├── README.md
├── aes.js
├── api.js
├── build
├── compiler.jar
├── cryptico.js
├── cryptico.min.js
├── hash.js
├── jsbn.js
├── random.js
├── rsa.js
└── test.html
/README.md:
--------------------------------------------------------------------------------
1 | # cryptico
2 |
3 | ## Overview
4 |
5 | ### Generating an RSA key pair & public key string
6 |
7 | Sam wants to send Matt an encrypted message. In order to do this, he first needs Matt's public key string. A public key pair can be generated for Matt like this:
8 |
9 | ```javascript
10 | // The passphrase used to repeatably generate this RSA key.
11 | var PassPhrase = "The Moon is a Harsh Mistress.";
12 |
13 | // The length of the RSA key, in bits.
14 | var Bits = 1024;
15 |
16 | var MattsRSAkey = cryptico.generateRSAKey(PassPhrase, Bits);
17 | ```
18 |
19 | Matt's public key string can then be generated like this:
20 |
21 | ```javascript
22 | var MattsPublicKeyString = cryptico.publicKeyString(MattsRSAkey);
23 | ```
24 |
25 | and looks like this:
26 |
27 | uXjrkGqe5WuS7zsTg6Z9DuS8cXLFz38ue+xrFzxrcQJCXtVccCoUFP2qH/AQ
28 | 4qMvxxvqkSYBpRm1R5a4/NdQ5ei8sE8gfZEq7dlcR+gOSv3nnS4/CX1n5Z5m
29 | 8bvFPF0lSZnYQ23xlyjXTaNacmV0IuZbqWd4j9LfdAKq5dvDaoE=
30 |
31 | ### Encrypting a message
32 |
33 | Matt emails Sam his public key string. Now Sam can encrypt a message for Matt:
34 |
35 | ```javascript
36 | var PlainText = "Matt, I need you to help me with my Starcraft strategy.";
37 |
38 | var EncryptionResult = cryptico.encrypt(PlainText, MattsPublicKeyString);
39 | ```
40 |
41 | `EncryptionResult.cipher` is the encrypted message, and looks like this:
42 |
43 | OOHoAlfm6Viyl7afkUVRoYQv24AfdLnxaay5GjcqpxvEK+dph5kUFZEZIFKo
44 | vVoHoZbtUMekSbMqHQr3wNNpvcNWr4E3DgNLfMZQA1pCAUVmPjNM1ZQmrkKY
45 | HPKvkhmVKaBiYAJGoO/YiFfKnaylLpKOYJZctkZc4wflZcEEqqg=?cJPt71I
46 | HcU5c2LgqGXQKcx2BaAbm25Q2Ku94c933LX5MObL9qbTJEVEv29U0C3gIqcd
47 | qwMV6nl33GtHjyRdHx5fZcon21glUKIbE9P71NwQ=
48 |
49 | ### Decrypting a message
50 |
51 | Sam sends his encrypted message to Matt. The message can be decrypted like this:
52 |
53 | ```javascript
54 | var CipherText = "OOHoAlfm6Viyl7afkUVRoYQv24AfdLnxaay5GjcqpxvEK+dph5kUFZEZIFKo \
55 | vVoHoZbtUMekSbMqHQr3wNNpvcNWr4E3DgNLfMZQA1pCAUVmPjNM1ZQmrkKY \
56 | HPKvkhmVKaBiYAJGoO/YiFfKnaylLpKOYJZctkZc4wflZcEEqqg=?cJPt71I \
57 | HcU5c2LgqGXQKcx2BaAbm25Q2Ku94c933LX5MObL9qbTJEVEv29U0C3gIqcd \
58 | qwMV6nl33GtHjyRdHx5fZcon21glUKIbE9P71NwQ=";
59 |
60 | var DecryptionResult = cryptico.decrypt(CipherText, MattsRSAkey);
61 | ```
62 |
63 | The decrypted message is in `DecryptionResult.plaintext`.
64 |
65 | ### Signatures & Public Key IDs
66 |
67 | If Sam's RSA key is provided to the `cryptico.encrypt` function, the message will be signed by him:
68 |
69 | ```javascript
70 | var PassPhrase = "There Ain't No Such Thing As A Free Lunch.";
71 |
72 | var SamsRSAkey = cryptico.generateRSAKey(PassPhrase, 1024);
73 |
74 | var PlainText = "Matt, I need you to help me with my Starcraft strategy.";
75 |
76 | var EncryptionResult = cryptico.encrypt(PlainText, MattsPublicKeyString, SamsRSAkey);
77 | ```
78 |
79 | The public key associated with the signature can be used by Matt to make sure that it was sent by Sam, but there are a lot of characters to examine in the key - it would be easy to make a mistake. Instead, the public key string associated with the signature can be processed like this:
80 |
81 | ```javascript
82 | var PublicKeyID = cryptico.publicKeyID(EncryptionResult.publickey);
83 | ```
84 |
85 | and `PublicKeyID` would look something like this:
86 |
87 | d0bffb0c422dfa3d3d8502040b915248
88 |
89 | This shorter key ID can be used to uniquely identify Sam's public key more easily if it must be done manually. Moreover, this key ID can be used by Sam or Matt to make sure they have typed their own passphrases correctly.
90 |
91 | # API Documentation
92 |
93 | ## RSA Keys
94 |
95 | cryptico.generateRSAKey(passphrase, bitlength)
96 |
97 | Generates an RSAKey object from a password and bitlength.
98 |
99 | `passphrase`: string from which the RSA key is generated.
100 |
101 | `bitlength`: integer, length of the RSA key (512, 1024, 2048, 4096, 8192).
102 |
103 | Returns an `RSAKey` object.
104 |
105 | cryptico.publicKeyString(rsakey)
106 |
107 | Returns the public key portion of an RSAKey object in ascii-armored
108 | string form, which allows it to be used on websites and in text files
109 | without fear of corrupting the public key.
110 |
111 | `rsakey`: An `RSAKey` object.
112 |
113 | Returns an ascii-armored public key string.
114 |
115 | cryptico.publicKeyID(publicKeyString)
116 |
117 | Returns an MD5 sum of a `publicKeyString` for easier identification.
118 |
119 | `publicKeyString`: a public key in ascii-armored string form, as generated by the `cryptico.publicKeyString` function.
120 |
121 | Returns an MD5 sum of the public key string.
122 |
123 | ## Encryption
124 |
125 | cryptico.encrypt(plaintext, publicKeyString, signingKey)
126 |
127 | Encrypts a string with the provided public key. Optionally signs the encrypted string with an RSAKey object.
128 |
129 | `plaintext`: the string to be encrypted.
130 |
131 | `publicKeyString`: The public key string of the recipient.
132 |
133 | `signingKey`: the `RSAKey` object of the sender.
134 |
135 | Returns: `status`, `cipher`
136 |
137 | `status`: "success" if encryption succeeded, "failure" if it failed.
138 |
139 | `cipher`: An ascii-armored encrypted message string, optionally signed.
140 |
141 | ## Decryption
142 |
143 | cryptico.decrypt(ciphertext, key)
144 |
145 | Decrypts an encrypted message with the recipient's RSAKey and verifies the signature, if any.
146 |
147 | `ciphertext`: The encrypted message to be decrypted.
148 |
149 | `key`: The `RSAKey` object of the recipient.
150 |
151 | Returns: `status`, `plaintext`, `signature`, `publicKeyString`
152 |
153 | `status`: "success" if decryption succeeded, "failure" if it failed. **Does not reflect the status of the signature verification.**
154 |
155 | `plaintext`: The decrypted message.
156 |
157 | `signature`: "unsigned" if there was no signature, "verified" if it is signed and valid, **"forged" if the signature fails verification**.
158 |
159 | `publicKeyString`: public key string of the signature (presumably the sender). **Returned even if the signature appears to be forged**.
160 |
161 | # Encryption Technical Documentation
162 |
163 | ## Key generation
164 |
165 | A hash is generated of the user's passphrase using the SHA256 algorithm found at webtoolkit.info. This hash is used to seed David Bau's seedable random number generator. A (seeded) random RSA key is generated with Tom Wu's RSA key generator with 3 as a hard-coded public exponent.
166 |
167 | ## Encryption
168 |
169 | A 32-byte AES key is generated with Tom Wu's random number generator. The plaintext message is converted to a byte string and padded with zeros to 16 bytes round. An initialization vector is created with Tom Wu's random number generator. The AES key is expanded and the plaintext message is encrypted with the Cipher-block chaining mode using the jsaes library. The AES key is encrypted with the recipient's public key using Tom Wu's RSA encryption library.
170 |
171 | The encrypted AES key and encrypted message are ascii-armored and concatenated with the "?" character as a delimiter. As an example, here is the result of the phrase "Matt, I need you to help me with my Starcraft strategy." encrypted with
172 | the passphrase "The Moon is a Harsh Mistress." used to generate the 1024-bit public key:
173 |
174 | EuvU2Ov3gpgM9B1I3VzEgxaAVO/Iy85NARUFZb/h+HrOP72degP0L1fWiHO3
175 | RDm5+kWRaV6oZsn91juJ0L+hrP6BDwlIza9x9DBMEsg3PnOHJENG63RXbu0q
176 | PZd2xDJY70i44sufNqHZ0mui9OdNIeE8FvzEOzMtFGCqDx1Z48s=?K3lOtQC
177 | 2w+emoR4W3yvAaslSzTj/ZZIkOu3MNTW8y/OX0OxTKfpsaI6zX6XYrM0MpPr
178 | uw7on1N6VUMpNQO8KUVYl4clquaibKs0marXPFH4=
179 |
180 | ## Signing
181 |
182 | When signing the encrypted message, two more pieces of information are attached to the cipher text. The first is the ascii-armored RSA public key of the sender. The second piece of information concatenated with the cipher text is
183 | the signature itself, which is generated with the rsa-sign extension by Kenji Urushima, along with the SHA256 algorithm found at webtoolkit.info. These two pieces of code are also used when verifying the signature.
184 |
185 | The signature is concatenated with the public key with the string
186 | `::52cee64bb3a38f6403386519a39ac91c::` used as the delimiter between the
187 | plaintext, the public key of the sender, and the signature:
188 |
189 | plaintext
190 | ::52cee64bb3a38f6403386519a39ac91c::
191 | public key of sender
192 | ::52cee64bb3a38f6403386519a39ac91c::
193 | signature
194 |
195 | This concatenated block is then encrypted with CBC AES and concatenated with the
196 | encrypted AES key to form the complete encrypted message.
--------------------------------------------------------------------------------
/aes.js:
--------------------------------------------------------------------------------
1 | /*
2 | * jsaes version 0.1 - Copyright 2006 B. Poettering
3 | *
4 | * This program is free software; you can redistribute it and/or
5 | * modify it under the terms of the GNU General Public License as
6 | * published by the Free Software Foundation; either version 2 of the
7 | * License, or (at your option) any later version.
8 | *
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | * General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU General Public License
15 | * along with this program; if not, write to the Free Software
16 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
17 | * 02111-1307 USA
18 | */
19 |
20 | // later modifications by wwwtyro@github
21 |
22 | var aes = (function () {
23 |
24 | var my = {};
25 |
26 | my.Sbox = new Array(99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118, 202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192, 183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21, 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117, 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132, 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207, 208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168, 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210, 205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115, 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219, 224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121, 231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8, 186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138, 112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158, 225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223, 140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22);
27 |
28 | my.ShiftRowTab = new Array(0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12, 1, 6, 11);
29 |
30 | my.Init = function () {
31 | my.Sbox_Inv = new Array(256);
32 | for (var i = 0; i < 256; i++)
33 | my.Sbox_Inv[my.Sbox[i]] = i;
34 |
35 | my.ShiftRowTab_Inv = new Array(16);
36 | for (var i = 0; i < 16; i++)
37 | my.ShiftRowTab_Inv[my.ShiftRowTab[i]] = i;
38 |
39 | my.xtime = new Array(256);
40 | for (var i = 0; i < 128; i++) {
41 | my.xtime[i] = i << 1;
42 | my.xtime[128 + i] = (i << 1) ^ 0x1b;
43 | }
44 | }
45 |
46 | my.Done = function () {
47 | delete my.Sbox_Inv;
48 | delete my.ShiftRowTab_Inv;
49 | delete my.xtime;
50 | }
51 |
52 | my.ExpandKey = function (key) {
53 | var kl = key.length,
54 | ks, Rcon = 1;
55 | switch (kl) {
56 | case 16:
57 | ks = 16 * (10 + 1);
58 | break;
59 | case 24:
60 | ks = 16 * (12 + 1);
61 | break;
62 | case 32:
63 | ks = 16 * (14 + 1);
64 | break;
65 | default:
66 | alert("my.ExpandKey: Only key lengths of 16, 24 or 32 bytes allowed!");
67 | }
68 | for (var i = kl; i < ks; i += 4) {
69 | var temp = key.slice(i - 4, i);
70 | if (i % kl == 0) {
71 | temp = new Array(my.Sbox[temp[1]] ^ Rcon, my.Sbox[temp[2]], my.Sbox[temp[3]], my.Sbox[temp[0]]);
72 | if ((Rcon <<= 1) >= 256) Rcon ^= 0x11b;
73 | }
74 | else if ((kl > 24) && (i % kl == 16)) temp = new Array(my.Sbox[temp[0]], my.Sbox[temp[1]], my.Sbox[temp[2]], my.Sbox[temp[3]]);
75 | for (var j = 0; j < 4; j++)
76 | key[i + j] = key[i + j - kl] ^ temp[j];
77 | }
78 | }
79 |
80 | my.Encrypt = function (block, key) {
81 | var l = key.length;
82 | my.AddRoundKey(block, key.slice(0, 16));
83 | for (var i = 16; i < l - 16; i += 16) {
84 | my.SubBytes(block, my.Sbox);
85 | my.ShiftRows(block, my.ShiftRowTab);
86 | my.MixColumns(block);
87 | my.AddRoundKey(block, key.slice(i, i + 16));
88 | }
89 | my.SubBytes(block, my.Sbox);
90 | my.ShiftRows(block, my.ShiftRowTab);
91 | my.AddRoundKey(block, key.slice(i, l));
92 | }
93 |
94 | my.Decrypt = function (block, key) {
95 | var l = key.length;
96 | my.AddRoundKey(block, key.slice(l - 16, l));
97 | my.ShiftRows(block, my.ShiftRowTab_Inv);
98 | my.SubBytes(block, my.Sbox_Inv);
99 | for (var i = l - 32; i >= 16; i -= 16) {
100 | my.AddRoundKey(block, key.slice(i, i + 16));
101 | my.MixColumns_Inv(block);
102 | my.ShiftRows(block, my.ShiftRowTab_Inv);
103 | my.SubBytes(block, my.Sbox_Inv);
104 | }
105 | my.AddRoundKey(block, key.slice(0, 16));
106 | }
107 |
108 | my.SubBytes = function (state, sbox) {
109 | for (var i = 0; i < 16; i++)
110 | state[i] = sbox[state[i]];
111 | }
112 |
113 | my.AddRoundKey = function (state, rkey) {
114 | for (var i = 0; i < 16; i++)
115 | state[i] ^= rkey[i];
116 | }
117 |
118 | my.ShiftRows = function (state, shifttab) {
119 | var h = new Array().concat(state);
120 | for (var i = 0; i < 16; i++)
121 | state[i] = h[shifttab[i]];
122 | }
123 |
124 | my.MixColumns = function (state) {
125 | for (var i = 0; i < 16; i += 4) {
126 | var s0 = state[i + 0],
127 | s1 = state[i + 1];
128 | var s2 = state[i + 2],
129 | s3 = state[i + 3];
130 | var h = s0 ^ s1 ^ s2 ^ s3;
131 | state[i + 0] ^= h ^ my.xtime[s0 ^ s1];
132 | state[i + 1] ^= h ^ my.xtime[s1 ^ s2];
133 | state[i + 2] ^= h ^ my.xtime[s2 ^ s3];
134 | state[i + 3] ^= h ^ my.xtime[s3 ^ s0];
135 | }
136 | }
137 |
138 | my.MixColumns_Inv = function (state) {
139 | for (var i = 0; i < 16; i += 4) {
140 | var s0 = state[i + 0],
141 | s1 = state[i + 1];
142 | var s2 = state[i + 2],
143 | s3 = state[i + 3];
144 | var h = s0 ^ s1 ^ s2 ^ s3;
145 | var xh = my.xtime[h];
146 | var h1 = my.xtime[my.xtime[xh ^ s0 ^ s2]] ^ h;
147 | var h2 = my.xtime[my.xtime[xh ^ s1 ^ s3]] ^ h;
148 | state[i + 0] ^= h1 ^ my.xtime[s0 ^ s1];
149 | state[i + 1] ^= h2 ^ my.xtime[s1 ^ s2];
150 | state[i + 2] ^= h1 ^ my.xtime[s2 ^ s3];
151 | state[i + 3] ^= h2 ^ my.xtime[s3 ^ s0];
152 | }
153 | }
154 |
155 | return my;
156 |
157 | }());
158 |
--------------------------------------------------------------------------------
/api.js:
--------------------------------------------------------------------------------
1 |
2 | var cryptico = (function() {
3 |
4 | var my = {};
5 |
6 | aes.Init();
7 |
8 | var base64Chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
9 |
10 | my.b256to64 = function(t) {
11 | var a, c, n;
12 | var r = '', l = 0, s = 0;
13 | var tl = t.length;
14 | for (n = 0; n < tl; n++)
15 | {
16 | c = t.charCodeAt(n);
17 | if (s == 0)
18 | {
19 | r += base64Chars.charAt((c >> 2) & 63);
20 | a = (c & 3) << 4;
21 | }
22 | else if (s == 1)
23 | {
24 | r += base64Chars.charAt((a | (c >> 4) & 15));
25 | a = (c & 15) << 2;
26 | }
27 | else if (s == 2)
28 | {
29 | r += base64Chars.charAt(a | ((c >> 6) & 3));
30 | l += 1;
31 | r += base64Chars.charAt(c & 63);
32 | }
33 | l += 1;
34 | s += 1;
35 | if (s == 3) s = 0;
36 | }
37 | if (s > 0)
38 | {
39 | r += base64Chars.charAt(a);
40 | l += 1;
41 | r += '=';
42 | l += 1;
43 | }
44 | if (s == 1)
45 | {
46 | r += '=';
47 | }
48 | return r;
49 | }
50 |
51 | my.b64to256 = function(t)
52 | {
53 | var c, n;
54 | var r = '', s = 0, a = 0;
55 | var tl = t.length;
56 | for (n = 0; n < tl; n++)
57 | {
58 | c = base64Chars.indexOf(t.charAt(n));
59 | if (c >= 0)
60 | {
61 | if (s) r += String.fromCharCode(a | (c >> (6 - s)) & 255);
62 | s = (s + 2) & 7;
63 | a = (c << s) & 255;
64 | }
65 | }
66 | return r;
67 | }
68 |
69 | my.b16to64 = function(h) {
70 | var i;
71 | var c;
72 | var ret = "";
73 | if(h.length % 2 == 1)
74 | {
75 | h = "0" + h;
76 | }
77 | for (i = 0; i + 3 <= h.length; i += 3)
78 | {
79 | c = parseInt(h.substring(i, i + 3), 16);
80 | ret += base64Chars.charAt(c >> 6) + base64Chars.charAt(c & 63);
81 | }
82 | if (i + 1 == h.length)
83 | {
84 | c = parseInt(h.substring(i, i + 1), 16);
85 | ret += base64Chars.charAt(c << 2);
86 | }
87 | else if (i + 2 == h.length)
88 | {
89 | c = parseInt(h.substring(i, i + 2), 16);
90 | ret += base64Chars.charAt(c >> 2) + base64Chars.charAt((c & 3) << 4);
91 | }
92 | while ((ret.length & 3) > 0) ret += "=";
93 | return ret;
94 | }
95 |
96 | my.b64to16 = function(s) {
97 | var ret = "";
98 | var i;
99 | var k = 0;
100 | var slop;
101 | for (i = 0; i < s.length; ++i)
102 | {
103 | if (s.charAt(i) == "=") break;
104 | v = base64Chars.indexOf(s.charAt(i));
105 | if (v < 0) continue;
106 | if (k == 0)
107 | {
108 | ret += int2char(v >> 2);
109 | slop = v & 3;
110 | k = 1;
111 | }
112 | else if (k == 1)
113 | {
114 | ret += int2char((slop << 2) | (v >> 4));
115 | slop = v & 0xf;
116 | k = 2;
117 | }
118 | else if (k == 2)
119 | {
120 | ret += int2char(slop);
121 | ret += int2char(v >> 2);
122 | slop = v & 3;
123 | k = 3;
124 | }
125 | else
126 | {
127 | ret += int2char((slop << 2) | (v >> 4));
128 | ret += int2char(v & 0xf);
129 | k = 0;
130 | }
131 | }
132 | if (k == 1) ret += int2char(slop << 2);
133 | return ret;
134 | }
135 |
136 | // Converts a string to a byte array.
