1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/js/src/v8/crypto.js Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,1698 @@
1.4 +/*
1.5 + * Copyright (c) 2003-2005 Tom Wu
1.6 + * All Rights Reserved.
1.7 + *
1.8 + * Permission is hereby granted, free of charge, to any person obtaining
1.9 + * a copy of this software and associated documentation files (the
1.10 + * "Software"), to deal in the Software without restriction, including
1.11 + * without limitation the rights to use, copy, modify, merge, publish,
1.12 + * distribute, sublicense, and/or sell copies of the Software, and to
1.13 + * permit persons to whom the Software is furnished to do so, subject to
1.14 + * the following conditions:
1.15 + *
1.16 + * The above copyright notice and this permission notice shall be
1.17 + * included in all copies or substantial portions of the Software.
1.18 + *
1.19 + * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
1.20 + * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
1.21 + * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
1.22 + *
1.23 + * IN NO EVENT SHALL TOM WU BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
1.24 + * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
1.25 + * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
1.26 + * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
1.27 + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
1.28 + *
1.29 + * In addition, the following condition applies:
1.30 + *
1.31 + * All redistributions must retain an intact copy of this copyright notice
1.32 + * and disclaimer.
1.33 + */
1.34 +
1.35 +
1.36 +// The code has been adapted for use as a benchmark by Google.
1.37 +var Crypto = new BenchmarkSuite('Crypto', 266181, [
1.38 + new Benchmark("Encrypt", encrypt),
1.39 + new Benchmark("Decrypt", decrypt)
1.40 +]);
1.41 +
1.42 +
1.43 +// Basic JavaScript BN library - subset useful for RSA encryption.
1.44 +
1.45 +// Bits per digit
1.46 +var dbits;
1.47 +var BI_DB;
1.48 +var BI_DM;
1.49 +var BI_DV;
1.50 +
1.51 +var BI_FP;
1.52 +var BI_FV;
1.53 +var BI_F1;
1.54 +var BI_F2;
1.55 +
1.56 +// JavaScript engine analysis
1.57 +var canary = 0xdeadbeefcafe;
1.58 +var j_lm = ((canary&0xffffff)==0xefcafe);
1.59 +
1.60 +// (public) Constructor
1.61 +function BigInteger(a,b,c) {
1.62 + this.array = new Array();
1.63 + if(a != null)
1.64 + if("number" == typeof a) this.fromNumber(a,b,c);
1.65 + else if(b == null && "string" != typeof a) this.fromString(a,256);
1.66 + else this.fromString(a,b);
1.67 +}
1.68 +
1.69 +// return new, unset BigInteger
1.70 +function nbi() { return new BigInteger(null); }
1.71 +
1.72 +// am: Compute w_j += (x*this_i), propagate carries,
1.73 +// c is initial carry, returns final carry.
1.74 +// c < 3*dvalue, x < 2*dvalue, this_i < dvalue
1.75 +// We need to select the fastest one that works in this environment.
1.76 +
1.77 +// am1: use a single mult and divide to get the high bits,
1.78 +// max digit bits should be 26 because
1.79 +// max internal value = 2*dvalue^2-2*dvalue (< 2^53)
1.80 +function am1(i,x,w,j,c,n) {
1.81 + var this_array = this.array;
1.82 + var w_array = w.array;
1.83 + while(--n >= 0) {
1.84 + var v = x*this_array[i++]+w_array[j]+c;
1.85 + c = Math.floor(v/0x4000000);
1.86 + w_array[j++] = v&0x3ffffff;
1.87 + }
1.88 + return c;
1.89 +}
1.90 +
1.91 +// am2 avoids a big mult-and-extract completely.
1.92 +// Max digit bits should be <= 30 because we do bitwise ops
1.93 +// on values up to 2*hdvalue^2-hdvalue-1 (< 2^31)
1.94 +function am2(i,x,w,j,c,n) {
1.95 + var this_array = this.array;
1.96 + var w_array = w.array;
1.97 + var xl = x&0x7fff, xh = x>>15;
1.98 + while(--n >= 0) {
1.99 + var l = this_array[i]&0x7fff;
1.100 + var h = this_array[i++]>>15;
1.101 + var m = xh*l+h*xl;
1.102 + l = xl*l+((m&0x7fff)<<15)+w_array[j]+(c&0x3fffffff);
1.103 + c = (l>>>30)+(m>>>15)+xh*h+(c>>>30);
1.104 + w_array[j++] = l&0x3fffffff;
1.105 + }
1.106 + return c;
1.107 +}
1.108 +
1.109 +// Alternately, set max digit bits to 28 since some
1.110 +// browsers slow down when dealing with 32-bit numbers.
1.111 +function am3(i,x,w,j,c,n) {
1.112 + var this_array = this.array;
1.113 + var w_array = w.array;
1.114 +
1.115 + var xl = x&0x3fff, xh = x>>14;
1.116 + while(--n >= 0) {
1.117 + var l = this_array[i]&0x3fff;
1.118 + var h = this_array[i++]>>14;
1.119 + var m = xh*l+h*xl;
1.120 + l = xl*l+((m&0x3fff)<<14)+w_array[j]+c;
1.121 + c = (l>>28)+(m>>14)+xh*h;
1.122 + w_array[j++] = l&0xfffffff;
1.123 + }
1.124 + return c;
1.125 +}
1.126 +
1.127 +// This is tailored to VMs with 2-bit tagging. It makes sure
1.128 +// that all the computations stay within the 29 bits available.
1.129 +function am4(i,x,w,j,c,n) {
1.130 + var this_array = this.array;
1.131 + var w_array = w.array;
1.132 +
1.133 + var xl = x&0x1fff, xh = x>>13;
1.134 + while(--n >= 0) {
1.135 + var l = this_array[i]&0x1fff;
1.136 + var h = this_array[i++]>>13;
1.137 + var m = xh*l+h*xl;
1.138 + l = xl*l+((m&0x1fff)<<13)+w_array[j]+c;
1.139 + c = (l>>26)+(m>>13)+xh*h;
1.140 + w_array[j++] = l&0x3ffffff;
1.141 + }
1.142 + return c;
1.143 +}
1.144 +
1.145 +// am3/28 is best for SM, Rhino, but am4/26 is best for v8.
1.146 +// Kestrel (Opera 9.5) gets its best result with am4/26.
1.147 +// IE7 does 9% better with am3/28 than with am4/26.
1.148 +// Firefox (SM) gets 10% faster with am3/28 than with am4/26.
1.149 +
1.150 +setupEngine = function(fn, bits) {
1.151 + BigInteger.prototype.am = fn;
1.152 + dbits = bits;
1.153 +
1.154 + BI_DB = dbits;
1.155 + BI_DM = ((1<<dbits)-1);
1.156 + BI_DV = (1<<dbits);
1.157 +
1.158 + BI_FP = 52;
1.159 + BI_FV = Math.pow(2,BI_FP);
1.160 + BI_F1 = BI_FP-dbits;
1.161 + BI_F2 = 2*dbits-BI_FP;
1.162 +}
1.163 +
1.164 +
1.165 +// Digit conversions
1.166 +var BI_RM = "0123456789abcdefghijklmnopqrstuvwxyz";
1.167 +var BI_RC = new Array();
1.168 +var rr,vv;
1.169 +rr = "0".charCodeAt(0);
1.170 +for(vv = 0; vv <= 9; ++vv) BI_RC[rr++] = vv;
1.171 +rr = "a".charCodeAt(0);
1.172 +for(vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv;
1.173 +rr = "A".charCodeAt(0);
1.174 +for(vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv;
1.175 +
1.176 +function int2char(n) { return BI_RM.charAt(n); }
1.177 +function intAt(s,i) {
1.178 + var c = BI_RC[s.charCodeAt(i)];
1.179 + return (c==null)?-1:c;
1.180 +}
1.181 +
1.182 +// (protected) copy this to r
1.183 +function bnpCopyTo(r) {
1.184 + var this_array = this.array;
1.185 + var r_array = r.array;
1.186 +
1.187 + for(var i = this.t-1; i >= 0; --i) r_array[i] = this_array[i];
1.188 + r.t = this.t;
1.189 + r.s = this.s;
1.190 +}
1.191 +
1.192 +// (protected) set from integer value x, -DV <= x < DV
1.193 +function bnpFromInt(x) {
1.194 + var this_array = this.array;
1.195 + this.t = 1;
1.196 + this.s = (x<0)?-1:0;
1.197 + if(x > 0) this_array[0] = x;
1.198 + else if(x < -1) this_array[0] = x+DV;
1.199 + else this.t = 0;
1.200 +}
1.201 +
1.202 +// return bigint initialized to value
1.203 +function nbv(i) { var r = nbi(); r.fromInt(i); return r; }
1.204 +
1.205 +// (protected) set from string and radix
1.206 +function bnpFromString(s,b) {
1.207 + var this_array = this.array;
1.208 + var k;
1.209 + if(b == 16) k = 4;
1.210 + else if(b == 8) k = 3;
1.211 + else if(b == 256) k = 8; // byte array
1.212 + else if(b == 2) k = 1;
1.213 + else if(b == 32) k = 5;
1.214 + else if(b == 4) k = 2;
