summaryrefslogtreecommitdiff
path: root/frontend/gamma/js/Clipperz/Crypto
Side-by-side diff
Diffstat (limited to 'frontend/gamma/js/Clipperz/Crypto') (more/less context) (ignore whitespace changes)
-rw-r--r--frontend/gamma/js/Clipperz/Crypto/AES.js29
-rw-r--r--frontend/gamma/js/Clipperz/Crypto/Base.js22
-rw-r--r--frontend/gamma/js/Clipperz/Crypto/BigInt.js23
-rw-r--r--frontend/gamma/js/Clipperz/Crypto/BigInt_scoped.js22
-rw-r--r--frontend/gamma/js/Clipperz/Crypto/ECC/BinaryField/Curve.js83
-rw-r--r--frontend/gamma/js/Clipperz/Crypto/ECC/BinaryField/FiniteField.js26
-rw-r--r--frontend/gamma/js/Clipperz/Crypto/ECC/BinaryField/Point.js22
-rw-r--r--frontend/gamma/js/Clipperz/Crypto/ECC/BinaryField/Value.js24
-rw-r--r--frontend/gamma/js/Clipperz/Crypto/ECC/StandardCurves.js31
-rw-r--r--frontend/gamma/js/Clipperz/Crypto/PRNG.js33
-rw-r--r--frontend/gamma/js/Clipperz/Crypto/RSA.js22
-rw-r--r--frontend/gamma/js/Clipperz/Crypto/SHA.js22
-rw-r--r--frontend/gamma/js/Clipperz/Crypto/SRP.js36
13 files changed, 145 insertions, 250 deletions
diff --git a/frontend/gamma/js/Clipperz/Crypto/AES.js b/frontend/gamma/js/Clipperz/Crypto/AES.js
index c811f1c..cb56f11 100644
--- a/frontend/gamma/js/Clipperz/Crypto/AES.js
+++ b/frontend/gamma/js/Clipperz/Crypto/AES.js
@@ -1,866 +1,859 @@
/*
-Copyright 2008-2011 Clipperz Srl
+Copyright 2008-2013 Clipperz Srl
-This file is part of Clipperz Community Edition.
-Clipperz Community Edition is an online password manager.
+This file is part of Clipperz, the online password manager.
For further information about its features and functionalities please
refer to http://www.clipperz.com.
-* Clipperz Community Edition is free software: you can redistribute
- it and/or modify it under the terms of the GNU Affero General Public
- License as published by the Free Software Foundation, either version
- 3 of the License, or (at your option) any later version.
+* Clipperz is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
-* Clipperz Community Edition is distributed in the hope that it will
- be useful, but WITHOUT ANY WARRANTY; without even the implied
- warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+* Clipperz is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU Affero General Public License for more details.
* You should have received a copy of the GNU Affero General Public
- License along with Clipperz Community Edition. If not, see
- <http://www.gnu.org/licenses/>.
+ License along with Clipperz. If not, see http://www.gnu.org/licenses/.
*/
try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) {
throw "Clipperz.Crypto.AES depends on Clipperz.ByteArray!";
}
// Dependency commented to avoid a circular reference
//try { if (typeof(Clipperz.Crypto.PRNG) == 'undefined') { throw ""; }} catch (e) {
// throw "Clipperz.Crypto.AES depends on Clipperz.Crypto.PRNG!";
//}
if (typeof(Clipperz.Crypto.AES) == 'undefined') { Clipperz.Crypto.AES = {}; }
//#############################################################################
Clipperz.Crypto.AES.DeferredExecutionContext = function(args) {
args = args || {};
this._key = args.key;
this._message = args.message;
this._result = args.message.clone();
this._nonce = args.nonce;
this._messageLength = this._message.length();
this._messageArray = this._message.arrayValues();
this._resultArray = this._result.arrayValues();
this._nonceArray = this._nonce.arrayValues();
this._executionStep = 0;
// this._elaborationChunkSize = 1024; // 4096; // 16384; // 4096;
this._elaborationChunks = 10;
this._pauseTime = 0.02; // 0.02 // 0.2;
return this;
}
Clipperz.Crypto.AES.DeferredExecutionContext.prototype = MochiKit.Base.update(null, {
'key': function() {
return this._key;
},
'message': function() {
return this._message;
},
'messageLength': function() {
return this._messageLength;
},
'result': function() {
return new Clipperz.ByteArray(this.resultArray());
},
'nonce': function() {
return this._nonce;
},
'messageArray': function() {
return this._messageArray;
},
'resultArray': function() {
return this._resultArray;
},
'nonceArray': function() {
return this._nonceArray;
},
'elaborationChunkSize': function() {
// return Clipperz.Crypto.AES.DeferredExecution.chunkSize;
// return this._elaborationChunkSize;
return (this._elaborationChunks * 1024);
},
'executionStep': function() {
return this._executionStep;
},
'setExecutionStep': function(aValue) {
this._executionStep = aValue;
},
'tuneExecutionParameters': function (anElapsedTime) {
//var originalChunks = this._elaborationChunks;
if (anElapsedTime > 0) {
this._elaborationChunks = Math.round(this._elaborationChunks * ((anElapsedTime + 1000)/(anElapsedTime * 2)));
}
//Clipperz.log("tuneExecutionParameters - elapsedTime: " + anElapsedTime + /*originalChunks,*/ " chunks # " + this._elaborationChunks + " [" + this._executionStep + " / " + this._messageLength + "]");
},
'pause': function(aValue) {
// return MochiKit.Async.wait(Clipperz.Crypto.AES.DeferredExecution.pauseTime, aValue);
return MochiKit.Async.wait(this._pauseTime, aValue);
},
'isDone': function () {
-//console.log("isDone", this.executionStep(), this.messageLength());
return (this._executionStep >= this._messageLength);
},
//-----------------------------------------------------------------------------
__syntaxFix__: "syntax fix"
});
//#############################################################################
Clipperz.Crypto.AES.Key = function(args) {
args = args || {};
this._key = args.key;
this._keySize = args.keySize || this.key().length();
if (this.keySize() == 128/8) {
this._b = 176;
this._numberOfRounds = 10;
} else if (this.keySize() == 256/8) {
this._b = 240;
this._numberOfRounds = 14;
} else {
- MochiKit.Logging.logError("AES unsupported key size: " + (this.keySize() * 8) + " bits");
+ Clipperz.logError("AES unsupported key size: " + (this.keySize() * 8) + " bits");
throw Clipperz.Crypto.AES.exception.UnsupportedKeySize;
}
this._stretchedKey = null;
return this;
}
Clipperz.Crypto.AES.Key.prototype = MochiKit.Base.update(null, {
'asString': function() {
return "Clipperz.Crypto.AES.Key (" + this.key().toHexString() + ")";
},
//-----------------------------------------------------------------------------
'key': function() {
return this._key;
},
'keySize': function() {
return this._keySize;
},
'b': function() {
return this._b;
},
'numberOfRounds': function() {
return this._numberOfRounds;
},
//=========================================================================
'keyScheduleCore': function(aWord, aRoundConstantsIndex) {
var result;
var sbox;
sbox = Clipperz.Crypto.AES.sbox();
result = [ sbox[aWord[1]] ^ Clipperz.Crypto.AES.roundConstants()[aRoundConstantsIndex],
sbox[aWord[2]],
sbox[aWord[3]],
sbox[aWord[0]] ];
return result;
},
//-----------------------------------------------------------------------------
'xorWithPreviousStretchValues': function(aKey, aWord, aPreviousWordIndex) {
var result;
var i,c;
result = [];
c = 4;
for (i=0; i<c; i++) {
result[i] = aWord[i] ^ aKey.byteAtIndex(aPreviousWordIndex + i);
}
return result;
},
//-----------------------------------------------------------------------------
'sboxShakeup': function(aWord) {
var result;
var sbox;
var i,c;
result = [];
sbox = Clipperz.Crypto.AES.sbox();
c =4;
for (i=0; i<c; i++) {
result[i] = sbox[aWord[i]];
}
return result;
},
//-----------------------------------------------------------------------------
'stretchKey': function(aKey) {
var currentWord;
var keyLength;
var previousStretchIndex;
var i,c;
keyLength = aKey.length();
previousStretchIndex = keyLength - this.keySize();
currentWord = [ aKey.byteAtIndex(keyLength - 4),
aKey.byteAtIndex(keyLength - 3),
aKey.byteAtIndex(keyLength - 2),
aKey.byteAtIndex(keyLength - 1) ];
currentWord = this.keyScheduleCore(currentWord, keyLength / this.keySize());
if (this.keySize() == 256/8) {
c = 8;
} else if (this.keySize() == 128/8){
c = 4;
}
for (i=0; i<c; i++) {
if (i == 4) {
// fifth streatch word
currentWord = this.sboxShakeup(currentWord);
}
currentWord = this.xorWithPreviousStretchValues(aKey, currentWord, previousStretchIndex + (i*4));
aKey.appendBytes(currentWord);
}
return aKey;
},
//-----------------------------------------------------------------------------
'stretchedKey': function() {
if (this._stretchedKey == null) {
var stretchedKey;
stretchedKey = this.key().clone();
while (stretchedKey.length() < this.keySize()) {
stretchedKey.appendByte(0);
}
while (stretchedKey.length() < this.b()) {
stretchedKey = this.stretchKey(stretchedKey);
}
this._stretchedKey = stretchedKey.split(0, this.b());
}
return this._stretchedKey;
},
//=========================================================================
__syntaxFix__: "syntax fix"
});
//#############################################################################
Clipperz.Crypto.AES.State = function(args) {
args = args || {};
this._data = args.block;
this._key = args.key;
return this;
}
Clipperz.Crypto.AES.State.prototype = MochiKit.Base.update(null, {
'key': function() {
return this._key;
},
//-----------------------------------------------------------------------------
'data': function() {
return this._data;
},
'setData': function(aValue) {
this._data = aValue;
},
//=========================================================================
'addRoundKey': function(aRoundNumber) {
// each byte of the state is combined with the round key; each round key is derived from the cipher key using a key schedule.
var data;
var stretchedKey;
var firstStretchedKeyIndex;
var i,c;
data = this.data();
stretchedKey = this.key().stretchedKey();
firstStretchedKeyIndex = aRoundNumber * (128/8);
c = 128/8;
for (i=0; i<c; i++) {
data[i] = data[i] ^ stretchedKey.byteAtIndex(firstStretchedKeyIndex + i);
}
},
//-----------------------------------------------------------------------------
'subBytes': function() {
// a non-linear substitution step where each byte is replaced with another according to a lookup table.
var i,c;
var data;
var sbox;
data = this.data();
sbox = Clipperz.Crypto.AES.sbox();
c = 16;
for (i=0; i<c; i++) {
data[i] = sbox[data[i]];
}
},
//-----------------------------------------------------------------------------
'shiftRows': function() {
// a transposition step where each row of the state is shifted cyclically a certain number of steps.
var newValue;
var data;
var shiftMapping;
var i,c;
newValue = new Array(16);
data = this.data();
shiftMapping = Clipperz.Crypto.AES.shiftRowMapping();
// [0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12, 1, 6, 11];
c = 16;
for (i=0; i<c; i++) {
newValue[i] = data[shiftMapping[i]];
}
for (i=0; i<c; i++) {
data[i] = newValue[i];
}
},
//-----------------------------------------------------------------------------
/*
'mixColumnsWithValues': function(someValues) {
var result;
var a;
var i,c;
c = 4;
result = [];
a = [];
for (i=0; i<c; i++) {
a[i] = [];
a[i][1] = someValues[i]
if ((a[i][1] & 0x80) == 0x80) {
a[i][2] = (a[i][1] << 1) ^ 0x11b;
} else {
a[i][2] = a[i][1] << 1;
}
a[i][3] = a[i][2] ^ a[i][1];
}
for (i=0; i<c; i++) {
var x;
x = Clipperz.Crypto.AES.mixColumnsMatrix()[i];
result[i] = a[0][x[0]] ^ a[1][x[1]] ^ a[2][x[2]] ^ a[3][x[3]];
}
return result;
},
'mixColumns': function() {
// a mixing operation which operates on the columns of the state, combining the four bytes in each column using a linear transformation.
var data;
var i, c;
data = this.data();
c = 4;
for(i=0; i<c; i++) {
var blockIndex;
var mixedValues;
blockIndex = i * 4;
mixedValues = this.mixColumnsWithValues([ data[blockIndex + 0],
data[blockIndex + 1],
data[blockIndex + 2],
data[blockIndex + 3]]);
data[blockIndex + 0] = mixedValues[0];
data[blockIndex + 1] = mixedValues[1];
data[blockIndex + 2] = mixedValues[2];
data[blockIndex + 3] = mixedValues[3];
}
},
*/
'mixColumns': function() {
// a mixing operation which operates on the columns of the state, combining the four bytes in each column using a linear transformation.
var data;
var i, c;
var a_1;
var a_2;
a_1 = new Array(4);
a_2 = new Array(4);
data = this.data();
c = 4;
for(i=0; i<c; i++) {
var blockIndex;
var ii, cc;
blockIndex = i * 4;
cc = 4;
for (ii=0; ii<cc; ii++) {
var value;
value = data[blockIndex + ii];
a_1[ii] = value;
a_2[ii] = (value & 0x80) ? ((value << 1) ^ 0x011b) : (value << 1);
}
data[blockIndex + 0] = a_2[0] ^ a_1[1] ^ a_2[1] ^ a_1[2] ^ a_1[3];
data[blockIndex + 1] = a_1[0] ^ a_2[1] ^ a_1[2] ^ a_2[2] ^ a_1[3];
data[blockIndex + 2] = a_1[0] ^ a_1[1] ^ a_2[2] ^ a_1[3] ^ a_2[3];
data[blockIndex + 3] = a_1[0] ^ a_2[0] ^ a_1[1] ^ a_1[2] ^ a_2[3];
}
},
//=========================================================================
'spinRound': function(aRoundNumber) {
this.addRoundKey(aRoundNumber);
this.subBytes();
this.shiftRows();
this.mixColumns();
},
'spinLastRound': function() {
this.addRoundKey(this.key().numberOfRounds() - 1);
this.subBytes();
this.shiftRows();
this.addRoundKey(this.key().numberOfRounds());
},
//=========================================================================
'encrypt': function() {
var i,c;
c = this.key().numberOfRounds() - 1;
for (i=0; i<c; i++) {
this.spinRound(i);
}
this.spinLastRound();
},
//=========================================================================
__syntaxFix__: "syntax fix"
});
//#############################################################################
Clipperz.Crypto.AES.VERSION = "0.1";
Clipperz.Crypto.AES.NAME = "Clipperz.Crypto.AES";
MochiKit.Base.update(Clipperz.Crypto.AES, {
// http://www.cs.eku.edu/faculty/styer/460/Encrypt/JS-AES.html
// http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
// http://en.wikipedia.org/wiki/Rijndael_key_schedule
// http://en.wikipedia.org/wiki/Rijndael_S-box
'__repr__': function () {
return "[" + this.NAME + " " + this.VERSION + "]";
},
'toString': function () {
return this.__repr__();
},
//=============================================================================
'_sbox': null,
'sbox': function() {
if (Clipperz.Crypto.AES._sbox == null) {
Clipperz.Crypto.AES._sbox = [
0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
];
}
return Clipperz.Crypto.AES._sbox;
},
//-----------------------------------------------------------------------------
//
// 0 4 8 12 0 4 8 12
// 1 5 9 13 => 5 9 13 1
// 2 6 10 14 10 14 2 6
// 3 7 11 15 15 3 7 11
//
'_shiftRowMapping': null,
'shiftRowMapping': function() {
if (Clipperz.Crypto.AES._shiftRowMapping == null) {
Clipperz.Crypto.AES._shiftRowMapping = [0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12, 1, 6, 11];
}
return Clipperz.Crypto.AES._shiftRowMapping;
},
//-----------------------------------------------------------------------------
'_mixColumnsMatrix': null,
'mixColumnsMatrix': function() {
if (Clipperz.Crypto.AES._mixColumnsMatrix == null) {
Clipperz.Crypto.AES._mixColumnsMatrix = [ [2, 3, 1 ,1],
[1, 2, 3, 1],
[1, 1, 2, 3],
[3, 1, 1, 2] ];
}
return Clipperz.Crypto.AES._mixColumnsMatrix;
},
'_roundConstants': null,
'roundConstants': function() {
if (Clipperz.Crypto.AES._roundConstants == null) {
Clipperz.Crypto.AES._roundConstants = [ , 1, 2, 4, 8, 16, 32, 64, 128, 27, 54, 108, 216, 171, 77, 154];
// Clipperz.Crypto.AES._roundConstants = [ , 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a];
}
return Clipperz.Crypto.AES._roundConstants;
},
//=============================================================================
'incrementNonce': function(aNonce) {
//Clipperz.Profile.start("Clipperz.Crypto.AES.incrementNonce");
var i;
var done;
done = false;
i = aNonce.length - 1;
while ((i>=0) && (done == false)) {
var currentByteValue;
currentByteValue = aNonce[i];
if (currentByteValue == 0xff) {
aNonce[i] = 0;
if (i>= 0) {
i --;
} else {
done = true;
}
} else {
aNonce[i] = currentByteValue + 1;
done = true;
}
}
//Clipperz.Profile.stop("Clipperz.Crypto.AES.incrementNonce");
},
//-----------------------------------------------------------------------------
'encryptBlock': function(aKey, aBlock) {
var result;
var state;
state = new Clipperz.Crypto.AES.State({block:aBlock, key:aKey});
//is(state.data(), 'before');
state.encrypt();
result = state.data();
return result;
},
//-----------------------------------------------------------------------------
'encryptBlocks': function(aKey, aMessage, aNonce) {
var result;
var nonce;
var self;
var messageIndex;
var messageLength;
var blockSize;
self = Clipperz.Crypto.AES;
blockSize = 128/8;
messageLength = aMessage.length;
nonce = aNonce;
result = aMessage;
messageIndex = 0;
while (messageIndex < messageLength) {
var encryptedBlock;
var i,c;
self.incrementNonce(nonce);
encryptedBlock = self.encryptBlock(aKey, nonce);
if ((messageLength - messageIndex) > blockSize) {
c = blockSize;
} else {
c = messageLength - messageIndex;
}
for (i=0; i<c; i++) {
result[messageIndex + i] = result[messageIndex + i] ^ encryptedBlock[i];
}
messageIndex += blockSize;
}
return result;
},
//-----------------------------------------------------------------------------
'encrypt': function(aKey, someData, aNonce) {
var result;
var nonce;
var encryptedData;
var key;
key = new Clipperz.Crypto.AES.Key({key:aKey});
nonce = aNonce ? aNonce.clone() : Clipperz.Crypto.PRNG.defaultRandomGenerator().getRandomBytes(128/8);
encryptedData = Clipperz.Crypto.AES.encryptBlocks(key, someData.arrayValues(), nonce.arrayValues());
result = nonce.appendBytes(encryptedData);
return result;
},
//-----------------------------------------------------------------------------
'decrypt': function(aKey, someData) {
var result;
var nonce;
var encryptedData;
var decryptedData;
var dataIterator;
var key;
key = new Clipperz.Crypto.AES.Key({key:aKey});
encryptedData = someData.arrayValues();
nonce = encryptedData.slice(0, (128/8));
encryptedData = encryptedData.slice(128/8);
decryptedData = Clipperz.Crypto.AES.encryptBlocks(key, encryptedData, nonce);
result = new Clipperz.ByteArray(decryptedData);
return result;
},
//=============================================================================
'deferredEncryptExecutionChunk': function(anExecutionContext) {
var result;
var nonce;
var self;
var messageIndex;
var messageLength;
var blockSize;
var executionLimit;
var startTime, endTime;
self = Clipperz.Crypto.AES;
startTime = new Date();
blockSize = 128/8;
messageLength = anExecutionContext.messageArray().length;
nonce = anExecutionContext.nonceArray();
result = anExecutionContext.resultArray();
messageIndex = anExecutionContext.executionStep();
executionLimit = messageIndex + anExecutionContext.elaborationChunkSize();
executionLimit = Math.min(executionLimit, messageLength);
while (messageIndex < executionLimit) {
var encryptedBlock;
var i,c;
self.incrementNonce(nonce);
encryptedBlock = self.encryptBlock(anExecutionContext.key(), nonce);
if ((executionLimit - messageIndex) > blockSize) {
c = blockSize;
} else {
c = executionLimit - messageIndex;
}
for (i=0; i<c; i++) {
result[messageIndex + i] = result[messageIndex + i] ^ encryptedBlock[i];
}
messageIndex += blockSize;
}
anExecutionContext.setExecutionStep(messageIndex);
endTime = new Date();
anExecutionContext.tuneExecutionParameters(endTime - startTime);
return anExecutionContext;
},
//-----------------------------------------------------------------------------
/*
'deferredEncryptBlocks': function(anExecutionContext) {
var deferredResult;
var messageSize;
var i,c;
messageSize = anExecutionContext.messageLength();
deferredResult = new Clipperz.Async.Deferred("AES.deferredEncryptBloks");
c = Math.ceil(messageSize / anExecutionContext.elaborationChunkSize());
for (i=0; i<c; i++) {
deferredResult.addCallback(Clipperz.Crypto.AES.deferredEncryptExecutionChunk);
deferredResult.addMethod(anExecutionContext, 'pause');
}
deferredResult.callback(anExecutionContext);
return deferredResult;
},
*/
'deferredEncryptBlocks': function(anExecutionContext) {
var deferredResult;
if (! anExecutionContext.isDone()) {
deferredResult = Clipperz.Async.callbacks("Clipperz.Crypto.AES.deferredEncryptBloks", [
Clipperz.Crypto.AES.deferredEncryptExecutionChunk,
MochiKit.Base.method(anExecutionContext, 'pause'),
Clipperz.Crypto.AES.deferredEncryptBlocks
], {trace:false}, anExecutionContext);
} else {
deferredResult = MochiKit.Async.succeed(anExecutionContext);
}
return deferredResult;
},
//-----------------------------------------------------------------------------
'deferredEncrypt': function(aKey, someData, aNonce) {
var deferredResult;
var executionContext;
var result;
var nonce;
var key;
key = new Clipperz.Crypto.AES.Key({key:aKey});
nonce = aNonce ? aNonce.clone() : Clipperz.Crypto.PRNG.defaultRandomGenerator().getRandomBytes(128/8);
executionContext = new Clipperz.Crypto.AES.DeferredExecutionContext({key:key, message:someData, nonce:nonce});
deferredResult = new Clipperz.Async.Deferred("AES.deferredEncrypt");
-//deferredResult.addCallback(function (aValue) { console.log(">>> deferredEncrypt"); return aValue; });
deferredResult.addCallback(Clipperz.Crypto.AES.deferredEncryptBlocks);
deferredResult.addCallback(function(anExecutionContext) {
var result;
result = anExecutionContext.nonce().clone();
result.appendBytes(anExecutionContext.resultArray());
return result;
});
-//deferredResult.addCallback(function (aValue) { console.log("<<< deferredEncrypt"); return aValue; });
deferredResult.callback(executionContext)
return deferredResult;
},
//-----------------------------------------------------------------------------
'deferredDecrypt': function(aKey, someData) {
var deferredResult
var nonce;
var message;
var key;
key = new Clipperz.Crypto.AES.Key({key:aKey});
nonce = someData.split(0, (128/8));
message = someData.split(128/8);
executionContext = new Clipperz.Crypto.AES.DeferredExecutionContext({key:key, message:message, nonce:nonce});
deferredResult = new Clipperz.Async.Deferred("AES.deferredDecrypt");
-//deferredResult.addCallback(function (aValue) { console.log(">>> deferredDecrypt"); return aValue; });
deferredResult.addCallback(Clipperz.Crypto.AES.deferredEncryptBlocks);
deferredResult.addCallback(function(anExecutionContext) {
return anExecutionContext.result();
});
-//deferredResult.addCallback(function (aValue) { console.log("<<< deferredDecrypt"); return aValue; });
deferredResult.callback(executionContext);
return deferredResult;
},
//-----------------------------------------------------------------------------
__syntaxFix__: "syntax fix"
});
//#############################################################################
//Clipperz.Crypto.AES.DeferredExecution = {
// 'chunkSize': 16384, // 4096, // 1024 4096 8192 16384 32768;
// 'pauseTime': 0.02 // 0.2
//}
Clipperz.Crypto.AES.exception = {
'UnsupportedKeySize': new MochiKit.Base.NamedError("Clipperz.Crypto.AES.exception.UnsupportedKeySize")
};
diff --git a/frontend/gamma/js/Clipperz/Crypto/Base.js b/frontend/gamma/js/Clipperz/Crypto/Base.js
index d3a8e36..9acfc49 100644
--- a/frontend/gamma/js/Clipperz/Crypto/Base.js
+++ b/frontend/gamma/js/Clipperz/Crypto/Base.js
@@ -1,406 +1,404 @@
/*
-Copyright 2008-2011 Clipperz Srl
+Copyright 2008-2013 Clipperz Srl
-This file is part of Clipperz Community Edition.
-Clipperz Community Edition is an online password manager.
+This file is part of Clipperz, the online password manager.
For further information about its features and functionalities please
refer to http://www.clipperz.com.
-* Clipperz Community Edition is free software: you can redistribute
- it and/or modify it under the terms of the GNU Affero General Public
- License as published by the Free Software Foundation, either version
- 3 of the License, or (at your option) any later version.
+* Clipperz is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
-* Clipperz Community Edition is distributed in the hope that it will
- be useful, but WITHOUT ANY WARRANTY; without even the implied
- warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+* Clipperz is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU Affero General Public License for more details.
* You should have received a copy of the GNU Affero General Public
- License along with Clipperz Community Edition. If not, see
- <http://www.gnu.org/licenses/>.
+ License along with Clipperz. If not, see http://www.gnu.org/licenses/.