137 | my.string2bytes = function(string)
138 | {
139 | var bytes = new Array();
140 | for(var i = 0; i < string.length; i++)
141 | {
142 | bytes.push(string.charCodeAt(i));
143 | }
144 | return bytes;
145 | }
146 |
147 | // Converts a byte array to a string.
148 | my.bytes2string = function(bytes)
149 | {
150 | var string = "";
151 | for(var i = 0; i < bytes.length; i++)
152 | {
153 | string += String.fromCharCode(bytes[i]);
154 | }
155 | return string;
156 | }
157 |
158 | // Returns a XOR b, where a and b are 16-byte byte arrays.
159 | my.blockXOR = function(a, b)
160 | {
161 | var xor = new Array(16);
162 | for(var i = 0; i < 16; i++)
163 | {
164 | xor[i] = a[i] ^ b[i];
165 | }
166 | return xor;
167 | }
168 |
169 | // Returns a 16-byte initialization vector.
170 | my.blockIV = function()
171 | {
172 | var r = new SecureRandom();
173 | var IV = new Array(16);
174 | r.nextBytes(IV);
175 | return IV;
176 | }
177 |
178 | // Returns a copy of bytes with zeros appended to the end
179 | // so that the (length of bytes) % 16 == 0.
180 | my.pad16 = function(bytes)
181 | {
182 | var newBytes = bytes.slice(0);
183 | var padding = (16 - (bytes.length % 16)) % 16;
184 | for(i = bytes.length; i < bytes.length + padding; i++)
185 | {
186 | newBytes.push(0);
187 | }
188 | return newBytes;
189 | }
190 |
191 | // Removes trailing zeros from a byte array.
192 | my.depad = function(bytes)
193 | {
194 | var newBytes = bytes.slice(0);
195 | while(newBytes[newBytes.length - 1] == 0)
196 | {
197 | newBytes = newBytes.slice(0, newBytes.length - 1);
198 | }
199 | return newBytes;
200 | }
201 |
202 | // AES CBC Encryption.
203 | my.encryptAESCBC = function(plaintext, key)
204 | {
205 | var exkey = key.slice(0);
206 | aes.ExpandKey(exkey);
207 | var blocks = my.string2bytes(plaintext);
208 | blocks = my.pad16(blocks);
209 | var encryptedBlocks = my.blockIV();
210 | for(var i = 0; i < blocks.length/16; i++)
211 | {
212 | var tempBlock = blocks.slice(i * 16, i * 16 + 16);
213 | var prevBlock = encryptedBlocks.slice((i) * 16, (i) * 16 + 16);
214 | tempBlock = my.blockXOR(prevBlock, tempBlock);
215 | aes.Encrypt(tempBlock, exkey);
216 | encryptedBlocks = encryptedBlocks.concat(tempBlock);
217 | }
218 | var ciphertext = my.bytes2string(encryptedBlocks);
219 | return my.b256to64(ciphertext)
220 | }
221 |
222 | // AES CBC Decryption.
223 | my.decryptAESCBC = function(encryptedText, key)
224 | {
225 | var exkey = key.slice(0);
226 | aes.ExpandKey(exkey);
227 | var encryptedText = my.b64to256(encryptedText);
228 | var encryptedBlocks = my.string2bytes(encryptedText);
229 | var decryptedBlocks = new Array();
230 | for(var i = 1; i < encryptedBlocks.length/16; i++)
231 | {
232 | var tempBlock = encryptedBlocks.slice(i * 16, i * 16 + 16);
233 | var prevBlock = encryptedBlocks.slice((i-1) * 16, (i-1) * 16 + 16);
234 | aes.Decrypt(tempBlock, exkey);
235 | tempBlock = my.blockXOR(prevBlock, tempBlock);
236 | decryptedBlocks = decryptedBlocks.concat(tempBlock);
237 | }
238 | decryptedBlocks = my.depad(decryptedBlocks);
239 | return my.bytes2string(decryptedBlocks);
240 | }
241 |
242 | // Wraps a string to 60 characters.
243 | my.wrap60 = function(string)
244 | {
245 | var outstr = "";
246 | for(var i = 0; i < string.length; i++) {
247 | if(i % 60 == 0 && i != 0) outstr += "\n";
248 | outstr += string[i]; }
249 | return outstr;
250 | }
251 |
252 | // Generate a random key for the AES-encrypted message.
253 | my.generateAESKey = function()
254 | {
255 | var key = new Array(32);
256 | var r = new SecureRandom();
257 | r.nextBytes(key);
258 | return key;
259 | }
260 |
261 | // Generates an RSA key from a passphrase.
262 | my.generateRSAKey = function(passphrase, bitlength)
263 | {
264 | Math.seedrandom(sha256.hex(passphrase));
265 | var rsa = new RSAKey();
266 | rsa.generate(bitlength, "03");
267 | return rsa;
268 | }
269 |
270 | // Returns the ascii-armored version of the public key.
271 | my.publicKeyString = function(rsakey)
272 | {
273 | pubkey = my.b16to64(rsakey.n.toString(16));
274 | return pubkey;
275 | }
276 |
277 | // Returns an MD5 sum of a publicKeyString for easier identification.
278 | my.publicKeyID = function(publicKeyString)
279 | {
280 | return MD5(publicKeyString);
281 | }
282 |
283 | my.publicKeyFromString = function(string)
284 | {
285 | var N = my.b64to16(string.split("|")[0]);
286 | var E = "03";
287 | var rsa = new RSAKey();
288 | rsa.setPublic(N, E);
289 | return rsa
290 | }
291 |
292 | my.encrypt = function(plaintext, publickeystring, signingkey)
293 | {
294 | var cipherblock = "";
295 | var aeskey = my.generateAESKey();
296 | try
297 | {
298 | var publickey = my.publicKeyFromString(publickeystring);
299 | cipherblock += my.b16to64(publickey.encrypt(my.bytes2string(aeskey))) + "?";
300 | }
301 | catch(err)
302 | {
303 | return {status: "Invalid public key"};
304 | }
305 | if(signingkey)
306 | {
307 | signString = cryptico.b16to64(signingkey.signString(plaintext, "sha256"));
308 | plaintext += "::52cee64bb3a38f6403386519a39ac91c::";
309 | plaintext += cryptico.publicKeyString(signingkey);
310 | plaintext += "::52cee64bb3a38f6403386519a39ac91c::";
311 | plaintext += signString;
312 | }
313 | cipherblock += my.encryptAESCBC(plaintext, aeskey);
314 | return {status: "success", cipher: cipherblock};
315 | }
316 |
317 | my.decrypt = function(ciphertext, key)
318 | {
319 | var cipherblock = ciphertext.split("?");
320 | var aeskey = key.decrypt(my.b64to16(cipherblock[0]));
321 | if(aeskey == null)
322 | {
323 | return {status: "failure"};
324 | }
325 | aeskey = my.string2bytes(aeskey);
326 | var plaintext = my.decryptAESCBC(cipherblock[1], aeskey).split("::52cee64bb3a38f6403386519a39ac91c::");
327 | if(plaintext.length == 3)
328 | {
329 | var publickey = my.publicKeyFromString(plaintext[1]);
330 | var signature = my.b64to16(plaintext[2]);
331 | if(publickey.verifyString(plaintext[0], signature))
332 | {
333 | return {status: "success",
334 | plaintext: plaintext[0],
335 | signature: "verified",
336 | publicKeyString: my.publicKeyString(publickey)};
337 | }
338 | else
339 | {
340 | return {status: "success",
341 | plaintext: plaintext[0],
342 | signature: "forged",
343 | publicKeyString: my.publicKeyString(publickey)};
344 | }
345 | }
346 | else
347 | {
348 | return {status: "success", plaintext: plaintext[0], signature: "unsigned"};
349 | }
350 | }
351 |
352 | return my;
353 |
354 | }());
355 |
356 |
357 |
358 |
359 |
360 |
361 |
362 |
363 |
364 |
365 |
366 |
367 |
368 |
369 |
370 |
371 |
372 |
373 |
374 |
375 |
376 |
377 |
378 |
379 |
380 |
381 |
382 |
383 |
384 |
385 |
386 |
387 |
388 |
389 |
390 |
391 |
392 |
393 |
394 |
395 |
396 |
397 |
398 |
399 |
400 |
401 |
402 |
403 |
404 |
405 |
406 |
--------------------------------------------------------------------------------
/build:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env sh
2 |
3 | cat jsbn.js random.js hash.js rsa.js aes.js api.js > cryptico.js
4 |
5 | java -jar compiler.jar --compilation_level SIMPLE_OPTIMIZATIONS --js cryptico.js --js_output_file cryptico.min.js
6 |
--------------------------------------------------------------------------------
/compiler.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wwwtyro/cryptico/9291ece634d37415e66396d749d38e612d66f935/compiler.jar
--------------------------------------------------------------------------------
/cryptico.min.js:
--------------------------------------------------------------------------------
1 | var dbits,canary=244837814094590,j_lm=(canary&16777215)==15715070;function BigInteger(a,b,c){a!=null&&("number"==typeof a?this.fromNumber(a,b,c):b==null&&"string"!=typeof a?this.fromString(a,256):this.fromString(a,b))}function nbi(){return new BigInteger(null)}function am1(a,b,c,d,e,g){for(;--g>=0;){var h=b*this[a++]+c[d]+e,e=Math.floor(h/67108864);c[d++]=h&67108863}return e}
2 | function am2(a,b,c,d,e,g){var h=b&32767;for(b>>=15;--g>=0;){var f=this[a]&32767,o=this[a++]>>15,p=b*f+o*h,f=h*f+((p&32767)<<15)+c[d]+(e&1073741823),e=(f>>>30)+(p>>>15)+b*o+(e>>>30);c[d++]=f&1073741823}return e}function am3(a,b,c,d,e,g){var h=b&16383;for(b>>=14;--g>=0;){var f=this[a]&16383,o=this[a++]>>14,p=b*f+o*h,f=h*f+((p&16383)<<14)+c[d]+e,e=(f>>28)+(p>>14)+b*o;c[d++]=f&268435455}return e}
3 | j_lm&&navigator.appName=="Microsoft Internet Explorer"?(BigInteger.prototype.am=am2,dbits=30):j_lm&&navigator.appName!="Netscape"?(BigInteger.prototype.am=am1,dbits=26):(BigInteger.prototype.am=am3,dbits=28);BigInteger.prototype.DB=dbits;BigInteger.prototype.DM=(1<=0;--b)a[b]=this[b];a.t=this.t;a.s=this.s}function bnpFromInt(a){this.t=1;this.s=a<0?-1:0;a>0?this[0]=a:a<-1?this[0]=a+DV:this.t=0}
5 | function nbv(a){var b=nbi();b.fromInt(a);return b}
6 | function bnpFromString(a,b){var c;if(b==16)c=4;else if(b==8)c=3;else if(b==256)c=8;else if(b==2)c=1;else if(b==32)c=5;else if(b==4)c=2;else{this.fromRadix(a,b);return}this.s=this.t=0;for(var d=a.length,e=!1,g=0;--d>=0;){var h=c==8?a[d]&255:intAt(a,d);h<0?a.charAt(d)=="-"&&(e=!0):(e=!1,g==0?this[this.t++]=h:g+c>this.DB?(this[this.t-1]|=(h&(1<>this.DB-g):this[this.t-1]|=h<=this.DB&&(g-=this.DB))}if(c==8&&(a[0]&128)!=0)this.s=-1,g>0&&(this[this.t-1]|=(1<<
7 | this.DB-g)-1<0&&this[this.t-1]==a;)--this.t}
8 | function bnToString(a){if(this.s<0)return"-"+this.negate().toString(a);if(a==16)a=4;else if(a==8)a=3;else if(a==2)a=1;else if(a==32)a=5;else if(a==64)a=6;else if(a==4)a=2;else return this.toRadix(a);var b=(1<0){if(h>h)>0)d=!0,e=int2char(c);for(;g>=0;)h>(h+=this.DB-a)):(c=this[g]>>(h-=a)&b,h<=0&&(h+=this.DB,--g)),c>0&&(d=!0),d&&(e+=int2char(c))}return d?e:"0"}
9 | function bnNegate(){var a=nbi();BigInteger.ZERO.subTo(this,a);return a}function bnAbs(){return this.s<0?this.negate():this}function bnCompareTo(a){var b=this.s-a.s;if(b!=0)return b;var c=this.t,b=c-a.t;if(b!=0)return b;for(;--c>=0;)if((b=this[c]-a[c])!=0)return b;return 0}function nbits(a){var b=1,c;if((c=a>>>16)!=0)a=c,b+=16;if((c=a>>8)!=0)a=c,b+=8;if((c=a>>4)!=0)a=c,b+=4;if((c=a>>2)!=0)a=c,b+=2;a>>1!=0&&(b+=1);return b}
10 | function bnBitLength(){return this.t<=0?0:this.DB*(this.t-1)+nbits(this[this.t-1]^this.s&this.DM)}function bnpDLShiftTo(a,b){var c;for(c=this.t-1;c>=0;--c)b[c+a]=this[c];for(c=a-1;c>=0;--c)b[c]=0;b.t=this.t+a;b.s=this.s}function bnpDRShiftTo(a,b){for(var c=a;c=0;--f)b[f+g+1]=this[f]>>d|h,h=(this[f]&e)<=0;--f)b[f]=0;b[g]=h;b.t=this.t+g+1;b.s=this.s;b.clamp()}
12 | function bnpRShiftTo(a,b){b.s=this.s;var c=Math.floor(a/this.DB);if(c>=this.t)b.t=0;else{var d=a%this.DB,e=this.DB-d,g=(1<>d;for(var h=c+1;h>d;d>0&&(b[this.t-c-1]|=(this.s&g)<>=this.DB;if(a.t>=this.DB;d+=this.s}else{for(d+=this.s;c>=this.DB;d-=a.s}b.s=d<0?-1:0;d<-1?b[c++]=this.DV+d:d>0&&(b[c++]=d);b.t=c;b.clamp()}
14 | function bnpMultiplyTo(a,b){var c=this.abs(),d=a.abs(),e=c.t;for(b.t=e+d.t;--e>=0;)b[e]=0;for(e=0;e=0;)a[c]=0;for(c=0;c=b.DV)a[c+b.t]-=b.DV,a[c+b.t+1]=1}a.t>0&&(a[a.t-1]+=b.am(c,b[c],a,2*c,0,1));a.s=0;a.clamp()}
15 | function bnpDivRemTo(a,b,c){var d=a.abs();if(!(d.t<=0)){var e=this.abs();if(e.t0?(d.lShiftTo(f,g),e.lShiftTo(f,c)):(d.copyTo(g),e.copyTo(c));d=g.t;e=g[d-1];if(e!=0){var o=e*(1<1?g[d-2]>>this.F2:0),p=this.FV/o,o=(1<=0&&(c[c.t++]=1,c.subTo(j,c));BigInteger.ONE.dlShiftTo(d,
16 | j);for(j.subTo(g,g);g.t=0;){var l=c[--n]==e?this.DM:Math.floor(c[n]*p+(c[n-1]+q)*o);if((c[n]+=g.am(0,l,c,k,0,d))0&&c.rShiftTo(f,c);h<0&&BigInteger.ZERO.subTo(c,c)}}}}function bnMod(a){var b=nbi();this.abs().divRemTo(a,null,b);this.s<0&&b.compareTo(BigInteger.ZERO)>0&&a.subTo(b,b);return b}function Classic(a){this.m=a}
17 | function cConvert(a){return a.s<0||a.compareTo(this.m)>=0?a.mod(this.m):a}function cRevert(a){return a}function cReduce(a){a.divRemTo(this.m,null,a)}function cMulTo(a,b,c){a.multiplyTo(b,c);this.reduce(c)}function cSqrTo(a,b){a.squareTo(b);this.reduce(b)}Classic.prototype.convert=cConvert;Classic.prototype.revert=cRevert;Classic.prototype.reduce=cReduce;Classic.prototype.mulTo=cMulTo;Classic.prototype.sqrTo=cSqrTo;
18 | function bnpInvDigit(){if(this.t<1)return 0;var a=this[0];if((a&1)==0)return 0;var b=a&3,b=b*(2-(a&15)*b)&15,b=b*(2-(a&255)*b)&255,b=b*(2-((a&65535)*b&65535))&65535,b=b*(2-a*b%this.DV)%this.DV;return b>0?this.DV-b:-b}function Montgomery(a){this.m=a;this.mp=a.invDigit();this.mpl=this.mp&32767;this.mph=this.mp>>15;this.um=(1<0&&this.m.subTo(b,b);return b}function montRevert(a){var b=nbi();a.copyTo(b);this.reduce(b);return b}
20 | function montReduce(a){for(;a.t<=this.mt2;)a[a.t++]=0;for(var b=0;b>15)*this.mpl&this.um)<<15)&a.DM,c=b+this.m.t;for(a[c]+=this.m.am(0,d,a,b,0,this.m.t);a[c]>=a.DV;)a[c]-=a.DV,a[++c]++}a.clamp();a.drShiftTo(this.m.t,a);a.compareTo(this.m)>=0&&a.subTo(this.m,a)}function montSqrTo(a,b){a.squareTo(b);this.reduce(b)}function montMulTo(a,b,c){a.multiplyTo(b,c);this.reduce(c)}Montgomery.prototype.convert=montConvert;
21 | Montgomery.prototype.revert=montRevert;Montgomery.prototype.reduce=montReduce;Montgomery.prototype.mulTo=montMulTo;Montgomery.prototype.sqrTo=montSqrTo;function bnpIsEven(){return(this.t>0?this[0]&1:this.s)==0}function bnpExp(a,b){if(a>4294967295||a<1)return BigInteger.ONE;var c=nbi(),d=nbi(),e=b.convert(this),g=nbits(a)-1;for(e.copyTo(c);--g>=0;)if(b.sqrTo(c,d),(a&1<0)b.mulTo(d,e,c);else var h=c,c=d,d=h;return b.revert(c)}
22 | function bnModPowInt(a,b){var c;c=a<256||b.isEven()?new Classic(b):new Montgomery(b);return this.exp(a,c)}BigInteger.prototype.copyTo=bnpCopyTo;BigInteger.prototype.fromInt=bnpFromInt;BigInteger.prototype.fromString=bnpFromString;BigInteger.prototype.clamp=bnpClamp;BigInteger.prototype.dlShiftTo=bnpDLShiftTo;BigInteger.prototype.drShiftTo=bnpDRShiftTo;BigInteger.prototype.lShiftTo=bnpLShiftTo;BigInteger.prototype.rShiftTo=bnpRShiftTo;BigInteger.prototype.subTo=bnpSubTo;
23 | BigInteger.prototype.multiplyTo=bnpMultiplyTo;BigInteger.prototype.squareTo=bnpSquareTo;BigInteger.prototype.divRemTo=bnpDivRemTo;BigInteger.prototype.invDigit=bnpInvDigit;BigInteger.prototype.isEven=bnpIsEven;BigInteger.prototype.exp=bnpExp;BigInteger.prototype.toString=bnToString;BigInteger.prototype.negate=bnNegate;BigInteger.prototype.abs=bnAbs;BigInteger.prototype.compareTo=bnCompareTo;BigInteger.prototype.bitLength=bnBitLength;BigInteger.prototype.mod=bnMod;BigInteger.prototype.modPowInt=bnModPowInt;
24 | BigInteger.ZERO=nbv(0);BigInteger.ONE=nbv(1);function bnClone(){var a=nbi();this.copyTo(a);return a}function bnIntValue(){if(this.s<0)if(this.t==1)return this[0]-this.DV;else{if(this.t==0)return-1}else if(this.t==1)return this[0];else if(this.t==0)return 0;return(this[1]&(1<<32-this.DB)-1)<>24}function bnShortValue(){return this.t==0?this.s:this[0]<<16>>16}
25 | function bnpChunkSize(a){return Math.floor(Math.LN2*this.DB/Math.log(a))}function bnSigNum(){return this.s<0?-1:this.t<=0||this.t==1&&this[0]<=0?0:1}function bnpToRadix(a){a==null&&(a=10);if(this.signum()==0||a<2||a>36)return"0";var b=this.chunkSize(a),b=Math.pow(a,b),c=nbv(b),d=nbi(),e=nbi(),g="";for(this.divRemTo(c,d,e);d.signum()>0;)g=(b+e.intValue()).toString(a).substr(1)+g,d.divRemTo(c,d,e);return e.intValue().toString(a)+g}
26 | function bnpFromRadix(a,b){this.fromInt(0);b==null&&(b=10);for(var c=this.chunkSize(b),d=Math.pow(b,c),e=!1,g=0,h=0,f=0;f=c&&(this.dMultiply(d),this.dAddOffset(h,0),h=g=0))}g>0&&(this.dMultiply(Math.pow(b,g)),this.dAddOffset(h,0));e&&BigInteger.ZERO.subTo(this,this)}
27 | function bnpFromNumber(a,b,c){if("number"==typeof b)if(a<2)this.fromInt(1);else{this.fromNumber(a,c);this.testBit(a-1)||this.bitwiseTo(BigInteger.ONE.shiftLeft(a-1),op_or,this);for(this.isEven()&&this.dAddOffset(1,0);!this.isProbablePrime(b);)this.dAddOffset(2,0),this.bitLength()>a&&this.subTo(BigInteger.ONE.shiftLeft(a-1),this)}else{var c=[],d=a&7;c.length=(a>>3)+1;b.nextBytes(c);d>0?c[0]&=(1<0){if(c>c)!=(this.s&this.DM)>>c)b[e++]=d|this.s<=0;)if(c<8?(d=(this[a]&(1<>(c+=this.DB-8)):(d=this[a]>>(c-=8)&255,c<=0&&(c+=this.DB,--a)),(d&128)!=0&&(d|=-256),e==0&&(this.s&128)!=(d&128)&&++e,e>0||d!=this.s)b[e++]=d}return b}function bnEquals(a){return this.compareTo(a)==0}function bnMin(a){return this.compareTo(a)<0?this:a}
