From c2bdf442ac665a70924239c332b062579f43caf4 Mon Sep 17 00:00:00 2001 From: alfaro Date: Thu, 29 Jun 2017 13:46:00 -0500 Subject: [PATCH 1/4] Add PKCS#1-OAEP padding support for RSA encryption (default is still PKCS 1.5) by jasondavies --- lib/jsbn/rsa.js | 63 ++++++++++++++++++++++++++++++++--- lib/jsbn/rsa2.js | 87 +++++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 142 insertions(+), 8 deletions(-) diff --git a/lib/jsbn/rsa.js b/lib/jsbn/rsa.js index f7112e1..01e04ae 100644 --- a/lib/jsbn/rsa.js +++ b/lib/jsbn/rsa.js @@ -27,7 +27,7 @@ function byte2Hex(b) { // PKCS#1 (type 2, random) pad input string s to n bytes, and return a bigint function pkcs1pad2(s,n) { if(n < s.length + 11) { // TODO: fix for utf-8 - console.error("Message too long for RSA"); + alert("Message too long for RSA"); return null; } var ba = new Array(); @@ -60,6 +60,57 @@ function pkcs1pad2(s,n) { return new BigInteger(ba); } +// PKCS#1 (OAEP) mask generation function +function oaep_mgf1_arr(seed, len) { + var mask = '', i = 0; + + while (mask.length < len) { + mask += rstr_sha1(String.fromCharCode.apply(String, seed.concat([ + (i & 0xff000000) >> 24, + (i & 0x00ff0000) >> 16, + (i & 0x0000ff00) >> 8, + i & 0x000000ff]))); + i += 1; + } + + return mask; +} + +var SHA1_SIZE = 20; + +// PKCS#1 (OAEP) pad input string s to n bytes, and return a bigint +function oaep_pad(s, n) { + if (s.length + 2 * SHA1_SIZE + 2 > n) { + alert("Message too long for RSA"); + } + + var PS = '', i; + + for (i = 0; i < n - s.length - 2 * SHA1_SIZE - 2; i += 1) { + PS += '\x00'; + } + + var DB = rstr_sha1('') + PS + '\x01' + s, + seed = new Array(SHA1_SIZE); + new SecureRandom().nextBytes(seed); + + var dbMask = oaep_mgf1_arr(seed, DB.length), + maskedDB = []; + + for (i = 0; i < DB.length; i += 1) { + maskedDB[i] = DB.charCodeAt(i) ^ dbMask.charCodeAt(i); + } + + var seedMask = oaep_mgf1_arr(maskedDB, seed.length), + maskedSeed = [0]; + + for (i = 0; i < seed.length; i += 1) { + maskedSeed[i + 1] = seed[i] ^ seedMask.charCodeAt(i); + } + + return new BigInteger(maskedSeed.concat(maskedDB)); +} + // "empty" RSA key constructor function RSAKey() { this.n = null; @@ -79,7 +130,7 @@ function RSASetPublic(N,E) { this.e = parseInt(E,16); } else - console.error("Invalid RSA public key"); + alert("Invalid RSA public key"); } // Perform raw public operation on "x": return x^e (mod n) @@ -88,8 +139,11 @@ function RSADoPublic(x) { } // Return the PKCS#1 RSA encryption of "text" as an even-length hex string -function RSAEncrypt(text) { - var m = pkcs1pad2(text,(this.n.bitLength()+7)>>3); +function RSAEncrypt(text, paddingFunction) { + if (typeof paddingFunction === typeof undefined) { + paddingFunction = pkcs1pad2; + } + var m = paddingFunction(text,(this.n.bitLength()+7)>>3); if(m == null) return null; var c = this.doPublic(m); if(c == null) return null; @@ -110,3 +164,4 @@ RSAKey.prototype.doPublic = RSADoPublic; RSAKey.prototype.setPublic = RSASetPublic; RSAKey.prototype.encrypt = RSAEncrypt; //RSAKey.prototype.encrypt_b64 = RSAEncryptB64; + diff --git a/lib/jsbn/rsa2.js b/lib/jsbn/rsa2.js index 060a31b..1eef0fd 100644 --- a/lib/jsbn/rsa2.js +++ b/lib/jsbn/rsa2.js @@ -30,6 +30,81 @@ function pkcs1unpad2(d,n) { return ret; } +// PKCS#1 (OAEP) mask generation function +function oaep_mgf1_str(seed, len) { + var mask = '', i = 0; + + while (mask.length < len) { + mask += rstr_sha1(seed + String.fromCharCode.apply(String, [ + (i & 0xff000000) >> 24, + (i & 0x00ff0000) >> 16, + (i & 0x0000ff00) >> 8, + i & 0x000000ff])); + i += 1; + } + + return mask; +} + +var SHA1_SIZE = 20; + +// Undo PKCS#1 (OAEP) padding and, if valid, return the plaintext +function oaep_unpad(d, n) { + d = d.toByteArray(); + + var i; + + for (i = 0; i < d.length; i += 1) { + d[i] &= 0xff; + } + + while (d.length < n) { + d.unshift(0); + } + + d = String.fromCharCode.apply(String, d); + + if (d.length < 2 * SHA1_SIZE + 2) { + alert("Cipher too short"); + } + + var maskedSeed = d.substr(1, SHA1_SIZE), + maskedDB = d.substr(SHA1_SIZE + 1), + + seedMask = oaep_mgf1_str(maskedDB, SHA1_SIZE), + seed = [], + i; + + for (i = 0; i < maskedSeed.length; i += 1) { + seed[i] = maskedSeed.charCodeAt(i) ^ seedMask.charCodeAt(i); + } + + var dbMask = oaep_mgf1_str(String.fromCharCode.apply(String, seed), d.length - SHA1_SIZE), + DB = []; + + for (i = 0; i < maskedDB.length; i += 1) { + DB[i] = maskedDB.charCodeAt(i) ^ dbMask.charCodeAt(i); + } + + DB = String.fromCharCode.apply(String, DB); + + if (DB.substr(0, SHA1_SIZE) !== rstr_sha1('')) { + alert("Hash mismatch"); + } + + DB = DB.substr(SHA1_SIZE); + + var first_one = DB.indexOf('\x01'), + last_zero = (first_one != -1) ? DB.substr(0, first_one).lastIndexOf('\x00') : -1; + + if (last_zero + 1 != first_one) { + alert("Malformed data"); + } + + return DB.substr(first_one + 1); +} + + // Set the private key fields N, e, and d from hex strings function RSASetPrivate(N,E,D) { if(N != null && E != null && N.length > 0 && E.length > 0) { @@ -38,7 +113,7 @@ function RSASetPrivate(N,E,D) { this.d = parseBigInt(D,16); } else - console.error("Invalid RSA private key"); + alert("Invalid RSA private key"); } // Set the private key fields N, e, d and CRT params from hex strings @@ -54,7 +129,7 @@ function RSASetPrivateEx(N,E,D,P,Q,DP,DQ,C) { this.coeff = parseBigInt(C,16); } else - console.error("Invalid RSA private key"); + alert("Invalid RSA private key"); } // Generate a new random private key B bits long, using public expt E @@ -107,11 +182,14 @@ function RSADoPrivate(x) { // Return the PKCS#1 RSA decryption of "ctext". // "ctext" is an even-length hex string and the output is a plain string. -function RSADecrypt(ctext) { +function RSADecrypt(ctext, unpadFunction) { + if (typeof unpadFunction === typeof undefined) { + unpadFunction = pkcs1unpad2; + } var c = parseBigInt(ctext, 16); var m = this.doPrivate(c); if(m == null) return null; - return pkcs1unpad2(m, (this.n.bitLength()+7)>>3); + return unpadFunction(m, (this.n.bitLength()+7)>>3); } // Return the PKCS#1 RSA decryption of "ctext". @@ -130,3 +208,4 @@ RSAKey.prototype.setPrivateEx = RSASetPrivateEx; RSAKey.prototype.generate = RSAGenerate; RSAKey.prototype.decrypt = RSADecrypt; //RSAKey.prototype.b64_decrypt = RSAB64Decrypt; + From 6c1d4675b54a3bbaaeed22905bfb95062c0ed53f Mon Sep 17 00:00:00 2001 From: alfaro Date: Thu, 29 Jun 2017 13:50:30 -0500 Subject: [PATCH 2/4] build files --- bin/jsencrypt.js | 150 ++++++++++++++++++++++++++++++++++++++++--- bin/jsencrypt.min.js | 4 +- 2 files changed, 144 insertions(+), 10 deletions(-) diff --git a/bin/jsencrypt.js b/bin/jsencrypt.js index b82222a..99ec4d0 100644 --- a/bin/jsencrypt.js +++ b/bin/jsencrypt.js @@ -1372,7 +1372,7 @@ function byte2Hex(b) { // PKCS#1 (type 2, random) pad input string s to n bytes, and return a bigint function pkcs1pad2(s,n) { if(n < s.length + 11) { // TODO: fix for utf-8 - console.error("Message too long for RSA"); + alert("Message too long for RSA"); return null; } var ba = new Array(); @@ -1405,6 +1405,57 @@ function pkcs1pad2(s,n) { return new BigInteger(ba); } +// PKCS#1 (OAEP) mask generation function +function oaep_mgf1_arr(seed, len) { + var mask = '', i = 0; + + while (mask.length < len) { + mask += rstr_sha1(String.fromCharCode.apply(String, seed.concat([ + (i & 0xff000000) >> 24, + (i & 0x00ff0000) >> 16, + (i & 0x0000ff00) >> 8, + i & 0x000000ff]))); + i += 1; + } + + return mask; +} + +var SHA1_SIZE = 20; + +// PKCS#1 (OAEP) pad input string s to n bytes, and return a bigint +function oaep_pad(s, n) { + if (s.length + 2 * SHA1_SIZE + 2 > n) { + alert("Message too long for RSA"); + } + + var PS = '', i; + + for (i = 0; i < n - s.length - 2 * SHA1_SIZE - 2; i += 1) { + PS += '\x00'; + } + + var DB = rstr_sha1('') + PS + '\x01' + s, + seed = new Array(SHA1_SIZE); + new SecureRandom().nextBytes(seed); + + var dbMask = oaep_mgf1_arr(seed, DB.length), + maskedDB = []; + + for (i = 0; i < DB.length; i += 1) { + maskedDB[i] = DB.charCodeAt(i) ^ dbMask.charCodeAt(i); + } + + var seedMask = oaep_mgf1_arr(maskedDB, seed.length), + maskedSeed = [0]; + + for (i = 0; i < seed.length; i += 1) { + maskedSeed[i + 1] = seed[i] ^ seedMask.charCodeAt(i); + } + + return new BigInteger(maskedSeed.concat(maskedDB)); +} + // "empty" RSA key constructor function RSAKey() { this.n = null; @@ -1424,7 +1475,7 @@ function RSASetPublic(N,E) { this.e = parseInt(E,16); } else - console.error("Invalid RSA public key"); + alert("Invalid RSA public key"); } // Perform raw public operation on "x": return x^e (mod n) @@ -1433,8 +1484,11 @@ function RSADoPublic(x) { } // Return the PKCS#1 RSA encryption of "text" as an even-length hex string -function RSAEncrypt(text) { - var m = pkcs1pad2(text,(this.n.bitLength()+7)>>3); +function RSAEncrypt(text, paddingFunction) { + if (typeof paddingFunction === typeof undefined) { + paddingFunction = pkcs1pad2; + } + var m = paddingFunction(text,(this.n.bitLength()+7)>>3); if(m == null) return null; var c = this.doPublic(m); if(c == null) return null; @@ -1456,6 +1510,7 @@ RSAKey.prototype.setPublic = RSASetPublic; RSAKey.prototype.encrypt = RSAEncrypt; //RSAKey.prototype.encrypt_b64 = RSAEncryptB64; + // Depends on rsa.js and jsbn2.js // Version 1.1: support utf-8 decoding in pkcs1unpad2 @@ -1488,6 +1543,81 @@ function pkcs1unpad2(d,n) { return ret; } +// PKCS#1 (OAEP) mask generation function +function oaep_mgf1_str(seed, len) { + var mask = '', i = 0; + + while (mask.length < len) { + mask += rstr_sha1(seed + String.fromCharCode.apply(String, [ + (i & 0xff000000) >> 24, + (i & 0x00ff0000) >> 16, + (i & 0x0000ff00) >> 8, + i & 0x000000ff])); + i += 1; + } + + return mask; +} + +var SHA1_SIZE = 20; + +// Undo PKCS#1 (OAEP) padding and, if valid, return the plaintext +function oaep_unpad(d, n) { + d = d.toByteArray(); + + var i; + + for (i = 0; i < d.length; i += 1) { + d[i] &= 0xff; + } + + while (d.length < n) { + d.unshift(0); + } + + d = String.fromCharCode.apply(String, d); + + if (d.length < 2 * SHA1_SIZE + 2) { + alert("Cipher too short"); + } + + var maskedSeed = d.substr(1, SHA1_SIZE), + maskedDB = d.substr(SHA1_SIZE + 1), + + seedMask = oaep_mgf1_str(maskedDB, SHA1_SIZE), + seed = [], + i; + + for (i = 0; i < maskedSeed.length; i += 1) { + seed[i] = maskedSeed.charCodeAt(i) ^ seedMask.charCodeAt(i); + } + + var dbMask = oaep_mgf1_str(String.fromCharCode.apply(String, seed), d.length - SHA1_SIZE), + DB = []; + + for (i = 0; i < maskedDB.length; i += 1) { + DB[i] = maskedDB.charCodeAt(i) ^ dbMask.charCodeAt(i); + } + + DB = String.fromCharCode.apply(String, DB); + + if (DB.substr(0, SHA1_SIZE) !== rstr_sha1('')) { + alert("Hash mismatch"); + } + + DB = DB.substr(SHA1_SIZE); + + var first_one = DB.indexOf('\x01'), + last_zero = (first_one != -1) ? DB.substr(0, first_one).lastIndexOf('\x00') : -1; + + if (last_zero + 1 != first_one) { + alert("Malformed data"); + } + + return DB.substr(first_one + 1); +} + + // Set the private key fields N, e, and d from hex strings function RSASetPrivate(N,E,D) { if(N != null && E != null && N.length > 0 && E.length > 0) { @@ -1496,7 +1626,7 @@ function RSASetPrivate(N,E,D) { this.d = parseBigInt(D,16); } else - console.error("Invalid RSA private key"); + alert("Invalid RSA private key"); } // Set the private key fields N, e, d and CRT params from hex strings @@ -1512,7 +1642,7 @@ function RSASetPrivateEx(N,E,D,P,Q,DP,DQ,C) { this.coeff = parseBigInt(C,16); } else - console.error("Invalid RSA private key"); + alert("Invalid RSA private key"); } // Generate a new random private key B bits long, using public expt E @@ -1565,11 +1695,14 @@ function RSADoPrivate(x) { // Return the PKCS#1 RSA decryption of "ctext". // "ctext" is an even-length hex string and the output is a plain string. -function RSADecrypt(ctext) { +function RSADecrypt(ctext, unpadFunction) { + if (typeof unpadFunction === typeof undefined) { + unpadFunction = pkcs1unpad2; + } var c = parseBigInt(ctext, 16); var m = this.doPrivate(c); if(m == null) return null; - return pkcs1unpad2(m, (this.n.bitLength()+7)>>3); + return unpadFunction(m, (this.n.bitLength()+7)>>3); } // Return the PKCS#1 RSA decryption of "ctext". @@ -1589,6 +1722,7 @@ RSAKey.prototype.generate = RSAGenerate; RSAKey.prototype.decrypt = RSADecrypt; //RSAKey.prototype.b64_decrypt = RSAB64Decrypt; + // Copyright (c) 2011 Kevin M Burns Jr. // All Rights Reserved. // See "LICENSE" for details. diff --git a/bin/jsencrypt.min.js b/bin/jsencrypt.min.js index 1456613..4eee1e0 100644 --- a/bin/jsencrypt.min.js +++ b/bin/jsencrypt.min.js @@ -3,11 +3,11 @@ // Copyright (c) 2005-2009 Tom Wu // All Rights Reserved. // See "LICENSE" for details. -function F(){var t=i();return this.copyTo(t),t}function _(){if(this.s<0){if(1==this.t)return this[0]-this.DV;if(0==this.t)return-1}else{if(1==this.t)return this[0];if(0==this.t)return 0}return(this[1]&(1<<32-this.DB)-1)<>24}function Z(){return 0==this.t?this.s:this[0]<<16>>16}function G(t){return Math.floor(Math.LN2*this.DB/Math.log(t))}function $(){return this.s<0?-1:this.t<=0||1==this.t&&this[0]<=0?0:1}function Y(t){if(null==t&&(t=10),0==this.signum()||t<2||t>36)return"0";var e=this.chunkSize(t),r=Math.pow(t,e),s=c(r),n=i(),o=i(),h="";for(this.divRemTo(s,n,o);n.signum()>0;)h=(r+o.intValue()).toString(t).substr(1)+h,n.divRemTo(s,n,o);return o.intValue().toString(t)+h}function W(t,i){this.fromInt(0),null==i&&(i=10);for(var r=this.chunkSize(i),s=Math.pow(i,r),n=!1,o=0,a=0,u=0;u=r&&(this.dMultiply(s),this.dAddOffset(a,0),o=0,a=0))}o>0&&(this.dMultiply(Math.pow(i,o)),this.dAddOffset(a,0)),n&&e.ZERO.subTo(this,this)}function Q(t,i,r){if("number"==typeof i)if(t<2)this.fromInt(1);else for(this.fromNumber(t,r),this.testBit(t-1)||this.bitwiseTo(e.ONE.shiftLeft(t-1),ot,this),this.isEven()&&this.dAddOffset(1,0);!this.isProbablePrime(i);)this.dAddOffset(2,0),this.bitLength()>t&&this.subTo(e.ONE.shiftLeft(t-1),this);else{var s=new Array,n=7&t;s.length=(t>>3)+1,i.nextBytes(s),n>0?s[0]&=(1<0)for(r>r)!