1.215 + else { this.fromRadix(s,b); return; }
1.216 + this.t = 0;
1.217 + this.s = 0;
1.218 + var i = s.length, mi = false, sh = 0;
1.219 + while(--i >= 0) {
1.220 + var x = (k==8)?s[i]&0xff:intAt(s,i);
1.221 + if(x < 0) {
1.222 + if(s.charAt(i) == "-") mi = true;
1.223 + continue;
1.224 + }
1.225 + mi = false;
1.226 + if(sh == 0)
1.227 + this_array[this.t++] = x;
1.228 + else if(sh+k > BI_DB) {
1.229 + this_array[this.t-1] |= (x&((1<<(BI_DB-sh))-1))<<sh;
1.230 + this_array[this.t++] = (x>>(BI_DB-sh));
1.231 + }
1.232 + else
1.233 + this_array[this.t-1] |= x<<sh;
1.234 + sh += k;
1.235 + if(sh >= BI_DB) sh -= BI_DB;
1.236 + }
1.237 + if(k == 8 && (s[0]&0x80) != 0) {
1.238 + this.s = -1;
1.239 + if(sh > 0) this_array[this.t-1] |= ((1<<(BI_DB-sh))-1)<<sh;
1.240 + }
1.241 + this.clamp();
1.242 + if(mi) BigInteger.ZERO.subTo(this,this);
1.243 +}
1.244 +
1.245 +// (protected) clamp off excess high words
1.246 +function bnpClamp() {
1.247 + var this_array = this.array;
1.248 + var c = this.s&BI_DM;
1.249 + while(this.t > 0 && this_array[this.t-1] == c) --this.t;
1.250 +}
1.251 +
1.252 +// (public) return string representation in given radix
1.253 +function bnToString(b) {
1.254 + var this_array = this.array;
1.255 + if(this.s < 0) return "-"+this.negate().toString(b);
1.256 + var k;
1.257 + if(b == 16) k = 4;
1.258 + else if(b == 8) k = 3;
1.259 + else if(b == 2) k = 1;
1.260 + else if(b == 32) k = 5;
1.261 + else if(b == 4) k = 2;
1.262 + else return this.toRadix(b);
1.263 + var km = (1<<k)-1, d, m = false, r = "", i = this.t;
1.264 + var p = BI_DB-(i*BI_DB)%k;
1.265 + if(i-- > 0) {
1.266 + if(p < BI_DB && (d = this_array[i]>>p) > 0) { m = true; r = int2char(d); }
1.267 + while(i >= 0) {
1.268 + if(p < k) {
1.269 + d = (this_array[i]&((1<<p)-1))<<(k-p);
1.270 + d |= this_array[--i]>>(p+=BI_DB-k);
1.271 + }
1.272 + else {
1.273 + d = (this_array[i]>>(p-=k))&km;
1.274 + if(p <= 0) { p += BI_DB; --i; }
1.275 + }
1.276 + if(d > 0) m = true;
1.277 + if(m) r += int2char(d);
1.278 + }
1.279 + }
1.280 + return m?r:"0";
1.281 +}
1.282 +
1.283 +// (public) -this
1.284 +function bnNegate() { var r = nbi(); BigInteger.ZERO.subTo(this,r); return r; }
1.285 +
1.286 +// (public) |this|
1.287 +function bnAbs() { return (this.s<0)?this.negate():this; }
1.288 +
1.289 +// (public) return + if this > a, - if this < a, 0 if equal
1.290 +function bnCompareTo(a) {
1.291 + var this_array = this.array;
1.292 + var a_array = a.array;
1.293 +
1.294 + var r = this.s-a.s;
1.295 + if(r != 0) return r;
1.296 + var i = this.t;
1.297 + r = i-a.t;
1.298 + if(r != 0) return r;
1.299 + while(--i >= 0) if((r=this_array[i]-a_array[i]) != 0) return r;
1.300 + return 0;
1.301 +}
1.302 +
1.303 +// returns bit length of the integer x
1.304 +function nbits(x) {
1.305 + var r = 1, t;
1.306 + if((t=x>>>16) != 0) { x = t; r += 16; }
1.307 + if((t=x>>8) != 0) { x = t; r += 8; }
1.308 + if((t=x>>4) != 0) { x = t; r += 4; }
1.309 + if((t=x>>2) != 0) { x = t; r += 2; }
1.310 + if((t=x>>1) != 0) { x = t; r += 1; }
1.311 + return r;
1.312 +}
1.313 +
1.314 +// (public) return the number of bits in "this"
1.315 +function bnBitLength() {
1.316 + var this_array = this.array;
1.317 + if(this.t <= 0) return 0;
1.318 + return BI_DB*(this.t-1)+nbits(this_array[this.t-1]^(this.s&BI_DM));
1.319 +}
1.320 +
1.321 +// (protected) r = this << n*DB
1.322 +function bnpDLShiftTo(n,r) {
1.323 + var this_array = this.array;
1.324 + var r_array = r.array;
1.325 + var i;
1.326 + for(i = this.t-1; i >= 0; --i) r_array[i+n] = this_array[i];
1.327 + for(i = n-1; i >= 0; --i) r_array[i] = 0;
1.328 + r.t = this.t+n;
1.329 + r.s = this.s;
1.330 +}
1.331 +
1.332 +// (protected) r = this >> n*DB
1.333 +function bnpDRShiftTo(n,r) {
1.334 + var this_array = this.array;
1.335 + var r_array = r.array;
1.336 + for(var i = n; i < this.t; ++i) r_array[i-n] = this_array[i];
1.337 + r.t = Math.max(this.t-n,0);
1.338 + r.s = this.s;
1.339 +}
1.340 +
1.341 +// (protected) r = this << n
1.342 +function bnpLShiftTo(n,r) {
1.343 + var this_array = this.array;
1.344 + var r_array = r.array;
1.345 + var bs = n%BI_DB;
1.346 + var cbs = BI_DB-bs;
1.347 + var bm = (1<<cbs)-1;
1.348 + var ds = Math.floor(n/BI_DB), c = (this.s<<bs)&BI_DM, i;
1.349 + for(i = this.t-1; i >= 0; --i) {
1.350 + r_array[i+ds+1] = (this_array[i]>>cbs)|c;
1.351 + c = (this_array[i]&bm)<<bs;
1.352 + }
1.353 + for(i = ds-1; i >= 0; --i) r_array[i] = 0;
1.354 + r_array[ds] = c;
1.355 + r.t = this.t+ds+1;
1.356 + r.s = this.s;
1.357 + r.clamp();
1.358 +}
1.359 +
1.360 +// (protected) r = this >> n
1.361 +function bnpRShiftTo(n,r) {
1.362 + var this_array = this.array;
1.363 + var r_array = r.array;
1.364 + r.s = this.s;
1.365 + var ds = Math.floor(n/BI_DB);
1.366 + if(ds >= this.t) { r.t = 0; return; }
1.367 + var bs = n%BI_DB;
1.368 + var cbs = BI_DB-bs;
1.369 + var bm = (1<<bs)-1;
1.370 + r_array[0] = this_array[ds]>>bs;
1.371 + for(var i = ds+1; i < this.t; ++i) {
1.372 + r_array[i-ds-1] |= (this_array[i]&bm)<<cbs;
1.373 + r_array[i-ds] = this_array[i]>>bs;
1.374 + }
1.375 + if(bs > 0) r_array[this.t-ds-1] |= (this.s&bm)<<cbs;
1.376 + r.t = this.t-ds;
1.377 + r.clamp();
1.378 +}
1.379 +
1.380 +// (protected) r = this - a
1.381 +function bnpSubTo(a,r) {
1.382 + var this_array = this.array;
1.383 + var r_array = r.array;
1.384 + var a_array = a.array;
1.385 + var i = 0, c = 0, m = Math.min(a.t,this.t);
1.386 + while(i < m) {
1.387 + c += this_array[i]-a_array[i];
1.388 + r_array[i++] = c&BI_DM;
1.389 + c >>= BI_DB;
1.390 + }
1.391 + if(a.t < this.t) {
1.392 + c -= a.s;
1.393 + while(i < this.t) {
1.394 + c += this_array[i];
1.395 + r_array[i++] = c&BI_DM;
1.396 + c >>= BI_DB;
1.397 + }
1.398 + c += this.s;
1.399 + }
1.400 + else {
1.401 + c += this.s;
1.402 + while(i < a.t) {
1.403 + c -= a_array[i];
1.404 + r_array[i++] = c&BI_DM;
1.405 + c >>= BI_DB;
1.406 + }
1.407 + c -= a.s;
1.408 + }
1.409 + r.s = (c<0)?-1:0;
1.410 + if(c < -1) r_array[i++] = BI_DV+c;
1.411 + else if(c > 0) r_array[i++] = c;
1.412 + r.t = i;
1.413 + r.clamp();
1.414 +}
1.415 +
1.416 +// (protected) r = this * a, r != this,a (HAC 14.12)
1.417 +// "this" should be the larger one if appropriate.
1.418 +function bnpMultiplyTo(a,r) {
1.419 + var this_array = this.array;
1.420 + var r_array = r.array;
1.421 + var x = this.abs(), y = a.abs();
1.422 + var y_array = y.array;
1.423 +
1.424 + var i = x.t;
1.425 + r.t = i+y.t;
1.426 + while(--i >= 0) r_array[i] = 0;
1.427 + for(i = 0; i < y.t; ++i) r_array[i+x.t] = x.am(0,y_array[i],r,i,0,x.t);
1.428 + r.s = 0;
1.429 + r.clamp();
1.430 + if(this.s != a.s) BigInteger.ZERO.subTo(r,r);
1.431 +}
1.432 +
1.433 +// (protected) r = this^2, r != this (HAC 14.16)
1.434 +function bnpSquareTo(r) {
1.435 + var x = this.abs();
1.436 + var x_array = x.array;
1.437 + var r_array = r.array;
1.438 +
1.439 + var i = r.t = 2*x.t;
1.440 + while(--i >= 0) r_array[i] = 0;
1.441 + for(i = 0; i < x.t-1; ++i) {
1.442 + var c = x.am(i,x_array[i],r,2*i,0,1);
1.443 + if((r_array[i+x.t]+=x.am(i+1,2*x_array[i],r,2*i+1,c,x.t-i-1)) >= BI_DV) {
1.444 + r_array[i+x.t] -= BI_DV;
1.445 + r_array[i+x.t+1] = 1;
1.446 + }
1.447 + }
1.448 + if(r.t > 0) r_array[r.t-1] += x.am(i,x_array[i],r,2*i,0,1);
1.449 + r.s = 0;
1.450 + r.clamp();
1.451 +}
1.452 +
1.453 +// (protected) divide this by m, quotient and remainder to q, r (HAC 14.20)
1.454 +// r != q, this != m. q or r may be null.