29 | function bnMax(a){return this.compareTo(a)>0?this:a}function bnpBitwiseTo(a,b,c){var d,e,g=Math.min(a.t,this.t);for(d=0;d>=16,b+=16);(a&255)==0&&(a>>=8,b+=8);(a&15)==0&&(a>>=4,b+=4);(a&3)==0&&(a>>=2,b+=2);(a&1)==0&&++b;return b}function bnGetLowestSetBit(){for(var a=0;a=this.t?this.s!=0:(this[b]&1<>=this.DB;if(a.t>=this.DB;d+=this.s}else{for(d+=this.s;c>=this.DB;d+=a.s}b.s=d<0?-1:0;d>0?b[c++]=d:d<-1&&(b[c++]=this.DV+d);b.t=c;b.clamp()}function bnAdd(a){var b=nbi();this.addTo(a,b);return b}function bnSubtract(a){var b=nbi();this.subTo(a,b);return b}
34 | function bnMultiply(a){var b=nbi();this.multiplyTo(a,b);return b}function bnSquare(){var a=nbi();this.squareTo(a);return a}function bnDivide(a){var b=nbi();this.divRemTo(a,b,null);return b}function bnRemainder(a){var b=nbi();this.divRemTo(a,null,b);return b}function bnDivideAndRemainder(a){var b=nbi(),c=nbi();this.divRemTo(a,b,c);return[b,c]}function bnpDMultiply(a){this[this.t]=this.am(0,a-1,this,0,0,this.t);++this.t;this.clamp()}
35 | function bnpDAddOffset(a,b){if(a!=0){for(;this.t<=b;)this[this.t++]=0;for(this[b]+=a;this[b]>=this.DV;)this[b]-=this.DV,++b>=this.t&&(this[this.t++]=0),++this[b]}}function NullExp(){}function nNop(a){return a}function nMulTo(a,b,c){a.multiplyTo(b,c)}function nSqrTo(a,b){a.squareTo(b)}NullExp.prototype.convert=nNop;NullExp.prototype.revert=nNop;NullExp.prototype.mulTo=nMulTo;NullExp.prototype.sqrTo=nSqrTo;function bnPow(a){return this.exp(a,new NullExp)}
36 | function bnpMultiplyLowerTo(a,b,c){var d=Math.min(this.t+a.t,b);c.s=0;for(c.t=d;d>0;)c[--d]=0;var e;for(e=c.t-this.t;d=0;)c[d]=0;for(d=Math.max(b-this.t,0);d2*this.m.t)return a.mod(this.m);else if(a.compareTo(this.m)<0)return a;else{var b=nbi();a.copyTo(b);this.reduce(b);return b}}function barrettRevert(a){return a}
38 | function barrettReduce(a){a.drShiftTo(this.m.t-1,this.r2);if(a.t>this.m.t+1)a.t=this.m.t+1,a.clamp();this.mu.multiplyUpperTo(this.r2,this.m.t+1,this.q3);for(this.m.multiplyLowerTo(this.q3,this.m.t+1,this.r2);a.compareTo(this.r2)<0;)a.dAddOffset(1,this.m.t+1);for(a.subTo(this.r2,a);a.compareTo(this.m)>=0;)a.subTo(this.m,a)}function barrettSqrTo(a,b){a.squareTo(b);this.reduce(b)}function barrettMulTo(a,b,c){a.multiplyTo(b,c);this.reduce(c)}Barrett.prototype.convert=barrettConvert;
39 | Barrett.prototype.revert=barrettRevert;Barrett.prototype.reduce=barrettReduce;Barrett.prototype.mulTo=barrettMulTo;Barrett.prototype.sqrTo=barrettSqrTo;
40 | function bnModPow(a,b){var c=a.bitLength(),d,e=nbv(1),g;if(c<=0)return e;else d=c<18?1:c<48?3:c<144?4:c<768?5:6;g=c<8?new Classic(b):b.isEven()?new Barrett(b):new Montgomery(b);var h=[],f=3,o=d-1,p=(1<1){c=nbi();for(g.sqrTo(h[1],c);f<=p;)h[f]=nbi(),g.mulTo(c,h[f-2],h[f]),f+=2}for(var q=a.t-1,n,k=!0,j=nbi(),c=nbits(a[q])-1;q>=0;){c>=o?n=a[q]>>c-o&p:(n=(a[q]&(1<0&&(n|=a[q-1]>>this.DB+c-o));for(f=d;(n&1)==0;)n>>=1,--f;if((c-=f)<0)c+=this.DB,--q;if(k)h[n].copyTo(e),
41 | k=!1;else{for(;f>1;)g.sqrTo(e,j),g.sqrTo(j,e),f-=2;f>0?g.sqrTo(e,j):(f=e,e=j,j=f);g.mulTo(j,h[n],e)}for(;q>=0&&(a[q]&1<0&&(b.rShiftTo(d,b),a.rShiftTo(d,a));for(;b.signum()>0;)(c=b.getLowestSetBit())>0&&b.rShiftTo(c,b),(c=a.getLowestSetBit())>0&&a.rShiftTo(c,a),b.compareTo(a)>=0?(b.subTo(a,b),b.rShiftTo(1,b)):(a.subTo(b,a),a.rShiftTo(1,a));d>0&&a.lShiftTo(d,a);return a}
43 | function bnpModInt(a){if(a<=0)return 0;var b=this.DV%a,c=this.s<0?a-1:0;if(this.t>0)if(b==0)c=this[0]%a;else for(var d=this.t-1;d>=0;--d)c=(b*c+this[d])%a;return c}
44 | function bnModInverse(a){var b=a.isEven();if(this.isEven()&&b||a.signum()==0)return BigInteger.ZERO;for(var c=a.clone(),d=this.clone(),e=nbv(1),g=nbv(0),h=nbv(0),f=nbv(1);c.signum()!=0;){for(;c.isEven();){c.rShiftTo(1,c);if(b){if(!e.isEven()||!g.isEven())e.addTo(this,e),g.subTo(a,g);e.rShiftTo(1,e)}else g.isEven()||g.subTo(a,g);g.rShiftTo(1,g)}for(;d.isEven();){d.rShiftTo(1,d);if(b){if(!h.isEven()||!f.isEven())h.addTo(this,h),f.subTo(a,f);h.rShiftTo(1,h)}else f.isEven()||f.subTo(a,f);f.rShiftTo(1,
45 | f)}c.compareTo(d)>=0?(c.subTo(d,c),b&&e.subTo(h,e),g.subTo(f,g)):(d.subTo(c,d),b&&h.subTo(e,h),f.subTo(g,f))}if(d.compareTo(BigInteger.ONE)!=0)return BigInteger.ZERO;if(f.compareTo(a)>=0)return f.subtract(a);if(f.signum()<0)f.addTo(a,f);else return f;return f.signum()<0?f.add(a):f}
46 | var lowprimes=[2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509,521,523,541,547,557,563,569,571,577,587,593,599,601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709,719,727,
47 | 733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853,857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991,997],lplim=67108864/lowprimes[lowprimes.length-1];
48 | function bnIsProbablePrime(a){var b,c=this.abs();if(c.t==1&&c[0]<=lowprimes[lowprimes.length-1]){for(b=0;b>1;if(a>lowprimes.length)a=lowprimes.length;for(var e=nbi(),g=0;g=g;)a/=2,b/=2,f>>>=1;return(a+f)/b};return q};h=b.pow(c,d);e=b.pow(2,
56 | e);g=e*2;p(b.random(),a)})([],Math,256,6,52);function SeededRandom(){}function SRnextBytes(a){var b;for(b=0;b>8&255;rng_pool[rng_pptr++]^=a>>16&255;rng_pool[rng_pptr++]^=a>>24&255;rng_pptr>=rng_psize&&(rng_pptr-=rng_psize)}function rng_seed_time(){rng_seed_int((new Date).getTime())}
59 | if(rng_pool==null){rng_pool=[];rng_pptr=0;var t;if(navigator.appName=="Netscape"&&navigator.appVersion<"5"&&window.crypto){var z=window.crypto.random(32);for(t=0;t>>8,rng_pool[rng_pptr++]=t&255;rng_pptr=0;rng_seed_time()}
60 | function rng_get_byte(){if(rng_state==null){rng_seed_time();rng_state=prng_newstate();rng_state.init(rng_pool);for(rng_pptr=0;rng_pptr>16)+(b>>16)+(c>>16)<<16|c&65535}function c(a,b){return a>>>b|a<<32-b}a=function(a){for(var a=a.replace(/\r\n/g,"\n"),b="",c=0;c127&&h<2048?b+=String.fromCharCode(h>>6|192):(b+=String.fromCharCode(h>>12|224),b+=String.fromCharCode(h>>6&63|128)),b+=String.fromCharCode(h&63|128))}return b}(a);return function(a){for(var b="",c=0;c>
62 | 2]>>(3-c%4)*8+4&15)+"0123456789abcdef".charAt(a[c>>2]>>(3-c%4)*8&15);return b}(function(a,e){var g=[1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,
63 | 2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298],h=[1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225],f=Array(64),o,p,q,n,k,j,l,m,s,r,u,w;a[e>>5]|=128<<24-e%32;a[(e+64>>9<<4)+15]=e;for(s=0;s>>10,f[r-7]),c(f[r-15],7)^c(f[r-15],18)^f[r-15]>>>3),f[r-16]),u=b(b(b(b(m,c(k,6)^c(k,11)^c(k,25)),k&j^~k&l),g[r]),f[r]),w=b(c(o,2)^c(o,13)^c(o,22),o&p^o&q^p&q),m=l,l=j,j=k,k=b(n,u),n=q,q=p,p=o,o=b(u,w);h[0]=b(o,h[0]);h[1]=b(p,h[1]);h[2]=b(q,h[2]);h[3]=b(n,h[3]);h[4]=b(k,h[4]);h[5]=b(j,h[5]);h[6]=b(l,h[6]);h[7]=b(m,h[7])}return h}(function(a){for(var b=[],c=0;c>5]|=(a.charCodeAt(c/
65 | 8)&255)<<24-c%32;return b}(a),a.length*8))}var sha256={hex:function(a){return SHA256(a)}};
66 | function SHA1(a){function b(a,b){return a<>>32-b}function c(a){var b="",c,d;for(c=7;c>=0;c--)d=a>>>c*4&15,b+=d.toString(16);return b}var d,e,g=Array(80),h=1732584193,f=4023233417,o=2562383102,p=271733878,q=3285377520,n,k,j,l,m,a=function(a){for(var a=a.replace(/\r\n/g,"\n"),b="",c=0;c127&&d<2048?b+=String.fromCharCode(d>>6|192):(b+=String.fromCharCode(d>>12|224),b+=String.fromCharCode(d>>6&63|128)),b+=String.fromCharCode(d&
67 | 63|128))}return b}(a);n=a.length;var s=[];for(d=0;d>>29);s.push(n<<3&4294967295);for(a=0;a>>32-g,c)}function d(a,c,d,e,f,g,h){a=b(a,b(b(c&e|d&~e,f),h));return b(a<>>32-g,c)}function e(a,c,d,e,f,g,h){a=b(a,b(b(c^d^e,f),h));return b(a<>>32-g,c)}function g(a,
71 | c,d,e,f,g,h){a=b(a,b(b(d^(c|~e),f),h));return b(a<>>32-g,c)}function h(a){var b="",c="",d;for(d=0;d<=3;d++)c=a>>>d*8&255,c="0"+c.toString(16),b+=c.substr(c.length-2,2);return b}var f=[],o,p,q,n,k,j,l,m,a=function(a){for(var a=a.replace(/\r\n/g,"\n"),b="",c=0;c127&&d<2048?b+=String.fromCharCode(d>>6|192):(b+=String.fromCharCode(d>>12|224),b+=String.fromCharCode(d>>6&63|128)),b+=String.fromCharCode(d&63|128))}return b}(a),
72 | f=function(a){var b,c=a.length;b=c+8;for(var d=((b-b%64)/64+1)*16,e=Array(d-1),f=0,g=0;g>>29;return e}(a);k=1732584193;j=4023233417;l=2562383102;m=271733878;for(a=0;a=0&&b>0;){var e=a.charCodeAt(d--);e<128?c[--b]=e:e>127&&e<2048?(c[--b]=e&63|128,c[--b]=e>>6|192):(c[--b]=e&63|128,c[--b]=e>>6&63|128,c[--b]=e>>12|224)}c[--b]=0;d=new SecureRandom;for(e=[];b>2;){for(e[0]=0;e[0]==0;)d.nextBytes(e);c[--b]=e[0]}c[--b]=2;c[--b]=0;return new BigInteger(c)}
79 | function RSAKey(){this.n=null;this.e=0;this.coeff=this.dmq1=this.dmp1=this.q=this.p=this.d=null}function RSASetPublic(a,b){a!=null&&b!=null&&a.length>0&&b.length>0?(this.n=parseBigInt(a,16),this.e=parseInt(b,16)):alert("Invalid RSA public key")}function RSADoPublic(a){return a.modPowInt(this.e,this.n)}function RSAEncrypt(a){a=pkcs1pad2(a,this.n.bitLength()+7>>3);if(a==null)return null;a=this.doPublic(a);if(a==null)return null;a=a.toString(16);return(a.length&1)==0?a:"0"+a}
80 | RSAKey.prototype.doPublic=RSADoPublic;RSAKey.prototype.setPublic=RSASetPublic;RSAKey.prototype.encrypt=RSAEncrypt;function pkcs1unpad2(a,b){for(var c=a.toByteArray(),d=0;d=c.length)return null;for(var e="";++d191&&g<224?(e+=String.fromCharCode((g&31)<<6|c[d+1]&63),++d):(e+=String.fromCharCode((g&15)<<12|(c[d+1]&63)<<6|c[d+2]&63),d+=2)}return e}
81 | function RSASetPrivate(a,b,c){a!=null&&b!=null&&a.length>0&&b.length>0?(this.n=parseBigInt(a,16),this.e=parseInt(b,16),this.d=parseBigInt(c,16)):alert("Invalid RSA private key")}
82 | function RSASetPrivateEx(a,b,c,d,e,g,h,f){a!=null&&b!=null&&a.length>0&&b.length>0?(this.n=parseBigInt(a,16),this.e=parseInt(b,16),this.d=parseBigInt(c,16),this.p=parseBigInt(d,16),this.q=parseBigInt(e,16),this.dmp1=parseBigInt(g,16),this.dmq1=parseBigInt(h,16),this.coeff=parseBigInt(f,16)):alert("Invalid RSA private key")}
83 | function RSAGenerate(a,b){var c=new SeededRandom,d=a>>1;this.e=parseInt(b,16);for(var e=new BigInteger(b,16);;){for(;;)if(this.p=new BigInteger(a-d,1,c),this.p.subtract(BigInteger.ONE).gcd(e).compareTo(BigInteger.ONE)==0&&this.p.isProbablePrime(10))break;for(;;)if(this.q=new BigInteger(d,1,c),this.q.subtract(BigInteger.ONE).gcd(e).compareTo(BigInteger.ONE)==0&&this.q.isProbablePrime(10))break;if(this.p.compareTo(this.q)<=0){var g=this.p;this.p=this.q;this.q=g}var g=this.p.subtract(BigInteger.ONE),
84 | h=this.q.subtract(BigInteger.ONE),f=g.multiply(h);if(f.gcd(e).compareTo(BigInteger.ONE)==0){this.n=this.p.multiply(this.q);this.d=e.modInverse(f);this.dmp1=this.d.mod(g);this.dmq1=this.d.mod(h);this.coeff=this.q.modInverse(this.p);break}}}
85 | function RSADoPrivate(a){if(this.p==null||this.q==null)return a.modPow(this.d,this.n);for(var b=a.mod(this.p).modPow(this.dmp1,this.p),a=a.mod(this.q).modPow(this.dmq1,this.q);b.compareTo(a)<0;)b=b.add(this.p);return b.subtract(a).multiply(this.coeff).mod(this.p).multiply(this.q).add(a)}function RSADecrypt(a){a=this.doPrivate(parseBigInt(a,16));return a==null?null:pkcs1unpad2(a,this.n.bitLength()+7>>3)}RSAKey.prototype.doPrivate=RSADoPrivate;RSAKey.prototype.setPrivate=RSASetPrivate;
86 | RSAKey.prototype.setPrivateEx=RSASetPrivateEx;RSAKey.prototype.generate=RSAGenerate;RSAKey.prototype.decrypt=RSADecrypt;var _RSASIGN_DIHEAD=[];_RSASIGN_DIHEAD.sha1="3021300906052b0e03021a05000414";_RSASIGN_DIHEAD.sha256="3031300d060960864801650304020105000420";var _RSASIGN_HASHHEXFUNC=[];_RSASIGN_HASHHEXFUNC.sha1=sha1.hex;_RSASIGN_HASHHEXFUNC.sha256=sha256.hex;
87 | function _rsasign_getHexPaddedDigestInfoForString(a,b,c){b/=4;for(var a=(0,_RSASIGN_HASHHEXFUNC[c])(a),c="00"+_RSASIGN_DIHEAD[c]+a,a="",b=b-4-c.length,d=0;d=256)e^=283}else c>24&&g%c==16&&(h=[a.Sbox[h[0]],a.Sbox[h[1]],a.Sbox[h[2]],a.Sbox[h[3]]]);for(var f=0;f<4;f++)b[g+f]=b[g+f-c]^h[f]}};a.Encrypt=function(b,c){var d=c.length;a.AddRoundKey(b,c.slice(0,16));for(var e=16;e=16;d-=16)a.AddRoundKey(b,c.slice(d,d+16)),a.MixColumns_Inv(b),a.ShiftRows(b,a.ShiftRowTab_Inv),a.SubBytes(b,a.Sbox_Inv);a.AddRoundKey(b,c.slice(0,16))};a.SubBytes=function(a,c){for(var d=0;d<16;d++)a[d]=c[a[d]]};a.AddRoundKey=function(a,c){for(var d=0;d<16;d++)a[d]^=c[d]};a.ShiftRows=function(a,c){for(var d=[].concat(a),e=0;e<16;e++)a[e]=d[c[e]]};
98 | a.MixColumns=function(b){for(var c=0;c<16;c+=4){var d=b[c+0],e=b[c+1],g=b[c+2],h=b[c+3],f=d^e^g^h;b[c+0]^=f^a.xtime[d^e];b[c+1]^=f^a.xtime[e^g];b[c+2]^=f^a.xtime[g^h];b[c+3]^=f^a.xtime[h^d]}};a.MixColumns_Inv=function(b){for(var c=0;c<16;c+=4){var d=b[c+0],e=b[c+1],g=b[c+2],h=b[c+3],f=d^e^g^h,o=a.xtime[f],p=a.xtime[a.xtime[o^d^g]]^f;f^=a.xtime[a.xtime[o^e^h]];b[c+0]^=p^a.xtime[d^e];b[c+1]^=f^a.xtime[e^g];b[c+2]^=p^a.xtime[g^h];b[c+3]^=f^a.xtime[h^d]}};return a}(),cryptico=function(){var a={};aes.Init();
99 | a.b256to64=function(a){var c,d,e,g="",h=0,f=0,o=a.length;for(e=0;e>2&63),c=(d&3)<<4):f==1?(g+="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".charAt(c|d>>4&15),c=(d&15)<<2):f==2&&(g+="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".charAt(c|d>>6&3),h+=1,g+="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".charAt(d&63)),h+=1,f+=1,f==3&&
100 | (f=0);f>0&&(g+="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".charAt(c),g+="=");f==1&&(g+="=");return g};a.b64to256=function(a){var c,d,e="",g=0,h=0,f=a.length;for(d=0;d=0&&(g&&(e+=String.fromCharCode(h|c>>6-g&255)),g=g+2&7,h=c<>
101 | 6)+"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".charAt(d&63);c+1==a.length?(d=parseInt(a.substring(c,c+1),16),e+="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".charAt(d<<2)):c+2==a.length&&(d=parseInt(a.substring(c,c+2),16),e+="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".charAt(d>>2)+"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".charAt((d&3)<<4));for(;(e.length&3)>0;)e+="=";return e};a.b64to16=function(a){var c="",
102 | d,e=0,g;for(d=0;d>2),g=v&3,e=1):e==1?(c+=int2char(g<<2|v>>4),g=v&15,e=2):e==2?(c+=int2char(g),c+=int2char(v>>2),g=v&3,e=3):(c+=int2char(g<<2|v>>4),c+=int2char(v&15),e=0))}e==1&&(c+=int2char(g<<2));return c};a.string2bytes=function(a){for(var c=[],d=0;d> 16) + (y >> 16) + (lsw >> 16);
19 | return (msw << 16) | (lsw & 0xFFFF);
20 | }
21 |
22 | function S (X, n) { return ( X >>> n ) | (X << (32 - n)); }
23 | function R (X, n) { return ( X >>> n ); }
24 | function Ch(x, y, z) { return ((x & y) ^ ((~x) & z)); }
25 | function Maj(x, y, z) { return ((x & y) ^ (x & z) ^ (y & z)); }
26 | function Sigma0256(x) { return (S(x, 2) ^ S(x, 13) ^ S(x, 22)); }
27 | function Sigma1256(x) { return (S(x, 6) ^ S(x, 11) ^ S(x, 25)); }
28 | function Gamma0256(x) { return (S(x, 7) ^ S(x, 18) ^ R(x, 3)); }
29 | function Gamma1256(x) { return (S(x, 17) ^ S(x, 19) ^ R(x, 10)); }
30 |
31 | function core_sha256 (m, l) {
32 | var K = new Array(0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5, 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5, 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3, 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174, 0xE49B69C1, 0xEFBE4786, 0xFC19DC6, 0x240CA1CC, 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA, 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7, 0xC6E00BF3, 0xD5A79147, 0x6CA6351, 0x14292967, 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13, 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85, 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3, 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070, 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5, 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3, 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208, 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2);
33 | var HASH = new Array(0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19);
34 | var W = new Array(64);
35 | var a, b, c, d, e, f, g, h, i, j;
36 | var T1, T2;
37 |
38 | m[l >> 5] |= 0x80 << (24 - l % 32);
39 | m[((l + 64 >> 9) << 4) + 15] = l;
40 |
41 | for ( var i = 0; i>5] |= (str.charCodeAt(i / chrsz) & mask) << (24 - i%32);
85 | }
86 | return bin;
