervalTime; | 182 | var intervalTime; |
186 | now = new Date(); | 183 | now = new Date(); |
187 | entropyByte = (now.getTime() & 0xff); | 184 | entropyByte = (now.getTime() & 0xff); |
188 | 185 | ||
189 | intervalTime = this.intervalTime(); | 186 | intervalTime = this.intervalTime(); |
190 | if (this.boostMode() == true) { | 187 | if (this.boostMode() == true) { |
191 | intervalTime = intervalTime / 9; | 188 | intervalTime = intervalTime / 9; |
192 | } | 189 | } |
193 | 190 | ||
194 | this.updateGeneratorWithValue(entropyByte); | 191 | this.updateGeneratorWithValue(entropyByte); |
195 | setTimeout(this.collectEntropy, intervalTime); | 192 | setTimeout(this.collectEntropy, intervalTime); |
196 | }, | 193 | }, |
197 | 194 | ||
198 | //------------------------------------------------------------------------- | 195 | //------------------------------------------------------------------------- |
199 | 196 | ||
200 | 'numberOfRandomBits': function() { | 197 | 'numberOfRandomBits': function() { |
201 | return 5; | 198 | return 5; |
202 | }, | 199 | }, |
203 | 200 | ||
204 | //------------------------------------------------------------------------- | 201 | //------------------------------------------------------------------------- |
205 | 202 | ||
206 | 'pollingFrequency': function() { | 203 | 'pollingFrequency': function() { |
207 | return 10; | 204 | return 10; |
208 | }, | 205 | }, |
209 | 206 | ||
210 | //------------------------------------------------------------------------- | 207 | //------------------------------------------------------------------------- |
211 | __syntaxFix__: "syntax fix" | 208 | __syntaxFix__: "syntax fix" |
212 | }); | 209 | }); |
213 | 210 | ||
214 | //***************************************************************************** | 211 | //***************************************************************************** |
215 | 212 | ||
216 | Clipperz.Crypto.PRNG.MouseRandomnessSource = function(args) { | 213 | Clipperz.Crypto.PRNG.MouseRandomnessSource = function(args) { |
217 | args = args || {}; | 214 | args = args || {}; |
218 | 215 | ||
219 | Clipperz.Crypto.PRNG.RandomnessSource.call(this, args); | 216 | Clipperz.Crypto.PRNG.RandomnessSource.call(this, args); |
220 | 217 | ||
221 | this._numberOfBitsToCollectAtEachEvent = 4; | 218 | this._numberOfBitsToCollectAtEachEvent = 4; |
222 | this._randomBitsCollector = 0; | 219 | this._randomBitsCollector = 0; |
223 | this._numberOfRandomBitsCollected = 0; | 220 | this._numberOfRandomBitsCollected = 0; |
224 | 221 | ||
225 | MochiKit.Signal.connect(document, 'onmousemove', this, 'collectEntropy'); | 222 | MochiKit.Signal.connect(document, 'onmousemove', this, 'collectEntropy'); |
226 | 223 | ||
227 | return this; | 224 | return this; |
228 | } | 225 | } |
229 | 226 | ||
230 | Clipperz.Crypto.PRNG.MouseRandomnessSource.prototype = MochiKit.Base.update(new Clipperz.Crypto.PRNG.RandomnessSource, { | 227 | Clipperz.Crypto.PRNG.MouseRandomnessSource.prototype = MochiKit.Base.update(new Clipperz.Crypto.PRNG.RandomnessSource, { |
231 | 228 | ||
232 | //------------------------------------------------------------------------- | 229 | //------------------------------------------------------------------------- |
233 | 230 | ||
234 | 'numberOfBitsToCollectAtEachEvent': function() { | 231 | 'numberOfBitsToCollectAtEachEvent': function() { |
235 | return this._numberOfBitsToCollectAtEachEvent; | 232 | return this._numberOfBitsToCollectAtEachEvent; |
236 | }, | 233 | }, |
237 | 234 | ||
238 | //------------------------------------------------------------------------- | 235 | //------------------------------------------------------------------------- |
239 | 236 | ||
240 | 'randomBitsCollector': function() { | 237 | 'randomBitsCollector': function() { |
241 | return this._randomBitsCollector; | 238 | return this._randomBitsCollector; |
242 | }, | 239 | }, |
243 | 240 | ||
244 | 'setRandomBitsCollector': function(aValue) { | 241 | 'setRandomBitsCollector': function(aValue) { |
245 | this._randomBitsCollector = aValue; | 242 | this._randomBitsCollector = aValue; |
246 | }, | 243 | }, |
247 | 244 | ||
248 | 'appendRandomBitsToRandomBitsCollector': function(aValue) { | 245 | 'appendRandomBitsToRandomBitsCollector': function(aValue) { |
249 | var collectedBits; | 246 | var collectedBits; |
250 | var numberOfRandomBitsCollected; | 247 | var numberOfRandomBitsCollected; |
251 | 248 | ||
252 | numberOfRandomBitsCollected = this.numberOfRandomBitsCollected(); | 249 | numberOfRandomBitsCollected = this.numberOfRandomBitsCollected(); |
253 | collectetBits = this.randomBitsCollector() | (aValue << numberOfRandomBitsCollected); | 250 | collectetBits = this.randomBitsCollector() | (aValue << numberOfRandomBitsCollected); |
254 | this.setRandomBitsCollector(collectetBits); | 251 | this.setRandomBitsCollector(collectetBits); |
255 | numberOfRandomBitsCollected += this.numberOfBitsToCollectAtEachEvent(); | 252 | numberOfRandomBitsCollected += this.numberOfBitsToCollectAtEachEvent(); |
256 | 253 | ||
257 | if (numberOfRandomBitsCollected == 8) { | 254 | if (numberOfRandomBitsCollected == 8) { |
258 | this.updateGeneratorWithValue(collectetBits); | 255 | this.updateGeneratorWithValue(collectetBits); |
259 | numberOfRandomBitsCollected = 0; | 256 | numberOfRandomBitsCollected = 0; |
260 | this.setRandomBitsCollector(0); | 257 | this.setRandomBitsCollector(0); |
261 | } | 258 | } |
262 | 259 | ||
263 | this.setNumberOfRandomBitsCollected(numberOfRandomBitsCollected) | 260 | this.setNumberOfRandomBitsCollected(numberOfRandomBitsCollected) |
264 | }, | 261 | }, |
265 | 262 | ||
266 | //------------------------------------------------------------------------- | 263 | //------------------------------------------------------------------------- |
267 | 264 | ||
268 | 'numberOfRandomBitsCollected': function() { | 265 | 'numberOfRandomBitsCollected': function() { |
269 | return this._numberOfRandomBitsCollected; | 266 | return this._numberOfRandomBitsCollected; |
270 | }, | 267 | }, |
271 | 268 | ||
272 | 'setNumberOfRandomBitsCollected': function(aValue) { | 269 | 'setNumberOfRandomBitsCollected': function(aValue) { |
273 | this._numberOfRandomBitsCollected = aValue; | 270 | this._numberOfRandomBitsCollected = aValue; |
274 | }, | 271 | }, |
275 | 272 | ||
276 | //------------------------------------------------------------------------- | 273 | //------------------------------------------------------------------------- |
277 | 274 | ||
278 | 'collectEntropy': function(anEvent) { | 275 | 'collectEntropy': function(anEvent) { |
279 | var mouseLocation; | 276 | var mouseLocation; |
280 | var randomBit; | 277 | var randomBit; |
281 | var mask; | 278 | var mask; |
282 | 279 | ||
283 | mask = 0xffffffff >>> (32 - this.numberOfBitsToCollectAtEachEvent()); | 280 | mask = 0xffffffff >>> (32 - this.numberOfBitsToCollectAtEachEvent()); |
284 | 281 | ||
285 | mouseLocation = anEvent.mouse().client; | 282 | mouseLocation = anEvent.mouse().client; |
286 | randomBit = ((mouseLocation.x ^ mouseLocation.y) & mask); | 283 | randomBit = ((mouseLocation.x ^ mouseLocation.y) & mask); |
287 | this.appendRandomBitsToRandomBitsCollector(randomBit) | 284 | this.appendRandomBitsToRandomBitsCollector(randomBit) |
288 | }, | 285 | }, |
289 | 286 | ||
290 | //------------------------------------------------------------------------- | 287 | //------------------------------------------------------------------------- |
291 | 288 | ||
292 | 'numberOfRandomBits': function() { | 289 | 'numberOfRandomBits': function() { |
293 | return 1; | 290 | return 1; |
294 | }, | 291 | }, |
295 | 292 | ||
296 | //------------------------------------------------------------------------- | 293 | //------------------------------------------------------------------------- |
297 | 294 | ||
298 | 'pollingFrequency': function() { | 295 | 'pollingFrequency': function() { |
299 | return 10; | 296 | return 10; |
300 | }, | 297 | }, |
301 | 298 | ||
302 | //------------------------------------------------------------------------- | 299 | //------------------------------------------------------------------------- |
303 | __syntaxFix__: "syntax fix" | 300 | __syntaxFix__: "syntax fix" |
304 | }); | 301 | }); |
305 | 302 | ||
306 | //***************************************************************************** | 303 | //***************************************************************************** |
307 | 304 | ||