=(this.s&this.DM)>>r&&(e[s++]=i|this.s<=0;)r<8?(i=(this[t]&(1<>(r+=this.DB-8)):(i=this[t]>>(r-=8)&255,r<=0&&(r+=this.DB,--t)),0!=(128&i)&&(i|=-256),0==s&&(128&this.s)!=(128&i)&&++s,(s>0||i!=this.s)&&(e[s++]=i);return e}function tt(t){return 0==this.compareTo(t)}function et(t){return this.compareTo(t)<0?this:t}function it(t){return this.compareTo(t)>0?this:t}function rt(t,e,i){var r,s,n=Math.min(t.t,this.t);for(r=0;r>=16,e+=16),0==(255&t)&&(t>>=8,e+=8),0==(15&t)&&(t>>=4,e+=4),0==(3&t)&&(t>>=2,e+=2),0==(1&t)&&++e,e}function mt(){for(var t=0;t=this.t?0!=this.s:0!=(this[e]&1<>=this.DB;if(t.t>=this.DB;r+=this.s}else{for(r+=this.s;i>=this.DB;r+=t.s}e.s=r<0?-1:0,r>0?e[i++]=r:r<-1&&(e[i++]=this.DV+r),e.t=i,e.clamp()}function wt(t){var e=i();return this.addTo(t,e),e}function xt(t){var e=i();return this.subTo(t,e),e}function Bt(t){var e=i();return this.multiplyTo(t,e),e}function Kt(){var t=i();return this.squareTo(t),t}function At(t){var e=i();return this.divRemTo(t,e,null),e}function Ut(t){var e=i();return this.divRemTo(t,null,e),e}function Ot(t){var e=i(),r=i();return this.divRemTo(t,e,r),new Array(e,r)}function Vt(t){this[this.t]=this.am(0,t-1,this,0,0,this.t),++this.t,this.clamp()}function Nt(t,e){if(0!=t){for(;this.t<=e;)this[this.t++]=0;for(this[e]+=t;this[e]>=this.DV;)this[e]-=this.DV,++e>=this.t&&(this[this.t++]=0),++this[e]}}function Jt(){}function It(t){return t}function Pt(t,e,i){t.multiplyTo(e,i)}function Mt(t,e){t.squareTo(e)}function Lt(t){return this.exp(t,new Jt)}function qt(t,e,i){var r=Math.min(this.t+t.t,e);for(i.s=0,i.t=r;r>0;)i[--r]=0;var s;for(s=i.t-this.t;r=0;)i[r]=0;for(r=Math.max(e-this.t,0);r2*this.m.t)return t.mod(this.m);if(t.compareTo(this.m)<0)return t;var e=i();return t.copyTo(e),this.reduce(e),e}function kt(t){return t}function Ft(t){for(t.drShiftTo(this.m.t-1,this.r2),t.t>this.m.t+1&&(t.t=this.m.t+1,t.clamp()),this.mu.multiplyUpperTo(this.r2,this.m.t+1,this.q3),this.m.multiplyLowerTo(this.q3,this.m.t+1,this.r2);t.compareTo(this.r2)<0;)t.dAddOffset(1,this.m.t+1);for(t.subTo(this.r2,t);t.compareTo(this.m)>=0;)t.subTo(this.m,t)}function _t(t,e){t.squareTo(e),this.reduce(e)}function zt(t,e,i){t.multiplyTo(e,i),this.reduce(i)}function Zt(t,e){var r,s,n=t.bitLength(),o=c(1);if(n<=0)return o;r=n<18?1:n<48?3:n<144?4:n<768?5:6,s=n<8?new K(e):e.isEven()?new Ht(e):new I(e);var h=new Array,a=3,u=r-1,f=(1<1){var p=i();for(s.sqrTo(h[1],p);a<=f;)h[a]=i(),s.mulTo(p,h[a-2],h[a]),a+=2}var l,d,g=t.t-1,m=!0,v=i();for(n=y(t[g])-1;g>=0;){for(n>=u?l=t[g]>>n-u&f:(l=(t[g]&(1<0&&(l|=t[g-1]>>this.DB+n-u)),a=r;0==(1&l);)l>>=1,--a;if((n-=a)<0&&(n+=this.DB,--g),m)h[l].copyTo(o),m=!1;else{for(;a>1;)s.sqrTo(o,v),s.sqrTo(v,o),a-=2;a>0?s.sqrTo(o,v):(d=o,o=v,v=d),s.mulTo(v,h[l],o)}for(;g>=0&&0==(t[g]&1<0&&(e.rShiftTo(n,e),i.rShiftTo(n,i));e.signum()>0;)(s=e.getLowestSetBit())>0&&e.rShiftTo(s,e),(s=i.getLowestSetBit())>0&&i.rShiftTo(s,i),e.compareTo(i)>=0?(e.subTo(i,e),e.rShiftTo(1,e)):(i.subTo(e,i),i.rShiftTo(1,i));return n>0&&i.lShiftTo(n,i),i}function $t(t){if(t<=0)return 0;var e=this.DV%t,i=this.s<0?t-1:0;if(this.t>0)if(0==e)i=this[0]%t;else for(var r=this.t-1;r>=0;--r)i=(e*i+this[r])%t;return i}function Yt(t){var i=t.isEven();if(this.isEven()&&i||0==t.signum())return e.ZERO;for(var r=t.clone(),s=this.clone(),n=c(1),o=c(0),h=c(0),a=c(1);0!=r.signum();){for(;r.isEven();)r.rShiftTo(1,r),i?(n.isEven()&&o.isEven()||(n.addTo(this,n),o.subTo(t,o)),n.rShiftTo(1,n)):o.isEven()||o.subTo(t,o),o.rShiftTo(1,o);for(;s.isEven();)s.rShiftTo(1,s),i?(h.isEven()&&a.isEven()||(h.addTo(this,h),a.subTo(t,a)),h.rShiftTo(1,h)):a.isEven()||a.subTo(t,a),a.rShiftTo(1,a);r.compareTo(s)>=0?(r.subTo(s,r),i&&n.subTo(h,n),o.subTo(a,o)):(s.subTo(r,s),i&&h.subTo(n,h),a.subTo(o,a))}return 0!=s.compareTo(e.ONE)?e.ZERO:a.compareTo(t)>=0?a.subtract(t):a.signum()<0?(a.addTo(t,a),a.signum()<0?a.add(t):a):a}function Wt(t){var e,i=this.abs();if(1==i.t&&i[0]<=Ke[Ke.length-1]){for(e=0;e>1,t>Ke.length&&(t=Ke.length);for(var o=i(),h=0;h=0&&i>0;){var n=t.charCodeAt(s--);n<128?r[--i]=n:n>127&&n<2048?(r[--i]=63&n|128,r[--i]=n>>6|192):(r[--i]=63&n|128,r[--i]=n>>6&63|128,r[--i]=n>>12|224)}r[--i]=0;for(var o=new ne,h=new Array;i>2;){for(h[0]=0;0==h[0];)o.nextBytes(h);r[--i]=h[0]}return r[--i]=2,r[--i]=0,new e(r)}function ae(){this.n=null,this.e=0,this.d=null,this.p=null,this.q=null,this.dmp1=null,this.dmq1=null,this.coeff=null}function ue(t,e){null!=t&&null!=e&&t.length>0&&e.length>0?(this.n=oe(t,16),this.e=parseInt(e,16)):console.error("Invalid RSA public key")}function ce(t){return t.modPowInt(this.e,this.n)}function fe(t){var e=he(t,this.n.bitLength()+7>>3);if(null==e)return null;var i=this.doPublic(e);if(null==i)return null;var r=i.toString(16);return 0==(1&r.length)?r:"0"+r}function pe(t,e){for(var i=t.toByteArray(),r=0;r=i.length)return null;for(var s="";++r191&&n<224?(s+=String.fromCharCode((31&n)<<6|63&i[r+1]),++r):(s+=String.fromCharCode((15&n)<<12|(63&i[r+1])<<6|63&i[r+2]),r+=2)}return s}function le(t,e,i){null!=t&&null!=e&&t.length>0&&e.length>0?(this.n=oe(t,16),this.e=parseInt(e,16),this.d=oe(i,16)):console.error("Invalid RSA private key")}function de(t,e,i,r,s,n,o,h){null!=t&&null!=e&&t.length>0&&e.length>0?(this.n=oe(t,16),this.e=parseInt(e,16),this.d=oe(i,16),this.p=oe(r,16),this.q=oe(s,16),this.dmp1=oe(n,16),this.dmq1=oe(o,16),this.coeff=oe(h,16)):console.error("Invalid RSA private key")}function ge(t,i){var r=new ne,s=t>>1;this.e=parseInt(i,16);for(var n=new e(i,16);;){for(;this.p=new e(t-s,1,r),0!=this.p.subtract(e.ONE).gcd(n).compareTo(e.ONE)||!this.p.isProbablePrime(10););for(;this.q=new e(s,1,r),0!=this.q.subtract(e.ONE).gcd(n).compareTo(e.ONE)||!this.q.isProbablePrime(10););if(this.p.compareTo(this.q)<=0){var o=this.p;this.p=this.q,this.q=o}var h=this.p.subtract(e.ONE),a=this.q.subtract(e.ONE),u=h.multiply(a);if(0==u.gcd(n).compareTo(e.ONE)){this.n=this.p.multiply(this.q),this.d=n.modInverse(u),this.dmp1=this.d.mod(h),this.dmq1=this.d.mod(a),this.coeff=this.q.modInverse(this.p);break}}}function me(t){if(null==this.p||null==this.q)return t.modPow(this.d,this.n);for(var e=t.mod(this.p).modPow(this.dmp1,this.p),i=t.mod(this.q).modPow(this.dmq1,this.q);e.compareTo(i)<0;)e=e.add(this.p);return e.subtract(i).multiply(this.coeff).mod(this.p).multiply(this.q).add(i)}function ye(t){var e=oe(t,16),i=this.doPrivate(e);return null==i?null:pe(i,this.n.bitLength()+7>>3)}function ve(t){var e,i,r="";for(e=0;e+3<=t.length;e+=3)i=parseInt(t.substring(e,e+3),16),r+=Me.charAt(i>>6)+Me.charAt(63&i);for(e+1==t.length?(i=parseInt(t.substring(e,e+1),16),r+=Me.charAt(i<<2)):e+2==t.length&&(i=parseInt(t.substring(e,e+2),16),r+=Me.charAt(i>>2)+Me.charAt((3&i)<<4));(3&r.length)>0;)r+=Le;return r}function be(t){var e,i,r="",s=0;for(e=0;e>2),i=3&n,s=1):1==s?(r+=o(i<<2|n>>4),i=15&n,s=2):2==s?(r+=o(i),r+=o(n>>2),i=3&n,s=3):(r+=o(i<<2|n>>4),r+=o(15&n),s=0))}return 1==s&&(r+=o(i<<2)),r} +function F(){var t=i();return this.copyTo(t),t}function _(){if(this.s<0){if(1==this.t)return this[0]-this.DV;if(0==this.t)return-1}else{if(1==this.t)return this[0];if(0==this.t)return 0}return(this[1]&(1<<32-this.DB)-1)<>24}function Z(){return 0==this.t?this.s:this[0]<<16>>16}function G(t){return Math.floor(Math.LN2*this.DB/Math.log(t))}function $(){return this.s<0?-1:this.t<=0||1==this.t&&this[0]<=0?0:1}function Y(t){if(null==t&&(t=10),0==this.signum()||t<2||t>36)return"0";var e=this.chunkSize(t),r=Math.pow(t,e),s=c(r),n=i(),o=i(),h="";for(this.divRemTo(s,n,o);n.signum()>0;)h=(r+o.intValue()).toString(t).substr(1)+h,n.divRemTo(s,n,o);return o.intValue().toString(t)+h}function W(t,i){this.fromInt(0),null==i&&(i=10);for(var r=this.chunkSize(i),s=Math.pow(i,r),n=!1,o=0,a=0,u=0;u=r&&(this.dMultiply(s),this.dAddOffset(a,0),o=0,a=0))}o>0&&(this.dMultiply(Math.pow(i,o)),this.dAddOffset(a,0)),n&&e.ZERO.subTo(this,this)}function Q(t,i,r){if("number"==typeof i)if(t<2)this.fromInt(1);else for(this.fromNumber(t,r),this.testBit(t-1)||this.bitwiseTo(e.ONE.shiftLeft(t-1),ot,this),this.isEven()&&this.dAddOffset(1,0);!this.isProbablePrime(i);)this.dAddOffset(2,0),this.bitLength()>t&&this.subTo(e.ONE.shiftLeft(t-1),this);else{var s=new Array,n=7&t;s.length=(t>>3)+1,i.nextBytes(s),n>0?s[0]&=(1<0)for(r>r)!=(this.s&this.DM)>>r&&(e[s++]=i|this.s<=0;)r<8?(i=(this[t]&(1<>(r+=this.DB-8)):(i=this[t]>>(r-=8)&255,r<=0&&(r+=this.DB,--t)),0!=(128&i)&&(i|=-256),0==s&&(128&this.s)!=(128&i)&&++s,(s>0||i!=this.s)&&(e[s++]=i);return e}function tt(t){return 0==this.compareTo(t)}function et(t){return this.compareTo(t)<0?this:t}function it(t){return this.compareTo(t)>0?this:t}function rt(t,e,i){var r,s,n=Math.min(t.t,this.t);for(r=0;r>=16,e+=16),0==(255&t)&&(t>>=8,e+=8),0==(15&t)&&(t>>=4,e+=4),0==(3&t)&&(t>>=2,e+=2),0==(1&t)&&++e,e}function mt(){for(var t=0;t=this.t?0!=this.s:0!=(this[e]&1<>=this.DB;if(t.t>=this.DB;r+=this.s}else{for(r+=this.s;i>=this.DB;r+=t.s}e.s=r<0?-1:0,r>0?e[i++]=r:r<-1&&(e[i++]=this.DV+r),e.t=i,e.clamp()}function wt(t){var e=i();return this.addTo(t,e),e}function xt(t){var e=i();return this.subTo(t,e),e}function Bt(t){var e=i();return this.multiplyTo(t,e),e}function Kt(){var t=i();return this.squareTo(t),t}function At(t){var e=i();return this.divRemTo(t,e,null),e}function Ut(t){var e=i();return this.divRemTo(t,null,e),e}function Ot(t){var e=i(),r=i();return this.divRemTo(t,e,r),new Array(e,r)}function Vt(t){this[this.t]=this.am(0,t-1,this,0,0,this.t),++this.t,this.clamp()}function Nt(t,e){if(0!=t){for(;this.t<=e;)this[this.t++]=0;for(this[e]+=t;this[e]>=this.DV;)this[e]-=this.DV,++e>=this.t&&(this[this.t++]=0),++this[e]}}function Jt(){}function It(t){return t}function Pt(t,e,i){t.multiplyTo(e,i)}function Mt(t,e){t.squareTo(e)}function Lt(t){return this.exp(t,new Jt)}function qt(t,e,i){var r=Math.min(this.t+t.t,e);for(i.s=0,i.t=r;r>0;)i[--r]=0;var s;for(s=i.t-this.t;r=0;)i[r]=0;for(r=Math.max(e-this.t,0);r2*this.m.t)return t.mod(this.m);if(t.compareTo(this.m)<0)return t;var e=i();return t.copyTo(e),this.reduce(e),e}function kt(t){return t}function Ft(t){for(t.drShiftTo(this.m.t-1,this.r2),t.t>this.m.t+1&&(t.t=this.m.t+1,t.clamp()),this.mu.multiplyUpperTo(this.r2,this.m.t+1,this.q3),this.m.multiplyLowerTo(this.q3,this.m.t+1,this.r2);t.compareTo(this.r2)<0;)t.dAddOffset(1,this.m.t+1);for(t.subTo(this.r2,t);t.compareTo(this.m)>=0;)t.subTo(this.m,t)}function _t(t,e){t.squareTo(e),this.reduce(e)}function zt(t,e,i){t.multiplyTo(e,i),this.reduce(i)}function Zt(t,e){var r,s,n=t.bitLength(),o=c(1);if(n<=0)return o;r=n<18?1:n<48?3:n<144?4:n<768?5:6,s=n<8?new K(e):e.isEven()?new Ht(e):new I(e);var h=new Array,a=3,u=r-1,f=(1<1){var p=i();for(s.sqrTo(h[1],p);a<=f;)h[a]=i(),s.mulTo(p,h[a-2],h[a]),a+=2}var l,d,g=t.t-1,m=!0,v=i();for(n=y(t[g])-1;g>=0;){for(n>=u?l=t[g]>>n-u&f:(l=(t[g]&(1<0&&(l|=t[g-1]>>this.DB+n-u)),a=r;0==(1&l);)l>>=1,--a;if((n-=a)<0&&(n+=this.DB,--g),m)h[l].copyTo(o),m=!1;else{for(;a>1;)s.sqrTo(o,v),s.sqrTo(v,o),a-=2;a>0?s.sqrTo(o,v):(d=o,o=v,v=d),s.mulTo(v,h[l],o)}for(;g>=0&&0==(t[g]&1<0&&(e.rShiftTo(n,e),i.rShiftTo(n,i));e.signum()>0;)(s=e.getLowestSetBit())>0&&e.rShiftTo(s,e),(s=i.getLowestSetBit())>0&&i.rShiftTo(s,i),e.compareTo(i)>=0?(e.subTo(i,e),e.rShiftTo(1,e)):(i.subTo(e,i),i.rShiftTo(1,i));return n>0&&i.lShiftTo(n,i),i}function $t(t){if(t<=0)return 0;var e=this.DV%t,i=this.s<0?t-1:0;if(this.t>0)if(0==e)i=this[0]%t;else for(var r=this.t-1;r>=0;--r)i=(e*i+this[r])%t;return i}function Yt(t){var i=t.isEven();if(this.isEven()&&i||0==t.signum())return e.ZERO;for(var r=t.clone(),s=this.clone(),n=c(1),o=c(0),h=c(0),a=c(1);0!=r.signum();){for(;r.isEven();)r.rShiftTo(1,r),i?(n.isEven()&&o.isEven()||(n.addTo(this,n),o.subTo(t,o)),n.rShiftTo(1,n)):o.isEven()||o.subTo(t,o),o.rShiftTo(1,o);for(;s.isEven();)s.rShiftTo(1,s),i?(h.isEven()&&a.isEven()||(h.addTo(this,h),a.subTo(t,a)),h.rShiftTo(1,h)):a.isEven()||a.subTo(t,a),a.rShiftTo(1,a);r.compareTo(s)>=0?(r.subTo(s,r),i&&n.subTo(h,n),o.subTo(a,o)):(s.subTo(r,s),i&&h.subTo(n,h),a.subTo(o,a))}return 0!=s.compareTo(e.ONE)?e.ZERO:a.compareTo(t)>=0?a.subtract(t):a.signum()<0?(a.addTo(t,a),a.signum()<0?a.add(t):a):a}function Wt(t){var e,i=this.abs();if(1==i.t&&i[0]<=Ke[Ke.length-1]){for(e=0;e>1,t>Ke.length&&(t=Ke.length);for(var o=i(),h=0;h=0&&i>0;){var n=t.charCodeAt(s--);n<128?r[--i]=n:n>127&&n<2048?(r[--i]=63&n|128,r[--i]=n>>6|192):(r[--i]=63&n|128,r[--i]=n>>6&63|128,r[--i]=n>>12|224)}r[--i]=0;for(var o=new ne,h=new Array;i>2;){for(h[0]=0;0==h[0];)o.nextBytes(h);r[--i]=h[0]}return r[--i]=2,r[--i]=0,new e(r)}function ae(){this.n=null,this.e=0,this.d=null,this.p=null,this.q=null,this.dmp1=null,this.dmq1=null,this.coeff=null}function ue(t,e){null!=t&&null!=e&&t.length>0&&e.length>0?(this.n=oe(t,16),this.e=parseInt(e,16)):alert("Invalid RSA public key")}function ce(t){return t.modPowInt(this.e,this.n)}function fe(t,e){"undefined"==typeof e&&(e=he);var i=e(t,this.n.bitLength()+7>>3);if(null==i)return null;var r=this.doPublic(i);if(null==r)return null;var s=r.toString(16);return 0==(1&s.length)?s:"0"+s}function pe(t,e){for(var i=t.toByteArray(),r=0;r=i.length)return null;for(var s="";++r191&&n<224?(s+=String.fromCharCode((31&n)<<6|63&i[r+1]),++r):(s+=String.fromCharCode((15&n)<<12|(63&i[r+1])<<6|63&i[r+2]),r+=2)}return s}function le(t,e,i){null!