87 | }
88 |
89 | function Utf8Encode(string) {
90 | string = string.replace(/\r\n/g,"\n");
91 | var utftext = "";
92 |
93 | for (var n = 0; n < string.length; n++) {
94 |
95 | var c = string.charCodeAt(n);
96 |
97 | if (c < 128) {
98 | utftext += String.fromCharCode(c);
99 | }
100 | else if((c > 127) && (c < 2048)) {
101 | utftext += String.fromCharCode((c >> 6) | 192);
102 | utftext += String.fromCharCode((c & 63) | 128);
103 | }
104 | else {
105 | utftext += String.fromCharCode((c >> 12) | 224);
106 | utftext += String.fromCharCode(((c >> 6) & 63) | 128);
107 | utftext += String.fromCharCode((c & 63) | 128);
108 | }
109 |
110 | }
111 |
112 | return utftext;
113 | }
114 |
115 | function binb2hex (binarray) {
116 | var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";
117 | var str = "";
118 | for(var i = 0; i < binarray.length * 4; i++) {
119 | str += hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8+4)) & 0xF) +
120 | hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8 )) & 0xF);
121 | }
122 | return str;
123 | }
124 |
125 | s = Utf8Encode(s);
126 | return binb2hex(core_sha256(str2binb(s), s.length * chrsz));
127 | }
128 |
129 | var sha256 = {}
130 | sha256.hex = function(s)
131 | {
132 | return SHA256(s);
133 | }
134 |
135 | /**
136 | *
137 | * Secure Hash Algorithm (SHA1)
138 | * http://www.webtoolkit.info/
139 | *
140 | **/
141 |
142 | function SHA1 (msg) {
143 |
144 | function rotate_left(n,s) {
145 | var t4 = ( n<>>(32-s));
146 | return t4;
147 | };
148 |
149 | function lsb_hex(val) {
150 | var str="";
151 | var i;
152 | var vh;
153 | var vl;
154 |
155 | for( i=0; i<=6; i+=2 ) {
156 | vh = (val>>>(i*4+4))&0x0f;
157 | vl = (val>>>(i*4))&0x0f;
158 | str += vh.toString(16) + vl.toString(16);
159 | }
160 | return str;
161 | };
162 |
163 | function cvt_hex(val) {
164 | var str="";
165 | var i;
166 | var v;
167 |
168 | for( i=7; i>=0; i-- ) {
169 | v = (val>>>(i*4))&0x0f;
170 | str += v.toString(16);
171 | }
172 | return str;
173 | };
174 |
175 |
176 | function Utf8Encode(string) {
177 | string = string.replace(/\r\n/g,"\n");
178 | var utftext = "";
179 |
180 | for (var n = 0; n < string.length; n++) {
181 |
182 | var c = string.charCodeAt(n);
183 |
184 | if (c < 128) {
185 | utftext += String.fromCharCode(c);
186 | }
187 | else if((c > 127) && (c < 2048)) {
188 | utftext += String.fromCharCode((c >> 6) | 192);
189 | utftext += String.fromCharCode((c & 63) | 128);
190 | }
191 | else {
192 | utftext += String.fromCharCode((c >> 12) | 224);
193 | utftext += String.fromCharCode(((c >> 6) & 63) | 128);
194 | utftext += String.fromCharCode((c & 63) | 128);
195 | }
196 |
197 | }
198 |
199 | return utftext;
200 | };
201 |
202 | var blockstart;
203 | var i, j;
204 | var W = new Array(80);
205 | var H0 = 0x67452301;
206 | var H1 = 0xEFCDAB89;
207 | var H2 = 0x98BADCFE;
208 | var H3 = 0x10325476;
209 | var H4 = 0xC3D2E1F0;
210 | var A, B, C, D, E;
211 | var temp;
212 |
213 | msg = Utf8Encode(msg);
214 |
215 | var msg_len = msg.length;
216 |
217 | var word_array = new Array();
218 | for( i=0; i>>29 );
246 | word_array.push( (msg_len<<3)&0x0ffffffff );
247 |
248 |
249 | for ( blockstart=0; blockstart>>(32-iShiftBits));
327 | }
328 |
329 | function AddUnsigned(lX,lY) {
330 | var lX4,lY4,lX8,lY8,lResult;
331 | lX8 = (lX & 0x80000000);
332 | lY8 = (lY & 0x80000000);
333 | lX4 = (lX & 0x40000000);
334 | lY4 = (lY & 0x40000000);
335 | lResult = (lX & 0x3FFFFFFF)+(lY & 0x3FFFFFFF);
336 | if (lX4 & lY4) {
337 | return (lResult ^ 0x80000000 ^ lX8 ^ lY8);
338 | }
339 | if (lX4 | lY4) {
340 | if (lResult & 0x40000000) {
341 | return (lResult ^ 0xC0000000 ^ lX8 ^ lY8);
342 | } else {
343 | return (lResult ^ 0x40000000 ^ lX8 ^ lY8);
344 | }
345 | } else {
346 | return (lResult ^ lX8 ^ lY8);
347 | }
348 | }
349 |
350 | function F(x,y,z) { return (x & y) | ((~x) & z); }
351 | function G(x,y,z) { return (x & z) | (y & (~z)); }
352 | function H(x,y,z) { return (x ^ y ^ z); }
353 | function I(x,y,z) { return (y ^ (x | (~z))); }
354 |
355 | function FF(a,b,c,d,x,s,ac) {
356 | a = AddUnsigned(a, AddUnsigned(AddUnsigned(F(b, c, d), x), ac));
357 | return AddUnsigned(RotateLeft(a, s), b);
358 | };
359 |
360 | function GG(a,b,c,d,x,s,ac) {
361 | a = AddUnsigned(a, AddUnsigned(AddUnsigned(G(b, c, d), x), ac));
362 | return AddUnsigned(RotateLeft(a, s), b);
363 | };
364 |
365 | function HH(a,b,c,d,x,s,ac) {
366 | a = AddUnsigned(a, AddUnsigned(AddUnsigned(H(b, c, d), x), ac));
367 | return AddUnsigned(RotateLeft(a, s), b);
368 | };
369 |
370 | function II(a,b,c,d,x,s,ac) {
371 | a = AddUnsigned(a, AddUnsigned(AddUnsigned(I(b, c, d), x), ac));
372 | return AddUnsigned(RotateLeft(a, s), b);
373 | };
374 |
375 | function ConvertToWordArray(string) {
376 | var lWordCount;
377 | var lMessageLength = string.length;
378 | var lNumberOfWords_temp1=lMessageLength + 8;
379 | var lNumberOfWords_temp2=(lNumberOfWords_temp1-(lNumberOfWords_temp1 % 64))/64;
380 | var lNumberOfWords = (lNumberOfWords_temp2+1)*16;
381 | var lWordArray=Array(lNumberOfWords-1);
382 | var lBytePosition = 0;
383 | var lByteCount = 0;
384 | while ( lByteCount < lMessageLength ) {
385 | lWordCount = (lByteCount-(lByteCount % 4))/4;
386 | lBytePosition = (lByteCount % 4)*8;
387 | lWordArray[lWordCount] = (lWordArray[lWordCount] | (string.charCodeAt(lByteCount)<>>29;
395 | return lWordArray;
396 | };
397 |
398 | function WordToHex(lValue) {
399 | var WordToHexValue="",WordToHexValue_temp="",lByte,lCount;
400 | for (lCount = 0;lCount<=3;lCount++) {
401 | lByte = (lValue>>>(lCount*8)) & 255;
402 | WordToHexValue_temp = "0" + lByte.toString(16);
403 | WordToHexValue = WordToHexValue + WordToHexValue_temp.substr(WordToHexValue_temp.length-2,2);
404 | }
405 | return WordToHexValue;
406 | };
407 |
408 | function Utf8Encode(string) {
409 | string = string.replace(/\r\n/g,"\n");
410 | var utftext = "";
411 |
412 | for (var n = 0; n < string.length; n++) {
413 |
414 | var c = string.charCodeAt(n);
415 |
416 | if (c < 128) {
417 | utftext += String.fromCharCode(c);
418 | }
419 | else if((c > 127) && (c < 2048)) {
420 | utftext += String.fromCharCode((c >> 6) | 192);
421 | utftext += String.fromCharCode((c & 63) | 128);
422 | }
423 | else {
424 | utftext += String.fromCharCode((c >> 12) | 224);
425 | utftext += String.fromCharCode(((c >> 6) & 63) | 128);
426 | utftext += String.fromCharCode((c & 63) | 128);
427 | }
428 |
429 | }
430 |
431 | return utftext;
432 | };
433 |
434 | var x=Array();
435 | var k,AA,BB,CC,DD,a,b,c,d;
436 | var S11=7, S12=12, S13=17, S14=22;
437 | var S21=5, S22=9 , S23=14, S24=20;
438 | var S31=4, S32=11, S33=16, S34=23;
439 | var S41=6, S42=10, S43=15, S44=21;
440 |
441 | string = Utf8Encode(string);
442 |
443 | x = ConvertToWordArray(string);
444 |
445 | a = 0x67452301; b = 0xEFCDAB89; c = 0x98BADCFE; d = 0x10325476;
446 |
447 | for (k=0;k= 0) {
37 | var v = x * this[i++] + w[j] + c;
38 | c = Math.floor(v / 0x4000000);
39 | w[j++] = v & 0x3ffffff;
40 | }
41 | return c;
42 | }
43 | // am2 avoids a big mult-and-extract completely.
44 | // Max digit bits should be <= 30 because we do bitwise ops
45 | // on values up to 2*hdvalue^2-hdvalue-1 (< 2^31)
46 |
47 | function am2(i, x, w, j, c, n) {
48 | var xl = x & 0x7fff,
49 | xh = x >> 15;
50 | while (--n >= 0) {
51 | var l = this[i] & 0x7fff;
52 | var h = this[i++] >> 15;
53 | var m = xh * l + h * xl;
54 | l = xl * l + ((m & 0x7fff) << 15) + w[j] + (c & 0x3fffffff);
55 | c = (l >>> 30) + (m >>> 15) + xh * h + (c >>> 30);
56 | w[j++] = l & 0x3fffffff;
57 | }
58 | return c;
59 | }
60 | // Alternately, set max digit bits to 28 since some
61 | // browsers slow down when dealing with 32-bit numbers.
62 |
63 | function am3(i, x, w, j, c, n) {
64 | var xl = x & 0x3fff,
65 | xh = x >> 14;
66 | while (--n >= 0) {
67 | var l = this[i] & 0x3fff;
68 | var h = this[i++] >> 14;
69 | var m = xh * l + h * xl;
70 | l = xl * l + ((m & 0x3fff) << 14) + w[j] + c;
71 | c = (l >> 28) + (m >> 14) + xh * h;
72 | w[j++] = l & 0xfffffff;
73 | }
74 | return c;
75 | }
76 | if (j_lm && (navigator.appName == "Microsoft Internet Explorer")) {
77 | BigInteger.prototype.am = am2;
78 | dbits = 30;
79 | }
80 | else if (j_lm && (navigator.appName != "Netscape")) {
81 | BigInteger.prototype.am = am1;
82 | dbits = 26;
83 | }
84 | else { // Mozilla/Netscape seems to prefer am3
85 | BigInteger.prototype.am = am3;
86 | dbits = 28;
87 | }
88 |
89 | BigInteger.prototype.DB = dbits;
90 | BigInteger.prototype.DM = ((1 << dbits) - 1);
91 | BigInteger.prototype.DV = (1 << dbits);
92 |
93 | var BI_FP = 52;
94 | BigInteger.prototype.FV = Math.pow(2, BI_FP);
95 | BigInteger.prototype.F1 = BI_FP - dbits;
96 | BigInteger.prototype.F2 = 2 * dbits - BI_FP;
97 |
98 | // Digit conversions
99 | var BI_RM = "0123456789abcdefghijklmnopqrstuvwxyz";
100 | var BI_RC = new Array();
101 | var rr, vv;
102 | rr = "0".charCodeAt(0);
103 | for (vv = 0; vv <= 9; ++vv) BI_RC[rr++] = vv;
104 | rr = "a".charCodeAt(0);
105 | for (vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv;
106 | rr = "A".charCodeAt(0);
107 | for (vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv;
108 |
109 | function int2char(n) {
110 | return BI_RM.charAt(n);
111 | }
112 |
113 | function intAt(s, i) {
114 | var c = BI_RC[s.charCodeAt(i)];
115 | return (c == null) ? -1 : c;
116 | }
117 |
118 | // (protected) copy this to r
119 |
120 | function bnpCopyTo(r) {
121 | for (var i = this.t - 1; i >= 0; --i) r[i] = this[i];
122 | r.t = this.t;
123 | r.s = this.s;
124 | }
125 |
126 | // (protected) set from integer value x, -DV <= x < DV
127 |
128 | function bnpFromInt(x) {
129 | this.t = 1;
130 | this.s = (x < 0) ? -1 : 0;
131 | if (x > 0) this[0] = x;
132 | else if (x < -1) this[0] = x + DV;
133 | else this.t = 0;
134 | }
135 |
136 | // return bigint initialized to value
137 |
138 | function nbv(i) {
139 | var r = nbi();
140 | r.fromInt(i);
141 | return r;
142 | }
143 |
144 | // (protected) set from string and radix
145 |
146 | function bnpFromString(s, b) {
147 | var k;
148 | if (b == 16) k = 4;
149 | else if (b == 8) k = 3;
150 | else if (b == 256) k = 8; // byte array
151 | else if (b == 2) k = 1;
152 | else if (b == 32) k = 5;
153 | else if (b == 4) k = 2;
154 | else {
155 | this.fromRadix(s, b);
156 | return;
157 | }
158 | this.t = 0;
159 | this.s = 0;
160 | var i = s.length,
161 | mi = false,
162 | sh = 0;
163 | while (--i >= 0) {
164 | var x = (k == 8) ? s[i] & 0xff : intAt(s, i);
165 | if (x < 0) {
166 | if (s.charAt(i) == "-") mi = true;
167 | continue;
168 | }
169 | mi = false;
170 | if (sh == 0) this[this.t++] = x;
171 | else if (sh + k > this.DB) {
172 | this[this.t - 1] |= (x & ((1 << (this.DB - sh)) - 1)) << sh;
173 | this[this.t++] = (x >> (this.DB - sh));
174 | }
175 | else this[this.t - 1] |= x << sh;
176 | sh += k;
177 | if (sh >= this.DB) sh -= this.DB;
178 | }
179 | if (k == 8 && (s[0] & 0x80) != 0) {
180 | this.s = -1;
181 | if (sh > 0) this[this.t - 1] |= ((1 << (this.DB - sh)) - 1) << sh;
182 | }
183 | this.clamp();
184 | if (mi) BigInteger.ZERO.subTo(this, this);
185 | }
186 |
187 | // (protected) clamp off excess high words
188 |
189 | function bnpClamp() {
190 | var c = this.s & this.DM;
191 | while (this.t > 0 && this[this.t - 1] == c)--this.t;
192 | }
193 |
194 | // (public) return string representation in given radix
195 |
196 | function bnToString(b) {
197 | if (this.s < 0) return "-" + this.negate().toString(b);
198 | var k;
199 | if (b == 16) k = 4;
200 | else if (b == 8) k = 3;
201 | else if (b == 2) k = 1;
202 | else if (b == 32) k = 5;
203 | else if (b == 64) k = 6;
204 | else if (b == 4) k = 2;
205 | else return this.toRadix(b);
206 | var km = (1 << k) - 1,
207 | d, m = false,
208 | r = "",
209 | i = this.t;
210 | var p = this.DB - (i * this.DB) % k;
211 | if (i-- > 0) {
212 | if (p < this.DB && (d = this[i] >> p) > 0) {
213 | m = true;
214 | r = int2char(d);
215 | }
216 | while (i >= 0) {
217 | if (p < k) {
218 | d = (this[i] & ((1 << p) - 1)) << (k - p);
219 | d |= this[--i] >> (p += this.DB - k);
220 | }
221 | else {
222 | d = (this[i] >> (p -= k)) & km;
223 | if (p <= 0) {
224 | p += this.DB;
225 | --i;
226 | }
227 | }
228 | if (d > 0) m = true;
229 | if (m) r += int2char(d);
230 | }
231 | }
232 | return m ? r : "0";
233 | }
234 |
235 | // (public) -this
236 |
237 | function bnNegate() {
238 | var r = nbi();
239 | BigInteger.ZERO.subTo(this, r);
240 | return r;
241 | }
242 |
243 | // (public) |this|
244 |
245 | function bnAbs() {
246 | return (this.s < 0) ? this.negate() : this;
247 | }
248 |
249 | // (public) return + if this > a, - if this < a, 0 if equal
250 |
251 | function bnCompareTo(a) {
252 | var r = this.s - a.s;
253 | if (r != 0) return r;
254 | var i = this.t;
255 | r = i - a.t;
256 | if (r != 0) return r;
257 | while (--i >= 0) if ((r = this[i] - a[i]) != 0) return r;
258 | return 0;
259 | }
260 |
261 | // returns bit length of the integer x
262 |
263 | function nbits(x) {
264 | var r = 1,
265 | t;
266 | if ((t = x >>> 16) != 0) {
267 | x = t;
268 | r += 16;
269 | }
270 | if ((t = x >> 8) != 0) {
271 | x = t;
272 | r += 8;
273 | }
274 | if ((t = x >> 4) != 0) {
275 | x = t;
276 | r += 4;
277 | }
278 | if ((t = x >> 2) != 0) {
279 | x = t;
280 | r += 2;
281 | }
282 | if ((t = x >> 1) != 0) {
283 | x = t;
284 | r += 1;
285 | }
286 | return r;
287 | }
288 |
289 | // (public) return the number of bits in "this"
290 |
291 | function bnBitLength() {
292 | if (this.t <= 0) return 0;
293 | return this.DB * (this.t - 1) + nbits(this[this.t - 1] ^ (this.s & this.DM));
294 | }
295 |
296 | // (protected) r = this << n*DB
297 |
298 | function bnpDLShiftTo(n, r) {
299 | var i;
300 | for (i = this.t - 1; i >= 0; --i) r[i + n] = this[i];
301 | for (i = n - 1; i >= 0; --i) r[i] = 0;
302 | r.t = this.t + n;
303 | r.s = this.s;
304 | }
305 |
306 | // (protected) r = this >> n*DB
307 |
308 | function bnpDRShiftTo(n, r) {
309 | for (var i = n; i < this.t; ++i) r[i - n] = this[i];
310 | r.t = Math.max(this.t - n, 0);
311 | r.s = this.s;
312 | }
313 |
314 | // (protected) r = this << n
315 |
316 | function bnpLShiftTo(n, r) {
317 | var bs = n % this.DB;
318 | var cbs = this.DB - bs;
319 | var bm = (1 << cbs) - 1;
320 | var ds = Math.floor(n / this.DB),
321 | c = (this.s << bs) & this.DM,
322 | i;
323 | for (i = this.t - 1; i >= 0; --i) {
324 | r[i + ds + 1] = (this[i] >> cbs) | c;
325 | c = (this[i] & bm) << bs;
326 | }
327 | for (i = ds - 1; i >= 0; --i) r[i] = 0;
328 | r[ds] = c;
329 | r.t = this.t + ds + 1;
330 | r.s = this.s;
331 | r.clamp();
332 | }
333 |
334 | // (protected) r = this >> n
335 |
336 | function bnpRShiftTo(n, r) {
337 | r.s = this.s;
338 | var ds = Math.floor(n / this.DB);
339 | if (ds >= this.t) {
340 | r.t = 0;
341 | return;
342 | }
343 | var bs = n % this.DB;
344 | var cbs = this.DB - bs;
345 | var bm = (1 << bs) - 1;
346 | r[0] = this[ds] >> bs;
347 | for (var i = ds + 1; i < this.t; ++i) {
348 | r[i - ds - 1] |= (this[i] & bm) << cbs;
349 | r[i - ds] = this[i] >> bs;
350 | }
351 | if (bs > 0) r[this.t - ds - 1] |= (this.s & bm) << cbs;
352 | r.t = this.t - ds;
353 | r.clamp();
354 | }
355 |
356 | // (protected) r = this - a
357 |
358 | function bnpSubTo(a, r) {
359 | var i = 0,
360 | c = 0,
361 | m = Math.min(a.t, this.t);
362 | while (i < m) {
363 | c += this[i] - a[i];
364 | r[i++] = c & this.DM;
365 | c >>= this.DB;
366 | }
367 | if (a.t < this.t) {
368 | c -= a.s;
369 | while (i < this.t) {
370 | c += this[i];
371 | r[i++] = c & this.DM;
372 | c >>= this.DB;
373 | }
374 | c += this.s;
375 | }
376 | else {
377 | c += this.s;
378 | while (i < a.t) {
379 | c -= a[i];
380 | r[i++] = c & this.DM;
381 | c >>= this.DB;
382 | }
383 | c -= a.s;
384 | }
385 | r.s = (c < 0) ? -1 : 0;
386 | if (c < -1) r[i++] = this.DV + c;
387 | else if (c > 0) r[i++] = c;
388 | r.t = i;
389 | r.clamp();
390 | }
391 |
392 | // (protected) r = this * a, r != this,a (HAC 14.12)
393 | // "this" should be the larger one if appropriate.