308 | Clipperz.Crypto.PRNG.KeyboardRandomnessSource = function(args) { | 305 | Clipperz.Crypto.PRNG.KeyboardRandomnessSource = function(args) { |
309 | args = args || {}; | 306 | args = args || {}; |
310 | Clipperz.Crypto.PRNG.RandomnessSource.call(this, args); | 307 | Clipperz.Crypto.PRNG.RandomnessSource.call(this, args); |
311 | 308 | ||
312 | this._randomBitsCollector = 0; | 309 | this._randomBitsCollector = 0; |
313 | this._numberOfRandomBitsCollected = 0; | 310 | this._numberOfRandomBitsCollected = 0; |
314 | 311 | ||
315 | MochiKit.Signal.connect(document, 'onkeypress', this, 'collectEntropy'); | 312 | MochiKit.Signal.connect(document, 'onkeypress', this, 'collectEntropy'); |
316 | 313 | ||
317 | return this; | 314 | return this; |
318 | } | 315 | } |
319 | 316 | ||
320 | Clipperz.Crypto.PRNG.KeyboardRandomnessSource.prototype = MochiKit.Base.update(new Clipperz.Crypto.PRNG.RandomnessSource, { | 317 | Clipperz.Crypto.PRNG.KeyboardRandomnessSource.prototype = MochiKit.Base.update(new Clipperz.Crypto.PRNG.RandomnessSource, { |
321 | 318 | ||
322 | //------------------------------------------------------------------------- | 319 | //------------------------------------------------------------------------- |
323 | 320 | ||
324 | 'randomBitsCollector': function() { | 321 | 'randomBitsCollector': function() { |
325 | return this._randomBitsCollector; | 322 | return this._randomBitsCollector; |
326 | }, | 323 | }, |
327 | 324 | ||
328 | 'setRandomBitsCollector': function(aValue) { | 325 | 'setRandomBitsCollector': function(aValue) { |
329 | this._randomBitsCollector = aValue; | 326 | this._randomBitsCollector = aValue; |
330 | }, | 327 | }, |
331 | 328 | ||
332 | 'appendRandomBitToRandomBitsCollector': function(aValue) { | 329 | 'appendRandomBitToRandomBitsCollector': function(aValue) { |
333 | var collectedBits; | 330 | var collectedBits; |
334 | var numberOfRandomBitsCollected; | 331 | var numberOfRandomBitsCollected; |
335 | 332 | ||
336 | numberOfRandomBitsCollected = this.numberOfRandomBitsCollected(); | 333 | numberOfRandomBitsCollected = this.numberOfRandomBitsCollected(); |
337 | collectetBits = this.randomBitsCollector() | (aValue << numberOfRandomBitsCollected); | 334 | collectetBits = this.randomBitsCollector() | (aValue << numberOfRandomBitsCollected); |
338 | this.setRandomBitsCollector(collectetBits); | 335 | this.setRandomBitsCollector(collectetBits); |
339 | numberOfRandomBitsCollected ++; | 336 | numberOfRandomBitsCollected ++; |
340 | 337 | ||
341 | if (numberOfRandomBitsCollected == 8) { | 338 | if (numberOfRandomBitsCollected == 8) { |
342 | this.updateGeneratorWithValue(collectetBits); | 339 | this.updateGeneratorWithValue(collectetBits); |
343 | numberOfRandomBitsCollected = 0; | 340 | numberOfRandomBitsCollected = 0; |
344 | this.setRandomBitsCollector(0); | 341 | this.setRandomBitsCollector(0); |
345 | } | 342 | } |
346 | 343 | ||
347 | this.setNumberOfRandomBitsCollected(numberOfRandomBitsCollected) | 344 | this.setNumberOfRandomBitsCollected(numberOfRandomBitsCollected) |
348 | }, | 345 | }, |
349 | 346 | ||
350 | //------------------------------------------------------------------------- | 347 | //------------------------------------------------------------------------- |
351 | 348 | ||
352 | 'numberOfRandomBitsCollected': function() { | 349 | 'numberOfRandomBitsCollected': function() { |
353 | return this._numberOfRandomBitsCollected; | 350 | return this._numberOfRandomBitsCollected; |
354 | }, | 351 | }, |
355 | 352 | ||
356 | 'setNumberOfRandomBitsCollected': function(aValue) { | 353 | 'setNumberOfRandomBitsCollected': function(aValue) { |
357 | this._numberOfRandomBitsCollected = aValue; | 354 | this._numberOfRandomBitsCollected = aValue; |
358 | }, | 355 | }, |
359 | 356 | ||
360 | //------------------------------------------------------------------------- | 357 | //------------------------------------------------------------------------- |
361 | 358 | ||
362 | 'collectEntropy': function(anEvent) { | 359 | 'collectEntropy': function(anEvent) { |
363 | /* | 360 | /* |
364 | var mouseLocation; | 361 | var mouseLocation; |
365 | var randomBit; | 362 | var randomBit; |
366 | 363 | ||
367 | mouseLocation = anEvent.mouse().client; | 364 | mouseLocation = anEvent.mouse().client; |
368 | 365 | ||
369 | randomBit = ((mouseLocation.x ^ mouseLocation.y) & 0x1); | 366 | randomBit = ((mouseLocation.x ^ mouseLocation.y) & 0x1); |
370 | this.appendRandomBitToRandomBitsCollector(randomBit); | 367 | this.appendRandomBitToRandomBitsCollector(randomBit); |
371 | */ | 368 | */ |
372 | }, | 369 | }, |
373 | 370 | ||
374 | //------------------------------------------------------------------------- | 371 | //------------------------------------------------------------------------- |
375 | 372 | ||
376 | 'numberOfRandomBits': function() { | 373 | 'numberOfRandomBits': function() { |
377 | return 1; | 374 | return 1; |
378 | }, | 375 | }, |
379 | 376 | ||
380 | //------------------------------------------------------------------------- | 377 | //------------------------------------------------------------------------- |
381 | 378 | ||
382 | 'pollingFrequency': function() { | 379 | 'pollingFrequency': function() { |
383 | return 10; | 380 | return 10; |
384 | }, | 381 | }, |
385 | 382 | ||
386 | //------------------------------------------------------------------------- | 383 | //------------------------------------------------------------------------- |
387 | __syntaxFix__: "syntax fix" | 384 | __syntaxFix__: "syntax fix" |
388 | }); | 385 | }); |
389 | 386 | ||
390 | //############################################################################# | 387 | //############################################################################# |
391 | 388 | ||
392 | Clipperz.Crypto.PRNG.Fortuna = function(args) { | 389 | Clipperz.Crypto.PRNG.Fortuna = function(args) { |
393 | vari,c; | 390 | vari,c; |
394 | 391 | ||
395 | args = args || {}; | 392 | args = args || {}; |
396 | 393 | ||
397 | this._key = args.seed || null; | 394 | this._key = args.seed || null; |
398 | if (this._key == null) { | 395 | if (this._key == null) { |
399 | this._counter = 0; | 396 | this._counter = 0; |
400 | this._key = new Clipperz.ByteArray(); | 397 | this._key = new Clipperz.ByteArray(); |
401 | } else { | 398 | } else { |
402 | this._counter = 1; | 399 | this._counter = 1; |
403 | } | 400 | } |
404 | 401 | ||
405 | this._aesKey = null; | 402 | this._aesKey = null; |
406 | 403 | ||
407 | this._firstPoolReseedLevel = args.firstPoolReseedLevel || 32 || 64; | 404 | this._firstPoolReseedLevel = args.firstPoolReseedLevel || 32 || 64; |
408 | this._numberOfEntropyAccumulators = args.numberOfEntropyAccumulators || 32; | 405 | this._numberOfEntropyAccumulators = args.numberOfEntropyAccumulators || 32; |
diff --git a/frontend/beta/js/Clipperz/Crypto/RSA.js b/frontend/beta/js/Clipperz/Crypto/RSA.js index 4dad8f7..6844dba 100644 --- a/frontend/beta/js/Clipperz/Crypto/RSA.js +++ b/frontend/beta/js/Clipperz/Crypto/RSA.js | |||
@@ -1,151 +1,148 @@ | |||
1 | /* | 1 | /* |
2 | 2 | ||
3 | Copyright 2008-2011 Clipperz Srl | 3 | Copyright 2008-2011 Clipperz Srl |
4 | 4 | ||
5 | This file is part of Clipperz's Javascript Crypto Library. | 5 | This file is part of Clipperz Community Edition. |
6 | Javascript Crypto Library provides web developers with an extensive | 6 | Clipperz Community Edition is an online password manager. |
7 | and efficient set of cryptographic functions. The library aims to | ||
8 | obtain maximum execution speed while preserving modularity and | ||
9 | reusability. | ||
10 | For further information about its features and functionalities please | 7 | For further information about its features and functionalities please |
11 | refer to http://www.clipperz.com | 8 | refer to http://www.clipperz.com. |
12 | 9 | ||
13 | * Javascript Crypto Library is free software: you can redistribute | 10 | * Clipperz Community Edition is free software: you can redistribute |
14 | it and/or modify it under the terms of the GNU Affero General Public | 11 | it and/or modify it under the terms of the GNU Affero General Public |
15 | License as published by the Free Software Foundation, either version | 12 | License as published by the Free Software Foundation, either version |
16 | 3 of the License, or (at your option) any later version. | 13 | 3 of the License, or (at your option) any later version. |
17 | 14 | ||
18 | * Javascript Crypto Library is distributed in the hope that it will | 15 | * Clipperz Community Edition is distributed in the hope that it will |
