From 5d803ff8126d14e0e7791bca7bc813dd8fb0eefb Mon Sep 17 00:00:00 2001 From: Brian Warner Date: Wed, 5 Sep 2012 09:20:18 -0700 Subject: [PATCH] files to test a JS version of ed25519/curve25519 --- js/djbec.js | 308 ++++++++++++++++++++++++ js/index.html | 16 ++ js/jsbn.js | 559 +++++++++++++++++++++++++++++++++++++++++++ js/jsbn2.js | 648 ++++++++++++++++++++++++++++++++++++++++++++++++++ js/sha.js | 38 +++ 5 files changed, 1569 insertions(+) create mode 100644 js/djbec.js create mode 100644 js/index.html create mode 100644 js/jsbn.js create mode 100644 js/jsbn2.js create mode 100755 js/sha.js diff --git a/js/djbec.js b/js/djbec.js new file mode 100644 index 0000000..ae0c22b --- /dev/null +++ b/js/djbec.js @@ -0,0 +1,308 @@ + +// Ed25519 - digital signatures based on curve25519 +// Adapted from http://ed25519.cr.yp.to/python/ed25519.py by Ron Garret +// December 2011 +// +// Requires jsbn and jsSHA +// http://www-cs-students.stanford.edu/~tjw/jsbn/ +// +// Running under v8 highly recommended. Anything else is pretty slow. + +function chr(n) { return String.fromCharCode(n); } +function ord(c) { return c.charCodeAt(0); } + +function bi(s, base) { return new BigInteger(s, base); } + +var zero = BigInteger.ZERO; +var one = BigInteger.ONE; +var two = bi('2'); + +BigInteger.prototype.times = BigInteger.prototype.multiply; +BigInteger.prototype.plus = BigInteger.prototype.add; +BigInteger.prototype.minus = BigInteger.prototype.subtract; + +var xff = bi('255'); +var b = bi('256'); +var q = two.pow(bi('255')).subtract(bi('19')); +var l = two.pow(252).add(bi('27742317777372353535851937790883648493')); + +function inv(n) { return n.mod(q).modInverse(q); } + +var d = bi('-121665').times(inv(bi('121666'))).mod(q); +var i = two.modPow(q.subtract(one).divide(bi('4')), q); + +function xrecover(y) { + var ysquared = y.times(y); + var xx = ysquared.subtract(one).times(inv(one.add(d.times(ysquared)))); + var x = xx.modPow(q.add(bi('3')).divide(bi('8')), q); + if (!(x.times(x).subtract(xx).mod(q).equals(zero))) { + x = x.times(i).mod(q); + } + if (!(x.mod(two).equals(zero))) { + x = q.minus(x); + } + return x; +} + +var by = inv(bi('5')).times(bi('4')).mod(q); +var bx = xrecover(by); +var bp = [bx, by] + +// Simple but slow version + +function edwards(p1, p2) { + var x1 = p1[0]; var y1 = p1[1]; var x2 = p2[0]; var y2 = p2[1]; + var k = d.times(x1).times(x2).times(y1).times(y2); + var x3 = x1.times(y2).add(x2.times(y1)).times(inv(one.plus(k))); + var y3 = y1.times(y2).add(x1.times(x2)).times(inv(one.minus(k))); + return [x3.mod(q), y3.mod(q)]; +} + +function slow_scalarmult(p, e) { + if (e.equals(zero)) return [zero, one]; + var _ = scalarmult(p, e.divide(two)); + _ = edwards(_,_) + if (e.testBit(0)) return edwards(_, p); + else return _; +} + +// Faster (!) version based on: +// http://www.hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html + +function xpt_add(pt1, pt2) { + var x1 = pt1[0]; + var y1 = pt1[1]; + var z1 = pt1[2]; + var t1 = pt1[3]; + var x2 = pt2[0]; + var y2 = pt2[1]; + var z2 = pt2[2]; + var t2 = pt2[3]; + var A = y1.minus(x1).times(y2.plus(x2)).mod(q); + var B = y1.plus(x1).times(y2.minus(x2)).mod(q); + var C = z1.times(two).times(t2).mod(q); + var D = t1.times(two).times(z2).mod(q); + var E = D.plus(C); + var F = B.minus(A); + var G = B.plus(A); + var H = D.minus(C); + return [E.times(F).mod(q), G.times(H).mod(q), + F.times(G).mod(q), E.times(H).mod(q)]; +} + +function xpt_double(pt1) { + var x1 = pt1[0]; + var y1 = pt1[1]; + var z1 = pt1[2]; + var A = x1.times(x1); + var B = y1.times(y1); + var C = two.times(z1).times(z1); + var D = zero.minus(A).mod(q); + var J = x1.plus(y1); + var E = J.times(J).minus(A).minus(B); + var G = D.plus(B); + var F = G.minus(C); + var H = D.minus(B); + return [E.times(F).mod(q), G.times(H).mod(q), + F.times(G).mod(q), E.times(H).mod(q)]; +} + +function xpt_mult(pt, n) { + if (n.equals(zero)) return [zero, one, one, zero]; + var _ = xpt_mult(pt, n.shiftRight(1)); + _ = xpt_double(_); + if (n.testBit(0)) return xpt_add(_, pt); + else return _; +} + +function pt_xform(pt) { + var x = pt[0]; + var y = pt[1]; + return [x, y, one, x.times(y).mod(q)] +} + +function pt_unxform (pt) { + var x = pt[0]; + var y = pt[1]; + var z = pt[2]; + var invz = inv(z); + return [x.times(invz).mod(q), y.times(invz).mod(q)] +} + +function scalarmult(pt, n) { + return pt_unxform(xpt_mult(pt_xform(pt), n)); +} + +function encodeint(n) { + var a = new Array(32); + for (var i=0; i<32; i++) { + a[i]=n.and(xff); + n = n.shiftRight(8); + } + return a; +} + +function decodeint(a) { + var n = bi('0'); + for (var i = 0; i<32; i++) { + n=n.shiftLeft(8).add(bi(''+a[31-i])); // Blech!!! + } + return n; +} + +function encodepoint(p) { + var x = p[0]; + var y = p[1]; + return encodeint(y.add(x.and(one).shiftLeft(255))); +} + +function sha512(s) { + var shaObj = new jsSHA(s, "ASCII"); + return shaObj.getHash("SHA-512", "HEX"); +} + +function hex2bi(s) { + var n = new BigInteger(); + n.fromRadix(s, 16); + return n; +} + +function bi2bytes(n, cnt) { + var l = new Array(cnt); + for (var i = 0; i-1; i--) { + n = n.shiftLeft(8).or(bi(''+bytes[i])); + } + return n; +} + +function map(f, l) { + result = new Array(l.length); + for (var i=0; i>7) x = q.minus(x); + var p = [x,y]; + if (!isoncurve(p)) throw('Point is not on curve'); + return p; +} + +function checksig(sig, msg, pk) { + var r = decodepoint(sig.slice(0, 32)); + var a = decodepoint(pk); + var s = decodeint(sig.slice(32, 64)); + var h = inthash(bytes2string(encodepoint(r).concat(pk)) + msg); + var v1 = scalarmult(bp, s); + var v2 = edwards(r, scalarmult(a, h)); + return v1[0].equals(v2[0]) && v1[1].equals(v2[1]); +} + +function sig_test(msg) { + var pk = publickey('foo'); + var sig = signature(msg, 'foo', pk); + return checksig(sig, msg, pk); +} + +/////////////////////////////////////////////////////// +// +// Curve25519 diffie-helman +// + +function zpt_add(xz1, xz2, base) { + var x1 = xz1[0]; + var