394 |
395 | function bnpMultiplyTo(a, r) {
396 | var x = this.abs(),
397 | y = a.abs();
398 | var i = x.t;
399 | r.t = i + y.t;
400 | while (--i >= 0) r[i] = 0;
401 | for (i = 0; i < y.t; ++i) r[i + x.t] = x.am(0, y[i], r, i, 0, x.t);
402 | r.s = 0;
403 | r.clamp();
404 | if (this.s != a.s) BigInteger.ZERO.subTo(r, r);
405 | }
406 |
407 | // (protected) r = this^2, r != this (HAC 14.16)
408 |
409 | function bnpSquareTo(r) {
410 | var x = this.abs();
411 | var i = r.t = 2 * x.t;
412 | while (--i >= 0) r[i] = 0;
413 | for (i = 0; i < x.t - 1; ++i) {
414 | var c = x.am(i, x[i], r, 2 * i, 0, 1);
415 | if ((r[i + x.t] += x.am(i + 1, 2 * x[i], r, 2 * i + 1, c, x.t - i - 1)) >= x.DV) {
416 | r[i + x.t] -= x.DV;
417 | r[i + x.t + 1] = 1;
418 | }
419 | }
420 | if (r.t > 0) r[r.t - 1] += x.am(i, x[i], r, 2 * i, 0, 1);
421 | r.s = 0;
422 | r.clamp();
423 | }
424 |
425 | // (protected) divide this by m, quotient and remainder to q, r (HAC 14.20)
426 | // r != q, this != m. q or r may be null.
427 |
428 | function bnpDivRemTo(m, q, r) {
429 | var pm = m.abs();
430 | if (pm.t <= 0) return;
431 | var pt = this.abs();
432 | if (pt.t < pm.t) {
433 | if (q != null) q.fromInt(0);
434 | if (r != null) this.copyTo(r);
435 | return;
436 | }
437 | if (r == null) r = nbi();
438 | var y = nbi(),
439 | ts = this.s,
440 | ms = m.s;
441 | var nsh = this.DB - nbits(pm[pm.t - 1]); // normalize modulus
442 | if (nsh > 0) {
443 | pm.lShiftTo(nsh, y);
444 | pt.lShiftTo(nsh, r);
445 | }
446 | else {
447 | pm.copyTo(y);
448 | pt.copyTo(r);
449 | }
450 | var ys = y.t;
451 | var y0 = y[ys - 1];
452 | if (y0 == 0) return;
453 | var yt = y0 * (1 << this.F1) + ((ys > 1) ? y[ys - 2] >> this.F2 : 0);
454 | var d1 = this.FV / yt,
455 | d2 = (1 << this.F1) / yt,
456 | e = 1 << this.F2;
457 | var i = r.t,
458 | j = i - ys,
459 | t = (q == null) ? nbi() : q;
460 | y.dlShiftTo(j, t);
461 | if (r.compareTo(t) >= 0) {
462 | r[r.t++] = 1;
463 | r.subTo(t, r);
464 | }
465 | BigInteger.ONE.dlShiftTo(ys, t);
466 | t.subTo(y, y); // "negative" y so we can replace sub with am later
467 | while (y.t < ys) y[y.t++] = 0;
468 | while (--j >= 0) {
469 | // Estimate quotient digit
470 | var qd = (r[--i] == y0) ? this.DM : Math.floor(r[i] * d1 + (r[i - 1] + e) * d2);
471 | if ((r[i] += y.am(0, qd, r, j, 0, ys)) < qd) { // Try it out
472 | y.dlShiftTo(j, t);
473 | r.subTo(t, r);
474 | while (r[i] < --qd) r.subTo(t, r);
475 | }
476 | }
477 | if (q != null) {
478 | r.drShiftTo(ys, q);
479 | if (ts != ms) BigInteger.ZERO.subTo(q, q);
480 | }
481 | r.t = ys;
482 | r.clamp();
483 | if (nsh > 0) r.rShiftTo(nsh, r); // Denormalize remainder
484 | if (ts < 0) BigInteger.ZERO.subTo(r, r);
485 | }
486 |
487 | // (public) this mod a
488 |
489 | function bnMod(a) {
490 | var r = nbi();
491 | this.abs().divRemTo(a, null, r);
492 | if (this.s < 0 && r.compareTo(BigInteger.ZERO) > 0) a.subTo(r, r);
493 | return r;
494 | }
495 |
496 | // Modular reduction using "classic" algorithm
497 |
498 | function Classic(m) {
499 | this.m = m;
500 | }
501 |
502 | function cConvert(x) {
503 | if (x.s < 0 || x.compareTo(this.m) >= 0) return x.mod(this.m);
504 | else return x;
505 | }
506 |
507 | function cRevert(x) {
508 | return x;
509 | }
510 |
511 | function cReduce(x) {
512 | x.divRemTo(this.m, null, x);
513 | }
514 |
515 | function cMulTo(x, y, r) {
516 | x.multiplyTo(y, r);
517 | this.reduce(r);
518 | }
519 |
520 | function cSqrTo(x, r) {
521 | x.squareTo(r);
522 | this.reduce(r);
523 | }
524 |
525 | Classic.prototype.convert = cConvert;
526 | Classic.prototype.revert = cRevert;
527 | Classic.prototype.reduce = cReduce;
528 | Classic.prototype.mulTo = cMulTo;
529 | Classic.prototype.sqrTo = cSqrTo;
530 |
531 | // (protected) return "-1/this % 2^DB"; useful for Mont. reduction
532 | // justification:
533 | // xy == 1 (mod m)
534 | // xy = 1+km
535 | // xy(2-xy) = (1+km)(1-km)
536 | // x[y(2-xy)] = 1-k^2m^2
537 | // x[y(2-xy)] == 1 (mod m^2)
538 | // if y is 1/x mod m, then y(2-xy) is 1/x mod m^2
539 | // should reduce x and y(2-xy) by m^2 at each step to keep size bounded.
540 | // JS multiply "overflows" differently from C/C++, so care is needed here.
541 |
542 | function bnpInvDigit() {
543 | if (this.t < 1) return 0;
544 | var x = this[0];
545 | if ((x & 1) == 0) return 0;
546 | var y = x & 3; // y == 1/x mod 2^2
547 | y = (y * (2 - (x & 0xf) * y)) & 0xf; // y == 1/x mod 2^4
548 | y = (y * (2 - (x & 0xff) * y)) & 0xff; // y == 1/x mod 2^8
549 | y = (y * (2 - (((x & 0xffff) * y) & 0xffff))) & 0xffff; // y == 1/x mod 2^16
550 | // last step - calculate inverse mod DV directly;
551 | // assumes 16 < DB <= 32 and assumes ability to handle 48-bit ints
552 | y = (y * (2 - x * y % this.DV)) % this.DV; // y == 1/x mod 2^dbits
553 | // we really want the negative inverse, and -DV < y < DV
554 | return (y > 0) ? this.DV - y : -y;
555 | }
556 |
557 | // Montgomery reduction
558 |
559 | function Montgomery(m) {
560 | this.m = m;
561 | this.mp = m.invDigit();
562 | this.mpl = this.mp & 0x7fff;
563 | this.mph = this.mp >> 15;
564 | this.um = (1 << (m.DB - 15)) - 1;
565 | this.mt2 = 2 * m.t;
566 | }
567 |
568 | // xR mod m
569 |
570 | function montConvert(x) {
571 | var r = nbi();
572 | x.abs().dlShiftTo(this.m.t, r);
573 | r.divRemTo(this.m, null, r);
574 | if (x.s < 0 && r.compareTo(BigInteger.ZERO) > 0) this.m.subTo(r, r);
575 | return r;
576 | }
577 |
578 | // x/R mod m
579 |
580 | function montRevert(x) {
581 | var r = nbi();
582 | x.copyTo(r);
583 | this.reduce(r);
584 | return r;
585 | }
586 |
587 | // x = x/R mod m (HAC 14.32)
588 |
589 | function montReduce(x) {
590 | while (x.t <= this.mt2) // pad x so am has enough room later
591 | x[x.t++] = 0;
592 | for (var i = 0; i < this.m.t; ++i) {
593 | // faster way of calculating u0 = x[i]*mp mod DV
594 | var j = x[i] & 0x7fff;
595 | var u0 = (j * this.mpl + (((j * this.mph + (x[i] >> 15) * this.mpl) & this.um) << 15)) & x.DM;
596 | // use am to combine the multiply-shift-add into one call
597 | j = i + this.m.t;
598 | x[j] += this.m.am(0, u0, x, i, 0, this.m.t);
599 | // propagate carry
600 | while (x[j] >= x.DV) {
601 | x[j] -= x.DV;
602 | x[++j]++;
603 | }
604 | }
605 | x.clamp();
606 | x.drShiftTo(this.m.t, x);
607 | if (x.compareTo(this.m) >= 0) x.subTo(this.m, x);
608 | }
609 |
610 | // r = "x^2/R mod m"; x != r
611 |
612 | function montSqrTo(x, r) {
613 | x.squareTo(r);
614 | this.reduce(r);
615 | }
616 |
617 | // r = "xy/R mod m"; x,y != r
618 |
619 | function montMulTo(x, y, r) {
620 | x.multiplyTo(y, r);
621 | this.reduce(r);
622 | }
623 |
624 | Montgomery.prototype.convert = montConvert;
625 | Montgomery.prototype.revert = montRevert;
626 | Montgomery.prototype.reduce = montReduce;
627 | Montgomery.prototype.mulTo = montMulTo;
628 | Montgomery.prototype.sqrTo = montSqrTo;
629 |
630 | // (protected) true iff this is even
631 |
632 | function bnpIsEven() {
633 | return ((this.t > 0) ? (this[0] & 1) : this.s) == 0;
634 | }
635 |
636 | // (protected) this^e, e < 2^32, doing sqr and mul with "r" (HAC 14.79)
637 |
638 | function bnpExp(e, z) {
639 | if (e > 0xffffffff || e < 1) return BigInteger.ONE;
640 | var r = nbi(),
641 | r2 = nbi(),
642 | g = z.convert(this),
643 | i = nbits(e) - 1;
644 | g.copyTo(r);
645 | while (--i >= 0) {
646 | z.sqrTo(r, r2);
647 | if ((e & (1 << i)) > 0) z.mulTo(r2, g, r);
648 | else {
649 | var t = r;
650 | r = r2;
651 | r2 = t;
652 | }
653 | }
654 | return z.revert(r);
655 | }
656 |
657 | // (public) this^e % m, 0 <= e < 2^32
658 |
659 | function bnModPowInt(e, m) {
660 | var z;
661 | if (e < 256 || m.isEven()) z = new Classic(m);
662 | else z = new Montgomery(m);
663 | return this.exp(e, z);
664 | }
665 |
666 | // protected
667 | BigInteger.prototype.copyTo = bnpCopyTo;
668 | BigInteger.prototype.fromInt = bnpFromInt;
669 | BigInteger.prototype.fromString = bnpFromString;
670 | BigInteger.prototype.clamp = bnpClamp;
671 | BigInteger.prototype.dlShiftTo = bnpDLShiftTo;
672 | BigInteger.prototype.drShiftTo = bnpDRShiftTo;
673 | BigInteger.prototype.lShiftTo = bnpLShiftTo;
674 | BigInteger.prototype.rShiftTo = bnpRShiftTo;
675 | BigInteger.prototype.subTo = bnpSubTo;
676 | BigInteger.prototype.multiplyTo = bnpMultiplyTo;
677 | BigInteger.prototype.squareTo = bnpSquareTo;
678 | BigInteger.prototype.divRemTo = bnpDivRemTo;
679 | BigInteger.prototype.invDigit = bnpInvDigit;
680 | BigInteger.prototype.isEven = bnpIsEven;
681 | BigInteger.prototype.exp = bnpExp;
682 |
683 | // public
684 | BigInteger.prototype.toString = bnToString;
685 | BigInteger.prototype.negate = bnNegate;
686 | BigInteger.prototype.abs = bnAbs;
687 | BigInteger.prototype.compareTo = bnCompareTo;
688 | BigInteger.prototype.bitLength = bnBitLength;
689 | BigInteger.prototype.mod = bnMod;
690 | BigInteger.prototype.modPowInt = bnModPowInt;
691 |
692 | // "constants"
693 | BigInteger.ZERO = nbv(0);
694 | BigInteger.ONE = nbv(1);
695 |
696 |
697 | function bnClone() {
698 | var r = nbi();
699 | this.copyTo(r);
700 | return r;
701 | }
702 |
703 | // (public) return value as integer
704 |
705 | function bnIntValue() {
706 | if (this.s < 0) {
707 | if (this.t == 1) return this[0] - this.DV;
708 | else if (this.t == 0) return -1;
709 | }
710 | else if (this.t == 1) return this[0];
711 | else if (this.t == 0) return 0;
712 | // assumes 16 < DB < 32
713 | return ((this[1] & ((1 << (32 - this.DB)) - 1)) << this.DB) | this[0];
714 | }
715 |
716 | // (public) return value as byte
717 |
718 | function bnByteValue() {
719 | return (this.t == 0) ? this.s : (this[0] << 24) >> 24;
720 | }
721 |
722 | // (public) return value as short (assumes DB>=16)
723 |
724 | function bnShortValue() {
725 | return (this.t == 0) ? this.s : (this[0] << 16) >> 16;
726 | }
727 |
728 | // (protected) return x s.t. r^x < DV
729 |
730 | function bnpChunkSize(r) {
731 | return Math.floor(Math.LN2 * this.DB / Math.log(r));
732 | }
733 |
734 | // (public) 0 if this == 0, 1 if this > 0
735 |
736 | function bnSigNum() {
737 | if (this.s < 0) return -1;
738 | else if (this.t <= 0 || (this.t == 1 && this[0] <= 0)) return 0;
739 | else return 1;
740 | }
741 |
742 | // (protected) convert to radix string
743 |
744 | function bnpToRadix(b) {
745 | if (b == null) b = 10;
746 | if (this.signum() == 0 || b < 2 || b > 36) return "0";
747 | var cs = this.chunkSize(b);
748 | var a = Math.pow(b, cs);
749 | var d = nbv(a),
750 | y = nbi(),
751 | z = nbi(),
752 | r = "";
753 | this.divRemTo(d, y, z);
754 | while (y.signum() > 0) {
755 | r = (a + z.intValue()).toString(b).substr(1) + r;
756 | y.divRemTo(d, y, z);
757 | }
758 | return z.intValue().toString(b) + r;
759 | }
760 |
761 | // (protected) convert from radix string
762 |
763 | function bnpFromRadix(s, b) {
764 | this.fromInt(0);
765 | if (b == null) b = 10;
766 | var cs = this.chunkSize(b);
767 | var d = Math.pow(b, cs),
768 | mi = false,
769 | j = 0,
770 | w = 0;
771 | for (var i = 0; i < s.length; ++i) {
772 | var x = intAt(s, i);
773 | if (x < 0) {
774 | if (s.charAt(i) == "-" && this.signum() == 0) mi = true;
775 | continue;
776 | }
777 | w = b * w + x;
778 | if (++j >= cs) {
779 | this.dMultiply(d);
780 | this.dAddOffset(w, 0);
781 | j = 0;
782 | w = 0;
783 | }
784 | }
785 | if (j > 0) {
786 | this.dMultiply(Math.pow(b, j));
787 | this.dAddOffset(w, 0);
788 | }
789 | if (mi) BigInteger.ZERO.subTo(this, this);
790 | }
791 |
792 | // (protected) alternate constructor
793 |
794 | function bnpFromNumber(a, b, c) {
795 | if ("number" == typeof b) {
796 | // new BigInteger(int,int,RNG)
797 | if (a < 2) this.fromInt(1);
798 | else {
799 | this.fromNumber(a, c);
800 | if (!this.testBit(a - 1)) // force MSB set
801 | this.bitwiseTo(BigInteger.ONE.shiftLeft(a - 1), op_or, this);
802 | if (this.isEven()) this.dAddOffset(1, 0); // force odd
803 | while (!this.isProbablePrime(b)) {
804 | this.dAddOffset(2, 0);
805 | if (this.bitLength() > a) this.subTo(BigInteger.ONE.shiftLeft(a - 1), this);
806 | }
807 | }
808 | }
809 | else {
810 | // new BigInteger(int,RNG)
811 | var x = new Array(),
812 | t = a & 7;
813 | x.length = (a >> 3) + 1;
814 | b.nextBytes(x);
815 | if (t > 0) x[0] &= ((1 << t) - 1);
816 | else x[0] = 0;
817 | this.fromString(x, 256);
818 | }
819 | }
820 |
821 | // (public) convert to bigendian byte array
822 |
823 | function bnToByteArray() {
824 | var i = this.t,
825 | r = new Array();
826 | r[0] = this.s;
827 | var p = this.DB - (i * this.DB) % 8,
828 | d, k = 0;
829 | if (i-- > 0) {
830 | if (p < this.DB && (d = this[i] >> p) != (this.s & this.DM) >> p) r[k++] = d | (this.s << (this.DB - p));
831 | while (i >= 0) {
832 | if (p < 8) {
833 | d = (this[i] & ((1 << p) - 1)) << (8 - p);
834 | d |= this[--i] >> (p += this.DB - 8);
835 | }
836 | else {
837 | d = (this[i] >> (p -= 8)) & 0xff;
838 | if (p <= 0) {
839 | p += this.DB;
840 | --i;
841 | }
842 | }
843 | if ((d & 0x80) != 0) d |= -256;
844 | if (k == 0 && (this.s & 0x80) != (d & 0x80))++k;
845 | if (k > 0 || d != this.s) r[k++] = d;
846 | }
847 | }
848 | return r;
849 | }
850 |
851 | function bnEquals(a) {
852 | return (this.compareTo(a) == 0);
853 | }
854 |
855 | function bnMin(a) {
856 | return (this.compareTo(a) < 0) ? this : a;
857 | }
858 |
859 | function bnMax(a) {
860 | return (this.compareTo(a) > 0) ? this : a;
861 | }
862 |
863 | // (protected) r = this op a (bitwise)
864 |
865 | function bnpBitwiseTo(a, op, r) {
866 | var i, f, m = Math.min(a.t, this.t);
867 | for (i = 0; i < m; ++i) r[i] = op(this[i], a[i]);
868 | if (a.t < this.t) {
869 | f = a.s & this.DM;
870 | for (i = m; i < this.t; ++i) r[i] = op(this[i], f);
871 | r.t = this.t;
872 | }
873 | else {
874 | f = this.s & this.DM;
875 | for (i = m; i < a.t; ++i) r[i] = op(f, a[i]);
876 | r.t = a.t;
877 | }
878 | r.s = op(this.s, a.s);
879 | r.clamp();
880 | }
881 |
882 | // (public) this & a
883 |
884 | function op_and(x, y) {
885 | return x & y;
886 | }
887 |
888 | function bnAnd(a) {
889 | var r = nbi();
890 | this.bitwiseTo(a, op_and, r);
891 | return r;
892 | }
893 |
894 | // (public) this | a
895 |
896 | function op_or(x, y) {
897 | return x | y;
898 | }
899 |
900 | function bnOr(a) {
901 | var r = nbi();
902 | this.bitwiseTo(a, op_or, r);
903 | return r;
904 | }
905 |
906 | // (public) this ^ a
907 |
908 | function op_xor(x, y) {
909 | return x ^ y;
910 | }
911 |
912 | function bnXor(a) {
913 | var r = nbi();
914 | this.bitwiseTo(a, op_xor, r);
915 | return r;
916 | }
917 |
918 | // (public) this & ~a
919 |
920 | function op_andnot(x, y) {
921 | return x & ~y;
922 | }
923 |
924 | function bnAndNot(a) {
925 | var r = nbi();