=t&&null!=e&&t.length>0&&e.length>0?(this.n=oe(t,16),this.e=parseInt(e,16),this.d=oe(i,16)):alert("Invalid RSA private key")}function de(t,e,i,r,s,n,o,h){null!=t&&null!=e&&t.length>0&&e.length>0?(this.n=oe(t,16),this.e=parseInt(e,16),this.d=oe(i,16),this.p=oe(r,16),this.q=oe(s,16),this.dmp1=oe(n,16),this.dmq1=oe(o,16),this.coeff=oe(h,16)):alert("Invalid RSA private key")}function ge(t,i){var r=new ne,s=t>>1;this.e=parseInt(i,16);for(var n=new e(i,16);;){for(;this.p=new e(t-s,1,r),0!=this.p.subtract(e.ONE).gcd(n).compareTo(e.ONE)||!this.p.isProbablePrime(10););for(;this.q=new e(s,1,r),0!=this.q.subtract(e.ONE).gcd(n).compareTo(e.ONE)||!this.q.isProbablePrime(10););if(this.p.compareTo(this.q)<=0){var o=this.p;this.p=this.q,this.q=o}var h=this.p.subtract(e.ONE),a=this.q.subtract(e.ONE),u=h.multiply(a);if(0==u.gcd(n).compareTo(e.ONE)){this.n=this.p.multiply(this.q),this.d=n.modInverse(u),this.dmp1=this.d.mod(h),this.dmq1=this.d.mod(a),this.coeff=this.q.modInverse(this.p);break}}}function me(t){if(null==this.p||null==this.q)return t.modPow(this.d,this.n);for(var e=t.mod(this.p).modPow(this.dmp1,this.p),i=t.mod(this.q).modPow(this.dmq1,this.q);e.compareTo(i)<0;)e=e.add(this.p);return e.subtract(i).multiply(this.coeff).mod(this.p).multiply(this.q).add(i)}function ye(t,e){"undefined"==typeof e&&(e=pe);var i=oe(t,16),r=this.doPrivate(i);return null==r?null:e(r,this.n.bitLength()+7>>3)}function ve(t){var e,i,r="";for(e=0;e+3<=t.length;e+=3)i=parseInt(t.substring(e,e+3),16),r+=Me.charAt(i>>6)+Me.charAt(63&i);for(e+1==t.length?(i=parseInt(t.substring(e,e+1),16),r+=Me.charAt(i<<2)):e+2==t.length&&(i=parseInt(t.substring(e,e+2),16),r+=Me.charAt(i>>2)+Me.charAt((3&i)<<4));(3&r.length)>0;)r+=Le;return r}function be(t){var e,i,r="",s=0;for(e=0;e>2),i=3&n,s=1):1==s?(r+=o(i<<2|n>>4),i=15&n,s=2):2==s?(r+=o(i),r+=o(n>>2),i=3&n,s=3):(r+=o(i<<2|n>>4),r+=o(15&n),s=0))}return 1==s&&(r+=o(i<<2)),r} // Copyright (c) 2005 Tom Wu // All Rights Reserved. // See "LICENSE" for details. -var Te,Se=0xdeadbeefcafe,Re=15715070==(16777215&Se);Re&&"Microsoft Internet Explorer"==navigator.appName?(e.prototype.am=s,Te=30):Re&&"Netscape"!=navigator.appName?(e.prototype.am=r,Te=26):(e.prototype.am=n,Te=28),e.prototype.DB=Te,e.prototype.DM=(1<=256||Ve>=Ne)return void(window.removeEventListener?window.removeEventListener("mousemove",Pe,!1):window.detachEvent&&window.detachEvent("onmousemove",Pe));try{var e=t.x+t.y;Oe[Ve++]=255&e,this.count+=1}catch(i){}};window.addEventListener?window.addEventListener("mousemove",Pe,!1):window.attachEvent&&window.attachEvent("onmousemove",Pe)}ne.prototype.nextBytes=se,ae.prototype.doPublic=ce,ae.prototype.setPublic=ue,ae.prototype.encrypt=fe,ae.prototype.doPrivate=me,ae.prototype.setPrivate=le,ae.prototype.setPrivateEx=de,ae.prototype.generate=ge,ae.prototype.decrypt=ye, +var Te,Se=0xdeadbeefcafe,Re=15715070==(16777215&Se);Re&&"Microsoft Internet Explorer"==navigator.appName?(e.prototype.am=s,Te=30):Re&&"Netscape"!=navigator.appName?(e.prototype.am=r,Te=26):(e.prototype.am=n,Te=28),e.prototype.DB=Te,e.prototype.DM=(1<=256||Ve>=Ne)return void(window.removeEventListener?window.removeEventListener("mousemove",Pe,!1):window.detachEvent&&window.detachEvent("onmousemove",Pe));try{var e=t.x+t.y;Oe[Ve++]=255&e,this.count+=1}catch(i){}};window.addEventListener?window.addEventListener("mousemove",Pe,!1):window.attachEvent&&window.attachEvent("onmousemove",Pe)}ne.prototype.nextBytes=se;ae.prototype.doPublic=ce,ae.prototype.setPublic=ue,ae.prototype.encrypt=fe;ae.prototype.doPrivate=me,ae.prototype.setPrivate=le,ae.prototype.setPrivateEx=de,ae.prototype.generate=ge,ae.prototype.decrypt=ye, // Copyright (c) 2011 Kevin M Burns Jr. // All Rights Reserved. // See "LICENSE" for details. From ea20227a3beac3da582da0d916a1d1ef0155b1e2 Mon Sep 17 00:00:00 2001 From: alfaro Date: Thu, 29 Jun 2017 15:08:21 -0500 Subject: [PATCH 3/4] update jsbn from jeanphix and modify jsencrypt to be able to use oaep --- bin/jsencrypt.js | 426 ++++++++++++++++++++++++++++++++++++++----- bin/jsencrypt.min.js | 16 +- gulpfile.js | 1 + lib/jsbn/LICENSE | 40 ++++ lib/jsbn/README.md | 138 +++++++++++++- lib/jsbn/base64.js | 10 +- lib/jsbn/ec.js | 343 ++++++++++++++++++++++++++++++++++ lib/jsbn/rng.js | 76 ++++---- lib/jsbn/rsa.js | 1 - lib/jsbn/rsa2.js | 1 - lib/jsbn/sec.js | 157 ++++++++++++++++ lib/jsbn/sha1.js | 330 +++++++++++++++++++++++++++++++++ src/jsencrypt.js | 7 +- 13 files changed, 1447 insertions(+), 99 deletions(-) create mode 100644 lib/jsbn/LICENSE create mode 100644 lib/jsbn/ec.js create mode 100644 lib/jsbn/sec.js create mode 100644 lib/jsbn/sha1.js diff --git a/bin/jsencrypt.js b/bin/jsencrypt.js index 99ec4d0..0e8c29e 100644 --- a/bin/jsencrypt.js +++ b/bin/jsencrypt.js @@ -1274,61 +1274,67 @@ function prng_newstate() { var rng_psize = 256; // Random number generator - requires a PRNG backend, e.g. prng4.js + +// For best results, put code like +// +// in your main HTML document. + var rng_state; var rng_pool; var rng_pptr; +// Mix in a 32-bit integer into the pool +function rng_seed_int(x) { + rng_pool[rng_pptr++] ^= x & 255; + rng_pool[rng_pptr++] ^= (x >> 8) & 255; + rng_pool[rng_pptr++] ^= (x >> 16) & 255; + rng_pool[rng_pptr++] ^= (x >> 24) & 255; + if(rng_pptr >= rng_psize) rng_pptr -= rng_psize; +} + +// Mix in the current time (w/milliseconds) into the pool +function rng_seed_time() { + rng_seed_int(new Date().getTime()); +} + // Initialize the pool with junk if needed. if(rng_pool == null) { rng_pool = new Array(); rng_pptr = 0; var t; if(window.crypto && window.crypto.getRandomValues) { - // Extract entropy (2048 bits) from RNG if available - var z = new Uint32Array(256); - window.crypto.getRandomValues(z); - for (t = 0; t < z.length; ++t) - rng_pool[rng_pptr++] = z[t] & 255; + // Use webcrypto if available + var ua = new Uint8Array(32); + window.crypto.getRandomValues(ua); + for(t = 0; t < 32; ++t) + rng_pool[rng_pptr++] = ua[t]; } - - // Use mouse events for entropy, if we do not have enough entropy by the time - // we need it, entropy will be generated by Math.random. - var onMouseMoveListener = function(ev) { - this.count = this.count || 0; - if (this.count >= 256 || rng_pptr >= rng_psize) { - if (window.removeEventListener) - window.removeEventListener("mousemove", onMouseMoveListener, false); - else if (window.detachEvent) - window.detachEvent("onmousemove", onMouseMoveListener); - return; - } - try { - var mouseCoordinates = ev.x + ev.y; - rng_pool[rng_pptr++] = mouseCoordinates & 255; - this.count += 1; - } catch (e) { - // Sometimes Firefox will deny permission to access event properties for some reason. Ignore. - } - }; - if (window.addEventListener) - window.addEventListener("mousemove", onMouseMoveListener, false); - else if (window.attachEvent) - window.attachEvent("onmousemove", onMouseMoveListener); - + if(navigator.appName == "Netscape" && navigator.appVersion < "5" && window.crypto) { + // Extract entropy (256 bits) from NS4 RNG if available + var z = window.crypto.random(32); + for(t = 0; t < z.length; ++t) + rng_pool[rng_pptr++] = z.charCodeAt(t) & 255; + } + while(rng_pptr < rng_psize) { // extract some randomness from Math.random() + t = Math.floor(65536 * Math.random()); + rng_pool[rng_pptr++] = t >>> 8; + rng_pool[rng_pptr++] = t & 255; + } + rng_pptr = 0; + rng_seed_time(); + //rng_seed_int(window.screenX); + //rng_seed_int(window.screenY); } function rng_get_byte() { if(rng_state == null) { + rng_seed_time(); rng_state = prng_newstate(); - // At this point, we may not have collected enough entropy. If not, fall back to Math.random - while (rng_pptr < rng_psize) { - var random = Math.floor(65536 * Math.random()); - rng_pool[rng_pptr++] = random & 255; - } rng_state.init(rng_pool); for(rng_pptr = 0; rng_pptr < rng_pool.length; ++rng_pptr) rng_pool[rng_pptr] = 0; rng_pptr = 0; + //rng_pool = null; } // TODO: allow reseeding after first request return rng_state.next(); @@ -1510,7 +1516,6 @@ RSAKey.prototype.setPublic = RSASetPublic; RSAKey.prototype.encrypt = RSAEncrypt; //RSAKey.prototype.encrypt_b64 = RSAEncryptB64; - // Depends on rsa.js and jsbn2.js // Version 1.1: support utf-8 decoding in pkcs1unpad2 @@ -1722,7 +1727,6 @@ RSAKey.prototype.generate = RSAGenerate; RSAKey.prototype.decrypt = RSADecrypt; //RSAKey.prototype.b64_decrypt = RSAB64Decrypt; - // Copyright (c) 2011 Kevin M Burns Jr. // All Rights Reserved. // See "LICENSE" for details. @@ -1876,7 +1880,7 @@ BigInteger.prototype.fromNumberAsync = bnpFromNumberAsync; })(); var b64map="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; -var b64pad="="; +var b64padchar="="; function hex2b64(h) { var i; @@ -1894,19 +1898,19 @@ function hex2b64(h) { c = parseInt(h.substring(i,i+2),16); ret += b64map.charAt(c >> 2) + b64map.charAt((c & 3) << 4); } - while((ret.length & 3) > 0) ret += b64pad; + while((ret.length & 3) > 0) ret += b64padchar; return ret; } // convert a base64 string to hex function b64tohex(s) { - var ret = ""; + var ret = "" var i; var k = 0; // b64 state, 0-3 var slop; for(i = 0; i < s.length; ++i) { - if(s.charAt(i) == b64pad) break; - var v = b64map.indexOf(s.charAt(i)); + if(s.charAt(i) == b64padchar) break; + v = b64map.indexOf(s.charAt(i)); if(v < 0) continue; if(k == 0) { ret += int2char(v >> 2); @@ -1947,6 +1951,337 @@ function b64toBA(s) { return a; } +/* + * A JavaScript implementation of the Secure Hash Algorithm, SHA-1, as defined + * in FIPS 180-1 + * Version 2.2 Copyright Paul Johnston 2000 - 2009. + * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet + * Distributed under the BSD License + * See http://pajhome.org.uk/crypt/md5 for details. + */ + +/* + * Configurable variables. You may need to tweak these to be compatible with + * the server-side, but the defaults work in most cases. + */ +var hexcase = 0; /* hex output format. 0 - lowercase; 1 - uppercase */ +var b64pad = ""; /* base-64 pad character. "=" for strict RFC compliance */ + +/* + * These are the functions you'll usually want to call + * They take string arguments and return either hex or base-64 encoded strings + */ +function hex_sha1(s) { return rstr2hex(rstr_sha1(str2rstr_utf8(s))); } +function b64_sha1(s) { return rstr2b64(rstr_sha1(str2rstr_utf8(s))); } +function any_sha1(s, e) { return rstr2any(rstr_sha1(str2rstr_utf8(s)), e); } +function hex_hmac_sha1(k, d) + { return rstr2hex(rstr_hmac_sha1(str2rstr_utf8(k), str2rstr_utf8(d))); } +function b64_hmac_sha1(k, d) + { return rstr2b64(rstr_hmac_sha1(str2rstr_utf8(k), str2rstr_utf8(d))); } +function any_hmac_sha1(k, d, e) + { return rstr2any(rstr_hmac_sha1(str2rstr_utf8(k), str2rstr_utf8(d)), e); } + +/* + * Perform a simple self-test to see if the VM is working + */ +function sha1_vm_test() +{ + return hex_sha1("abc").toLowerCase() == "a9993e364706816aba3e25717850c26c9cd0d89d"; +} + +/* + * Calculate the SHA1 of a raw string + */ +function rstr_sha1(s) +{ + return binb2rstr(binb_sha1(rstr2binb(s), s.length * 8)); +} + +/* + * Calculate the HMAC-SHA1 of a key and some data (raw strings) + */ +function rstr_hmac_sha1(key, data) +{ + var bkey = rstr2binb(key); + if(bkey.length > 16) bkey = binb_sha1(bkey, key.length * 8); + + var ipad = Array(16), opad = Array(16); + for(var i = 0; i < 16; i++) + { + ipad[i] = bkey[i] ^ 0x36363636; + opad[i] = bkey[i] ^ 0x5C5C5C5C; + } + + var hash = binb_sha1(ipad.concat(rstr2binb(data)), 512 + data.length * 8); + return binb2rstr(binb_sha1(opad.concat(hash), 512 + 160)); +} + +/* + * Convert a raw string to a hex string + */ +function rstr2hex(input) +{ + try { hexcase } catch(e) { hexcase=0; } + var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef"; + var output = ""; + var x; + for(var i = 0; i < input.length; i++) + { + x = input.charCodeAt(i); + output += hex_tab.charAt((x >>> 4) & 0x0F) + + hex_tab.charAt( x & 0x0F); + } + return output; +} + +/* + * Convert a raw string to a base-64 string + */ +function rstr2b64(input) +{ + try { b64pad } catch(e) { b64pad=''; } + var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + var output = ""; + var len = input.length; + for(var i = 0; i < len; i += 3) + { + var triplet = (input.charCodeAt(i) << 16) + | (i + 1 < len ? input.charCodeAt(i+1) << 8 : 0) + | (i + 2 < len ? input.charCodeAt(i+2) : 0); + for(var j = 0; j < 4; j++) + { + if(i * 8 + j * 6 > input.length * 8) output += b64pad; + else output += tab.charAt((triplet >>> 6*(3-j)) & 0x3F); + } + } + return output; +} + +/* + * Convert a raw string to an arbitrary string encoding + */ +function rstr2any(input, encoding) +{ + var divisor = encoding.length; + var remainders = Array(); + var i, q, x, quotient; + + /* Convert to an array of 16-bit big-endian values, forming the dividend */ + var dividend = Array(Math.ceil(input.length / 2)); + for(i = 0; i < dividend.length; i++) + { + dividend[i] = (input.charCodeAt(i * 2) << 8) | input.charCodeAt(i * 2 + 1); + } + + /* + * Repeatedly perform a long division. The binary array forms the dividend, + * the length of the encoding is the divisor. Once computed, the quotient + * forms the dividend for the next step. We stop when the dividend is zero. + * All remainders are stored for later use. + */ + while(dividend.length > 0) + { + quotient = Array(); + x = 0; + for(i = 0; i < dividend.length; i++) + { + x = (x << 16) + dividend[i]; + q = Math.floor(x / divisor); + x -= q * divisor; + if(quotient.length > 0 || q > 0) + quotient[quotient.length] = q; + } + remainders[remainders.length] = x; + dividend = quotient; + } + + /* Convert the remainders to the output