19 | be useful, but WITHOUT ANY WARRANTY; without even the implied | 16 | be useful, but WITHOUT ANY WARRANTY; without even the implied |
20 | warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | 17 | warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
21 | See the GNU Affero General Public License for more details. | 18 | See the GNU Affero General Public License for more details. |
22 | 19 | ||
23 | * You should have received a copy of the GNU Affero General Public | 20 | * You should have received a copy of the GNU Affero General Public |
24 | License along with Javascript Crypto Library. If not, see | 21 | License along with Clipperz Community Edition. If not, see |
25 | <http://www.gnu.org/licenses/>. | 22 | <http://www.gnu.org/licenses/>. |
26 | 23 | ||
27 | */ | 24 | */ |
28 | 25 | ||
29 | try { if (typeof(Clipperz.Crypto.BigInt) == 'undefined') { throw ""; }} catch (e) { | 26 | try { if (typeof(Clipperz.Crypto.BigInt) == 'undefined') { throw ""; }} catch (e) { |
30 | throw "Clipperz.Crypto.RSA depends on Clipperz.Crypto.BigInt!"; | 27 | throw "Clipperz.Crypto.RSA depends on Clipperz.Crypto.BigInt!"; |
31 | } | 28 | } |
32 | 29 | ||
33 | if (typeof(Clipperz.Crypto.RSA) == 'undefined') { Clipperz.Crypto.RSA = {}; } | 30 | if (typeof(Clipperz.Crypto.RSA) == 'undefined') { Clipperz.Crypto.RSA = {}; } |
34 | 31 | ||
35 | Clipperz.Crypto.RSA.VERSION = "0.1"; | 32 | Clipperz.Crypto.RSA.VERSION = "0.1"; |
36 | Clipperz.Crypto.RSA.NAME = "Clipperz.RSA"; | 33 | Clipperz.Crypto.RSA.NAME = "Clipperz.RSA"; |
37 | 34 | ||
38 | //############################################################################# | 35 | //############################################################################# |
39 | 36 | ||
40 | MochiKit.Base.update(Clipperz.Crypto.RSA, { | 37 | MochiKit.Base.update(Clipperz.Crypto.RSA, { |
41 | 38 | ||
42 | //------------------------------------------------------------------------- | 39 | //------------------------------------------------------------------------- |
43 | 40 | ||
44 | 'publicKeyWithValues': function (e, d, n) { | 41 | 'publicKeyWithValues': function (e, d, n) { |
45 | varresult; | 42 | varresult; |
46 | 43 | ||
47 | result = {}; | 44 | result = {}; |
48 | 45 | ||
49 | if (e.isBigInt) { | 46 | if (e.isBigInt) { |
50 | result.e = e; | 47 | result.e = e; |
51 | } else { | 48 | } else { |
52 | result.e = new Clipperz.Crypto.BigInt(e, 16); | 49 | result.e = new Clipperz.Crypto.BigInt(e, 16); |
53 | } | 50 | } |
54 | 51 | ||
55 | if (d.isBigInt) { | 52 | if (d.isBigInt) { |
56 | result.d = d; | 53 | result.d = d; |
57 | } else { | 54 | } else { |
58 | result.d = new Clipperz.Crypto.BigInt(d, 16); | 55 | result.d = new Clipperz.Crypto.BigInt(d, 16); |
59 | } | 56 | } |
60 | 57 | ||
61 | if (n.isBigInt) { | 58 | if (n.isBigInt) { |
62 | result.n = n; | 59 | result.n = n; |
63 | } else { | 60 | } else { |
64 | result.n = new Clipperz.Crypto.BigInt(n, 16); | 61 | result.n = new Clipperz.Crypto.BigInt(n, 16); |
65 | } | 62 | } |
66 | 63 | ||
67 | return result; | 64 | return result; |
68 | }, | 65 | }, |
69 | 66 | ||
70 | 'privateKeyWithValues': function(e, d, n) { | 67 | 'privateKeyWithValues': function(e, d, n) { |
71 | return Clipperz.Crypto.RSA.publicKeyWithValues(e, d, n); | 68 | return Clipperz.Crypto.RSA.publicKeyWithValues(e, d, n); |
72 | }, | 69 | }, |
73 | 70 | ||
74 | //----------------------------------------------------------------------------- | 71 | //----------------------------------------------------------------------------- |
75 | 72 | ||
76 | 'encryptUsingPublicKey': function (aKey, aMessage) { | 73 | 'encryptUsingPublicKey': function (aKey, aMessage) { |
77 | varmessageValue; | 74 | varmessageValue; |
78 | varresult; | 75 | varresult; |
79 | 76 | ||
80 | messageValue = new Clipperz.Crypto.BigInt(aMessage, 16); | 77 | messageValue = new Clipperz.Crypto.BigInt(aMessage, 16); |
81 | result = messageValue.powerModule(aKey.e, aKey.n); | 78 | result = messageValue.powerModule(aKey.e, aKey.n); |
82 | 79 | ||
83 | return result.asString(16); | 80 | return result.asString(16); |
84 | }, | 81 | }, |
85 | 82 | ||
86 | //............................................................................. | 83 | //............................................................................. |
87 | 84 | ||
88 | 'decryptUsingPublicKey': function (aKey, aMessage) { | 85 | 'decryptUsingPublicKey': function (aKey, aMessage) { |
89 | return Clipperz.Crypto.RSA.encryptUsingPublicKey(aKey, aMessage); | 86 | return Clipperz.Crypto.RSA.encryptUsingPublicKey(aKey, aMessage); |
90 | }, | 87 | }, |
91 | 88 | ||
92 | //----------------------------------------------------------------------------- | 89 | //----------------------------------------------------------------------------- |
93 | 90 | ||
94 | 'encryptUsingPrivateKey': function (aKey, aMessage) { | 91 | 'encryptUsingPrivateKey': function (aKey, aMessage) { |
95 | varmessageValue; | 92 | varmessageValue; |
96 | varresult; | 93 | varresult; |
97 | 94 | ||
98 | messageValue = new Clipperz.Crypto.BigInt(aMessage, 16); | 95 | messageValue = new Clipperz.Crypto.BigInt(aMessage, 16); |
99 | result = messageValue.powerModule(aKey.d, aKey.n); | 96 | result = messageValue.powerModule(aKey.d, aKey.n); |
100 | 97 | ||
101 | return result.asString(16); | 98 | return result.asString(16); |
102 | }, | 99 | }, |
103 | 100 | ||
104 | //............................................................................. | 101 | //............................................................................. |
105 | 102 | ||
106 | 'decryptUsingPrivateKey': function (aKey, aMessage) { | 103 | 'decryptUsingPrivateKey': function (aKey, aMessage) { |
107 | return Clipperz.Crypto.RSA.encryptUsingPrivateKey(aKey, aMessage); | 104 | return Clipperz.Crypto.RSA.encryptUsingPrivateKey(aKey, aMessage); |
108 | }, | 105 | }, |
109 | 106 | ||
110 | //----------------------------------------------------------------------------- | 107 | //----------------------------------------------------------------------------- |
111 | 108 | ||
112 | 'generatePublicKey': function(aNumberOfBits) { | 109 | 'generatePublicKey': function(aNumberOfBits) { |
113 | varresult; | 110 | varresult; |
114 | vare; | 111 | vare; |
115 | vard; | 112 | vard; |
116 | varn; | 113 | varn; |
117 | 114 | ||
118 | e = new Clipperz.Crypto.BigInt("10001", 16); | 115 | e = new Clipperz.Crypto.BigInt("10001", 16); |
119 | 116 | ||
120 | { | 117 | { |
121 | var p, q; | 118 | var p, q; |
122 | varphi; | 119 | varphi; |
123 | 120 | ||
124 | do { | 121 | do { |
125 | p = Clipperz.Crypto.BigInt.randomPrime(aNumberOfBits); | 122 | p = Clipperz.Crypto.BigInt.randomPrime(aNumberOfBits); |
126 | } while (p.module(e).equals(1)); | 123 | } while (p.module(e).equals(1)); |
127 | 124 | ||
128 | do { | 125 | do { |
129 | q = Clipperz.Crypto.BigInt.randomPrime(aNumberOfBits); | 126 | q = Clipperz.Crypto.BigInt.randomPrime(aNumberOfBits); |
130 | } while ((q.equals(p)) || (q.module(e).equals(1))); | 127 | } while ((q.equals(p)) || (q.module(e).equals(1))); |
131 | 128 | ||
132 | n = p.multiply(q); | 129 | n = p.multiply(q); |
133 | phi = (p.subtract(1).multiply(q.subtract(1))); | 130 | phi = (p.subtract(1).multiply(q.subtract(1))); |
134 | d = e.powerModule(-1, phi); | 131 | d = e.powerModule(-1, phi); |
135 | } | 132 | } |
136 | 133 | ||
137 | result = Clipperz.Crypto.RSA.publicKeyWithValues(e, d, n); | 134 | result = Clipperz.Crypto.RSA.publicKeyWithValues(e, d, n); |
138 | 135 | ||
139 | return result; | 136 | return result; |
140 | }, | 137 | }, |
141 | 138 | ||
142 | //------------------------------------------------------------------------- | 139 | //------------------------------------------------------------------------- |
143 | 140 | ||
144 | __syntaxFix__: "syntax fix" | 141 | __syntaxFix__: "syntax fix" |
145 | 142 | ||
146 | //------------------------------------------------------------------------- | 143 | //------------------------------------------------------------------------- |
147 | 144 | ||
148 | }); | 145 | }); |
149 | 146 | ||
150 | //############################################################################# | 147 | //############################################################################# |
151 | 148 | ||
diff --git a/frontend/beta/js/Clipperz/Crypto/SHA.js b/frontend/beta/js/Clipperz/Crypto/SHA.js index bb50b4f..635eb90 100644 --- a/frontend/beta/js/Clipperz/Crypto/SHA.js +++ b/frontend/beta/js/Clipperz/Crypto/SHA.js | |||