926 | this.bitwiseTo(a, op_andnot, r);
927 | return r;
928 | }
929 |
930 | // (public) ~this
931 |
932 | function bnNot() {
933 | var r = nbi();
934 | for (var i = 0; i < this.t; ++i) r[i] = this.DM & ~this[i];
935 | r.t = this.t;
936 | r.s = ~this.s;
937 | return r;
938 | }
939 |
940 | // (public) this << n
941 |
942 | function bnShiftLeft(n) {
943 | var r = nbi();
944 | if (n < 0) this.rShiftTo(-n, r);
945 | else this.lShiftTo(n, r);
946 | return r;
947 | }
948 |
949 | // (public) this >> n
950 |
951 | function bnShiftRight(n) {
952 | var r = nbi();
953 | if (n < 0) this.lShiftTo(-n, r);
954 | else this.rShiftTo(n, r);
955 | return r;
956 | }
957 |
958 | // return index of lowest 1-bit in x, x < 2^31
959 |
960 | function lbit(x) {
961 | if (x == 0) return -1;
962 | var r = 0;
963 | if ((x & 0xffff) == 0) {
964 | x >>= 16;
965 | r += 16;
966 | }
967 | if ((x & 0xff) == 0) {
968 | x >>= 8;
969 | r += 8;
970 | }
971 | if ((x & 0xf) == 0) {
972 | x >>= 4;
973 | r += 4;
974 | }
975 | if ((x & 3) == 0) {
976 | x >>= 2;
977 | r += 2;
978 | }
979 | if ((x & 1) == 0)++r;
980 | return r;
981 | }
982 |
983 | // (public) returns index of lowest 1-bit (or -1 if none)
984 |
985 | function bnGetLowestSetBit() {
986 | for (var i = 0; i < this.t; ++i)
987 | if (this[i] != 0) return i * this.DB + lbit(this[i]);
988 | if (this.s < 0) return this.t * this.DB;
989 | return -1;
990 | }
991 |
992 | // return number of 1 bits in x
993 |
994 | function cbit(x) {
995 | var r = 0;
996 | while (x != 0) {
997 | x &= x - 1;
998 | ++r;
999 | }
1000 | return r;
1001 | }
1002 |
1003 | // (public) return number of set bits
1004 |
1005 | function bnBitCount() {
1006 | var r = 0,
1007 | x = this.s & this.DM;
1008 | for (var i = 0; i < this.t; ++i) r += cbit(this[i] ^ x);
1009 | return r;
1010 | }
1011 |
1012 | // (public) true iff nth bit is set
1013 |
1014 | function bnTestBit(n) {
1015 | var j = Math.floor(n / this.DB);
1016 | if (j >= this.t) return (this.s != 0);
1017 | return ((this[j] & (1 << (n % this.DB))) != 0);
1018 | }
1019 |
1020 | // (protected) this op (1<>= this.DB;
1056 | }
1057 | if (a.t < this.t) {
1058 | c += a.s;
1059 | while (i < this.t) {
1060 | c += this[i];
1061 | r[i++] = c & this.DM;
1062 | c >>= this.DB;
1063 | }
1064 | c += this.s;
1065 | }
1066 | else {
1067 | c += this.s;
1068 | while (i < a.t) {
1069 | c += a[i];
1070 | r[i++] = c & this.DM;
1071 | c >>= this.DB;
1072 | }
1073 | c += a.s;
1074 | }
1075 | r.s = (c < 0) ? -1 : 0;
1076 | if (c > 0) r[i++] = c;
1077 | else if (c < -1) r[i++] = this.DV + c;
1078 | r.t = i;
1079 | r.clamp();
1080 | }
1081 |
1082 | // (public) this + a
1083 |
1084 | function bnAdd(a) {
1085 | var r = nbi();
1086 | this.addTo(a, r);
1087 | return r;
1088 | }
1089 |
1090 | // (public) this - a
1091 |
1092 | function bnSubtract(a) {
1093 | var r = nbi();
1094 | this.subTo(a, r);
1095 | return r;
1096 | }
1097 |
1098 | // (public) this * a
1099 |
1100 | function bnMultiply(a) {
1101 | var r = nbi();
1102 | this.multiplyTo(a, r);
1103 | return r;
1104 | }
1105 |
1106 | // (public) this^2
1107 |
1108 | function bnSquare() {
1109 | var r = nbi();
1110 | this.squareTo(r);
1111 | return r;
1112 | }
1113 |
1114 | // (public) this / a
1115 |
1116 | function bnDivide(a) {
1117 | var r = nbi();
1118 | this.divRemTo(a, r, null);
1119 | return r;
1120 | }
1121 |
1122 | // (public) this % a
1123 |
1124 | function bnRemainder(a) {
1125 | var r = nbi();
1126 | this.divRemTo(a, null, r);
1127 | return r;
1128 | }
1129 |
1130 | // (public) [this/a,this%a]
1131 |
1132 | function bnDivideAndRemainder(a) {
1133 | var q = nbi(),
1134 | r = nbi();
1135 | this.divRemTo(a, q, r);
1136 | return new Array(q, r);
1137 | }
1138 |
1139 | // (protected) this *= n, this >= 0, 1 < n < DV
1140 |
1141 | function bnpDMultiply(n) {
1142 | this[this.t] = this.am(0, n - 1, this, 0, 0, this.t);
1143 | ++this.t;
1144 | this.clamp();
1145 | }
1146 |
1147 | // (protected) this += n << w words, this >= 0
1148 |
1149 | function bnpDAddOffset(n, w) {
1150 | if (n == 0) return;
1151 | while (this.t <= w) this[this.t++] = 0;
1152 | this[w] += n;
1153 | while (this[w] >= this.DV) {
1154 | this[w] -= this.DV;
1155 | if (++w >= this.t) this[this.t++] = 0;
1156 | ++this[w];
1157 | }
1158 | }
1159 |
1160 | // A "null" reducer
1161 |
1162 | function NullExp() {}
1163 |
1164 | function nNop(x) {
1165 | return x;
1166 | }
1167 |
1168 | function nMulTo(x, y, r) {
1169 | x.multiplyTo(y, r);
1170 | }
1171 |
1172 | function nSqrTo(x, r) {
1173 | x.squareTo(r);
1174 | }
1175 |
1176 | NullExp.prototype.convert = nNop;
1177 | NullExp.prototype.revert = nNop;
1178 | NullExp.prototype.mulTo = nMulTo;
1179 | NullExp.prototype.sqrTo = nSqrTo;
1180 |
1181 | // (public) this^e
1182 |
1183 | function bnPow(e) {
1184 | return this.exp(e, new NullExp());
1185 | }
1186 |
1187 | // (protected) r = lower n words of "this * a", a.t <= n
1188 | // "this" should be the larger one if appropriate.
1189 |
1190 | function bnpMultiplyLowerTo(a, n, r) {
1191 | var i = Math.min(this.t + a.t, n);
1192 | r.s = 0; // assumes a,this >= 0
1193 | r.t = i;
1194 | while (i > 0) r[--i] = 0;
1195 | var j;
1196 | for (j = r.t - this.t; i < j; ++i) r[i + this.t] = this.am(0, a[i], r, i, 0, this.t);
1197 | for (j = Math.min(a.t, n); i < j; ++i) this.am(0, a[i], r, i, 0, n - i);
1198 | r.clamp();
1199 | }
1200 |
1201 | // (protected) r = "this * a" without lower n words, n > 0
1202 | // "this" should be the larger one if appropriate.
1203 |
1204 | function bnpMultiplyUpperTo(a, n, r) {
1205 | --n;
1206 | var i = r.t = this.t + a.t - n;
1207 | r.s = 0; // assumes a,this >= 0
1208 | while (--i >= 0) r[i] = 0;
1209 | for (i = Math.max(n - this.t, 0); i < a.t; ++i)
1210 | r[this.t + i - n] = this.am(n - i, a[i], r, 0, 0, this.t + i - n);
1211 | r.clamp();
1212 | r.drShiftTo(1, r);
1213 | }
1214 |
1215 | // Barrett modular reduction
1216 |
1217 | function Barrett(m) {
1218 | // setup Barrett
1219 | this.r2 = nbi();
1220 | this.q3 = nbi();
1221 | BigInteger.ONE.dlShiftTo(2 * m.t, this.r2);
1222 | this.mu = this.r2.divide(m);
1223 | this.m = m;
1224 | }
1225 |
1226 | function barrettConvert(x) {
1227 | if (x.s < 0 || x.t > 2 * this.m.t) return x.mod(this.m);
1228 | else if (x.compareTo(this.m) < 0) return x;
1229 | else {
1230 | var r = nbi();
1231 | x.copyTo(r);
1232 | this.reduce(r);
1233 | return r;
1234 | }
1235 | }
1236 |
1237 | function barrettRevert(x) {
1238 | return x;
1239 | }
1240 |
1241 | // x = x mod m (HAC 14.42)
1242 |
1243 | function barrettReduce(x) {
1244 | x.drShiftTo(this.m.t - 1, this.r2);
1245 | if (x.t > this.m.t + 1) {
1246 | x.t = this.m.t + 1;
1247 | x.clamp();
1248 | }
1249 | this.mu.multiplyUpperTo(this.r2, this.m.t + 1, this.q3);
1250 | this.m.multiplyLowerTo(this.q3, this.m.t + 1, this.r2);
1251 | while (x.compareTo(this.r2) < 0) x.dAddOffset(1, this.m.t + 1);
1252 | x.subTo(this.r2, x);
1253 | while (x.compareTo(this.m) >= 0) x.subTo(this.m, x);
1254 | }
1255 |
1256 | // r = x^2 mod m; x != r
1257 |
1258 | function barrettSqrTo(x, r) {
1259 | x.squareTo(r);
1260 | this.reduce(r);
1261 | }
1262 |
1263 | // r = x*y mod m; x,y != r
1264 |
1265 | function barrettMulTo(x, y, r) {
1266 | x.multiplyTo(y, r);
1267 | this.reduce(r);
1268 | }
1269 |
1270 | Barrett.prototype.convert = barrettConvert;
1271 | Barrett.prototype.revert = barrettRevert;
1272 | Barrett.prototype.reduce = barrettReduce;
1273 | Barrett.prototype.mulTo = barrettMulTo;
1274 | Barrett.prototype.sqrTo = barrettSqrTo;
1275 |
1276 | // (public) this^e % m (HAC 14.85)
1277 |
1278 | function bnModPow(e, m) {
1279 | var i = e.bitLength(),
1280 | k, r = nbv(1),
1281 | z;
1282 | if (i <= 0) return r;
1283 | else if (i < 18) k = 1;
1284 | else if (i < 48) k = 3;
1285 | else if (i < 144) k = 4;
1286 | else if (i < 768) k = 5;
1287 | else k = 6;
1288 | if (i < 8) z = new Classic(m);
1289 | else if (m.isEven()) z = new Barrett(m);
1290 | else z = new Montgomery(m);
1291 |
1292 | // precomputation
1293 | var g = new Array(),
1294 | n = 3,
1295 | k1 = k - 1,
1296 | km = (1 << k) - 1;
1297 | g[1] = z.convert(this);
1298 | if (k > 1) {
1299 | var g2 = nbi();
1300 | z.sqrTo(g[1], g2);
1301 | while (n <= km) {
1302 | g[n] = nbi();
1303 | z.mulTo(g2, g[n - 2], g[n]);
1304 | n += 2;
1305 | }
1306 | }
1307 |
1308 | var j = e.t - 1,
1309 | w, is1 = true,
1310 | r2 = nbi(),
1311 | t;
1312 | i = nbits(e[j]) - 1;
1313 | while (j >= 0) {
1314 | if (i >= k1) w = (e[j] >> (i - k1)) & km;
1315 | else {
1316 | w = (e[j] & ((1 << (i + 1)) - 1)) << (k1 - i);
1317 | if (j > 0) w |= e[j - 1] >> (this.DB + i - k1);
1318 | }
1319 |
1320 | n = k;
1321 | while ((w & 1) == 0) {
1322 | w >>= 1;
1323 | --n;
1324 | }
1325 | if ((i -= n) < 0) {
1326 | i += this.DB;
1327 | --j;
1328 | }
1329 | if (is1) { // ret == 1, don't bother squaring or multiplying it
1330 | g[w].copyTo(r);
1331 | is1 = false;
1332 | }
1333 | else {
1334 | while (n > 1) {
1335 | z.sqrTo(r, r2);
1336 | z.sqrTo(r2, r);
1337 | n -= 2;
1338 | }
1339 | if (n > 0) z.sqrTo(r, r2);
1340 | else {
1341 | t = r;
1342 | r = r2;
1343 | r2 = t;
1344 | }
1345 | z.mulTo(r2, g[w], r);
1346 | }
1347 |
1348 | while (j >= 0 && (e[j] & (1 << i)) == 0) {
1349 | z.sqrTo(r, r2);
1350 | t = r;
1351 | r = r2;
1352 | r2 = t;
1353 | if (--i < 0) {
1354 | i = this.DB - 1;
1355 | --j;
1356 | }
1357 | }
1358 | }
1359 | return z.revert(r);
1360 | }
1361 |
1362 | // (public) gcd(this,a) (HAC 14.54)
1363 |
1364 | function bnGCD(a) {
1365 | var x = (this.s < 0) ? this.negate() : this.clone();
1366 | var y = (a.s < 0) ? a.negate() : a.clone();
1367 | if (x.compareTo(y) < 0) {
1368 | var t = x;
1369 | x = y;
1370 | y = t;
1371 | }
1372 | var i = x.getLowestSetBit(),
1373 | g = y.getLowestSetBit();
1374 | if (g < 0) return x;
1375 | if (i < g) g = i;
1376 | if (g > 0) {
1377 | x.rShiftTo(g, x);
1378 | y.rShiftTo(g, y);
1379 | }
1380 | while (x.signum() > 0) {
1381 | if ((i = x.getLowestSetBit()) > 0) x.rShiftTo(i, x);
1382 | if ((i = y.getLowestSetBit()) > 0) y.rShiftTo(i, y);
1383 | if (x.compareTo(y) >= 0) {
1384 | x.subTo(y, x);
1385 | x.rShiftTo(1, x);
1386 | }
1387 | else {
1388 | y.subTo(x, y);
1389 | y.rShiftTo(1, y);
1390 | }
1391 | }
1392 | if (g > 0) y.lShiftTo(g, y);
1393 | return y;
1394 | }
1395 |
1396 | // (protected) this % n, n < 2^26
1397 |
1398 | function bnpModInt(n) {
1399 | if (n <= 0) return 0;
1400 | var d = this.DV % n,
1401 | r = (this.s < 0) ? n - 1 : 0;
1402 | if (this.t > 0) if (d == 0) r = this[0] % n;
1403 | else for (var i = this.t - 1; i >= 0; --i) r = (d * r + this[i]) % n;
1404 | return r;
1405 | }
1406 |
1407 | // (public) 1/this % m (HAC 14.61)
1408 |
1409 | function bnModInverse(m) {
1410 | var ac = m.isEven();
1411 | if ((this.isEven() && ac) || m.signum() == 0) return BigInteger.ZERO;
1412 | var u = m.clone(),
1413 | v = this.clone();
1414 | var a = nbv(1),
1415 | b = nbv(0),
1416 | c = nbv(0),
1417 | d = nbv(1);
1418 | while (u.signum() != 0) {
1419 | while (u.isEven()) {
1420 | u.rShiftTo(1, u);
1421 | if (ac) {
1422 | if (!a.isEven() || !b.isEven()) {
1423 | a.addTo(this, a);
1424 | b.subTo(m, b);
1425 | }
1426 | a.rShiftTo(1, a);
1427 | }
1428 | else if (!b.isEven()) b.subTo(m, b);
1429 | b.rShiftTo(1, b);
1430 | }
1431 | while (v.isEven()) {
1432 | v.rShiftTo(1, v);
1433 | if (ac) {
1434 | if (!c.isEven() || !d.isEven()) {
1435 | c.addTo(this, c);
1436 | d.subTo(m, d);
1437 | }
1438 | c.rShiftTo(1, c);
1439 | }
1440 | else if (!d.isEven()) d.subTo(m, d);
1441 | d.rShiftTo(1, d);
1442 | }
1443 | if (u.compareTo(v) >= 0) {
1444 | u.subTo(v, u);
1445 | if (ac) a.subTo(c, a);
1446 | b.subTo(d, b);
1447 | }
1448 | else {
1449 | v.subTo(u, v);
1450 | if (ac) c.subTo(a, c);
1451 | d.subTo(b, d);
1452 | }
1453 | }
1454 | if (v.compareTo(BigInteger.ONE) != 0) return BigInteger.ZERO;
1455 | if (d.compareTo(m) >= 0) return d.subtract(m);
1456 | if (d.signum() < 0) d.addTo(m, d);
1457 | else return d;
1458 | if (d.signum() < 0) return d.add(m);
1459 | else return d;
1460 | }
1461 |
1462 | var lowprimes = [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, 509, 521, 523, 541, 547, 557, 563, 569, 571, 577, 587, 593, 599, 601, 607, 613, 617, 619, 631, 641, 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, 709, 719, 727, 733, 739, 743, 751, 757, 761, 769, 773, 787, 797, 809, 811, 821, 823, 827, 829, 839, 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, 991, 997];
1463 | var lplim = (1 << 26) / lowprimes[lowprimes.length - 1];
1464 |
1465 | // (public) test primality with certainty >= 1-.5^t
1466 |
1467 | function bnIsProbablePrime(t) {
1468 | var i, x = this.abs();
1469 | if (x.t == 1 && x[0] <= lowprimes[lowprimes.length - 1]) {
1470 | for (i = 0; i < lowprimes.length; ++i)
1471 | if (x[0] == lowprimes[i]) return true;
1472 | return false;
1473 | }
1474 | if (x.isEven()) return false;
1475 | i = 1;
1476 | while (i < lowprimes.length) {
1477 | var m = lowprimes[i],
1478 | j = i + 1;
1479 | while (j < lowprimes.length && m < lplim) m *= lowprimes[j++];
1480 | m = x.modInt(m);
1481 | while (i < j) if (m % lowprimes[i++] == 0) return false;
1482 | }
1483 | return x.millerRabin(t);
1484 | }
1485 |
1486 | // (protected) true if probably prime (HAC 4.24, Miller-Rabin)
1487 |
1488 | function bnpMillerRabin(t) {
1489 | var n1 = this.subtract(BigInteger.ONE);
1490 | var k = n1.getLowestSetBit();
1491 | if (k <= 0) return false;
1492 | var r = n1.shiftRight(k);
1493 | t = (t + 1) >> 1;
1494 | if (t > lowprimes.length) t = lowprimes.length;
1495 | var a = nbi();
1496 | for (var i = 0; i < t; ++i) {
1497 | //Pick bases at random, instead of starting at 2
1498 | a.fromInt(lowprimes[Math.floor(Math.random() * lowprimes.length)]);
1499 | var y = a.modPow(r, this);
1500 | if (y.compareTo(BigInteger.ONE) != 0 && y.compareTo(n1) != 0) {
1501 | var j = 1;
1502 | while (j++ < k && y.compareTo(n1) != 0) {
1503 | y = y.modPowInt(2, this);
1504 | if (y.compareTo(BigInteger.ONE) == 0) return false;
1505 | }
1506 | if (y.compareTo(n1) != 0) return false;
1507 | }
1508 | }
1509 | return true;
1510 | }
1511 |
1512 | // protected
1513 | BigInteger.prototype.chunkSize = bnpChunkSize;
1514 | BigInteger.prototype.toRadix = bnpToRadix;
1515 | BigInteger.prototype.fromRadix = bnpFromRadix;
1516 | BigInteger.prototype.fromNumber = bnpFromNumber;
1517 | BigInteger.prototype.bitwiseTo = bnpBitwiseTo;
1518 | BigInteger.prototype.changeBit = bnpChangeBit;
1519 | BigInteger.prototype.addTo = bnpAddTo;
1520 | BigInteger.prototype.dMultiply = bnpDMultiply;
1521 | BigInteger.prototype.dAddOffset = bnpDAddOffset;