string */ + var output = ""; + for(i = remainders.length - 1; i >= 0; i--) + output += encoding.charAt(remainders[i]); + + /* Append leading zero equivalents */ + var full_length = Math.ceil(input.length * 8 / + (Math.log(encoding.length) / Math.log(2))) + for(i = output.length; i < full_length; i++) + output = encoding[0] + output; + + return output; +} + +/* + * Encode a string as utf-8. + * For efficiency, this assumes the input is valid utf-16. + */ +function str2rstr_utf8(input) +{ + var output = ""; + var i = -1; + var x, y; + + while(++i < input.length) + { + /* Decode utf-16 surrogate pairs */ + x = input.charCodeAt(i); + y = i + 1 < input.length ? input.charCodeAt(i + 1) : 0; + if(0xD800 <= x && x <= 0xDBFF && 0xDC00 <= y && y <= 0xDFFF) + { + x = 0x10000 + ((x & 0x03FF) << 10) + (y & 0x03FF); + i++; + } + + /* Encode output as utf-8 */ + if(x <= 0x7F) + output += String.fromCharCode(x); + else if(x <= 0x7FF) + output += String.fromCharCode(0xC0 | ((x >>> 6 ) & 0x1F), + 0x80 | ( x & 0x3F)); + else if(x <= 0xFFFF) + output += String.fromCharCode(0xE0 | ((x >>> 12) & 0x0F), + 0x80 | ((x >>> 6 ) & 0x3F), + 0x80 | ( x & 0x3F)); + else if(x <= 0x1FFFFF) + output += String.fromCharCode(0xF0 | ((x >>> 18) & 0x07), + 0x80 | ((x >>> 12) & 0x3F), + 0x80 | ((x >>> 6 ) & 0x3F), + 0x80 | ( x & 0x3F)); + } + return output; +} + +/* + * Encode a string as utf-16 + */ +function str2rstr_utf16le(input) +{ + var output = ""; + for(var i = 0; i < input.length; i++) + output += String.fromCharCode( input.charCodeAt(i) & 0xFF, + (input.charCodeAt(i) >>> 8) & 0xFF); + return output; +} + +function str2rstr_utf16be(input) +{ + var output = ""; + for(var i = 0; i < input.length; i++) + output += String.fromCharCode((input.charCodeAt(i) >>> 8) & 0xFF, + input.charCodeAt(i) & 0xFF); + return output; +} + +/* + * Convert a raw string to an array of big-endian words + * Characters >255 have their high-byte silently ignored. + */ +function rstr2binb(input) +{ + var output = Array(input.length >> 2); + for(var i = 0; i < output.length; i++) + output[i] = 0; + for(var i = 0; i < input.length * 8; i += 8) + output[i>>5] |= (input.charCodeAt(i / 8) & 0xFF) << (24 - i % 32); + return output; +} + +/* + * Convert an array of big-endian words to a string + */ +function binb2rstr(input) +{ + var output = ""; + for(var i = 0; i < input.length * 32; i += 8) + output += String.fromCharCode((input[i>>5] >>> (24 - i % 32)) & 0xFF); + return output; +} + +/* + * Calculate the SHA-1 of an array of big-endian words, and a bit length + */ +function binb_sha1(x, len) +{ + /* append padding */ + x[len >> 5] |= 0x80 << (24 - len % 32); + x[((len + 64 >> 9) << 4) + 15] = len; + + var w = Array(80); + var a = 1732584193; + var b = -271733879; + var c = -1732584194; + var d = 271733878; + var e = -1009589776; + + for(var i = 0; i < x.length; i += 16) + { + var olda = a; + var oldb = b; + var oldc = c; + var oldd = d; + var olde = e; + + for(var j = 0; j < 80; j++) + { + if(j < 16) w[j] = x[i + j]; + else w[j] = bit_rol(w[j-3] ^ w[j-8] ^ w[j-14] ^ w[j-16], 1); + var t = safe_add(safe_add(bit_rol(a, 5), sha1_ft(j, b, c, d)), + safe_add(safe_add(e, w[j]), sha1_kt(j))); + e = d; + d = c; + c = bit_rol(b, 30); + b = a; + a = t; + } + + a = safe_add(a, olda); + b = safe_add(b, oldb); + c = safe_add(c, oldc); + d = safe_add(d, oldd); + e = safe_add(e, olde); + } + return Array(a, b, c, d, e); + +} + +/* + * Perform the appropriate triplet combination function for the current + * iteration + */ +function sha1_ft(t, b, c, d) +{ + if(t < 20) return (b & c) | ((~b) & d); + if(t < 40) return b ^ c ^ d; + if(t < 60) return (b & c) | (b & d) | (c & d); + return b ^ c ^ d; +} + +/* + * Determine the appropriate additive constant for the current iteration + */ +function sha1_kt(t) +{ + return (t < 20) ? 1518500249 : (t < 40) ? 1859775393 : + (t < 60) ? -1894007588 : -899497514; +} + +/* + * Add integers, wrapping at 2^32. This uses 16-bit operations internally + * to work around bugs in some JS interpreters. + */ +function safe_add(x, y) +{ + var lsw = (x & 0xFFFF) + (y & 0xFFFF); + var msw = (x >> 16) + (y >> 16) + (lsw >> 16); + return (msw << 16) | (lsw & 0xFFFF); +} + +/* + * Bitwise rotate a 32-bit number to the left. + */ +function bit_rol(num, cnt) +{ + return (num << cnt) | (num >>> (32 - cnt)); +} + /*! asn1-1.0.2.js (c) 2013 Kenji Urushima | kjur.github.com/jsrsasign/license */ @@ -4404,10 +4739,13 @@ JSEncrypt.prototype.decrypt = function (string) { * @return {string} the encrypted string encoded in base64 * @public */ -JSEncrypt.prototype.encrypt = function (string) { +JSEncrypt.prototype.encrypt = function (string, use_oaep) { // Return the encrypted string. try { - return hex2b64(this.getKey().encrypt(string)); + if (use_oaep) { + return hex2b64(this.getKey().encrypt(string, oaep_pad)); + } + return hex2b64(this.getKey().encrypt(string)); } catch (ex) { return false; diff --git a/bin/jsencrypt.min.js b/bin/jsencrypt.min.js index 4eee1e0..81be2d5 100644 --- a/bin/jsencrypt.min.js +++ b/bin/jsencrypt.min.js @@ -1,13 +1,13 @@ /*! JSEncrypt v2.3.1 | https://npmcdn.com/jsencrypt@2.3.1/LICENSE.txt */ -!function(t,e){"function"==typeof define&&define.amd?define(["exports"],e):e("object"==typeof exports&&"string"!=typeof exports.nodeName?module.exports:t)}(this,function(t){function e(t,e,i){null!=t&&("number"==typeof t?this.fromNumber(t,e,i):null==e&&"string"!=typeof t?this.fromString(t,256):this.fromString(t,e))}function i(){return new e(null)}function r(t,e,i,r,s,n){for(;--n>=0;){var o=e*this[t++]+i[r]+s;s=Math.floor(o/67108864),i[r++]=67108863&o}return s}function s(t,e,i,r,s,n){for(var o=32767&e,h=e>>15;--n>=0;){var a=32767&this[t],u=this[t++]>>15,c=h*a+u*o;a=o*a+((32767&c)<<15)+i[r]+(1073741823&s),s=(a>>>30)+(c>>>15)+h*u+(s>>>30),i[r++]=1073741823&a}return s}function n(t,e,i,r,s,n){for(var o=16383&e,h=e>>14;--n>=0;){var a=16383&this[t],u=this[t++]>>14,c=h*a+u*o;a=o*a+((16383&c)<<14)+i[r]+s,s=(a>>28)+(c>>14)+h*u,i[r++]=268435455&a}return s}function o(t){return xe.charAt(t)}function h(t,e){var i=Be[t.charCodeAt(e)];return null==i?-1:i}function a(t){for(var e=this.t-1;e>=0;--e)t[e]=this[e];t.t=this.t,t.s=this.s}function u(t){this.t=1,this.s=t<0?-1:0,t>0?this[0]=t:t<-1?this[0]=t+this.DV:this.t=0}function c(t){var e=i();return e.fromInt(t),e}function f(t,i){var r;if(16==i)r=4;else if(8==i)r=3;else if(256==i)r=8;else if(2==i)r=1;else if(32==i)r=5;else{if(4!=i)return void this.fromRadix(t,i);r=2}this.t=0,this.s=0;for(var s=t.length,n=!1,o=0;--s>=0;){var a=8==r?255&t[s]:h(t,s);a<0?"-"==t.charAt(s)&&(n=!0):(n=!1,0==o?this[this.t++]=a:o+r>this.DB?(this[this.t-1]|=(a&(1<>this.DB-o):this[this.t-1]|=a<=this.DB&&(o-=this.DB))}8==r&&0!=(128&t[0])&&(this.s=-1,o>0&&(this[this.t-1]|=(1<0&&this[this.t-1]==t;)--this.t}function l(t){if(this.s<0)return"-"+this.negate().toString(t);var e;if(16==t)e=4;else if(8==t)e=3;else if(2==t)e=1;else if(32==t)e=5;else{if(4!=t)return this.toRadix(t);e=2}var i,r=(1<0)for(a>a)>0&&(s=!0,n=o(i));h>=0;)a>(a+=this.DB-e)):(i=this[h]>>(a-=e)&r,a<=0&&(a+=this.DB,--h)),i>0&&(s=!0),s&&(n+=o(i));return s?n:"0"}function d(){var t=i();return e.ZERO.subTo(this,t),t}function g(){return this.s<0?this.negate():this}function m(t){var e=this.s-t.s;if(0!=e)return e;var i=this.t;if(e=i-t.t,0!=e)return this.s<0?-e:e;for(;--i>=0;)if(0!=(e=this[i]-t[i]))return e;return 0}function y(t){var e,i=1;return 0!=(e=t>>>16)&&(t=e,i+=16),0!=(e=t>>8)&&(t=e,i+=8),0!=(e=t>>4)&&(t=e,i+=4),0!=(e=t>>2)&&(t=e,i+=2),0!=(e=t>>1)&&(t=e,i+=1),i}function v(){return this.t<=0?0:this.DB*(this.t-1)+y(this[this.t-1]^this.s&this.DM)}function b(t,e){var i;for(i=this.t-1;i>=0;--i)e[i+t]=this[i];for(i=t-1;i>=0;--i)e[i]=0;e.t=this.t+t,e.s=this.s}function T(t,e){for(var i=t;i=0;--i)e[i+o+1]=this[i]>>s|h,h=(this[i]&n)<=0;--i)e[i]=0;e[o]=h,e.t=this.t+o+1,e.s=this.s,e.clamp()}function R(t,e){e.s=this.s;var i=Math.floor(t/this.DB);if(i>=this.t)return void(e.t=0);var r=t%this.DB,s=this.DB-r,n=(1<>r;for(var o=i+1;o>r;r>0&&(e[this.t-i-1]|=(this.s&n)<>=this.DB;if(t.t>=this.DB;r+=this.s}else{for(r+=this.s;i>=this.DB;r-=t.s}e.s=r<0?-1:0,r<-1?e[i++]=this.DV+r:r>0&&(e[i++]=r),e.t=i,e.clamp()}function D(t,i){var r=this.abs(),s=t.abs(),n=r.t;for(i.t=n+s.t;--n>=0;)i[n]=0;for(n=0;n=0;)t[i]=0;for(i=0;i=e.DV&&(t[i+e.t]-=e.DV,t[i+e.t+1]=1)}t.t>0&&(t[t.t-1]+=e.am(i,e[i],t,2*i,0,1)),t.s=0,t.clamp()}function x(t,r,s){var n=t.abs();if(!(n.t<=0)){var o=this.abs();if(o.t0?(n.lShiftTo(c,h),o.lShiftTo(c,s)):(n.copyTo(h),o.copyTo(s));var f=h.t,p=h[f-1];if(0!=p){var l=p*(1<1?h[f-2]>>this.F2:0),d=this.FV/l,g=(1<=0&&(s[s.t++]=1,s.subTo(T,s)),e.ONE.dlShiftTo(f,T),T.subTo(h,h);h.t=0;){var S=s[--v]==p?this.DM:Math.floor(s[v]*d+(s[v-1]+m)*g);if((s[v]+=h.am(0,S,s,b,0,f))0&&s.rShiftTo(c,s),a<0&&e.ZERO.subTo(s,s)}}}function B(t){var r=i();return this.abs().divRemTo(t,null,r),this.s<0&&r.compareTo(e.ZERO)>0&&t.subTo(r,r),r}function K(t){this.m=t}function A(t){return t.s<0||t.compareTo(this.m)>=0?t.mod(this.m):t}function U(t){return t}function O(t){t.divRemTo(this.m,null,t)}function V(t,e,i){t.multiplyTo(e,i),this.reduce(i)}function N(t,e){t.squareTo(e),this.reduce(e)}function J(){if(this.t<1)return 0;var t=this[0];if(0==(1&t))return 0;var e=3&t;return e=e*(2-(15&t)*e)&15,e=e*(2-(255&t)*e)&255,e=e*(2-((65535&t)*e&65535))&65535,e=e*(2-t*e%this.DV)%this.DV,e>0?this.DV-e:-e}function I(t){this.m=t,this.mp=t.invDigit(),this.mpl=32767&this.mp,this.mph=this.mp>>15,this.um=(1<0&&this.m.subTo(r,r),r}function M(t){var e=i();return t.copyTo(e),this.reduce(e),e}function L(t){for(;t.t<=this.mt2;)t[t.t++]=0;for(var e=0;e>15)*this.mpl&this.um)<<15)&t.DM;for(i=e+this.m.t,t[i]+=this.m.am(0,r,t,e,0,this.m.t);t[i]>=t.DV;)t[i]-=t.DV,t[++i]++}t.clamp(),t.drShiftTo(this.m.t,t),t.compareTo(this.m)>=0&&t.subTo(this.m,t)}function q(t,e){t.squareTo(e),this.reduce(e)}function C(t,e,i){t.multiplyTo(e,i),this.reduce(i)}function H(){return 0==(this.t>0?1&this[0]:this.s)}function j(t,r){if(t>4294967295||t<1)return e.ONE;var s=i(),n=i(),o=r.convert(this),h=y(t)-1;for(o.copyTo(s);--h>=0;)if(r.sqrTo(s,n),(t&1<0)r.mulTo(n,o,s);else{var a=s;s=n,n=a}return r.revert(s)}function k(t,e){var i;return i=t<256||e.isEven()?new K(e):new I(e),this.exp(t,i)} +!function(t,e){"function"==typeof define&&define.amd?define(["exports"],e):e("object"==typeof exports&&"string"!=typeof exports.nodeName?module.exports:t)}(this,function(t){function e(t,e,i){null!=t&&("number"==typeof t?this.fromNumber(t,e,i):null==e&&"string"!=typeof t?this.fromString(t,256):this.fromString(t,e))}function i(){return new e(null)}function r(t,e,i,r,n,s){for(;--s>=0;){var o=e*this[t++]+i[r]+n;n=Math.floor(o/67108864),i[r++]=67108863&o}return n}function n(t,e,i,r,n,s){for(var o=32767&e,h=e>>15;--s>=0;){var a=32767&this[t],u=this[t++]>>15,c=h*a+u*o;a=o*a+((32767&c)<<15)+i[r]+(1073741823&n),n=(a>>>30)+(c>>>15)+h*u+(n>>>30),i[r++]=1073741823&a}return n}function s(t,e,i,r,n,s){for(var o=16383&e,h=e>>14;--s>=0;){var a=16383&this[t],u=this[t++]>>14,c=h*a+u*o;a=o*a+((16383&c)<<14)+i[r]+n,n=(a>>28)+(c>>14)+h*u,i[r++]=268435455&a}return n}function o(t){return Le.charAt(t)}function h(t,e){var i=qe[t.charCodeAt(e)];return null==i?-1:i}function a(t){for(var e=this.t-1;e>=0;--e)t[e]=this[e];t.t=this.t,t.s=this.s}function u(t){this.t=1,this.s=t<0?-1:0,t>0?this[0]=t:t<-1?this[0]=t+this.DV:this.t=0}function c(t){var e=i();return e.fromInt(t),e}function f(t,i){var r;if(16==i)r=4;else if(8==i)r=3;else if(256==i)r=8;else if(2==i)r=1;else if(32==i)r=5;else{if(4!=i)return void this.fromRadix(t,i);r=2}this.t=0,this.s=0;for(var n=t.length,s=!1,o=0;--n>=0;){var a=8==r?255&t[n]:h(t,n);a<0?"-"==t.charAt(n)&&(s=!0):(s=!1,0==o?this[this.t++]=a:o+r>this.DB?(this[this.t-1]|=(a&(1<>this.DB-o):this[this.t-1]|=a<=this.DB&&(o-=this.DB))}8==r&&0!=(128&t[0])&&(this.s=-1,o>0&&(this[this.t-1]|=(1<0&&this[this.t-1]==t;)--this.t}function l(t){if(this.s<0)return"-"+this.negate().toString(t);var e;if(16==t)e=4;else if(8==t)e=3;else if(2==t)e=1;else if(32==t)e=5;else{if(4!=t)return this.toRadix(t);e=2}var i,r=(1<0)for(a>a)>0&&(n=!0,s=o(i));h>=0;)a>(a+=this.DB-e)):(i=this[h]>>(a-=e)&r,a<=0&&(a+=this.DB,--h)),i>0&&(n=!0),n&&(s+=o(i));return n?s:"0"}function d(){var t=i();return e.ZERO.subTo(this,t),t}function g(){return this.s<0?this.negate():this}function y(t){var e=this.s-t.s;if(0!=e)return e;var i=this.t;if(e=i-t.t,0!=e)return this.s<0?-e:e;for(;--i>=0;)if(0!=(e=this[i]-t[i]))return e;return 0}function m(t){var e,i=1;return 0!=(e=t>>>16)&&(t=e,i+=16),0!=(e=t>>8)&&(t=e,i+=8),0!=(e=t>>4)&&(t=e,i+=4),0!=(e=t>>2)&&(t=e,i+=2),0!=(e=t>>1)&&(t=e,i+=1),i}function b(){return this.t<=0?0:this.DB*(this.t-1)+m(this[this.t-1]^this.s&this.DM)}function T(t,e){var i;for(i=this.t-1;i>=0;--i)e[i+t]=this[i];for(i=t-1;i>=0;--i)e[i]=0;e.t=this.t+t,e.s=this.s}function S(t,e){for(var i=t;i=0;--i)e[i+o+1]=this[i]>>n|h,h=(this[i]&s)<=0;--i)e[i]=0;e[o]=h,e.t=this.t+o+1,e.s=this.s,e.clamp()}function D(t,e){e.s=this.s;var i=Math.floor(t/this.DB);if(i>=this.t)return void(e.t=0);var r=t%this.DB,n=this.DB-r,s=(1<>r;for(var o=i+1;o>r;r>0&&(e[this.t-i-1]|=(this.s&s)<>=this.DB;if(t.t>=this.DB;r+=this.s}else{for(r+=this.s;i>=this.DB;r-=t.s}e.s=r<0?-1:0,r<-1?e[i++]=this.DV+r:r>0&&(e[i++]=r),e.t=i,e.clamp()}function w(t,i){var r=this.abs(),n=t.abs(),s=r.t;for(i.t=s+n.t;--s>=0;)i[s]=0;for(s=0;s=0;)t[i]=0;for(i=0;i=e.DV&&(t[i+e.t]-=e.DV,t[i+e.t+1]=1)}t.t>0&&(t[t.t-1]+=e.am(i,e[i],t,2*i,0,1)),t.s=0,t.clamp()}function A(t,r,n){var s=t.abs();if(!(s.t<=0)){var o=this.abs();if(o.t0?(s.lShiftTo(c,h),o.lShiftTo(c,n)):(s.copyTo(h),o.copyTo(n));var f=h.t,p=h[f-1];if(0!