*/
try { if (typeof(Clipperz.Base) == 'undefined') { throw ""; }} catch (e) {
throw "Clipperz.Crypto.Base depends on Clipperz.Base!";
}
if (typeof(Clipperz.Crypto) == 'undefined') { Clipperz.Crypto = {}; }
if (typeof(Clipperz.Crypto.Base) == 'undefined') { Clipperz.Crypto.Base = {}; }
Clipperz.Crypto.Base.VERSION = "0.1";
Clipperz.Crypto.Base.NAME = "Clipperz.Crypto.Base";
//#############################################################################
// Downloaded on March 30, 2006 from http://anmar.eu.org/projects/jssha2/files/jssha2-0.3.zip (jsSha2/sha256.js)
//#############################################################################
/* A JavaScript implementation of the Secure Hash Algorithm, SHA-256
* Version 0.3 Copyright Angel Marin 2003-2004 - http://anmar.eu.org/
* Distributed under the BSD License
* Some bits taken from Paul Johnston's SHA-1 implementation
*/
var chrsz = 8; /* bits per input character. 8 - ASCII; 16 - Unicode */
function safe_add (x, y) {
var lsw = (x & 0xFFFF) + (y & 0xFFFF);
var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
return (msw << 16) | (lsw & 0xFFFF);
}
function S (X, n) {return ( X >>> n ) | (X << (32 - n));}
function R (X, n) {return ( X >>> n );}
function Ch(x, y, z) {return ((x & y) ^ ((~x) & z));}
function Maj(x, y, z) {return ((x & y) ^ (x & z) ^ (y & z));}
function Sigma0256(x) {return (S(x, 2) ^ S(x, 13) ^ S(x, 22));}
function Sigma1256(x) {return (S(x, 6) ^ S(x, 11) ^ S(x, 25));}
function Gamma0256(x) {return (S(x, 7) ^ S(x, 18) ^ R(x, 3));}
function Gamma1256(x) {return (S(x, 17) ^ S(x, 19) ^ R(x, 10));}
function core_sha256 (m, l) {
var K = new Array(0x428A2F98,0x71374491,0xB5C0FBCF,0xE9B5DBA5,0x3956C25B,0x59F111F1,0x923F82A4,0xAB1C5ED5,0xD807AA98,0x12835B01,0x243185BE,0x550C7DC3,0x72BE5D74,0x80DEB1FE,0x9BDC06A7,0xC19BF174,0xE49B69C1,0xEFBE4786,0xFC19DC6,0x240CA1CC,0x2DE92C6F,0x4A7484AA,0x5CB0A9DC,0x76F988DA,0x983E5152,0xA831C66D,0xB00327C8,0xBF597FC7,0xC6E00BF3,0xD5A79147,0x6CA6351,0x14292967,0x27B70A85,0x2E1B2138,0x4D2C6DFC,0x53380D13,0x650A7354,0x766A0ABB,0x81C2C92E,0x92722C85,0xA2BFE8A1,0xA81A664B,0xC24B8B70,0xC76C51A3,0xD192E819,0xD6990624,0xF40E3585,0x106AA070,0x19A4C116,0x1E376C08,0x2748774C,0x34B0BCB5,0x391C0CB3,0x4ED8AA4A,0x5B9CCA4F,0x682E6FF3,0x748F82EE,0x78A5636F,0x84C87814,0x8CC70208,0x90BEFFFA,0xA4506CEB,0xBEF9A3F7,0xC67178F2);
var HASH = new Array(0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19);
var W = new Array(64);
var a, b, c, d, e, f, g, h, i, j;
var T1, T2;
/* append padding */
m[l >> 5] |= 0x80 << (24 - l % 32);
m[((l + 64 >> 9) << 4) + 15] = l;
for ( var i = 0; i<m.length; i+=16 ) {
a = HASH[0]; b = HASH[1]; c = HASH[2]; d = HASH[3]; e = HASH[4]; f = HASH[5]; g = HASH[6]; h = HASH[7];
for ( var j = 0; j<64; j++) {
if (j < 16) W[j] = m[j + i];
else W[j] = safe_add(safe_add(safe_add(Gamma1256(W[j - 2]), W[j - 7]), Gamma0256(W[j - 15])), W[j - 16]);
T1 = safe_add(safe_add(safe_add(safe_add(h, Sigma1256(e)), Ch(e, f, g)), K[j]), W[j]);
T2 = safe_add(Sigma0256(a), Maj(a, b, c));
h = g; g = f; f = e; e = safe_add(d, T1); d = c; c = b; b = a; a = safe_add(T1, T2);
}
HASH[0] = safe_add(a, HASH[0]); HASH[1] = safe_add(b, HASH[1]); HASH[2] = safe_add(c, HASH[2]); HASH[3] = safe_add(d, HASH[3]); HASH[4] = safe_add(e, HASH[4]); HASH[5] = safe_add(f, HASH[5]); HASH[6] = safe_add(g, HASH[6]); HASH[7] = safe_add(h, HASH[7]);
}
return HASH;
}
function str2binb (str) {
var bin = Array();
var mask = (1 << chrsz) - 1;
for(var i = 0; i < str.length * chrsz; i += chrsz)
bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (24 - i%32);
return bin;
}
function binb2hex (binarray) {
var hexcase = 0; /* hex output format. 0 - lowercase; 1 - uppercase */
var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";
var str = "";
for (var i = 0; i < binarray.length * 4; i++) {
str += hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8+4)) & 0xF) + hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8 )) & 0xF);
}
return str;
}
function hex_sha256(s){return binb2hex(core_sha256(str2binb(s),s.length * chrsz));}
//#############################################################################
// Downloaded on March 30, 2006 from http://www.fourmilab.ch/javascrypt/javascrypt.zip (entropy.js)
//#############################################################################
// Entropy collection utilities
/* Start by declaring static storage and initialise
the entropy vector from the time we come through
here. */
var entropyData = new Array(); // Collected entropy data
var edlen = 0; // Keyboard array data length
addEntropyTime(); // Start entropy collection with page load time
ce(); // Roll milliseconds into initial entropy
// Add a byte to the entropy vector
function addEntropyByte(b) {
entropyData[edlen++] = b;
}
/* Capture entropy. When the user presses a key or performs
various other events for which we can request
notification, add the time in 255ths of a second to the
entropyData array. The name of the function is short
so it doesn't bloat the form object declarations in
which it appears in various "onXXX" events. */
function ce() {
addEntropyByte(Math.floor((((new Date).getMilliseconds()) * 255) / 999));
}
// Add a 32 bit quantity to the entropy vector
function addEntropy32(w) {
var i;
for (i = 0; i < 4; i++) {
addEntropyByte(w & 0xFF);
w >>= 8;
}
}
/* Add the current time and date (milliseconds since the epoch,
truncated to 32 bits) to the entropy vector. */
function addEntropyTime() {
addEntropy32((new Date()).getTime());
}
/* Start collection of entropy from mouse movements. The
argument specifies the number of entropy items to be
obtained from mouse motion, after which mouse motion
will be ignored. Note that you can re-enable mouse
motion collection at any time if not already underway. */
var mouseMotionCollect = 0;
var oldMoveHandler; // For saving and restoring mouse move handler in IE4
function mouseMotionEntropy(maxsamp) {
if (mouseMotionCollect <= 0) {
mouseMotionCollect = maxsamp;
if ((document.implementation.hasFeature("Events", "2.0")) &&
document.addEventListener) {
// Browser supports Document Object Model (DOM) 2 events
document.addEventListener("mousemove", mouseMoveEntropy, false);
} else {
if (document.attachEvent) {
// Internet Explorer 5 and above event model
document.attachEvent("onmousemove", mouseMoveEntropy);
} else {
// Internet Explorer 4 event model
oldMoveHandler = document.onmousemove;
document.onmousemove = mouseMoveEntropy;
}
}
//dump("Mouse enable", mouseMotionCollect);
}
}
/* Collect entropy from mouse motion events. Note that
this is craftily coded to work with either DOM2 or Internet
Explorer style events. Note that we don't use every successive
mouse movement event. Instead, we XOR the three bytes collected
from the mouse and use that to determine how many subsequent
mouse movements we ignore before capturing the next one. */
var mouseEntropyTime = 0; // Delay counter for mouse entropy collection
function mouseMoveEntropy(e) {
if (!e) {
e = window.event; // Internet Explorer event model
}
if (mouseMotionCollect > 0) {
if (mouseEntropyTime-- <= 0) {
addEntropyByte(e.screenX & 0xFF);
addEntropyByte(e.screenY & 0xFF);
ce();
mouseMotionCollect--;
mouseEntropyTime = (entropyData[edlen - 3] ^ entropyData[edlen - 2] ^
entropyData[edlen - 1]) % 19;
//dump("Mouse Move", byteArrayToHex(entropyData.slice(-3)));
}
if (mouseMotionCollect <= 0) {
if (document.removeEventListener) {
document.removeEventListener("mousemove", mouseMoveEntropy, false);
} else if (document.detachEvent) {
document.detachEvent("onmousemove", mouseMoveEntropy);
} else {
document.onmousemove = oldMoveHandler;
}
//dump("Spung!", 0);
}
}
}
/* Compute a 32 byte key value from the entropy vector.
We compute the value by taking the MD5 sum of the even
and odd bytes respectively of the entropy vector, then
concatenating the two MD5 sums. */
function keyFromEntropy() {
var i, k = new Array(32);
if (edlen == 0) {
alert("Blooie! Entropy vector void at call to keyFromEntropy.");
}
//dump("Entropy bytes", edlen);
md5_init();
for (i = 0; i < edlen; i += 2) {
md5_update(entropyData[i]);
}
md5_finish();
for (i = 0; i < 16; i++) {
k[i] = digestBits[i];
}
md5_init();
for (i = 1; i < edlen; i += 2) {
md5_update(entropyData[i]);
}
md5_finish();
for (i = 0; i < 16; i++) {
k[i + 16] = digestBits[i];
}
//dump("keyFromEntropy", byteArrayToHex(k));
return k;
}
//#############################################################################
// Downloaded on March 30, 2006 from http://www.fourmilab.ch/javascrypt/javascrypt.zip (aesprng.js)
//#############################################################################
// AES based pseudorandom number generator
/* Constructor. Called with an array of 32 byte (0-255) values
containing the initial seed. */
function AESprng(seed) {
this.key = new Array();
this.key = seed;
this.itext = hexToByteArray("9F489613248148F9C27945C6AE62EECA3E3367BB14064E4E6DC67A9F28AB3BD1");
this.nbytes = 0; // Bytes left in buffer
this.next = AESprng_next;
this.nextbits = AESprng_nextbits;
this.nextInt = AESprng_nextInt;
this.round = AESprng_round;
/* Encrypt the initial text with the seed key
three times, feeding the output of the encryption
back into the key for the next round. */
bsb = blockSizeInBits;
blockSizeInBits = 256;
var i, ct;
for (i = 0; i < 3; i++) {
this.key = rijndaelEncrypt(this.itext, this.key, "ECB");
}
/* Now make between one and four additional
key-feedback rounds, with the number determined
by bits from the result of the first three
rounds. */
var n = 1 + (this.key[3] & 2) + (this.key[9] & 1);
for (i = 0; i < n; i++) {
this.key = rijndaelEncrypt(this.itext, this.key, "ECB");
}
blockSizeInBits = bsb;
}
function AESprng_round() {
bsb = blockSizeInBits;
blockSizeInBits = 256;
this.key = rijndaelEncrypt(this.itext, this.key, "ECB");
this.nbytes = 32;
blockSizeInBits = bsb;
}
// Return next byte from the generator
function AESprng_next() {
if (this.nbytes <= 0) {
this.round();
}
return(this.key[--this.nbytes]);
}
// Return n bit integer value (up to maximum integer size)
function AESprng_nextbits(n) {
var i, w = 0, nbytes = Math.floor((n + 7) / 8);
for (i = 0; i < nbytes; i++) {
w = (w << 8) | this.next();
}
return w & ((1 << n) - 1);
}
// Return integer between 0 and n inclusive
function AESprng_nextInt(n) {
var p = 1, nb = 0;
// Determine smallest p, 2^p > n
// nb = log_2 p
while (n >= p) {
p <<= 1;
nb++;
}
p--;
/* Generate values from 0 through n by first generating
values v from 0 to (2^p)-1, then discarding any results v > n.
For the rationale behind this (and why taking
values mod (n + 1) is biased toward smaller values, see
Ferguson and Schneier, "Practical Cryptography",
ISBN 0-471-22357-3, section 10.8). */
while (true) {
var v = this.nextbits(nb) & p;
if (v <= n) {
return v;
}
}
}
//#############################################################################
// Downloaded on March 30, 2006 from http://www.fourmilab.ch/javascrypt/javascrypt.zip (md5.js)
//#############################################################################
/*
* md5.jvs 1.0b 27/06/96
*
* Javascript implementation of the RSA Data Security, Inc. MD5
* Message-Digest Algorithm.
*
* Copyright (c) 1996 Henri Torgemane. All Rights Reserved.
*
* Permission to use, copy, modify, and distribute this software
* and its documentation for any purposes and without
* fee is hereby granted provided that this copyright notice
* appears in all copies.
*
* Of course, this soft is provided "as is" without express or implied
* warranty of any kind.
This version contains some trivial reformatting modifications
by John Walker.
*/
function array(n) {
for (i = 0; i < n; i++) {
this[i] = 0;
}
this.length = n;
}
/* Some basic logical functions had to be rewritten because of a bug in
* Javascript.. Just try to compute 0xffffffff >> 4 with it..
* Of course, these functions are slower than the original would be, but
* at least, they work!
*/
function integer(n) {
return n % (0xffffffff + 1);
}
function shr(a, b) {
a = integer(a);
b = integer(b);
if (a - 0x80000000 >= 0) {
a = a % 0x80000000;
a >>= b;
a += 0x40000000 >> (b - 1);
} else {
a >>= b;
}
diff --git a/frontend/gamma/js/Clipperz/Crypto/BigInt.js b/frontend/gamma/js/Clipperz/Crypto/BigInt.js
index 41483a3..031ed30 100644
--- a/frontend/gamma/js/Clipperz/Crypto/BigInt.js
+++ b/frontend/gamma/js/Clipperz/Crypto/BigInt.js
@@ -1,406 +1,404 @@
/*
-Copyright 2008-2011 Clipperz Srl
+Copyright 2008-2013 Clipperz Srl
-This file is part of Clipperz Community Edition.
-Clipperz Community Edition is an online password manager.
+This file is part of Clipperz, the online password manager.
For further information about its features and functionalities please
refer to http://www.clipperz.com.
-* Clipperz Community Edition is free software: you can redistribute
- it and/or modify it under the terms of the GNU Affero General Public
- License as published by the Free Software Foundation, either version
- 3 of the License, or (at your option) any later version.
+* Clipperz is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
-* Clipperz Community Edition is distributed in the hope that it will
- be useful, but WITHOUT ANY WARRANTY; without even the implied
- warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+* Clipperz is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU Affero General Public License for more details.
* You should have received a copy of the GNU Affero General Public
- License along with Clipperz Community Edition. If not, see
- <http://www.gnu.org/licenses/>.
+ License along with Clipperz. If not, see http://www.gnu.org/licenses/.
*/
if (typeof(Clipperz) == 'undefined') { Clipperz = {}; }
if (typeof(Clipperz.Crypto) == 'undefined') { Clipperz.Crypto = {}; }
//#############################################################################
// Downloaded on March 05, 2007 from http://www.leemon.com/crypto/BigInt.js
//#############################################################################
////////////////////////////////////////////////////////////////////////////////////////
// Big Integer Library v. 5.0
// Created 2000, last modified 2006
// Leemon Baird
// www.leemon.com
//
// This file is public domain. You can use it for any purpose without restriction.
// I do not guarantee that it is correct, so use it at your own risk. If you use
// it for something interesting, I'd appreciate hearing about it. If you find
// any bugs or make any improvements, I'd appreciate hearing about those too.
// It would also be nice if my name and address were left in the comments.
// But none of that is required.
//
// This code defines a bigInt library for arbitrary-precision integers.
// A bigInt is an array of integers storing the value in chunks of bpe bits,
// little endian (buff[0] is the least significant word).
// Negative bigInts are stored two's complement.
// Some functions assume their parameters have at least one leading zero element.
// Functions with an underscore at the end of the name have unpredictable behavior in case of overflow,
// so the caller must make sure overflow won't happen.
// For each function where a parameter is modified, that same
// variable must not be used as another argument too.
// So, you cannot square x by doing multMod_(x,x,n).
// You must use squareMod_(x,n) instead, or do y=dup(x); multMod_(x,y,n).
//
// These functions are designed to avoid frequent dynamic memory allocation in the inner loop.
// For most functions, if it needs a BigInt as a local variable it will actually use
// a global, and will only allocate to it when it's not the right size. This ensures
// that when a function is called repeatedly with same-sized parameters, it only allocates
// memory on the first call.
//
// Note that for cryptographic purposes, the calls to Math.random() must
// be replaced with calls to a better pseudorandom number generator.
//
// In the following, "bigInt" means a bigInt with at least one leading zero element,
// and "integer" means a nonnegative integer less than radix. In some cases, integer
// can be negative. Negative bigInts are 2s complement.
//
// The following functions do not modify their inputs, but dynamically allocate memory every time they are called:
//
// function bigInt2str(x,base) //convert a bigInt into a string in a given base, from base 2 up to base 95
// function dup(x) //returns a copy of bigInt x
// function findPrimes(n) //return array of all primes less than integer n
// function int2bigInt(t,n,m) //convert integer t to a bigInt with at least n bits and m array elements
// function int2bigInt(s,b,n,m) //convert string s in base b to a bigInt with at least n bits and m array elements
// function trim(x,k) //return a copy of x with exactly k leading zero elements
//
// The following functions do not modify their inputs, so there is never a problem with the result being too big:
//
// function bitSize(x) //returns how many bits long the bigInt x is, not counting leading zeros
// function equals(x,y) //is the bigInt x equal to the bigint y?
// function equalsInt(x,y) //is bigint x equal to integer y?
// function greater(x,y) //is x>y? (x and y are nonnegative bigInts)
// function greaterShift(x,y,shift)//is (x <<(shift*bpe)) > y?
// function isZero(x) //is the bigInt x equal to zero?
// function millerRabin(x,b) //does one round of Miller-Rabin base integer b say that bigInt x is possibly prime (as opposed to definitely composite)?
// function modInt(x,n) //return x mod n for bigInt x and integer n.
// function negative(x) //is bigInt x negative?
//
// The following functions do not modify their inputs, but allocate memory and call functions with underscores
//
// function add(x,y) //return (x+y) for bigInts x and y.
// function addInt(x,n) //return (x+n) where x is a bigInt and n is an integer.
// function expand(x,n) //return a copy of x with at least n elements, adding leading zeros if needed
// function inverseMod(x,n) //return (x**(-1) mod n) for bigInts x and n. If no inverse exists, it returns null
// function mod(x,n) //return a new bigInt equal to (x mod n) for bigInts x and n.
// function mult(x,y) //return x*y for bigInts x and y. This is faster when y<x.
// function multMod(x,y,n) //return (x*y mod n) for bigInts x,y,n. For greater speed, let y<x.
// function powMod(x,y,n) //return (x**y mod n) where x,y,n are bigInts and ** is exponentiation. 0**0=1. Faster for odd n.
// function randTruePrime(k) //return a new, random, k-bit, true prime using Maurer's algorithm.
// function sub(x,y) //return (x-y) for bigInts x and y. Negative answers will be 2s complement
//
// The following functions write a bigInt result to one of the parameters, but
// the result is never bigger than the original, so there can't be overflow problems:
//
// function divInt_(x,n) //do x=floor(x/n) for bigInt x and integer n, and return the remainder
// function GCD_(x,y) //set x to the greatest common divisor of bigInts x and y, (y is destroyed).
// function halve_(x) //do x=floor(|x|/2)*sgn(x) for bigInt x in 2's complement
// function mod_(x,n) //do x=x mod n for bigInts x and n.
// function rightShift_(x,n) //right shift bigInt x by n bits. 0 <= n < bpe.
//
// The following functions write a bigInt result to one of the parameters. The caller is responsible for
// ensuring it is large enough to hold the result.
//
// function addInt_(x,n) //do x=x+n where x is a bigInt and n is an integer
// function add_(x,y) //do x=x+y for bigInts x and y
// function addShift_(x,y,ys) //do x=x+(y<<(ys*bpe))
// function copy_(x,y) //do x=y on bigInts x and y
// function copyInt_(x,n) //do x=n on bigInt x and integer n
// function carry_(x) //do carries and borrows so each element of the bigInt x fits in bpe bits.
// function divide_(x,y,q,r) //divide_ x by y giving quotient q and remainder r
// function eGCD_(x,y,d,a,b) //sets a,b,d to positive big integers such that d = GCD_(x,y) = a*x-b*y
// function inverseMod_(x,n) //do x=x**(-1) mod n, for bigInts x and n. Returns 1 (0) if inverse does (doesn't) exist
// function inverseModInt_(x,n) //return x**(-1) mod n, for integers x and n. Return 0 if there is no inverse
// function leftShift_(x,n) //left shift bigInt x by n bits. n<bpe.
// function linComb_(x,y,a,b) //do x=a*x+b*y for bigInts x and y and integers a and b
// function linCombShift_(x,y,b,ys) //do x=x+b*(y<<(ys*bpe)) for bigInts x and y, and integers b and ys
// function mont_(x,y,n,np) //Montgomery multiplication (see comments where the function is defined)
// function mult_(x,y) //do x=x*y for bigInts x and y.
// function multInt_(x,n) //do x=x*n where x is a bigInt and n is an integer.
// function multMod_(x,y,n) //do x=x*y mod n for bigInts x,y,n.
// function powMod_(x,y,n) //do x=x**y mod n, where x,y,n are bigInts (n is odd) and ** is exponentiation. 0**0=1.
// function randBigInt_(b,n,s) //do b = an n-bit random BigInt. if s=1, then nth bit (most significant bit) is set to 1. n>=1.
// function randTruePrime_(ans,k) //do ans = a random k-bit true random prime (not just probable prime) with 1 in the msb.
// function squareMod_(x,n) //do x=x*x mod n for bigInts x,n
// function sub_(x,y) //do x=x-y for bigInts x and y. Negative answers will be 2s complement.
// function subShift_(x,y,ys) //do x=x-(y<<(ys*bpe)). Negative answers will be 2s complement.
//
// The following functions are based on algorithms from the _Handbook of Applied Cryptography_
// powMod_() = algorithm 14.94, Montgomery exponentiation
// eGCD_,inverseMod_() = algorithm 14.61, Binary extended GCD_
// GCD_() = algorothm 14.57, Lehmer's algorithm
// mont_() = algorithm 14.36, Montgomery multiplication
// divide_() = algorithm 14.20 Multiple-precision division
// squareMod_() = algorithm 14.16 Multiple-precision squaring
// randTruePrime_() = algorithm 4.62, Maurer's algorithm
// millerRabin() = algorithm 4.24, Miller-Rabin algorithm
//
// Profiling shows:
// randTruePrime_() spends:
// 10% of its time in calls to powMod_()
// 85% of its time in calls to millerRabin()
// millerRabin() spends:
// 99% of its time in calls to powMod_() (always with a base of 2)
// powMod_() spends:
// 94% of its time in calls to mont_() (almost always with x==y)
//
// This suggests there are several ways to speed up this library slightly:
// - convert powMod_ to use a Montgomery form of k-ary window (or maybe a Montgomery form of sliding window)
// -- this should especially focus on being fast when raising 2 to a power mod n
// - convert randTruePrime_() to use a minimum r of 1/3 instead of 1/2 with the appropriate change to the test
// - tune the parameters in randTruePrime_(), including c, m, and recLimit
// - speed up the single loop in mont_() that takes 95% of the runtime, perhaps by reducing checking
// within the loop when all the parameters are the same length.
//
// There are several ideas that look like they wouldn't help much at all:
// - replacing trial division in randTruePrime_() with a sieve (that speeds up something taking almost no time anyway)
// - increase bpe from 15 to 30 (that would help if we had a 32*32->64 multiplier, but not with JavaScript's 32*32->32)
// - speeding up mont_(x,y,n,np) when x==y by doing a non-modular, non-Montgomery square
// followed by a Montgomery reduction. The intermediate answer will be twice as long as x, so that
// method would be slower. This is unfortunate because the code currently spends almost all of its time
// doing mont_(x,x,...), both for randTruePrime_() and powMod_(). A faster method for Montgomery squaring
// would have a large impact on the speed of randTruePrime_() and powMod_(). HAC has a couple of poorly-worded
// sentences that seem to imply it's faster to do a non-modular square followed by a single
// Montgomery reduction, but that's obviously wrong.
////////////////////////////////////////////////////////////////////////////////////////
//globals
bpe=0; //bits stored per array element
mask=0; //AND this with an array element to chop it down to bpe bits
radix=mask+1; //equals 2^bpe. A single 1 bit to the left of the last bit of mask.
//the digits for converting to different bases
digitsStr='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_=!@#$%^&*()[]{}|;:,.<>/?`~ \\\'\"+-';
//initialize the global variables
for (bpe=0; (1<<(bpe+1)) > (1<<bpe); bpe++); //bpe=number of bits in the mantissa on this platform
bpe>>=1; //bpe=number of bits in one element of the array representing the bigInt
mask=(1<<bpe)-1; //AND the mask with an integer to get its bpe least significant bits
radix=mask+1; //2^bpe. a single 1 bit to the left of the first bit of mask
one=int2bigInt(1,1,1); //constant used in powMod_()
//the following global variables are scratchpad memory to
//reduce dynamic memory allocation in the inner loop
t=new Array(0);
ss=t; //used in mult_()
s0=t; //used in multMod_(), squareMod_()
s1=t; //used in powMod_(), multMod_(), squareMod_()
s2=t; //used in powMod_(), multMod_()
s3=t; //used in powMod_()
s4=t; s5=t; //used in mod_()
s6=t; //used in bigInt2str()
s7=t; //used in powMod_()
T=t; //used in GCD_()
sa=t; //used in mont_()
mr_x1=t; mr_r=t; mr_a=t; //used in millerRabin()
eg_v=t; eg_u=t; eg_A=t; eg_B=t; eg_C=t; eg_D=t; //used in eGCD_(), inverseMod_()
md_q1=t; md_q2=t; md_q3=t; md_r=t; md_r1=t; md_r2=t; md_tt=t; //used in mod_()
primes=t; pows=t; s_i=t; s_i2=t; s_R=t; s_rm=t; s_q=t; s_n1=t;
s_a=t; s_r2=t; s_n=t; s_b=t; s_d=t; s_x1=t; s_x2=t, s_aa=t; //used in randTruePrime_()
////////////////////////////////////////////////////////////////////////////////////////
//return array of all primes less than integer n
function findPrimes(n) {
var i,s,p,ans;
s=new Array(n);
for (i=0;i<n;i++)
s[i]=0;
s[0]=2;
p=0; //first p elements of s are primes, the rest are a sieve
for(;s[p]<n;) { //s[p] is the pth prime
for(i=s[p]*s[p]; i<n; i+=s[p]) //mark multiples of s[p]
s[i]=1;
p++;
s[p]=s[p-1]+1;
for(; s[p]<n && s[s[p]]; s[p]++); //find next prime (where s[p]==0)
}
ans=new Array(p);
for(i=0;i<p;i++)
ans[i]=s[i];
return ans;
}
//does a single round of Miller-Rabin base b consider x to be a possible prime?