1522 | BigInteger.prototype.multiplyLowerTo = bnpMultiplyLowerTo;
1523 | BigInteger.prototype.multiplyUpperTo = bnpMultiplyUpperTo;
1524 | BigInteger.prototype.modInt = bnpModInt;
1525 | BigInteger.prototype.millerRabin = bnpMillerRabin;
1526 |
1527 | // public
1528 | BigInteger.prototype.clone = bnClone;
1529 | BigInteger.prototype.intValue = bnIntValue;
1530 | BigInteger.prototype.byteValue = bnByteValue;
1531 | BigInteger.prototype.shortValue = bnShortValue;
1532 | BigInteger.prototype.signum = bnSigNum;
1533 | BigInteger.prototype.toByteArray = bnToByteArray;
1534 | BigInteger.prototype.equals = bnEquals;
1535 | BigInteger.prototype.min = bnMin;
1536 | BigInteger.prototype.max = bnMax;
1537 | BigInteger.prototype.and = bnAnd;
1538 | BigInteger.prototype.or = bnOr;
1539 | BigInteger.prototype.xor = bnXor;
1540 | BigInteger.prototype.andNot = bnAndNot;
1541 | BigInteger.prototype.not = bnNot;
1542 | BigInteger.prototype.shiftLeft = bnShiftLeft;
1543 | BigInteger.prototype.shiftRight = bnShiftRight;
1544 | BigInteger.prototype.getLowestSetBit = bnGetLowestSetBit;
1545 | BigInteger.prototype.bitCount = bnBitCount;
1546 | BigInteger.prototype.testBit = bnTestBit;
1547 | BigInteger.prototype.setBit = bnSetBit;
1548 | BigInteger.prototype.clearBit = bnClearBit;
1549 | BigInteger.prototype.flipBit = bnFlipBit;
1550 | BigInteger.prototype.add = bnAdd;
1551 | BigInteger.prototype.subtract = bnSubtract;
1552 | BigInteger.prototype.multiply = bnMultiply;
1553 | BigInteger.prototype.divide = bnDivide;
1554 | BigInteger.prototype.remainder = bnRemainder;
1555 | BigInteger.prototype.divideAndRemainder = bnDivideAndRemainder;
1556 | BigInteger.prototype.modPow = bnModPow;
1557 | BigInteger.prototype.modInverse = bnModInverse;
1558 | BigInteger.prototype.pow = bnPow;
1559 | BigInteger.prototype.gcd = bnGCD;
1560 | BigInteger.prototype.isProbablePrime = bnIsProbablePrime;
1561 |
1562 | // JSBN-specific extension
1563 | BigInteger.prototype.square = bnSquare;
1564 |
1565 |
1566 |
1567 |
1568 |
1569 |
1570 |
1571 |
1572 |
1573 |
1574 |
1575 |
1576 |
1577 |
1578 |
1579 |
1580 |
1581 |
1582 |
1583 |
--------------------------------------------------------------------------------
/random.js:
--------------------------------------------------------------------------------
1 | // seedrandom.js version 2.0.
2 | // Author: David Bau 4/2/2011
3 | //
4 | // Defines a method Math.seedrandom() that, when called, substitutes
5 | // an explicitly seeded RC4-based algorithm for Math.random(). Also
6 | // supports automatic seeding from local or network sources of entropy.
7 | //
8 | // Usage:
9 | //
10 | //
11 | //
12 | // Math.seedrandom('yipee'); Sets Math.random to a function that is
13 | // initialized using the given explicit seed.
14 | //
15 | // Math.seedrandom(); Sets Math.random to a function that is
16 | // seeded using the current time, dom state,
17 | // and other accumulated local entropy.
18 | // The generated seed string is returned.
19 | //
20 | // Math.seedrandom('yowza', true);
21 | // Seeds using the given explicit seed mixed
22 | // together with accumulated entropy.
23 | //
24 | //
25 | // Seeds using physical random bits downloaded
26 | // from random.org.
27 | //
28 | // Seeds using urandom bits from call.jsonlib.com,
30 | // which is faster than random.org.
31 | //
32 | // Examples:
33 | //
34 | // Math.seedrandom("hello"); // Use "hello" as the seed.
35 | // document.write(Math.random()); // Always 0.5463663768140734
36 | // document.write(Math.random()); // Always 0.43973793770592234
37 | // var rng1 = Math.random; // Remember the current prng.
38 | //
39 | // var autoseed = Math.seedrandom(); // New prng with an automatic seed.
40 | // document.write(Math.random()); // Pretty much unpredictable.
41 | //
42 | // Math.random = rng1; // Continue "hello" prng sequence.
43 | // document.write(Math.random()); // Always 0.554769432473455
44 | //
45 | // Math.seedrandom(autoseed); // Restart at the previous seed.
46 | // document.write(Math.random()); // Repeat the 'unpredictable' value.
47 | //
48 | // Notes:
49 | //
50 | // Each time seedrandom('arg') is called, entropy from the passed seed
51 | // is accumulated in a pool to help generate future seeds for the
52 | // zero-argument form of Math.seedrandom, so entropy can be injected over
53 | // time by calling seedrandom with explicit data repeatedly.
54 | //
55 | // On speed - This javascript implementation of Math.random() is about
56 | // 3-10x slower than the built-in Math.random() because it is not native
57 | // code, but this is typically fast enough anyway. Seeding is more expensive,
58 | // especially if you use auto-seeding. Some details (timings on Chrome 4):
59 | //
60 | // Our Math.random() - avg less than 0.002 milliseconds per call
61 | // seedrandom('explicit') - avg less than 0.5 milliseconds per call
62 | // seedrandom('explicit', true) - avg less than 2 milliseconds per call
63 | // seedrandom() - avg about 38 milliseconds per call
64 | //
65 | // LICENSE (BSD):
66 | //
67 | // Copyright 2010 David Bau, all rights reserved.
68 | //
69 | // Redistribution and use in source and binary forms, with or without
70 | // modification, are permitted provided that the following conditions are met:
71 | //
72 | // 1. Redistributions of source code must retain the above copyright
73 | // notice, this list of conditions and the following disclaimer.
74 | //
75 | // 2. Redistributions in binary form must reproduce the above copyright
76 | // notice, this list of conditions and the following disclaimer in the
77 | // documentation and/or other materials provided with the distribution.
78 | //
79 | // 3. Neither the name of this module nor the names of its contributors may
80 | // be used to endorse or promote products derived from this software
81 | // without specific prior written permission.
82 | //
83 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
84 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
85 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
86 | // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
87 | // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
88 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
89 | // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
90 | // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
91 | // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
92 | // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
93 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
94 | //
95 | /**
96 | * All code is in an anonymous closure to keep the global namespace clean.
97 | *
98 | * @param {number=} overflow
99 | * @param {number=} startdenom
100 | */
101 | (function (pool, math, width, chunks, significance, overflow, startdenom)
102 | {
103 |
104 |
105 | //
106 | // seedrandom()
107 | // This is the seedrandom function described above.
108 | //
109 | math['seedrandom'] = function seedrandom(seed, use_entropy)
110 | {
111 | var key = [];
112 | var arc4;
113 |
114 | // Flatten the seed string or build one from local entropy if needed.
115 | seed = mixkey(flatten(
116 | use_entropy ? [seed, pool] : arguments.length ? seed : [new Date().getTime(), pool, window], 3), key);
117 |
118 | // Use the seed to initialize an ARC4 generator.
119 | arc4 = new ARC4(key);
120 |
121 | // Mix the randomness into accumulated entropy.
122 | mixkey(arc4.S, pool);
123 |
124 | // Override Math.random
125 | // This function returns a random double in [0, 1) that contains
126 | // randomness in every bit of the mantissa of the IEEE 754 value.
127 | math['random'] = function random()
128 | { // Closure to return a random double:
129 | var n = arc4.g(chunks); // Start with a numerator n < 2 ^ 48
130 | var d = startdenom; // and denominator d = 2 ^ 48.
131 | var x = 0; // and no 'extra last byte'.
132 | while (n < significance)
133 | { // Fill up all significant digits by
134 | n = (n + x) * width; // shifting numerator and
135 | d *= width; // denominator and generating a
136 | x = arc4.g(1); // new least-significant-byte.
137 | }
138 | while (n >= overflow)
139 | { // To avoid rounding up, before adding
140 | n /= 2; // last byte, shift everything
141 | d /= 2; // right using integer math until
142 | x >>>= 1; // we have exactly the desired bits.
143 | }
144 | return (n + x) / d; // Form the number within [0, 1).
145 | };
146 |
147 | // Return the seed that was used
148 | return seed;
149 | };
150 |
151 | //
152 | // ARC4
153 | //
154 | // An ARC4 implementation. The constructor takes a key in the form of
155 | // an array of at most (width) integers that should be 0 <= x < (width).
156 | //
157 | // The g(count) method returns a pseudorandom integer that concatenates
158 | // the next (count) outputs from ARC4. Its return value is a number x
159 | // that is in the range 0 <= x < (width ^ count).
160 | //
161 | /** @constructor */
162 |
163 | function ARC4(key)
164 | {
165 | var t, u, me = this,
166 | keylen = key.length;
167 | var i = 0,
168 | j = me.i = me.j = me.m = 0;
169 | me.S = [];
170 | me.c = [];
171 |
172 | // The empty key [] is treated as [0].
173 | if (!keylen)
174 | {
175 | key = [keylen++];
176 | }
177 |
178 | // Set up S using the standard key scheduling algorithm.
179 | while (i < width)
180 | {
181 | me.S[i] = i++;
182 | }
183 | for (i = 0; i < width; i++)
184 | {
185 | t = me.S[i];
186 | j = lowbits(j + t + key[i % keylen]);
187 | u = me.S[j];
188 | me.S[i] = u;
189 | me.S[j] = t;
190 | }
191 |
192 | // The "g" method returns the next (count) outputs as one number.
193 | me.g = function getnext(count)
194 | {
195 | var s = me.S;
196 | var i = lowbits(me.i + 1);
197 | var t = s[i];
198 | var j = lowbits(me.j + t);
199 | var u = s[j];
200 | s[i] = u;
201 | s[j] = t;
202 | var r = s[lowbits(t + u)];
203 | while (--count)
204 | {
205 | i = lowbits(i + 1);
206 | t = s[i];
207 | j = lowbits(j + t);
208 | u = s[j];
209 | s[i] = u;
210 | s[j] = t;
211 | r = r * width + s[lowbits(t + u)];
212 | }
213 | me.i = i;
214 | me.j = j;
215 | return r;
216 | };
217 | // For robust unpredictability discard an initial batch of values.
218 | // See http://www.rsa.com/rsalabs/node.asp?id=2009
219 | me.g(width);
220 | }
221 |
222 | //
223 | // flatten()
224 | // Converts an object tree to nested arrays of strings.
225 | //
226 | /** @param {Object=} result
227 | * @param {string=} prop
228 | * @param {string=} typ */
229 |
230 | function flatten(obj, depth, result, prop, typ)
231 | {
232 | result = [];
233 | typ = typeof (obj);
234 | if (depth && typ == 'object')
235 | {
236 | for (prop in obj)
237 | {
238 | if (prop.indexOf('S') < 5)
239 | { // Avoid FF3 bug (local/sessionStorage)
240 | try
241 | {
242 | result.push(flatten(obj[prop], depth - 1));
243 | }
244 | catch (e)
245 | {}
246 | }
247 | }
248 | }
249 | return (result.length ? result : obj + (typ != 'string' ? '\0' : ''));
250 | }
251 |
252 | //
253 | // mixkey()
254 | // Mixes a string seed into a key that is an array of integers, and
255 | // returns a shortened string seed that is equivalent to the result key.
256 | //
257 | /** @param {number=} smear
258 | * @param {number=} j */
259 |
260 | function mixkey(seed, key, smear, j)
261 | {
262 | seed += ''; // Ensure the seed is a string
263 | smear = 0;
264 | for (j = 0; j < seed.length; j++)
265 | {
266 | key[lowbits(j)] = lowbits((smear ^= key[lowbits(j)] * 19) + seed.charCodeAt(j));
267 | }
268 | seed = '';
269 | for (j in key)
270 | {
271 | seed += String.fromCharCode(key[j]);
272 | }
273 | return seed;
274 | }
275 |
276 | //
277 | // lowbits()
278 | // A quick "n mod width" for width a power of 2.
279 | //
280 |
281 |
282 | function lowbits(n)
283 | {
284 | return n & (width - 1);
285 | }
286 |
287 | //
288 | // The following constants are related to IEEE 754 limits.
289 | //
290 | startdenom = math.pow(width, chunks);
291 | significance = math.pow(2, significance);
292 | overflow = significance * 2;
293 |
294 | //
295 | // When seedrandom.js is loaded, we immediately mix a few bits
296 | // from the built-in RNG into the entropy pool. Because we do
297 | // not want to intefere with determinstic PRNG state later,
298 | // seedrandom will not call math.random on its own again after
299 | // initialization.
300 | //
301 | mixkey(math.random(), pool);
302 |
303 | // End anonymous scope, and pass initial values.
304 | })([], // pool: entropy pool starts empty
305 | Math, // math: package containing random, pow, and seedrandom
306 | 256, // width: each RC4 output is 0 <= x < 256
307 | 6, // chunks: at least six RC4 outputs for each double
308 | 52 // significance: there are 52 significant digits in a double
309 | );
310 |
311 |
312 | // This is not really a random number generator object, and two SeededRandom
313 | // objects will conflict with one another, but it's good enough for generating
314 | // the rsa key.
315 | function SeededRandom(){}
316 |
317 | function SRnextBytes(ba)
318 | {
319 | var i;
320 | for(i = 0; i < ba.length; i++)
321 | {
322 | ba[i] = Math.floor(Math.random() * 256);
323 | }
324 | }
325 |
326 | SeededRandom.prototype.nextBytes = SRnextBytes;
327 |
328 | // prng4.js - uses Arcfour as a PRNG
329 |
330 | function Arcfour() {
331 | this.i = 0;
332 | this.j = 0;
333 | this.S = new Array();
334 | }
335 |
336 | // Initialize arcfour context from key, an array of ints, each from [0..255]
337 | function ARC4init(key) {
338 | var i, j, t;
339 | for(i = 0; i < 256; ++i)
340 | this.S[i] = i;
341 | j = 0;
342 | for(i = 0; i < 256; ++i) {
343 | j = (j + this.S[i] + key[i % key.length]) & 255;
344 | t = this.S[i];
345 | this.S[i] = this.S[j];
346 | this.S[j] = t;
347 | }
348 | this.i = 0;
349 | this.j = 0;
350 | }
351 |
352 | function ARC4next() {
353 | var t;
354 | this.i = (this.i + 1) & 255;
355 | this.j = (this.j + this.S[this.i]) & 255;
356 | t = this.S[this.i];
357 | this.S[this.i] = this.S[this.j];
358 | this.S[this.j] = t;
359 | return this.S[(t + this.S[this.i]) & 255];
360 | }
361 |
362 | Arcfour.prototype.init = ARC4init;
363 | Arcfour.prototype.next = ARC4next;
364 |
365 | // Plug in your RNG constructor here
366 | function prng_newstate() {
367 | return new Arcfour();
368 | }
369 |
370 | // Pool size must be a multiple of 4 and greater than 32.
371 | // An array of bytes the size of the pool will be passed to init()
372 | var rng_psize = 256;
373 |
374 | // Random number generator - requires a PRNG backend, e.g. prng4.js
375 |
376 | // For best results, put code like
377 | //
378 | // in your main HTML document.