@@ -1,296 +1,293 @@ | |||
1 | /* | 1 | /* |
2 | 2 | ||
3 | Copyright 2008-2011 Clipperz Srl | 3 | Copyright 2008-2011 Clipperz Srl |
4 | 4 | ||
5 | This file is part of Clipperz's Javascript Crypto Library. | 5 | This file is part of Clipperz Community Edition. |
6 | Javascript Crypto Library provides web developers with an extensive | 6 | Clipperz Community Edition is an online password manager. |
7 | and efficient set of cryptographic functions. The library aims to | ||
8 | obtain maximum execution speed while preserving modularity and | ||
9 | reusability. | ||
10 | For further information about its features and functionalities please | 7 | For further information about its features and functionalities please |
11 | refer to http://www.clipperz.com | 8 | refer to http://www.clipperz.com. |
12 | 9 | ||
13 | * Javascript Crypto Library is free software: you can redistribute | 10 | * Clipperz Community Edition is free software: you can redistribute |
14 | it and/or modify it under the terms of the GNU Affero General Public | 11 | it and/or modify it under the terms of the GNU Affero General Public |
15 | License as published by the Free Software Foundation, either version | 12 | License as published by the Free Software Foundation, either version |
16 | 3 of the License, or (at your option) any later version. | 13 | 3 of the License, or (at your option) any later version. |
17 | 14 | ||
18 | * Javascript Crypto Library is distributed in the hope that it will | 15 | * Clipperz Community Edition is distributed in the hope that it will |
19 | be useful, but WITHOUT ANY WARRANTY; without even the implied | 16 | be useful, but WITHOUT ANY WARRANTY; without even the implied |
20 | warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | 17 | warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
21 | See the GNU Affero General Public License for more details. | 18 | See the GNU Affero General Public License for more details. |
22 | 19 | ||
23 | * You should have received a copy of the GNU Affero General Public | 20 | * You should have received a copy of the GNU Affero General Public |
24 | License along with Javascript Crypto Library. If not, see | 21 | License along with Clipperz Community Edition. If not, see |
25 | <http://www.gnu.org/licenses/>. | 22 | <http://www.gnu.org/licenses/>. |
26 | 23 | ||
27 | */ | 24 | */ |
28 | 25 | ||
29 | try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) { | 26 | try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) { |
30 | throw "Clipperz.Crypto.PRNG depends on Clipperz.ByteArray!"; | 27 | throw "Clipperz.Crypto.PRNG depends on Clipperz.ByteArray!"; |
31 | } | 28 | } |
32 | 29 | ||
33 | if (typeof(Clipperz.Crypto) == 'undefined') { Clipperz.Crypto = {}; } | 30 | if (typeof(Clipperz.Crypto) == 'undefined') { Clipperz.Crypto = {}; } |
34 | if (typeof(Clipperz.Crypto.SHA) == 'undefined') { Clipperz.Crypto.SHA = {}; } | 31 | if (typeof(Clipperz.Crypto.SHA) == 'undefined') { Clipperz.Crypto.SHA = {}; } |
35 | 32 | ||
36 | Clipperz.Crypto.SHA.VERSION = "0.3"; | 33 | Clipperz.Crypto.SHA.VERSION = "0.3"; |
37 | Clipperz.Crypto.SHA.NAME = "Clipperz.Crypto.SHA"; | 34 | Clipperz.Crypto.SHA.NAME = "Clipperz.Crypto.SHA"; |
38 | 35 | ||
39 | MochiKit.Base.update(Clipperz.Crypto.SHA, { | 36 | MochiKit.Base.update(Clipperz.Crypto.SHA, { |
40 | 37 | ||
41 | '__repr__': function () { | 38 | '__repr__': function () { |
42 | return "[" + this.NAME + " " + this.VERSION + "]"; | 39 | return "[" + this.NAME + " " + this.VERSION + "]"; |
43 | }, | 40 | }, |
44 | 41 | ||
45 | 'toString': function () { | 42 | 'toString': function () { |
46 | return this.__repr__(); | 43 | return this.__repr__(); |
47 | }, | 44 | }, |
48 | 45 | ||
49 | //----------------------------------------------------------------------------- | 46 | //----------------------------------------------------------------------------- |
50 | 47 | ||
51 | 'rotateRight': function(aValue, aNumberOfBits) { | 48 | 'rotateRight': function(aValue, aNumberOfBits) { |
52 | //Clipperz.Profile.start("Clipperz.Crypto.SHA.rotateRight"); | 49 | //Clipperz.Profile.start("Clipperz.Crypto.SHA.rotateRight"); |
53 | var result; | 50 | var result; |
54 | 51 | ||
55 | result = (aValue >>> aNumberOfBits) | (aValue << (32 - aNumberOfBits)); | 52 | result = (aValue >>> aNumberOfBits) | (aValue << (32 - aNumberOfBits)); |
56 | 53 | ||
57 | //Clipperz.Profile.stop("Clipperz.Crypto.SHA.rotateRight"); | 54 | //Clipperz.Profile.stop("Clipperz.Crypto.SHA.rotateRight"); |
58 | return result; | 55 | return result; |
59 | }, | 56 | }, |
60 | 57 | ||
61 | 'shiftRight': function(aValue, aNumberOfBits) { | 58 | 'shiftRight': function(aValue, aNumberOfBits) { |
62 | //Clipperz.Profile.start("Clipperz.Crypto.SHA.shiftRight"); | 59 | //Clipperz.Profile.start("Clipperz.Crypto.SHA.shiftRight"); |
63 | var result; | 60 | var result; |
64 | 61 | ||
65 | result = aValue >>> aNumberOfBits; | 62 | result = aValue >>> aNumberOfBits; |
66 | 63 | ||
67 | //Clipperz.Profile.stop("Clipperz.Crypto.SHA.shiftRight"); | 64 | //Clipperz.Profile.stop("Clipperz.Crypto.SHA.shiftRight"); |
68 | return result; | 65 | return result; |
69 | }, | 66 | }, |
70 | 67 | ||
71 | //----------------------------------------------------------------------------- | 68 | //----------------------------------------------------------------------------- |
72 | 69 | ||
73 | 'safeAdd': function() { | 70 | 'safeAdd': function() { |
74 | //Clipperz.Profile.start("Clipperz.Crypto.SHA.safeAdd"); | 71 | //Clipperz.Profile.start("Clipperz.Crypto.SHA.safeAdd"); |
75 | varresult; | 72 | varresult; |
76 | vari, c; | 73 | vari, c; |
77 | 74 | ||
78 | result = arguments[0]; | 75 | result = arguments[0]; |
79 | c = arguments.length; | 76 | c = arguments.length; |
80 | for (i=1; i<c; i++) { | 77 | for (i=1; i<c; i++) { |
81 | varlowerBytesSum; | 78 | varlowerBytesSum; |
82 | 79 | ||
83 | lowerBytesSum = (result & 0xffff) + (arguments[i] & 0xffff); | 80 | lowerBytesSum = (result & 0xffff) + (arguments[i] & 0xffff); |
84 | result = (((result >> 16) + (arguments[i] >> 16) + (lowerBytesSum >> 16)) << 16) | (lowerBytesSum & 0xffff); | 81 | result = (((result >> 16) + (arguments[i] >> 16) + (lowerBytesSum >> 16)) << 16) | (lowerBytesSum & 0xffff); |
85 | } | 82 | } |
86 | 83 | ||
87 | //Clipperz.Profile.stop("Clipperz.Crypto.SHA.safeAdd"); | 84 | //Clipperz.Profile.stop("Clipperz.Crypto.SHA.safeAdd"); |
88 | return result; | 85 | return result; |
89 | }, | 86 | }, |
90 | 87 | ||
91 | //----------------------------------------------------------------------------- | 88 | //----------------------------------------------------------------------------- |
92 | 89 | ||
93 | 'sha256_array': function(aValue) { | 90 | 'sha256_array': function(aValue) { |
94 | //Clipperz.Profile.start("Clipperz.Crypto.SHA.sha256_array"); | 91 | //Clipperz.Profile.start("Clipperz.Crypto.SHA.sha256_array"); |
95 | varresult; | 92 | varresult; |
96 | varmessage; | 93 | varmessage; |
97 | var h0, h1, h2, h3, h4, h5, h6, h7; | 94 | var h0, h1, h2, h3, h4, h5, h6, h7; |
98 | vark; | 95 | vark; |
99 | varmessageLength; | 96 | varmessageLength; |
100 | varmessageLengthInBits; | 97 | varmessageLengthInBits; |
101 | var_i, _c; | 98 | var_i, _c; |
102 | var charBits; | 99 | var charBits; |
103 | var rotateRight; | 100 | var rotateRight; |
104 | var shiftRight; | 101 | var shiftRight; |
105 | var safeAdd; | 102 | var safeAdd; |
106 | varbytesPerBlock; | 103 | varbytesPerBlock; |
107 | var currentMessageIndex; | 104 | var currentMessageIndex; |
108 | 105 | ||
109 | bytesPerBlock = 512/8; | 106 | bytesPerBlock = 512/8; |
110 | rotateRight = Clipperz.Crypto.SHA.rotateRight; | 107 | rotateRight = Clipperz.Crypto.SHA.rotateRight; |
111 | shiftRight = Clipperz.Crypto.SHA.shiftRight; | 108 | shiftRight = Clipperz.Crypto.SHA.shiftRight; |
112 | safeAdd = Clipperz.Crypto.SHA.safeAdd; | 109 | safeAdd = Clipperz.Crypto.SHA.safeAdd; |
113 | 110 | ||
114 | charBits = 8; | 111 | charBits = 8; |
115 | 112 | ||
116 | h0 = 0x6a09e667; | 113 | h0 = 0x6a09e667; |
117 | h1 = 0xbb67ae85; | 114 | h1 = 0xbb67ae85; |
118 | h2 = 0x3c6ef372; | 115 | h2 = 0x3c6ef372; |
119 | h3 = 0xa54ff53a; | 116 | h3 = 0xa54ff53a; |
120 | h4 = 0x510e527f; | 117 | h4 = 0x510e527f; |
121 | h5 = 0x9b05688c; | 118 | h5 = 0x9b05688c; |
122 | h6 = 0x1f83d9ab; | 119 | h6 = 0x1f83d9ab; |
123 | h7 = 0x5be0cd19; | 120 | h7 = 0x5be0cd19; |
124 | 121 | ||