//x is a bigInt, and b is an integer
function millerRabin(x,b) {
var i,j,k,s;
if (mr_x1.length!=x.length) {
mr_x1=dup(x);
mr_r=dup(x);
mr_a=dup(x);
}
copyInt_(mr_a,b);
copy_(mr_r,x);
copy_(mr_x1,x);
addInt_(mr_r,-1);
addInt_(mr_x1,-1);
//s=the highest power of two that divides mr_r
k=0;
for (i=0;i<mr_r.length;i++)
for (j=1;j<mask;j<<=1)
if (x[i] & j) {
s=(k<mr_r.length+bpe ? k : 0);
i=mr_r.length;
j=mask;
} else
k++;
if (s)
rightShift_(mr_r,s);
powMod_(mr_a,mr_r,x);
if (!equalsInt(mr_a,1) && !equals(mr_a,mr_x1)) {
j=1;
while (j<=s-1 && !equals(mr_a,mr_x1)) {
squareMod_(mr_a,x);
if (equalsInt(mr_a,1)) {
return 0;
}
j++;
}
if (!equals(mr_a,mr_x1)) {
return 0;
}
}
return 1;
}
//returns how many bits long the bigInt is, not counting leading zeros.
function bitSize(x) {
var j,z,w;
for (j=x.length-1; (x[j]==0) && (j>0); j--);
for (z=0,w=x[j]; w; (w>>=1),z++);
z+=bpe*j;
return z;
}
//return a copy of x with at least n elements, adding leading zeros if needed
function expand(x,n) {
var ans=int2bigInt(0,(x.length>n ? x.length : n)*bpe,0);
copy_(ans,x);
return ans;
}
//return a k-bit true random prime using Maurer's algorithm.
function randTruePrime(k) {
var ans=int2bigInt(0,k,0);
randTruePrime_(ans,k);
return trim(ans,1);
}
//return a new bigInt equal to (x mod n) for bigInts x and n.
function mod(x,n) {
var ans=dup(x);
mod_(ans,n);
return trim(ans,1);
}
//return (x+n) where x is a bigInt and n is an integer.
function addInt(x,n) {
var ans=expand(x,x.length+1);
addInt_(ans,n);
return trim(ans,1);
}
//return x*y for bigInts x and y. This is faster when y<x.
function mult(x,y) {
var ans=expand(x,x.length+y.length);
mult_(ans,y);
return trim(ans,1);
}
//return (x**y mod n) where x,y,n are bigInts and ** is exponentiation. 0**0=1. Faster for odd n.
function powMod(x,y,n) {
var ans=expand(x,n.length);
powMod_(ans,trim(y,2),trim(n,2),0); //this should work without the trim, but doesn't
return trim(ans,1);
}
//return (x-y) for bigInts x and y. Negative answers will be 2s complement
function sub(x,y) {
var ans=expand(x,(x.length>y.length ? x.length+1 : y.length+1));
sub_(ans,y);
return trim(ans,1);
}
//return (x+y) for bigInts x and y.
function add(x,y) {
var ans=expand(x,(x.length>y.length ? x.length+1 : y.length+1));
add_(ans,y);
return trim(ans,1);
}
//return (x**(-1) mod n) for bigInts x and n. If no inverse exists, it returns null
function inverseMod(x,n) {
var ans=expand(x,n.length);
var s;
s=inverseMod_(ans,n);
return s ? trim(ans,1) : null;
}
//return (x*y mod n) for bigInts x,y,n. For greater speed, let y<x.
function multMod(x,y,n) {
var ans=expand(x,n.length);
multMod_(ans,y,n);
return trim(ans,1);
}
//generate a k-bit true random prime using Maurer's algorithm,
//and put it into ans. The bigInt ans must be large enough to hold it.
function randTruePrime_(ans,k) {
var c,m,pm,dd,j,r,B,divisible,z,zz,recSize;
if (primes.length==0)
primes=findPrimes(30000); //check for divisibility by primes <=30000
if (pows.length==0) {
pows=new Array(512);
for (j=0;j<512;j++) {
pows[j]=Math.pow(2,j/511.-1.);
}
}
//c and m should be tuned for a particular machine and value of k, to maximize speed
//this was: c=primes[primes.length-1]/k/k; //check using all the small primes. (c=0.1 in HAC)
c=0.1;
m=20; //generate this k-bit number by first recursively generating a number that has between k/2 and k-m bits
recLimit=20; /*must be at least 2 (was 29)*/ //stop recursion when k <=recLimit
if (s_i2.length!=ans.length) {
s_i2=dup(ans);
s_R =dup(ans);
s_n1=dup(ans);
s_r2=dup(ans);
s_d =dup(ans);
s_x1=dup(ans);
s_x2=dup(ans);
s_b =dup(ans);
s_n =dup(ans);
s_i =dup(ans);
s_rm=dup(ans);
s_q =dup(ans);
s_a =dup(ans);
s_aa=dup(ans);
}
@@ -1096,662 +1094,661 @@ function multInt_(x,n) {
b=0;
if (c<0) {
b=-(c>>bpe);
c+=b*radix;
}
x[i]=c & mask;
c=(c>>bpe)-b;
}
}
//do x=floor(x/n) for bigInt x and integer n, and return the remainder
function divInt_(x,n) {
var i,r=0,s;
for (i=x.length-1;i>=0;i--) {
s=r*radix+x[i];
x[i]=Math.floor(s/n);
r=s%n;
}
return r;
}
//do the linear combination x=a*x+b*y for bigInts x and y, and integers a and b.
//x must be large enough to hold the answer.
function linComb_(x,y,a,b) {
var i,c,k,kk;
k=x.length<y.length ? x.length : y.length;
kk=x.length;
for (c=0,i=0;i<k;i++) {
c+=a*x[i]+b*y[i];
x[i]=c & mask;
c>>=bpe;
}
for (i=k;i<kk;i++) {
c+=a*x[i];
x[i]=c & mask;
c>>=bpe;
}
}
//do the linear combination x=a*x+b*(y<<(ys*bpe)) for bigInts x and y, and integers a, b and ys.
//x must be large enough to hold the answer.
function linCombShift_(x,y,b,ys) {
var i,c,k,kk;
k=x.length<ys+y.length ? x.length : ys+y.length;
kk=x.length;
for (c=0,i=ys;i<k;i++) {
c+=x[i]+b*y[i-ys];
x[i]=c & mask;
c>>=bpe;
}
for (i=k;c && i<kk;i++) {
c+=x[i];
x[i]=c & mask;
c>>=bpe;
}
}
//do x=x+(y<<(ys*bpe)) for bigInts x and y, and integers a,b and ys.
//x must be large enough to hold the answer.
function addShift_(x,y,ys) {
var i,c,k,kk;
k=x.length<ys+y.length ? x.length : ys+y.length;
kk=x.length;
for (c=0,i=ys;i<k;i++) {
c+=x[i]+y[i-ys];
x[i]=c & mask;
c>>=bpe;
}
for (i=k;c && i<kk;i++) {
c+=x[i];
x[i]=c & mask;
c>>=bpe;
}
}
//do x=x-(y<<(ys*bpe)) for bigInts x and y, and integers a,b and ys.
//x must be large enough to hold the answer.
function subShift_(x,y,ys) {
var i,c,k,kk;
k=x.length<ys+y.length ? x.length : ys+y.length;
kk=x.length;
for (c=0,i=ys;i<k;i++) {
c+=x[i]-y[i-ys];
x[i]=c & mask;
c>>=bpe;
}
for (i=k;c && i<kk;i++) {
c+=x[i];
x[i]=c & mask;
c>>=bpe;
}
}
//do x=x-y for bigInts x and y.
//x must be large enough to hold the answer.
//negative answers will be 2s complement
function sub_(x,y) {
var i,c,k,kk;
k=x.length<y.length ? x.length : y.length;
for (c=0,i=0;i<k;i++) {
c+=x[i]-y[i];
x[i]=c & mask;
c>>=bpe;
}
for (i=k;c && i<x.length;i++) {
c+=x[i];
x[i]=c & mask;
c>>=bpe;
}
}
//do x=x+y for bigInts x and y.
//x must be large enough to hold the answer.
function add_(x,y) {
var i,c,k,kk;
k=x.length<y.length ? x.length : y.length;
for (c=0,i=0;i<k;i++) {
c+=x[i]+y[i];
x[i]=c & mask;
c>>=bpe;
}
for (i=k;c && i<x.length;i++) {
c+=x[i];
x[i]=c & mask;
c>>=bpe;
}
}
//do x=x*y for bigInts x and y. This is faster when y<x.
function mult_(x,y) {
var i;
if (ss.length!=2*x.length)
ss=new Array(2*x.length);
copyInt_(ss,0);
for (i=0;i<y.length;i++)
if (y[i])
linCombShift_(ss,x,y[i],i); //ss=1*ss+y[i]*(x<<(i*bpe))
copy_(x,ss);
}
//do x=x mod n for bigInts x and n.
function mod_(x,n) {
if (s4.length!=x.length)
s4=dup(x);
else
copy_(s4,x);
if (s5.length!=x.length)
s5=dup(x);
divide_(s4,n,s5,x); //x = remainder of s4 / n
}
//do x=x*y mod n for bigInts x,y,n.
//for greater speed, let y<x.
function multMod_(x,y,n) {
var i;
if (s0.length!=2*x.length)
s0=new Array(2*x.length);
copyInt_(s0,0);
for (i=0;i<y.length;i++)
if (y[i])
linCombShift_(s0,x,y[i],i); //s0=1*s0+y[i]*(x<<(i*bpe))
mod_(s0,n);
copy_(x,s0);
}
//do x=x*x mod n for bigInts x,n.
function squareMod_(x,n) {
var i,j,d,c,kx,kn,k;
for (kx=x.length; kx>0 && !x[kx-1]; kx--); //ignore leading zeros in x
k=kx>n.length ? 2*kx : 2*n.length; //k=# elements in the product, which is twice the elements in the larger of x and n
if (s0.length!=k)
s0=new Array(k);
copyInt_(s0,0);
for (i=0;i<kx;i++) {
c=s0[2*i]+x[i]*x[i];
s0[2*i]=c & mask;
c>>=bpe;
for (j=i+1;j<kx;j++) {
c=s0[i+j]+2*x[i]*x[j]+c;
s0[i+j]=(c & mask);
c>>=bpe;
}
s0[i+kx]=c;
}
mod_(s0,n);
copy_(x,s0);
}
//return x with exactly k leading zero elements
function trim(x,k) {
var i,y;
for (i=x.length; i>0 && !x[i-1]; i--);
y=new Array(i+k);
copy_(y,x);
return y;
}
//do x=x**y mod n, where x,y,n are bigInts and ** is exponentiation. 0**0=1.
//this is faster when n is odd. x usually needs to have as many elements as n.
function powMod_(x,y,n) {
var k1,k2,kn,np;
if(s7.length!=n.length)
s7=dup(n);
//for even modulus, use a simple square-and-multiply algorithm,
//rather than using the more complex Montgomery algorithm.
if ((n[0]&1)==0) {
copy_(s7,x);
copyInt_(x,1);
while(!equalsInt(y,0)) {
if (y[0]&1)
multMod_(x,s7,n);
divInt_(y,2);
squareMod_(s7,n);
}
return;
}
//calculate np from n for the Montgomery multiplications
copyInt_(s7,0);
for (kn=n.length;kn>0 && !n[kn-1];kn--);
np=radix-inverseModInt_(modInt(n,radix),radix);
s7[kn]=1;
multMod_(x ,s7,n); // x = x * 2**(kn*bp) mod n
if (s3.length!=x.length)
s3=dup(x);
else
copy_(s3,x);
for (k1=y.length-1;k1>0 & !y[k1]; k1--); //k1=first nonzero element of y
if (y[k1]==0) { //anything to the 0th power is 1
copyInt_(x,1);
return;
}
for (k2=1<<(bpe-1);k2 && !(y[k1] & k2); k2>>=1); //k2=position of first 1 bit in y[k1]
for (;;) {
if (!(k2>>=1)) { //look at next bit of y
k1--;
if (k1<0) {
mont_(x,one,n,np);
return;
}
k2=1<<(bpe-1);
}
mont_(x,x,n,np);
if (k2 & y[k1]) //if next bit is a 1
mont_(x,s3,n,np);
}
}
//do x=x*y*Ri mod n for bigInts x,y,n,
// where Ri = 2**(-kn*bpe) mod n, and kn is the
// number of elements in the n array, not
// counting leading zeros.
//x must be large enough to hold the answer.
//It's OK if x and y are the same variable.
//must have:
// x,y < n
// n is odd
// np = -(n^(-1)) mod radix
function mont_(x,y,n,np) {
var i,j,c,ui,t;
var kn=n.length;
var ky=y.length;
if (sa.length!=kn)
sa=new Array(kn);
for (;kn>0 && n[kn-1]==0;kn--); //ignore leading zeros of n
//this function sometimes gives wrong answers when the next line is uncommented
//for (;ky>0 && y[ky-1]==0;ky--); //ignore leading zeros of y
copyInt_(sa,0);
//the following loop consumes 95% of the runtime for randTruePrime_() and powMod_() for large keys
for (i=0; i<kn; i++) {
t=sa[0]+x[i]*y[0];
ui=((t & mask) * np) & mask; //the inner "& mask" is needed on Macintosh MSIE, but not windows MSIE
c=(t+ui*n[0]) >> bpe;
t=x[i];
//do sa=(sa+x[i]*y+ui*n)/b where b=2**bpe
for (j=1;j<ky;j++) {
c+=sa[j]+t*y[j]+ui*n[j];
sa[j-1]=c & mask;
c>>=bpe;
}
for (;j<kn;j++) {
c+=sa[j]+ui*n[j];
sa[j-1]=c & mask;
c>>=bpe;
}
sa[j-1]=c & mask;
}
if (!greater(n,sa))
sub_(sa,n);
copy_(x,sa);
}
//#############################################################################
//#############################################################################
//#############################################################################
//#############################################################################
//#############################################################################
//#############################################################################
//#############################################################################
//#############################################################################
Clipperz.Crypto.BigInt = function (aValue, aBase) {
var base;
var value;
if (typeof(aValue) == 'object') {
this._internalValue = aValue;
} else {
if (typeof(aValue) == 'undefined') {
value = "0";
} else {
value = aValue + "";
}
if (typeof(aBase) == 'undefined') {
base = 10;
} else {
base = aBase;
}
this._internalValue = str2bigInt(value, base, 1, 1);
}
return this;
}
//=============================================================================
MochiKit.Base.update(Clipperz.Crypto.BigInt.prototype, {
'clone': function() {
return new Clipperz.Crypto.BigInt(this.internalValue());
},
//-------------------------------------------------------------------------
'internalValue': function () {
return this._internalValue;
},
//-------------------------------------------------------------------------
'isBigInt': true,
//-------------------------------------------------------------------------
'toString': function(aBase) {
return this.asString(aBase);
},
//-------------------------------------------------------------------------
'asString': function (aBase, minimumLength) {
var result;
var base;
if (typeof(aBase) == 'undefined') {
base = 10;
} else {
base = aBase;
}
result = bigInt2str(this.internalValue(), base).toLowerCase();
if ((typeof(minimumLength) != 'undefined') && (result.length < minimumLength)) {
var i, c;
-//MochiKit.Logging.logDebug(">>> FIXING BigInt.asString length issue")
c = (minimumLength - result.length);
for (i=0; i<c; i++) {
result = '0' + result;
}
}
return result;
},
//-------------------------------------------------------------------------
'asByteArray': function() {
return new Clipperz.ByteArray("0x" + this.asString(16), 16);
},
//-------------------------------------------------------------------------
'equals': function (aValue) {
var result;
if (aValue.isBigInt) {
result = equals(this.internalValue(), aValue.internalValue());
} else if (typeof(aValue) == "number") {
result = equalsInt(this.internalValue(), aValue);
} else {
throw Clipperz.Crypt.BigInt.exception.UnknownType;
}
return result;
},
//-------------------------------------------------------------------------
'compare': function(aValue) {
/*
var result;
var thisAsString;
var aValueAsString;
thisAsString = this.asString(10);
aValueAsString = aValue.asString(10);
result = MochiKit.Base.compare(thisAsString.length, aValueAsString.length);
if (result == 0) {
result = MochiKit.Base.compare(thisAsString, aValueAsString);
}
return result;
*/
var result;
if (equals(this.internalValue(), aValue.internalValue())) {
result = 0;
} else if (greater(this.internalValue(), aValue.internalValue())) {
result = 1;
} else {
result = -1;
}
return result;
},
//-------------------------------------------------------------------------
'add': function (aValue) {
var result;
if (aValue.isBigInt) {
result = add(this.internalValue(), aValue.internalValue());
} else {
result = addInt(this.internalValue(), aValue);
}
return new Clipperz.Crypto.BigInt(result);
},
//-------------------------------------------------------------------------
'subtract': function (aValue) {
var result;
var value;
if (aValue.isBigInt) {
value = aValue;
} else {
value = new Clipperz.Crypto.BigInt(aValue);
}
result = sub(this.internalValue(), value.internalValue());
return new Clipperz.Crypto.BigInt(result);
},
//-------------------------------------------------------------------------
'multiply': function (aValue, aModule) {
var result;
var value;
if (aValue.isBigInt) {
value = aValue;
} else {
value = new Clipperz.Crypto.BigInt(aValue);
}
if (typeof(aModule) == 'undefined') {
result = mult(this.internalValue(), value.internalValue());
} else {
if (greater(this.internalValue(), value.internalValue())) {
result = multMod(this.internalValue(), value.internalValue(), aModule);
} else {
result = multMod(value.internalValue(), this.internalValue(), aModule);
}
}
return new Clipperz.Crypto.BigInt(result);
},
//-------------------------------------------------------------------------
'module': function (aModule) {
var result;
var module;
if (aModule.isBigInt) {
module = aModule;
} else {
module = new Clipperz.Crypto.BigInt(aModule);
}
result = mod(this.internalValue(), module.internalValue());
return new Clipperz.Crypto.BigInt(result);
},
//-------------------------------------------------------------------------
'powerModule': function(aValue, aModule) {
var result;
var value;
var module;
if (aValue.isBigInt) {
value = aValue;
} else {
value = new Clipperz.Crypto.BigInt(aValue);
}
if (aModule.isBigInt) {
module = aModule;
} else {
module = new Clipperz.Crypto.BigInt(aModule);
}
if (aValue == -1) {
result = inverseMod(this.internalValue(), module.internalValue());
} else {
result = powMod(this.internalValue(), value.internalValue(), module.internalValue());
}
return new Clipperz.Crypto.BigInt(result);
},
//-------------------------------------------------------------------------
'xor': function(aValue) {
var result;
var thisByteArray;
var aValueByteArray;
var xorArray;
thisByteArray = new Clipperz.ByteArray("0x" + this.asString(16), 16);
aValueByteArray = new Clipperz.ByteArray("0x" + aValue.asString(16), 16);
xorArray = thisByteArray.xorMergeWithBlock(aValueByteArray, 'right');
result = new Clipperz.Crypto.BigInt(xorArray.toHexString(), 16);
return result;
},
//-------------------------------------------------------------------------
'shiftLeft': function(aNumberOfBitsToShift) {
var result;
var internalResult;
var wholeByteToShift;
var bitsLeftToShift;
wholeByteToShift = Math.floor(aNumberOfBitsToShift / 8);
bitsLeftToShift = aNumberOfBitsToShift % 8;
if (wholeByteToShift == 0) {
internalResult = this.internalValue();
} else {
var hexValue;
var i,c;
hexValue = this.asString(16);
c = wholeByteToShift;
for (i=0; i<c; i++) {
hexValue += "00";
}
internalResult = str2bigInt(hexValue, 16, 1, 1);
}
if (bitsLeftToShift > 0) {
leftShift_(internalResult, bitsLeftToShift);
}
result = new Clipperz.Crypto.BigInt(internalResult);
return result;
},
//-------------------------------------------------------------------------
'bitSize': function() {
return bitSize(this.internalValue());
},
//-------------------------------------------------------------------------
'isBitSet': function(aBitPosition) {
var result;
if (this.asByteArray().bitAtIndex(aBitPosition) == 0) {
result = false;
} else {
result = true;
};
return result;
},
//-------------------------------------------------------------------------
__syntaxFix__: "syntax fix"
});
//#############################################################################
Clipperz.Crypto.BigInt.randomPrime = function(aBitSize) {
return new Clipperz.Crypto.BigInt(randTruePrime(aBitSize));
}
//#############################################################################
//#############################################################################
Clipperz.Crypto.BigInt.ZERO = new Clipperz.Crypto.BigInt(0);
//#############################################################################
Clipperz.Crypto.BigInt.equals = function(a, b) {
return a.equals(b);
}
Clipperz.Crypto.BigInt.add = function(a, b) {
return a.add(b);
}
Clipperz.Crypto.BigInt.subtract = function(a, b) {
return a.subtract(b);
}
Clipperz.Crypto.BigInt.multiply = function(a, b, module) {
return a.multiply(b, module);
}
Clipperz.Crypto.BigInt.module = function(a, module) {
return a.module(module);
}
Clipperz.Crypto.BigInt.powerModule = function(a, b, module) {
return a.powerModule(b, module);
}
Clipperz.Crypto.BigInt.exception = {
UnknownType: new MochiKit.Base.NamedError("Clipperz.Crypto.BigInt.exception.UnknownType")
}
diff --git a/frontend/gamma/js/Clipperz/Crypto/BigInt_scoped.js b/frontend/gamma/js/Clipperz/Crypto/BigInt_scoped.js
index f91c7e9..bc60330 100644
--- a/frontend/gamma/js/Clipperz/Crypto/BigInt_scoped.js
+++ b/frontend/gamma/js/Clipperz/Crypto/BigInt_scoped.js
@@ -1,406 +1,404 @@
/*
-Copyright 2008-2011 Clipperz Srl
+Copyright 2008-2013 Clipperz Srl
-This file is part of Clipperz Community Edition.
-Clipperz Community Edition is an online password manager.
+This file is part of Clipperz, the online password manager.
For further information about its features and functionalities please
refer to http://www.clipperz.com.
-* Clipperz Community Edition is free software: you can redistribute
- it and/or modify it under the terms of the GNU Affero General Public
- License as published by the Free Software Foundation, either version
- 3 of the License, or (at your option) any later version.
+* Clipperz is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
-* Clipperz Community Edition is distributed in the hope that it will
- be useful, but WITHOUT ANY WARRANTY; without even the implied
- warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+* Clipperz is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU Affero General Public License for more details.
* You should have received a copy of the GNU Affero General Public
- License along with Clipperz Community Edition. If not, see
- <http://www.gnu.org/licenses/>.
+ License along with Clipperz. If not, see http://www.gnu.org/licenses/.
*/
if (typeof(Clipperz) == 'undefined') { Clipperz = {}; }
if (typeof(Clipperz.Crypto) == 'undefined') { Clipperz.Crypto = {}; }
if (typeof(Leemon) == 'undefined') { Leemon = {}; }
if (typeof(Baird.Crypto) == 'undefined') { Baird.Crypto = {}; }
if (typeof(Baird.Crypto.BigInt) == 'undefined') { Baird.Crypto.BigInt = {}; }
//#############################################################################
// Downloaded on March 05, 2007 from http://www.leemon.com/crypto/BigInt.js
//#############################################################################
////////////////////////////////////////////////////////////////////////////////////////
// Big Integer Library v. 5.0
// Created 2000, last modified 2006
// Leemon Baird
// www.leemon.com
//
// This file is public domain. You can use it for any purpose without restriction.
// I do not guarantee that it is correct, so use it at your own risk. If you use
// it for something interesting, I'd appreciate hearing about it. If you find
// any bugs or make any improvements, I'd appreciate hearing about those too.
// It would also be nice if my name and address were left in the comments.
// But none of that is required.
//
// This code defines a bigInt library for arbitrary-precision integers.
// A bigInt is an array of integers storing the value in chunks of bpe bits,
// little endian (buff[0] is the least significant word).
// Negative bigInts are stored two's complement.
// Some functions assume their parameters have at least one leading zero element.
// Functions with an underscore at the end of the name have unpredictable behavior in case of overflow,
// so the caller must make sure overflow won't happen.
// For each function where a parameter is modified, that same
// variable must not be used as another argument too.
// So, you cannot square x by doing multMod_(x,x,n).
// You must use squareMod_(x,n) instead, or do y=dup(x); multMod_(x,y,n).
//
// These functions are designed to avoid frequent dynamic memory allocation in the inner loop.
// For most functions, if it needs a BigInt as a local variable it will actually use
// a global, and will only allocate to it when it's not the right size. This ensures
// that when a function is called repeatedly with same-sized parameters, it only allocates
// memory on the first call.
//
// Note that for cryptographic purposes, the calls to Math.random() must
// be replaced with calls to a better pseudorandom number generator.
//
// In the following, "bigInt" means a bigInt with at least one leading zero element,
// and "integer" means a nonnegative integer less than radix. In some cases, integer
// can be negative. Negative bigInts are 2s complement.
//
// The following functions do not modify their inputs, but dynamically allocate memory every time they are called:
//
// function bigInt2str(x,base) //convert a bigInt into a string in a given base, from base 2 up to base 95
// function dup(x) //returns a copy of bigInt x
// function findPrimes(n) //return array of all primes less than integer n
// function int2bigInt(t,n,m) //convert integer t to a bigInt with at least n bits and m array elements
// function str2bigInt(s,b,n,m) //convert string s in base b to a bigInt with at least n bits and m array elements
// function trim(x,k) //return a copy of x with exactly k leading zero elements
//
// The following functions do not modify their inputs, so there is never a problem with the result being too big:
//
// function bitSize(x) //returns how many bits long the bigInt x is, not counting leading zeros
// function equals(x,y) //is the bigInt x equal to the bigint y?
// function equalsInt(x,y) //is bigint x equal to integer y?
// function greater(x,y) //is x>y? (x and y are nonnegative bigInts)
// function greaterShift(x,y,shift)//is (x <<(shift*bpe)) > y?
// function isZero(x) //is the bigInt x equal to zero?
// function millerRabin(x,b) //does one round of Miller-Rabin base integer b say that bigInt x is possibly prime (as opposed to definitely composite)?
// function modInt(x,n) //return x mod n for bigInt x and integer n.
// function negative(x) //is bigInt x negative?
//
// The following functions do not modify their inputs, but allocate memory and call functions with underscores
//
// function add(x,y) //return (x+y) for bigInts x and y.
// function addInt(x,n) //return (x+n) where x is a bigInt and n is an integer.
// function expand(x,n) //return a copy of x with at least n elements, adding leading zeros if needed
// function inverseMod(x,n) //return (x**(-1) mod n) for bigInts x and n. If no inverse exists, it returns null
// function mod(x,n) //return a new bigInt equal to (x mod n) for bigInts x and n.
// function mult(x,y) //return x*y for bigInts x and y. This is faster when y<x.
// function multMod(x,y,n) //return (x*y mod n) for bigInts x,y,n. For greater speed, let y<x.
// function powMod(x,y,n) //return (x**y mod n) where x,y,n are bigInts and ** is exponentiation. 0**0=1. Faster for odd n.
// function randTruePrime(k) //return a new, random, k-bit, true prime using Maurer's algorithm.
// function sub(x,y) //return (x-y) for bigInts x and y. Negative answers will be 2s complement
//
// The following functions write a bigInt result to one of the parameters, but
// the result is never bigger than the original, so there can't be overflow problems:
//
// function divInt_(x,n) //do x=floor(x/n) for bigInt x and integer n, and return the remainder
// function GCD_(x,y) //set x to the greatest common divisor of bigInts x and y, (y is destroyed).
// function halve_(x) //do x=floor(|x|/2)*sgn(x) for bigInt x in 2's complement
// function mod_(x,n) //do x=x mod n for bigInts x and n.
// function rightShift_(x,n) //right shift bigInt x by n bits. 0 <= n < bpe.
//
// The following functions write a bigInt result to one of the parameters. The caller is responsible for
// ensuring it is large enough to hold the result.
//
// function addInt_(x,n) //do x=x+n where x is a bigInt and n is an integer
// function add_(x,y) //do x=x+y for bigInts x and y
// function addShift_(x,y,ys) //do x=x+(y<<(ys*bpe))
// function copy_(x,y) //do x=y on bigInts x and y
// function copyInt_(x,n) //do x=n on bigInt x and integer n
// function carry_(x) //do carries and borrows so each element of the bigInt x fits in bpe bits.
// function divide_(x,y,q,r) //divide_ x by y giving quotient q and remainder r
// function eGCD_(x,y,d,a,b) //sets a,b,d to positive big integers such that d = GCD_(x,y) = a*x-b*y
// function inverseMod_(x,n) //do x=x**(-1) mod n, for bigInts x and n. Returns 1 (0) if inverse does (doesn't) exist
// function inverseModInt_(x,n) //return x**(-1) mod n, for integers x and n. Return 0 if there is no inverse
// function leftShift_(x,n) //left shift bigInt x by n bits. n<bpe.