1.455 +function bnpDivRemTo(m,q,r) {
1.456 + var pm = m.abs();
1.457 + if(pm.t <= 0) return;
1.458 + var pt = this.abs();
1.459 + if(pt.t < pm.t) {
1.460 + if(q != null) q.fromInt(0);
1.461 + if(r != null) this.copyTo(r);
1.462 + return;
1.463 + }
1.464 + if(r == null) r = nbi();
1.465 + var y = nbi(), ts = this.s, ms = m.s;
1.466 + var pm_array = pm.array;
1.467 + var nsh = BI_DB-nbits(pm_array[pm.t-1]); // normalize modulus
1.468 + if(nsh > 0) { pm.lShiftTo(nsh,y); pt.lShiftTo(nsh,r); }
1.469 + else { pm.copyTo(y); pt.copyTo(r); }
1.470 + var ys = y.t;
1.471 +
1.472 + var y_array = y.array;
1.473 + var y0 = y_array[ys-1];
1.474 + if(y0 == 0) return;
1.475 + var yt = y0*(1<<BI_F1)+((ys>1)?y_array[ys-2]>>BI_F2:0);
1.476 + var d1 = BI_FV/yt, d2 = (1<<BI_F1)/yt, e = 1<<BI_F2;
1.477 + var i = r.t, j = i-ys, t = (q==null)?nbi():q;
1.478 + y.dlShiftTo(j,t);
1.479 +
1.480 + var r_array = r.array;
1.481 + if(r.compareTo(t) >= 0) {
1.482 + r_array[r.t++] = 1;
1.483 + r.subTo(t,r);
1.484 + }
1.485 + BigInteger.ONE.dlShiftTo(ys,t);
1.486 + t.subTo(y,y); // "negative" y so we can replace sub with am later
1.487 + while(y.t < ys) y_array[y.t++] = 0;
1.488 + while(--j >= 0) {
1.489 + // Estimate quotient digit
1.490 + var qd = (r_array[--i]==y0)?BI_DM:Math.floor(r_array[i]*d1+(r_array[i-1]+e)*d2);
1.491 + if((r_array[i]+=y.am(0,qd,r,j,0,ys)) < qd) { // Try it out
1.492 + y.dlShiftTo(j,t);
1.493 + r.subTo(t,r);
1.494 + while(r_array[i] < --qd) r.subTo(t,r);
1.495 + }
1.496 + }
1.497 + if(q != null) {
1.498 + r.drShiftTo(ys,q);
1.499 + if(ts != ms) BigInteger.ZERO.subTo(q,q);
1.500 + }
1.501 + r.t = ys;
1.502 + r.clamp();
1.503 + if(nsh > 0) r.rShiftTo(nsh,r); // Denormalize remainder
1.504 + if(ts < 0) BigInteger.ZERO.subTo(r,r);
1.505 +}
1.506 +
1.507 +// (public) this mod a
1.508 +function bnMod(a) {
1.509 + var r = nbi();
1.510 + this.abs().divRemTo(a,null,r);
1.511 + if(this.s < 0 && r.compareTo(BigInteger.ZERO) > 0) a.subTo(r,r);
1.512 + return r;
1.513 +}
1.514 +
1.515 +// Modular reduction using "classic" algorithm
1.516 +function Classic(m) { this.m = m; }
1.517 +function cConvert(x) {
1.518 + if(x.s < 0 || x.compareTo(this.m) >= 0) return x.mod(this.m);
1.519 + else return x;
1.520 +}
1.521 +function cRevert(x) { return x; }
1.522 +function cReduce(x) { x.divRemTo(this.m,null,x); }
1.523 +function cMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); }
1.524 +function cSqrTo(x,r) { x.squareTo(r); this.reduce(r); }
1.525 +
1.526 +Classic.prototype.convert = cConvert;
1.527 +Classic.prototype.revert = cRevert;
1.528 +Classic.prototype.reduce = cReduce;
1.529 +Classic.prototype.mulTo = cMulTo;
1.530 +Classic.prototype.sqrTo = cSqrTo;
1.531 +
1.532 +// (protected) return "-1/this % 2^DB"; useful for Mont. reduction
1.533 +// justification:
1.534 +// xy == 1 (mod m)
1.535 +// xy = 1+km
1.536 +// xy(2-xy) = (1+km)(1-km)
1.537 +// x[y(2-xy)] = 1-k^2m^2
1.538 +// x[y(2-xy)] == 1 (mod m^2)
1.539 +// if y is 1/x mod m, then y(2-xy) is 1/x mod m^2
1.540 +// should reduce x and y(2-xy) by m^2 at each step to keep size bounded.
1.541 +// JS multiply "overflows" differently from C/C++, so care is needed here.
1.542 +function bnpInvDigit() {
1.543 + var this_array = this.array;
1.544 + if(this.t < 1) return 0;
1.545 + var x = this_array[0];
1.546 + if((x&1) == 0) return 0;
1.547 + var y = x&3; // y == 1/x mod 2^2
1.548 + y = (y*(2-(x&0xf)*y))&0xf; // y == 1/x mod 2^4
1.549 + y = (y*(2-(x&0xff)*y))&0xff; // y == 1/x mod 2^8
1.550 + y = (y*(2-(((x&0xffff)*y)&0xffff)))&0xffff; // y == 1/x mod 2^16
1.551 + // last step - calculate inverse mod DV directly;
1.552 + // assumes 16 < DB <= 32 and assumes ability to handle 48-bit ints
1.553 + y = (y*(2-x*y%BI_DV))%BI_DV; // y == 1/x mod 2^dbits
1.554 + // we really want the negative inverse, and -DV < y < DV
1.555 + return (y>0)?BI_DV-y:-y;
1.556 +}
1.557 +
1.558 +// Montgomery reduction
1.559 +function Montgomery(m) {
1.560 + this.m = m;
1.561 + this.mp = m.invDigit();
1.562 + this.mpl = this.mp&0x7fff;
1.563 + this.mph = this.mp>>15;
1.564 + this.um = (1<<(BI_DB-15))-1;
1.565 + this.mt2 = 2*m.t;
1.566 +}
1.567 +
1.568 +// xR mod m
1.569 +function montConvert(x) {
1.570 + var r = nbi();
1.571 + x.abs().dlShiftTo(this.m.t,r);
1.572 + r.divRemTo(this.m,null,r);
1.573 + if(x.s < 0 && r.compareTo(BigInteger.ZERO) > 0) this.m.subTo(r,r);
1.574 + return r;
1.575 +}
1.576 +
1.577 +// x/R mod m
1.578 +function montRevert(x) {
1.579 + var r = nbi();
1.580 + x.copyTo(r);
1.581 + this.reduce(r);
1.582 + return r;
1.583 +}
1.584 +
1.585 +// x = x/R mod m (HAC 14.32)
1.586 +function montReduce(x) {
1.587 + var x_array = x.array;
1.588 + while(x.t <= this.mt2) // pad x so am has enough room later
1.589 + x_array[x.t++] = 0;
1.590 + for(var i = 0; i < this.m.t; ++i) {
1.591 + // faster way of calculating u0 = x[i]*mp mod DV
1.592 + var j = x_array[i]&0x7fff;
1.593 + var u0 = (j*this.mpl+(((j*this.mph+(x_array[i]>>15)*this.mpl)&this.um)<<15))&BI_DM;
1.594 + // use am to combine the multiply-shift-add into one call
1.595 + j = i+this.m.t;
1.596 + x_array[j] += this.m.am(0,u0,x,i,0,this.m.t);
1.597 + // propagate carry
1.598 + while(x_array[j] >= BI_DV) { x_array[j] -= BI_DV; x_array[++j]++; }
1.599 + }
1.600 + x.clamp();
1.601 + x.drShiftTo(this.m.t,x);
1.602 + if(x.compareTo(this.m) >= 0) x.subTo(this.m,x);
1.603 +}
1.604 +
1.605 +// r = "x^2/R mod m"; x != r
1.606 +function montSqrTo(x,r) { x.squareTo(r); this.reduce(r); }
1.607 +
1.608 +// r = "xy/R mod m"; x,y != r
1.609 +function montMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); }
1.610 +
1.611 +Montgomery.prototype.convert = montConvert;
1.612 +Montgomery.prototype.revert = montRevert;
1.613 +Montgomery.prototype.reduce = montReduce;
1.614 +Montgomery.prototype.mulTo = montMulTo;
1.615 +Montgomery.prototype.sqrTo = montSqrTo;
1.616 +
1.617 +// (protected) true iff this is even
1.618 +function bnpIsEven() {
1.619 + var this_array = this.array;
1.620 + return ((this.t>0)?(this_array[0]&1):this.s) == 0;
1.621 +}
1.622 +
1.623 +// (protected) this^e, e < 2^32, doing sqr and mul with "r" (HAC 14.79)
1.624 +function bnpExp(e,z) {
1.625 + if(e > 0xffffffff || e < 1) return BigInteger.ONE;
1.626 + var r = nbi(), r2 = nbi(), g = z.convert(this), i = nbits(e)-1;
1.627 + g.copyTo(r);
1.628 + while(--i >= 0) {
1.629 + z.sqrTo(r,r2);
1.630 + if((e&(1<<i)) > 0) z.mulTo(r2,g,r);
1.631 + else { var t = r; r = r2; r2 = t; }
1.632 + }
1.633 + return z.revert(r);
1.634 +}
1.635 +
1.636 +// (public) this^e % m, 0 <= e < 2^32
1.637 +function bnModPowInt(e,m) {
1.638 + var z;
1.639 + if(e < 256 || m.isEven()) z = new Classic(m); else z = new Montgomery(m);
1.640 + return this.exp(e,z);
1.641 +}
1.642 +
1.643 +// protected
1.644 +BigInteger.prototype.copyTo = bnpCopyTo;
1.645 +BigInteger.prototype.fromInt = bnpFromInt;
1.646 +BigInteger.prototype.fromString = bnpFromString;
1.647 +BigInteger.prototype.clamp = bnpClamp;
1.648 +BigInteger.prototype.dlShiftTo = bnpDLShiftTo;
1.649 +BigInteger.prototype.drShiftTo = bnpDRShiftTo;
1.650 +BigInteger.prototype.lShiftTo = bnpLShiftTo;
1.651 +BigInteger.prototype.rShiftTo = bnpRShiftTo;
1.652 +BigInteger.prototype.subTo = bnpSubTo;
1.653 +BigInteger.prototype.multiplyTo = bnpMultiplyTo;
1.654 +BigInteger.prototype.squareTo = bnpSquareTo;
1.655 +BigInteger.prototype.divRemTo = bnpDivRemTo;
1.656 +BigInteger.prototype.invDigit = bnpInvDigit;
1.657 +BigInteger.prototype.isEven = bnpIsEven;
1.658 +BigInteger.prototype.exp = bnpExp;
1.659 +
1.660 +// public
1.661 +BigInteger.prototype.toString = bnToString;
1.662 +BigInteger.prototype.negate = bnNegate;
1.663 +BigInteger.prototype.abs = bnAbs;
1.664 +BigInteger.prototype.compareTo = bnCompareTo;
1.665 +BigInteger.prototype.bitLength = bnBitLength;
1.666 +BigInteger.prototype.mod = bnMod;
1.667 +BigInteger.prototype.modPowInt = bnModPowInt;
1.668 +
1.669 +// "constants"
1.670 +BigInteger.ZERO = nbv(0);
1.671 +BigInteger.ONE = nbv(1);
1.672 +// Copyright (c) 2005 Tom Wu
1.673 +// All Rights Reserved.