x2 = xz2[0]; + var z1 = xz1[1]; + var z2 = xz2[1]; + var x = x2.times(x1).minus(z2.times(z1)).square().shiftLeft(2).mod(q); + var z = x2.times(z1).minus(z2.times(x1)).square().shiftLeft(2).times(base).mod(q); + return [x,z]; +} + +function zpt_double(xz) { + var x = xz[0]; + var z = xz[1]; + var x1 = x.square().minus(z.square()).square().mod(q); + var z1 = x.times(z).times(x.square().plus(bi('486662').times(x).times(z).plus(z.square()))).shiftLeft(2).mod(q) + return [x1, z1] +} + +function zpt_sm(n, base) { + var bp = [base, one] + var bp2 = zpt_double(bp); + function f(m) { + if (m.equals(one)) return [bp, bp2]; + var pm_pm1 = f(m.shiftRight(1)); + var pm = pm_pm1[0]; + var pm1 = pm_pm1[1]; + if (m.testBit(0)) return [zpt_add(pm, pm1, base), zpt_double(pm1)]; + else return [zpt_double(pm), zpt_add(pm, pm1, base)]; + } + return f(n); +} + +function curve25519(n, base) { + base = base || bi('9'); + var xz_ = zpt_sm(n, base); + var x = xz_[0][0]; + var z = xz_[0][1]; + return x.times(z.modInverse(q)).mod(q); +} + +function dh_test(sk1, sk2) { + pk1 = curve25519(sk1); + pk2 = curve25519(sk2); + return curve25519(sk1, pk2).equals(curve25519(sk2, pk1)); +} diff --git a/js/index.html b/js/index.html new file mode 100644 index 0000000..a332d5f --- /dev/null +++ b/js/index.html @@ -0,0 +1,16 @@ + + +Codestin Search App + + + + + + + +

Test Ed25519.js

+ + + +
+ diff --git a/js/jsbn.js b/js/jsbn.js new file mode 100644 index 0000000..928cc4f --- /dev/null +++ b/js/jsbn.js @@ -0,0 +1,559 @@ +// Copyright (c) 2005 Tom Wu +// All Rights Reserved. +// See "LICENSE" for details. + +// Basic JavaScript BN library - subset useful for RSA encryption. + +// Bits per digit +var dbits; + +// JavaScript engine analysis +var canary = 0xdeadbeefcafe; +var j_lm = ((canary&0xffffff)==0xefcafe); + +// (public) Constructor +function BigInteger(a,b,c) { + if(a != null) + if("number" == typeof a) this.fromNumber(a,b,c); + else if(b == null && "string" != typeof a) this.fromString(a,256); + else this.fromString(a,b); +} + +// return new, unset BigInteger +function nbi() { return new BigInteger(null); } + +// am: Compute w_j += (x*this_i), propagate carries, +// c is initial carry, returns final carry. +// c < 3*dvalue, x < 2*dvalue, this_i < dvalue +// We need to select the fastest one that works in this environment. + +// am1: use a single mult and divide to get the high bits, +// max digit bits should be 26 because +// max internal value = 2*dvalue^2-2*dvalue (< 2^53) +function am1(i,x,w,j,c,n) { + while(--n >= 0) { + var v = x*this[i++]+w[j]+c; + c = Math.floor(v/0x4000000); + w[j++] = v&0x3ffffff; + } + return c; +} +// am2 avoids a big mult-and-extract completely. +// Max digit bits should be <= 30 because we do bitwise ops +// on values up to 2*hdvalue^2-hdvalue-1 (< 2^31) +function am2(i,x,w,j,c,n) { + var xl = x&0x7fff, xh = x>>15; + while(--n >= 0) { + var l = this[i]&0x7fff; + var h = this[i++]>>15; + var m = xh*l+h*xl; + l = xl*l+((m&0x7fff)<<15)+w[j]+(c&0x3fffffff); + c = (l>>>30)+(m>>>15)+xh*h+(c>>>30); + w[j++] = l&0x3fffffff; + } + return c; +} +// Alternately, set max digit bits to 28 since some +// browsers slow down when dealing with 32-bit numbers. +function am3(i,x,w,j,c,n) { + var xl = x&0x3fff, xh = x>>14; + while(--n >= 0) { + var l = this[i]&0x3fff; + var h = this[i++]>>14; + var m = xh*l+h*xl; + l = xl*l+((m&0x3fff)<<14)+w[j]+c; + c = (l>>28)+(m>>14)+xh*h; + w[j++] = l&0xfffffff; + } + return c; +} +if(j_lm && (navigator.appName == "Microsoft Internet Explorer")) { + BigInteger.prototype.am = am2; + dbits = 30; +} +else if(j_lm && (navigator.appName != "Netscape")) { + BigInteger.prototype.am = am1; + dbits = 26; +} +else { // Mozilla/Netscape seems to prefer am3 + BigInteger.prototype.am = am3; + dbits = 28; +} + +BigInteger.prototype.DB = dbits; +BigInteger.prototype.DM = ((1<= 0; --i) r[i] = this[i]; + r.t = this.t; + r.s = this.s; +} + +// (protected) set from integer value x, -DV <= x < DV +function bnpFromInt(x) { + this.t = 1; + this.s = (x<0)?-1:0; + if(x > 0) this[0] = x; + else if(x < -1) this[0] = x+DV; + else this.t = 0; +} + +// return bigint initialized to value +function nbv(i) { var r = nbi(); r.fromInt(i); return r; } + +// (protected) set from string and radix +function bnpFromString(s,b) { + var k; + if(b == 16) k = 4; + else if(b == 8) k = 3; + else if(b == 256) k = 8; // byte array + else if(b == 2) k = 1; + else if(b == 32) k = 5; + else if(b == 4) k = 2; + else { this.fromRadix(s,b); return; } + this.t = 0; + this.s = 0; + var i = s.length, mi = false, sh = 0; + while(--i >= 0) { + var x = (k==8)?s[i]&0xff:intAt(s,i); + if(x < 0) { + if(s.charAt(i) == "-") mi = true; + continue; + } + mi = false; + if(sh == 0) + this[this.t++] = x; + else if(sh+k > this.DB) { + this[this.t-1] |= (x&((1<<(this.DB-sh))-1))<>(this.DB-sh)); + } + else + this[this.t-1] |= x<= this.DB) sh -= this.DB; + } + if(k == 8 && (s[0]&0x80) != 0) { + this.s = -1; + if(sh > 0) this[this.t-1] |= ((1<<(this.DB-sh))-1)< 0 && this[this.t-1] == c) --this.t; +} + +// (public) return string representation in given radix +function bnToString(b) { + if(this.s < 0) return "-"+this.negate().toString(b); + var k; + if(b == 16) k = 4; + else if(b == 8) k = 3; + else if(b == 2) k = 1; + else if(b == 32) k = 5; + else if(b == 4) k = 2; + else return this.toRadix(b); + var km = (1< 0) { + if(p < this.DB && (d = this[i]>>p) > 0) { m = true; r = int2char(d); } + while(i >= 0) { + if(p < k) { + d = (this[i]&((1<>(p+=this.DB-k); + } + else { + d = (this[i]>>(p-=k))&km; + if(p <= 0) { p += this.DB; --i; } + } + if(d > 0) m = true; + if(m) r += int2char(d); + } + } + return m?r:"0"; +} + +// (public) -this +function bnNegate() { var r = nbi(); BigInteger.ZERO.subTo(this,r); return r; } + +// (public) |this| +function bnAbs() { return (this.s<0)?this.negate():this; } + +// (public) return + if this > a, - if this < a, 0 if equal +function bnCompareTo(a) { + var r = this.s-a.s; + if(r != 0) return r; + var i = this.t; + r = i-a.t; + if(r != 0) return r; + while(--i >= 0) if((r=this[i]-a[i]) != 0) return r; + return 0; +} + +// returns bit length of the integer x +function nbits(x) { + var r = 1, t; + if((t=x>>>16) != 0) { x = t; r += 16; } + if((t=x>>8) != 0) { x = t; r += 8; } + if((t=x>>4) != 0) { x = t; r += 4; } + if((t=x>>2) != 0) { x = t; r += 2; } + if((t=x>>1) != 0) { x = t; r += 1; } + return r; +} + +// (public) return the number of bits in "this" +function bnBitLength() { + if(this.t <= 0) return 0; + return this.DB*(this.t-1)+nbits(this[this.t-1]^(this.s&this.DM)); +} + +// (protected) r = this << n*DB +function bnpDLShiftTo(n,r) { + var i; + for(i = this.t-1; i >= 0; --i) r[i+n] = this[i]; + for(i = n-1; i >= 0; --i) r[i] = 0; + r.t = this.t+n; + r.s = this.s; +} + +// (protected) r = this >> n*DB +function bnpDRShiftTo(n,r) { + for(var i = n; i < this.t; ++i) r[i-n] = this[i]; + r.t = Math.max(this.t-n,0); + r.s = this.s; +} + +// (protected) r = this << n +function bnpLShiftTo(n,r) { + var bs = n%this.DB; + var cbs = this.DB-bs; + var bm = (1<= 0; --i) { + r[i+ds+1] = (this[i]>>cbs)|c; + c = (this[i]&bm)<= 0; --i) r[i] = 0; + r[ds] = c; + r.t = this.t+ds+1; + r.s = this.s; + r.clamp(); +} + +// (protected) r = this >> n +function bnpRShiftTo(n,r) { + r.s = this.s; + var ds = Math.floor(n/this.DB); + if(ds >= this.t) { r.t = 0; return; } + var bs = n%this.DB; + var cbs = this.DB-bs; + var bm = (1<>bs; + for(var i = ds+1; i < this.t; ++i) { + r[i-ds-1] |= (this[i]&bm)<>bs; + } + if(bs > 0) r[this.t-ds-1] |= (this.s&bm)<>= this.DB; + } + if(a.t < this.t) { + c -= a.s; + while(i < this.t) { + c += this[i]; + r[i++] = c&this.DM; + c >>= this.DB; + } + c += this.s; + } + else { + c += this.s; + while(i < a.t) { + c -= a[i]; + r[i++] = c&this.DM; + c >>= this.DB; + } + c -= a.s; + } + r.s = (c<0)?-1:0; + if(c < -1) r[i++] = this.DV+c; + else if(c > 0) r[i++] = c; + r.t = i; + r.clamp(); +} + +// (protected) r = this * a, r != this,a (HAC 14.12) +// "this" should be the larger one if appropriate. +function bnpMultiplyTo(a,r) { + var x = this.abs(), y = a.abs(); + var i = x.t; + r.t = i+y.t; + while(--i >= 0) r[i] = 0; + for(i = 0; i < y.t; ++i) r[i+x.t] = x.am(0,y[i],r,i,0,x.t); + r.s = 0; + r.clamp(); + if(this.s != a.s) BigInteger.ZERO.subTo(r,r); +} + +// (protected) r = this^2, r != this (HAC 14.16) +function bnpSquareTo(r) { + var x = this.abs(); + var i = r.t = 2*x.t; + while(--i >= 0) r[i] = 0; + for(i = 0; i < x.t-1; ++i) { + var c = x.am(i,x[i],r,2*i,0,1); + if((r[i+x.t]+=x.am(i+1,2*x[i],r,2*i+1,c,x.t-i-1)) >= x.DV) { + r[i+x.t] -= x.DV; + r[i+x.t+1] = 1; + } + } + if(r.t > 0) r[r.t-1] += x.am(i,x[i],r,2*i,0,1); + r.s = 0; + r.clamp(); +} + +// (protected) divide this by m, quotient and remainder to q, r (HAC 14.20) +// r != q, this != m. q or r may be null. +function bnpDivRemTo(m,q,r) { + var pm = m.abs(); + if(pm.t <= 0) return; + var pt = this.abs(); + if(pt.t < pm.t) { + if(q != null) q.fromInt(0); + if(r != null) this.copyTo(r); + return; + } + if(r == null) r = nbi(); + var y = nbi(), ts = this.s, ms = m.s; + var nsh = this.DB-nbits(pm[pm.t-1]); // normalize modulus + if(nsh > 0) { pm.lShiftTo(nsh,y); pt.lShiftTo(nsh,r); } + else { pm.copyTo(y); pt.copyTo(r); } + var ys = y.t; + var y0 = y[ys-1]; + if(y0 == 0) return; + var yt = y0*(1<1)?y[ys-2]>>this.F2:0); + var d1 = this.FV/yt, d2 = (1<= 0) { + r[r.t++] = 1; + r.subTo(t,r); + } + BigInteger.ONE.dlShiftTo(ys,t); + t.subTo(y,y); // "negative" y so we can replace sub with am later + while(y.t < ys) y[y.t++] = 0; + while(--j >= 0) { + // Estimate quotient digit + var qd = (r[--i]==y0)?this.DM:Math.floor(r[i]*d1+(r[i-1]+e)*d2); + if((r[i]+=y.am(0,qd,r,j,0,ys)) < qd) { // Try it out + y.dlShiftTo(j,t); + r.subTo(t,r); + while(r[i] < --qd) r.subTo(t,r); + } + } + if(q != null) { + r.drShiftTo(ys,q); + if(ts != ms) BigInteger.ZERO.subTo(q,q); + } + r.t = ys; + r.clamp(); + if(nsh > 0) r.rShiftTo(nsh,r); // Denormalize remainder + if(ts < 0) BigInteger.ZERO.subTo(r,r); +} + +// (public) this mod a +function bnMod(a) { + var r = nbi(); + this.abs().divRemTo(a,null,r); + if(this.s < 0 && r.compareTo(BigInteger.ZERO) > 0) a.subTo(r,r); + return r; +} + +// Modular reduction using "classic" algorithm +function Classic(m) { this.m = m; } +function cConvert(x) { + if(x.s < 0 || x.compareTo(this.m) >= 0) return x.mod(this.m); + else return x; +} +function cRevert(x) { return x; } +function cReduce(x) { x.divRemTo(this.m,null,x); } +function cMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); } +function cSqrTo(x,r) { x.squareTo(r); this.reduce(r); } + +Classic.prototype.convert = cConvert; +Classic.prototype.revert = cRevert; +Classic.prototype.reduce = cReduce; +Classic.prototype.mulTo = cMulTo; +Classic.prototype.sqrTo = cSqrTo; + +// (protected) return "-1/this % 2^DB"; useful for Mont. reduction +// justification: +// xy == 1 (mod m) +// xy = 1+km +// xy(2-xy) = (1+km)(1-km) +// x[y(2-xy)] = 1-k^2m^2 +// x[y(2-xy)] == 1 (mod m^2) +// if y is 1/x mod m, then y(2-xy) is 1/x mod m^2 +// should reduce x and y(2-xy) by m^2 at each step to keep size bounded. +// JS multiply "overflows" differently from C/C++, so care is needed here. +function bnpInvDigit() { + if(this.t < 1) return 0; + var x = this[0]; + if((x&1) == 0) return 0; + var y = x&3; // y == 1/x mod 2^2 + y = (y*(2-(x&0xf)*y))&0xf; // y == 1/x mod 2^4 + y = (y*(2-(x&0xff)*y))&0xff; // y == 1/x mod 2^8 + y = (y*(2-(((x&0xffff)*y)&0xffff)))&0xffff; // y == 1/x mod 2^16 + // last step - calculate inverse mod DV directly; + // assumes 16 < DB <= 32 and assumes ability to handle 48-bit ints + y = (y*(2-x*y%this.DV))%this.DV; // y == 1/x mod 2^dbits + // we really want the negative inverse, and -DV < y < DV + return (y>0)?this.DV-y:-y; +} + +// Montgomery reduction +function Montgomery(m) { + this.m = m; + this.mp = m.invDigit(); + this.mpl = this.mp&0x7fff; + this.mph = this.mp>>15; + this.um = (1<<(m.DB-15))-1; + this.mt2 = 2*m.t; +} + +// xR mod m +function montConvert(x) { + var r = nbi(); + x.abs().dlShiftTo(this.m.t,r); + r.divRemTo(this.m,null,r); + if(x.s < 0 && r.compareTo(BigInteger.ZERO) > 0) this.m.subTo(r,r); + return r; +} + +// x/R mod m +function montRevert(x) { + var r = nbi(); + x.copyTo(r); + this.reduce(r); + return r; +} + +// x = x/R mod m (HAC 14.32) +function montReduce(x) { + while(x.t <= this.mt2) // pad x so am has enough room later + x[x.t++] = 0; + for(var i = 0; i < this.m.t; ++i) { + // faster way of calculating u0 = x[i]*mp mod DV + var j = x[i]&0x7fff; + var u0 = (j*this.mpl+(((j*this.mph+(x[i]>>15)*this.mpl)&this.um)<<15))&x.DM; + // use am to combine the multiply-shift-add into one call + j = i+this.m.t; + x[j] += this.m.am(0,u0,x,i,0,this.m.t); + // propagate carry + while(x[j] >= x.DV) { x[j] -= x.DV; x[++j]++; } + } + x.clamp(); + x.drShiftTo(this.m.t,x); + if(x.compareTo(this.m) >= 0) x.subTo(this.m,x); +} + +// r = "x^2/R mod m"; x != r +function montSqrTo(x,r) { x.squareTo(r); this.reduce(r); } + +// r = "xy/R mod m"; x,y != r +function montMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); } + +Montgomery.prototype.convert = montConvert; +Montgomery.prototype.revert = montRevert; +Montgomery.prototype.reduce = montReduce; +Montgomery.prototype.mulTo = montMulTo; +Montgomery.prototype.sqrTo = montSqrTo; + +// (protected) true iff this is even +function bnpIsEven() { return ((this.t>0)?(this[0]&1):this.s) == 0; } + +// (protected) this^e, e < 2^32, doing sqr and mul with "r" (HAC 14.79) +function bnpExp(e,z) { + if(e > 0xffffffff || e < 1) return BigInteger.ONE; + var r = nbi(), r2 = nbi(), g = z.convert(this), i = nbits(e)-1; + g.copyTo(r); + while(--i >= 0) { + z.sqrTo(r,r2); + if((e&(1< 0) z.mulTo(r2,g,r); + else { var t = r; r = r2; r2 = t; } + } + return z.revert(r); +} + +// (public) this^e % m, 0 <= e < 2^32 +function bnModPowInt(e,m) { + var z; + if(e < 256 || m.isEven()) z = new Classic(m); else z = new Montgomery(m); + return this.exp(e,z); +} + +// protected +BigInteger.prototype.copyTo = bnpCopyTo; +BigInteger.prototype.fromInt = bnpFromInt; +BigInteger.prototype.fromString = bnpFromString; +BigInteger.prototype.clamp = bnpClamp; +BigInteger.prototype.dlShiftTo = bnpDLShiftTo; +BigInteger.prototype.drShiftTo = bnpDRShiftTo; +BigInteger.prototype.lShiftTo = bnpLShiftTo; +BigInteger.prototype.rShiftTo = bnpRShiftTo; +BigInteger.prototype.subTo = bnpSubTo; +BigInteger.prototype.multiplyTo = bnpMultiplyTo; +BigInteger.prototype.squareTo = bnpSquareTo; +BigInteger.prototype.divRemTo = bnpDivRemTo; +BigInteger.prototype.invDigit = bnpInvDigit; +BigInteger.prototype.isEven = bnpIsEven; +BigInteger.prototype.exp = bnpExp; + +// public +BigInteger.prototype.toString = bnToString; +BigInteger.prototype.negate = bnNegate; +BigInteger.prototype.abs = bnAbs; +BigInteger.prototype.compareTo = bnCompareTo; +BigInteger.prototype.bitLength = bnBitLength; +BigInteger.prototype.mod = bnMod; +BigInteger.prototype.modPowInt = bnModPowInt; + +// "constants" +BigInteger.ZERO = nbv(0); +BigInteger.ONE = nbv(1); diff --git a/js/jsbn2.js b/js/jsbn2.js new file mode 100644 index 0000000..e53e00b --- /dev/null +++ b/js/jsbn2.js @@ -0,0 +1,648 @@ +// Copyright (c) 2005-2009 Tom Wu +// All Rights Reserved. +// See "LICENSE" for details. + +// Extended JavaScript BN functions, required for RSA private ops. + +// Version 1.1: new BigInteger("0", 10) returns "proper" zero + +// (public) +function bnClone() { var r = nbi(); this.copyTo(r); return r; } + +// (public) return value as integer +function bnIntValue() { + if(this.s < 0) { + if(this.t == 1) return this[0]-this.DV; + else if(this.t == 0) return -1; + } + else if(this.t == 1) return this[0]; + else if(this.t == 0) return 0; + // assumes 16 < DB < 32 + return ((this[1]&((1<<(32-this.DB))-1))<>24; } + +// (public) return value as short (assumes DB>=16) +function bnShortValue() { return (this.t==0)?this.s:(this[0]<<16)>>16; } + +// (protected) return x s.t. r^x < DV +function bnpChunkSize(r) { return Math.floor(Math.LN2*this.DB/Math.log(r)); } + +// (public) 0 if this == 0, 1 if this > 0 +function bnSigNum() { + if(this.s < 0) return -1; + else if(this.t <= 0 || (this.t == 1 && this[0] <= 0)) return 0; + else return 1; +} + +// (protected) convert to radix string +function bnpToRadix(b) { + if(b == null) b = 10; + if(this.signum() == 0 || b < 2 || b > 36) return "0"; + var cs = this.chunkSize(b); + var a = Math.pow(b,cs); + var d = nbv(a), y = nbi(), z = nbi(), r = ""; + this.divRemTo(d,y,z); + while(y.signum() > 0) { + r = (a+z.intValue()).toString(b).substr(1) + r; + y.divRemTo(d,y,z); + } + return z.intValue().toString(b) + r; +} + +// (protected) convert from radix string +function bnpFromRadix(s,b) { + this.fromInt(0); + if(b == null) b = 10; + var cs = this.chunkSize(b); + var d = Math.pow(b,cs), mi = false, j = 0, w = 0; + for(var i = 0; i < s.length; ++i) { + var x = intAt(s,i); + if(x < 0) { + if(s.charAt(i) == "-" && this.signum() == 0) mi = true; + continue; + } + w = b*w+x; + if(++j >= cs) { + this.dMultiply(d); + this.dAddOffset(w,0); + j = 0; + w = 0; + } + } + if(j > 0) { + this.dMultiply(Math.pow(b,j)); + this.dAddOffset(w,0); + } + if(mi) BigInteger.ZERO.subTo(this,this); +} + +// (protected) alternate constructor +function bnpFromNumber(a,b,c) { + if("number" == typeof b) { + // new BigInteger(int,int,RNG) + if(a < 2) this.fromInt(1); + else { + this.fromNumber(a,c); + if(!this.testBit(a-1)) // force MSB set + this.bitwiseTo(BigInteger.ONE.shiftLeft(a-1),op_or,this); + if(this.isEven()) this.dAddOffset(1,0); // force odd + while(!this.isProbablePrime(b)) { + this.dAddOffset(2,0); + if(this.bitLength() > a) this.subTo(BigInteger.ONE.shiftLeft(a-1),this); + } + } + } + else { + // new BigInteger(int,RNG) + var x = new Array(), t = a&7; + x.length = (a>>3)+1; + b.nextBytes(x); + if(t > 0) x[0] &= ((1< 0) { + if(p < this.DB && (d = this[i]>>p) != (this.s&this.DM)>>p) + r[k++] = d|(this.s<<(this.DB-p)); + while(i >= 0) { + if(p < 8) { + d = (this[i]&((1<>(p+=this.DB-8); + } + else { + d = (this[i]>>(p-=8))&0xff; + if(p <= 0) { p += this.DB; --i; } + } + if((d&0x80) != 0) d |= -256; + if(k == 0 && (this.s&0x80) != (d&0x80)) ++k; + if(k > 0 || d != this.s) r[k++] = d; + } + } + return r; +} + +function bnEquals(a) { return(this.compareTo(a)==0); } +function bnMin(a) { return(this.compareTo(a)<0)?this:a; } +function bnMax(a) { return(this.compareTo(a)>0)?this:a; } + +// (protected) r = this op a (bitwise) +function bnpBitwiseTo(a,op,r) { + var i, f, m = Math.min(a.t,this.t); + for(i = 0; i < m; ++i) r[i] = op(this[i],a[i]); + if(a.t < this.t) { + f = a.s&this.DM; + for(i = m; i < this.t; ++i) r[i] = op(this[i],f); + r.t = this.t; + } + else { + f = this.s&this.DM; + for(i = m; i < a.t; ++i) r[i] = op(f,a[i]); + r.t = a.t; + } + r.s = op(this.s,a.s); + r.clamp(); +} + +// (public) this & a +function op_and(x,y) { return x&y; } +function bnAnd(a) { var r = nbi(); this.bitwiseTo(a,op_and,r); return r; } + +// (public) this | a +function op_or(x,y) { return x|y; } +function bnOr(a) { var r = nbi(); this.bitwiseTo(a,op_or,r); return r; } + +// (public) this ^ a +function op_xor(x,y) { return x^y; } +function bnXor(a) { var r = nbi(); this.bitwiseTo(a,op_xor,r); return r; } + +// (public) this & ~a +function op_andnot(x,y) { return x&~y; } +function bnAndNot(a) { var r = nbi(); this.bitwiseTo(a,op_andnot,r); return r; } + +// (public) ~this +function bnNot() { + var r = nbi(); + for(var i = 0; i < this.t; ++i) r[i] = this.DM&~this[i]; + r.t = this.t; + r.s = ~this.s; + return r; +} + +// (public) this << n +function bnShiftLeft(n) { + var r = nbi(); + if(n < 0) this.rShiftTo(-n,r); else this.lShiftTo(n,r); + return r; +} + +// (public) this >> n +function bnShiftRight(n) { + var r = nbi(); + if(n < 0) this.lShiftTo(-n,r); else this.rShiftTo(n,r); + return r; +} + +// return index of lowest 1-bit in x, x < 2^31 +function lbit(x) { + if(x == 0) return -1; + var r = 0; + if((x&0xffff) == 0) { x >>= 16; r += 16; } + if((x&0xff) == 0) { x >>= 8; r += 8; } + if((x&0xf) == 0) { x >>= 4; r += 4; } + if((x&3) == 0) { x >>= 2; r += 2; } + if((x&1) == 0) ++r; + return r; +} + +// (public) returns index of lowest 1-bit (or -1 if none) +function bnGetLowestSetBit() { + for(var i = 0; i < this.t; ++i) + if(this[i] != 0) return i*this.DB+lbit(this[i]); + if(this.s < 0) return this.t*this.DB; + return -1; +} + +// return number of 1 bits in x +function cbit(x) { + var r = 0; + while(x != 0) { x &= x-1; ++r; } + return r; +} + +// (public) return number of set bits +function bnBitCount() { + var r = 0, x = this.s&this.DM; + for(var i = 0; i < this.t; ++i) r += cbit(this[i]^x); + return r; +} + +// (public) true iff nth bit is set +function bnTestBit(n) { + var j = Math.floor(n/this.DB); + if(j >= this.t) return(this.s!=0); + return((this[j]&(1<<(n%this.DB)))!=0); +} + +// (protected) this op (1<>= this.DB; + } + if(a.t < this.t) { + c += a.s; + while(i < this.t) { + c += this[i]; + r[i++] = c&this.DM; + c >>= this.DB; + } + c += this.s; + } + else { + c += this.s; + while(i < a.t) { + c += a[i]; + r[i++] = c&this.DM; + c >>= this.DB; + } + c += a.s; + } + r.s = (c<0)?-1:0; + if(c > 0) r[i++] = c; + else if(c < -1) r[i++] = this.DV+c; + r.t = i; + r.clamp(); +} + +// (public) this + a +function bnAdd(a) { var r = nbi(); this.addTo(a,r); return r; } + +// (public) this - a +function bnSubtract(a) { var r = nbi(); this.subTo(a,r); return r; } + +// (public) this * a +function bnMultiply(a) { var r = nbi(); this.multiplyTo(a,r); return r; } + +// (public) this / a +function bnDivide(a) { var r = nbi(); this.divRemTo(a,r,null); return r; } + +// (public) this % a +function bnRemainder(a) { var r = nbi(); this.divRemTo(a,null,r); return r; } + +// (public) [this/a,this%a] +function bnDivideAndRemainder(a) { + var q = nbi(), r = nbi(); + this.divRemTo(a,q,r); + return new Array(q,r); +} + +// (protected) this *= n, this >= 0, 1 < n < DV +function bnpDMultiply(n) { + this[this.t] = this.am(0,n-1,this,0,0,this.t); + ++this.t; + this.clamp(); +} + +// (protected) this += n << w words, this >= 0 +function bnpDAddOffset(n,w) { + if(n == 0) return; + while(this.t <= w) this[this.t++] = 0; + this[w] += n; + while(this[w] >= this.DV) { + this[w] -= this.DV; + if(++w >= this.t) this[this.t++] = 0; + ++this[w]; + } +} + +// A "null" reducer +function NullExp() {} +function nNop(x) { return x; } +function nMulTo(x,y,r) { x.multiplyTo(y,r); } +function nSqrTo(x,r) { x.squareTo(r); } + +NullExp.prototype.convert = nNop; +NullExp.prototype.revert = nNop; +NullExp.prototype.mulTo = nMulTo; +NullExp.prototype.sqrTo = nSqrTo; + +// (public) this^e +function bnPow(e) { return this.exp(e,new NullExp()); } + +// (protected) r = lower n words of "this * a", a.t <= n +// "this" should be the larger one if appropriate. +function bnpMultiplyLowerTo(a,n,r) { + var i = Math.min(this.t+a.t,n); + r.s = 0; // assumes a,this >= 0 + r.t = i; + while(i > 0) r[--i] = 0; + var j; + for(j = r.t-this.t; i < j; ++i) r[i+this.t] = this.am(0,a[i],r,i,0,this.t); + for(j = Math.min(a.t,n); i < j; ++i) this.am(0,a[i],r,i,0,n-i); + r.clamp(); +} + +// (protected) r = "this * a" without lower n words, n > 0 +// "this" should be the larger one if appropriate. +function bnpMultiplyUpperTo(a,n,r) { + --n; + var i = r.t = this.t+a.t-n; + r.s = 0; // assumes a,this >= 0 + while(--i >= 0) r[i] = 0; + for(i = Math.max(n-this.t,0); i < a.t; ++i) + r[this.t+i-n] = this.am(n-i,a[i],r,0,0,this.t+i-n); + r.clamp(); + r.drShiftTo(1,r); +} + +// Barrett modular reduction +function Barrett(m) { + // setup Barrett + this.r2 = nbi(); + this.q3 = nbi(); + BigInteger.ONE.dlShiftTo(2*m.t,this.r2); + this.mu = this.r2.divide(m); + this.m = m; +} + +function barrettConvert(x) { + if(x.s < 0 || x.t > 2*this.m.t) return x.mod(this.m); + else if(x.compareTo(this.m) < 0) return x; + else { var