125 | k = [0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, | 122 | k = [0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, |
126 | 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, | 123 | 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, |
127 | 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, | 124 | 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, |
128 | 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, | 125 | 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, |
129 | 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, | 126 | 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, |
130 | 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, | 127 | 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, |
131 | 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, | 128 | 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, |
132 | 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2]; | 129 | 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2]; |
133 | 130 | ||
134 | message = aValue; | 131 | message = aValue; |
135 | messageLength = message.length; | 132 | messageLength = message.length; |
136 | 133 | ||
137 | //Pre-processing: | 134 | //Pre-processing: |
138 | message.push(0x80); //append a single "1" bit to message | 135 | message.push(0x80); //append a single "1" bit to message |
139 | 136 | ||
140 | _c = (512 - (((messageLength + 1) * charBits) % 512) - 64) / charBits; | 137 | _c = (512 - (((messageLength + 1) * charBits) % 512) - 64) / charBits; |
141 | for (_i=0; _i<_c; _i++) { | 138 | for (_i=0; _i<_c; _i++) { |
142 | message.push(0x00); //append "0" bits until message length ≡ 448 ≡ -64 (mod 512) | 139 | message.push(0x00); //append "0" bits until message length ≡ 448 ≡ -64 (mod 512) |
143 | } | 140 | } |
144 | messageLengthInBits = messageLength * charBits; | 141 | messageLengthInBits = messageLength * charBits; |
145 | message.push(0x00); //the 4 most high byte are alway 0 as message length is represented with a 32bit value; | 142 | message.push(0x00); //the 4 most high byte are alway 0 as message length is represented with a 32bit value; |
146 | message.push(0x00); | 143 | message.push(0x00); |
147 | message.push(0x00); | 144 | message.push(0x00); |
148 | message.push(0x00); | 145 | message.push(0x00); |
149 | message.push((messageLengthInBits >> 24)& 0xff); | 146 | message.push((messageLengthInBits >> 24)& 0xff); |
150 | message.push((messageLengthInBits >> 16)& 0xff); | 147 | message.push((messageLengthInBits >> 16)& 0xff); |
151 | message.push((messageLengthInBits >> 8) & 0xff); | 148 | message.push((messageLengthInBits >> 8) & 0xff); |
152 | message.push( messageLengthInBits & 0xff); | 149 | message.push( messageLengthInBits & 0xff); |
153 | 150 | ||
154 | currentMessageIndex = 0; | 151 | currentMessageIndex = 0; |
155 | while(currentMessageIndex < message.length) { | 152 | while(currentMessageIndex < message.length) { |
156 | varw; | 153 | varw; |
157 | vara, b, c, d, e, f, g, h; | 154 | vara, b, c, d, e, f, g, h; |
158 | 155 | ||
159 | w = Array(64); | 156 | w = Array(64); |
160 | 157 | ||
161 | _c = 16; | 158 | _c = 16; |
162 | for (_i=0; _i<_c; _i++) { | 159 | for (_i=0; _i<_c; _i++) { |
163 | var _j; | 160 | var _j; |
164 | 161 | ||
165 | _j = currentMessageIndex + _i*4; | 162 | _j = currentMessageIndex + _i*4; |
166 | w[_i] = (message[_j] << 24) | (message[_j + 1] << 16) | (message[_j + 2] << 8) | (message[_j + 3] << 0); | 163 | w[_i] = (message[_j] << 24) | (message[_j + 1] << 16) | (message[_j + 2] << 8) | (message[_j + 3] << 0); |
167 | } | 164 | } |
168 | 165 | ||
169 | _c = 64; | 166 | _c = 64; |
170 | for (_i=16; _i<_c; _i++) { | 167 | for (_i=16; _i<_c; _i++) { |
171 | vars0, s1; | 168 | vars0, s1; |
172 | 169 | ||
173 | s0 = (rotateRight(w[_i-15], 7)) ^ (rotateRight(w[_i-15], 18)) ^ (shiftRight(w[_i-15], 3)); | 170 | s0 = (rotateRight(w[_i-15], 7)) ^ (rotateRight(w[_i-15], 18)) ^ (shiftRight(w[_i-15], 3)); |
174 | s1 = (rotateRight(w[_i-2], 17)) ^ (rotateRight(w[_i-2], 19)) ^ (shiftRight(w[_i-2], 10)); | 171 | s1 = (rotateRight(w[_i-2], 17)) ^ (rotateRight(w[_i-2], 19)) ^ (shiftRight(w[_i-2], 10)); |
175 | w[_i] = safeAdd(w[_i-16], s0, w[_i-7], s1); | 172 | w[_i] = safeAdd(w[_i-16], s0, w[_i-7], s1); |
176 | } | 173 | } |
177 | 174 | ||
178 | a=h0; b=h1; c=h2; d=h3; e=h4; f=h5; g=h6; h=h7; | 175 | a=h0; b=h1; c=h2; d=h3; e=h4; f=h5; g=h6; h=h7; |
179 | 176 | ||
180 | _c = 64; | 177 | _c = 64; |
181 | for (_i=0; _i<_c; _i++) { | 178 | for (_i=0; _i<_c; _i++) { |
182 | var s0, s1, ch, maj, t1, t2; | 179 | var s0, s1, ch, maj, t1, t2; |
183 | 180 | ||
184 | s0 = (rotateRight(a, 2)) ^ (rotateRight(a, 13)) ^ (rotateRight(a, 22)); | 181 | s0 = (rotateRight(a, 2)) ^ (rotateRight(a, 13)) ^ (rotateRight(a, 22)); |
185 | maj = (a & b) ^ (a & c) ^ (b & c); | 182 | maj = (a & b) ^ (a & c) ^ (b & c); |
186 | t2 = safeAdd(s0, maj); | 183 | t2 = safeAdd(s0, maj); |
187 | s1 = (rotateRight(e, 6)) ^ (rotateRight(e, 11)) ^ (rotateRight(e, 25)); | 184 | s1 = (rotateRight(e, 6)) ^ (rotateRight(e, 11)) ^ (rotateRight(e, 25)); |
188 | ch = (e & f) ^ ((~e) & g); | 185 | ch = (e & f) ^ ((~e) & g); |
189 | t1 = safeAdd(h, s1, ch, k[_i], w[_i]); | 186 | t1 = safeAdd(h, s1, ch, k[_i], w[_i]); |
190 | 187 | ||
191 | h = g; | 188 | h = g; |
192 | g = f; | 189 | g = f; |
193 | f = e; | 190 | f = e; |
194 | e = safeAdd(d, t1); | 191 | e = safeAdd(d, t1); |
195 | d = c; | 192 | d = c; |
196 | c = b; | 193 | c = b; |
197 | b = a; | 194 | b = a; |
198 | a = safeAdd(t1, t2); | 195 | a = safeAdd(t1, t2); |
199 | } | 196 | } |
200 | 197 | ||
201 | h0 = safeAdd(h0, a); | 198 | h0 = safeAdd(h0, a); |
202 | h1 = safeAdd(h1, b); | 199 | h1 = safeAdd(h1, b); |
203 | h2 = safeAdd(h2, c); | 200 | h2 = safeAdd(h2, c); |
204 | h3 = safeAdd(h3, d); | 201 | h3 = safeAdd(h3, d); |
205 | h4 = safeAdd(h4, e); | 202 | h4 = safeAdd(h4, e); |
206 | h5 = safeAdd(h5, f); | 203 | h5 = safeAdd(h5, f); |
207 | h6 = safeAdd(h6, g); | 204 | h6 = safeAdd(h6, g); |
208 | h7 = safeAdd(h7, h); | 205 | h7 = safeAdd(h7, h); |
209 | 206 | ||
210 | currentMessageIndex += bytesPerBlock; | 207 | currentMessageIndex += bytesPerBlock; |
211 | } | 208 | } |
212 | 209 | ||
213 | result = new Array(256/8); | 210 | result = new Array(256/8); |
214 | result[0] = (h0 >> 24)& 0xff; | 211 | result[0] = (h0 >> 24)& 0xff; |
215 | result[1] = (h0 >> 16)& 0xff; | 212 | result[1] = (h0 >> 16)& 0xff; |
216 | result[2] = (h0 >> 8)& 0xff; | 213 | result[2] = (h0 >> 8)& 0xff; |
217 | result[3] = h0 & 0xff; | 214 | result[3] = h0 & 0xff; |
218 | 215 | ||
219 | result[4] = (h1 >> 24)& 0xff; | 216 | result[4] = (h1 >> 24)& 0xff; |
220 | result[5] = (h1 >> 16)& 0xff; | 217 | result[5] = (h1 >> 16)& 0xff; |
221 | result[6] = (h1 >> 8)& 0xff; | 218 | result[6] = (h1 >> 8)& 0xff; |
222 | result[7] = h1 & 0xff; | 219 | result[7] = h1 & 0xff; |
223 | 220 | ||
224 | result[8] = (h2 >> 24)& 0xff; | 221 | result[8] = (h2 >> 24)& 0xff; |
225 | result[9] = (h2 >> 16)& 0xff; | 222 | result[9] = (h2 >> 16)& 0xff; |
226 | result[10] = (h2 >> 8)& 0xff; | 223 | result[10] = (h2 >> 8)& 0xff; |
227 | result[11] = h2 & 0xff; | 224 | result[11] = h2 & 0xff; |
228 | 225 | ||
229 | result[12] = (h3 >> 24)& 0xff; | 226 | result[12] = (h3 >> 24)& 0xff; |
230 | result[13] = (h3 >> 16)& 0xff; | 227 | result[13] = (h3 >> 16)& 0xff; |
231 | result[14] = (h3 >> 8)& 0xff; | 228 | result[14] = (h3 >> 8)& 0xff; |
232 | result[15] = h3 & 0xff; | 229 | result[15] = h3 & 0xff; |
233 | 230 | ||
234 | result[16] = (h4 >> 24)& 0xff; | 231 | result[16] = (h4 >> 24)& 0xff; |
235 | result[17] = (h4 >> 16)& 0xff; | 232 | result[17] = (h4 >> 16)& 0xff; |
236 | result[18] = (h4 >> 8)& 0xff; | 233 | result[18] = (h4 >> 8)& 0xff; |
237 | result[19] = h4 & 0xff; | 234 | result[19] = h4 & 0xff; |
238 | 235 | ||
239 | result[20] = (h5 >> 24)& 0xff; | 236 | result[20] = (h5 >> 24)& 0xff; |
240 | result[21] = (h5 >> 16)& 0xff; | 237 | result[21] = (h5 >> 16)& 0xff; |
241 | result[22] = (h5 >> 8)& 0xff; | 238 | result[22] = (h5 >> 8)& 0xff; |
242 | result[23] = h5 & 0xff; | 239 | result[23] = h5 & 0xff; |
243 | 240 | ||
244 | result[24] = (h6 >> 24)& 0xff; | 241 | result[24] = (h6 >> 24)& 0xff; |
245 | result[25] = (h6 >> 16)& 0xff; | 242 | result[25] = (h6 >> 16)& 0xff; |
246 | result[26] = (h6 >> 8)& 0xff; | 243 | result[26] = (h6 >> 8)& 0xff; |
247 | result[27] = h6 & 0xff; | 244 | result[27] = h6 & 0xff; |
248 | 245 | ||
249 | result[28] = (h7 >> 24)& 0xff; | 246 | result[28] = (h7 >> 24)& 0xff; |