// function linComb_(x,y,a,b) //do x=a*x+b*y for bigInts x and y and integers a and b
// function linCombShift_(x,y,b,ys) //do x=x+b*(y<<(ys*bpe)) for bigInts x and y, and integers b and ys
// function mont_(x,y,n,np) //Montgomery multiplication (see comments where the function is defined)
// function mult_(x,y) //do x=x*y for bigInts x and y.
// function multInt_(x,n) //do x=x*n where x is a bigInt and n is an integer.
// function multMod_(x,y,n) //do x=x*y mod n for bigInts x,y,n.
// function powMod_(x,y,n) //do x=x**y mod n, where x,y,n are bigInts (n is odd) and ** is exponentiation. 0**0=1.
// function randBigInt_(b,n,s) //do b = an n-bit random BigInt. if s=1, then nth bit (most significant bit) is set to 1. n>=1.
// function randTruePrime_(ans,k) //do ans = a random k-bit true random prime (not just probable prime) with 1 in the msb.
// function squareMod_(x,n) //do x=x*x mod n for bigInts x,n
// function sub_(x,y) //do x=x-y for bigInts x and y. Negative answers will be 2s complement.
// function subShift_(x,y,ys) //do x=x-(y<<(ys*bpe)). Negative answers will be 2s complement.
//
// The following functions are based on algorithms from the _Handbook of Applied Cryptography_
// powMod_() = algorithm 14.94, Montgomery exponentiation
// eGCD_,inverseMod_() = algorithm 14.61, Binary extended GCD_
// GCD_() = algorothm 14.57, Lehmer's algorithm
// mont_() = algorithm 14.36, Montgomery multiplication
// divide_() = algorithm 14.20 Multiple-precision division
// squareMod_() = algorithm 14.16 Multiple-precision squaring
// randTruePrime_() = algorithm 4.62, Maurer's algorithm
// millerRabin() = algorithm 4.24, Miller-Rabin algorithm
//
// Profiling shows:
// randTruePrime_() spends:
// 10% of its time in calls to powMod_()
// 85% of its time in calls to millerRabin()
// millerRabin() spends:
// 99% of its time in calls to powMod_() (always with a base of 2)
// powMod_() spends:
// 94% of its time in calls to mont_() (almost always with x==y)
//
// This suggests there are several ways to speed up this library slightly:
// - convert powMod_ to use a Montgomery form of k-ary window (or maybe a Montgomery form of sliding window)
// -- this should especially focus on being fast when raising 2 to a power mod n
// - convert randTruePrime_() to use a minimum r of 1/3 instead of 1/2 with the appropriate change to the test
// - tune the parameters in randTruePrime_(), including c, m, and recLimit
// - speed up the single loop in mont_() that takes 95% of the runtime, perhaps by reducing checking
// within the loop when all the parameters are the same length.
//
// There are several ideas that look like they wouldn't help much at all:
// - replacing trial division in randTruePrime_() with a sieve (that speeds up something taking almost no time anyway)
// - increase bpe from 15 to 30 (that would help if we had a 32*32->64 multiplier, but not with JavaScript's 32*32->32)
// - speeding up mont_(x,y,n,np) when x==y by doing a non-modular, non-Montgomery square
// followed by a Montgomery reduction. The intermediate answer will be twice as long as x, so that
// method would be slower. This is unfortunate because the code currently spends almost all of its time
// doing mont_(x,x,...), both for randTruePrime_() and powMod_(). A faster method for Montgomery squaring
// would have a large impact on the speed of randTruePrime_() and powMod_(). HAC has a couple of poorly-worded
// sentences that seem to imply it's faster to do a non-modular square followed by a single
// Montgomery reduction, but that's obviously wrong.
////////////////////////////////////////////////////////////////////////////////////////
//
// The whole library has been moved into the Baird.Crypto.BigInt scope by Giulio Cesare Solaroli <giulio.cesare@clipperz.com>
//
Baird.Crypto.BigInt.VERSION = "5.0";
Baird.Crypto.BigInt.NAME = "Baird.Crypto.BigInt";
MochiKit.Base.update(Baird.Crypto.BigInt, {
//globals
'bpe': 0, //bits stored per array element
'mask': 0, //AND this with an array element to chop it down to bpe bits
'radix': Baird.Crypto.BigInt.mask + 1, //equals 2^bpe. A single 1 bit to the left of the last bit of mask.
//the digits for converting to different bases
'digitsStr': '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_=!@#$%^&*()[]{}|;:,.<>/?`~ \\\'\"+-',
//initialize the global variables
for (bpe=0; (1<<(bpe+1)) > (1<<bpe); bpe++); //bpe=number of bits in the mantissa on this platform
bpe>>=1; //bpe=number of bits in one element of the array representing the bigInt
mask=(1<<bpe)-1; //AND the mask with an integer to get its bpe least significant bits
radix=mask+1; //2^bpe. a single 1 bit to the left of the first bit of mask
one=int2bigInt(1,1,1); //constant used in powMod_()
//the following global variables are scratchpad memory to
//reduce dynamic memory allocation in the inner loop
t=new Array(0);
ss=t; //used in mult_()
s0=t; //used in multMod_(), squareMod_()
s1=t; //used in powMod_(), multMod_(), squareMod_()
s2=t; //used in powMod_(), multMod_()
s3=t; //used in powMod_()
s4=t; s5=t; //used in mod_()
s6=t; //used in bigInt2str()
s7=t; //used in powMod_()
T=t; //used in GCD_()
sa=t; //used in mont_()
mr_x1=t; mr_r=t; mr_a=t; //used in millerRabin()
eg_v=t; eg_u=t; eg_A=t; eg_B=t; eg_C=t; eg_D=t; //used in eGCD_(), inverseMod_()
md_q1=t; md_q2=t; md_q3=t; md_r=t; md_r1=t; md_r2=t; md_tt=t; //used in mod_()
primes=t; pows=t; s_i=t; s_i2=t; s_R=t; s_rm=t; s_q=t; s_n1=t;
s_a=t; s_r2=t; s_n=t; s_b=t; s_d=t; s_x1=t; s_x2=t, s_aa=t; //used in randTruePrime_()
////////////////////////////////////////////////////////////////////////////////////////
//return array of all primes less than integer n
'findPrimes': function(n) {
var i,s,p,ans;
s=new Array(n);
for (i=0;i<n;i++)
s[i]=0;
s[0]=2;
p=0; //first p elements of s are primes, the rest are a sieve
for(;s[p]<n;) { //s[p] is the pth prime
for(i=s[p]*s[p]; i<n; i+=s[p]) //mark multiples of s[p]
s[i]=1;
p++;
s[p]=s[p-1]+1;
for(; s[p]<n && s[s[p]]; s[p]++); //find next prime (where s[p]==0)
}
ans=new Array(p);
for(i=0;i<p;i++)
ans[i]=s[i];
return ans;
},
//does a single round of Miller-Rabin base b consider x to be a possible prime?
//x is a bigInt, and b is an integer
'millerRabin': function(x,b) {
var i,j,k,s;
if (mr_x1.length!=x.length) {
mr_x1=dup(x);
mr_r=dup(x);
mr_a=dup(x);
}
copyInt_(mr_a,b);
copy_(mr_r,x);
copy_(mr_x1,x);
addInt_(mr_r,-1);
addInt_(mr_x1,-1);
//s=the highest power of two that divides mr_r
k=0;
for (i=0;i<mr_r.length;i++)
for (j=1;j<mask;j<<=1)
if (x[i] & j) {
s=(k<mr_r.length+bpe ? k : 0);
i=mr_r.length;
j=mask;
} else
k++;
if (s)
rightShift_(mr_r,s);
powMod_(mr_a,mr_r,x);
if (!equalsInt(mr_a,1) && !equals(mr_a,mr_x1)) {
j=1;
while (j<=s-1 && !equals(mr_a,mr_x1)) {
squareMod_(mr_a,x);
if (equalsInt(mr_a,1)) {
return 0;
}
j++;
}
if (!equals(mr_a,mr_x1)) {
return 0;
}
}
return 1;
},
//returns how many bits long the bigInt is, not counting leading zeros.
'bitSize': function(x) {
var j,z,w;
for (j=x.length-1; (x[j]==0) && (j>0); j--);
for (z=0,w=x[j]; w; (w>>=1),z++);
z+=bpe*j;
return z;
},
//return a copy of x with at least n elements, adding leading zeros if needed
'expand': function(x,n) {
var ans=int2bigInt(0,(x.length>n ? x.length : n)*bpe,0);
copy_(ans,x);
return ans;
},
//return a k-bit true random prime using Maurer's algorithm.
'randTruePrime': function(k) {
var ans=int2bigInt(0,k,0);
randTruePrime_(ans,k);
return trim(ans,1);
},
//return a new bigInt equal to (x mod n) for bigInts x and n.
'mod': function(x,n) {
var ans=dup(x);
mod_(ans,n);
return trim(ans,1);
},
//return (x+n) where x is a bigInt and n is an integer.
'addInt': function(x,n) {
var ans=expand(x,x.length+1);
addInt_(ans,n);
return trim(ans,1);
},
//return x*y for bigInts x and y. This is faster when y<x.
'mult': function(x,y) {
var ans=expand(x,x.length+y.length);
mult_(ans,y);
return trim(ans,1);
},
//return (x**y mod n) where x,y,n are bigInts and ** is exponentiation. 0**0=1. Faster for odd n.
'powMod': function(x,y,n) {
var ans=expand(x,n.length);
powMod_(ans,trim(y,2),trim(n,2),0); //this should work without the trim, but doesn't
return trim(ans,1);
},
//return (x-y) for bigInts x and y. Negative answers will be 2s complement
'sub': function(x,y) {
var ans=expand(x,(x.length>y.length ? x.length+1 : y.length+1));
sub_(ans,y);
return trim(ans,1);
},
//return (x+y) for bigInts x and y.
'add': function(x,y) {
var ans=expand(x,(x.length>y.length ? x.length+1 : y.length+1));
add_(ans,y);
return trim(ans,1);
},
//return (x**(-1) mod n) for bigInts x and n. If no inverse exists, it returns null
'inverseMod': function(x,n) {
var ans=expand(x,n.length);
var s;
s=inverseMod_(ans,n);
return s ? trim(ans,1) : null;
},
//return (x*y mod n) for bigInts x,y,n. For greater speed, let y<x.
'multMod': function(x,y,n) {
var ans=expand(x,n.length);
multMod_(ans,y,n);
return trim(ans,1);
},
//generate a k-bit true random prime using Maurer's algorithm,
//and put it into ans. The bigInt ans must be large enough to hold it.
'randTruePrime_': function(ans,k) {
var c,m,pm,dd,j,r,B,divisible,z,zz,recSize;
if (primes.length==0)
primes=findPrimes(30000); //check for divisibility by primes <=30000
if (pows.length==0) {
pows=new Array(512);
for (j=0;j<512;j++) {
pows[j]=Math.pow(2,j/511.-1.);
}
}
//c and m should be tuned for a particular machine and value of k, to maximize speed
//this was: c=primes[primes.length-1]/k/k; //check using all the small primes. (c=0.1 in HAC)
c=0.1;
m=20; //generate this k-bit number by first recursively generating a number that has between k/2 and k-m bits
recLimit=20; /*must be at least 2 (was 29)*/ //stop recursion when k <=recLimit
if (s_i2.length!=ans.length) {
s_i2=dup(ans);
s_R =dup(ans);
s_n1=dup(ans);
s_r2=dup(ans);
diff --git a/frontend/gamma/js/Clipperz/Crypto/ECC/BinaryField/Curve.js b/frontend/gamma/js/Clipperz/Crypto/ECC/BinaryField/Curve.js
index 19f19c2..0d76b9c 100644
--- a/frontend/gamma/js/Clipperz/Crypto/ECC/BinaryField/Curve.js
+++ b/frontend/gamma/js/Clipperz/Crypto/ECC/BinaryField/Curve.js
@@ -1,547 +1,500 @@
/*
-Copyright 2008-2011 Clipperz Srl
+Copyright 2008-2013 Clipperz Srl
-This file is part of Clipperz Community Edition.
-Clipperz Community Edition is an online password manager.
+This file is part of Clipperz, the online password manager.
For further information about its features and functionalities please
refer to http://www.clipperz.com.
-* Clipperz Community Edition is free software: you can redistribute
- it and/or modify it under the terms of the GNU Affero General Public
- License as published by the Free Software Foundation, either version
- 3 of the License, or (at your option) any later version.
+* Clipperz is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
-* Clipperz Community Edition is distributed in the hope that it will
- be useful, but WITHOUT ANY WARRANTY; without even the implied
- warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+* Clipperz is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU Affero General Public License for more details.
* You should have received a copy of the GNU Affero General Public
- License along with Clipperz Community Edition. If not, see
- <http://www.gnu.org/licenses/>.
+ License along with Clipperz. If not, see http://www.gnu.org/licenses/.
*/
//try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) {
// throw "Clipperz.Crypto.ECC depends on Clipperz.ByteArray!";
//}
if (typeof(Clipperz.Crypto.ECC) == 'undefined') { Clipperz.Crypto.ECC = {}; }
if (typeof(Clipperz.Crypto.ECC.BinaryField) == 'undefined') { Clipperz.Crypto.ECC.BinaryField = {}; }
Clipperz.Crypto.ECC.BinaryField.Curve = function(args) {
args = args || {};
this._modulus = args.modulus;
this._a = args.a;
this._b = args.b;
this._G = args.G;
this._r = args.r;
this._h = args.h;
this._finiteField = null;
return this;
}
Clipperz.Crypto.ECC.BinaryField.Curve.prototype = MochiKit.Base.update(null, {
'asString': function() {
return "Clipperz.Crypto.ECC.BinaryField.Curve";
},
//-----------------------------------------------------------------------------
'modulus': function() {
return this._modulus;
},
'a': function() {
return this._a;
},
'b': function() {
return this._b;
},
'G': function() {
return this._G;
},
'r': function() {
return this._r;
},
'h': function() {
return this._h;
},
//-----------------------------------------------------------------------------
'finiteField': function() {
if (this._finiteField == null) {
this._finiteField = new Clipperz.Crypto.ECC.BinaryField.FiniteField({modulus:this.modulus()})
}
return this._finiteField;
},
//-----------------------------------------------------------------------------
'negate': function(aPointA) {
var result;
result = new Clipperz.Crypto.ECC.Point({x:aPointA.x(), y:this.finiteField().add(aPointA.y(), aPointA.x())})
return result;
},
//-----------------------------------------------------------------------------
'add': function(aPointA, aPointB) {
var result;
-//console.log(">>> ECC.BinaryField.Curve.add");
if (aPointA.isZero()) {
-//console.log("--- pointA == zero");
result = aPointB;
} else if (aPointB.isZero()) {
-//console.log("--- pointB == zero");
result = aPointA;
} else if ( (aPointA.x().compare(aPointB.x()) == 0) && ((aPointA.y().compare(aPointB.y()) != 0) || aPointB.x().isZero())) {
-//console.log("compare A.x - B.x: ", aPointA.x().compare(aPointB.x()));
-//console.log("compare A.y - B.y: ", (aPointA.y().compare(aPointB.y()) != 0));
-//console.log("compare B.x.isZero(): ", aPointB.x().isZero());
-
-//console.log("--- result = zero");
result = new Clipperz.Crypto.ECC.BinaryField.Point({x:Clipperz.Crypto.ECC.BinaryField.Value.O, y:Clipperz.Crypto.ECC.BinaryField.Value.O});
} else {
-//console.log("--- result = ELSE");
var f2m;
var x, y;
var lambda;
var aX, aY, bX, bY;
aX = aPointA.x()._value;
aY = aPointA.y()._value;
bX = aPointB.x()._value;
bY = aPointB.y()._value;
f2m = this.finiteField();
if (aPointA.x().compare(aPointB.x()) != 0) {
-//console.log(" a.x != b.x");
lambda = f2m._fastMultiply(
f2m._add(aY, bY),
f2m._inverse(f2m._add(aX, bX))
);
x = f2m._add(this.a()._value, f2m._square(lambda));
f2m._overwriteAdd(x, lambda);
f2m._overwriteAdd(x, aX);
f2m._overwriteAdd(x, bX);
} else {
-//console.log(" a.x == b.x");
lambda = f2m._add(bX, f2m._fastMultiply(bY, f2m._inverse(bX)));
-//console.log(" lambda: " + lambda.asString(16));
x = f2m._add(this.a()._value, f2m._square(lambda));
-//console.log(" x (step 1): " + x.asString(16));
f2m._overwriteAdd(x, lambda);
-//console.log(" x (step 2): " + x.asString(16));
}
y = f2m._fastMultiply(f2m._add(bX, x), lambda);
-//console.log(" y (step 1): " + y.asString(16));
f2m._overwriteAdd(y, x);
-//console.log(" y (step 2): " + y.asString(16));
f2m._overwriteAdd(y, bY);
-//console.log(" y (step 3): " + y.asString(16));
result = new Clipperz.Crypto.ECC.BinaryField.Point({x:new Clipperz.Crypto.ECC.BinaryField.Value(x), y:new Clipperz.Crypto.ECC.BinaryField.Value(y)})
}
-//console.log("<<< ECC.BinaryField.Curve.add");
return result;
},
//-----------------------------------------------------------------------------
'addTwice': function(aPointA) {
return this.add(aPointA, aPointA);
},
//-----------------------------------------------------------------------------
'overwriteAdd': function(aPointA, aPointB) {
if (aPointA.isZero()) {
// result = aPointB;
aPointA._x._value = aPointB._x._value;
aPointA._y._value = aPointB._y._value;
} else if (aPointB.isZero()) {
// result = aPointA;
} else if ( (aPointA.x().compare(aPointB.x()) == 0) && ((aPointA.y().compare(aPointB.y()) != 0) || aPointB.x().isZero())) {
// result = new Clipperz.Crypto.ECC.BinaryField.Point({x:Clipperz.Crypto.ECC.BinaryField.Value.O, y:Clipperz.Crypto.ECC.BinaryField.Value.O});
aPointA._x = Clipperz.Crypto.ECC.BinaryField.Value.O;
aPointA._y = Clipperz.Crypto.ECC.BinaryField.Value.O;
} else {
var f2m;
var x, y;
var lambda;
var aX, aY, bX, bY;
aX = aPointA.x()._value;
aY = aPointA.y()._value;
bX = aPointB.x()._value;
bY = aPointB.y()._value;
f2m = this.finiteField();
if (aPointA.x().compare(aPointB.x()) != 0) {
-//console.log(" a.x != b.x");
lambda = f2m._fastMultiply(
f2m._add(aY, bY),
f2m._inverse(f2m._add(aX, bX))
);
x = f2m._add(this.a()._value, f2m._square(lambda));
f2m._overwriteAdd(x, lambda);
f2m._overwriteAdd(x, aX);
f2m._overwriteAdd(x, bX);
} else {
-//console.log(" a.x == b.x");
lambda = f2m._add(bX, f2m._fastMultiply(bY, f2m._inverse(bX)));
-//console.log(" lambda: " + lambda.asString(16));
x = f2m._add(this.a()._value, f2m._square(lambda));
-//console.log(" x (step 1): " + x.asString(16));
f2m._overwriteAdd(x, lambda);
-//console.log(" x (step 2): " + x.asString(16));
}
y = f2m._fastMultiply(f2m._add(bX, x), lambda);
-//console.log(" y (step 1): " + y.asString(16));
f2m._overwriteAdd(y, x);
-//console.log(" y (step 2): " + y.asString(16));
f2m._overwriteAdd(y, bY);
-//console.log(" y (step 3): " + y.asString(16));
// result = new Clipperz.Crypto.ECC.BinaryField.Point({x:new Clipperz.Crypto.ECC.BinaryField.Value(x), y:new Clipperz.Crypto.ECC.BinaryField.Value(y)})
aPointA._x._value = x;
aPointA._y._value = y;
}
-//console.log("<<< ECC.BinaryField.Curve.add");
return result;
},
//-----------------------------------------------------------------------------
'multiply': function(aValue, aPoint) {
var result;
//console.profile();
result = new Clipperz.Crypto.ECC.BinaryField.Point({x:Clipperz.Crypto.ECC.BinaryField.Value.O, y:Clipperz.Crypto.ECC.BinaryField.Value.O});
if (aValue.isZero() == false) {
var k, Q;
var i;
var countIndex; countIndex = 0;
if (aValue.compare(Clipperz.Crypto.ECC.BinaryField.Value.O) > 0) {
k = aValue;
Q = aPoint;
} else {
-MochiKit.Logging.logError("The Clipperz.Crypto.ECC.BinaryFields.Value does not work with negative values!!!!");
+ Clipperz.logError("The Clipperz.Crypto.ECC.BinaryFields.Value does not work with negative values!!!!");
k = aValue.negate();
Q = this.negate(aPoint);
}
-//console.log("k: " + k.toString(16));
-//console.log("k.bitSize: " + k.bitSize());
for (i=k.bitSize()-1; i>=0; i--) {
result = this.add(result, result);
// this.overwriteAdd(result, result);
if (k.isBitSet(i)) {
result = this.add(result, Q);
// this.overwriteAdd(result, Q);
}
-// if (countIndex==100) {console.log("multiply.break"); break;} else countIndex++;
+// if (countIndex==100) {Clipperz.log("multiply.break"); break;} else countIndex++;
}
}
//console.profileEnd();
return result;
},
//-----------------------------------------------------------------------------
'deferredMultiply': function(aValue, aPoint) {
var deferredResult;
var result;
-MochiKit.Logging.logDebug(">>> deferredMultiply - value: " + aValue + ", point: " + aPoint);
+Clipperz.log(">>> deferredMultiply - value: " + aValue + ", point: " + aPoint);
//console.profile("ECC.Curve.multiply");
deferredResult = new MochiKit.Async.Deferred();
//deferredResult.addCallback(function(res) {console.profile("ECC.Curve.deferredMultiply"); return res;} );
-//deferredResult.addBoth(function(res) {MochiKit.Logging.logDebug("# 1: " + res); return res;});
+//deferredResult.addBoth(function(res) {Clipperz.logDebug("# 1: " + res); return res;});
result = new Clipperz.Crypto.ECC.BinaryField.Point({x:Clipperz.Crypto.ECC.BinaryField.Value.O, y:Clipperz.Crypto.ECC.BinaryField.Value.O});
-//deferredResult.addBoth(function(res) {MochiKit.Logging.logDebug("# 2: " + res); return res;});
+//deferredResult.addBoth(function(res) {Clipperz.logDebug("# 2: " + res); return res;});
if (aValue.isZero() == false) {
var k, Q;
var i;
var countIndex; countIndex = 0;
if (aValue.compare(Clipperz.Crypto.ECC.BinaryField.Value.O) > 0) {
k = aValue;
Q = aPoint;
} else {
-MochiKit.Logging.logError("The Clipperz.Crypto.ECC.BinaryFields.Value does not work with negative values!!!!");
+ Clipperz.logError("The Clipperz.Crypto.ECC.BinaryFields.Value does not work with negative values!!!!");
k = aValue.negate();
Q = this.negate(aPoint);
}
-//console.log("k: " + k.toString(16));
-//console.log("k.bitSize: " + k.bitSize());
-//deferredResult.addBoth(function(res) {MochiKit.Logging.logDebug("# 3: " + res); return res;});
for (i=k.bitSize()-1; i>=0; i--) {
-//MochiKit.Logging.logDebug("====> " + i);
-//deferredResult.addBoth(function(res) {MochiKit.Logging.logDebug("# 4 > i = " + i + ": " + res); return res;});
deferredResult.addMethod(this, "addTwice");
//# result = this.add(result, result);
// this.overwriteAdd(result, result);
if (k.isBitSet(i)) {
deferredResult.addMethod(this, "add", Q);
//# result = this.add(result, Q);
// this.overwriteAdd(result, Q);
}
if (i%20 == 0) {deferredResult.addCallback(MochiKit.Async.wait, 0.1);}
-
-// if (countIndex==100) {console.log("multiply.break"); break;} else countIndex++;
-//deferredResult.addBoth(function(res) {MochiKit.Logging.logDebug("# 4 < i = " + i + ": " + res); return res;});
}
-//deferredResult.addBoth(function(res) {MochiKit.Logging.logDebug("# 4: " + res); return res;});
}
//#console.profileEnd();
-//deferredResult.addBoth(function(res) {MochiKit.Logging.logDebug("# 5: " + res); return res;});
//deferredResult.addBoth(function(res) {console.profileEnd(); return res;});
-//deferredResult.addBoth(function(res) {MochiKit.Logging.logDebug("# 6: " + res); return res;});
deferredResult.callback(result);
//# return result;
return deferredResult;
},
//-----------------------------------------------------------------------------
__syntaxFix__: "syntax fix"
});
//#############################################################################
Clipperz.Crypto.ECC.StandardCurves = {};
MochiKit.Base.update(Clipperz.Crypto.ECC.StandardCurves, {
/*
'_K571': null,
'K571': function() {
if (Clipperz.Crypto.ECC.StandardCurves._K571 == null) {
Clipperz.Crypto.ECC.StandardCurves._K571 = new Clipperz.Crypto.ECC.BinaryField.Curve({
modulus: new Clipperz.Crypto.ECC.BinaryField.Value('08000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000425', 16),
a: new Clipperz.Crypto.ECC.BinaryField.Value('0', 16),
b: new Clipperz.Crypto.ECC.BinaryField.Value('1', 16),
G: new Clipperz.Crypto.ECC.BinaryField.Point({
x: new Clipperz.Crypto.ECC.BinaryField.Value('026eb7a8 59923fbc 82189631 f8103fe4 ac9ca297 0012d5d4 60248048 01841ca4 43709584 93b205e6 47da304d b4ceb08c bbd1ba39 494776fb 988b4717 4dca88c7 e2945283 a01c8972', 16),
y: new Clipperz.Crypto.ECC.BinaryField.Value('0349dc80 7f4fbf37 4f4aeade 3bca9531 4dd58cec 9f307a54 ffc61efc 006d8a2c 9d4979c0 ac44aea7 4fbebbb9 f772aedc b620b01a 7ba7af1b 320430c8 591984f6 01cd4c14 3ef1c7a3', 16)
}),
r: new Clipperz.Crypto.ECC.BinaryField.Value('02000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 131850e1 f19a63e4 b391a8db 917f4138 b630d84b e5d63938 1e91deb4 5cfe778f 637c1001', 16),
h: new Clipperz.Crypto.ECC.BinaryField.Value('4', 16)
});
}
return Clipperz.Crypto.ECC.StandardCurves._K571;
},
'_K283': null,
'K283': function() { // f(z) = z^283 + z^12 + z^7 + z^5 + 1
if (Clipperz.Crypto.ECC.StandardCurves._K283 == null) {
Clipperz.Crypto.ECC.StandardCurves._K283 = new Clipperz.Crypto.ECC.BinaryField.Curve({
modulus: new Clipperz.Crypto.ECC.BinaryField.Value('08000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 000010a1', 16),
a: new Clipperz.Crypto.ECC.BinaryField.Value('0', 16),
b: new Clipperz.Crypto.ECC.BinaryField.Value('1', 16),
G: new Clipperz.Crypto.ECC.BinaryField.Point({
x: new Clipperz.Crypto.ECC.BinaryField.Value('0503213f 78ca4488 3f1a3b81 62f188e5 53cd265f 23c1567a 16876913 b0c2ac24 58492836', 16),
y: new Clipperz.Crypto.ECC.BinaryField.Value('01ccda38 0f1c9e31 8d90f95d 07e5426f e87e45c0 e8184698 e4596236 4e341161 77dd2259', 16)
}),
r: new Clipperz.Crypto.ECC.BinaryField.Value('01ffffff ffffffff ffffffff ffffffff ffffe9ae 2ed07577 265dff7f 94451e06 1e163c61', 16),
h: new Clipperz.Crypto.ECC.BinaryField.Value('4', 16)
});
}
return Clipperz.Crypto.ECC.StandardCurves._K283;
},
*/
//-----------------------------------------------------------------------------
'_B571': null,
'B571': function() { // f(z) = z^571 + z^10 + z^5 + z^2 + 1
if (Clipperz.Crypto.ECC.StandardCurves._B571 == null) {
Clipperz.Crypto.ECC.StandardCurves._B571 = new Clipperz.Crypto.ECC.BinaryField.Curve({
modulus: new Clipperz.Crypto.ECC.BinaryField.Value('80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425', 16),
a: new Clipperz.Crypto.ECC.BinaryField.Value('1', 16),
b: new Clipperz.Crypto.ECC.BinaryField.Value('02f40e7e2221f295de297117b7f3d62f5c6a97ffcb8ceff1cd6ba8ce4a9a18ad84ffabbd8efa59332be7ad6756a66e294afd185a78ff12aa520e4de739baca0c7ffeff7f2955727a', 16),
G: new Clipperz.Crypto.ECC.BinaryField.Point({
x: new Clipperz.Crypto.ECC.BinaryField.Value('0303001d 34b85629 6c16c0d4 0d3cd775 0a93d1d2 955fa80a a5f40fc8 db7b2abd bde53950 f4c0d293 cdd711a3 5b67fb14 99ae6003 8614f139 4abfa3b4 c850d927 e1e7769c 8eec2d19', 16),
y: new Clipperz.Crypto.ECC.BinaryField.Value('037bf273 42da639b 6dccfffe b73d69d7 8c6c27a6 009cbbca 1980f853 3921e8a6 84423e43 bab08a57 6291af8f 461bb2a8 b3531d2f 0485c19b 16e2f151 6e23dd3c 1a4827af 1b8ac15b', 16)
}),
r: new Clipperz.Crypto.ECC.BinaryField.Value('03ffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff e661ce18 ff559873 08059b18 6823851e c7dd9ca1 161de93d 5174d66e 8382e9bb 2fe84e47', 16),
h: new Clipperz.Crypto.ECC.BinaryField.Value('2', 16)
// S: new Clipperz.Crypto.ECC.BinaryField.Value('2aa058f73a0e33ab486b0f610410c53a7f132310', 10),
// n: new Clipperz.Crypto.ECC.BinaryField.Value('03ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe661ce18ff55987308059b186823851ec7dd9ca1161de93d5174d66e8382e9bb2fe84e47', 16)
});
//-----------------------------------------------------------------------------
//
// Guide to Elliptic Curve Cryptography
// Darrel Hankerson, Alfred Menezes, Scott Vanstone
// - Pag: 56, Alorithm 2.45 (with a typo!!!)