r = nbi(); x.copyTo(r); this.reduce(r); return r; } +} + +function barrettRevert(x) { return x; } + +// x = x mod m (HAC 14.42) +function barrettReduce(x) { + x.drShiftTo(this.m.t-1,this.r2); + if(x.t > this.m.t+1) { x.t = this.m.t+1; x.clamp(); } + this.mu.multiplyUpperTo(this.r2,this.m.t+1,this.q3); + this.m.multiplyLowerTo(this.q3,this.m.t+1,this.r2); + while(x.compareTo(this.r2) < 0) x.dAddOffset(1,this.m.t+1); + x.subTo(this.r2,x); + while(x.compareTo(this.m) >= 0) x.subTo(this.m,x); +} + +// r = x^2 mod m; x != r +function barrettSqrTo(x,r) { x.squareTo(r); this.reduce(r); } + +// r = x*y mod m; x,y != r +function barrettMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); } + +Barrett.prototype.convert = barrettConvert; +Barrett.prototype.revert = barrettRevert; +Barrett.prototype.reduce = barrettReduce; +Barrett.prototype.mulTo = barrettMulTo; +Barrett.prototype.sqrTo = barrettSqrTo; + +// (public) this^e % m (HAC 14.85) +function bnModPow(e,m) { + var i = e.bitLength(), k, r = nbv(1), z; + if(i <= 0) return r; + else if(i < 18) k = 1; + else if(i < 48) k = 3; + else if(i < 144) k = 4; + else if(i < 768) k = 5; + else k = 6; + if(i < 8) + z = new Classic(m); + else if(m.isEven()) + z = new Barrett(m); + else + z = new Montgomery(m); + + // precomputation + var g = new Array(), n = 3, k1 = k-1, km = (1< 1) { + var g2 = nbi(); + z.sqrTo(g[1],g2); + while(n <= km) { + g[n] = nbi(); + z.mulTo(g2,g[n-2],g[n]); + n += 2; + } + } + + var j = e.t-1, w, is1 = true, r2 = nbi(), t; + i = nbits(e[j])-1; + while(j >= 0) { + if(i >= k1) w = (e[j]>>(i-k1))&km; + else { + w = (e[j]&((1<<(i+1))-1))<<(k1-i); + if(j > 0) w |= e[j-1]>>(this.DB+i-k1); + } + + n = k; + while((w&1) == 0) { w >>= 1; --n; } + if((i -= n) < 0) { i += this.DB; --j; } + if(is1) { // ret == 1, don't bother squaring or multiplying it + g[w].copyTo(r); + is1 = false; + } + else { + while(n > 1) { z.sqrTo(r,r2); z.sqrTo(r2,r); n -= 2; } + if(n > 0) z.sqrTo(r,r2); else { t = r; r = r2; r2 = t; } + z.mulTo(r2,g[w],r); + } + + while(j >= 0 && (e[j]&(1< 0) { + x.rShiftTo(g,x); + y.rShiftTo(g,y); + } + while(x.signum() > 0) { + if((i = x.getLowestSetBit()) > 0) x.rShiftTo(i,x); + if((i = y.getLowestSetBit()) > 0) y.rShiftTo(i,y); + if(x.compareTo(y) >= 0) { + x.subTo(y,x); + x.rShiftTo(1,x); + } + else { + y.subTo(x,y); + y.rShiftTo(1,y); + } + } + if(g > 0) y.lShiftTo(g,y); + return y; +} + +// (protected) this % n, n < 2^26 +function bnpModInt(n) { + if(n <= 0) return 0; + var d = this.DV%n, r = (this.s<0)?n-1:0; + if(this.t > 0) + if(d == 0) r = this[0]%n; + else for(var i = this.t-1; i >= 0; --i) r = (d*r+this[i])%n; + return r; +} + +// (public) 1/this % m (HAC 14.61) +function bnModInverse(m) { + var ac = m.isEven(); + if((this.isEven() && ac) || m.signum() == 0) return BigInteger.ZERO; + var u = m.clone(), v = this.clone(); + var a = nbv(1), b = nbv(0), c = nbv(0), d = nbv(1); + while(u.signum() != 0) { + while(u.isEven()) { + u.rShiftTo(1,u); + if(ac) { + if(!a.isEven() || !b.isEven()) { a.addTo(this,a); b.subTo(m,b); } + a.rShiftTo(1,a); + } + else if(!b.isEven()) b.subTo(m,b); + b.rShiftTo(1,b); + } + while(v.isEven()) { + v.rShiftTo(1,v); + if(ac) { + if(!c.isEven() || !d.isEven()) { c.addTo(this,c); d.subTo(m,d); } + c.rShiftTo(1,c); + } + else if(!d.isEven()) d.subTo(m,d); + d.rShiftTo(1,d); + } + if(u.compareTo(v) >= 0) { + u.subTo(v,u); + if(ac) a.subTo(c,a); + b.subTo(d,b); + } + else { + v.subTo(u,v); + if(ac) c.subTo(a,c); + d.subTo(b,d); + } + } + if(v.compareTo(BigInteger.ONE) != 0) return BigInteger.ZERO; + if(d.compareTo(m) >= 0) return d.subtract(m); + if(d.signum() < 0) d.addTo(m,d); else return d; + if(d.signum() < 0) return d.add(m); else return d; +} + +var lowprimes = [2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509]; +var lplim = (1<<26)/lowprimes[lowprimes.length-1]; + +// (public) test primality with certainty >= 1-.5^t +function bnIsProbablePrime(t) { + var i, x = this.abs(); + if(x.t == 1 && x[0] <= lowprimes[lowprimes.length-1]) { + for(i = 0; i < lowprimes.length; ++i) + if(x[0] == lowprimes[i]) return true; + return false; + } + if(x.isEven()) return false; + i = 1; + while(i < lowprimes.length) { + var m = lowprimes[i], j = i+1; + while(j < lowprimes.length && m < lplim) m *= lowprimes[j++]; + m = x.modInt(m); + while(i < j) if(m%lowprimes[i++] == 0) return false; + } + return x.millerRabin(t); +} + +// (protected) true if probably prime (HAC 4.24, Miller-Rabin) +function bnpMillerRabin(t) { + var n1 = this.subtract(BigInteger.ONE); + var k = n1.getLowestSetBit(); + if(k <= 0) return false; + var r = n1.shiftRight(k); + t = (t+1)>>1; + if(t > lowprimes.length) t = lowprimes.length; + var a = nbi(); + for(var i = 0; i < t; ++i) { + a.fromInt(lowprimes[i]); + var y = a.modPow(r,this); + if(y.compareTo(BigInteger.ONE) != 0 && y.compareTo(n1) != 0) { + var j = 1; + while(j++ < k && y.compareTo(n1) != 0) { + y = y.modPowInt(2,this); + if(y.compareTo(BigInteger.ONE) == 0) return false; + } + if(y.compareTo(n1) != 0) return false; + } + } + return true; +} + +// protected +BigInteger.prototype.chunkSize = bnpChunkSize; +BigInteger.prototype.toRadix = bnpToRadix; +BigInteger.prototype.fromRadix = bnpFromRadix; +BigInteger.prototype.fromNumber = bnpFromNumber; +BigInteger.prototype.bitwiseTo = bnpBitwiseTo; +BigInteger.prototype.changeBit = bnpChangeBit; +BigInteger.prototype.addTo = bnpAddTo; +BigInteger.prototype.dMultiply = bnpDMultiply; +BigInteger.prototype.dAddOffset = bnpDAddOffset; +BigInteger.prototype.multiplyLowerTo = bnpMultiplyLowerTo; +BigInteger.prototype.multiplyUpperTo = bnpMultiplyUpperTo; +BigInteger.prototype.modInt = bnpModInt; +BigInteger.prototype.millerRabin = bnpMillerRabin; + +// public +BigInteger.prototype.clone = bnClone; +BigInteger.prototype.intValue = bnIntValue; +BigInteger.prototype.byteValue = bnByteValue; +BigInteger.prototype.shortValue = bnShortValue; +BigInteger.prototype.signum = bnSigNum; +BigInteger.prototype.toByteArray = bnToByteArray; +BigInteger.prototype.equals = bnEquals; +BigInteger.prototype.min = bnMin; +BigInteger.prototype.max = bnMax; +BigInteger.prototype.and = bnAnd; +BigInteger.prototype.or = bnOr; +BigInteger.prototype.xor = bnXor; +BigInteger.prototype.andNot = bnAndNot; +BigInteger.prototype.not = bnNot; +BigInteger.prototype.shiftLeft = bnShiftLeft; +BigInteger.prototype.shiftRight = bnShiftRight; +BigInteger.prototype.getLowestSetBit = bnGetLowestSetBit; +BigInteger.prototype.bitCount = bnBitCount; +BigInteger.prototype.testBit = bnTestBit; +BigInteger.prototype.setBit = bnSetBit; +BigInteger.prototype.clearBit = bnClearBit; +BigInteger.prototype.flipBit = bnFlipBit; +BigInteger.prototype.add = bnAdd; +BigInteger.prototype.subtract = bnSubtract; +BigInteger.prototype.multiply = bnMultiply; +BigInteger.prototype.divide = bnDivide; +BigInteger.prototype.remainder = bnRemainder; +BigInteger.prototype.divideAndRemainder = bnDivideAndRemainder; +BigInteger.prototype.modPow = bnModPow; +BigInteger.prototype.modInverse = bnModInverse; +BigInteger.prototype.pow = bnPow; +BigInteger.prototype.gcd = bnGCD; +BigInteger.prototype.isProbablePrime = bnIsProbablePrime; + +// BigInteger interfaces not implemented in jsbn: + +// BigInteger(int signum, byte[] magnitude) +// double doubleValue() +// float floatValue() +// int hashCode() +// long longValue() +// static BigInteger valueOf(long val) diff --git a/js/sha.js b/js/sha.js new file mode 100755 index 0000000..3000419 --- /dev/null +++ b/js/sha.js @@ -0,0 +1,38 @@ +(function() {/* + A JavaScript implementation of the SHA family of hashes, as defined in FIPS + PUB 180-2 as well as the corresponding HMAC implementation as defined in + FIPS PUB 198a + + Copyright Brian Turek 2008-2012 + Distributed under the BSD License + See http://caligatio.github.com/jsSHA/ for more information + + Several functions taken from Paul Johnson +*/ +function p(a){throw a;}var q=null;function r(a,b){this.a=a;this.b=b}function t(a,b){var c=[],g=(1<>>5]|=(a.charCodeAt(h/b)&g)<<32-b-h%32;return c}function u(a){var b=[],c=a.length,g,f;for(g=0;g>>3]|=f<<24-4*(g%8);return b} +function x(a,b){var c="",g=4*a.length,f,h;for(f=0;f>>2]>>>8*(3-f%4),c+="0123456789abcdef".charAt(h>>>4&15)+"0123456789abcdef".charAt(h&15);return b.outputUpper?c.toUpperCase():c} +function A(a,b){var c="",g=4*a.length,f,h,j;for(f=0;f>>2]>>>8*(3-f%4)&255)<<16|(a[f+1>>>2]>>>8*(3-(f+1)%4)&255)<<8|a[f+2>>>2]>>>8*(3-(f+2)%4)&255;for(h=0;4>h;h+=1)c=8*f+6*h<=32*a.length?c+"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".charAt(j>>>6*(3-h)&63):c+b.b64Pad}return c} +function B(a){var b={outputUpper:!1,b64Pad:"="};try{a.hasOwnProperty("outputUpper")&&(b.outputUpper=a.outputUpper),a.hasOwnProperty("b64Pad")&&(b.b64Pad=a.b64Pad)}catch(c){}"boolean"!==typeof b.outputUpper&&p("Invalid outputUpper formatting option");"string"!==typeof b.b64Pad&&p("Invalid b64Pad formatting option");return b}function E(a,b){return a>>>b|a<<32-b}function H(a,b){var c=q;return c=32>=b?new r(a.a>>>b|a.b<<32-b,a.b>>>b|a.a<<32-b):new r(a.b>>>b-32|a.a<<64-b,a.a>>>b-32|a.b<<64-b)} +function P(a,b){var c=q;return c=32>=b?new r(a.a>>>b,a.b>>>b|a.a<<32-b):new r(0,a.a>>>b-32)}function Q(a,b,c){return a&b^~a&c}function R(a,b,c){return new r(a.a&b.a^~a.a&c.a,a.b&b.b^~a.b&c.b)}function S(a,b,c){return a&b^a&c^b&c}function T(a,b,c){return new r(a.a&b.a^a.a&c.a^b.a&c.a,a.b&b.b^a.b&c.b^b.b&c.b)}function U(a){return E(a,2)^E(a,13)^E(a,22)}function W(a){var b=H(a,28),c=H(a,34),a=H(a,39);return new r(b.a^c.a^a.a,b.b^c.b^a.b)}function aa(a){return E(a,6)^E(a,11)^E(a,25)} +function ba(a){var b=H(a,14),c=H(a,18),a=H(a,41);return new r(b.a^c.a^a.a,b.b^c.b^a.b)}function ca(a){return E(a,7)^E(a,18)^a>>>3}function da(a){var b=H(a,1),c=H(a,8),a=P(a,7);return new r(b.a^c.a^a.a,b.b^c.b^a.b)}function ea(a){return E(a,17)^E(a,19)^a>>>10}function fa(a){var b=H(a,19),c=H(a,61),a=P(a,6);return new r(b.a^c.a^a.a,b.b^c.b^a.b)}function X(a,b){var c=(a&65535)+(b&65535);return((a>>>16)+(b>>>16)+(c>>>16)&65535)<<16|c&65535} +function ga(a,b,c,g){var f=(a&65535)+(b&65535)+(c&65535)+(g&65535);return((a>>>16)+(b>>>16)+(c>>>16)+(g>>>16)+(f>>>16)&65535)<<16|f&65535}function Y(a,b,c,g,f){var h=(a&65535)+(b&65535)+(c&65535)+(g&65535)+(f&65535);return((a>>>16)+(b>>>16)+(c>>>16)+(g>>>16)+(f>>>16)+(h>>>16)&65535)<<16|h&65535} +function ha(a,b){var c,g,f;c=(a.b&65535)+(b.b&65535);g=(a.b>>>16)+(b.b>>>16)+(c>>>16);f=(g&65535)<<16|c&65535;c=(a.a&65535)+(b.a&65535)+(g>>>16);g=(a.a>>>16)+(b.a>>>16)+(c>>>16);return new r((g&65535)<<16|c&65535,f)} +function ia(a,b,c,g){var f,h,j;f=(a.b&65535)+(b.b&65535)+(c.b&65535)+(g.b&65535);h=(a.b>>>16)+(b.b>>>16)+(c.b>>>16)+(g.b>>>16)+(f>>>16);j=(h&65535)<<16|f&65535;f=(a.a&65535)+(b.a&65535)+(c.a&65535)+(g.a&65535)+(h>>>16);h=(a.a>>>16)+(b.a>>>16)+(c.a>>>16)+(g.a>>>16)+(f>>>16);return new r((h&65535)<<16|f&65535,j)} +function ja(a,b,c,g,f){var h,j,l;h=(a.b&65535)+(b.b&65535)+(c.b&65535)+(g.b&65535)+(f.b&65535);j=(a.b>>>16)+(b.b>>>16)+(c.b>>>16)+(g.b>>>16)+(f.b>>>16)+(h>>>16);l=(j&65535)<<16|h&65535;h=(a.a&65535)+(b.a&65535)+(c.a&65535)+(g.a&65535)+(f.a&65535)+(j>>>16);j=(a.a>>>16)+(b.a>>>16)+(c.a>>>16)+(g.a>>>16)+(f.a>>>16)+(h>>>16);return new r((j&65535)<<16|h&65535,l)} +function Z(a,b){var c=[],g,f,h,j,l,n,o,i,F,e=[1732584193,4023233417,2562383102,271733878,3285377520],w=[1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1518500249,1859775393,1859775393,1859775393,1859775393,1859775393,1859775393,1859775393,1859775393,1859775393,1859775393,1859775393,1859775393,1859775393,1859775393,1859775393,1859775393,1859775393, +1859775393,1859775393,1859775393,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,2400959708,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782,3395469782];a[b>>>5]|=128<<24-b%32;a[(b+ +65>>>9<<4)+15]=b;F=a.length;for(o=0;oi;i+=1)c[i]=16>i?a[i+o]:(c[i-3]^c[i-8]^c[i-14]^c[i-16])<<1|(c[i-3]^c[i-8]^c[i-14]^c[i-16])>>>31,n=20>i?Y(g<<5|g>>>27,f&h^~f&j,l,w[i],c[i]):40>i?Y(g<<5|g>>>27,f^h^j,l,w[i],c[i]):60>i?Y(g<<5|g>>>27,S(f,h,j),l,w[i],c[i]):Y(g<<5|g>>>27,f^h^j,l,w[i],c[i]),l=j,j=h,h=f<<30|f>>>2,f=g,g=n;e[0]=X(g,e[0]);e[1]=X(f,e[1]);e[2]=X(h,e[2]);e[3]=X(j,e[3]);e[4]=X(l,e[4])}return e} +function $(a,b,c){var g,f,h,j,l,n,o,i,F,e,w,C,m,v,I,k,J,s,y,z,K,L,M,N,d,O,D=[],V,G;"SHA-224"===c||"SHA-256"===c?