=p){var l=p*(1<1?h[f-2]>>this.F2:0),d=this.FV/l,g=(1<=0&&(n[n.t++]=1,n.subTo(T,n)),e.ONE.dlShiftTo(f,T),T.subTo(h,h);h.t=0;){var S=n[--v]==p?this.DM:Math.floor(n[v]*d+(n[v-1]+y)*g);if((n[v]+=h.am(0,S,n,b,0,f))0&&n.rShiftTo(c,n),a<0&&e.ZERO.subTo(n,n)}}}function B(t){var r=i();return this.abs().divRemTo(t,null,r),this.s<0&&r.compareTo(e.ZERO)>0&&t.subTo(r,r),r}function K(t){this.m=t}function U(t){return t.s<0||t.compareTo(this.m)>=0?t.mod(this.m):t}function O(t){return t}function V(t){t.divRemTo(this.m,null,t)}function N(t,e,i){t.multiplyTo(e,i),this.reduce(i)}function J(t,e){t.squareTo(e),this.reduce(e)}function I(){if(this.t<1)return 0;var t=this[0];if(0==(1&t))return 0;var e=3&t;return e=e*(2-(15&t)*e)&15,e=e*(2-(255&t)*e)&255,e=e*(2-((65535&t)*e&65535))&65535,e=e*(2-t*e%this.DV)%this.DV,e>0?this.DV-e:-e}function P(t){this.m=t,this.mp=t.invDigit(),this.mpl=32767&this.mp,this.mph=this.mp>>15,this.um=(1<0&&this.m.subTo(r,r),r}function C(t){var e=i();return t.copyTo(e),this.reduce(e),e}function L(t){for(;t.t<=this.mt2;)t[t.t++]=0;for(var e=0;e>15)*this.mpl&this.um)<<15)&t.DM;for(i=e+this.m.t,t[i]+=this.m.am(0,r,t,e,0,this.m.t);t[i]>=t.DV;)t[i]-=t.DV,t[++i]++}t.clamp(),t.drShiftTo(this.m.t,t),t.compareTo(this.m)>=0&&t.subTo(this.m,t)}function q(t,e){t.squareTo(e),this.reduce(e)}function H(t,e,i){t.multiplyTo(e,i),this.reduce(i)}function j(){return 0==(this.t>0?1&this[0]:this.s)}function k(t,r){if(t>4294967295||t<1)return e.ONE;var n=i(),s=i(),o=r.convert(this),h=m(t)-1;for(o.copyTo(n);--h>=0;)if(r.sqrTo(n,s),(t&1<0)r.mulTo(s,o,n);else{var a=n;n=s,s=a}return r.revert(n)}function F(t,e){var i;return i=t<256||e.isEven()?new K(e):new P(e),this.exp(t,i)} // Copyright (c) 2005-2009 Tom Wu // All Rights Reserved. // See "LICENSE" for details. -function F(){var t=i();return this.copyTo(t),t}function _(){if(this.s<0){if(1==this.t)return this[0]-this.DV;if(0==this.t)return-1}else{if(1==this.t)return this[0];if(0==this.t)return 0}return(this[1]&(1<<32-this.DB)-1)<>24}function Z(){return 0==this.t?this.s:this[0]<<16>>16}function G(t){return Math.floor(Math.LN2*this.DB/Math.log(t))}function $(){return this.s<0?-1:this.t<=0||1==this.t&&this[0]<=0?0:1}function Y(t){if(null==t&&(t=10),0==this.signum()||t<2||t>36)return"0";var e=this.chunkSize(t),r=Math.pow(t,e),s=c(r),n=i(),o=i(),h="";for(this.divRemTo(s,n,o);n.signum()>0;)h=(r+o.intValue()).toString(t).substr(1)+h,n.divRemTo(s,n,o);return o.intValue().toString(t)+h}function W(t,i){this.fromInt(0),null==i&&(i=10);for(var r=this.chunkSize(i),s=Math.pow(i,r),n=!1,o=0,a=0,u=0;u=r&&(this.dMultiply(s),this.dAddOffset(a,0),o=0,a=0))}o>0&&(this.dMultiply(Math.pow(i,o)),this.dAddOffset(a,0)),n&&e.ZERO.subTo(this,this)}function Q(t,i,r){if("number"==typeof i)if(t<2)this.fromInt(1);else for(this.fromNumber(t,r),this.testBit(t-1)||this.bitwiseTo(e.ONE.shiftLeft(t-1),ot,this),this.isEven()&&this.dAddOffset(1,0);!this.isProbablePrime(i);)this.dAddOffset(2,0),this.bitLength()>t&&this.subTo(e.ONE.shiftLeft(t-1),this);else{var s=new Array,n=7&t;s.length=(t>>3)+1,i.nextBytes(s),n>0?s[0]&=(1<0)for(r>r)!=(this.s&this.DM)>>r&&(e[s++]=i|this.s<=0;)r<8?(i=(this[t]&(1<>(r+=this.DB-8)):(i=this[t]>>(r-=8)&255,r<=0&&(r+=this.DB,--t)),0!=(128&i)&&(i|=-256),0==s&&(128&this.s)!=(128&i)&&++s,(s>0||i!=this.s)&&(e[s++]=i);return e}function tt(t){return 0==this.compareTo(t)}function et(t){return this.compareTo(t)<0?this:t}function it(t){return this.compareTo(t)>0?this:t}function rt(t,e,i){var r,s,n=Math.min(t.t,this.t);for(r=0;r>=16,e+=16),0==(255&t)&&(t>>=8,e+=8),0==(15&t)&&(t>>=4,e+=4),0==(3&t)&&(t>>=2,e+=2),0==(1&t)&&++e,e}function mt(){for(var t=0;t=this.t?0!=this.s:0!=(this[e]&1<>=this.DB;if(t.t>=this.DB;r+=this.s}else{for(r+=this.s;i>=this.DB;r+=t.s}e.s=r<0?-1:0,r>0?e[i++]=r:r<-1&&(e[i++]=this.DV+r),e.t=i,e.clamp()}function wt(t){var e=i();return this.addTo(t,e),e}function xt(t){var e=i();return this.subTo(t,e),e}function Bt(t){var e=i();return this.multiplyTo(t,e),e}function Kt(){var t=i();return this.squareTo(t),t}function At(t){var e=i();return this.divRemTo(t,e,null),e}function Ut(t){var e=i();return this.divRemTo(t,null,e),e}function Ot(t){var e=i(),r=i();return this.divRemTo(t,e,r),new Array(e,r)}function Vt(t){this[this.t]=this.am(0,t-1,this,0,0,this.t),++this.t,this.clamp()}function Nt(t,e){if(0!=t){for(;this.t<=e;)this[this.t++]=0;for(this[e]+=t;this[e]>=this.DV;)this[e]-=this.DV,++e>=this.t&&(this[this.t++]=0),++this[e]}}function Jt(){}function It(t){return t}function Pt(t,e,i){t.multiplyTo(e,i)}function Mt(t,e){t.squareTo(e)}function Lt(t){return this.exp(t,new Jt)}function qt(t,e,i){var r=Math.min(this.t+t.t,e);for(i.s=0,i.t=r;r>0;)i[--r]=0;var s;for(s=i.t-this.t;r=0;)i[r]=0;for(r=Math.max(e-this.t,0);r2*this.m.t)return t.mod(this.m);if(t.compareTo(this.m)<0)return t;var e=i();return t.copyTo(e),this.reduce(e),e}function kt(t){return t}function Ft(t){for(t.drShiftTo(this.m.t-1,this.r2),t.t>this.m.t+1&&(t.t=this.m.t+1,t.clamp()),this.mu.multiplyUpperTo(this.r2,this.m.t+1,this.q3),this.m.multiplyLowerTo(this.q3,this.m.t+1,this.r2);t.compareTo(this.r2)<0;)t.dAddOffset(1,this.m.t+1);for(t.subTo(this.r2,t);t.compareTo(this.m)>=0;)t.subTo(this.m,t)}function _t(t,e){t.squareTo(e),this.reduce(e)}function zt(t,e,i){t.multiplyTo(e,i),this.reduce(i)}function Zt(t,e){var r,s,n=t.bitLength(),o=c(1);if(n<=0)return o;r=n<18?1:n<48?3:n<144?4:n<768?5:6,s=n<8?new K(e):e.isEven()?new Ht(e):new I(e);var h=new Array,a=3,u=r-1,f=(1<1){var p=i();for(s.sqrTo(h[1],p);a<=f;)h[a]=i(),s.mulTo(p,h[a-2],h[a]),a+=2}var l,d,g=t.t-1,m=!0,v=i();for(n=y(t[g])-1;g>=0;){for(n>=u?l=t[g]>>n-u&f:(l=(t[g]&(1<0&&(l|=t[g-1]>>this.DB+n-u)),a=r;0==(1&l);)l>>=1,--a;if((n-=a)<0&&(n+=this.DB,--g),m)h[l].copyTo(o),m=!1;else{for(;a>1;)s.sqrTo(o,v),s.sqrTo(v,o),a-=2;a>0?s.sqrTo(o,v):(d=o,o=v,v=d),s.mulTo(v,h[l],o)}for(;g>=0&&0==(t[g]&1<0&&(e.rShiftTo(n,e),i.rShiftTo(n,i));e.signum()>0;)(s=e.getLowestSetBit())>0&&e.rShiftTo(s,e),(s=i.getLowestSetBit())>0&&i.rShiftTo(s,i),e.compareTo(i)>=0?(e.subTo(i,e),e.rShiftTo(1,e)):(i.subTo(e,i),i.rShiftTo(1,i));return n>0&&i.lShiftTo(n,i),i}function $t(t){if(t<=0)return 0;var e=this.DV%t,i=this.s<0?t-1:0;if(this.t>0)if(0==e)i=this[0]%t;else for(var r=this.t-1;r>=0;--r)i=(e*i+this[r])%t;return i}function Yt(t){var i=t.isEven();if(this.isEven()&&i||0==t.signum())return e.ZERO;for(var r=t.clone(),s=this.clone(),n=c(1),o=c(0),h=c(0),a=c(1);0!=r.signum();){for(;r.isEven();)r.rShiftTo(1,r),i?(n.isEven()&&o.isEven()||(n.addTo(this,n),o.subTo(t,o)),n.rShiftTo(1,n)):o.isEven()||o.subTo(t,o),o.rShiftTo(1,o);for(;s.isEven();)s.rShiftTo(1,s),i?(h.isEven()&&a.isEven()||(h.addTo(this,h),a.subTo(t,a)),h.rShiftTo(1,h)):a.isEven()||a.subTo(t,a),a.rShiftTo(1,a);r.compareTo(s)>=0?(r.subTo(s,r),i&&n.subTo(h,n),o.subTo(a,o)):(s.subTo(r,s),i&&h.subTo(n,h),a.subTo(o,a))}return 0!=s.compareTo(e.ONE)?e.ZERO:a.compareTo(t)>=0?a.subtract(t):a.signum()<0?(a.addTo(t,a),a.signum()<0?a.add(t):a):a}function Wt(t){var e,i=this.abs();if(1==i.t&&i[0]<=Ke[Ke.length-1]){for(e=0;e>1,t>Ke.length&&(t=Ke.length);for(var o=i(),h=0;h=0&&i>0;){var n=t.charCodeAt(s--);n<128?r[--i]=n:n>127&&n<2048?(r[--i]=63&n|128,r[--i]=n>>6|192):(r[--i]=63&n|128,r[--i]=n>>6&63|128,r[--i]=n>>12|224)}r[--i]=0;for(var o=new ne,h=new Array;i>2;){for(h[0]=0;0==h[0];)o.nextBytes(h);r[--i]=h[0]}return r[--i]=2,r[--i]=0,new e(r)}function ae(){this.n=null,this.e=0,this.d=null,this.p=null,this.q=null,this.dmp1=null,this.dmq1=null,this.coeff=null}function ue(t,e){null!=t&&null!=e&&t.length>0&&e.length>0?(this.n=oe(t,16),this.e=parseInt(e,16)):alert("Invalid RSA public key")}function ce(t){return t.modPowInt(this.e,this.n)}function fe(t,e){"undefined"==typeof e&&(e=he);var i=e(t,this.n.bitLength()+7>>3);if(null==i)return null;var r=this.doPublic(i);if(null==r)return null;var s=r.toString(16);return 0==(1&s.length)?s:"0"+s}function pe(t,e){for(var i=t.toByteArray(),r=0;r=i.length)return null;for(var s="";++r191&&n<224?(s+=String.fromCharCode((31&n)<<6|63&i[r+1]),++r):(s+=String.fromCharCode((15&n)<<12|(63&i[r+1])<<6|63&i[r+2]),r+=2)}return s}function le(t,e,i){null!=t&&null!=e&&t.length>0&&e.length>0?(this.n=oe(t,16),this.e=parseInt(e,16),this.d=oe(i,16)):alert("Invalid RSA private key")}function de(t,e,i,r,s,n,o,h){null!=t&&null!=e&&t.length>0&&e.length>0?(this.n=oe(t,16),this.e=parseInt(e,16),this.d=oe(i,16),this.p=oe(r,16),this.q=oe(s,16),this.dmp1=oe(n,16),this.dmq1=oe(o,16),this.coeff=oe(h,16)):alert("Invalid RSA private key")}function ge(t,i){var r=new ne,s=t>>1;this.e=parseInt(i,16);for(var n=new e(i,16);;){for(;this.p=new e(t-s,1,r),0!=this.p.subtract(e.ONE).gcd(n).compareTo(e.ONE)||!this.p.isProbablePrime(10););for(;this.q=new e(s,1,r),0!=this.q.subtract(e.ONE).gcd(n).compareTo(e.ONE)||!this.q.isProbablePrime(10););if(this.p.compareTo(this.q)<=0){var o=this.p;this.p=this.q,this.q=o}var h=this.p.subtract(e.ONE),a=this.q.subtract(e.ONE),u=h.multiply(a);if(0==u.gcd(n).compareTo(e.ONE)){this.n=this.p.multiply(this.q),this.d=n.modInverse(u),this.dmp1=this.d.mod(h),this.dmq1=this.d.mod(a),this.coeff=this.q.modInverse(this.p);break}}}function me(t){if(null==this.p||null==this.q)return t.modPow(this.d,this.n);for(var e=t.mod(this.p).modPow(this.dmp1,this.p),i=t.mod(this.q).modPow(this.dmq1,this.q);e.compareTo(i)<0;)e=e.add(this.p);return e.subtract(i).multiply(this.coeff).mod(this.p).multiply(this.q).add(i)}function ye(t,e){"undefined"==typeof e&&(e=pe);var i=oe(t,16),r=this.doPrivate(i);return null==r?null:e(r,this.n.bitLength()+7>>3)}function ve(t){var e,i,r="";for(e=0;e+3<=t.length;e+=3)i=parseInt(t.substring(e,e+3),16),r+=Me.charAt(i>>6)+Me.charAt(63&i);for(e+1==t.length?(i=parseInt(t.substring(e,e+1),16),r+=Me.charAt(i<<2)):e+2==t.length&&(i=parseInt(t.substring(e,e+2),16),r+=Me.charAt(i>>2)+Me.charAt((3&i)<<4));(3&r.length)>0;)r+=Le;return r}function be(t){var e,i,r="",s=0;for(e=0;e>2),i=3&n,s=1):1==s?(r+=o(i<<2|n>>4),i=15&n,s=2):2==s?(r+=o(i),r+=o(n>>2),i=3&n,s=3):(r+=o(i<<2|n>>4),r+=o(15&n),s=0))}return 1==s&&(r+=o(i<<2)),r} +function _(){var t=i();return this.copyTo(t),t}function z(){if(this.s<0){if(1==this.t)return this[0]-this.DV;if(0==this.t)return-1}else{if(1==this.t)return this[0];if(0==this.t)return 0}return(this[1]&(1<<32-this.DB)-1)<>24}function G(){return 0==this.t?this.s:this[0]<<16>>16}function $(t){return Math.floor(Math.LN2*this.DB/Math.log(t))}function Y(){return this.s<0?-1:this.t<=0||1==this.t&&this[0]<=0?0:1}function W(t){if(null==t&&(t=10),0==this.signum()||t<2||t>36)return"0";var e=this.chunkSize(t),r=Math.pow(t,e),n=c(r),s=i(),o=i(),h="";for(this.divRemTo(n,s,o);s.signum()>0;)h=(r+o.intValue()).toString(t).substr(1)+h,s.divRemTo(n,s,o);return o.intValue().toString(t)+h}function Q(t,i){this.fromInt(0),null==i&&(i=10);for(var r=this.chunkSize(i),n=Math.pow(i,r),s=!1,o=0,a=0,u=0;u=r&&(this.dMultiply(n),this.dAddOffset(a,0),o=0,a=0))}o>0&&(this.dMultiply(Math.pow(i,o)),this.dAddOffset(a,0)),s&&e.ZERO.subTo(this,this)}function X(t,i,r){if("number"==typeof i)if(t<2)this.fromInt(1);else for(this.fromNumber(t,r),this.testBit(t-1)||this.bitwiseTo(e.ONE.shiftLeft(t-1),ht,this),this.isEven()&&this.dAddOffset(1,0);!this.isProbablePrime(i);)this.dAddOffset(2,0),this.bitLength()>t&&this.subTo(e.ONE.shiftLeft(t-1),this);else{var n=new Array,s=7&t;n.length=(t>>3)+1,i.nextBytes(n),s>0?n[0]&=(1<0)for(r>r)!=(this.s&this.DM)>>r&&(e[n++]=i|this.s<=0;)r<8?(i=(this[t]&(1<>(r+=this.DB-8)):(i=this[t]>>(r-=8)&255,r<=0&&(r+=this.DB,--t)),0!=(128&i)&&(i|=-256),0==n&&(128&this.s)!=(128&i)&&++n,(n>0||i!=this.s)&&(e[n++]=i);return e}function et(t){return 0==this.compareTo(t)}function it(t){return this.compareTo(t)<0?this:t}function rt(t){return this.compareTo(t)>0?this:t}function nt(t,e,i){var r,n,s=Math.min(t.t,this.t);for(r=0;r>=16,e+=16),0==(255&t)&&(t>>=8,e+=8),0==(15&t)&&(t>>=4,e+=4),0==(3&t)&&(t>>=2,e+=2),0==(1&t)&&++e,e}function mt(){for(var t=0;t=this.t?0!=this.s:0!=(this[e]&1<>=this.DB;if(t.t>=this.DB;r+=this.s}else{for(r+=this.s;i>=this.DB;r+=t.s}e.s=r<0?-1:0,r>0?e[i++]=r:r<-1&&(e[i++]=this.DV+r),e.t=i,e.clamp()}function xt(t){var e=i();return this.addTo(t,e),e}function At(t){var e=i();return this.subTo(t,e),e}function Bt(t){var e=i();return this.multiplyTo(t,e),e}function Kt(){var t=i();return this.squareTo(t),t}function Ut(t){var e=i();return this.divRemTo(t,e,null),e}function Ot(t){var e=i();return this.divRemTo(t,null,e),e}function Vt(t){var e=i(),r=i();return this.divRemTo(t,e,r),new Array(e,r)}function Nt(t){this[this.t]=this.am(0,t-1,this,0,0,this.t),++this.t,this.clamp()}function Jt(t,e){if(0!=t){for(;this.t<=e;)this[this.t++]=0;for(this[e]+=t;this[e]>=this.DV;)this[e]-=this.DV,++e>=this.t&&(this[this.t++]=0),++this[e]}}function It(){}function Pt(t){return t}function Mt(t,e,i){t.multiplyTo(e,i)}function Ct(t,e){t.squareTo(e)}function Lt(t){return this.exp(t,new It)}function qt(t,e,i){var r=Math.min(this.t+t.t,e);for(i.s=0,i.t=r;r>0;)i[--r]=0;var n;for(n=i.t-this.t;r=0;)i[r]=0;for(r=Math.max(e-this.t,0);r2*this.m.t)return t.mod(this.m);if(t.compareTo(this.m)<0)return t;var e=i();return t.copyTo(e),this.reduce(e),e}function Ft(t){return t}function _t(t){for(t.drShiftTo(this.m.t-1,this.r2),t.t>this.m.t+1&&(t.t=this.m.t+1,t.clamp()),this.mu.multiplyUpperTo(this.r2,this.m.t+1,this.q3),this.m.multiplyLowerTo(this.q3,this.m.t+1,this.r2);t.compareTo(this.r2)<0;)t.dAddOffset(1,this.m.t+1);for(t.subTo(this.r2,t);t.compareTo(this.m)>=0;)t.subTo(this.m,t)}function zt(t,e){t.squareTo(e),this.reduce(e)}function Zt(t,e,i){t.multiplyTo(e,i),this.reduce(i)}function Gt(t,e){var r,n,s=t.bitLength(),o=c(1);if(s<=0)return o;r=s<18?1:s<48?3:s<144?4:s<768?5:6,n=s<8?new K(e):e.isEven()?new jt(e):new P(e);var h=new Array,a=3,u=r-1,f=(1<1){var p=i();for(n.sqrTo(h[1],p);a<=f;)h[a]=i(),n.mulTo(p,h[a-2],h[a]),a+=2}var l,d,g=t.t-1,y=!0,v=i();for(s=m(t[g])-1;g>=0;){for(s>=u?l=t[g]>>s-u&f:(l=(t[g]&(1<0&&(l|=t[g-1]>>this.DB+s-u)),a=r;0==(1&l);)l>>=1,--a;if((s-=a)<0&&(s+=this.DB,--g),y)h[l].copyTo(o),y=!1;else{for(;a>1;)n.sqrTo(o,v),n.sqrTo(v,o),a-=2;a>0?n.sqrTo(o,v):(d=o,o=v,v=d),n.mulTo(v,h[l],o)}for(;g>=0&&0==(t[g]&1<0&&(e.rShiftTo(s,e),i.rShiftTo(s,i));e.signum()>0;)(n=e.getLowestSetBit())>0&&e.rShiftTo(n,e),(n=i.getLowestSetBit())>0&&i.rShiftTo(n,i),e.compareTo(i)>=0?