250 | result[29] = (h7 >> 16)& 0xff; | 247 | result[29] = (h7 >> 16)& 0xff; |
251 | result[30] = (h7 >> 8)& 0xff; | 248 | result[30] = (h7 >> 8)& 0xff; |
252 | result[31] = h7 & 0xff; | 249 | result[31] = h7 & 0xff; |
253 | 250 | ||
254 | //Clipperz.Profile.stop("Clipperz.Crypto.SHA.sha256_array"); | 251 | //Clipperz.Profile.stop("Clipperz.Crypto.SHA.sha256_array"); |
255 | return result; | 252 | return result; |
256 | }, | 253 | }, |
257 | 254 | ||
258 | //----------------------------------------------------------------------------- | 255 | //----------------------------------------------------------------------------- |
259 | 256 | ||
260 | 'sha256': function(aValue) { | 257 | 'sha256': function(aValue) { |
261 | //Clipperz.Profile.start("Clipperz.Crypto.SHA.sha256"); | 258 | //Clipperz.Profile.start("Clipperz.Crypto.SHA.sha256"); |
262 | var result; | 259 | var result; |
263 | var resultArray; | 260 | var resultArray; |
264 | varvalueArray; | 261 | varvalueArray; |
265 | 262 | ||
266 | valueArray = aValue.arrayValues(); | 263 | valueArray = aValue.arrayValues(); |
267 | resultArray = Clipperz.Crypto.SHA.sha256_array(valueArray); | 264 | resultArray = Clipperz.Crypto.SHA.sha256_array(valueArray); |
268 | 265 | ||
269 | result = new Clipperz.ByteArray(resultArray); | 266 | result = new Clipperz.ByteArray(resultArray); |
270 | 267 | ||
271 | //Clipperz.Profile.stop("Clipperz.Crypto.SHA.sha256"); | 268 | //Clipperz.Profile.stop("Clipperz.Crypto.SHA.sha256"); |
272 | return result; | 269 | return result; |
273 | }, | 270 | }, |
274 | 271 | ||
275 | //----------------------------------------------------------------------------- | 272 | //----------------------------------------------------------------------------- |
276 | 273 | ||
277 | 'sha_d256': function(aValue) { | 274 | 'sha_d256': function(aValue) { |
278 | //Clipperz.Profile.start("Clipperz.Crypto.SHA.sha_d256"); | 275 | //Clipperz.Profile.start("Clipperz.Crypto.SHA.sha_d256"); |
279 | var result; | 276 | var result; |
280 | var resultArray; | 277 | var resultArray; |
281 | varvalueArray; | 278 | varvalueArray; |
282 | 279 | ||
283 | valueArray = aValue.arrayValues(); | 280 | valueArray = aValue.arrayValues(); |
284 | resultArray = Clipperz.Crypto.SHA.sha256_array(valueArray); | 281 | resultArray = Clipperz.Crypto.SHA.sha256_array(valueArray); |
285 | resultArray = Clipperz.Crypto.SHA.sha256_array(resultArray); | 282 | resultArray = Clipperz.Crypto.SHA.sha256_array(resultArray); |
286 | 283 | ||
287 | result = new Clipperz.ByteArray(resultArray); | 284 | result = new Clipperz.ByteArray(resultArray); |
288 | 285 | ||
289 | //Clipperz.Profile.stop("Clipperz.Crypto.SHA.sha256"); | 286 | //Clipperz.Profile.stop("Clipperz.Crypto.SHA.sha256"); |
290 | return result; | 287 | return result; |
291 | }, | 288 | }, |
292 | 289 | ||
293 | //----------------------------------------------------------------------------- | 290 | //----------------------------------------------------------------------------- |
294 | __syntaxFix__: "syntax fix" | 291 | __syntaxFix__: "syntax fix" |
295 | 292 | ||
296 | }); | 293 | }); |
diff --git a/frontend/beta/js/Clipperz/Crypto/SRP.js b/frontend/beta/js/Clipperz/Crypto/SRP.js index 0eef6ec..3b25275 100644 --- a/frontend/beta/js/Clipperz/Crypto/SRP.js +++ b/frontend/beta/js/Clipperz/Crypto/SRP.js | |||
@@ -1,331 +1,328 @@ | |||
1 | /* | 1 | /* |
2 | 2 | ||
3 | Copyright 2008-2011 Clipperz Srl | 3 | Copyright 2008-2011 Clipperz Srl |
4 | 4 | ||
5 | This file is part of Clipperz's Javascript Crypto Library. | 5 | This file is part of Clipperz Community Edition. |
6 | Javascript Crypto Library provides web developers with an extensive | 6 | Clipperz Community Edition is an online password manager. |
7 | and efficient set of cryptographic functions. The library aims to | ||
8 | obtain maximum execution speed while preserving modularity and | ||
9 | reusability. | ||
10 | For further information about its features and functionalities please | 7 | For further information about its features and functionalities please |
11 | refer to http://www.clipperz.com | 8 | refer to http://www.clipperz.com. |
12 | 9 | ||
13 | * Javascript Crypto Library is free software: you can redistribute | 10 | * Clipperz Community Edition is free software: you can redistribute |
14 | it and/or modify it under the terms of the GNU Affero General Public | 11 | it and/or modify it under the terms of the GNU Affero General Public |
15 | License as published by the Free Software Foundation, either version | 12 | License as published by the Free Software Foundation, either version |
16 | 3 of the License, or (at your option) any later version. | 13 | 3 of the License, or (at your option) any later version. |
17 | 14 | ||
18 | * Javascript Crypto Library is distributed in the hope that it will | 15 | * Clipperz Community Edition is distributed in the hope that it will |
19 | be useful, but WITHOUT ANY WARRANTY; without even the implied | 16 | be useful, but WITHOUT ANY WARRANTY; without even the implied |
20 | warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | 17 | warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
21 | See the GNU Affero General Public License for more details. | 18 | See the GNU Affero General Public License for more details. |
22 | 19 | ||
23 | * You should have received a copy of the GNU Affero General Public | 20 | * You should have received a copy of the GNU Affero General Public |
24 | License along with Javascript Crypto Library. If not, see | 21 | License along with Clipperz Community Edition. If not, see |
25 | <http://www.gnu.org/licenses/>. | 22 | <http://www.gnu.org/licenses/>. |
26 | 23 | ||
27 | */ | 24 | */ |
28 | 25 | ||
29 | try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) { | 26 | try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) { |
30 | throw "Clipperz.Crypto.PRNG depends on Clipperz.ByteArray!"; | 27 | throw "Clipperz.Crypto.PRNG depends on Clipperz.ByteArray!"; |
31 | } | 28 | } |
32 | 29 | ||
33 | try { if (typeof(Clipperz.Crypto.BigInt) == 'undefined') { throw ""; }} catch (e) { | 30 | try { if (typeof(Clipperz.Crypto.BigInt) == 'undefined') { throw ""; }} catch (e) { |
34 | throw "Clipperz.Crypto.SRP depends on Clipperz.Crypto.BigInt!"; | 31 | throw "Clipperz.Crypto.SRP depends on Clipperz.Crypto.BigInt!"; |
35 | } | 32 | } |
36 | 33 | ||
37 | try { if (typeof(Clipperz.Crypto.PRNG) == 'undefined') { throw ""; }} catch (e) { | 34 | try { if (typeof(Clipperz.Crypto.PRNG) == 'undefined') { throw ""; }} catch (e) { |
38 | throw "Clipperz.Crypto.SRP depends on Clipperz.Crypto.PRNG!"; | 35 | throw "Clipperz.Crypto.SRP depends on Clipperz.Crypto.PRNG!"; |
39 | } | 36 | } |
40 | 37 | ||
41 | if (typeof(Clipperz.Crypto.SRP) == 'undefined') { Clipperz.Crypto.SRP = {}; } | 38 | if (typeof(Clipperz.Crypto.SRP) == 'undefined') { Clipperz.Crypto.SRP = {}; } |
42 | 39 | ||
43 | Clipperz.Crypto.SRP.VERSION = "0.1"; | 40 | Clipperz.Crypto.SRP.VERSION = "0.1"; |
44 | Clipperz.Crypto.SRP.NAME = "Clipperz.Crypto.SRP"; | 41 | Clipperz.Crypto.SRP.NAME = "Clipperz.Crypto.SRP"; |
45 | 42 | ||
46 | //############################################################################# | 43 | //############################################################################# |
47 | 44 | ||
48 | MochiKit.Base.update(Clipperz.Crypto.SRP, { | 45 | MochiKit.Base.update(Clipperz.Crypto.SRP, { |
49 | 46 | ||
50 | '_n': null, | 47 | '_n': null, |
51 | '_g': null, | 48 | '_g': null, |
52 | //------------------------------------------------------------------------- | 49 | //------------------------------------------------------------------------- |
53 | 50 | ||
54 | 'n': function() { | 51 | 'n': function() { |
55 | if (Clipperz.Crypto.SRP._n == null) { | 52 | if (Clipperz.Crypto.SRP._n == null) { |
56 | Clipperz.Crypto.SRP._n = new Clipperz.Crypto.BigInt("115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3", 16); | 53 | Clipperz.Crypto.SRP._n = new Clipperz.Crypto.BigInt("115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3", 16); |
57 | } | 54 | } |
58 | 55 | ||
59 | return Clipperz.Crypto.SRP._n; | 56 | return Clipperz.Crypto.SRP._n; |
60 | }, | 57 | }, |
61 | 58 | ||
62 | //------------------------------------------------------------------------- | 59 | //------------------------------------------------------------------------- |
63 | 60 | ||
64 | 'g': function() { | 61 | 'g': function() { |
65 | if (Clipperz.Crypto.SRP._g == null) { | 62 | if (Clipperz.Crypto.SRP._g == null) { |