(w=64,g=(b+65>>>9<<4)+15,v=16,I=1,d=Number,k=X,J=ga,s=Y,y=ca,z=ea,K=U,L=aa,N=S,M=Q,O=[1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891, +3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298],e="SHA-224"===c?[3238371032,914150663,812702999,4144912697,4290775857,1750603025,1694076839,3204075428]:[1779033703,3144134277, +1013904242,2773480762,1359893119,2600822924,528734635,1541459225]):"SHA-384"===c||"SHA-512"===c?(w=80,g=(b+128>>>10<<5)+31,v=32,I=2,d=r,k=ha,J=ia,s=ja,y=da,z=fa,K=W,L=ba,N=T,M=R,O=[new d(1116352408,3609767458),new d(1899447441,602891725),new d(3049323471,3964484399),new d(3921009573,2173295548),new d(961987163,4081628472),new d(1508970993,3053834265),new d(2453635748,2937671579),new d(2870763221,3664609560),new d(3624381080,2734883394),new d(310598401,1164996542),new d(607225278,1323610764),new d(1426881987, +3590304994),new d(1925078388,4068182383),new d(2162078206,991336113),new d(2614888103,633803317),new d(3248222580,3479774868),new d(3835390401,2666613458),new d(4022224774,944711139),new d(264347078,2341262773),new d(604807628,2007800933),new d(770255983,1495990901),new d(1249150122,1856431235),new d(1555081692,3175218132),new d(1996064986,2198950837),new d(2554220882,3999719339),new d(2821834349,766784016),new d(2952996808,2566594879),new d(3210313671,3203337956),new d(3336571891,1034457026),new d(3584528711, +2466948901),new d(113926993,3758326383),new d(338241895,168717936),new d(666307205,1188179964),new d(773529912,1546045734),new d(1294757372,1522805485),new d(1396182291,2643833823),new d(1695183700,2343527390),new d(1986661051,1014477480),new d(2177026350,1206759142),new d(2456956037,344077627),new d(2730485921,1290863460),new d(2820302411,3158454273),new d(3259730800,3505952657),new d(3345764771,106217008),new d(3516065817,3606008344),new d(3600352804,1432725776),new d(4094571909,1467031594),new d(275423344, +851169720),new d(430227734,3100823752),new d(506948616,1363258195),new d(659060556,3750685593),new d(883997877,3785050280),new d(958139571,3318307427),new d(1322822218,3812723403),new d(1537002063,2003034995),new d(1747873779,3602036899),new d(1955562222,1575990012),new d(2024104815,1125592928),new d(2227730452,2716904306),new d(2361852424,442776044),new d(2428436474,593698344),new d(2756734187,3733110249),new d(3204031479,2999351573),new d(3329325298,3815920427),new d(3391569614,3928383900),new d(3515267271, +566280711),new d(3940187606,3454069534),new d(4118630271,4000239992),new d(116418474,1914138554),new d(174292421,2731055270),new d(289380356,3203993006),new d(460393269,320620315),new d(685471733,587496836),new d(852142971,1086792851),new d(1017036298,365543100),new d(1126000580,2618297676),new d(1288033470,3409855158),new d(1501505948,4234509866),new d(1607167915,987167468),new d(1816402316,1246189591)],e="SHA-384"===c?[new d(3418070365,3238371032),new d(1654270250,914150663),new d(2438529370,812702999), +new d(355462360,4144912697),new d(1731405415,4290775857),new d(41048885895,1750603025),new d(3675008525,1694076839),new d(1203062813,3204075428)]:[new d(1779033703,4089235720),new d(3144134277,2227873595),new d(1013904242,4271175723),new d(2773480762,1595750129),new d(1359893119,2917565137),new d(2600822924,725511199),new d(528734635,4215389547),new d(1541459225,327033209)]):p("Unexpected error in SHA-2 implementation");a[b>>>5]|=128<<24-b%32;a[g]=b;V=a.length;for(C=0;Cm?new d(a[m*I+C],a[m*I+C+1]):J(z(D[m-2]),D[m-7],y(D[m-15]),D[m-16]),i=s(o,L(j),M(j,l,n),O[m],D[m]),F=k(K(b),N(b,g,f)),o=n,n=l,l=j,j=k(h,i),h=f,f=g,g=b,b=k(i,F);e[0]=k(b,e[0]);e[1]=k(g,e[1]);e[2]=k(f,e[2]);e[3]=k(h,e[3]);e[4]=k(j,e[4]);e[5]=k(l,e[5]);e[6]=k(n,e[6]);e[7]=k(o,e[7])}"SHA-224"===c?G=[e[0],e[1],e[2],e[3],e[4],e[5],e[6]]:"SHA-256"===c?G=e:"SHA-384"===c?G=[e[0].a,e[0].b,e[1].a,e[1].b,e[2].a,e[2].b,e[3].a,e[3].b,e[4].a,e[4].b,e[5].a, +e[5].b]:"SHA-512"===c?G=[e[0].a,e[0].b,e[1].a,e[1].b,e[2].a,e[2].b,e[3].a,e[3].b,e[4].a,e[4].b,e[5].a,e[5].b,e[6].a,e[6].b,e[7].a,e[7].b]:p("Unexpected error in SHA-2 implementation");return G} +window.jsSHA=function(a,b,c){var g=q,f=q,h=q,j=q,l=q,n=0,o=[0],i=0,i="undefined"!==typeof c?c:8;8===i||16===i||p("charSize must be 8 or 16");"HEX"===b?(0!==a.length%2&&p("srcString of HEX type must be in byte increments"),n=4*a.length,o=u(a)):"ASCII"===b||"TEXT"===b?(n=a.length*i,o=t(a,i)):p("inputFormat must be HEX, TEXT, or ASCII");this.getHash=function(a,b,c){var i=q,m=o.slice(),v="";switch(b){case "HEX":i=x;break;case "B64":i=A;break;default:p("format must be HEX or B64")}if("SHA-1"===a){q=== +g&&(g=Z(m,n));v=i(g,B(c))}else if("SHA-224"===a){q===f&&(f=$(m,n,a));v=i(f,B(c))}else if("SHA-256"===a){q===h&&(h=$(m,n,a));v=i(h,B(c))}else if("SHA-384"===a){q===j&&(j=$(m,n,a));v=i(j,B(c))}else if("SHA-512"===a){q===l&&(l=$(m,n,a));v=i(l,B(c))}else p("Chosen SHA variant is not supported");return v};this.getHMAC=function(a,b,c,f,g){var h,j,k,l,s,y=[],z=[];switch(f){case "HEX":h=x;break;case "B64":h=A;break;default:p("outputFormat must be HEX or B64")}if("SHA-1"===c){k=64;s=160}else if("SHA-224"=== +c){k=64;s=224}else if("SHA-256"===c){k=64;s=256}else if("SHA-384"===c){k=128;s=384}else if("SHA-512"===c){k=128;s=512}else p("Chosen SHA variant is not supported");if("HEX"===b){0!==a.length%2&&p("key of HEX type must be in byte increments");j=u(a);l=a.length*4}else if("ASCII"===b||"TEXT"===b){j=t(a,i);l=a.length*i}else p("inputFormat must be HEX, TEXT or ASCII");a=k*8;b=k/4-1;if(kl/8&&(j[b]=j[b]&4294967040);for(k=0;k<=b;k=k+1){y[k]= +j[k]^909522486;z[k]=j[k]^1549556828}c="SHA-1"===c?Z(z.concat(Z(y.concat(o),a+n)),a+s):$(z.concat($(y.concat(o),a+n,c)),a+s,c);return h(c,B(g))}};})();