(e.subTo(i,e),e.rShiftTo(1,e)):(i.subTo(e,i),i.rShiftTo(1,i));return s>0&&i.lShiftTo(s,i),i}function Yt(t){if(t<=0)return 0;var e=this.DV%t,i=this.s<0?t-1:0;if(this.t>0)if(0==e)i=this[0]%t;else for(var r=this.t-1;r>=0;--r)i=(e*i+this[r])%t;return i}function Wt(t){var i=t.isEven();if(this.isEven()&&i||0==t.signum())return e.ZERO;for(var r=t.clone(),n=this.clone(),s=c(1),o=c(0),h=c(0),a=c(1);0!=r.signum();){for(;r.isEven();)r.rShiftTo(1,r),i?(s.isEven()&&o.isEven()||(s.addTo(this,s),o.subTo(t,o)),s.rShiftTo(1,s)):o.isEven()||o.subTo(t,o),o.rShiftTo(1,o);for(;n.isEven();)n.rShiftTo(1,n),i?(h.isEven()&&a.isEven()||(h.addTo(this,h),a.subTo(t,a)),h.rShiftTo(1,h)):a.isEven()||a.subTo(t,a),a.rShiftTo(1,a);r.compareTo(n)>=0?(r.subTo(n,r),i&&s.subTo(h,s),o.subTo(a,o)):(n.subTo(r,n),i&&h.subTo(s,h),a.subTo(o,a))}return 0!=n.compareTo(e.ONE)?e.ZERO:a.compareTo(t)>=0?a.subtract(t):a.signum()<0?(a.addTo(t,a),a.signum()<0?a.add(t):a):a}function Qt(t){var e,i=this.abs();if(1==i.t&&i[0]<=He[He.length-1]){for(e=0;e>1,t>He.length&&(t=He.length);for(var o=i(),h=0;h>8&255,Fe[_e++]^=t>>16&255,Fe[_e++]^=t>>24&255,_e>=ze&&(_e-=ze)}function se(){ne((new Date).getTime())}function oe(){if(null==ke){for(se(),ke=re(),ke.init(Fe),_e=0;_e=0&&i>0;){var s=t.charCodeAt(n--);s<128?r[--i]=s:s>127&&s<2048?(r[--i]=63&s|128,r[--i]=s>>6|192):(r[--i]=63&s|128,r[--i]=s>>6&63|128,r[--i]=s>>12|224)}r[--i]=0;for(var o=new ae,h=new Array;i>2;){for(h[0]=0;0==h[0];)o.nextBytes(h);r[--i]=h[0]}return r[--i]=2,r[--i]=0,new e(r)}function fe(t,e){for(var i="",r=0;i.length>24,(16711680&r)>>16,(65280&r)>>8,255&r]))),r+=1;return i}function pe(t,i){t.length+2*Ye+2>i&&alert("Message too long for RSA");var r,n="";for(r=0;r0&&e.length>0?(this.n=ue(t,16),this.e=parseInt(e,16)):alert("Invalid RSA public key")}function ge(t){return t.modPowInt(this.e,this.n)}function ye(t,e){"undefined"==typeof e&&(e=ce);var i=e(t,this.n.bitLength()+7>>3);if(null==i)return null;var r=this.doPublic(i);if(null==r)return null;var n=r.toString(16);return 0==(1&n.length)?n:"0"+n}function me(t,e){for(var i=t.toByteArray(),r=0;r=i.length)return null;for(var n="";++r191&&s<224?(n+=String.fromCharCode((31&s)<<6|63&i[r+1]),++r):(n+=String.fromCharCode((15&s)<<12|(63&i[r+1])<<6|63&i[r+2]),r+=2)}return n}function ve(t,e,i){null!=t&&null!=e&&t.length>0&&e.length>0?(this.n=ue(t,16),this.e=parseInt(e,16),this.d=ue(i,16)):alert("Invalid RSA private key")}function be(t,e,i,r,n,s,o,h){null!=t&&null!=e&&t.length>0&&e.length>0?(this.n=ue(t,16),this.e=parseInt(e,16),this.d=ue(i,16),this.p=ue(r,16),this.q=ue(n,16),this.dmp1=ue(s,16),this.dmq1=ue(o,16),this.coeff=ue(h,16)):alert("Invalid RSA private key")}function Te(t,i){var r=new ae,n=t>>1;this.e=parseInt(i,16);for(var s=new e(i,16);;){for(;this.p=new e(t-n,1,r),0!=this.p.subtract(e.ONE).gcd(s).compareTo(e.ONE)||!this.p.isProbablePrime(10););for(;this.q=new e(n,1,r),0!=this.q.subtract(e.ONE).gcd(s).compareTo(e.ONE)||!this.q.isProbablePrime(10););if(this.p.compareTo(this.q)<=0){var o=this.p;this.p=this.q,this.q=o}var h=this.p.subtract(e.ONE),a=this.q.subtract(e.ONE),u=h.multiply(a);if(0==u.gcd(s).compareTo(e.ONE)){this.n=this.p.multiply(this.q),this.d=s.modInverse(u),this.dmp1=this.d.mod(h),this.dmq1=this.d.mod(a),this.coeff=this.q.modInverse(this.p);break}}}function Se(t){if(null==this.p||null==this.q)return t.modPow(this.d,this.n);for(var e=t.mod(this.p).modPow(this.dmp1,this.p),i=t.mod(this.q).modPow(this.dmq1,this.q);e.compareTo(i)<0;)e=e.add(this.p);return e.subtract(i).multiply(this.coeff).mod(this.p).multiply(this.q).add(i)}function Re(t,e){"undefined"==typeof e&&(e=me);var i=ue(t,16),r=this.doPrivate(i);return null==r?null:e(r,this.n.bitLength()+7>>3)}function De(t){var e,i,r="";for(e=0;e+3<=t.length;e+=3)i=parseInt(t.substring(e,e+3),16),r+=We.charAt(i>>6)+We.charAt(63&i);for(e+1==t.length?(i=parseInt(t.substring(e,e+1),16),r+=We.charAt(i<<2)):e+2==t.length&&(i=parseInt(t.substring(e,e+2),16),r+=We.charAt(i>>2)+We.charAt((3&i)<<4));(3&r.length)>0;)r+=Qe;return r}function Ee(t){var e,i,r="",n=0;for(e=0;e>2),i=3&v,n=1):1==n?(r+=o(i<<2|v>>4),i=15&v,n=2):2==n?(r+=o(i),r+=o(v>>2),i=3&v,n=3):(r+=o(i<<2|v>>4),r+=o(15&v),n=0));return 1==n&&(r+=o(i<<2)),r}function we(t){return Ae(Be(xe(t),8*t.length))}function xe(t){for(var e=Array(t.length>>2),i=0;i>5]|=(255&t.charCodeAt(i/8))<<24-i%32;return e}function Ae(t){for(var e="",i=0;i<32*t.length;i+=8)e+=String.fromCharCode(t[i>>5]>>>24-i%32&255);return e}function Be(t,e){t[e>>5]|=128<<24-e%32,t[(e+64>>9<<4)+15]=e;for(var i=Array(80),r=1732584193,n=-271733879,s=-1732584194,o=271733878,h=-1009589776,a=0;a>16)+(e>>16)+(i>>16);return r<<16|65535&i}function Ve(t,e){return t<>>32-e} // Copyright (c) 2005 Tom Wu // All Rights Reserved. // See "LICENSE" for details. -var Te,Se=0xdeadbeefcafe,Re=15715070==(16777215&Se);Re&&"Microsoft Internet Explorer"==navigator.appName?(e.prototype.am=s,Te=30):Re&&"Netscape"!=navigator.appName?(e.prototype.am=r,Te=26):(e.prototype.am=n,Te=28),e.prototype.DB=Te,e.prototype.DM=(1<=256||Ve>=Ne)return void(window.removeEventListener?window.removeEventListener("mousemove",Pe,!1):window.detachEvent&&window.detachEvent("onmousemove",Pe));try{var e=t.x+t.y;Oe[Ve++]=255&e,this.count+=1}catch(i){}};window.addEventListener?window.addEventListener("mousemove",Pe,!1):window.attachEvent&&window.attachEvent("onmousemove",Pe)}ne.prototype.nextBytes=se;ae.prototype.doPublic=ce,ae.prototype.setPublic=ue,ae.prototype.encrypt=fe;ae.prototype.doPrivate=me,ae.prototype.setPrivate=le,ae.prototype.setPrivateEx=de,ae.prototype.generate=ge,ae.prototype.decrypt=ye, +var Ne,Je=0xdeadbeefcafe,Ie=15715070==(16777215&Je);Ie&&"Microsoft Internet Explorer"==navigator.appName?(e.prototype.am=n,Ne=30):Ie&&"Netscape"!=navigator.appName?(e.prototype.am=r,Ne=26):(e.prototype.am=s,Ne=28),e.prototype.DB=Ne,e.prototype.DM=(1<>>8,Fe[_e++]=255&Ze;_e=0,se()}ae.prototype.nextBytes=he;var Ye=20;le.prototype.doPublic=ge,le.prototype.setPublic=de,le.prototype.encrypt=ye;var Ye=20;le.prototype.doPrivate=Se,le.prototype.setPrivate=ve,le.prototype.setPrivateEx=be,le.prototype.generate=Te,le.prototype.decrypt=Re, // Copyright (c) 2011 Kevin M Burns Jr. // All Rights Reserved. // See "LICENSE" for details. @@ -18,7 +18,7 @@ var Te,Se=0xdeadbeefcafe,Re=15715070==(16777215&Se);Re&&"Microsoft Internet Expl // http://www-cs-students.stanford.edu/~tjw/jsbn/ // // --- -function(){var t=function(t,r,s){var n=new ne,o=t>>1;this.e=parseInt(r,16);var h=new e(r,16),a=this,u=function(){var r=function(){if(a.p.compareTo(a.q)<=0){var t=a.p;a.p=a.q,a.q=t}var i=a.p.subtract(e.ONE),r=a.q.subtract(e.ONE),n=i.multiply(r);0==n.gcd(h).compareTo(e.ONE)?(a.n=a.p.multiply(a.q),a.d=h.modInverse(n),a.dmp1=a.d.mod(i),a.dmq1=a.d.mod(r),a.coeff=a.q.modInverse(a.p),setTimeout(function(){s()},0)):setTimeout(u,0)},c=function(){a.q=i(),a.q.fromNumberAsync(o,1,n,function(){a.q.subtract(e.ONE).gcda(h,function(t){0==t.compareTo(e.ONE)&&a.q.isProbablePrime(10)?setTimeout(r,0):setTimeout(c,0)})})},f=function(){a.p=i(),a.p.fromNumberAsync(t-o,1,n,function(){a.p.subtract(e.ONE).gcda(h,function(t){0==t.compareTo(e.ONE)&&a.p.isProbablePrime(10)?setTimeout(c,0):setTimeout(f,0)})})};setTimeout(f,0)};setTimeout(u,0)};ae.prototype.generateAsync=t;var r=function(t,e){var i=this.s<0?this.negate():this.clone(),r=t.s<0?t.negate():t.clone();if(i.compareTo(r)<0){var s=i;i=r,r=s}var n=i.getLowestSetBit(),o=r.getLowestSetBit();if(o<0)return void e(i);n0&&(i.rShiftTo(o,i),r.rShiftTo(o,r));var h=function(){(n=i.getLowestSetBit())>0&&i.rShiftTo(n,i),(n=r.getLowestSetBit())>0&&r.rShiftTo(n,r),i.compareTo(r)>=0?(i.subTo(r,i),i.rShiftTo(1,i)):(r.subTo(i,r),r.rShiftTo(1,r)),i.signum()>0?setTimeout(h,0):(o>0&&r.lShiftTo(o,r),setTimeout(function(){e(r)},0))};setTimeout(h,10)};e.prototype.gcda=r;var s=function(t,i,r,s){if("number"==typeof i)if(t<2)this.fromInt(1);else{this.fromNumber(t,r),this.testBit(t-1)||this.bitwiseTo(e.ONE.shiftLeft(t-1),ot,this),this.isEven()&&this.dAddOffset(1,0);var n=this,o=function(){n.dAddOffset(2,0),n.bitLength()>t&&n.subTo(e.ONE.shiftLeft(t-1),n),n.isProbablePrime(i)?setTimeout(function(){s()},0):setTimeout(o,0)};setTimeout(o,0)}else{var h=new Array,a=7&t;h.length=(t>>3)+1,i.nextBytes(h),a>0?h[0]&=(1<>1;this.e=parseInt(r,16);var h=new e(r,16),a=this,u=function(){var r=function(){if(a.p.compareTo(a.q)<=0){var t=a.p;a.p=a.q,a.q=t}var i=a.p.subtract(e.ONE),r=a.q.subtract(e.ONE),s=i.multiply(r);0==s.gcd(h).compareTo(e.ONE)?(a.n=a.p.multiply(a.q),a.d=h.modInverse(s),a.dmp1=a.d.mod(i),a.dmq1=a.d.mod(r),a.coeff=a.q.modInverse(a.p),setTimeout(function(){n()},0)):setTimeout(u,0)},c=function(){a.q=i(),a.q.fromNumberAsync(o,1,s,function(){a.q.subtract(e.ONE).gcda(h,function(t){0==t.compareTo(e.ONE)&&a.q.isProbablePrime(10)?setTimeout(r,0):setTimeout(c,0)})})},f=function(){a.p=i(),a.p.fromNumberAsync(t-o,1,s,function(){a.p.subtract(e.ONE).gcda(h,function(t){0==t.compareTo(e.ONE)&&a.p.isProbablePrime(10)?setTimeout(c,0):setTimeout(f,0)})})};setTimeout(f,0)};setTimeout(u,0)};le.prototype.generateAsync=t;var r=function(t,e){var i=this.s<0?this.negate():this.clone(),r=t.s<0?t.negate():t.clone();if(i.compareTo(r)<0){var n=i;i=r,r=n}var s=i.getLowestSetBit(),o=r.getLowestSetBit();if(o<0)return void e(i);s0&&(i.rShiftTo(o,i),r.rShiftTo(o,r));var h=function(){(s=i.getLowestSetBit())>0&&i.rShiftTo(s,i),(s=r.getLowestSetBit())>0&&r.rShiftTo(s,r),i.compareTo(r)>=0?(i.subTo(r,i),i.rShiftTo(1,i)):(r.subTo(i,r),r.rShiftTo(1,r)),i.signum()>0?setTimeout(h,0):(o>0&&r.lShiftTo(o,r),setTimeout(function(){e(r)},0))};setTimeout(h,10)};e.prototype.gcda=r;var n=function(t,i,r,n){if("number"==typeof i)if(t<2)this.fromInt(1);else{this.fromNumber(t,r),this.testBit(t-1)||this.bitwiseTo(e.ONE.shiftLeft(t-1),ht,this),this.isEven()&&this.dAddOffset(1,0);var s=this,o=function(){s.dAddOffset(2,0),s.bitLength()>t&&s.subTo(e.ONE.shiftLeft(t-1),s),s.isProbablePrime(i)?setTimeout(function(){n()},0):setTimeout(o,0)};setTimeout(o,0)}else{var h=new Array,a=7&t;h.length=(t>>3)+1,i.nextBytes(h),a>0?h[0]&=(1<>1;this.e=parseInt(r,16);var h * @since 2.1 * @license MIT License */ -"undefined"!=typeof KJUR&&KJUR||(KJUR={}),"undefined"!=typeof KJUR.asn1&&KJUR.asn1||(KJUR.asn1={}),KJUR.asn1.ASN1Util=new function(){this.integerToByteHex=function(t){var e=t.toString(16);return e.length%2==1&&(e="0"+e),e},this.bigIntToMinTwosComplementsHex=function(t){var i=t.toString(16);if("-"!=i.substr(0,1))i.length%2==1?i="0"+i:i.match(/^[0-7]/)||(i="00"+i);else{var r=i.substr(1),s=r.length;s%2==1?s+=1:i.match(/^[0-7]/)||(s+=2);for(var n="",o=0;o15)throw"ASN.1 length too long to represent by 8x: n = "+e.toString(16);var s=128+r;return s.toString(16)+i},this.getEncodedHex=function(){return(null==this.hTLV||this.isModified)&&(this.hV=this.getFreshValueHex(),this.hL=this.getLengthHexFromValue(),this.hTLV=this.hT+this.hL+this.hV,this.isModified=!1),this.hTLV},this.getValueHex=function(){return this.getEncodedHex(),this.hV},this.getFreshValueHex=function(){return""}},KJUR.asn1.DERAbstractString=function(t){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);this.getString=function(){return this.s},this.setString=function(t){this.hTLV=null,this.isModified=!0,this.s=t,this.hV=stohex(this.s)},this.setStringHex=function(t){this.hTLV=null,this.isModified=!0,this.s=null,this.hV=t},this.getFreshValueHex=function(){return this.hV},"undefined"!=typeof t&&("undefined"!=typeof t.str?this.setString(t.str):"undefined"!=typeof t.hex&&this.setStringHex(t.hex))},qe.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object),KJUR.asn1.DERAbstractTime=function(t){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);this.localDateToUTC=function(t){utc=t.getTime()+6e4*t.getTimezoneOffset();var e=new Date(utc);return e},this.formatDate=function(t,e){var i=this.zeroPadding,r=this.localDateToUTC(t),s=String(r.getFullYear());"utc"==e&&(s=s.substr(2,2));var n=i(String(r.getMonth()+1),2),o=i(String(r.getDate()),2),h=i(String(r.getHours()),2),a=i(String(r.getMinutes()),2),u=i(String(r.getSeconds()),2);return s+n+o+h+a+u+"Z"},this.zeroPadding=function(t,e){return t.length>=e?t:new Array(e-t.length+1).join("0")+t},this.getString=function(){return this.s},this.setString=function(t){this.hTLV=null,this.isModified=!0,this.s=t,this.hV=stohex(this.s)},this.setByDateValue=function(t,e,i,r,s,n){var o=new Date(Date.UTC(t,e-1,i,r,s,n,0));this.setByDate(o)},this.getFreshValueHex=function(){return this.hV}},qe.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object),KJUR.asn1.DERAbstractStructured=function(t){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);this.setByASN1ObjectArray=function(t){this.hTLV=null,this.isModified=!0,this.asn1Array=t},this.appendASN1Object=function(t){this.hTLV=null,this.isModified=!0,this.asn1Array.push(t)},this.asn1Array=new Array,"undefined"!=typeof t&&"undefined"!=typeof t.array&&(this.asn1Array=t.array)},qe.