1.674 +// See "LICENSE" for details.
1.675 +
1.676 +// Extended JavaScript BN functions, required for RSA private ops.
1.677 +
1.678 +// (public)
1.679 +function bnClone() { var r = nbi(); this.copyTo(r); return r; }
1.680 +
1.681 +// (public) return value as integer
1.682 +function bnIntValue() {
1.683 + var this_array = this.array;
1.684 + if(this.s < 0) {
1.685 + if(this.t == 1) return this_array[0]-BI_DV;
1.686 + else if(this.t == 0) return -1;
1.687 + }
1.688 + else if(this.t == 1) return this_array[0];
1.689 + else if(this.t == 0) return 0;
1.690 + // assumes 16 < DB < 32
1.691 + return ((this_array[1]&((1<<(32-BI_DB))-1))<<BI_DB)|this_array[0];
1.692 +}
1.693 +
1.694 +// (public) return value as byte
1.695 +function bnByteValue() {
1.696 + var this_array = this.array;
1.697 + return (this.t==0)?this.s:(this_array[0]<<24)>>24;
1.698 +}
1.699 +
1.700 +// (public) return value as short (assumes DB>=16)
1.701 +function bnShortValue() {
1.702 + var this_array = this.array;
1.703 + return (this.t==0)?this.s:(this_array[0]<<16)>>16;
1.704 +}
1.705 +
1.706 +// (protected) return x s.t. r^x < DV
1.707 +function bnpChunkSize(r) { return Math.floor(Math.LN2*BI_DB/Math.log(r)); }
1.708 +
1.709 +// (public) 0 if this == 0, 1 if this > 0
1.710 +function bnSigNum() {
1.711 + var this_array = this.array;
1.712 + if(this.s < 0) return -1;
1.713 + else if(this.t <= 0 || (this.t == 1 && this_array[0] <= 0)) return 0;
1.714 + else return 1;
1.715 +}
1.716 +
1.717 +// (protected) convert to radix string
1.718 +function bnpToRadix(b) {
1.719 + if(b == null) b = 10;
1.720 + if(this.signum() == 0 || b < 2 || b > 36) return "0";
1.721 + var cs = this.chunkSize(b);
1.722 + var a = Math.pow(b,cs);
1.723 + var d = nbv(a), y = nbi(), z = nbi(), r = "";
1.724 + this.divRemTo(d,y,z);
1.725 + while(y.signum() > 0) {
1.726 + r = (a+z.intValue()).toString(b).substr(1) + r;
1.727 + y.divRemTo(d,y,z);
1.728 + }
1.729 + return z.intValue().toString(b) + r;
1.730 +}
1.731 +
1.732 +// (protected) convert from radix string
1.733 +function bnpFromRadix(s,b) {
1.734 + this.fromInt(0);
1.735 + if(b == null) b = 10;
1.736 + var cs = this.chunkSize(b);
1.737 + var d = Math.pow(b,cs), mi = false, j = 0, w = 0;
1.738 + for(var i = 0; i < s.length; ++i) {
1.739 + var x = intAt(s,i);
1.740 + if(x < 0) {
1.741 + if(s.charAt(i) == "-" && this.signum() == 0) mi = true;
1.742 + continue;
1.743 + }
1.744 + w = b*w+x;
1.745 + if(++j >= cs) {
1.746 + this.dMultiply(d);
1.747 + this.dAddOffset(w,0);
1.748 + j = 0;
1.749 + w = 0;
1.750 + }
1.751 + }
1.752 + if(j > 0) {
1.753 + this.dMultiply(Math.pow(b,j));
1.754 + this.dAddOffset(w,0);
1.755 + }
1.756 + if(mi) BigInteger.ZERO.subTo(this,this);
1.757 +}
1.758 +
1.759 +// (protected) alternate constructor
1.760 +function bnpFromNumber(a,b,c) {
1.761 + if("number" == typeof b) {
1.762 + // new BigInteger(int,int,RNG)
1.763 + if(a < 2) this.fromInt(1);
1.764 + else {
1.765 + this.fromNumber(a,c);
1.766 + if(!this.testBit(a-1)) // force MSB set
1.767 + this.bitwiseTo(BigInteger.ONE.shiftLeft(a-1),op_or,this);
1.768 + if(this.isEven()) this.dAddOffset(1,0); // force odd
1.769 + while(!this.isProbablePrime(b)) {
1.770 + this.dAddOffset(2,0);
1.771 + if(this.bitLength() > a) this.subTo(BigInteger.ONE.shiftLeft(a-1),this);
1.772 + }
1.773 + }
1.774 + }
1.775 + else {
1.776 + // new BigInteger(int,RNG)
1.777 + var x = new Array(), t = a&7;
1.778 + x.length = (a>>3)+1;
1.779 + b.nextBytes(x);
1.780 + if(t > 0) x[0] &= ((1<<t)-1); else x[0] = 0;
1.781 + this.fromString(x,256);
1.782 + }
1.783 +}
1.784 +
1.785 +// (public) convert to bigendian byte array
1.786 +function bnToByteArray() {
1.787 + var this_array = this.array;
1.788 + var i = this.t, r = new Array();
1.789 + r[0] = this.s;
1.790 + var p = BI_DB-(i*BI_DB)%8, d, k = 0;
1.791 + if(i-- > 0) {
1.792 + if(p < BI_DB && (d = this_array[i]>>p) != (this.s&BI_DM)>>p)
1.793 + r[k++] = d|(this.s<<(BI_DB-p));
1.794 + while(i >= 0) {
1.795 + if(p < 8) {
1.796 + d = (this_array[i]&((1<<p)-1))<<(8-p);
1.797 + d |= this_array[--i]>>(p+=BI_DB-8);
1.798 + }
1.799 + else {
1.800 + d = (this_array[i]>>(p-=8))&0xff;
1.801 + if(p <= 0) { p += BI_DB; --i; }
1.802 + }
1.803 + if((d&0x80) != 0) d |= -256;
1.804 + if(k == 0 && (this.s&0x80) != (d&0x80)) ++k;
1.805 + if(k > 0 || d != this.s) r[k++] = d;
1.806 + }
1.807 + }
1.808 + return r;
1.809 +}
1.810 +
1.811 +function bnEquals(a) { return(this.compareTo(a)==0); }
1.812 +function bnMin(a) { return(this.compareTo(a)<0)?this:a; }
1.813 +function bnMax(a) { return(this.compareTo(a)>0)?this:a; }
1.814 +
1.815 +// (protected) r = this op a (bitwise)
1.816 +function bnpBitwiseTo(a,op,r) {
1.817 + var this_array = this.array;
1.818 + var a_array = a.array;
1.819 + var r_array = r.array;
1.820 + var i, f, m = Math.min(a.t,this.t);
1.821 + for(i = 0; i < m; ++i) r_array[i] = op(this_array[i],a_array[i]);
1.822 + if(a.t < this.t) {
1.823 + f = a.s&BI_DM;
1.824 + for(i = m; i < this.t; ++i) r_array[i] = op(this_array[i],f);
1.825 + r.t = this.t;
1.826 + }
1.827 + else {
1.828 + f = this.s&BI_DM;
1.829 + for(i = m; i < a.t; ++i) r_array[i] = op(f,a_array[i]);
1.830 + r.t = a.t;
1.831 + }
1.832 + r.s = op(this.s,a.s);
1.833 + r.clamp();
1.834 +}
1.835 +
1.836 +// (public) this & a
1.837 +function op_and(x,y) { return x&y; }
1.838 +function bnAnd(a) { var r = nbi(); this.bitwiseTo(a,op_and,r); return r; }
1.839 +
1.840 +// (public) this | a
1.841 +function op_or(x,y) { return x|y; }
1.842 +function bnOr(a) { var r = nbi(); this.bitwiseTo(a,op_or,r); return r; }
1.843 +
1.844 +// (public) this ^ a
1.845 +function op_xor(x,y) { return x^y; }
1.846 +function bnXor(a) { var r = nbi(); this.bitwiseTo(a,op_xor,r); return r; }
1.847 +
1.848 +// (public) this & ~a
1.849 +function op_andnot(x,y) { return x&~y; }
1.850 +function bnAndNot(a) { var r = nbi(); this.bitwiseTo(a,op_andnot,r); return r; }
1.851 +
1.852 +// (public) ~this
1.853 +function bnNot() {
1.854 + var this_array = this.array;
1.855 + var r = nbi();
1.856 + var r_array = r.array;
1.857 +
1.858 + for(var i = 0; i < this.t; ++i) r_array[i] = BI_DM&~this_array[i];
1.859 + r.t = this.t;
1.860 + r.s = ~this.s;
1.861 + return r;
1.862 +}
1.863 +
1.864 +// (public) this << n
1.865 +function bnShiftLeft(n) {
1.866 + var r = nbi();
1.867 + if(n < 0) this.rShiftTo(-n,r); else this.lShiftTo(n,r);
1.868 + return r;
1.869 +}
1.870 +
1.871 +// (public) this >> n
1.872 +function bnShiftRight(n) {
1.873 + var r = nbi();
1.874 + if(n < 0) this.lShiftTo(-n,r); else this.rShiftTo(n,r);
1.875 + return r;
1.876 +}
1.877 +
1.878 +// return index of lowest 1-bit in x, x < 2^31
1.879 +function lbit(x) {
1.880 + if(x == 0) return -1;
1.881 + var r = 0;
1.882 + if((x&0xffff) == 0) { x >>= 16; r += 16; }
1.883 + if((x&0xff) == 0) { x >>= 8; r += 8; }
1.884 + if((x&0xf) == 0) { x >>= 4; r += 4; }
1.885 + if((x&3) == 0) { x >>= 2; r += 2; }
1.886 + if((x&1) == 0) ++r;
1.887 + return r;
1.888 +}
1.889 +
1.890 +// (public) returns index of lowest 1-bit (or -1 if none)
1.891 +function bnGetLowestSetBit() {
1.892 + var this_array = this.array;
1.893 + for(var i = 0; i < this.t; ++i)