//
//-----------------------------------------------------------------------------
//
// http://www.milw0rm.com/papers/136
//
// -------------------------------------------------------------------------
// Polynomial Reduction Algorithm Modulo f571
// -------------------------------------------------------------------------
//
// Input: Polynomial p(x) of degree 1140 or less, stored as
// an array of 2T machinewords.
// Output: p(x) mod f571(x)
//
// FOR i = T-1, ..., 0 DO
// SET X := P[i+T]
// P[i] := P[i] ^ (X<<5) ^ (X<<7) ^ (X<<10) ^ (X<<15)
// P[i+1] := P[i+1] ^ (X>>17) ^ (X>>22) ^ (X>>25) ^ (X>>27)
//
// SET X := P[T-1] >> 27
// P[0] := P[0] ^ X ^ (X<<2) ^ (X<<5) ^ (X<<10)
// P[T-1] := P[T-1] & 0x07ffffff
//
// RETURN P[T-1],...,P[0]
//
// -------------------------------------------------------------------------
//
Clipperz.Crypto.ECC.StandardCurves._B571.finiteField().slowModule = Clipperz.Crypto.ECC.StandardCurves._B571.finiteField().module;
Clipperz.Crypto.ECC.StandardCurves._B571.finiteField().module = function(aValue) {
var result;
if (aValue.bitSize() > 1140) {
- MochiKit.Logging.logWarning("ECC.StandarCurves.B571.finiteField().module: falling back to default implementation");
+ Clipperz.logWarning("ECC.StandarCurves.B571.finiteField().module: falling back to default implementation");
result = Clipperz.Crypto.ECC.StandardCurves._B571.finiteField().slowModule(aValue);
} else {
var C, T;
var i;
-//console.log(">>> binaryField.finiteField.(improved)module");
-// C = aValue.value().slice(0);
C = aValue._value.slice(0);
for (i=35; i>=18; i--) {
T = C[i];
C[i-18] = (((C[i-18] ^ (T<<5) ^ (T<<7) ^ (T<<10) ^ (T<<15)) & 0xffffffff) >>> 0);
C[i-17] = ((C[i-17] ^ (T>>>27) ^ (T>>>25) ^ (T>>>22) ^ (T>>>17)) >>> 0);
}
T = (C[17] >>> 27);
C[0] = ((C[0] ^ T ^ ((T<<2) ^ (T<<5) ^ (T<<10)) & 0xffffffff) >>> 0);
C[17] = (C[17] & 0x07ffffff);
for(i=18; i<=35; i++) {
C[i] = 0;
}
result = new Clipperz.Crypto.ECC.BinaryField.Value(C);
-//console.log("<<< binaryField.finiteField.(improved)module");
}
return result;
};
}
return Clipperz.Crypto.ECC.StandardCurves._B571;
},
//-----------------------------------------------------------------------------
'_B283': null,
'B283': function() { // f(z) = z^283 + z^12 + z^7 + z^5 + 1
if (Clipperz.Crypto.ECC.StandardCurves._B283 == null) {
Clipperz.Crypto.ECC.StandardCurves._B283 = new Clipperz.Crypto.ECC.BinaryField.Curve({
// modulus: new Clipperz.Crypto.ECC.BinaryField.Value('10000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 000010a1', 16),
modulus: new Clipperz.Crypto.ECC.BinaryField.Value('08000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 000010a1', 16),
a: new Clipperz.Crypto.ECC.BinaryField.Value('1', 16),
b: new Clipperz.Crypto.ECC.BinaryField.Value('027b680a c8b8596d a5a4af8a 19a0303f ca97fd76 45309fa2 a581485a f6263e31 3b79a2f5', 16),
G: new Clipperz.Crypto.ECC.BinaryField.Point({
x: new Clipperz.Crypto.ECC.BinaryField.Value('05f93925 8db7dd90 e1934f8c 70b0dfec 2eed25b8 557eac9c 80e2e198 f8cdbecd 86b12053', 16),
y: new Clipperz.Crypto.ECC.BinaryField.Value('03676854 fe24141c b98fe6d4 b20d02b4 516ff702 350eddb0 826779c8 13f0df45 be8112f4', 16)
}),
r: new Clipperz.Crypto.ECC.BinaryField.Value('03ffffff ffffffff ffffffff ffffffff ffffef90 399660fc 938a9016 5b042a7c efadb307', 16),
h: new Clipperz.Crypto.ECC.BinaryField.Value('2', 16)
// S: new Clipperz.Crypto.ECC.BinaryField.Value('2aa058f73a0e33ab486b0f610410c53a7f132310', 10),
// n: new Clipperz.Crypto.ECC.BinaryField.Value('03ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe661ce18ff55987308059b186823851ec7dd9ca1161de93d5174d66e8382e9bb2fe84e47', 16)
});
//-----------------------------------------------------------------------------
//
// Guide to Elliptic Curve Cryptography
// Darrel Hankerson, Alfred Menezes, Scott Vanstone
// - Pag: 56, Alorithm 2.43
//
//-----------------------------------------------------------------------------
Clipperz.Crypto.ECC.StandardCurves._B283.finiteField().slowModule = Clipperz.Crypto.ECC.StandardCurves._B283.finiteField().module;
Clipperz.Crypto.ECC.StandardCurves._B283.finiteField().module = function(aValue) {
var result;
if (aValue.bitSize() > 564) {
- MochiKit.Logging.logWarning("ECC.StandarCurves.B283.finiteField().module: falling back to default implementation");
+ Clipperz.logWarning("ECC.StandarCurves.B283.finiteField().module: falling back to default implementation");
result = Clipperz.Crypto.ECC.StandardCurves._B283.finiteField().slowModule(aValue);
} else {
var C, T;
var i;
-//console.log(">>> binaryField.finiteField.(improved)module");
C = aValue._value.slice(0);
for (i=17; i>=9; i--) {
T = C[i];
C[i-9] = (((C[i-9] ^ (T<<5) ^ (T<<10) ^ (T<<12) ^ (T<<17)) & 0xffffffff) >>> 0);
C[i-8] = ((C[i-8] ^ (T>>>27) ^ (T>>>22) ^ (T>>>20) ^ (T>>>15)) >>> 0);
}
T = (C[8] >>> 27);
C[0] = ((C[0] ^ T ^ ((T<<5) ^ (T<<7) ^ (T<<12)) & 0xffffffff) >>> 0);
C[8] = (C[8] & 0x07ffffff);
for(i=9; i<=17; i++) {
C[i] = 0;
}
result = new Clipperz.Crypto.ECC.BinaryField.Value(C);
-//console.log("<<< binaryField.finiteField.(improved)module");
}
return result;
};
}
return Clipperz.Crypto.ECC.StandardCurves._B283;
},
//-----------------------------------------------------------------------------
__syntaxFix__: "syntax fix"
});
//#############################################################################
diff --git a/frontend/gamma/js/Clipperz/Crypto/ECC/BinaryField/FiniteField.js b/frontend/gamma/js/Clipperz/Crypto/ECC/BinaryField/FiniteField.js
index 56f257a..7b7c2c6 100644
--- a/frontend/gamma/js/Clipperz/Crypto/ECC/BinaryField/FiniteField.js
+++ b/frontend/gamma/js/Clipperz/Crypto/ECC/BinaryField/FiniteField.js
@@ -1,462 +1,458 @@
/*
-Copyright 2008-2011 Clipperz Srl
+Copyright 2008-2013 Clipperz Srl
-This file is part of Clipperz Community Edition.
-Clipperz Community Edition is an online password manager.
+This file is part of Clipperz, the online password manager.
For further information about its features and functionalities please
refer to http://www.clipperz.com.
-* Clipperz Community Edition is free software: you can redistribute
- it and/or modify it under the terms of the GNU Affero General Public
- License as published by the Free Software Foundation, either version
- 3 of the License, or (at your option) any later version.
+* Clipperz is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
-* Clipperz Community Edition is distributed in the hope that it will
- be useful, but WITHOUT ANY WARRANTY; without even the implied
- warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+* Clipperz is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU Affero General Public License for more details.
* You should have received a copy of the GNU Affero General Public
- License along with Clipperz Community Edition. If not, see
- <http://www.gnu.org/licenses/>.
+ License along with Clipperz. If not, see http://www.gnu.org/licenses/.
*/
//try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) {
// throw "Clipperz.Crypto.ECC depends on Clipperz.ByteArray!";
//}
if (typeof(Clipperz.Crypto.ECC) == 'undefined') { Clipperz.Crypto.ECC = {}; }
if (typeof(Clipperz.Crypto.ECC.BinaryField) == 'undefined') { Clipperz.Crypto.ECC.BinaryField = {}; }
Clipperz.Crypto.ECC.BinaryField.FiniteField = function(args) {
args = args || {};
this._modulus = args.modulus;
return this;
}
Clipperz.Crypto.ECC.BinaryField.FiniteField.prototype = MochiKit.Base.update(null, {
'asString': function() {
return "Clipperz.Crypto.ECC.BinaryField.FiniteField (" + this.modulus().asString() + ")";
},
//-----------------------------------------------------------------------------
'modulus': function() {
return this._modulus;
},
//-----------------------------------------------------------------------------
'_module': function(aValue) {
var result;
var modulusComparison;
-//console.log(">>> binaryField.finiteField.(standard)module");
modulusComparison = Clipperz.Crypto.ECC.BinaryField.Value._compare(aValue, this.modulus()._value);
if (modulusComparison < 0) {
result = aValue;
} else if (modulusComparison == 0) {
result = [0];
} else {
var modulusBitSize;
var resultBitSize;
result = aValue;
modulusBitSize = this.modulus().bitSize();
resultBitSize = Clipperz.Crypto.ECC.BinaryField.Value._bitSize(result);
while (resultBitSize >= modulusBitSize) {
Clipperz.Crypto.ECC.BinaryField.Value._overwriteXor(result, Clipperz.Crypto.ECC.BinaryField.Value._shiftLeft(this.modulus()._value, resultBitSize - modulusBitSize));
resultBitSize = Clipperz.Crypto.ECC.BinaryField.Value._bitSize(result);
}
}
-//console.log("<<< binaryField.finiteField.(standard)module");
-
+
return result;
},
'module': function(aValue) {
return new Clipperz.Crypto.ECC.BinaryField.Value(this._module(aValue._value.slice(0)));
},
//-----------------------------------------------------------------------------
'_add': function(a, b) {
return Clipperz.Crypto.ECC.BinaryField.Value._xor(a, b);
},
'_overwriteAdd': function(a, b) {
Clipperz.Crypto.ECC.BinaryField.Value._overwriteXor(a, b);
},
'add': function(a, b) {
return new Clipperz.Crypto.ECC.BinaryField.Value(this._add(a._value, b._value));
},
//-----------------------------------------------------------------------------
'negate': function(aValue) {
return aValue.clone();
},
//-----------------------------------------------------------------------------
'_multiply': function(a, b) {
var result;
var valueToXor;
var i,c;
result = [0];
valueToXor = b;
c = Clipperz.Crypto.ECC.BinaryField.Value._bitSize(a);
for (i=0; i<c; i++) {
if (Clipperz.Crypto.ECC.BinaryField.Value._isBitSet(a, i) === true) {
Clipperz.Crypto.ECC.BinaryField.Value._overwriteXor(result, valueToXor);
}
valueToXor = Clipperz.Crypto.ECC.BinaryField.Value._overwriteShiftLeft(valueToXor, 1);
}
result = this._module(result);
return result;
},
'multiply': function(a, b) {
return new Clipperz.Crypto.ECC.BinaryField.Value(this._multiply(a._value, b._value));
},
//-----------------------------------------------------------------------------
'_fastMultiply': function(a, b) {
var result;
var B;
var i,c;
result = [0];
B = b.slice(0); // Is this array copy avoidable?
c = 32;
for (i=0; i<c; i++) {
var ii, cc;
cc = a.length;
for (ii=0; ii<cc; ii++) {
if (((a[ii] >>> i) & 0x01) == 1) {
Clipperz.Crypto.ECC.BinaryField.Value._overwriteXor(result, B, ii);
}
}
if (i < (c-1)) {
B = Clipperz.Crypto.ECC.BinaryField.Value._overwriteShiftLeft(B, 1);
}
}
result = this._module(result);
return result;
},
'fastMultiply': function(a, b) {
return new Clipperz.Crypto.ECC.BinaryField.Value(this._fastMultiply(a._value, b._value));
},
//-----------------------------------------------------------------------------
//
// Guide to Elliptic Curve Cryptography
// Darrel Hankerson, Alfred Menezes, Scott Vanstone
// - Pag: 49, Alorithm 2.34
//
//-----------------------------------------------------------------------------
'_square': function(aValue) {
var result;
var value;
var c,i;
var precomputedValues;
value = aValue;
result = new Array(value.length * 2);
precomputedValues = Clipperz.Crypto.ECC.BinaryField.FiniteField.squarePrecomputedBytes;
c = value.length;
for (i=0; i<c; i++) {
result[i*2] = precomputedValues[(value[i] & 0x000000ff)];
result[i*2] |= ((precomputedValues[(value[i] & 0x0000ff00) >>> 8]) << 16);
result[i*2 + 1] = precomputedValues[(value[i] & 0x00ff0000) >>> 16];
result[i*2 + 1] |= ((precomputedValues[(value[i] & 0xff000000) >>> 24]) << 16);
}
return this._module(result);
},
'square': function(aValue) {
return new Clipperz.Crypto.ECC.BinaryField.Value(this._square(aValue._value));
},
//-----------------------------------------------------------------------------
'_inverse': function(aValue) {
var result;
var b, c;
var u, v;
// b = Clipperz.Crypto.ECC.BinaryField.Value.I._value;
b = [1];
// c = Clipperz.Crypto.ECC.BinaryField.Value.O._value;
c = [0];
u = this._module(aValue);
v = this.modulus()._value.slice(0);
while (Clipperz.Crypto.ECC.BinaryField.Value._bitSize(u) > 1) {
var bitDifferenceSize;
bitDifferenceSize = Clipperz.Crypto.ECC.BinaryField.Value._bitSize(u) - Clipperz.Crypto.ECC.BinaryField.Value._bitSize(v);
if (bitDifferenceSize < 0) {
var swap;
swap = u;
u = v;
v = swap;
swap = c;
c = b;
b = swap;
bitDifferenceSize = -bitDifferenceSize;
}
u = this._add(u, Clipperz.Crypto.ECC.BinaryField.Value._shiftLeft(v, bitDifferenceSize));
b = this._add(b, Clipperz.Crypto.ECC.BinaryField.Value._shiftLeft(c, bitDifferenceSize));
// this._overwriteAdd(u, Clipperz.Crypto.ECC.BinaryField.Value._shiftLeft(v, bitDifferenceSize));
// this._overwriteAdd(b, Clipperz.Crypto.ECC.BinaryField.Value._shiftLeft(c, bitDifferenceSize));
}
result = this._module(b);
return result;
},
'inverse': function(aValue) {
return new Clipperz.Crypto.ECC.BinaryField.Value(this._inverse(aValue._value));
},
//-----------------------------------------------------------------------------
__syntaxFix__: "syntax fix"
});
Clipperz.Crypto.ECC.BinaryField.FiniteField.squarePrecomputedBytes = [
0x0000, // 0 = 0000 0000 -> 0000 0000 0000 0000
0x0001, // 1 = 0000 0001 -> 0000 0000 0000 0001
0x0004, // 2 = 0000 0010 -> 0000 0000 0000 0100
0x0005, // 3 = 0000 0011 -> 0000 0000 0000 0101
0x0010, // 4 = 0000 0100 -> 0000 0000 0001 0000
0x0011, // 5 = 0000 0101 -> 0000 0000 0001 0001
0x0014, // 6 = 0000 0110 -> 0000 0000 0001 0100
0x0015, // 7 = 0000 0111 -> 0000 0000 0001 0101
0x0040, // 8 = 0000 1000 -> 0000 0000 0100 0000
0x0041, // 9 = 0000 1001 -> 0000 0000 0100 0001
0x0044, // 10 = 0000 1010 -> 0000 0000 0100 0100
0x0045, // 11 = 0000 1011 -> 0000 0000 0100 0101
0x0050, // 12 = 0000 1100 -> 0000 0000 0101 0000
0x0051, // 13 = 0000 1101 -> 0000 0000 0101 0001
0x0054, // 14 = 0000 1110 -> 0000 0000 0101 0100
0x0055, // 15 = 0000 1111 -> 0000 0000 0101 0101
0x0100, // 16 = 0001 0000 -> 0000 0001 0000 0000
0x0101, // 17 = 0001 0001 -> 0000 0001 0000 0001
0x0104, // 18 = 0001 0010 -> 0000 0001 0000 0100
0x0105, // 19 = 0001 0011 -> 0000 0001 0000 0101
0x0110, // 20 = 0001 0100 -> 0000 0001 0001 0000
0x0111, // 21 = 0001 0101 -> 0000 0001 0001 0001
0x0114, // 22 = 0001 0110 -> 0000 0001 0001 0100
0x0115, // 23 = 0001 0111 -> 0000 0001 0001 0101
0x0140, // 24 = 0001 1000 -> 0000 0001 0100 0000
0x0141, // 25 = 0001 1001 -> 0000 0001 0100 0001
0x0144, // 26 = 0001 1010 -> 0000 0001 0100 0100
0x0145, // 27 = 0001 1011 -> 0000 0001 0100 0101
0x0150, // 28 = 0001 1100 -> 0000 0001 0101 0000
0x0151, // 28 = 0001 1101 -> 0000 0001 0101 0001
0x0154, // 30 = 0001 1110 -> 0000 0001 0101 0100
0x0155, // 31 = 0001 1111 -> 0000 0001 0101 0101
0x0400, // 32 = 0010 0000 -> 0000 0100 0000 0000
0x0401, // 33 = 0010 0001 -> 0000 0100 0000 0001
0x0404, // 34 = 0010 0010 -> 0000 0100 0000 0100
0x0405, // 35 = 0010 0011 -> 0000 0100 0000 0101
0x0410, // 36 = 0010 0100 -> 0000 0100 0001 0000
0x0411, // 37 = 0010 0101 -> 0000 0100 0001 0001
0x0414, // 38 = 0010 0110 -> 0000 0100 0001 0100
0x0415, // 39 = 0010 0111 -> 0000 0100 0001 0101
0x0440, // 40 = 0010 1000 -> 0000 0100 0100 0000
0x0441, // 41 = 0010 1001 -> 0000 0100 0100 0001
0x0444, // 42 = 0010 1010 -> 0000 0100 0100 0100
0x0445, // 43 = 0010 1011 -> 0000 0100 0100 0101
0x0450, // 44 = 0010 1100 -> 0000 0100 0101 0000
0x0451, // 45 = 0010 1101 -> 0000 0100 0101 0001
0x0454, // 46 = 0010 1110 -> 0000 0100 0101 0100
0x0455, // 47 = 0010 1111 -> 0000 0100 0101 0101
0x0500, // 48 = 0011 0000 -> 0000 0101 0000 0000
0x0501, // 49 = 0011 0001 -> 0000 0101 0000 0001
0x0504, // 50 = 0011 0010 -> 0000 0101 0000 0100
0x0505, // 51 = 0011 0011 -> 0000 0101 0000 0101
0x0510, // 52 = 0011 0100 -> 0000 0101 0001 0000
0x0511, // 53 = 0011 0101 -> 0000 0101 0001 0001
0x0514, // 54 = 0011 0110 -> 0000 0101 0001 0100
0x0515, // 55 = 0011 0111 -> 0000 0101 0001 0101
0x0540, // 56 = 0011 1000 -> 0000 0101 0100 0000
0x0541, // 57 = 0011 1001 -> 0000 0101 0100 0001
0x0544, // 58 = 0011 1010 -> 0000 0101 0100 0100
0x0545, // 59 = 0011 1011 -> 0000 0101 0100 0101
0x0550, // 60 = 0011 1100 -> 0000 0101 0101 0000
0x0551, // 61 = 0011 1101 -> 0000 0101 0101 0001
0x0554, // 62 = 0011 1110 -> 0000 0101 0101 0100
0x0555, // 63 = 0011 1111 -> 0000 0101 0101 0101
0x1000, // 64 = 0100 0000 -> 0001 0000 0000 0000
0x1001, // 65 = 0100 0001 -> 0001 0000 0000 0001
0x1004, // 66 = 0100 0010 -> 0001 0000 0000 0100
0x1005, // 67 = 0100 0011 -> 0001 0000 0000 0101
0x1010, // 68 = 0100 0100 -> 0001 0000 0001 0000
0x1011, // 69 = 0100 0101 -> 0001 0000 0001 0001
0x1014, // 70 = 0100 0110 -> 0001 0000 0001 0100
0x1015, // 71 = 0100 0111 -> 0001 0000 0001 0101
0x1040, // 72 = 0100 1000 -> 0001 0000 0100 0000
0x1041, // 73 = 0100 1001 -> 0001 0000 0100 0001
0x1044, // 74 = 0100 1010 -> 0001 0000 0100 0100
0x1045, // 75 = 0100 1011 -> 0001 0000 0100 0101
0x1050, // 76 = 0100 1100 -> 0001 0000 0101 0000
0x1051, // 77 = 0100 1101 -> 0001 0000 0101 0001
0x1054, // 78 = 0100 1110 -> 0001 0000 0101 0100
0x1055, // 79 = 0100 1111 -> 0001 0000 0101 0101
0x1100, // 80 = 0101 0000 -> 0001 0001 0000 0000
0x1101, // 81 = 0101 0001 -> 0001 0001 0000 0001
0x1104, // 82 = 0101 0010 -> 0001 0001 0000 0100
0x1105, // 83 = 0101 0011 -> 0001 0001 0000 0101
0x1110, // 84 = 0101 0100 -> 0001 0001 0001 0000
0x1111, // 85 = 0101 0101 -> 0001 0001 0001 0001
0x1114, // 86 = 0101 0110 -> 0001 0001 0001 0100
0x1115, // 87 = 0101 0111 -> 0001 0001 0001 0101
0x1140, // 88 = 0101 1000 -> 0001 0001 0100 0000
0x1141, // 89 = 0101 1001 -> 0001 0001 0100 0001
0x1144, // 90 = 0101 1010 -> 0001 0001 0100 0100
0x1145, // 91 = 0101 1011 -> 0001 0001 0100 0101
0x1150, // 92 = 0101 1100 -> 0001 0001 0101 0000
0x1151, // 93 = 0101 1101 -> 0001 0001 0101 0001
0x1154, // 94 = 0101 1110 -> 0001 0001 0101 0100
0x1155, // 95 = 0101 1111 -> 0001 0001 0101 0101
0x1400, // 96 = 0110 0000 -> 0001 0100 0000 0000
0x1401, // 97 = 0110 0001 -> 0001 0100 0000 0001
0x1404, // 98 = 0110 0010 -> 0001 0100 0000 0100
0x1405, // 99 = 0110 0011 -> 0001 0100 0000 0101
0x1410, // 100 = 0110 0100 -> 0001 0100 0001 0000
0x1411, // 101 = 0110 0101 -> 0001 0100 0001 0001
0x1414, // 102 = 0110 0110 -> 0001 0100 0001 0100
0x1415, // 103 = 0110 0111 -> 0001 0100 0001 0101
0x1440, // 104 = 0110 1000 -> 0001 0100 0100 0000
0x1441, // 105 = 0110 1001 -> 0001 0100 0100 0001
0x1444, // 106 = 0110 1010 -> 0001 0100 0100 0100
0x1445, // 107 = 0110 1011 -> 0001 0100 0100 0101
0x1450, // 108 = 0110 1100 -> 0001 0100 0101 0000
0x1451, // 109 = 0110 1101 -> 0001 0100 0101 0001
0x1454, // 110 = 0110 1110 -> 0001 0100 0101 0100
0x1455, // 111 = 0110 1111 -> 0001 0100 0101 0101
0x1500, // 112 = 0111 0000 -> 0001 0101 0000 0000
0x1501, // 113 = 0111 0001 -> 0001 0101 0000 0001
0x1504, // 114 = 0111 0010 -> 0001 0101 0000 0100
0x1505, // 115 = 0111 0011 -> 0001 0101 0000 0101
0x1510, // 116 = 0111 0100 -> 0001 0101 0001 0000
0x1511, // 117 = 0111 0101 -> 0001 0101 0001 0001
0x1514, // 118 = 0111 0110 -> 0001 0101 0001 0100
0x1515, // 119 = 0111 0111 -> 0001 0101 0001 0101
0x1540, // 120 = 0111 1000 -> 0001 0101 0100 0000
0x1541, // 121 = 0111 1001 -> 0001 0101 0100 0001
0x1544, // 122 = 0111 1010 -> 0001 0101 0100 0100
0x1545, // 123 = 0111 1011 -> 0001 0101 0100 0101
0x1550, // 124 = 0111 1100 -> 0001 0101 0101 0000
0x1551, // 125 = 0111 1101 -> 0001 0101 0101 0001
0x1554, // 126 = 0111 1110 -> 0001 0101 0101 0100
0x1555, // 127 = 0111 1111 -> 0001 0101 0101 0101
0x4000, // 128 = 1000 0000 -> 0100 0000 0000 0000
0x4001, // 129 = 1000 0001 -> 0100 0000 0000 0001
0x4004, // 130 = 1000 0010 -> 0100 0000 0000 0100
0x4005, // 131 = 1000 0011 -> 0100 0000 0000 0101
0x4010, // 132 = 1000 0100 -> 0100 0000 0001 0000
0x4011, // 133 = 1000 0101 -> 0100 0000 0001 0001
0x4014, // 134 = 1000 0110 -> 0100 0000 0001 0100
0x4015, // 135 = 1000 0111 -> 0100 0000 0001 0101
0x4040, // 136 = 1000 1000 -> 0100 0000 0100 0000
0x4041, // 137 = 1000 1001 -> 0100 0000 0100 0001
0x4044, // 138 = 1000 1010 -> 0100 0000 0100 0100
0x4045, // 139 = 1000 1011 -> 0100 0000 0100 0101
0x4050, // 140 = 1000 1100 -> 0100 0000 0101 0000
0x4051, // 141 = 1000 1101 -> 0100 0000 0101 0001
0x4054, // 142 = 1000 1110 -> 0100 0000 0101 0100
0x4055, // 143 = 1000 1111 -> 0100 0000 0101 0101
0x4100, // 144 = 1001 0000 -> 0100 0001 0000 0000
0x4101, // 145 = 1001 0001 -> 0100 0001 0000 0001
0x4104, // 146 = 1001 0010 -> 0100 0001 0000 0100
0x4105, // 147 = 1001 0011 -> 0100 0001 0000 0101
0x4110, // 148 = 1001 0100 -> 0100 0001 0001 0000
0x4111, // 149 = 1001 0101 -> 0100 0001 0001 0001
0x4114, // 150 = 1001 0110 -> 0100 0001 0001 0100
0x4115, // 151 = 1001 0111 -> 0100 0001 0001 0101
0x4140, // 152 = 1001 1000 -> 0100 0001 0100 0000
0x4141, // 153 = 1001 1001 -> 0100 0001 0100 0001
0x4144, // 154 = 1001 1010 -> 0100 0001 0100 0100
0x4145, // 155 = 1001 1011 -> 0100 0001 0100 0101
0x4150, // 156 = 1001 1100 -> 0100 0001 0101 0000
0x4151, // 157 = 1001 1101 -> 0100 0001 0101 0001
0x4154, // 158 = 1001 1110 -> 0100 0001 0101 0100
0x4155, // 159 = 1001 1111 -> 0100 0001 0101 0101
0x4400, // 160 = 1010 0000 -> 0100 0100 0000 0000
0x4401, // 161 = 1010 0001 -> 0100 0100 0000 0001
0x4404, // 162 = 1010 0010 -> 0100 0100 0000 0100
0x4405, // 163 = 1010 0011 -> 0100 0100 0000 0101
0x4410, // 164 = 1010 0100 -> 0100 0100 0001 0000
0x4411, // 165 = 1010 0101 -> 0100 0100 0001 0001
0x4414, // 166 = 1010 0110 -> 0100 0100 0001 0100
0x4415, // 167 = 1010 0111 -> 0100 0100 0001 0101
0x4440, // 168 = 1010 1000 -> 0100 0100 0100 0000
0x4441, // 169 = 1010 1001 -> 0100 0100 0100 0001
0x4444, // 170 = 1010 1010 -> 0100 0100 0100 0100
0x4445, // 171 = 1010 1011 -> 0100 0100 0100 0101
0x4450, // 172 = 1010 1100 -> 0100 0100 0101 0000
0x4451, // 173 = 1010 1101 -> 0100 0100 0101 0001
0x4454, // 174 = 1010 1110 -> 0100 0100 0101 0100
0x4455, // 175 = 1010 1111 -> 0100 0100 0101 0101
0x4500, // 176 = 1011 0000 -> 0100 0101 0000 0000
0x4501, // 177 = 1011 0001 -> 0100 0101 0000 0001
0x4504, // 178 = 1011 0010 -> 0100 0101 0000 0100
0x4505, // 179 = 1011 0011 -> 0100 0101 0000 0101
0x4510, // 180 = 1011 0100 -> 0100 0101 0001 0000
0x4511, // 181 = 1011 0101 -> 0100 0101 0001 0001
0x4514, // 182 = 1011 0110 -> 0100 0101 0001 0100
0x4515, // 183 = 1011 0111 -> 0100 0101 0001 0101
0x4540, // 184 = 1011 1000 -> 0100 0101 0100 0000
0x4541, // 185 = 1011 1001 -> 0100 0101 0100 0001
0x4544, // 186 = 1011 1010 -> 0100 0101 0100 0100
0x4545, // 187 = 1011 1011 -> 0100 0101 0100 0101
0x4550, // 188 = 1011 1100 -> 0100 0101 0101 0000
0x4551, // 189 = 1011 1101 -> 0100 0101 0101 0001
0x4554, // 190 = 1011 1110 -> 0100 0101 0101 0100
0x4555, // 191 = 1011 1111 -> 0100 0101 0101 0101
0x5000, // 192 = 1100 0000 -> 0101 0000 0000 0000
0x5001, // 193 = 1100 0001 -> 0101 0000 0000 0001
0x5004, // 194 = 1100 0010 -> 0101 0000 0000 0100
0x5005, // 195 = 1100 0011 -> 0101 0000 0000 0101
0x5010, // 196 = 1100 0100 -> 0101 0000 0001 0000
0x5011, // 197 = 1100 0101 -> 0101 0000 0001 0001
0x5014, // 198 = 1100 0110 -> 0101 0000 0001 0100
0x5015, // 199 = 1100 0111 -> 0101 0000 0001 0101
diff --git a/frontend/gamma/js/Clipperz/Crypto/ECC/BinaryField/Point.js b/frontend/gamma/js/Clipperz/Crypto/ECC/BinaryField/Point.js
index ffe287b..fef3220 100644
--- a/frontend/gamma/js/Clipperz/Crypto/ECC/BinaryField/Point.js
+++ b/frontend/gamma/js/Clipperz/Crypto/ECC/BinaryField/Point.js
@@ -1,64 +1,62 @@
/*
-Copyright 2008-2011 Clipperz Srl
+Copyright 2008-2013 Clipperz Srl
-This file is part of Clipperz Community Edition.