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object),KJUR.asn1.DERBoolean=function(){KJUR.asn1.DERBoolean.superclass.constructor.call(this),this.hT="01",this.hTLV="0101ff"},qe.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object),KJUR.asn1.DERInteger=function(t){KJUR.asn1.DERInteger.superclass.constructor.call(this),this.hT="02",this.setByBigInteger=function(t){this.hTLV=null,this.isModified=!0,this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(t)},this.setByInteger=function(t){var i=new e(String(t),10);this.setByBigInteger(i)},this.setValueHex=function(t){this.hV=t},this.getFreshValueHex=function(){return this.hV},"undefined"!=typeof t&&("undefined"!=typeof t.bigint?this.setByBigInteger(t.bigint):"undefined"!=typeof t["int"]?this.setByInteger(t["int"]):"undefined"!=typeof t.hex&&this.setValueHex(t.hex))},qe.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object),KJUR.asn1.DERBitString=function(t){KJUR.asn1.DERBitString.superclass.constructor.call(this),this.hT="03",this.setHexValueIncludingUnusedBits=function(t){this.hTLV=null,this.isModified=!0,this.hV=t},this.setUnusedBitsAndHexValue=function(t,e){if(t<0||715)throw"ASN.1 length too long to represent by 8x: n = "+e.toString(16);var n=128+r;return n.toString(16)+i},this.getEncodedHex=function(){return(null==this.hTLV||this.isModified)&&(this.hV=this.getFreshValueHex(),this.hL=this.getLengthHexFromValue(),this.hTLV=this.hT+this.hL+this.hV,this.isModified=!1),this.hTLV},this.getValueHex=function(){return this.getEncodedHex(),this.hV},this.getFreshValueHex=function(){return""}},KJUR.asn1.DERAbstractString=function(t){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);this.getString=function(){return this.s},this.setString=function(t){this.hTLV=null,this.isModified=!0,this.s=t,this.hV=stohex(this.s)},this.setStringHex=function(t){this.hTLV=null,this.isModified=!0,this.s=null,this.hV=t},this.getFreshValueHex=function(){return this.hV},"undefined"!=typeof t&&("undefined"!=typeof t.str?this.setString(t.str):"undefined"!=typeof t.hex&&this.setStringHex(t.hex))},Xe.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object),KJUR.asn1.DERAbstractTime=function(t){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);this.localDateToUTC=function(t){utc=t.getTime()+6e4*t.getTimezoneOffset();var e=new Date(utc);return e},this.formatDate=function(t,e){var i=this.zeroPadding,r=this.localDateToUTC(t),n=String(r.getFullYear());"utc"==e&&(n=n.substr(2,2));var s=i(String(r.getMonth()+1),2),o=i(String(r.getDate()),2),h=i(String(r.getHours()),2),a=i(String(r.getMinutes()),2),u=i(String(r.getSeconds()),2);return n+s+o+h+a+u+"Z"},this.zeroPadding=function(t,e){return t.length>=e?t:new Array(e-t.length+1).join("0")+t},this.getString=function(){return this.s},this.setString=function(t){this.hTLV=null,this.isModified=!0,this.s=t,this.hV=stohex(this.s)},this.setByDateValue=function(t,e,i,r,n,s){var o=new Date(Date.UTC(t,e-1,i,r,n,s,0));this.setByDate(o)},this.getFreshValueHex=function(){return this.hV}},Xe.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object),KJUR.asn1.DERAbstractStructured=function(t){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);this.setByASN1ObjectArray=function(t){this.hTLV=null,this.isModified=!0,this.asn1Array=t},this.appendASN1Object=function(t){this.hTLV=null,this.isModified=!0,this.asn1Array.push(t)},this.asn1Array=new Array,"undefined"!=typeof t&&"undefined"!=typeof t.array&&(this.asn1Array=t.array)},Xe.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object),KJUR.asn1.DERBoolean=function(){KJUR.asn1.DERBoolean.superclass.constructor.call(this),this.hT="01",this.hTLV="0101ff"},Xe.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object),KJUR.asn1.DERInteger=function(t){KJUR.asn1.DERInteger.superclass.constructor.call(this),this.hT="02",this.setByBigInteger=function(t){this.hTLV=null,this.isModified=!0,this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(t)},this.setByInteger=function(t){var i=new e(String(t),10);this.setByBigInteger(i)},this.setValueHex=function(t){this.hV=t},this.getFreshValueHex=function(){return this.hV},"undefined"!=typeof t&&("undefined"!=typeof t.bigint?this.setByBigInteger(t.bigint):"undefined"!=typeof t["int"]?this.setByInteger(t["int"]):"undefined"!=typeof t.hex&&this.setValueHex(t.hex))},Xe.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object),KJUR.asn1.DERBitString=function(t){KJUR.asn1.DERBitString.superclass.constructor.call(this),this.hT="03",this.setHexValueIncludingUnusedBits=function(t){this.hTLV=null,this.isModified=!0,this.hV=t},this.setUnusedBitsAndHexValue=function(t,e){if(t<0||7 // copyright notice and this permission notice appear in all copies. // @@ -48,7 +48,7 @@ function(){var t=function(t,r,s){var n=new ne,o=t>>1;this.e=parseInt(r,16);var h // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -function(t){"use strict";var e,i={};i.decode=function(i){var r;if(e===t){var s="0123456789ABCDEF",n=" \f\n\r\t \u2028\u2029";for(e=[],r=0;r<16;++r)e[s.charAt(r)]=r;for(s=s.toLowerCase(),r=10;r<16;++r)e[s.charAt(r)]=r;for(r=0;r=2?(o[o.length]=h,h=0,a=0):h<<=4}}if(a)throw"Hex encoding incomplete: 4 bits missing";return o},window.Hex=i}(), +function(t){"use strict";var e,i={};i.decode=function(i){var r;if(e===t){var n="0123456789ABCDEF",s=" \f\n\r\t \u2028\u2029";for(e=[],r=0;r<16;++r)e[n.charAt(r)]=r;for(n=n.toLowerCase(),r=10;r<16;++r)e[n.charAt(r)]=r;for(r=0;r=2?(o[o.length]=h,h=0,a=0):h<<=4}}if(a)throw"Hex encoding incomplete: 4 bits missing";return o},window.Hex=i}(), // Copyright (c) 2008-2013 Lapo Luchini // copyright notice and this permission notice appear in all copies. // @@ -59,7 +59,7 @@ function(t){"use strict";var e,i={};i.decode=function(i){var r;if(e===t){var s=" // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -function(t){"use strict";var e,i={};i.decode=function(i){var r;if(e===t){var s="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",n="= \f\n\r\t \u2028\u2029";for(e=[],r=0;r<64;++r)e[s.charAt(r)]=r;for(r=0;r=4?(o[o.length]=h>>16,o[o.length]=h>>8&255,o[o.length]=255&h,h=0,a=0):h<<=6}}switch(a){case 1:throw"Base64 encoding incomplete: at least 2 bits missing";case 2:o[o.length]=h>>10;break;case 3:o[o.length]=h>>16,o[o.length]=h>>8&255}return o},i.re=/-----BEGIN [^-]+-----([A-Za-z0-9+\/=\s]+)-----END [^-]+-----|begin-base64[^\n]+\n([A-Za-z0-9+\/=\s]+)====/,i.unarmor=function(t){var e=i.re.exec(t);if(e)if(e[1])t=e[1];else{if(!e[2])throw"RegExp out of sync";t=e[2]}return i.decode(t)},window.Base64=i}(), +function(t){"use strict";var e,i={};i.decode=function(i){var r;if(e===t){var n="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",s="= \f\n\r\t \u2028\u2029";for(e=[],r=0;r<64;++r)e[n.charAt(r)]=r;for(r=0;r=4?(o[o.length]=h>>16,o[o.length]=h>>8&255,o[o.length]=255&h,h=0,a=0):h<<=6}}switch(a){case 1:throw"Base64 encoding incomplete: at least 2 bits missing";case 2:o[o.length]=h>>10;break;case 3:o[o.length]=h>>16,o[o.length]=h>>8&255}return o},i.re=/-----BEGIN [^-]+-----([A-Za-z0-9+\/=\s]+)-----END [^-]+-----|begin-base64[^\n]+\n([A-Za-z0-9+\/=\s]+)====/,i.unarmor=function(t){var e=i.re.exec(t);if(e)if(e[1])t=e[1];else{if(!e[2])throw"RegExp out of sync";t=e[2]}return i.decode(t)},window.Base64=i}(), // Copyright (c) 2008-2013 Lapo Luchini // copyright notice and this permission notice appear in all copies. // @@ -70,4 +70,4 @@ function(t){"use strict";var e,i={};i.decode=function(i){var r;if(e===t){var s=" // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -function(t){"use strict";function e(t,i){t instanceof e?(this.enc=t.enc,this.pos=t.pos):(this.enc=t,this.pos=i)}function i(t,e,i,r,s){this.stream=t,this.header=e,this.length=i,this.tag=r,this.sub=s}var r=100,s="…",n={tag:function(t,e){var i=document.createElement(t);return i.className=e,i},text:function(t){return document.createTextNode(t)}};e.prototype.get=function(e){if(e===t&&(e=this.pos++),e>=this.enc.length)throw"Requesting byte offset "+e+" on a stream of length "+this.enc.length;return this.enc[e]},e.prototype.hexDigits="0123456789ABCDEF",e.prototype.hexByte=function(t){return this.hexDigits.charAt(t>>4&15)+this.hexDigits.charAt(15&t)},e.prototype.hexDump=function(t,e,i){for(var r="",s=t;s191&&s<224?String.fromCharCode((31&s)<<6|63&this.get(r++)):String.fromCharCode((15&s)<<12|(63&this.get(r++))<<6|63&this.get(r++))}return i},e.prototype.parseStringBMP=function(t,e){for(var i="",r=t;r4){i<<=3;var r=this.get(t);if(0===r)i-=8;else for(;r<128;)r<<=1,--i;return"("+i+" bit)"}for(var s=0,n=t;nt;--o){for(var h=this.get(o),a=n;a<8;++a)s+=h>>a&1?"1":"0";n=0}}return s},e.prototype.parseOctetString=function(t,e){var i=e-t,n="("+i+" byte) ";i>r&&(e=t+r);for(var o=t;or&&(n+=s),n},e.prototype.parseOID=function(t,e){for(var i="",r=0,s=0,n=t;n=31?"bigint":r);r=s=0}}return i},i.prototype.typeName=function(){if(this.tag===t)return"unknown";var e=this.tag>>6,i=(this.tag>>5&1,31&this.tag);switch(e){case 0:switch(i){case 0:return"EOC";case 1:return"BOOLEAN";case 2:return"INTEGER";case 3:return"BIT_STRING";case 4:return"OCTET_STRING";case 5:return"NULL";case 6:return"OBJECT_IDENTIFIER";case 7:return"ObjectDescriptor";case 8:return"EXTERNAL";case 9:return"REAL";case 10:return"ENUMERATED";case 11:return"EMBEDDED_PDV";case 12:return"UTF8String";case 16:return"SEQUENCE";case 17:return"SET";case 18:return"NumericString";case 19:return"PrintableString";case 20:return"TeletexString";case 21:return"VideotexString";case 22:return"IA5String";case 23:return"UTCTime";case 24:return"GeneralizedTime";case 25:return"GraphicString";case 26:return"VisibleString";case 27:return"GeneralString";case 28:return"UniversalString";case 30:return"BMPString";default:return"Universal_"+i.toString(16)}case 1:return"Application_"+i.toString(16);case 2:return"["+i+"]";case 3:return"Private_"+i.toString(16)}},i.prototype.reSeemsASCII=/^[ -~]+$/,i.prototype.content=function(){if(this.tag===t)return null;var e=this.tag>>6,i=31&this.tag,n=this.posContent(),o=Math.abs(this.length);if(0!==e){if(null!==this.sub)return"("+this.sub.length+" elem)";var h=this.stream.parseStringISO(n,n+Math.min(o,r));return this.reSeemsASCII.test(h)?h.substring(0,2*r)+(h.length>2*r?s:""):this.stream.parseOctetString(n,n+o)}switch(i){case 1:return 0===this.stream.get(n)?"false":"true";case 2:return this.stream.parseInteger(n,n+o);case 3:return this.sub?"("+this.sub.length+" elem)":this.stream.parseBitString(n,n+o);case 4:return this.sub?"("+this.sub.length+" elem)":this.stream.parseOctetString(n,n+o);case 6:return this.stream.parseOID(n,n+o);case 16:case 17:return"("+this.sub.length+" elem)";case 12:return this.stream.parseStringUTF(n,n+o);case 18:case 19:case 20:case 21:case 22:case 26:return this.stream.parseStringISO(n,n+o);case 30:return this.stream.parseStringBMP(n,n+o);case 23:case 24:return this.stream.parseTime(n,n+o)}return null},i.prototype.toString=function(){return this.typeName()+"@"+this.stream.pos+"[header:"+this.header+",length:"+this.length+",sub:"+(null===this.sub?"null":this.sub.length)+"]"},i.prototype.print=function(e){if(e===t&&(e=""),document.writeln(e+this),null!==this.sub){e+=" ";for(var i=0,r=this.sub.length;i=0&&(i+="+"),i+=this.length,32&this.tag?i+=" (constructed)":3!=this.tag&&4!=this.tag||null===this.sub||(i+=" (encapsulates)"),i+="\n",null!==this.sub){e+=" ";for(var r=0,s=this.sub.length;r",i+="Length: "+this.header+"+",i+=this.length>=0?this.length:-this.length+" (undefined)",32&this.tag?i+="
(constructed)":3!=this.tag&&4!=this.tag||null===this.sub||(i+="
(encapsulates)"),null!==r&&(i+="
Value:
"+r+"","object"==typeof oids&&6==this.tag)){var h=oids[r];h&&(h.d&&(i+="
"+h.d),h.c&&(i+="
"+h.c),h.w&&(i+="