66 | Clipperz.Crypto.SRP._g = new Clipperz.Crypto.BigInt(2); //eventually 5 (as suggested on the Diffi-Helmann documentation) | 63 | Clipperz.Crypto.SRP._g = new Clipperz.Crypto.BigInt(2); //eventually 5 (as suggested on the Diffi-Helmann documentation) |
67 | } | 64 | } |
68 | 65 | ||
69 | return Clipperz.Crypto.SRP._g; | 66 | return Clipperz.Crypto.SRP._g; |
70 | }, | 67 | }, |
71 | 68 | ||
72 | //----------------------------------------------------------------------------- | 69 | //----------------------------------------------------------------------------- |
73 | 70 | ||
74 | 'exception': { | 71 | 'exception': { |
75 | 'InvalidValue': new MochiKit.Base.NamedError("Clipperz.Crypto.SRP.exception.InvalidValue") | 72 | 'InvalidValue': new MochiKit.Base.NamedError("Clipperz.Crypto.SRP.exception.InvalidValue") |
76 | }, | 73 | }, |
77 | 74 | ||
78 | //------------------------------------------------------------------------- | 75 | //------------------------------------------------------------------------- |
79 | __syntaxFix__: "syntax fix" | 76 | __syntaxFix__: "syntax fix" |
80 | 77 | ||
81 | }); | 78 | }); |
82 | 79 | ||
83 | //############################################################################# | 80 | //############################################################################# |
84 | // | 81 | // |
85 | // S R P C o n n e c t i o n version 1.0 | 82 | // S R P C o n n e c t i o n version 1.0 |
86 | // | 83 | // |
87 | //============================================================================= | 84 | //============================================================================= |
88 | Clipperz.Crypto.SRP.Connection = function (args) { | 85 | Clipperz.Crypto.SRP.Connection = function (args) { |
89 | args = args || {}; | 86 | args = args || {}; |
90 | 87 | ||
91 | this._C = args.C; | 88 | this._C = args.C; |
92 | this._P = args.P; | 89 | this._P = args.P; |
93 | this.hash = args.hash; | 90 | this.hash = args.hash; |
94 | 91 | ||
95 | this._a = null; | 92 | this._a = null; |
96 | this._A = null; | 93 | this._A = null; |
97 | 94 | ||
98 | this._s = null; | 95 | this._s = null; |
99 | this._B = null; | 96 | this._B = null; |
100 | 97 | ||
101 | this._x = null; | 98 | this._x = null; |
102 | 99 | ||
103 | this._u = null; | 100 | this._u = null; |
104 | this._K = null; | 101 | this._K = null; |
105 | this._M1 = null; | 102 | this._M1 = null; |
106 | this._M2 = null; | 103 | this._M2 = null; |
107 | 104 | ||
108 | this._sessionKey = null; | 105 | this._sessionKey = null; |
109 | 106 | ||
110 | return this; | 107 | return this; |
111 | } | 108 | } |
112 | 109 | ||
113 | Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { | 110 | Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, { |
114 | 111 | ||
115 | 'toString': function () { | 112 | 'toString': function () { |
116 | return "Clipperz.Crypto.SRP.Connection (username: " + this.username() + "). Status: " + this.statusDescription(); | 113 | return "Clipperz.Crypto.SRP.Connection (username: " + this.username() + "). Status: " + this.statusDescription(); |
117 | }, | 114 | }, |
118 | 115 | ||
119 | //------------------------------------------------------------------------- | 116 | //------------------------------------------------------------------------- |
120 | 117 | ||
121 | 'C': function () { | 118 | 'C': function () { |
122 | return this._C; | 119 | return this._C; |
123 | }, | 120 | }, |
124 | 121 | ||
125 | //------------------------------------------------------------------------- | 122 | //------------------------------------------------------------------------- |
126 | 123 | ||
127 | 'P': function () { | 124 | 'P': function () { |
128 | return this._P; | 125 | return this._P; |
129 | }, | 126 | }, |
130 | 127 | ||
131 | //------------------------------------------------------------------------- | 128 | //------------------------------------------------------------------------- |
132 | 129 | ||
133 | 'a': function () { | 130 | 'a': function () { |
134 | if (this._a == null) { | 131 | if (this._a == null) { |
135 | this._a = new Clipperz.Crypto.BigInt(Clipperz.Crypto.PRNG.defaultRandomGenerator().getRandomBytes(32).toHexString().substring(2), 16); | 132 | this._a = new Clipperz.Crypto.BigInt(Clipperz.Crypto.PRNG.defaultRandomGenerator().getRandomBytes(32).toHexString().substring(2), 16); |
136 | // this._a = new Clipperz.Crypto.BigInt("37532428169486597638072888476611365392249575518156687476805936694442691012367", 10); | 133 | // this._a = new Clipperz.Crypto.BigInt("37532428169486597638072888476611365392249575518156687476805936694442691012367", 10); |
137 | //MochiKit.Logging.logDebug("SRP a: " + this._a); | 134 | //MochiKit.Logging.logDebug("SRP a: " + this._a); |
138 | } | 135 | } |
139 | 136 | ||
140 | return this._a; | 137 | return this._a; |
141 | }, | 138 | }, |
142 | 139 | ||
143 | //------------------------------------------------------------------------- | 140 | //------------------------------------------------------------------------- |
144 | 141 | ||
145 | 'A': function () { | 142 | 'A': function () { |
146 | if (this._A == null) { | 143 | if (this._A == null) { |
147 | //Warning: this value should be strictly greater than zero: how should we perform this check? | 144 | //Warning: this value should be strictly greater than zero: how should we perform this check? |
148 | this._A = Clipperz.Crypto.SRP.g().powerModule(this.a(), Clipperz.Crypto.SRP.n()); | 145 | this._A = Clipperz.Crypto.SRP.g().powerModule(this.a(), Clipperz.Crypto.SRP.n()); |
149 | 146 | ||
150 | if (this._A.equals(0)) { | 147 | if (this._A.equals(0)) { |
151 | MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'A' to 0."); | 148 | MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'A' to 0."); |
152 | throw Clipperz.Crypto.SRP.exception.InvalidValue; | 149 | throw Clipperz.Crypto.SRP.exception.InvalidValue; |
153 | } | 150 | } |
154 | //MochiKit.Logging.logDebug("SRP A: " + this._A); | 151 | //MochiKit.Logging.logDebug("SRP A: " + this._A); |
155 | } | 152 | } |
156 | 153 | ||
157 | return this._A; | 154 | return this._A; |
158 | }, | 155 | }, |
159 | 156 | ||
160 | //------------------------------------------------------------------------- | 157 | //------------------------------------------------------------------------- |
161 | 158 | ||
162 | 's': function () { | 159 | 's': function () { |
163 | return this._s; | 160 | return this._s; |
164 | //MochiKit.Logging.logDebug("SRP s: " + this._S); | 161 | //MochiKit.Logging.logDebug("SRP s: " + this._S); |
165 | }, | 162 | }, |
166 | 163 | ||
167 | 'set_s': function(aValue) { | 164 | 'set_s': function(aValue) { |
168 | this._s = aValue; | 165 | this._s = aValue; |
169 | }, | 166 | }, |
170 | 167 | ||
171 | //------------------------------------------------------------------------- | 168 | //------------------------------------------------------------------------- |
172 | 169 | ||
173 | 'B': function () { | 170 | 'B': function () { |
174 | return this._B; | 171 | return this._B; |
175 | }, | 172 | }, |
176 | 173 | ||
177 | 'set_B': function(aValue) { | 174 | 'set_B': function(aValue) { |
178 | //Warning: this value should be strictly greater than zero: how should we perform this check? | 175 | //Warning: this value should be strictly greater than zero: how should we perform this check? |
179 | if (! aValue.equals(0)) { | 176 | if (! aValue.equals(0)) { |
180 | this._B = aValue; | 177 | this._B = aValue; |
181 | //MochiKit.Logging.logDebug("SRP B: " + this._B); | 178 | //MochiKit.Logging.logDebug("SRP B: " + this._B); |
182 | } else { | 179 | } else { |
183 | MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to 0."); | 180 | MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to 0."); |
184 | throw Clipperz.Crypto.SRP.exception.InvalidValue; | 181 | throw Clipperz.Crypto.SRP.exception.InvalidValue; |
185 | } | 182 | } |
186 | }, | 183 | }, |
187 | 184 | ||
188 | //------------------------------------------------------------------------- | 185 | //------------------------------------------------------------------------- |
189 | 186 | ||
190 | 'x': function () { | 187 | 'x': function () { |
191 | if (this._x == null) { | 188 | if (this._x == null) { |
192 | this._x = new Clipperz.Crypto.BigInt(this.stringHash(this.s().asString(16, 64) + this.P()), 16); | 189 | this._x = new Clipperz.Crypto.BigInt(this.stringHash(this.s().asString(16, 64) + this.P()), 16); |