-Clipperz Community Edition is an online password manager.
+This file is part of Clipperz, the online password manager.
For further information about its features and functionalities please
refer to http://www.clipperz.com.
-* Clipperz Community Edition is free software: you can redistribute
- it and/or modify it under the terms of the GNU Affero General Public
- License as published by the Free Software Foundation, either version
- 3 of the License, or (at your option) any later version.
+* Clipperz is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
-* Clipperz Community Edition is distributed in the hope that it will
- be useful, but WITHOUT ANY WARRANTY; without even the implied
- warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+* Clipperz is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU Affero General Public License for more details.
* You should have received a copy of the GNU Affero General Public
- License along with Clipperz Community Edition. If not, see
- <http://www.gnu.org/licenses/>.
+ License along with Clipperz. If not, see http://www.gnu.org/licenses/.
*/
//try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) {
// throw "Clipperz.Crypto.ECC depends on Clipperz.ByteArray!";
//}
if (typeof(Clipperz.Crypto.ECC) == 'undefined') { Clipperz.Crypto.ECC = {}; }
if (typeof(Clipperz.Crypto.ECC.BinaryField) == 'undefined') { Clipperz.Crypto.ECC.BinaryField = {}; }
Clipperz.Crypto.ECC.BinaryField.Point = function(args) {
args = args || {};
this._x = args.x;
this._y = args.y;
return this;
}
Clipperz.Crypto.ECC.BinaryField.Point.prototype = MochiKit.Base.update(null, {
'asString': function() {
return "Clipperz.Crypto.ECC.BinaryField.Point (" + this.x() + ", " + this.y() + ")";
},
//-----------------------------------------------------------------------------
'x': function() {
return this._x;
},
'y': function() {
return this._y;
},
//-----------------------------------------------------------------------------
'isZero': function() {
return (this.x().isZero() && this.y().isZero())
},
//-----------------------------------------------------------------------------
__syntaxFix__: "syntax fix"
});
diff --git a/frontend/gamma/js/Clipperz/Crypto/ECC/BinaryField/Value.js b/frontend/gamma/js/Clipperz/Crypto/ECC/BinaryField/Value.js
index b705a20..634772a 100644
--- a/frontend/gamma/js/Clipperz/Crypto/ECC/BinaryField/Value.js
+++ b/frontend/gamma/js/Clipperz/Crypto/ECC/BinaryField/Value.js
@@ -1,383 +1,379 @@
/*
-Copyright 2008-2011 Clipperz Srl
+Copyright 2008-2013 Clipperz Srl
-This file is part of Clipperz Community Edition.
-Clipperz Community Edition is an online password manager.
+This file is part of Clipperz, the online password manager.
For further information about its features and functionalities please
refer to http://www.clipperz.com.
-* Clipperz Community Edition is free software: you can redistribute
- it and/or modify it under the terms of the GNU Affero General Public
- License as published by the Free Software Foundation, either version
- 3 of the License, or (at your option) any later version.
+* Clipperz is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
-* Clipperz Community Edition is distributed in the hope that it will
- be useful, but WITHOUT ANY WARRANTY; without even the implied
- warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+* Clipperz is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU Affero General Public License for more details.
* You should have received a copy of the GNU Affero General Public
- License along with Clipperz Community Edition. If not, see
- <http://www.gnu.org/licenses/>.
+ License along with Clipperz. If not, see http://www.gnu.org/licenses/.
*/
//try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) {
// throw "Clipperz.Crypto.ECC depends on Clipperz.ByteArray!";
//}
if (typeof(Clipperz) == 'undefined') { Clipperz = {}; }
if (typeof(Clipperz.Crypto) == 'undefined') { Clipperz.Crypto = {}; }
if (typeof(Clipperz.Crypto.ECC) == 'undefined') { Clipperz.Crypto.ECC = {}; }
if (typeof(Clipperz.Crypto.ECC.BinaryField) == 'undefined') { Clipperz.Crypto.ECC.BinaryField = {}; }
Clipperz.Crypto.ECC.BinaryField.Value = function(aValue, aBase, aBitSize) {
if (aValue.constructor == String) {
var value;
var stringLength;
var numberOfWords;
var i,c;
if (aBase != 16) {
throw Clipperz.Crypto.ECC.BinaryField.Value.exception.UnsupportedBase;
}
value = aValue.replace(/ /g, '');
stringLength = value.length;
numberOfWords = Math.ceil(stringLength / 8);
this._value = new Array(numberOfWords);
c = numberOfWords;
for (i=0; i<c; i++) {
var word;
if (i < (c-1)) {
word = parseInt(value.substr(stringLength-((i+1)*8), 8), 16);
} else {
word = parseInt(value.substr(0, stringLength-(i*8)), 16);
}
this._value[i] = word;
}
} else if (aValue.constructor == Array) {
var itemsToCopy;
itemsToCopy = aValue.length;
while (aValue[itemsToCopy - 1] == 0) {
itemsToCopy --;
}
this._value = aValue.slice(0, itemsToCopy);
} else if (aValue.constructor == Number) {
this._value = [aValue];
} else {
// throw Clipperz.Crypto.ECC.BinaryField.Value.exception.UnsupportedConstructorValueType;
}
this._bitSize == aBitSize || null;
return this;
}
Clipperz.Crypto.ECC.BinaryField.Value.prototype = MochiKit.Base.update(null, {
'value': function() {
return this._value;
},
//-----------------------------------------------------------------------------
'wordSize': function() {
return this._value.length
},
//-----------------------------------------------------------------------------
'clone': function() {
return new Clipperz.Crypto.ECC.BinaryField.Value(this._value.slice(0), null, this._bitSize);
},
//-----------------------------------------------------------------------------
'isZero': function() {
return (this.compare(Clipperz.Crypto.ECC.BinaryField.Value.O) == 0);
},
//-----------------------------------------------------------------------------
'asString': function(aBase) {
var result;
var i,c;
if (aBase != 16) {
throw Clipperz.Crypto.ECC.BinaryField.Value.exception.UnsupportedBase;
}
result = "";
c = this.wordSize();
for (i=0; i<c; i++) {
var wordAsString;
// wordAsString = ("00000000" + this.value()[i].toString(16));
wordAsString = ("00000000" + this._value[i].toString(16));
wordAsString = wordAsString.substring(wordAsString.length - 8);
result = wordAsString + result;
}
result = result.replace(/^(00)*/, "");
if (result == "") {
result = "0";
}
return result;
},
//-----------------------------------------------------------------------------
'shiftLeft': function(aNumberOfBitsToShift) {
// this method seems like it is never called. :-(
return new Clipperz.Crypto.ECC.BinaryField.Value(Clipperz.Crypto.ECC.BinaryField.Value._shiftLeft(this._value, aNumberOfBitsToShift));
},
//-----------------------------------------------------------------------------
'bitSize': function() {
if (this._bitSize == null) {
this._bitSize = Clipperz.Crypto.ECC.BinaryField.Value._bitSize(this._value);
}
return this._bitSize;
},
//-----------------------------------------------------------------------------
'isBitSet': function(aBitPosition) {
return Clipperz.Crypto.ECC.BinaryField.Value._isBitSet(this._value, aBitPosition);
},
//-----------------------------------------------------------------------------
'xor': function(aValue) {
return new Clipperz.Crypto.ECC.BinaryField.Value(Clipperz.Crypto.ECC.BinaryField.Value._xor(this._value, aValue._value));
},
//-----------------------------------------------------------------------------
'compare': function(aValue) {
return Clipperz.Crypto.ECC.BinaryField.Value._compare(this._value, aValue._value);
},
//-----------------------------------------------------------------------------
__syntaxFix__: "syntax fix"
});
Clipperz.Crypto.ECC.BinaryField.Value.O = new Clipperz.Crypto.ECC.BinaryField.Value('0', 16);
Clipperz.Crypto.ECC.BinaryField.Value.I = new Clipperz.Crypto.ECC.BinaryField.Value('1', 16);
Clipperz.Crypto.ECC.BinaryField.Value._xor = function(a, b, aFirstItemOffset) {
var result;
var resultSize;
var i,c;
var firstItemOffset;
firstItemOffset = aFirstItemOffset || 0;
resultSize = Math.max((a.length - firstItemOffset), b.length) + firstItemOffset;
result = new Array(resultSize);
c = firstItemOffset;
for (i=0; i<c; i++) {
result[i] = a[i];
}
c = resultSize;
for (i=firstItemOffset; i<c; i++) {
result[i] = (((a[i] || 0) ^ (b[i - firstItemOffset] || 0)) >>> 0);
}
return result;
};
Clipperz.Crypto.ECC.BinaryField.Value._overwriteXor = function(a, b, aFirstItemOffset) {
var i,c;
var firstItemOffset;
firstItemOffset = aFirstItemOffset || 0;
c = Math.max((a.length - firstItemOffset), b.length) + firstItemOffset;
for (i=firstItemOffset; i<c; i++) {
a[i] = (((a[i] || 0) ^ (b[i - firstItemOffset] || 0)) >>> 0);
}
};
Clipperz.Crypto.ECC.BinaryField.Value._shiftLeft = function(aWordArray, aNumberOfBitsToShift) {
var numberOfWordsToShift;
var numberOfBitsToShift;
var result;
var overflowValue;
var nextOverflowValue;
var i,c;
numberOfWordsToShift = Math.floor(aNumberOfBitsToShift / 32);
numberOfBitsToShift = aNumberOfBitsToShift % 32;
result = new Array(aWordArray.length + numberOfWordsToShift);
c = numberOfWordsToShift;
for (i=0; i<c; i++) {
result[i] = 0;
}
overflowValue = 0;
nextOverflowValue = 0;
c = aWordArray.length;
for (i=0; i<c; i++) {
var value;
var resultWord;
// value = this.value()[i];
value = aWordArray[i];
if (numberOfBitsToShift > 0) {
nextOverflowValue = (value >>> (32 - numberOfBitsToShift));
value = value & (0xffffffff >>> numberOfBitsToShift);
resultWord = (((value << numberOfBitsToShift) | overflowValue) >>> 0);
} else {
resultWord = value;
}
result[i+numberOfWordsToShift] = resultWord;
overflowValue = nextOverflowValue;
}
if (overflowValue != 0) {
result[aWordArray.length + numberOfWordsToShift] = overflowValue;
}
return result;
};
Clipperz.Crypto.ECC.BinaryField.Value._overwriteShiftLeft = function(aWordArray, aNumberOfBitsToShift) {
var numberOfWordsToShift;
var numberOfBitsToShift;
var result;
var overflowValue;
var i,c;
numberOfWordsToShift = Math.floor(aNumberOfBitsToShift / 32);
numberOfBitsToShift = aNumberOfBitsToShift % 32;
result = new Array(aWordArray.length + numberOfWordsToShift);
c = numberOfWordsToShift;
for (i=0; i<c; i++) {
result[i] = 0;
}
overflowValue = 0;
nextOverflowValue = 0;
c = aWordArray.length;
for (i=0; i<c; i++) {
var value;
var resultWord;
// value = this.value()[i];
value = aWordArray[i];
if (numberOfBitsToShift > 0) {
var nextOverflowValue;
nextOverflowValue = (value >>> (32 - numberOfBitsToShift));
value = value & (0xffffffff >>> numberOfBitsToShift);
resultWord = (((value << numberOfBitsToShift) | overflowValue) >>> 0);
} else {
resultWord = value;
}
result[i+numberOfWordsToShift] = resultWord;
overflowValue = nextOverflowValue;
}
if (overflowValue != 0) {
result[aWordArray.length + numberOfWordsToShift] = overflowValue;
}
return result;
};
Clipperz.Crypto.ECC.BinaryField.Value._bitSize = function(aWordArray) {
var result;
var notNullElements;
var mostValuableWord;
var matchingBitsInMostImportantWord;
var mask;
var i,c;
notNullElements = aWordArray.length;
if ((aWordArray.length == 1) && (aWordArray[0] == 0)) {
result = 0;
} else {
notNullElements --;
while((notNullElements > 0) && (aWordArray[notNullElements] == 0)) {
notNullElements --;
}
result = notNullElements * 32;
mostValuableWord = aWordArray[notNullElements];
matchingBits = 32;
mask = 0x80000000;
while ((matchingBits > 0) && ((mostValuableWord & mask) == 0)) {
matchingBits --;
mask >>>= 1;
}
result += matchingBits;
}
return result;
};
Clipperz.Crypto.ECC.BinaryField.Value._isBitSet = function(aWordArray, aBitPosition) {
var result;
var byteIndex;
var bitIndexInSelectedByte;
byteIndex = Math.floor(aBitPosition / 32);
bitIndexInSelectedByte = aBitPosition % 32;
if (byteIndex <= aWordArray.length) {
result = ((aWordArray[byteIndex] & (1 << bitIndexInSelectedByte)) != 0);
} else {
result = false;
}
return result;
};
Clipperz.Crypto.ECC.BinaryField.Value._compare = function(a,b) {
var result;
var i,c;
result = MochiKit.Base.compare(a.length, b.length);
c = a.length;
for (i=0; (i<c) && (result==0); i++) {
-//console.log("compare[" + c + " - " + i + " - 1] " + this.value()[c-i-1] + ", " + aValue.value()[c-i-1]);
-// result = MochiKit.Base.compare(this.value()[c-i-1], aValue.value()[c-i-1]);
result = MochiKit.Base.compare(a[c-i-1], b[c-i-1]);
}
return result;
};
Clipperz.Crypto.ECC.BinaryField.Value['exception']= {
'UnsupportedBase': new MochiKit.Base.NamedError("Clipperz.Crypto.ECC.BinaryField.Value.exception.UnsupportedBase"),
'UnsupportedConstructorValueType': new MochiKit.Base.NamedError("Clipperz.Crypto.ECC.BinaryField.Value.exception.UnsupportedConstructorValueType")
};
diff --git a/frontend/gamma/js/Clipperz/Crypto/ECC/StandardCurves.js b/frontend/gamma/js/Clipperz/Crypto/ECC/StandardCurves.js
index be197e3..239e264 100644
--- a/frontend/gamma/js/Clipperz/Crypto/ECC/StandardCurves.js
+++ b/frontend/gamma/js/Clipperz/Crypto/ECC/StandardCurves.js
@@ -1,236 +1,229 @@
/*
-Copyright 2008-2011 Clipperz Srl
+Copyright 2008-2013 Clipperz Srl
-This file is part of Clipperz Community Edition.
-Clipperz Community Edition is an online password manager.
+This file is part of Clipperz, the online password manager.
For further information about its features and functionalities please
refer to http://www.clipperz.com.
-* Clipperz Community Edition is free software: you can redistribute
- it and/or modify it under the terms of the GNU Affero General Public
- License as published by the Free Software Foundation, either version
- 3 of the License, or (at your option) any later version.
+* Clipperz is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
-* Clipperz Community Edition is distributed in the hope that it will
- be useful, but WITHOUT ANY WARRANTY; without even the implied
- warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+* Clipperz is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU Affero General Public License for more details.
* You should have received a copy of the GNU Affero General Public
- License along with Clipperz Community Edition. If not, see
- <http://www.gnu.org/licenses/>.
+ License along with Clipperz. If not, see http://www.gnu.org/licenses/.
*/
//try { if (typeof(Clipperz.Crypto.ECC.BinaryField.Curve) == 'undefined') { throw ""; }} catch (e) {
// throw "Clipperz.Crypto.ECC depends on Clipperz.Crypto.ECC.BinaryField.Curve!";
//}
//try { if (typeof(Clipperz.Crypto.ECC.Koblitz.Curve) == 'undefined') { throw ""; }} catch (e) {
// throw "Clipperz.Crypto.ECC depends on Clipperz.Crypto.ECC.Koblitz.Curve!";
//}
Clipperz.Crypto.ECC.StandardCurves = {};
MochiKit.Base.update(Clipperz.Crypto.ECC.StandardCurves, {
//==============================================================================
'_K571': null,
'K571': function() { // f(z) = z^571 + z^10 + z^5 + z^2 + 1
if ((Clipperz.Crypto.ECC.StandardCurves._K571 == null) && (typeof(Clipperz.Crypto.ECC.Koblitz.Curve) != 'undefined')) {
Clipperz.Crypto.ECC.StandardCurves._K571 = new Clipperz.Crypto.ECC.Koblitz.Curve({
modulus: new Clipperz.Crypto.ECC.Koblitz.Value('08000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000425', 16),
a: new Clipperz.Crypto.ECC.Koblitz.Value('0', 16),
b: new Clipperz.Crypto.ECC.Koblitz.Value('1', 16),
G: new Clipperz.Crypto.ECC.Koblitz.Point({
x: new Clipperz.Crypto.ECC.Koblitz.Value('026eb7a8 59923fbc 82189631 f8103fe4 ac9ca297 0012d5d4 60248048 01841ca4 43709584 93b205e6 47da304d b4ceb08c bbd1ba39 494776fb 988b4717 4dca88c7 e2945283 a01c8972', 16),
y: new Clipperz.Crypto.ECC.Koblitz.Value('0349dc80 7f4fbf37 4f4aeade 3bca9531 4dd58cec 9f307a54 ffc61efc 006d8a2c 9d4979c0 ac44aea7 4fbebbb9 f772aedc b620b01a 7ba7af1b 320430c8 591984f6 01cd4c14 3ef1c7a3', 16)
}),
r: new Clipperz.Crypto.ECC.Koblitz.Value('02000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 131850e1 f19a63e4 b391a8db 917f4138 b630d84b e5d63938 1e91deb4 5cfe778f 637c1001', 16),
h: new Clipperz.Crypto.ECC.Koblitz.Value('4', 16),
primeFactor: new Clipperz.Crypto.ECC.Koblitz.Value('02000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 131850e1 f19a63e4 b391a8db 917f4138 b630d84b e5d63938 1e91deb4 5cfe778f 637c1001', 16)
});
}
return Clipperz.Crypto.ECC.StandardCurves._K571;
},
//-----------------------------------------------------------------------------
'_K283': null,
'K283': function() { // f(z) = z^283 + z^12 + z^7 + z^5 + 1
if ((Clipperz.Crypto.ECC.StandardCurves._K283 == null) && (typeof(Clipperz.Crypto.ECC.Koblitz.Curve) != 'undefined')) {
Clipperz.Crypto.ECC.StandardCurves._K283 = new Clipperz.Crypto.ECC.Koblitz.Curve({
modulus: new Clipperz.Crypto.ECC.Koblitz.Value('08000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 000010a1', 16),
a: new Clipperz.Crypto.ECC.Koblitz.Value('0', 16),
b: new Clipperz.Crypto.ECC.Koblitz.Value('1', 16),
G: new Clipperz.Crypto.ECC.Koblitz.Point({
x: new Clipperz.Crypto.ECC.Koblitz.Value('0503213f 78ca4488 3f1a3b81 62f188e5 53cd265f 23c1567a 16876913 b0c2ac24 58492836', 16),
y: new Clipperz.Crypto.ECC.Koblitz.Value('01ccda38 0f1c9e31 8d90f95d 07e5426f e87e45c0 e8184698 e4596236 4e341161 77dd2259', 16)
}),
r: new Clipperz.Crypto.ECC.Koblitz.Value('01ffffff ffffffff ffffffff ffffffff ffffe9ae 2ed07577 265dff7f 94451e06 1e163c61', 16),
h: new Clipperz.Crypto.ECC.Koblitz.Value('4', 16),
primeFactor: new Clipperz.Crypto.ECC.Koblitz.Value('01ffffff ffffffff ffffffff ffffffff ffffe9ae 2ed07577 265dff7f 94451e06 1e163c61', 16)
});
}
return Clipperz.Crypto.ECC.StandardCurves._K283;
},
//==============================================================================
'_B571': null,
'B571': function() { // f(z) = z^571 + z^10 + z^5 + z^2 + 1
if ((Clipperz.Crypto.ECC.StandardCurves._B571 == null) && (typeof(Clipperz.Crypto.ECC.BinaryField.Curve) != 'undefined')) {
Clipperz.Crypto.ECC.StandardCurves._B571 = new Clipperz.Crypto.ECC.BinaryField.Curve({
modulus: new Clipperz.Crypto.ECC.BinaryField.Value('08000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000425', 16),
a: new Clipperz.Crypto.ECC.BinaryField.Value('1', 16),
b: new Clipperz.Crypto.ECC.BinaryField.Value('02f40e7e 2221f295 de297117 b7f3d62f 5c6a97ff cb8ceff1 cd6ba8ce 4a9a18ad 84ffabbd 8efa5933 2be7ad67 56a66e29 4afd185a 78ff12aa 520e4de7 39baca0c 7ffeff7f 2955727a', 16),
G: new Clipperz.Crypto.ECC.BinaryField.Point({
x: new Clipperz.Crypto.ECC.BinaryField.Value('0303001d 34b85629 6c16c0d4 0d3cd775 0a93d1d2 955fa80a a5f40fc8 db7b2abd bde53950 f4c0d293 cdd711a3 5b67fb14 99ae6003 8614f139 4abfa3b4 c850d927 e1e7769c 8eec2d19', 16),
y: new Clipperz.Crypto.ECC.BinaryField.Value('037bf273 42da639b 6dccfffe b73d69d7 8c6c27a6 009cbbca 1980f853 3921e8a6 84423e43 bab08a57 6291af8f 461bb2a8 b3531d2f 0485c19b 16e2f151 6e23dd3c 1a4827af 1b8ac15b', 16)
}),
r: new Clipperz.Crypto.ECC.BinaryField.Value('03ffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff e661ce18 ff559873 08059b18 6823851e c7dd9ca1 161de93d 5174d66e 8382e9bb 2fe84e47', 16),
h: new Clipperz.Crypto.ECC.BinaryField.Value('2', 16)
// S: new Clipperz.Crypto.ECC.BinaryField.Value('2aa058f73a0e33ab486b0f610410c53a7f132310', 10),
// n: new Clipperz.Crypto.ECC.BinaryField.Value('03ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe661ce18ff55987308059b186823851ec7dd9ca1161de93d5174d66e8382e9bb2fe84e47', 16)
});
//-----------------------------------------------------------------------------
//
// Guide to Elliptic Curve Cryptography
// Darrel Hankerson, Alfred Menezes, Scott Vanstone
// - Pag: 56, Alorithm 2.45 (with a typo!!!)