1.894 + if(this_array[i] != 0) return i*BI_DB+lbit(this_array[i]);
1.895 + if(this.s < 0) return this.t*BI_DB;
1.896 + return -1;
1.897 +}
1.898 +
1.899 +// return number of 1 bits in x
1.900 +function cbit(x) {
1.901 + var r = 0;
1.902 + while(x != 0) { x &= x-1; ++r; }
1.903 + return r;
1.904 +}
1.905 +
1.906 +// (public) return number of set bits
1.907 +function bnBitCount() {
1.908 + var r = 0, x = this.s&BI_DM;
1.909 + for(var i = 0; i < this.t; ++i) r += cbit(this_array[i]^x);
1.910 + return r;
1.911 +}
1.912 +
1.913 +// (public) true iff nth bit is set
1.914 +function bnTestBit(n) {
1.915 + var this_array = this.array;
1.916 + var j = Math.floor(n/BI_DB);
1.917 + if(j >= this.t) return(this.s!=0);
1.918 + return((this_array[j]&(1<<(n%BI_DB)))!=0);
1.919 +}
1.920 +
1.921 +// (protected) this op (1<<n)
1.922 +function bnpChangeBit(n,op) {
1.923 + var r = BigInteger.ONE.shiftLeft(n);
1.924 + this.bitwiseTo(r,op,r);
1.925 + return r;
1.926 +}
1.927 +
1.928 +// (public) this | (1<<n)
1.929 +function bnSetBit(n) { return this.changeBit(n,op_or); }
1.930 +
1.931 +// (public) this & ~(1<<n)
1.932 +function bnClearBit(n) { return this.changeBit(n,op_andnot); }
1.933 +
1.934 +// (public) this ^ (1<<n)
1.935 +function bnFlipBit(n) { return this.changeBit(n,op_xor); }
1.936 +
1.937 +// (protected) r = this + a
1.938 +function bnpAddTo(a,r) {
1.939 + var this_array = this.array;
1.940 + var a_array = a.array;
1.941 + var r_array = r.array;
1.942 + var i = 0, c = 0, m = Math.min(a.t,this.t);
1.943 + while(i < m) {
1.944 + c += this_array[i]+a_array[i];
1.945 + r_array[i++] = c&BI_DM;
1.946 + c >>= BI_DB;
1.947 + }
1.948 + if(a.t < this.t) {
1.949 + c += a.s;
1.950 + while(i < this.t) {
1.951 + c += this_array[i];
1.952 + r_array[i++] = c&BI_DM;
1.953 + c >>= BI_DB;
1.954 + }
1.955 + c += this.s;
1.956 + }
1.957 + else {
1.958 + c += this.s;
1.959 + while(i < a.t) {
1.960 + c += a_array[i];
1.961 + r_array[i++] = c&BI_DM;
1.962 + c >>= BI_DB;
1.963 + }
1.964 + c += a.s;
1.965 + }
1.966 + r.s = (c<0)?-1:0;
1.967 + if(c > 0) r_array[i++] = c;
1.968 + else if(c < -1) r_array[i++] = BI_DV+c;
1.969 + r.t = i;
1.970 + r.clamp();
1.971 +}
1.972 +
1.973 +// (public) this + a
1.974 +function bnAdd(a) { var r = nbi(); this.addTo(a,r); return r; }
1.975 +
1.976 +// (public) this - a
1.977 +function bnSubtract(a) { var r = nbi(); this.subTo(a,r); return r; }
1.978 +
1.979 +// (public) this * a
1.980 +function bnMultiply(a) { var r = nbi(); this.multiplyTo(a,r); return r; }
1.981 +
1.982 +// (public) this / a
1.983 +function bnDivide(a) { var r = nbi(); this.divRemTo(a,r,null); return r; }
1.984 +
1.985 +// (public) this % a
1.986 +function bnRemainder(a) { var r = nbi(); this.divRemTo(a,null,r); return r; }
1.987 +
1.988 +// (public) [this/a,this%a]
1.989 +function bnDivideAndRemainder(a) {
1.990 + var q = nbi(), r = nbi();
1.991 + this.divRemTo(a,q,r);
1.992 + return new Array(q,r);
1.993 +}
1.994 +
1.995 +// (protected) this *= n, this >= 0, 1 < n < DV
1.996 +function bnpDMultiply(n) {
1.997 + var this_array = this.array;
1.998 + this_array[this.t] = this.am(0,n-1,this,0,0,this.t);
1.999 + ++this.t;
1.1000 + this.clamp();
1.1001 +}
1.1002 +
1.1003 +// (protected) this += n << w words, this >= 0
1.1004 +function bnpDAddOffset(n,w) {
1.1005 + var this_array = this.array;
1.1006 + while(this.t <= w) this_array[this.t++] = 0;
1.1007 + this_array[w] += n;
1.1008 + while(this_array[w] >= BI_DV) {
1.1009 + this_array[w] -= BI_DV;
1.1010 + if(++w >= this.t) this_array[this.t++] = 0;
1.1011 + ++this_array[w];
1.1012 + }
1.1013 +}
1.1014 +
1.1015 +// A "null" reducer
1.1016 +function NullExp() {}
1.1017 +function nNop(x) { return x; }
1.1018 +function nMulTo(x,y,r) { x.multiplyTo(y,r); }
1.1019 +function nSqrTo(x,r) { x.squareTo(r); }
1.1020 +
1.1021 +NullExp.prototype.convert = nNop;
1.1022 +NullExp.prototype.revert = nNop;
1.1023 +NullExp.prototype.mulTo = nMulTo;
1.1024 +NullExp.prototype.sqrTo = nSqrTo;
1.1025 +
1.1026 +// (public) this^e
1.1027 +function bnPow(e) { return this.exp(e,new NullExp()); }
1.1028 +
1.1029 +// (protected) r = lower n words of "this * a", a.t <= n
1.1030 +// "this" should be the larger one if appropriate.
1.1031 +function bnpMultiplyLowerTo(a,n,r) {
1.1032 + var r_array = r.array;
1.1033 + var a_array = a.array;
1.1034 + var i = Math.min(this.t+a.t,n);
1.1035 + r.s = 0; // assumes a,this >= 0
1.1036 + r.t = i;
1.1037 + while(i > 0) r_array[--i] = 0;
1.1038 + var j;
1.1039 + for(j = r.t-this.t; i < j; ++i) r_array[i+this.t] = this.am(0,a_array[i],r,i,0,this.t);
1.1040 + for(j = Math.min(a.t,n); i < j; ++i) this.am(0,a_array[i],r,i,0,n-i);
1.1041 + r.clamp();
1.1042 +}
1.1043 +
1.1044 +// (protected) r = "this * a" without lower n words, n > 0
1.1045 +// "this" should be the larger one if appropriate.
1.1046 +function bnpMultiplyUpperTo(a,n,r) {
1.1047 + var r_array = r.array;
1.1048 + var a_array = a.array;
1.1049 + --n;
1.1050 + var i = r.t = this.t+a.t-n;
1.1051 + r.s = 0; // assumes a,this >= 0
1.1052 + while(--i >= 0) r_array[i] = 0;
1.1053 + for(i = Math.max(n-this.t,0); i < a.t; ++i)
1.1054 + r_array[this.t+i-n] = this.am(n-i,a_array[i],r,0,0,this.t+i-n);
1.1055 + r.clamp();
1.1056 + r.drShiftTo(1,r);
1.1057 +}
1.1058 +
1.1059 +// Barrett modular reduction
1.1060 +function Barrett(m) {
1.1061 + // setup Barrett
1.1062 + this.r2 = nbi();
1.1063 + this.q3 = nbi();
1.1064 + BigInteger.ONE.dlShiftTo(2*m.t,this.r2);
1.1065 + this.mu = this.r2.divide(m);
1.1066 + this.m = m;
1.1067 +}
1.1068 +
1.1069 +function barrettConvert(x) {
1.1070 + if(x.s < 0 || x.t > 2*this.m.t) return x.mod(this.m);
1.1071 + else if(x.compareTo(this.m) < 0) return x;
1.1072 + else { var r = nbi(); x.copyTo(r); this.reduce(r); return r; }
1.1073 +}
1.1074 +
1.1075 +function barrettRevert(x) { return x; }
1.1076 +
1.1077 +// x = x mod m (HAC 14.42)
1.1078 +function barrettReduce(x) {
1.1079 + x.drShiftTo(this.m.t-1,this.r2);
1.1080 + if(x.t > this.m.t+1) { x.t = this.m.t+1; x.clamp(); }
1.1081 + this.mu.multiplyUpperTo(this.r2,this.m.t+1,this.q3);
1.1082 + this.m.multiplyLowerTo(this.q3,this.m.t+1,this.r2);
1.1083 + while(x.compareTo(this.r2) < 0) x.dAddOffset(1,this.m.t+1);
1.1084 + x.subTo(this.r2,x);
1.1085 + while(x.compareTo(this.m) >= 0) x.subTo(this.m,x);
1.1086 +}
1.1087 +
1.1088 +// r = x^2 mod m; x != r
1.1089 +function barrettSqrTo(x,r) { x.squareTo(r); this.reduce(r); }
1.1090 +
1.1091 +// r = x*y mod m; x,y != r
1.1092 +function barrettMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); }
1.1093 +
1.1094 +Barrett.prototype.convert = barrettConvert;
1.1095 +Barrett.prototype.revert = barrettRevert;
1.1096 +Barrett.prototype.reduce = barrettReduce;
1.1097 +Barrett.prototype.mulTo = barrettMulTo;
1.1098 +Barrett.prototype.sqrTo = barrettSqrTo;
1.1099 +
1.1100 +// (public) this^e % m (HAC 14.85)
1.1101 +function bnModPow(e,m) {
1.1102 + var e_array = e.array;
1.1103 + var i = e.bitLength(), k, r = nbv(1), z;
1.1104 + if(i <= 0) return r;
1.1105 + else if(i < 18) k = 1;
1.1106 + else if(i < 48) k = 3;
1.1107 + else if(i < 144) k = 4;
1.1108 + else if(i < 768) k = 5;
1.1109 + else k = 6;
1.1110 + if(i < 8)
1.1111 + z = new Classic(m);