193 | //MochiKit.Logging.logDebug("SRP x: " + this._x); | 190 | //MochiKit.Logging.logDebug("SRP x: " + this._x); |
194 | } | 191 | } |
195 | 192 | ||
196 | return this._x; | 193 | return this._x; |
197 | }, | 194 | }, |
198 | 195 | ||
199 | //------------------------------------------------------------------------- | 196 | //------------------------------------------------------------------------- |
200 | 197 | ||
201 | 'u': function () { | 198 | 'u': function () { |
202 | if (this._u == null) { | 199 | if (this._u == null) { |
203 | this._u = new Clipperz.Crypto.BigInt(this.stringHash(this.B().asString()), 16); | 200 | this._u = new Clipperz.Crypto.BigInt(this.stringHash(this.B().asString()), 16); |
204 | //MochiKit.Logging.logDebug("SRP u: " + this._u); | 201 | //MochiKit.Logging.logDebug("SRP u: " + this._u); |
205 | } | 202 | } |
206 | 203 | ||
207 | return this._u; | 204 | return this._u; |
208 | }, | 205 | }, |
209 | 206 | ||
210 | //------------------------------------------------------------------------- | 207 | //------------------------------------------------------------------------- |
211 | 208 | ||
212 | 'S': function () { | 209 | 'S': function () { |
213 | if (this._S == null) { | 210 | if (this._S == null) { |
214 | var bigint; | 211 | var bigint; |
215 | varsrp; | 212 | varsrp; |
216 | 213 | ||
217 | bigint = Clipperz.Crypto.BigInt; | 214 | bigint = Clipperz.Crypto.BigInt; |
218 | srp = Clipperz.Crypto.SRP; | 215 | srp = Clipperz.Crypto.SRP; |
219 | 216 | ||
220 | this._S =bigint.powerModule( | 217 | this._S =bigint.powerModule( |
221 | bigint.subtract(this.B(), bigint.powerModule(srp.g(), this.x(), srp.n())), | 218 | bigint.subtract(this.B(), bigint.powerModule(srp.g(), this.x(), srp.n())), |
222 | bigint.add(this.a(), bigint.multiply(this.u(), this.x())), | 219 | bigint.add(this.a(), bigint.multiply(this.u(), this.x())), |
223 | srp.n() | 220 | srp.n() |
224 | ) | 221 | ) |
225 | //MochiKit.Logging.logDebug("SRP S: " + this._S); | 222 | //MochiKit.Logging.logDebug("SRP S: " + this._S); |
226 | } | 223 | } |
227 | 224 | ||
228 | return this._S; | 225 | return this._S; |
229 | }, | 226 | }, |
230 | 227 | ||
231 | //------------------------------------------------------------------------- | 228 | //------------------------------------------------------------------------- |
232 | 229 | ||
233 | 'K': function () { | 230 | 'K': function () { |
234 | if (this._K == null) { | 231 | if (this._K == null) { |
235 | this._K = this.stringHash(this.S().asString()); | 232 | this._K = this.stringHash(this.S().asString()); |
236 | //MochiKit.Logging.logDebug("SRP K: " + this._K); | 233 | //MochiKit.Logging.logDebug("SRP K: " + this._K); |
237 | } | 234 | } |
238 | 235 | ||
239 | return this._K; | 236 | return this._K; |
240 | }, | 237 | }, |
241 | 238 | ||
242 | //------------------------------------------------------------------------- | 239 | //------------------------------------------------------------------------- |
243 | 240 | ||
244 | 'M1': function () { | 241 | 'M1': function () { |
245 | if (this._M1 == null) { | 242 | if (this._M1 == null) { |
246 | this._M1 = this.stringHash(this.A().asString(10) + this.B().asString(10) + this.K()); | 243 | this._M1 = this.stringHash(this.A().asString(10) + this.B().asString(10) + this.K()); |
247 | //MochiKit.Logging.logDebug("SRP M1: " + this._M1); | 244 | //MochiKit.Logging.logDebug("SRP M1: " + this._M1); |
248 | } | 245 | } |
249 | 246 | ||
250 | return this._M1; | 247 | return this._M1; |
251 | }, | 248 | }, |
252 | 249 | ||
253 | //------------------------------------------------------------------------- | 250 | //------------------------------------------------------------------------- |
254 | 251 | ||
255 | 'M2': function () { | 252 | 'M2': function () { |
256 | if (this._M2 == null) { | 253 | if (this._M2 == null) { |
257 | this._M2 = this.stringHash(this.A().asString(10) + this.M1() + this.K()); | 254 | this._M2 = this.stringHash(this.A().asString(10) + this.M1() + this.K()); |
258 | //MochiKit.Logging.logDebug("SRP M2: " + this._M2); | 255 | //MochiKit.Logging.logDebug("SRP M2: " + this._M2); |
259 | } | 256 | } |
260 | 257 | ||
261 | return this._M2; | 258 | return this._M2; |
262 | }, | 259 | }, |
263 | 260 | ||
264 | //========================================================================= | 261 | //========================================================================= |
265 | 262 | ||
266 | 'serverSideCredentialsWithSalt': function(aSalt) { | 263 | 'serverSideCredentialsWithSalt': function(aSalt) { |
267 | var result; | 264 | var result; |
268 | var s, x, v; | 265 | var s, x, v; |
269 | 266 | ||
270 | s = aSalt; | 267 | s = aSalt; |
271 | x = this.stringHash(s + this.P()); | 268 | x = this.stringHash(s + this.P()); |
272 | v = Clipperz.Crypto.SRP.g().powerModule(new Clipperz.Crypto.BigInt(x, 16), Clipperz.Crypto.SRP.n()); | 269 | v = Clipperz.Crypto.SRP.g().powerModule(new Clipperz.Crypto.BigInt(x, 16), Clipperz.Crypto.SRP.n()); |
273 | 270 | ||
274 | result = {}; | 271 | result = {}; |
275 | result['C'] = this.C(); | 272 | result['C'] = this.C(); |
276 | result['s'] = s; | 273 | result['s'] = s; |
277 | result['v'] = v.asString(16); | 274 | result['v'] = v.asString(16); |
278 | 275 | ||
279 | return result; | 276 | return result; |
280 | }, | 277 | }, |
281 | 278 | ||
282 | 'serverSideCredentials': function() { | 279 | 'serverSideCredentials': function() { |
283 | var result; | 280 | var result; |
284 | var s; | 281 | var s; |
285 | 282 | ||
286 | s = Clipperz.Crypto.PRNG.defaultRandomGenerator().getRandomBytes(32).toHexString().substring(2); | 283 | s = Clipperz.Crypto.PRNG.defaultRandomGenerator().getRandomBytes(32).toHexString().substring(2); |
287 | 284 | ||
288 | result = this.serverSideCredentialsWithSalt(s); | 285 | result = this.serverSideCredentialsWithSalt(s); |
289 | 286 | ||
290 | return result; | 287 | return result; |
291 | }, | 288 | }, |
292 | 289 | ||
293 | //========================================================================= | 290 | //========================================================================= |
294 | /* | 291 | /* |
295 | 'computeServerSide_S': function(b) { | 292 | 'computeServerSide_S': function(b) { |
296 | var result; | 293 | var result; |
297 | var v; | 294 | var v; |
298 | var bigint; | 295 | var bigint; |
299 | varsrp; | 296 | varsrp; |
300 | 297 | ||
301 | bigint = Clipperz.Crypto.BigInt; | 298 | bigint = Clipperz.Crypto.BigInt; |
302 | srp = Clipperz.Crypto.SRP; | 299 | srp = Clipperz.Crypto.SRP; |
303 | 300 | ||
304 | v = new Clipperz.Crypto.BigInt(srpConnection.serverSideCredentialsWithSalt(this.s().asString(16, 64)).v, 16); | 301 | v = new Clipperz.Crypto.BigInt(srpConnection.serverSideCredentialsWithSalt(this.s().asString(16, 64)).v, 16); |
305 | // _S = (this.A().multiply(this.v().modPow(this.u(), this.n()))).modPow(this.b(), this.n()); | 302 | // _S = (this.A().multiply(this.v().modPow(this.u(), this.n()))).modPow(this.b(), this.n()); |
306 | result = bigint.powerModule( | 303 | result = bigint.powerModule( |
307 | bigint.multiply( | 304 | bigint.multiply( |
308 | this.A(), | 305 | this.A(), |
309 | bigint.powerModule(v, this.u(), srp.n()) | 306 | bigint.powerModule(v, this.u(), srp.n()) |
310 | ), new Clipperz.Crypto.BigInt(b, 10), srp.n() | 307 | ), new Clipperz.Crypto.BigInt(b, 10), srp.n() |
311 | ); | 308 | ); |
312 | 309 | ||
313 | return result; | 310 | return result; |
314 | }, | 311 | }, |
315 | */ | 312 | */ |
316 | //========================================================================= | 313 | //========================================================================= |
317 | 314 | ||
318 | 'stringHash': function(aValue) { | 315 | 'stringHash': function(aValue) { |
319 | varresult; | 316 | varresult; |
320 | 317 | ||
321 | result = this.hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2); | 318 | result = this.hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2); |
322 | 319 | ||
323 | return result; | 320 | return result; |
324 | }, | 321 | }, |
325 | 322 | ||
326 | //========================================================================= | 323 | //========================================================================= |
327 | __syntaxFix__: "syntax fix" | 324 | __syntaxFix__: "syntax fix" |
328 | 325 | ||
329 | }); | 326 | }); |
330 | 327 | ||
331 | //############################################################################# | 328 | //############################################################################# |