//
//-----------------------------------------------------------------------------
//
// http://www.milw0rm.com/papers/136
//
// -------------------------------------------------------------------------
// Polynomial Reduction Algorithm Modulo f571
// -------------------------------------------------------------------------
//
// Input: Polynomial p(x) of degree 1140 or less, stored as
// an array of 2T machinewords.
// Output: p(x) mod f571(x)
//
// FOR i = T-1, ..., 0 DO
// SET X := P[i+T]
// P[i] := P[i] ^ (X<<5) ^ (X<<7) ^ (X<<10) ^ (X<<15)
// P[i+1] := P[i+1] ^ (X>>17) ^ (X>>22) ^ (X>>25) ^ (X>>27)
//
// SET X := P[T-1] >> 27
// P[0] := P[0] ^ X ^ (X<<2) ^ (X<<5) ^ (X<<10)
// P[T-1] := P[T-1] & 0x07ffffff
//
// RETURN P[T-1],...,P[0]
//
// -------------------------------------------------------------------------
//
Clipperz.Crypto.ECC.StandardCurves._B571.finiteField().slowModule = Clipperz.Crypto.ECC.StandardCurves._B571.finiteField().module;
Clipperz.Crypto.ECC.StandardCurves._B571.finiteField().module = function(aValue) {
var result;
if (aValue.bitSize() > 1140) {
- MochiKit.Logging.logWarning("ECC.StandarCurves.B571.finiteField().module: falling back to default implementation");
+ Clipperz.logWarning("ECC.StandarCurves.B571.finiteField().module: falling back to default implementation");
result = Clipperz.Crypto.ECC.StandardCurves._B571.finiteField().slowModule(aValue);
} else {
var C, T;
var i;
-//console.log(">>> binaryField.finiteField.(improved)module");
-// C = aValue.value().slice(0);
C = aValue._value.slice(0);
for (i=35; i>=18; i--) {
T = C[i];
C[i-18] = (((C[i-18] ^ (T<<5) ^ (T<<7) ^ (T<<10) ^ (T<<15)) & 0xffffffff) >>> 0);
C[i-17] = ((C[i-17] ^ (T>>>27) ^ (T>>>25) ^ (T>>>22) ^ (T>>>17)) >>> 0);
}
T = (C[17] >>> 27);
C[0] = ((C[0] ^ T ^ ((T<<2) ^ (T<<5) ^ (T<<10)) & 0xffffffff) >>> 0);
C[17] = (C[17] & 0x07ffffff);
for(i=18; i<=35; i++) {
C[i] = 0;
}
result = new Clipperz.Crypto.ECC.BinaryField.Value(C);
-//console.log("<<< binaryField.finiteField.(improved)module");
}
return result;
};
}
return Clipperz.Crypto.ECC.StandardCurves._B571;
},
//-----------------------------------------------------------------------------
'_B283': null,
'B283': function() { // f(z) = z^283 + z^12 + z^7 + z^5 + 1
if ((Clipperz.Crypto.ECC.StandardCurves._B283 == null) && (typeof(Clipperz.Crypto.ECC.BinaryField.Curve) != 'undefined')) {
Clipperz.Crypto.ECC.StandardCurves._B283 = new Clipperz.Crypto.ECC.BinaryField.Curve({
modulus: new Clipperz.Crypto.ECC.BinaryField.Value('08000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 000010a1', 16),
a: new Clipperz.Crypto.ECC.BinaryField.Value('1', 16),
b: new Clipperz.Crypto.ECC.BinaryField.Value('027b680a c8b8596d a5a4af8a 19a0303f ca97fd76 45309fa2 a581485a f6263e31 3b79a2f5', 16),
G: new Clipperz.Crypto.ECC.BinaryField.Point({
x: new Clipperz.Crypto.ECC.BinaryField.Value('05f93925 8db7dd90 e1934f8c 70b0dfec 2eed25b8 557eac9c 80e2e198 f8cdbecd 86b12053', 16),
y: new Clipperz.Crypto.ECC.BinaryField.Value('03676854 fe24141c b98fe6d4 b20d02b4 516ff702 350eddb0 826779c8 13f0df45 be8112f4', 16)
}),
r: new Clipperz.Crypto.ECC.BinaryField.Value('03ffffff ffffffff ffffffff ffffffff ffffef90 399660fc 938a9016 5b042a7c efadb307', 16),
h: new Clipperz.Crypto.ECC.BinaryField.Value('2', 16)
});
//-----------------------------------------------------------------------------
//
// Guide to Elliptic Curve Cryptography
// Darrel Hankerson, Alfred Menezes, Scott Vanstone
// - Pag: 56, Alorithm 2.43
//
//-----------------------------------------------------------------------------
Clipperz.Crypto.ECC.StandardCurves._B283.finiteField().slowModule = Clipperz.Crypto.ECC.StandardCurves._B283.finiteField().module;
Clipperz.Crypto.ECC.StandardCurves._B283.finiteField().module = function(aValue) {
var result;
if (aValue.bitSize() > 564) {
- MochiKit.Logging.logWarning("ECC.StandarCurves.B283.finiteField().module: falling back to default implementation");
+ Clipperz.logWarning("ECC.StandarCurves.B283.finiteField().module: falling back to default implementation");
result = Clipperz.Crypto.ECC.StandardCurves._B283.finiteField().slowModule(aValue);
} else {
var C, T;
var i;
-//console.log(">>> binaryField.finiteField.(improved)module");
C = aValue._value.slice(0);
for (i=17; i>=9; i--) {
T = C[i];
C[i-9] = (((C[i-9] ^ (T<<5) ^ (T<<10) ^ (T<<12) ^ (T<<17)) & 0xffffffff) >>> 0);
C[i-8] = ((C[i-8] ^ (T>>>27) ^ (T>>>22) ^ (T>>>20) ^ (T>>>15)) >>> 0);
}
T = (C[8] >>> 27);
C[0] = ((C[0] ^ T ^ ((T<<5) ^ (T<<7) ^ (T<<12)) & 0xffffffff) >>> 0);
C[8] = (C[8] & 0x07ffffff);
for(i=9; i<=17; i++) {
C[i] = 0;
}
result = new Clipperz.Crypto.ECC.BinaryField.Value(C);
-//console.log("<<< binaryField.finiteField.(improved)module");
}
return result;
};
}
return Clipperz.Crypto.ECC.StandardCurves._B283;
},
//==============================================================================
__syntaxFix__: "syntax fix"
});
diff --git a/frontend/gamma/js/Clipperz/Crypto/PRNG.js b/frontend/gamma/js/Clipperz/Crypto/PRNG.js
index adfdb16..c539f06 100644
--- a/frontend/gamma/js/Clipperz/Crypto/PRNG.js
+++ b/frontend/gamma/js/Clipperz/Crypto/PRNG.js
@@ -1,852 +1,841 @@
/*
-Copyright 2008-2011 Clipperz Srl
+Copyright 2008-2013 Clipperz Srl
-This file is part of Clipperz Community Edition.
-Clipperz Community Edition is an online password manager.
+This file is part of Clipperz, the online password manager.
For further information about its features and functionalities please
refer to http://www.clipperz.com.
-* Clipperz Community Edition is free software: you can redistribute
- it and/or modify it under the terms of the GNU Affero General Public
- License as published by the Free Software Foundation, either version
- 3 of the License, or (at your option) any later version.
+* Clipperz is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
-* Clipperz Community Edition is distributed in the hope that it will
- be useful, but WITHOUT ANY WARRANTY; without even the implied
- warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+* Clipperz is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU Affero General Public License for more details.
* You should have received a copy of the GNU Affero General Public
- License along with Clipperz Community Edition. If not, see
- <http://www.gnu.org/licenses/>.
+ License along with Clipperz. If not, see http://www.gnu.org/licenses/.
*/
try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) {
throw "Clipperz.Crypto.PRNG depends on Clipperz.ByteArray!";
}
try { if (typeof(Clipperz.Crypto.SHA) == 'undefined') { throw ""; }} catch (e) {
throw "Clipperz.Crypto.PRNG depends on Clipperz.Crypto.SHA!";
}
try { if (typeof(Clipperz.Crypto.AES) == 'undefined') { throw ""; }} catch (e) {
throw "Clipperz.Crypto.PRNG depends on Clipperz.Crypto.AES!";
}
if (typeof(Clipperz.Crypto.PRNG) == 'undefined') { Clipperz.Crypto.PRNG = {}; }
//#############################################################################
Clipperz.Crypto.PRNG.EntropyAccumulator = function(args) {
args = args || {};
// MochiKit.Base.bindMethods(this);
this._stack = new Clipperz.ByteArray();
this._maxStackLengthBeforeHashing = args.maxStackLengthBeforeHashing || 256;
return this;
}
Clipperz.Crypto.PRNG.EntropyAccumulator.prototype = MochiKit.Base.update(null, {
'toString': function() {
return "Clipperz.Crypto.PRNG.EntropyAccumulator";
},
//-------------------------------------------------------------------------
'stack': function() {
return this._stack;
},
'setStack': function(aValue) {
this._stack = aValue;
},
'resetStack': function() {
this.stack().reset();
},
'maxStackLengthBeforeHashing': function() {
return this._maxStackLengthBeforeHashing;
},
//-------------------------------------------------------------------------
'addRandomByte': function(aValue) {
this.stack().appendByte(aValue);
if (this.stack().length() > this.maxStackLengthBeforeHashing()) {
this.setStack(Clipperz.Crypto.SHA.sha_d256(this.stack()));
}
},
//-------------------------------------------------------------------------
__syntaxFix__: "syntax fix"
});
//#############################################################################
Clipperz.Crypto.PRNG.RandomnessSource = function(args) {
args = args || {};
MochiKit.Base.bindMethods(this);
this._generator = args.generator || null;
this._sourceId = args.sourceId || null;
this._boostMode = args.boostMode || false;
this._nextPoolIndex = 0;
return this;
}
Clipperz.Crypto.PRNG.RandomnessSource.prototype = MochiKit.Base.update(null, {
'generator': function() {
return this._generator;
},
'setGenerator': function(aValue) {
this._generator = aValue;
},
//-------------------------------------------------------------------------
'boostMode': function() {
return this._boostMode;
},
'setBoostMode': function(aValue) {
this._boostMode = aValue;
},
//-------------------------------------------------------------------------
'sourceId': function() {
return this._sourceId;
},
'setSourceId': function(aValue) {
this._sourceId = aValue;
},
//-------------------------------------------------------------------------
'nextPoolIndex': function() {
return this._nextPoolIndex;
},
'incrementNextPoolIndex': function() {
this._nextPoolIndex = ((this._nextPoolIndex + 1) % this.generator().numberOfEntropyAccumulators());
},
//-------------------------------------------------------------------------
'updateGeneratorWithValue': function(aRandomValue) {
if (this.generator() != null) {
this.generator().addRandomByte(this.sourceId(), this.nextPoolIndex(), aRandomValue);
this.incrementNextPoolIndex();
}
},
//-------------------------------------------------------------------------
__syntaxFix__: "syntax fix"
});
//#############################################################################
Clipperz.Crypto.PRNG.TimeRandomnessSource = function(args) {
args = args || {};
// MochiKit.Base.bindMethods(this);
this._intervalTime = args.intervalTime || 1000;
Clipperz.Crypto.PRNG.RandomnessSource.call(this, args);
this.collectEntropy();
return this;
}
Clipperz.Crypto.PRNG.TimeRandomnessSource.prototype = MochiKit.Base.update(new Clipperz.Crypto.PRNG.RandomnessSource, {
'intervalTime': function() {
return this._intervalTime;
},
//-------------------------------------------------------------------------
'collectEntropy': function() {
var now;
var entropyByte;
var intervalTime;
now = new Date();
entropyByte = (now.getTime() & 0xff);
intervalTime = this.intervalTime();
if (this.boostMode() == true) {
intervalTime = intervalTime / 9;
}
this.updateGeneratorWithValue(entropyByte);
setTimeout(this.collectEntropy, intervalTime);
},
//-------------------------------------------------------------------------
'numberOfRandomBits': function() {
return 5;
},
//-------------------------------------------------------------------------
'pollingFrequency': function() {
return 10;
},
//-------------------------------------------------------------------------
__syntaxFix__: "syntax fix"
});
//*****************************************************************************
Clipperz.Crypto.PRNG.MouseRandomnessSource = function(args) {
args = args || {};
Clipperz.Crypto.PRNG.RandomnessSource.call(this, args);
this._numberOfBitsToCollectAtEachEvent = 4;
this._randomBitsCollector = 0;
this._numberOfRandomBitsCollected = 0;
MochiKit.Signal.connect(document, 'onmousemove', this, 'collectEntropy');
return this;
}
Clipperz.Crypto.PRNG.MouseRandomnessSource.prototype = MochiKit.Base.update(new Clipperz.Crypto.PRNG.RandomnessSource, {
//-------------------------------------------------------------------------
'numberOfBitsToCollectAtEachEvent': function() {
return this._numberOfBitsToCollectAtEachEvent;
},
//-------------------------------------------------------------------------
'randomBitsCollector': function() {
return this._randomBitsCollector;
},
'setRandomBitsCollector': function(aValue) {
this._randomBitsCollector = aValue;
},
'appendRandomBitsToRandomBitsCollector': function(aValue) {
var collectedBits;
var numberOfRandomBitsCollected;
numberOfRandomBitsCollected = this.numberOfRandomBitsCollected();
collectetBits = this.randomBitsCollector() | (aValue << numberOfRandomBitsCollected);
this.setRandomBitsCollector(collectetBits);
numberOfRandomBitsCollected += this.numberOfBitsToCollectAtEachEvent();
if (numberOfRandomBitsCollected == 8) {
this.updateGeneratorWithValue(collectetBits);
numberOfRandomBitsCollected = 0;
this.setRandomBitsCollector(0);
}
this.setNumberOfRandomBitsCollected(numberOfRandomBitsCollected)
},
//-------------------------------------------------------------------------
'numberOfRandomBitsCollected': function() {
return this._numberOfRandomBitsCollected;
},
'setNumberOfRandomBitsCollected': function(aValue) {
this._numberOfRandomBitsCollected = aValue;
},
//-------------------------------------------------------------------------
'collectEntropy': function(anEvent) {
var mouseLocation;
var randomBit;
var mask;
mask = 0xffffffff >>> (32 - this.numberOfBitsToCollectAtEachEvent());
mouseLocation = anEvent.mouse().client;
randomBit = ((mouseLocation.x ^ mouseLocation.y) & mask);
this.appendRandomBitsToRandomBitsCollector(randomBit)
},
//-------------------------------------------------------------------------
'numberOfRandomBits': function() {
return 1;
},
//-------------------------------------------------------------------------
'pollingFrequency': function() {
return 10;
},
//-------------------------------------------------------------------------
__syntaxFix__: "syntax fix"
});
//*****************************************************************************
Clipperz.Crypto.PRNG.KeyboardRandomnessSource = function(args) {
args = args || {};
Clipperz.Crypto.PRNG.RandomnessSource.call(this, args);
this._randomBitsCollector = 0;
this._numberOfRandomBitsCollected = 0;
MochiKit.Signal.connect(document, 'onkeypress', this, 'collectEntropy');
return this;
}
Clipperz.Crypto.PRNG.KeyboardRandomnessSource.prototype = MochiKit.Base.update(new Clipperz.Crypto.PRNG.RandomnessSource, {
//-------------------------------------------------------------------------
'randomBitsCollector': function() {
return this._randomBitsCollector;
},
'setRandomBitsCollector': function(aValue) {
this._randomBitsCollector = aValue;
},
'appendRandomBitToRandomBitsCollector': function(aValue) {
var collectedBits;
var numberOfRandomBitsCollected;
numberOfRandomBitsCollected = this.numberOfRandomBitsCollected();
collectetBits = this.randomBitsCollector() | (aValue << numberOfRandomBitsCollected);
this.setRandomBitsCollector(collectetBits);
numberOfRandomBitsCollected ++;
if (numberOfRandomBitsCollected == 8) {
this.updateGeneratorWithValue(collectetBits);
numberOfRandomBitsCollected = 0;
this.setRandomBitsCollector(0);
}
this.setNumberOfRandomBitsCollected(numberOfRandomBitsCollected)
},
//-------------------------------------------------------------------------
'numberOfRandomBitsCollected': function() {
return this._numberOfRandomBitsCollected;
},
'setNumberOfRandomBitsCollected': function(aValue) {
this._numberOfRandomBitsCollected = aValue;
},
//-------------------------------------------------------------------------
'collectEntropy': function(anEvent) {
/*
var mouseLocation;
var randomBit;
mouseLocation = anEvent.mouse().client;
randomBit = ((mouseLocation.x ^ mouseLocation.y) & 0x1);
this.appendRandomBitToRandomBitsCollector(randomBit);
*/
},
//-------------------------------------------------------------------------
'numberOfRandomBits': function() {
return 1;
},
//-------------------------------------------------------------------------
'pollingFrequency': function() {
return 10;
},
//-------------------------------------------------------------------------
__syntaxFix__: "syntax fix"
});
//#############################################################################
Clipperz.Crypto.PRNG.Fortuna = function(args) {
var i,c;
args = args || {};
this._key = args.seed || null;
if (this._key == null) {
this._counter = 0;
this._key = new Clipperz.ByteArray();
} else {
this._counter = 1;
}
this._aesKey = null;
this._firstPoolReseedLevel = args.firstPoolReseedLevel || 32 || 64;
this._numberOfEntropyAccumulators = args.numberOfEntropyAccumulators || 32;
this._accumulators = [];
c = this.numberOfEntropyAccumulators();
for (i=0; i<c; i++) {
this._accumulators.push(new Clipperz.Crypto.PRNG.EntropyAccumulator());
}
this._randomnessSources = [];
this._reseedCounter = 0;
return this;
}
Clipperz.Crypto.PRNG.Fortuna.prototype = MochiKit.Base.update(null, {
'toString': function() {
return "Clipperz.Crypto.PRNG.Fortuna";
},
//-------------------------------------------------------------------------
'key': function() {
return this._key;
},
'setKey': function(aValue) {
this._key = aValue;
this._aesKey = null;
},
'aesKey': function() {
if (this._aesKey == null) {
this._aesKey = new Clipperz.Crypto.AES.Key({key:this.key()});
}
return this._aesKey;
},
'accumulators': function() {
return this._accumulators;
},
'firstPoolReseedLevel': function() {
return this._firstPoolReseedLevel;
},
//-------------------------------------------------------------------------
'reseedCounter': function() {
return this._reseedCounter;
},
'incrementReseedCounter': function() {
this._reseedCounter = this._reseedCounter +1;
},
//-------------------------------------------------------------------------
'reseed': function() {
var newKeySeed;
var reseedCounter;
var reseedCounterMask;
var i, c;
newKeySeed = this.key();
this.incrementReseedCounter();
reseedCounter = this.reseedCounter();
c = this.numberOfEntropyAccumulators();
reseedCounterMask = 0xffffffff >>> (32 - c);
for (i=0; i<c; i++) {
if ((i == 0) || ((reseedCounter & (reseedCounterMask >>> (c - i))) == 0)) {
newKeySeed.appendBlock(this.accumulators()[i].stack());
this.accumulators()[i].resetStack();
}
}
if (reseedCounter == 1) {
c = this.randomnessSources().length;
for (i=0; i<c; i++) {
this.randomnessSources()[i].setBoostMode(false);
}
}
this.setKey(Clipperz.Crypto.SHA.sha_d256(newKeySeed));
if (reseedCounter == 1) {
-//MochiKit.Logging.logDebug("### PRNG.readyToGenerateRandomBytes");
Clipperz.log("### PRNG.readyToGenerateRandomBytes");
MochiKit.Signal.signal(this, 'readyToGenerateRandomBytes');
}
MochiKit.Signal.signal(this, 'reseeded');
},
//-------------------------------------------------------------------------
'isReadyToGenerateRandomValues': function() {
return this.reseedCounter() != 0;
},
//-------------------------------------------------------------------------
'entropyLevel': function() {
return this.accumulators()[0].stack().length() + (this.reseedCounter() * this.firstPoolReseedLevel());
},
//-------------------------------------------------------------------------
'counter': function() {
return this._counter;
},
'incrementCounter': function() {
this._counter += 1;
},
'counterBlock': function() {
var result;
result = new Clipperz.ByteArray().appendWords(this.counter(), 0, 0, 0);
return result;
},
//-------------------------------------------------------------------------
'getRandomBlock': function() {
var result;
result = new Clipperz.ByteArray(Clipperz.Crypto.AES.encryptBlock(this.aesKey(), this.counterBlock().arrayValues()));
this.incrementCounter();
return result;
},
//-------------------------------------------------------------------------
'getRandomBytes': function(aSize) {
var result;
if (this.isReadyToGenerateRandomValues()) {
var i,c;
var newKey;
result = new Clipperz.ByteArray();
c = Math.ceil(aSize / (128 / 8));
for (i=0; i<c; i++) {
result.appendBlock(this.getRandomBlock());
}
if (result.length() != aSize) {
result = result.split(0, aSize);
}
newKey = this.getRandomBlock().appendBlock(this.getRandomBlock());
this.setKey(newKey);
} else {
-MochiKit.Logging.logWarning("Fortuna generator has not enough entropy, yet!");
+Clipperz.logWarning("Fortuna generator has not enough entropy, yet!");
throw Clipperz.Crypto.PRNG.exception.NotEnoughEntropy;
}
return result;
},
//-------------------------------------------------------------------------
'addRandomByte': function(aSourceId, aPoolId, aRandomValue) {
var selectedAccumulator;
selectedAccumulator = this.accumulators()[aPoolId];
selectedAccumulator.addRandomByte(aRandomValue);
if (aPoolId == 0) {
MochiKit.Signal.signal(this, 'addedRandomByte')
if (selectedAccumulator.stack().length() > this.firstPoolReseedLevel()) {
this.reseed();
}
}
},
//-------------------------------------------------------------------------
'numberOfEntropyAccumulators': function() {
return this._numberOfEntropyAccumulators;
},
//-------------------------------------------------------------------------
'randomnessSources': function() {
return this._randomnessSources;
},
'addRandomnessSource': function(aRandomnessSource) {
aRandomnessSource.setGenerator(this);
aRandomnessSource.setSourceId(this.randomnessSources().length);
this.randomnessSources().push(aRandomnessSource);
if (this.isReadyToGenerateRandomValues() == false) {
aRandomnessSource.setBoostMode(true);
}
},
//-------------------------------------------------------------------------
'deferredEntropyCollection': function(aValue) {
var result;
-//MochiKit.Logging.logDebug(">>> PRNG.deferredEntropyCollection");
if (this.isReadyToGenerateRandomValues()) {
-//MochiKit.Logging.logDebug("--- PRNG.deferredEntropyCollection - 1");
result = aValue;
} else {
-//MochiKit.Logging.logDebug("--- PRNG.deferredEntropyCollection - 2");
var deferredResult;
-// Clipperz.NotificationCenter.notify(this, 'updatedProgressState', 'collectingEntropy', true);
-
deferredResult = new Clipperz.Async.Deferred("PRNG.deferredEntropyCollection");
-// deferredResult.addBoth(function(res) {MochiKit.Logging.logDebug("1.2.1 - PRNG.deferredEntropyCollection - 1: " + res); return res;});
deferredResult.addCallback(MochiKit.Base.partial(MochiKit.Async.succeed, aValue));
-// deferredResult.addBoth(function(res) {MochiKit.Logging.logDebug("1.2.2 - PRNG.deferredEntropyCollection - 2: " + res); return res;});
MochiKit.Signal.connect(this,
'readyToGenerateRandomBytes',
deferredResult,
'callback');
result = deferredResult;
}
-//MochiKit.Logging.logDebug("<<< PRNG.deferredEntropyCollection - result: " + result);
return result;
},
//-------------------------------------------------------------------------
'fastEntropyAccumulationForTestingPurpose': function() {
while (! this.isReadyToGenerateRandomValues()) {
this.addRandomByte(Math.floor(Math.random() * 32), Math.floor(Math.random() * 32), Math.floor(Math.random() * 256));
}
},
//-------------------------------------------------------------------------
'dump': function(appendToDoc) {
var tbl;
var i,c;
tbl = document.createElement("table");
tbl.border = 0;
with (tbl.style) {
border = "1px solid lightgrey";
fontFamily = 'Helvetica, Arial, sans-serif';
fontSize = '8pt';
//borderCollapse = "collapse";
}
var hdr = tbl.createTHead();
var hdrtr = hdr.insertRow(0);
// document.createElement("tr");
{
var ntd;
ntd = hdrtr.insertCell(0);
ntd.style.borderBottom = "1px solid lightgrey";
ntd.style.borderRight = "1px solid lightgrey";
ntd.appendChild(document.createTextNode("#"));
ntd = hdrtr.insertCell(1);
ntd.style.borderBottom = "1px solid lightgrey";
ntd.style.borderRight = "1px solid lightgrey";
ntd.appendChild(document.createTextNode("s"));
ntd = hdrtr.insertCell(2);
ntd.colSpan = this.firstPoolReseedLevel();
ntd.style.borderBottom = "1px solid lightgrey";
ntd.style.borderRight = "1px solid lightgrey";
ntd.appendChild(document.createTextNode("base values"));
ntd = hdrtr.insertCell(3);
ntd.colSpan = 20;
ntd.style.borderBottom = "1px solid lightgrey";
ntd.appendChild(document.createTextNode("extra values"));
}
c = this.accumulators().length;
for (i=0; i<c ; i++) {
var currentAccumulator;
var bdytr;
var bdytd;
var ii, cc;
currentAccumulator = this.accumulators()[i]
bdytr = tbl.insertRow(true);
bdytd = bdytr.insertCell(0);
bdytd.style.borderRight = "1px solid lightgrey";
bdytd.style.color = "lightgrey";
bdytd.appendChild(document.createTextNode("" + i));
bdytd = bdytr.insertCell(1);
bdytd.style.borderRight = "1px solid lightgrey";
bdytd.style.color = "gray";
bdytd.appendChild(document.createTextNode("" + currentAccumulator.stack().length()));
cc = Math.max(currentAccumulator.stack().length(), this.firstPoolReseedLevel());
for (ii=0; ii<cc; ii++) {
var cellText;
bdytd = bdytr.insertCell(ii + 2);
if (ii < currentAccumulator.stack().length()) {
cellText = Clipperz.ByteArray.byteToHex(currentAccumulator.stack().byteAtIndex(ii));
} else {
cellText = "_";
}
if (ii == (this.firstPoolReseedLevel() - 1)) {
bdytd.style.borderRight = "1px solid lightgrey";
}
bdytd.appendChild(document.createTextNode(cellText));
}
}
if (appendToDoc) {
var ne = document.createElement("div");
ne.id = "entropyGeneratorStatus";
with (ne.style) {
fontFamily = "Courier New, monospace";
fontSize = "12px";
lineHeight = "16px";
borderTop = "1px solid black";
padding = "10px";
}
if (document.getElementById(ne.id)) {
MochiKit.DOM.swapDOM(ne.id, ne);
} else {
document.body.appendChild(ne);
}
ne.appendChild(tbl);
}
return tbl;
},
//-----------------------------------------------------------------------------
__syntaxFix__: "syntax fix"
});
//#############################################################################
Clipperz.Crypto.PRNG.Random = function(args) {
args = args || {};
// MochiKit.Base.bindMethods(this);
return this;
}
Clipperz.Crypto.PRNG.Random.prototype = MochiKit.Base.update(null, {
'toString': function() {
return "Clipperz.Crypto.PRNG.Random";
},
//-------------------------------------------------------------------------
'getRandomBytes': function(aSize) {
//Clipperz.Profile.start("Clipperz.Crypto.PRNG.Random.getRandomBytes");
var result;
var i,c;
result = new Clipperz.ByteArray()
c = aSize || 1;
for (i=0; i<c; i++) {
result.appendByte((Math.random()*255) & 0xff);
}
//Clipperz.Profile.stop("Clipperz.Crypto.PRNG.Random.getRandomBytes");
return result;
},
//-------------------------------------------------------------------------
__syntaxFix__: "syntax fix"
});
//#############################################################################
_clipperz_crypt_prng_defaultPRNG = null;
Clipperz.Crypto.PRNG.defaultRandomGenerator = function() {
if (_clipperz_crypt_prng_defaultPRNG == null) {
_clipperz_crypt_prng_defaultPRNG = new Clipperz.Crypto.PRNG.Fortuna();
//.............................................................