1.1112 + else if(m.isEven())
1.1113 + z = new Barrett(m);
1.1114 + else
1.1115 + z = new Montgomery(m);
1.1116 +
1.1117 + // precomputation
1.1118 + var g = new Array(), n = 3, k1 = k-1, km = (1<<k)-1;
1.1119 + g[1] = z.convert(this);
1.1120 + if(k > 1) {
1.1121 + var g2 = nbi();
1.1122 + z.sqrTo(g[1],g2);
1.1123 + while(n <= km) {
1.1124 + g[n] = nbi();
1.1125 + z.mulTo(g2,g[n-2],g[n]);
1.1126 + n += 2;
1.1127 + }
1.1128 + }
1.1129 +
1.1130 + var j = e.t-1, w, is1 = true, r2 = nbi(), t;
1.1131 + i = nbits(e_array[j])-1;
1.1132 + while(j >= 0) {
1.1133 + if(i >= k1) w = (e_array[j]>>(i-k1))&km;
1.1134 + else {
1.1135 + w = (e_array[j]&((1<<(i+1))-1))<<(k1-i);
1.1136 + if(j > 0) w |= e_array[j-1]>>(BI_DB+i-k1);
1.1137 + }
1.1138 +
1.1139 + n = k;
1.1140 + while((w&1) == 0) { w >>= 1; --n; }
1.1141 + if((i -= n) < 0) { i += BI_DB; --j; }
1.1142 + if(is1) { // ret == 1, don't bother squaring or multiplying it
1.1143 + g[w].copyTo(r);
1.1144 + is1 = false;
1.1145 + }
1.1146 + else {
1.1147 + while(n > 1) { z.sqrTo(r,r2); z.sqrTo(r2,r); n -= 2; }
1.1148 + if(n > 0) z.sqrTo(r,r2); else { t = r; r = r2; r2 = t; }
1.1149 + z.mulTo(r2,g[w],r);
1.1150 + }
1.1151 +
1.1152 + while(j >= 0 && (e_array[j]&(1<<i)) == 0) {
1.1153 + z.sqrTo(r,r2); t = r; r = r2; r2 = t;
1.1154 + if(--i < 0) { i = BI_DB-1; --j; }
1.1155 + }
1.1156 + }
1.1157 + return z.revert(r);
1.1158 +}
1.1159 +
1.1160 +// (public) gcd(this,a) (HAC 14.54)
1.1161 +function bnGCD(a) {
1.1162 + var x = (this.s<0)?this.negate():this.clone();
1.1163 + var y = (a.s<0)?a.negate():a.clone();
1.1164 + if(x.compareTo(y) < 0) { var t = x; x = y; y = t; }
1.1165 + var i = x.getLowestSetBit(), g = y.getLowestSetBit();
1.1166 + if(g < 0) return x;
1.1167 + if(i < g) g = i;
1.1168 + if(g > 0) {
1.1169 + x.rShiftTo(g,x);
1.1170 + y.rShiftTo(g,y);
1.1171 + }
1.1172 + while(x.signum() > 0) {
1.1173 + if((i = x.getLowestSetBit()) > 0) x.rShiftTo(i,x);
1.1174 + if((i = y.getLowestSetBit()) > 0) y.rShiftTo(i,y);
1.1175 + if(x.compareTo(y) >= 0) {
1.1176 + x.subTo(y,x);
1.1177 + x.rShiftTo(1,x);
1.1178 + }
1.1179 + else {
1.1180 + y.subTo(x,y);
1.1181 + y.rShiftTo(1,y);
1.1182 + }
1.1183 + }
1.1184 + if(g > 0) y.lShiftTo(g,y);
1.1185 + return y;
1.1186 +}
1.1187 +
1.1188 +// (protected) this % n, n < 2^26
1.1189 +function bnpModInt(n) {
1.1190 + var this_array = this.array;
1.1191 + if(n <= 0) return 0;
1.1192 + var d = BI_DV%n, r = (this.s<0)?n-1:0;
1.1193 + if(this.t > 0)
1.1194 + if(d == 0) r = this_array[0]%n;
1.1195 + else for(var i = this.t-1; i >= 0; --i) r = (d*r+this_array[i])%n;
1.1196 + return r;
1.1197 +}
1.1198 +
1.1199 +// (public) 1/this % m (HAC 14.61)
1.1200 +function bnModInverse(m) {
1.1201 + var ac = m.isEven();
1.1202 + if((this.isEven() && ac) || m.signum() == 0) return BigInteger.ZERO;
1.1203 + var u = m.clone(), v = this.clone();
1.1204 + var a = nbv(1), b = nbv(0), c = nbv(0), d = nbv(1);
1.1205 + while(u.signum() != 0) {
1.1206 + while(u.isEven()) {
1.1207 + u.rShiftTo(1,u);
1.1208 + if(ac) {
1.1209 + if(!a.isEven() || !b.isEven()) { a.addTo(this,a); b.subTo(m,b); }
1.1210 + a.rShiftTo(1,a);
1.1211 + }
1.1212 + else if(!b.isEven()) b.subTo(m,b);
1.1213 + b.rShiftTo(1,b);
1.1214 + }
1.1215 + while(v.isEven()) {
1.1216 + v.rShiftTo(1,v);
1.1217 + if(ac) {
1.1218 + if(!c.isEven() || !d.isEven()) { c.addTo(this,c); d.subTo(m,d); }
1.1219 + c.rShiftTo(1,c);
1.1220 + }
1.1221 + else if(!d.isEven()) d.subTo(m,d);
1.1222 + d.rShiftTo(1,d);
1.1223 + }
1.1224 + if(u.compareTo(v) >= 0) {
1.1225 + u.subTo(v,u);
1.1226 + if(ac) a.subTo(c,a);
1.1227 + b.subTo(d,b);
1.1228 + }
1.1229 + else {
1.1230 + v.subTo(u,v);
1.1231 + if(ac) c.subTo(a,c);
1.1232 + d.subTo(b,d);
1.1233 + }
1.1234 + }
1.1235 + if(v.compareTo(BigInteger.ONE) != 0) return BigInteger.ZERO;
1.1236 + if(d.compareTo(m) >= 0) return d.subtract(m);
1.1237 + if(d.signum() < 0) d.addTo(m,d); else return d;
1.1238 + if(d.signum() < 0) return d.add(m); else return d;
1.1239 +}
1.1240 +
1.1241 +var lowprimes = [2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509];
1.1242 +var lplim = (1<<26)/lowprimes[lowprimes.length-1];
1.1243 +
1.1244 +// (public) test primality with certainty >= 1-.5^t
1.1245 +function bnIsProbablePrime(t) {
1.1246 + var i, x = this.abs();
1.1247 + var x_array = x.array;
1.1248 + if(x.t == 1 && x_array[0] <= lowprimes[lowprimes.length-1]) {
1.1249 + for(i = 0; i < lowprimes.length; ++i)
1.1250 + if(x_array[0] == lowprimes[i]) return true;
1.1251 + return false;
1.1252 + }
1.1253 + if(x.isEven()) return false;
1.1254 + i = 1;
1.1255 + while(i < lowprimes.length) {
1.1256 + var m = lowprimes[i], j = i+1;
1.1257 + while(j < lowprimes.length && m < lplim) m *= lowprimes[j++];
1.1258 + m = x.modInt(m);
1.1259 + while(i < j) if(m%lowprimes[i++] == 0) return false;
1.1260 + }
1.1261 + return x.millerRabin(t);
1.1262 +}
1.1263 +
1.1264 +// (protected) true if probably prime (HAC 4.24, Miller-Rabin)
1.1265 +function bnpMillerRabin(t) {
1.1266 + var n1 = this.subtract(BigInteger.ONE);
1.1267 + var k = n1.getLowestSetBit();
1.1268 + if(k <= 0) return false;
1.1269 + var r = n1.shiftRight(k);
1.1270 + t = (t+1)>>1;
1.1271 + if(t > lowprimes.length) t = lowprimes.length;
1.1272 + var a = nbi();
1.1273 + for(var i = 0; i < t; ++i) {
1.1274 + a.fromInt(lowprimes[i]);
1.1275 + var y = a.modPow(r,this);
1.1276 + if(y.compareTo(BigInteger.ONE) != 0 && y.compareTo(n1) != 0) {
1.1277 + var j = 1;
1.1278 + while(j++ < k && y.compareTo(n1) != 0) {
1.1279 + y = y.modPowInt(2,this);
1.1280 + if(y.compareTo(BigInteger.ONE) == 0) return false;
1.1281 + }
1.1282 + if(y.compareTo(n1) != 0) return false;
1.1283 + }
1.1284 + }
1.1285 + return true;
1.1286 +}
1.1287 +
1.1288 +// protected
1.1289 +BigInteger.prototype.chunkSize = bnpChunkSize;
1.1290 +BigInteger.prototype.toRadix = bnpToRadix;
1.1291 +BigInteger.prototype.fromRadix = bnpFromRadix;
1.1292 +BigInteger.prototype.fromNumber = bnpFromNumber;
1.1293 +BigInteger.prototype.bitwiseTo = bnpBitwiseTo;
1.1294 +BigInteger.prototype.changeBit = bnpChangeBit;
1.1295 +BigInteger.prototype.addTo = bnpAddTo;
1.1296 +BigInteger.prototype.dMultiply = bnpDMultiply;
1.1297 +BigInteger.prototype.dAddOffset = bnpDAddOffset;
1.1298 +BigInteger.prototype.multiplyLowerTo = bnpMultiplyLowerTo;
1.1299 +BigInteger.prototype.multiplyUpperTo = bnpMultiplyUpperTo;
1.1300 +BigInteger.prototype.modInt = bnpModInt;
1.1301 +BigInteger.prototype.millerRabin = bnpMillerRabin;
1.1302 +
1.1303 +// public
1.1304 +BigInteger.prototype.clone = bnClone;
1.1305 +BigInteger.prototype.intValue = bnIntValue;
1.1306 +BigInteger.prototype.byteValue = bnByteValue;
1.1307 +BigInteger.prototype.shortValue = bnShortValue;
1.1308 +BigInteger.prototype.signum = bnSigNum;
1.1309 +BigInteger.prototype.toByteArray = bnToByteArray;
1.1310 +BigInteger.prototype.equals = bnEquals;
1.1311 +BigInteger.prototype.min = bnMin;
1.1312 +BigInteger.prototype.max = bnMax;
1.1313 +BigInteger.prototype.and = bnAnd;
1.1314 +BigInteger.prototype.or = bnOr;
1.1315 +BigInteger.prototype.xor = bnXor;
1.1316 +BigInteger.prototype.andNot = bnAndNot;
1.1317 +BigInteger.prototype.not = bnNot;