379 |
380 | var rng_state;
381 | var rng_pool;
382 | var rng_pptr;
383 |
384 | // Mix in a 32-bit integer into the pool
385 | function rng_seed_int(x) {
386 | rng_pool[rng_pptr++] ^= x & 255;
387 | rng_pool[rng_pptr++] ^= (x >> 8) & 255;
388 | rng_pool[rng_pptr++] ^= (x >> 16) & 255;
389 | rng_pool[rng_pptr++] ^= (x >> 24) & 255;
390 | if(rng_pptr >= rng_psize) rng_pptr -= rng_psize;
391 | }
392 |
393 | // Mix in the current time (w/milliseconds) into the pool
394 | function rng_seed_time() {
395 | rng_seed_int(new Date().getTime());
396 | }
397 |
398 | // Initialize the pool with junk if needed.
399 | if(rng_pool == null) {
400 | rng_pool = new Array();
401 | rng_pptr = 0;
402 | var t;
403 | if(navigator.appName == "Netscape" && navigator.appVersion < "5" && window.crypto) {
404 | // Extract entropy (256 bits) from NS4 RNG if available
405 | var z = window.crypto.random(32);
406 | for(t = 0; t < z.length; ++t)
407 | rng_pool[rng_pptr++] = z.charCodeAt(t) & 255;
408 | }
409 | while(rng_pptr < rng_psize) { // extract some randomness from Math.random()
410 | t = Math.floor(65536 * Math.random());
411 | rng_pool[rng_pptr++] = t >>> 8;
412 | rng_pool[rng_pptr++] = t & 255;
413 | }
414 | rng_pptr = 0;
415 | rng_seed_time();
416 | //rng_seed_int(window.screenX);
417 | //rng_seed_int(window.screenY);
418 | }
419 |
420 | function rng_get_byte() {
421 | if(rng_state == null) {
422 | rng_seed_time();
423 | rng_state = prng_newstate();
424 | rng_state.init(rng_pool);
425 | for(rng_pptr = 0; rng_pptr < rng_pool.length; ++rng_pptr)
426 | rng_pool[rng_pptr] = 0;
427 | rng_pptr = 0;
428 | //rng_pool = null;
429 | }
430 | // TODO: allow reseeding after first request
431 | return rng_state.next();
432 | }
433 |
434 | function rng_get_bytes(ba) {
435 | var i;
436 | for(i = 0; i < ba.length; ++i) ba[i] = rng_get_byte();
437 | }
438 |
439 | function SecureRandom() {}
440 |
441 | SecureRandom.prototype.nextBytes = rng_get_bytes;
442 |
443 |
444 |
445 |
446 |
447 |
448 |
--------------------------------------------------------------------------------
/rsa.js:
--------------------------------------------------------------------------------
1 | // Depends on jsbn.js and rng.js
2 | // Version 1.1: support utf-8 encoding in pkcs1pad2
3 | // convert a (hex) string to a bignum object
4 |
5 |
6 | function parseBigInt(str, r)
7 | {
8 | return new BigInteger(str, r);
9 | }
10 |
11 | function linebrk(s, n)
12 | {
13 | var ret = "";
14 | var i = 0;
15 | while (i + n < s.length)
16 | {
17 | ret += s.substring(i, i + n) + "\n";
18 | i += n;
19 | }
20 | return ret + s.substring(i, s.length);
21 | }
22 |
23 | function byte2Hex(b)
24 | {
25 | if (b < 0x10) return "0" + b.toString(16);
26 | else return b.toString(16);
27 | }
28 |
29 | // PKCS#1 (type 2, random) pad input string s to n bytes, and return a bigint
30 |
31 |
32 | function pkcs1pad2(s, n)
33 | {
34 | if (n < s.length + 11)
35 | { // TODO: fix for utf-8
36 | //alert("Message too long for RSA (n=" + n + ", l=" + s.length + ")");
37 | //return null;
38 | throw "Message too long for RSA (n=" + n + ", l=" + s.length + ")";
39 | }
40 | var ba = new Array();
41 | var i = s.length - 1;
42 | while (i >= 0 && n > 0)
43 | {
44 | var c = s.charCodeAt(i--);
45 | if (c < 128)
46 | { // encode using utf-8
47 | ba[--n] = c;
48 | }
49 | else if ((c > 127) && (c < 2048))
50 | {
51 | ba[--n] = (c & 63) | 128;
52 | ba[--n] = (c >> 6) | 192;
53 | }
54 | else
55 | {
56 | ba[--n] = (c & 63) | 128;
57 | ba[--n] = ((c >> 6) & 63) | 128;
58 | ba[--n] = (c >> 12) | 224;
59 | }
60 | }
61 | ba[--n] = 0;
62 | var rng = new SecureRandom();
63 | var x = new Array();
64 | while (n > 2)
65 | { // random non-zero pad
66 | x[0] = 0;
67 | while (x[0] == 0) rng.nextBytes(x);
68 | ba[--n] = x[0];
69 | }
70 | ba[--n] = 2;
71 | ba[--n] = 0;
72 | return new BigInteger(ba);
73 | }
74 |
75 | // "empty" RSA key constructor
76 |
77 |
78 | function RSAKey()
79 | {
80 | this.n = null;
81 | this.e = 0;
82 | this.d = null;
83 | this.p = null;
84 | this.q = null;
85 | this.dmp1 = null;
86 | this.dmq1 = null;
87 | this.coeff = null;
88 | }
89 | // Set the public key fields N and e from hex strings
90 |
91 |
92 | function RSASetPublic(N, E)
93 | {
94 | if (N != null && E != null && N.length > 0 && E.length > 0)
95 | {
96 | this.n = parseBigInt(N, 16);
97 | this.e = parseInt(E, 16);
98 | }
99 | else alert("Invalid RSA public key");
100 | }
101 |
102 | // Perform raw public operation on "x": return x^e (mod n)
103 |
104 |
105 | function RSADoPublic(x)
106 | {
107 | return x.modPowInt(this.e, this.n);
108 | }
109 |
110 | // Return the PKCS#1 RSA encryption of "text" as an even-length hex string
111 |
112 |
113 | function RSAEncrypt(text)
114 | {
115 | var m = pkcs1pad2(text, (this.n.bitLength() + 7) >> 3);
116 | if (m == null) return null;
117 | var c = this.doPublic(m);
118 | if (c == null) return null;
119 | var h = c.toString(16);
120 | if ((h.length & 1) == 0) return h;
121 | else return "0" + h;
122 | }
123 |
124 | // Return the PKCS#1 RSA encryption of "text" as a Base64-encoded string
125 | //function RSAEncryptB64(text) {
126 | // var h = this.encrypt(text);
127 | // if(h) return hex2b64(h); else return null;
128 | //}
129 | // protected
130 | RSAKey.prototype.doPublic = RSADoPublic;
131 |
132 | // public
133 | RSAKey.prototype.setPublic = RSASetPublic;
134 | RSAKey.prototype.encrypt = RSAEncrypt;
135 |
136 | // Version 1.1: support utf-8 decoding in pkcs1unpad2
137 | // Undo PKCS#1 (type 2, random) padding and, if valid, return the plaintext
138 |
139 | function pkcs1unpad2(d, n)
140 | {
141 | var b = d.toByteArray();
142 | var i = 0;
143 | while (i < b.length && b[i] == 0)++i;
144 | if (b.length - i != n - 1 || b[i] != 2) return null;
145 | ++i;
146 | while (b[i] != 0)
147 | if (++i >= b.length) return null;
148 | var ret = "";
149 | while (++i < b.length)
150 | {
151 | var c = b[i] & 255;
152 | if (c < 128)
153 | { // utf-8 decode
154 | ret += String.fromCharCode(c);
155 | }
156 | else if ((c > 191) && (c < 224))
157 | {
158 | ret += String.fromCharCode(((c & 31) << 6) | (b[i + 1] & 63));
159 | ++i;
160 | }
161 | else
162 | {
163 | ret += String.fromCharCode(((c & 15) << 12) | ((b[i + 1] & 63) << 6) | (b[i + 2] & 63));
164 | i += 2;
165 | }
166 | }
167 | return ret;
168 | }
169 |
170 | // Set the private key fields N, e, and d from hex strings
171 | function RSASetPrivate(N, E, D)
172 | {
173 | if (N != null && E != null && N.length > 0 && E.length > 0)
174 | {
175 | this.n = parseBigInt(N, 16);
176 | this.e = parseInt(E, 16);
177 | this.d = parseBigInt(D, 16);
178 | }
179 | else alert("Invalid RSA private key");
180 | }
181 |
182 | // Set the private key fields N, e, d and CRT params from hex strings
183 | function RSASetPrivateEx(N, E, D, P, Q, DP, DQ, C)
184 | {
185 | if (N != null && E != null && N.length > 0 && E.length > 0)
186 | {
187 | this.n = parseBigInt(N, 16);
188 | this.e = parseInt(E, 16);
189 | this.d = parseBigInt(D, 16);
190 | this.p = parseBigInt(P, 16);
191 | this.q = parseBigInt(Q, 16);
192 | this.dmp1 = parseBigInt(DP, 16);
193 | this.dmq1 = parseBigInt(DQ, 16);
194 | this.coeff = parseBigInt(C, 16);
195 | }
196 | else alert("Invalid RSA private key");
197 | }
198 |
199 | // Generate a new random private key B bits long, using public expt E
200 | function RSAGenerate(B, E)
201 | {
202 | var rng = new SeededRandom();
203 | var qs = B >> 1;
204 | this.e = parseInt(E, 16);
205 | var ee = new BigInteger(E, 16);
206 | for (;;)
207 | {
208 | for (;;)
209 | {
210 | this.p = new BigInteger(B - qs, 1, rng);
211 | if (this.p.subtract(BigInteger.ONE).gcd(ee).compareTo(BigInteger.ONE) == 0 && this.p.isProbablePrime(10)) break;
212 | }
213 | for (;;)
214 | {
215 | this.q = new BigInteger(qs, 1, rng);
216 | if (this.q.subtract(BigInteger.ONE).gcd(ee).compareTo(BigInteger.ONE) == 0 && this.q.isProbablePrime(10)) break;
217 | }
218 | if (this.p.compareTo(this.q) <= 0)
219 | {
220 | var t = this.p;
221 | this.p = this.q;
222 | this.q = t;
223 | }
224 | var p1 = this.p.subtract(BigInteger.ONE);
225 | var q1 = this.q.subtract(BigInteger.ONE);
226 | var phi = p1.multiply(q1);
227 | if (phi.gcd(ee).compareTo(BigInteger.ONE) == 0)
228 | {
229 | this.n = this.p.multiply(this.q);
230 | this.d = ee.modInverse(phi);
231 | this.dmp1 = this.d.mod(p1);
232 | this.dmq1 = this.d.mod(q1);
233 | this.coeff = this.q.modInverse(this.p);
234 | break;
235 | }
236 | }
237 | }
238 |
239 | // Perform raw private operation on "x": return x^d (mod n)
240 | function RSADoPrivate(x)
241 | {
242 | if (this.p == null || this.q == null) return x.modPow(this.d, this.n);
243 | // TODO: re-calculate any missing CRT params
244 | var xp = x.mod(this.p).modPow(this.dmp1, this.p);
245 | var xq = x.mod(this.q).modPow(this.dmq1, this.q);
246 | while (xp.compareTo(xq) < 0)
247 | xp = xp.add(this.p);
248 | return xp.subtract(xq).multiply(this.coeff).mod(this.p).multiply(this.q).add(xq);
249 | }
250 |
251 | // Return the PKCS#1 RSA decryption of "ctext".
252 | // "ctext" is an even-length hex string and the output is a plain string.
253 | function RSADecrypt(ctext)
254 | {
255 | var c = parseBigInt(ctext, 16);
256 | var m = this.doPrivate(c);
257 | if (m == null) return null;
258 | return pkcs1unpad2(m, (this.n.bitLength() + 7) >> 3);
259 | }
260 |
261 | // protected
262 | RSAKey.prototype.doPrivate = RSADoPrivate;
263 |
264 | // public
265 | RSAKey.prototype.setPrivate = RSASetPrivate;
266 | RSAKey.prototype.setPrivateEx = RSASetPrivateEx;
267 | RSAKey.prototype.generate = RSAGenerate;
268 | RSAKey.prototype.decrypt = RSADecrypt;
269 |
270 |
271 | //
272 | // rsa-sign.js - adding signing functions to RSAKey class.
273 | //
274 | //
275 | // version: 1.0 (2010-Jun-03)
276 | //
277 | // Copyright (c) 2010 Kenji Urushima (kenji.urushima@gmail.com)
278 | //
279 | // This software is licensed under the terms of the MIT License.
280 | // http://www.opensource.org/licenses/mit-license.php
281 | //
282 | // The above copyright and license notice shall be
283 | // included in all copies or substantial portions of the Software.
284 | //
285 | // Depends on:
286 | // function sha1.hex(s) of sha1.js
287 | // jsbn.js
288 | // jsbn2.js
289 | // rsa.js
290 | // rsa2.js
291 | //
292 | // keysize / pmstrlen
293 | // 512 / 128
294 | // 1024 / 256
295 | // 2048 / 512
296 | // 4096 / 1024
297 | // As for _RSASGIN_DIHEAD values for each hash algorithm, see PKCS#1 v2.1 spec (p38).
298 | var _RSASIGN_DIHEAD = [];
299 | _RSASIGN_DIHEAD['sha1'] = "3021300906052b0e03021a05000414";
300 | _RSASIGN_DIHEAD['sha256'] = "3031300d060960864801650304020105000420";
301 | //_RSASIGN_DIHEAD['md2'] = "3020300c06082a864886f70d020205000410";
302 | //_RSASIGN_DIHEAD['md5'] = "3020300c06082a864886f70d020505000410";
303 | //_RSASIGN_DIHEAD['sha384'] = "3041300d060960864801650304020205000430";
304 | //_RSASIGN_DIHEAD['sha512'] = "3051300d060960864801650304020305000440";
305 | var _RSASIGN_HASHHEXFUNC = [];
306 | _RSASIGN_HASHHEXFUNC['sha1'] = sha1.hex;
307 | _RSASIGN_HASHHEXFUNC['sha256'] = sha256.hex;
308 |
309 | // ========================================================================
310 | // Signature Generation
311 | // ========================================================================
312 |
313 | function _rsasign_getHexPaddedDigestInfoForString(s, keySize, hashAlg)
314 | {
315 | var pmStrLen = keySize / 4;
316 | var hashFunc = _RSASIGN_HASHHEXFUNC[hashAlg];
317 | var sHashHex = hashFunc(s);
318 |
319 | var sHead = "0001";
320 | var sTail = "00" + _RSASIGN_DIHEAD[hashAlg] + sHashHex;
321 | var sMid = "";
322 | var fLen = pmStrLen - sHead.length - sTail.length;
323 | for (var i = 0; i < fLen; i += 2)
324 | {
325 | sMid += "ff";
326 | }
327 | sPaddedMessageHex = sHead + sMid + sTail;
328 | return sPaddedMessageHex;
329 | }
330 |
331 | function _rsasign_signString(s, hashAlg)
332 | {
333 | var hPM = _rsasign_getHexPaddedDigestInfoForString(s, this.n.bitLength(), hashAlg);
334 | var biPaddedMessage = parseBigInt(hPM, 16);
335 | var biSign = this.doPrivate(biPaddedMessage);
336 | var hexSign = biSign.toString(16);
337 | return hexSign;
338 | }
339 |
340 | function _rsasign_signStringWithSHA1(s)
341 | {
342 | var hPM = _rsasign_getHexPaddedDigestInfoForString(s, this.n.bitLength(), 'sha1');
343 | var biPaddedMessage = parseBigInt(hPM, 16);
344 | var biSign = this.doPrivate(biPaddedMessage);
345 | var hexSign = biSign.toString(16);
346 | return hexSign;
347 | }
348 |
349 | function _rsasign_signStringWithSHA256(s)
350 | {
351 | var hPM = _rsasign_getHexPaddedDigestInfoForString(s, this.n.bitLength(), 'sha256');
352 | var biPaddedMessage = parseBigInt(hPM, 16);
353 | var biSign = this.doPrivate(biPaddedMessage);
354 | var hexSign = biSign.toString(16);
355 | return hexSign;
356 | }
357 |
358 | // ========================================================================
359 | // Signature Verification
360 | // ========================================================================
361 |
362 | function _rsasign_getDecryptSignatureBI(biSig, hN, hE)
363 | {
364 | var rsa = new RSAKey();
365 | rsa.setPublic(hN, hE);
366 | var biDecryptedSig = rsa.doPublic(biSig);
367 | return biDecryptedSig;
368 | }
369 |
370 | function _rsasign_getHexDigestInfoFromSig(biSig, hN, hE)
371 | {
372 | var biDecryptedSig = _rsasign_getDecryptSignatureBI(biSig, hN, hE);
373 | var hDigestInfo = biDecryptedSig.toString(16).replace(/^1f+00/, '');
374 | return hDigestInfo;
375 | }
376 |
377 | function _rsasign_getAlgNameAndHashFromHexDisgestInfo(hDigestInfo)
378 | {
379 | for (var algName in _RSASIGN_DIHEAD)
380 | {
381 | var head = _RSASIGN_DIHEAD[algName];
382 | var len = head.length;
383 | if (hDigestInfo.substring(0, len) == head)
384 | {
385 | var a = [algName, hDigestInfo.substring(len)];
386 | return a;
387 | }
388 | }
389 | return [];
390 | }
391 |
392 | function _rsasign_verifySignatureWithArgs(sMsg, biSig, hN, hE)
393 | {
394 | var hDigestInfo = _rsasign_getHexDigestInfoFromSig(biSig, hN, hE);
395 | var digestInfoAry = _rsasign_getAlgNameAndHashFromHexDisgestInfo(hDigestInfo);
396 | if (digestInfoAry.length == 0) return false;
397 | var algName = digestInfoAry[0];
398 | var diHashValue = digestInfoAry[1];
399 | var ff = _RSASIGN_HASHHEXFUNC[algName];
400 | var msgHashValue = ff(sMsg);
401 | return (diHashValue == msgHashValue);
402 | }
403 |
404 | function _rsasign_verifyHexSignatureForMessage(hSig, sMsg)
405 | {
406 | var biSig = parseBigInt(hSig, 16);
407 | var result = _rsasign_verifySignatureWithArgs(sMsg, biSig, this.n.toString(16), this.e.toString(16));
408 | return result;
409 | }
410 |
411 | function _rsasign_verifyString(sMsg, hSig)
412 | {
413 | hSig = hSig.replace(/[ \n]+/g, "");
414 | var biSig = parseBigInt(hSig, 16);
415 | var biDecryptedSig = this.doPublic(biSig);
416 | var hDigestInfo = biDecryptedSig.toString(16).replace(/^1f+00/, '');
417 | var digestInfoAry = _rsasign_getAlgNameAndHashFromHexDisgestInfo(hDigestInfo);
418 |
419 | if (digestInfoAry.length == 0) return false;
420 | var algName = digestInfoAry[0];
421 | var diHashValue = digestInfoAry[1];
422 | var ff = _RSASIGN_HASHHEXFUNC[algName];
423 | var msgHashValue = ff(sMsg);
424 | return (diHashValue == msgHashValue);
425 | }
426 |
427 | RSAKey.prototype.signString = _rsasign_signString;
428 | RSAKey.prototype.signStringWithSHA1 = _rsasign_signStringWithSHA1;
429 | RSAKey.prototype.signStringWithSHA256 = _rsasign_signStringWithSHA256;
430 |
431 | RSAKey.prototype.verifyString = _rsasign_verifyString;
432 | RSAKey.prototype.verifyHexSignatureForMessage = _rsasign_verifyHexSignatureForMessage;
433 |
434 |
435 |
436 |
437 |
438 |
439 |
440 |
441 |
442 |
443 |
444 |
445 |
446 |
447 |
448 |
449 |
450 |
451 |
452 |
453 |
454 |
455 |
456 |
457 |
458 |
459 |
460 |
--------------------------------------------------------------------------------
/test.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
108 |
109 |
110 |
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 |
119 |
120 |
121 |
122 |
123 |
124 |
125 |
126 |
127 |
128 |
129 |
130 |
131 |
132 |
133 |
134 |
135 |
136 |
137 |
138 |
139 |
140 |
141 |
142 |
143 |
144 |
145 |
146 |
147 |
148 |
149 |
--------------------------------------------------------------------------------