//
// TimeRandomnessSource
//
//.............................................................
{
var newRandomnessSource;
newRandomnessSource = new Clipperz.Crypto.PRNG.TimeRandomnessSource({intervalTime:111});
_clipperz_crypt_prng_defaultPRNG.addRandomnessSource(newRandomnessSource);
}
//.............................................................
//
// MouseRandomnessSource
//
//.............................................................
{
var newRandomnessSource;
newRandomnessSource = new Clipperz.Crypto.PRNG.MouseRandomnessSource();
_clipperz_crypt_prng_defaultPRNG.addRandomnessSource(newRandomnessSource);
}
//.............................................................
//
// KeyboardRandomnessSource
//
//.............................................................
{
var newRandomnessSource;
newRandomnessSource = new Clipperz.Crypto.PRNG.KeyboardRandomnessSource();
_clipperz_crypt_prng_defaultPRNG.addRandomnessSource(newRandomnessSource);
}
}
return _clipperz_crypt_prng_defaultPRNG;
};
//#############################################################################
Clipperz.Crypto.PRNG.exception = {
NotEnoughEntropy: new MochiKit.Base.NamedError("Clipperz.Crypto.PRNG.exception.NotEnoughEntropy")
};
MochiKit.DOM.addLoadEvent(Clipperz.Crypto.PRNG.defaultRandomGenerator);
diff --git a/frontend/gamma/js/Clipperz/Crypto/RSA.js b/frontend/gamma/js/Clipperz/Crypto/RSA.js
index 6844dba..5a480f1 100644
--- a/frontend/gamma/js/Clipperz/Crypto/RSA.js
+++ b/frontend/gamma/js/Clipperz/Crypto/RSA.js
@@ -1,148 +1,146 @@
/*
-Copyright 2008-2011 Clipperz Srl
+Copyright 2008-2013 Clipperz Srl
-This file is part of Clipperz Community Edition.
-Clipperz Community Edition is an online password manager.
+This file is part of Clipperz, the online password manager.
For further information about its features and functionalities please
refer to http://www.clipperz.com.
-* Clipperz Community Edition is free software: you can redistribute
- it and/or modify it under the terms of the GNU Affero General Public
- License as published by the Free Software Foundation, either version
- 3 of the License, or (at your option) any later version.
+* Clipperz is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
-* Clipperz Community Edition is distributed in the hope that it will
- be useful, but WITHOUT ANY WARRANTY; without even the implied
- warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+* Clipperz is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU Affero General Public License for more details.
* You should have received a copy of the GNU Affero General Public
- License along with Clipperz Community Edition. If not, see
- <http://www.gnu.org/licenses/>.
+ License along with Clipperz. If not, see http://www.gnu.org/licenses/.
*/
try { if (typeof(Clipperz.Crypto.BigInt) == 'undefined') { throw ""; }} catch (e) {
throw "Clipperz.Crypto.RSA depends on Clipperz.Crypto.BigInt!";
}
if (typeof(Clipperz.Crypto.RSA) == 'undefined') { Clipperz.Crypto.RSA = {}; }
Clipperz.Crypto.RSA.VERSION = "0.1";
Clipperz.Crypto.RSA.NAME = "Clipperz.RSA";
//#############################################################################
MochiKit.Base.update(Clipperz.Crypto.RSA, {
//-------------------------------------------------------------------------
'publicKeyWithValues': function (e, d, n) {
var result;
result = {};
if (e.isBigInt) {
result.e = e;
} else {
result.e = new Clipperz.Crypto.BigInt(e, 16);
}
if (d.isBigInt) {
result.d = d;
} else {
result.d = new Clipperz.Crypto.BigInt(d, 16);
}
if (n.isBigInt) {
result.n = n;
} else {
result.n = new Clipperz.Crypto.BigInt(n, 16);
}
return result;
},
'privateKeyWithValues': function(e, d, n) {
return Clipperz.Crypto.RSA.publicKeyWithValues(e, d, n);
},
//-----------------------------------------------------------------------------
'encryptUsingPublicKey': function (aKey, aMessage) {
var messageValue;
var result;
messageValue = new Clipperz.Crypto.BigInt(aMessage, 16);
result = messageValue.powerModule(aKey.e, aKey.n);
return result.asString(16);
},
//.............................................................................
'decryptUsingPublicKey': function (aKey, aMessage) {
return Clipperz.Crypto.RSA.encryptUsingPublicKey(aKey, aMessage);
},
//-----------------------------------------------------------------------------
'encryptUsingPrivateKey': function (aKey, aMessage) {
var messageValue;
var result;
messageValue = new Clipperz.Crypto.BigInt(aMessage, 16);
result = messageValue.powerModule(aKey.d, aKey.n);
return result.asString(16);
},
//.............................................................................
'decryptUsingPrivateKey': function (aKey, aMessage) {
return Clipperz.Crypto.RSA.encryptUsingPrivateKey(aKey, aMessage);
},
//-----------------------------------------------------------------------------
'generatePublicKey': function(aNumberOfBits) {
var result;
var e;
var d;
var n;
e = new Clipperz.Crypto.BigInt("10001", 16);
{
var p, q;
var phi;
do {
p = Clipperz.Crypto.BigInt.randomPrime(aNumberOfBits);
} while (p.module(e).equals(1));
do {
q = Clipperz.Crypto.BigInt.randomPrime(aNumberOfBits);
} while ((q.equals(p)) || (q.module(e).equals(1)));
n = p.multiply(q);
phi = (p.subtract(1).multiply(q.subtract(1)));
d = e.powerModule(-1, phi);
}
result = Clipperz.Crypto.RSA.publicKeyWithValues(e, d, n);
return result;
},
//-------------------------------------------------------------------------
__syntaxFix__: "syntax fix"
//-------------------------------------------------------------------------
});
//#############################################################################
diff --git a/frontend/gamma/js/Clipperz/Crypto/SHA.js b/frontend/gamma/js/Clipperz/Crypto/SHA.js
index b07fa85..f8bfe6e 100644
--- a/frontend/gamma/js/Clipperz/Crypto/SHA.js
+++ b/frontend/gamma/js/Clipperz/Crypto/SHA.js
@@ -1,298 +1,296 @@
/*
-Copyright 2008-2011 Clipperz Srl
+Copyright 2008-2013 Clipperz Srl
-This file is part of Clipperz Community Edition.
-Clipperz Community Edition is an online password manager.
+This file is part of Clipperz, the online password manager.
For further information about its features and functionalities please
refer to http://www.clipperz.com.
-* Clipperz Community Edition is free software: you can redistribute
- it and/or modify it under the terms of the GNU Affero General Public
- License as published by the Free Software Foundation, either version
- 3 of the License, or (at your option) any later version.
+* Clipperz is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
-* Clipperz Community Edition is distributed in the hope that it will
- be useful, but WITHOUT ANY WARRANTY; without even the implied
- warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+* Clipperz is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU Affero General Public License for more details.
* You should have received a copy of the GNU Affero General Public
- License along with Clipperz Community Edition. If not, see
- <http://www.gnu.org/licenses/>.
+ License along with Clipperz. If not, see http://www.gnu.org/licenses/.
*/
try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) {
throw "Clipperz.Crypto.PRNG depends on Clipperz.ByteArray!";
}
if (typeof(Clipperz.Crypto) == 'undefined') { Clipperz.Crypto = {}; }
if (typeof(Clipperz.Crypto.SHA) == 'undefined') { Clipperz.Crypto.SHA = {}; }
Clipperz.Crypto.SHA.VERSION = "0.3";
Clipperz.Crypto.SHA.NAME = "Clipperz.Crypto.SHA";
MochiKit.Base.update(Clipperz.Crypto.SHA, {
'__repr__': function () {
return "[" + this.NAME + " " + this.VERSION + "]";
},
'toString': function () {
return this.__repr__();
},
//-----------------------------------------------------------------------------
'rotateRight': function(aValue, aNumberOfBits) {
//Clipperz.Profile.start("Clipperz.Crypto.SHA.rotateRight");
var result;
result = (aValue >>> aNumberOfBits) | (aValue << (32 - aNumberOfBits));
//Clipperz.Profile.stop("Clipperz.Crypto.SHA.rotateRight");
return result;
},
'shiftRight': function(aValue, aNumberOfBits) {
//Clipperz.Profile.start("Clipperz.Crypto.SHA.shiftRight");
var result;
result = aValue >>> aNumberOfBits;
//Clipperz.Profile.stop("Clipperz.Crypto.SHA.shiftRight");
return result;
},
//-----------------------------------------------------------------------------
'safeAdd': function() {
//Clipperz.Profile.start("Clipperz.Crypto.SHA.safeAdd");
var result;
var i, c;
result = arguments[0];
c = arguments.length;
for (i=1; i<c; i++) {
var lowerBytesSum;
lowerBytesSum = (result & 0xffff) + (arguments[i] & 0xffff);
result = (((result >> 16) + (arguments[i] >> 16) + (lowerBytesSum >> 16)) << 16) | (lowerBytesSum & 0xffff);
}
//Clipperz.Profile.stop("Clipperz.Crypto.SHA.safeAdd");
return result;
},
//-----------------------------------------------------------------------------
'sha256_array': function(aValue) {
//Clipperz.Profile.start("Clipperz.Crypto.SHA.sha256_array");
var result;
var message;
var h0, h1, h2, h3, h4, h5, h6, h7;
var k;
var messageLength;
var messageLengthInBits;
var _i, _c;
var charBits;
var rotateRight;
var shiftRight;
var safeAdd;
var bytesPerBlock;
var currentMessageIndex;
bytesPerBlock = 512/8;
rotateRight = Clipperz.Crypto.SHA.rotateRight;
shiftRight = Clipperz.Crypto.SHA.shiftRight;
safeAdd = Clipperz.Crypto.SHA.safeAdd;
charBits = 8;
h0 = 0x6a09e667;
h1 = 0xbb67ae85;
h2 = 0x3c6ef372;
h3 = 0xa54ff53a;
h4 = 0x510e527f;
h5 = 0x9b05688c;
h6 = 0x1f83d9ab;
h7 = 0x5be0cd19;
k = [ 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2];
message = aValue;
messageLength = message.length;
//Pre-processing:
message.push(0x80); // append a single "1" bit to message
_c = (512 - (((messageLength + 1) * charBits) % 512) - 64) / charBits;
if (_c < 0) {
_c = _c + (512 / charBits);
}
for (_i=0; _i<_c; _i++) {
message.push(0x00); // append "0" bits until message length ≡ 448 ≡ -64 (mod 512)
}
messageLengthInBits = messageLength * charBits;
message.push(0x00); // the 4 most high byte are alway 0 as message length is represented with a 32bit value;
message.push(0x00);
message.push(0x00);
message.push(0x00);
message.push((messageLengthInBits >> 24) & 0xff);
message.push((messageLengthInBits >> 16) & 0xff);
message.push((messageLengthInBits >> 8) & 0xff);
message.push( messageLengthInBits & 0xff);
currentMessageIndex = 0;
while(currentMessageIndex < message.length) {
var w;
var a, b, c, d, e, f, g, h;
w = Array(64);
_c = 16;
for (_i=0; _i<_c; _i++) {
var _j;
_j = currentMessageIndex + _i*4;
w[_i] = (message[_j] << 24) | (message[_j + 1] << 16) | (message[_j + 2] << 8) | (message[_j + 3] << 0);
}
_c = 64;
for (_i=16; _i<_c; _i++) {
var s0, s1;
s0 = (rotateRight(w[_i-15], 7)) ^ (rotateRight(w[_i-15], 18)) ^ (shiftRight(w[_i-15], 3));
s1 = (rotateRight(w[_i-2], 17)) ^ (rotateRight(w[_i-2], 19)) ^ (shiftRight(w[_i-2], 10));
w[_i] = safeAdd(w[_i-16], s0, w[_i-7], s1);
}
a=h0; b=h1; c=h2; d=h3; e=h4; f=h5; g=h6; h=h7;
_c = 64;
for (_i=0; _i<_c; _i++) {
var s0, s1, ch, maj, t1, t2;
s0 = (rotateRight(a, 2)) ^ (rotateRight(a, 13)) ^ (rotateRight(a, 22));
maj = (a & b) ^ (a & c) ^ (b & c);
t2 = safeAdd(s0, maj);
s1 = (rotateRight(e, 6)) ^ (rotateRight(e, 11)) ^ (rotateRight(e, 25));
ch = (e & f) ^ ((~e) & g);
t1 = safeAdd(h, s1, ch, k[_i], w[_i]);
h = g;
g = f;
f = e;
e = safeAdd(d, t1);
d = c;
c = b;
b = a;
a = safeAdd(t1, t2);
}
h0 = safeAdd(h0, a);
h1 = safeAdd(h1, b);
h2 = safeAdd(h2, c);
h3 = safeAdd(h3, d);
h4 = safeAdd(h4, e);
h5 = safeAdd(h5, f);
h6 = safeAdd(h6, g);
h7 = safeAdd(h7, h);
currentMessageIndex += bytesPerBlock;
}
result = new Array(256/8);
result[0] = (h0 >> 24) & 0xff;
result[1] = (h0 >> 16) & 0xff;
result[2] = (h0 >> 8) & 0xff;
result[3] = h0 & 0xff;
result[4] = (h1 >> 24) & 0xff;
result[5] = (h1 >> 16) & 0xff;
result[6] = (h1 >> 8) & 0xff;
result[7] = h1 & 0xff;
result[8] = (h2 >> 24) & 0xff;
result[9] = (h2 >> 16) & 0xff;
result[10] = (h2 >> 8) & 0xff;
result[11] = h2 & 0xff;
result[12] = (h3 >> 24) & 0xff;
result[13] = (h3 >> 16) & 0xff;
result[14] = (h3 >> 8) & 0xff;
result[15] = h3 & 0xff;
result[16] = (h4 >> 24) & 0xff;
result[17] = (h4 >> 16) & 0xff;
result[18] = (h4 >> 8) & 0xff;
result[19] = h4 & 0xff;
result[20] = (h5 >> 24) & 0xff;
result[21] = (h5 >> 16) & 0xff;
result[22] = (h5 >> 8) & 0xff;
result[23] = h5 & 0xff;
result[24] = (h6 >> 24) & 0xff;
result[25] = (h6 >> 16) & 0xff;
result[26] = (h6 >> 8) & 0xff;
result[27] = h6 & 0xff;
result[28] = (h7 >> 24) & 0xff;
result[29] = (h7 >> 16) & 0xff;
result[30] = (h7 >> 8) & 0xff;
result[31] = h7 & 0xff;
//Clipperz.Profile.stop("Clipperz.Crypto.SHA.sha256_array");
return result;
},
//-----------------------------------------------------------------------------
'sha256': function(aValue) {
//Clipperz.Profile.start("Clipperz.Crypto.SHA.sha256");
var result;
var resultArray;
var valueArray;
valueArray = aValue.arrayValues();
resultArray = Clipperz.Crypto.SHA.sha256_array(valueArray);
result = new Clipperz.ByteArray(resultArray);
//Clipperz.Profile.stop("Clipperz.Crypto.SHA.sha256");
return result;
},
//-----------------------------------------------------------------------------
'sha_d256': function(aValue) {
//Clipperz.Profile.start("Clipperz.Crypto.SHA.sha_d256");
var result;
var resultArray;
var valueArray;
valueArray = aValue.arrayValues();
resultArray = Clipperz.Crypto.SHA.sha256_array(valueArray);
resultArray = Clipperz.Crypto.SHA.sha256_array(resultArray);
result = new Clipperz.ByteArray(resultArray);
//Clipperz.Profile.stop("Clipperz.Crypto.SHA.sha256");
return result;
},
//-----------------------------------------------------------------------------
__syntaxFix__: "syntax fix"
});
diff --git a/frontend/gamma/js/Clipperz/Crypto/SRP.js b/frontend/gamma/js/Clipperz/Crypto/SRP.js
index 3b25275..597e72d 100644
--- a/frontend/gamma/js/Clipperz/Crypto/SRP.js
+++ b/frontend/gamma/js/Clipperz/Crypto/SRP.js
@@ -1,328 +1,316 @@
/*
-Copyright 2008-2011 Clipperz Srl
+Copyright 2008-2013 Clipperz Srl
-This file is part of Clipperz Community Edition.
-Clipperz Community Edition is an online password manager.
+This file is part of Clipperz, the online password manager.
For further information about its features and functionalities please
refer to http://www.clipperz.com.
-* Clipperz Community Edition is free software: you can redistribute
- it and/or modify it under the terms of the GNU Affero General Public
- License as published by the Free Software Foundation, either version
- 3 of the License, or (at your option) any later version.
+* Clipperz is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
-* Clipperz Community Edition is distributed in the hope that it will
- be useful, but WITHOUT ANY WARRANTY; without even the implied
- warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+* Clipperz is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU Affero General Public License for more details.
* You should have received a copy of the GNU Affero General Public
- License along with Clipperz Community Edition. If not, see
- <http://www.gnu.org/licenses/>.
+ License along with Clipperz. If not, see http://www.gnu.org/licenses/.
*/
try { if (typeof(Clipperz.ByteArray) == 'undefined') { throw ""; }} catch (e) {
throw "Clipperz.Crypto.PRNG depends on Clipperz.ByteArray!";
}
try { if (typeof(Clipperz.Crypto.BigInt) == 'undefined') { throw ""; }} catch (e) {
throw "Clipperz.Crypto.SRP depends on Clipperz.Crypto.BigInt!";
}
try { if (typeof(Clipperz.Crypto.PRNG) == 'undefined') { throw ""; }} catch (e) {
throw "Clipperz.Crypto.SRP depends on Clipperz.Crypto.PRNG!";
}
if (typeof(Clipperz.Crypto.SRP) == 'undefined') { Clipperz.Crypto.SRP = {}; }
Clipperz.Crypto.SRP.VERSION = "0.1";
Clipperz.Crypto.SRP.NAME = "Clipperz.Crypto.SRP";
//#############################################################################
MochiKit.Base.update(Clipperz.Crypto.SRP, {
'_n': null,
'_g': null,
//-------------------------------------------------------------------------
'n': function() {
if (Clipperz.Crypto.SRP._n == null) {
Clipperz.Crypto.SRP._n = new Clipperz.Crypto.BigInt("115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3", 16);
}
return Clipperz.Crypto.SRP._n;
},
//-------------------------------------------------------------------------
'g': function() {
if (Clipperz.Crypto.SRP._g == null) {
Clipperz.Crypto.SRP._g = new Clipperz.Crypto.BigInt(2); // eventually 5 (as suggested on the Diffi-Helmann documentation)
}
return Clipperz.Crypto.SRP._g;
},
//-----------------------------------------------------------------------------
'exception': {
'InvalidValue': new MochiKit.Base.NamedError("Clipperz.Crypto.SRP.exception.InvalidValue")
},
//-------------------------------------------------------------------------
__syntaxFix__: "syntax fix"
});
//#############################################################################
//
// S R P C o n n e c t i o n version 1.0
//
//=============================================================================
Clipperz.Crypto.SRP.Connection = function (args) {
args = args || {};
this._C = args.C;
this._P = args.P;
this.hash = args.hash;
this._a = null;
this._A = null;
this._s = null;
this._B = null;
this._x = null;
this._u = null;
this._K = null;
this._M1 = null;
this._M2 = null;
this._sessionKey = null;
return this;
}
Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, {
'toString': function () {
return "Clipperz.Crypto.SRP.Connection (username: " + this.username() + "). Status: " + this.statusDescription();
},
//-------------------------------------------------------------------------
'C': function () {
return this._C;
},
//-------------------------------------------------------------------------
'P': function () {
return this._P;
},
//-------------------------------------------------------------------------
'a': function () {
if (this._a == null) {
this._a = new Clipperz.Crypto.BigInt(Clipperz.Crypto.PRNG.defaultRandomGenerator().getRandomBytes(32).toHexString().substring(2), 16);
// this._a = new Clipperz.Crypto.BigInt("37532428169486597638072888476611365392249575518156687476805936694442691012367", 10);
-//MochiKit.Logging.logDebug("SRP a: " + this._a);
}
return this._a;
},
//-------------------------------------------------------------------------
'A': function () {
if (this._A == null) {
// Warning: this value should be strictly greater than zero: how should we perform this check?
this._A = Clipperz.Crypto.SRP.g().powerModule(this.a(), Clipperz.Crypto.SRP.n());
if (this._A.equals(0)) {
-MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'A' to 0.");
+ Clipperz.logError("Clipperz.Crypto.SRP.Connection: trying to set 'A' to 0.");
throw Clipperz.Crypto.SRP.exception.InvalidValue;
}
-//MochiKit.Logging.logDebug("SRP A: " + this._A);
}
return this._A;
},
//-------------------------------------------------------------------------
's': function () {
return this._s;
-//MochiKit.Logging.logDebug("SRP s: " + this._S);
},
'set_s': function(aValue) {
this._s = aValue;
},
//-------------------------------------------------------------------------
'B': function () {
return this._B;
},
'set_B': function(aValue) {
// Warning: this value should be strictly greater than zero: how should we perform this check?
if (! aValue.equals(0)) {
this._B = aValue;
-//MochiKit.Logging.logDebug("SRP B: " + this._B);
} else {
-MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to 0.");
+ Clipperz.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to 0.");
throw Clipperz.Crypto.SRP.exception.InvalidValue;
}
},
//-------------------------------------------------------------------------
'x': function () {
if (this._x == null) {
this._x = new Clipperz.Crypto.BigInt(this.stringHash(this.s().asString(16, 64) + this.P()), 16);
-//MochiKit.Logging.logDebug("SRP x: " + this._x);
}
return this._x;
},
//-------------------------------------------------------------------------
'u': function () {
if (this._u == null) {
this._u = new Clipperz.Crypto.BigInt(this.stringHash(this.B().asString()), 16);
-//MochiKit.Logging.logDebug("SRP u: " + this._u);
}
return this._u;
},
//-------------------------------------------------------------------------
'S': function () {
if (this._S == null) {
var bigint;
var srp;
bigint = Clipperz.Crypto.BigInt;
srp = Clipperz.Crypto.SRP;
this._S = bigint.powerModule(
bigint.subtract(this.B(), bigint.powerModule(srp.g(), this.x(), srp.n())),
bigint.add(this.a(), bigint.multiply(this.u(), this.x())),
srp.n()
)
-//MochiKit.Logging.logDebug("SRP S: " + this._S);
}
return this._S;
},
//-------------------------------------------------------------------------
'K': function () {
if (this._K == null) {
this._K = this.stringHash(this.S().asString());
-//MochiKit.Logging.logDebug("SRP K: " + this._K);
}
return this._K;
},
//-------------------------------------------------------------------------
'M1': function () {
if (this._M1 == null) {
this._M1 = this.stringHash(this.A().asString(10) + this.B().asString(10) + this.K());
-//MochiKit.Logging.logDebug("SRP M1: " + this._M1);
}
return this._M1;
},
//-------------------------------------------------------------------------
'M2': function () {
if (this._M2 == null) {
this._M2 = this.stringHash(this.A().asString(10) + this.M1() + this.K());
-//MochiKit.Logging.logDebug("SRP M2: " + this._M2);
}
return this._M2;
},
//=========================================================================
'serverSideCredentialsWithSalt': function(aSalt) {
var result;
var s, x, v;
s = aSalt;
x = this.stringHash(s + this.P());
v = Clipperz.Crypto.SRP.g().powerModule(new Clipperz.Crypto.BigInt(x, 16), Clipperz.Crypto.SRP.n());
result = {};
result['C'] = this.C();
result['s'] = s;
result['v'] = v.asString(16);
return result;
},
'serverSideCredentials': function() {
var result;
var s;
s = Clipperz.Crypto.PRNG.defaultRandomGenerator().getRandomBytes(32).toHexString().substring(2);
result = this.serverSideCredentialsWithSalt(s);
return result;
},
//=========================================================================
/*
'computeServerSide_S': function(b) {
var result;
var v;
var bigint;
var srp;
bigint = Clipperz.Crypto.BigInt;
srp = Clipperz.Crypto.SRP;
v = new Clipperz.Crypto.BigInt(srpConnection.serverSideCredentialsWithSalt(this.s().asString(16, 64)).v, 16);
// _S = (this.A().multiply(this.v().modPow(this.u(), this.n()))).modPow(this.b(), this.n());
result = bigint.powerModule(
bigint.multiply(
this.A(),
bigint.powerModule(v, this.u(), srp.n())
), new Clipperz.Crypto.BigInt(b, 10), srp.n()
);
return result;
},
*/
//=========================================================================
'stringHash': function(aValue) {
var result;
result = this.hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2);
return result;
},
//=========================================================================
__syntaxFix__: "syntax fix"
});
//#############################################################################