1.1318 +BigInteger.prototype.shiftLeft = bnShiftLeft;
1.1319 +BigInteger.prototype.shiftRight = bnShiftRight;
1.1320 +BigInteger.prototype.getLowestSetBit = bnGetLowestSetBit;
1.1321 +BigInteger.prototype.bitCount = bnBitCount;
1.1322 +BigInteger.prototype.testBit = bnTestBit;
1.1323 +BigInteger.prototype.setBit = bnSetBit;
1.1324 +BigInteger.prototype.clearBit = bnClearBit;
1.1325 +BigInteger.prototype.flipBit = bnFlipBit;
1.1326 +BigInteger.prototype.add = bnAdd;
1.1327 +BigInteger.prototype.subtract = bnSubtract;
1.1328 +BigInteger.prototype.multiply = bnMultiply;
1.1329 +BigInteger.prototype.divide = bnDivide;
1.1330 +BigInteger.prototype.remainder = bnRemainder;
1.1331 +BigInteger.prototype.divideAndRemainder = bnDivideAndRemainder;
1.1332 +BigInteger.prototype.modPow = bnModPow;
1.1333 +BigInteger.prototype.modInverse = bnModInverse;
1.1334 +BigInteger.prototype.pow = bnPow;
1.1335 +BigInteger.prototype.gcd = bnGCD;
1.1336 +BigInteger.prototype.isProbablePrime = bnIsProbablePrime;
1.1337 +
1.1338 +// BigInteger interfaces not implemented in jsbn:
1.1339 +
1.1340 +// BigInteger(int signum, byte[] magnitude)
1.1341 +// double doubleValue()
1.1342 +// float floatValue()
1.1343 +// int hashCode()
1.1344 +// long longValue()
1.1345 +// static BigInteger valueOf(long val)
1.1346 +// prng4.js - uses Arcfour as a PRNG
1.1347 +
1.1348 +function Arcfour() {
1.1349 + this.i = 0;
1.1350 + this.j = 0;
1.1351 + this.S = new Array();
1.1352 +}
1.1353 +
1.1354 +// Initialize arcfour context from key, an array of ints, each from [0..255]
1.1355 +function ARC4init(key) {
1.1356 + var i, j, t;
1.1357 + for(i = 0; i < 256; ++i)
1.1358 + this.S[i] = i;
1.1359 + j = 0;
1.1360 + for(i = 0; i < 256; ++i) {
1.1361 + j = (j + this.S[i] + key[i % key.length]) & 255;
1.1362 + t = this.S[i];
1.1363 + this.S[i] = this.S[j];
1.1364 + this.S[j] = t;
1.1365 + }
1.1366 + this.i = 0;
1.1367 + this.j = 0;
1.1368 +}
1.1369 +
1.1370 +function ARC4next() {
1.1371 + var t;
1.1372 + this.i = (this.i + 1) & 255;
1.1373 + this.j = (this.j + this.S[this.i]) & 255;
1.1374 + t = this.S[this.i];
1.1375 + this.S[this.i] = this.S[this.j];
1.1376 + this.S[this.j] = t;
1.1377 + return this.S[(t + this.S[this.i]) & 255];
1.1378 +}
1.1379 +
1.1380 +Arcfour.prototype.init = ARC4init;
1.1381 +Arcfour.prototype.next = ARC4next;
1.1382 +
1.1383 +// Plug in your RNG constructor here
1.1384 +function prng_newstate() {
1.1385 + return new Arcfour();
1.1386 +}
1.1387 +
1.1388 +// Pool size must be a multiple of 4 and greater than 32.
1.1389 +// An array of bytes the size of the pool will be passed to init()
1.1390 +var rng_psize = 256;
1.1391 +// Random number generator - requires a PRNG backend, e.g. prng4.js
1.1392 +
1.1393 +// For best results, put code like
1.1394 +// <body onClick='rng_seed_time();' onKeyPress='rng_seed_time();'>
1.1395 +// in your main HTML document.
1.1396 +
1.1397 +var rng_state;
1.1398 +var rng_pool;
1.1399 +var rng_pptr;
1.1400 +
1.1401 +// Mix in a 32-bit integer into the pool
1.1402 +function rng_seed_int(x) {
1.1403 + rng_pool[rng_pptr++] ^= x & 255;
1.1404 + rng_pool[rng_pptr++] ^= (x >> 8) & 255;
1.1405 + rng_pool[rng_pptr++] ^= (x >> 16) & 255;
1.1406 + rng_pool[rng_pptr++] ^= (x >> 24) & 255;
1.1407 + if(rng_pptr >= rng_psize) rng_pptr -= rng_psize;
1.1408 +}
1.1409 +
1.1410 +// Mix in the current time (w/milliseconds) into the pool
1.1411 +function rng_seed_time() {
1.1412 + // Use pre-computed date to avoid making the benchmark
1.1413 + // results dependent on the current date.
1.1414 + rng_seed_int(1122926989487);
1.1415 +}
1.1416 +
1.1417 +// Initialize the pool with junk if needed.
1.1418 +if(rng_pool == null) {
1.1419 + rng_pool = new Array();
1.1420 + rng_pptr = 0;
1.1421 + var t;
1.1422 + while(rng_pptr < rng_psize) { // extract some randomness from Math.random()
1.1423 + t = Math.floor(65536 * Math.random());
1.1424 + rng_pool[rng_pptr++] = t >>> 8;
1.1425 + rng_pool[rng_pptr++] = t & 255;
1.1426 + }
1.1427 + rng_pptr = 0;
1.1428 + rng_seed_time();
1.1429 + //rng_seed_int(window.screenX);
1.1430 + //rng_seed_int(window.screenY);
1.1431 +}
1.1432 +
1.1433 +function rng_get_byte() {
1.1434 + if(rng_state == null) {
1.1435 + rng_seed_time();
1.1436 + rng_state = prng_newstate();
1.1437 + rng_state.init(rng_pool);
1.1438 + for(rng_pptr = 0; rng_pptr < rng_pool.length; ++rng_pptr)
1.1439 + rng_pool[rng_pptr] = 0;
1.1440 + rng_pptr = 0;
1.1441 + //rng_pool = null;
1.1442 + }
1.1443 + // TODO: allow reseeding after first request
1.1444 + return rng_state.next();
1.1445 +}
1.1446 +
1.1447 +function rng_get_bytes(ba) {
1.1448 + var i;
1.1449 + for(i = 0; i < ba.length; ++i) ba[i] = rng_get_byte();
1.1450 +}
1.1451 +
1.1452 +function SecureRandom() {}
1.1453 +
1.1454 +SecureRandom.prototype.nextBytes = rng_get_bytes;
1.1455 +// Depends on jsbn.js and rng.js
1.1456 +
1.1457 +// convert a (hex) string to a bignum object
1.1458 +function parseBigInt(str,r) {
1.1459 + return new BigInteger(str,r);
1.1460 +}
1.1461 +
1.1462 +function linebrk(s,n) {
1.1463 + var ret = "";
1.1464 + var i = 0;
1.1465 + while(i + n < s.length) {
1.1466 + ret += s.substring(i,i+n) + "\n";
1.1467 + i += n;
1.1468 + }
1.1469 + return ret + s.substring(i,s.length);
1.1470 +}
1.1471 +
1.1472 +function byte2Hex(b) {
1.1473 + if(b < 0x10)
1.1474 + return "0" + b.toString(16);
1.1475 + else
1.1476 + return b.toString(16);
1.1477 +}
1.1478 +
1.1479 +// PKCS#1 (type 2, random) pad input string s to n bytes, and return a bigint
1.1480 +function pkcs1pad2(s,n) {
1.1481 + if(n < s.length + 11) {
1.1482 + alert("Message too long for RSA");
1.1483 + return null;
1.1484 + }
1.1485 + var ba = new Array();
1.1486 + var i = s.length - 1;
1.1487 + while(i >= 0 && n > 0) ba[--n] = s.charCodeAt(i--);
1.1488 + ba[--n] = 0;
1.1489 + var rng = new SecureRandom();
1.1490 + var x = new Array();
1.1491 + while(n > 2) { // random non-zero pad
1.1492 + x[0] = 0;
1.1493 + while(x[0] == 0) rng.nextBytes(x);
1.1494 + ba[--n] = x[0];
1.1495 + }
1.1496 + ba[--n] = 2;
1.1497 + ba[--n] = 0;
1.1498 + return new BigInteger(ba);
1.1499 +}
1.1500 +
1.1501 +// "empty" RSA key constructor
1.1502 +function RSAKey() {
1.1503 + this.n = null;
1.1504 + this.e = 0;
1.1505 + this.d = null;
1.1506 + this.p = null;
1.1507 + this.q = null;
1.1508 + this.dmp1 = null;
1.1509 + this.dmq1 = null;
1.1510 + this.coeff = null;
1.1511 +}
1.1512 +
1.1513 +// Set the public key fields N and e from hex strings
1.1514 +function RSASetPublic(N,E) {
1.1515 + if(N != null && E != null && N.length > 0 && E.length > 0) {
1.1516 + this.n = parseBigInt(N,16);
1.1517 + this.e = parseInt(E,16);
1.1518 + }
1.1519 + else
1.1520 + alert("Invalid RSA public key");
1.1521 +}
1.1522 +
1.1523 +// Perform raw public operation on "x": return x^e (mod n)
1.1524 +function RSADoPublic(x) {
1.1525 + return x.modPowInt(this.e, this.n);
1.1526 +}
1.1527 +
1.1528 +// Return the PKCS#1 RSA encryption of "text" as an even-length hex string
1.1529 +function RSAEncrypt(text) {
1.1530 + var m = pkcs1pad2(text,(this.n.bitLength()+7)>>3);
1.1531 + if(m == null) return null;
1.1532 + var c = this.doPublic(m);
1.1533 + if(c == null) return null;
1.1534 + var h = c.toString(16);
1.1535 + if((h.length & 1) == 0) return h; else return "0" + h;
1.1536 +}
1.1537 +
1.1538 +// Return the PKCS#1 RSA encryption of "text" as a Base64-encoded string
1.1539 +//function RSAEncryptB64(text) {
1.1540 +// var h = this.encrypt(text);
1.1541 +// if(h) return hex2b64(h); else return null;
1.1542 +//}
1.1543 +
1.1544 +// protected
1.1545 +RSAKey.prototype.doPublic = RSADoPublic;
1.1546 +
1.1547 +// public
1.1548 +RSAKey.prototype.setPublic = RSASetPublic;
1.1549 +RSAKey.prototype.encrypt = RSAEncrypt;
1.1550 +//RSAKey.prototype.encrypt_b64 = RSAEncryptB64;
1.1551 +// Depends on rsa.js and jsbn2.js
1.1552 +
1.1553 +// Undo PKCS#1 (type 2, random) padding and, if valid, return the plaintext
1.1554 +function pkcs1unpad2(d,n) {
1.1555 + var b = d.toByteArray();
1.1556 + var i = 0;
1.1557 + while(i < b.length && b[i] == 0) ++i;
1.1558 + if(b.length-i != n-1 || b[i] != 2)
1.1559 + return null;
1.1560 + ++i;
1.1561 + while(b[i] != 0)
1.1562 + if(++i >= b.length) return null;
1.1563 + var ret = "";
1.1564 + while(++i < b.length)
1.1565 + ret += String.fromCharCode(b[i]);
1.1566 + return ret;
1.1567 +}
1.1568 +
1.1569 +// Set the private key fields N, e, and d from hex strings
1.1570 +function RSASetPrivate(N,E,D) {
1.1571 + if(N != null && E != null && N.length > 0 && E.length > 0) {
1.1572 + this.n = parseBigInt(N,16);
1.1573 + this.e = parseInt(E,16);
1.1574 + this.d = parseBigInt(D,16);
1.1575 + }
1.1576 + else
1.1577 + alert("Invalid RSA private key");
1.1578 +}
1.1579 +
1.1580 +// Set the private key fields N, e, d and CRT params from hex strings
1.1581 +function RSASetPrivateEx(N,E,D,P,Q,DP,DQ,C) {
1.1582 + if(N != null && E != null && N.length > 0 && E.length > 0) {
1.1583 + this.n = parseBigInt(N,16);
1.1584 + this.e = parseInt(E,16);
1.1585 + this.d = parseBigInt(D,16);
1.1586 + this.p = parseBigInt(P,16);
1.1587 + this.q = parseBigInt(Q,16);
1.1588 + this.dmp1 = parseBigInt(DP,16);
1.1589 + this.dmq1 = parseBigInt(DQ,16);
1.1590 + this.coeff = parseBigInt(C,16);
1.1591 + }
1.1592 + else
1.1593 + alert("Invalid RSA private key");
1.1594 +}
1.1595 +
1.1596 +// Generate a new random private key B bits long, using public expt E
1.1597 +function RSAGenerate(B,E) {
1.1598 + var rng = new SecureRandom();
1.1599 + var qs = B>>1;
1.1600 + this.e = parseInt(E,16);
1.1601 + var ee = new BigInteger(E,16);
1.1602 + for(;;) {
1.1603 + for(;;) {
1.1604 + this.p = new BigInteger(B-qs,1,rng);
1.1605 + if(this.p.subtract(BigInteger.ONE).gcd(ee).compareTo(BigInteger.ONE) == 0 && this.p.isProbablePrime(10)) break;
1.1606 + }
1.1607 + for(;;) {
1.1608 + this.q = new BigInteger(qs,1,rng);
1.1609 + if(this.q.subtract(BigInteger.ONE).gcd(ee).compareTo(BigInteger.ONE) == 0 && this.q.isProbablePrime(10)) break;
1.1610 + }
1.1611 + if(this.p.compareTo(this.q) <= 0) {
1.1612 + var t = this.p;
1.1613 + this.p = this.q;
1.1614 + this.q = t;
1.1615 + }
1.1616 + var p1 = this.p.subtract(BigInteger.ONE);
1.1617 + var q1 = this.q.subtract(BigInteger.ONE);
1.1618 + var phi = p1.multiply(q1);
1.1619 + if(phi.gcd(ee).compareTo(BigInteger.ONE) == 0) {
1.1620 + this.n = this.p.multiply(this.q);
1.1621 + this.d = ee.modInverse(phi);
1.1622 + this.dmp1 = this.d.mod(p1);
1.1623 + this.dmq1 = this.d.mod(q1);
1.1624 + this.coeff = this.q.modInverse(this.p);
1.1625 + break;
1.1626 + }
1.1627 + }
1.1628 +}
1.1629 +
1.1630 +// Perform raw private operation on "x": return x^d (mod n)
1.1631 +function RSADoPrivate(x) {
1.1632 + if(this.p == null || this.q == null)
1.1633 + return x.modPow(this.d, this.n);
1.1634 +
1.1635 + // TODO: re-calculate any missing CRT params
1.1636 + var xp = x.mod(this.p).modPow(this.dmp1, this.p);
1.1637 + var xq = x.mod(this.q).modPow(this.dmq1, this.q);
1.1638 +
1.1639 + while(xp.compareTo(xq) < 0)
1.1640 + xp = xp.add(this.p);
1.1641 + return xp.subtract(xq).multiply(this.coeff).mod(this.p).multiply(this.q).add(xq);
1.1642 +}
1.1643 +
1.1644 +// Return the PKCS#1 RSA decryption of "ctext".
1.1645 +// "ctext" is an even-length hex string and the output is a plain string.
1.1646 +function RSADecrypt(ctext) {
1.1647 + var c = parseBigInt(ctext, 16);
1.1648 + var m = this.doPrivate(c);
1.1649 + if(m == null) return null;
1.1650 + return pkcs1unpad2(m, (this.n.bitLength()+7)>>3);
1.1651 +}
1.1652 +
1.1653 +// Return the PKCS#1 RSA decryption of "ctext".
1.1654 +// "ctext" is a Base64-encoded string and the output is a plain string.
1.1655 +//function RSAB64Decrypt(ctext) {
1.1656 +// var h = b64tohex(ctext);
1.1657 +// if(h) return this.decrypt(h); else return null;
1.1658 +//}
1.1659 +
1.1660 +// protected
1.1661 +RSAKey.prototype.doPrivate = RSADoPrivate;
1.1662 +
1.1663 +// public
1.1664 +RSAKey.prototype.setPrivate = RSASetPrivate;
1.1665 +RSAKey.prototype.setPrivateEx = RSASetPrivateEx;
1.1666 +RSAKey.prototype.generate = RSAGenerate;
1.1667 +RSAKey.prototype.decrypt = RSADecrypt;
1.1668 +//RSAKey.prototype.b64_decrypt = RSAB64Decrypt;
1.1669 +
1.1670 +
1.1671 +nValue="a5261939975948bb7a58dffe5ff54e65f0498f9175f5a09288810b8975871e99af3b5dd94057b0fc07535f5f97444504fa35169d461d0d30cf0192e307727c065168c788771c561a9400fb49175e9e6aa4e23fe11af69e9412dd23b0cb6684c4c2429bce139e848ab26d0829073351f4acd36074eafd036a5eb83359d2a698d3";
1.1672 +eValue="10001";
1.1673 +dValue="8e9912f6d3645894e8d38cb58c0db81ff516cf4c7e5a14c7f1eddb1459d2cded4d8d293fc97aee6aefb861859c8b6a3d1dfe710463e1f9ddc72048c09751971c4a580aa51eb523357a3cc48d31cfad1d4a165066ed92d4748fb6571211da5cb14bc11b6e2df7c1a559e6d5ac1cd5c94703a22891464fba23d0d965086277a161";
1.1674 +pValue="d090ce58a92c75233a6486cb0a9209bf3583b64f540c76f5294bb97d285eed33aec220bde14b2417951178ac152ceab6da7090905b478195498b352048f15e7d";
1.1675 +qValue="cab575dc652bb66df15a0359609d51d1db184750c00c6698b90ef3465c99655103edbf0d54c56aec0ce3c4d22592338092a126a0cc49f65a4a30d222b411e58f";
1.1676 +dmp1Value="1a24bca8e273df2f0e47c199bbf678604e7df7215480c77c8db39f49b000ce2cf7500038acfff5433b7d582a01f1826e6f4d42e1c57f5e1fef7b12aabc59fd25";
1.1677 +dmq1Value="3d06982efbbe47339e1f6d36b1216b8a741d410b0c662f54f7118b27b9a4ec9d914337eb39841d8666f3034408cf94f5b62f11c402fc994fe15a05493150d9fd";
1.1678 +coeffValue="3a3e731acd8960b7ff9eb81a7ff93bd1cfa74cbd56987db58b4594fb09c09084db1734c8143f98b602b981aaa9243ca28deb69b5b280ee8dcee0fd2625e53250";
1.1679 +
1.1680 +setupEngine(am3, 28);
1.1681 +
1.1682 +var TEXT = "The quick brown fox jumped over the extremely lazy frog! " +
1.1683 + "Now is the time for all good men to come to the party.";
1.1684 +var encrypted;
1.1685 +
1.1686 +function encrypt() {
1.1687 + var RSA = new RSAKey();
1.1688 + RSA.setPublic(nValue, eValue);
1.1689 + RSA.setPrivateEx(nValue, eValue, dValue, pValue, qValue, dmp1Value, dmq1Value, coeffValue);
1.1690 + encrypted = RSA.encrypt(TEXT);
1.1691 +}
1.1692 +
1.1693 +function decrypt() {
1.1694 + var RSA = new RSAKey();
1.1695 + RSA.setPublic(nValue, eValue);
1.1696 + RSA.setPrivateEx(nValue, eValue, dValue, pValue, qValue, dmp1Value, dmq1Value, coeffValue);
1.1697 + var decrypted = RSA.decrypt(encrypted);
1.1698 + if (decrypted != TEXT) {
1.1699 + throw new Error("Crypto operation failed");
1.1700 + }
1.1701 +}