(warning!)"))}o.innerHTML=i,t.appendChild(o);var a=n.tag("div","sub");if(null!==this.sub)for(var u=0,c=this.sub.length;u=s)){var o=n.tag("span",e);o.appendChild(n.text(i.hexDump(r,s))),t.appendChild(o)}},i.prototype.toHexDOM=function(e){var i=n.tag("span","hex");if(e===t&&(e=i),this.head.hexNode=i,this.head.onmouseover=function(){this.hexNode.className="hexCurrent"},this.head.onmouseout=function(){this.hexNode.className="hex"},i.asn1=this,i.onmouseover=function(){var t=!e.selected;t&&(e.selected=this.asn1,this.className="hexCurrent"),this.asn1.fakeHover(t)},i.onmouseout=function(){var t=e.selected==this.asn1;this.asn1.fakeOut(t),t&&(e.selected=null,this.className="hex")},this.toHexDOM_sub(i,"tag",this.stream,this.posStart(),this.posStart()+1),this.toHexDOM_sub(i,this.length>=0?"dlen":"ulen",this.stream,this.posStart()+1,this.posContent()),null===this.sub)i.appendChild(n.text(this.stream.hexDump(this.posContent(),this.posEnd())));else if(this.sub.length>0){var r=this.sub[0],s=this.sub[this.sub.length-1];this.toHexDOM_sub(i,"intro",this.stream,this.posContent(),r.posStart());for(var o=0,h=this.sub.length;o3)throw"Length over 24 bits not supported at position "+(t.pos-1);if(0===i)return-1;e=0;for(var r=0;r4)return!1;var n=new e(s);3==t&&n.get();var o=n.get();if(o>>6&1)return!1;try{var h=i.decodeLength(n);return n.pos-s.pos+h==r}catch(a){return!1}},i.decode=function(t){t instanceof e||(t=new e(t,0));var r=new e(t),s=t.get(),n=i.decodeLength(t),o=t.pos-r.pos,h=null;if(i.hasContent(s,n,t)){var a=t.pos;if(3==s&&t.get(),h=[],n>=0){for(var u=a+n;t.pos=this.enc.length)throw"Requesting byte offset "+e+" on a stream of length "+this.enc.length;return this.enc[e]},e.prototype.hexDigits="0123456789ABCDEF",e.prototype.hexByte=function(t){return this.hexDigits.charAt(t>>4&15)+this.hexDigits.charAt(15&t)},e.prototype.hexDump=function(t,e,i){for(var r="",n=t;n191&&n<224?String.fromCharCode((31&n)<<6|63&this.get(r++)):String.fromCharCode((15&n)<<12|(63&this.get(r++))<<6|63&this.get(r++))}return i},e.prototype.parseStringBMP=function(t,e){for(var i="",r=t;r4){i<<=3;var r=this.get(t);if(0===r)i-=8;else for(;r<128;)r<<=1,--i;return"("+i+" bit)"}for(var n=0,s=t;st;--o){for(var h=this.get(o),a=s;a<8;++a)n+=h>>a&1?"1":"0";s=0}}return n},e.prototype.parseOctetString=function(t,e){var i=e-t,s="("+i+" byte) ";i>r&&(e=t+r);for(var o=t;or&&(s+=n),s},e.prototype.parseOID=function(t,e){for(var i="",r=0,n=0,s=t;s=31?"bigint":r);r=n=0}}return i},i.prototype.typeName=function(){if(this.tag===t)return"unknown";var e=this.tag>>6,i=(this.tag>>5&1,31&this.tag);switch(e){case 0:switch(i){case 0:return"EOC";case 1:return"BOOLEAN";case 2:return"INTEGER";case 3:return"BIT_STRING";case 4:return"OCTET_STRING";case 5:return"NULL";case 6:return"OBJECT_IDENTIFIER";case 7:return"ObjectDescriptor";case 8:return"EXTERNAL";case 9:return"REAL";case 10:return"ENUMERATED";case 11:return"EMBEDDED_PDV";case 12:return"UTF8String";case 16:return"SEQUENCE";case 17:return"SET";case 18:return"NumericString";case 19:return"PrintableString";case 20:return"TeletexString";case 21:return"VideotexString";case 22:return"IA5String";case 23:return"UTCTime";case 24:return"GeneralizedTime";case 25:return"GraphicString";case 26:return"VisibleString";case 27:return"GeneralString";case 28:return"UniversalString";case 30:return"BMPString";default:return"Universal_"+i.toString(16)}case 1:return"Application_"+i.toString(16);case 2:return"["+i+"]";case 3:return"Private_"+i.toString(16)}},i.prototype.reSeemsASCII=/^[ -~]+$/,i.prototype.content=function(){if(this.tag===t)return null;var e=this.tag>>6,i=31&this.tag,s=this.posContent(),o=Math.abs(this.length);if(0!==e){if(null!==this.sub)return"("+this.sub.length+" elem)";var h=this.stream.parseStringISO(s,s+Math.min(o,r));return this.reSeemsASCII.test(h)?h.substring(0,2*r)+(h.length>2*r?n:""):this.stream.parseOctetString(s,s+o)}switch(i){case 1:return 0===this.stream.get(s)?"false":"true";case 2:return this.stream.parseInteger(s,s+o);case 3:return this.sub?"("+this.sub.length+" elem)":this.stream.parseBitString(s,s+o);case 4:return this.sub?"("+this.sub.length+" elem)":this.stream.parseOctetString(s,s+o);case 6:return this.stream.parseOID(s,s+o);case 16:case 17:return"("+this.sub.length+" elem)";case 12:return this.stream.parseStringUTF(s,s+o);case 18:case 19:case 20:case 21:case 22:case 26:return this.stream.parseStringISO(s,s+o);case 30:return this.stream.parseStringBMP(s,s+o);case 23:case 24:return this.stream.parseTime(s,s+o)}return null},i.prototype.toString=function(){return this.typeName()+"@"+this.stream.pos+"[header:"+this.header+",length:"+this.length+",sub:"+(null===this.sub?"null":this.sub.length)+"]"},i.prototype.print=function(e){if(e===t&&(e=""),document.writeln(e+this),null!==this.sub){e+=" ";for(var i=0,r=this.sub.length;i=0&&(i+="+"),i+=this.length,32&this.tag?i+=" (constructed)":3!=this.tag&&4!=this.tag||null===this.sub||(i+=" (encapsulates)"),i+="\n",null!==this.sub){e+=" ";for(var r=0,n=this.sub.length;r",i+="Length: "+this.header+"+",i+=this.length>=0?this.length:-this.length+" (undefined)",32&this.tag?i+="
(constructed)":3!=this.tag&&4!=this.tag||null===this.sub||(i+="
(encapsulates)"),null!==r&&(i+="
Value:
"+r+"","object"==typeof oids&&6==this.tag)){var h=oids[r];h&&(h.d&&(i+="
"+h.d),h.c&&(i+="
"+h.c),h.w&&(i+="
(warning!)"))}o.innerHTML=i,t.appendChild(o);var a=s.tag("div","sub");if(null!==this.sub)for(var u=0,c=this.sub.length;u=n)){var o=s.tag("span",e);o.appendChild(s.text(i.hexDump(r,n))),t.appendChild(o)}},i.prototype.toHexDOM=function(e){var i=s.tag("span","hex");if(e===t&&(e=i),this.head.hexNode=i,this.head.onmouseover=function(){this.hexNode.className="hexCurrent"},this.head.onmouseout=function(){this.hexNode.className="hex"},i.asn1=this,i.onmouseover=function(){var t=!e.selected;t&&(e.selected=this.asn1,this.className="hexCurrent"),this.asn1.fakeHover(t)},i.onmouseout=function(){var t=e.selected==this.asn1;this.asn1.fakeOut(t),t&&(e.selected=null,this.className="hex")},this.toHexDOM_sub(i,"tag",this.stream,this.posStart(),this.posStart()+1),this.toHexDOM_sub(i,this.length>=0?"dlen":"ulen",this.stream,this.posStart()+1,this.posContent()),null===this.sub)i.appendChild(s.text(this.stream.hexDump(this.posContent(),this.posEnd())));else if(this.sub.length>0){var r=this.sub[0],n=this.sub[this.sub.length-1];this.toHexDOM_sub(i,"intro",this.stream,this.posContent(),r.posStart());for(var o=0,h=this.sub.length;o3)throw"Length over 24 bits not supported at position "+(t.pos-1);if(0===i)return-1;e=0;for(var r=0;r4)return!1;var s=new e(n);3==t&&s.get();var o=s.get();if(o>>6&1)return!1;try{var h=i.decodeLength(s);return s.pos-n.pos+h==r}catch(a){return!1}},i.decode=function(t){t instanceof e||(t=new e(t,0));var r=new e(t),n=t.get(),s=i.decodeLength(t),o=t.pos-r.pos,h=null;if(i.hasContent(n,s,t)){var a=t.pos;if(3==n&&t.get(),h=[],s>=0){for(var u=a+s;t.pos +Key typeEncryption timeDecryption time +RSA 512-bit (e=3)23ms1.0s +RSA 512-bit (e=F4)86ms1.0s +RSA 1024-bit (e=3)56ms6.0s +RSA 1024-bit (e=F4)310ms6.0s + + +On similar hardware, running IE6: + + + + + + + +
Key typeEncryption timeDecryption time
RSA 512-bit (e=3)50ms0.7s
RSA 512-bit (e=F4)60ms0.7s
RSA 1024-bit (e=3)60ms4.3s
RSA 1024-bit (e=F4)220ms4.3s
+ +Timing measurements, especially under IE, appear to have limited +precision for faster operations. + +History +------- + +
+
Version 1.4 (7/1/2013):
+
Fixed variable name collision between sha1.js and base64.js. +
Obtain entropy from window.crypto.getRandomValues where available. +
Added ECCurveFp.encodePointHex. +
Fixed inconsistent use of DV in jsbn.js. +
Version 1.3 (7/3/2012):
+
Fixed bug when comparing negative integers of different word lengths. +
Version 1.2 (3/29/2011):
+
Added square method to improve ECC performance. +
Use randomized bases in isProbablePrime +
Version 1.1 (9/15/2009):
+
Added support for utf-8 encoding of non-ASCII characters +when PKCS1 encoding and decoding JavaScript strings. +
Fixed bug when creating a new BigInteger("0") in a non power-of-2 radix. +
+ +Licensing +--------- + +`jsbn` is released under a BSD license. +See [`LICENSE`](LICENSE) for details. + +[Tom Wu](mailto:tjw@cs.stanford.edu) diff --git a/lib/jsbn/base64.js b/lib/jsbn/base64.js index 847b8f0..ad53bb8 100644 --- a/lib/jsbn/base64.js +++ b/lib/jsbn/base64.js @@ -1,5 +1,5 @@ var b64map="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; -var b64pad="="; +var b64padchar="="; function hex2b64(h) { var i; @@ -17,19 +17,19 @@ function hex2b64(h) { c = parseInt(h.substring(i,i+2),16); ret += b64map.charAt(c >> 2) + b64map.charAt((c & 3) << 4); } - while((ret.length & 3) > 0) ret += b64pad; + while((ret.length & 3) > 0) ret += b64padchar; return ret; } // convert a base64 string to hex function b64tohex(s) { - var ret = ""; + var ret = "" var i; var k = 0; // b64 state, 0-3 var slop; for(i = 0; i < s.length; ++i) { - if(s.charAt(i) == b64pad) break; - var v = b64map.indexOf(s.charAt(i)); + if(s.charAt(i) == b64padchar) break; + v = b64map.indexOf(s.charAt(i)); if(v < 0) continue; if(k == 0) { ret += int2char(v >> 2); diff --git a/lib/jsbn/ec.js b/lib/jsbn/ec.js new file mode 100644 index 0000000..0482d4e --- /dev/null +++ b/lib/jsbn/ec.js @@ -0,0 +1,343 @@ +// Basic Javascript Elliptic Curve implementation +// Ported loosely from BouncyCastle's Java EC code +// Only Fp curves implemented for now + +// Requires jsbn.js and jsbn2.js + +// ---------------- +// ECFieldElementFp + +// constructor +function ECFieldElementFp(q,x) { + this.x = x; + // TODO if(x.compareTo(q) >= 0) error + this.q = q; +} + +function feFpEquals(other) { + if(other == this) return true; + return (this.q.equals(other.q) && this.x.equals(other.x)); +} + +function feFpToBigInteger() { + return this.x; +} + +function feFpNegate() { + return new ECFieldElementFp(this.q, this.x.negate().mod(this.q)); +} + +function feFpAdd(b) { + return new ECFieldElementFp(this.q, this.x.add(b.toBigInteger()).mod(this.q)); +} + +function feFpSubtract(b) { + return new ECFieldElementFp(this.q, this.x.subtract(b.toBigInteger()).mod(this.q)); +} + +function feFpMultiply(b) { + return new ECFieldElementFp(this.q, this.x.multiply(b.toBigInteger()).mod(this.q)); +} + +function feFpSquare() { + return new ECFieldElementFp(this.q, this.x.square().mod(this.q)); +} + +function feFpDivide(b) { + return new ECFieldElementFp(this.q, this.x.multiply(b.toBigInteger().modInverse(this.q)).mod(this.q)); +} + +ECFieldElementFp.prototype.equals = feFpEquals; +ECFieldElementFp.prototype.toBigInteger = feFpToBigInteger; +ECFieldElementFp.prototype.negate = feFpNegate; +ECFieldElementFp.prototype.add = feFpAdd; +ECFieldElementFp.prototype.subtract = feFpSubtract; +ECFieldElementFp.prototype.multiply = feFpMultiply; +ECFieldElementFp.prototype.square = feFpSquare; +ECFieldElementFp.prototype.divide = feFpDivide; + +// ---------------- +// ECPointFp + +// constructor +function ECPointFp(curve,x,y,z) { + this.curve = curve; + this.x = x; + this.y = y; + // Projective coordinates: either zinv == null or z * zinv == 1 + // z and zinv are just BigIntegers, not fieldElements + if(z == null) { + this.z = BigInteger.ONE; + } + else { + this.z = z; + } + this.zinv = null; + //TODO: compression flag +} + +function pointFpGetX() { + if(this.zinv == null) { + this.zinv = this.z.modInverse(this.curve.q); + } + var r = this.x.toBigInteger().multiply(this.zinv); + this.curve.reduce(r); + return this.curve.fromBigInteger(r); +} + +function pointFpGetY() { + if(this.zinv == null) { + this.zinv = this.z.modInverse(this.curve.q); + } + var r = this.y.toBigInteger().multiply(this.zinv); + this.curve.reduce(r); + return this.curve.fromBigInteger(r); +} + +function pointFpEquals(other) { + if(other == this) return true; + if(this.isInfinity()) return other.isInfinity(); + if(other.isInfinity()) return this.isInfinity(); + var u, v; + // u = Y2 * Z1 - Y1 * Z2 + u = other.y.toBigInteger().multiply(this.z).subtract(this.y.toBigInteger().multiply(other.z)).mod(this.curve.q); + if(!u.equals(BigInteger.ZERO)) return false; + // v = X2 * Z1 - X1 * Z2 + v = other.x.toBigInteger().multiply(this.z).subtract(this.x.toBigInteger().multiply(other.z)).mod(this.curve.q); + return v.equals(BigInteger.ZERO); +} + +function pointFpIsInfinity() { + if((this.x == null) && (this.y == null)) return true; + return this.z.equals(BigInteger.ZERO) && !this.y.toBigInteger().equals(BigInteger.ZERO); +} + +function pointFpNegate() { + return new ECPointFp(this.curve, this.x, this.y.negate(), this.z); +} + +function pointFpAdd(b) { + if(this.isInfinity()) return b; + if(b.isInfinity()) return this; + + // u = Y2 * Z1 - Y1 * Z2 + var u = b.y.toBigInteger().multiply(this.z).subtract(this.y.toBigInteger().multiply(b.z)).mod(this.curve.q); + // v = X2 * Z1 - X1 * Z2 + var v = b.x.toBigInteger().multiply(this.z).subtract(this.x.toBigInteger().multiply(b.z)).mod(this.curve.q); + + if(BigInteger.ZERO.equals(v)) { + if(BigInteger.ZERO.equals(u)) { + return this.twice(); // this == b, so double + } + return this.curve.getInfinity(); // this = -b, so infinity + } + + var THREE = new BigInteger("3"); + var x1 = this.x.toBigInteger(); + var y1 = this.y.toBigInteger(); + var x2 = b.x.toBigInteger(); + var y2 = b.y.toBigInteger(); + + var v2 = v.square(); + var v3 = v2.multiply(v); + var x1v2 = x1.multiply(v2); + var zu2 = u.square().multiply(this.z); + + // x3 = v * (z2 * (z1 * u^2 - 2 * x1 * v^2) - v^3) + var x3 = zu2.subtract(x1v2.shiftLeft(1)).multiply(b.z).subtract(v3).multiply(v).mod(this.curve.q); + // y3 = z2 * (3 * x1 * u * v^2 - y1 * v^3 - z1 * u^3) + u * v^3 + var y3 = x1v2.multiply(THREE).multiply(u).subtract(y1.multiply(v3)).subtract(zu2.multiply(u)).multiply(b.z).add(u.multiply(v3)).mod(this.curve.q); + // z3 = v^3 * z1 * z2 + var z3 = v3.multiply(this.z).multiply(b.z).mod(this.curve.q); + + return new ECPointFp(this.curve, this.curve.fromBigInteger(x3), this.curve.fromBigInteger(y3), z3); +} + +function pointFpTwice() { + if(this.isInfinity()) return this; + if(this.y.toBigInteger().signum() == 0) return this.curve.getInfinity(); + + // TODO: optimized handling of constants + var THREE = new BigInteger("3"); + var x1 = this.x.toBigInteger(); + var y1 = this.y.toBigInteger(); + + var y1z1 = y1.multiply(this.z); + var y1sqz1 = y1z1.multiply(y1).mod(this.curve.q); + var a = this.curve.a.toBigInteger(); + + // w = 3 * x1^2 + a * z1^2 + var w = x1.square().multiply(THREE); + if(!BigInteger.ZERO.equals(a)) { + w = w.add(this.z.square().multiply(a)); + } + w = w.mod(this.curve.q); + //this.curve.reduce(w); + // x3 = 2 * y1 * z1 * (w^2 - 8 * x1 * y1^2 * z1) + var x3 = w.square().subtract(x1.shiftLeft(3).multiply(y1sqz1)).shiftLeft(1).multiply(y1z1).mod(this.curve.q); + // y3 = 4 * y1^2 * z1 * (3 * w * x1 - 2 * y1^2 * z1) - w^3 + var y3 = w.multiply(THREE).multiply(x1).subtract(y1sqz1.shiftLeft(1)).shiftLeft(2).multiply(y1sqz1).subtract(w.square().multiply(w)).mod(this.curve.q); + // z3 = 8 * (y1 * z1)^3 + var z3 = y1z1.square().multiply(y1z1).shiftLeft(3).mod(this.curve.q); + + return new ECPointFp(this.curve, this.curve.fromBigInteger(x3), this.curve.fromBigInteger(y3), z3); +} + +// Simple NAF (Non-Adjacent Form) multiplication algorithm +// TODO: modularize the multiplication algorithm +function pointFpMultiply(k) { + if(this.isInfinity()) return this; + if(k.signum() == 0) return this.curve.getInfinity(); + + var e = k; + var h = e.multiply(new BigInteger("3")); + + var neg = this.negate(); + var R = this; + + var i; + for(i = h.bitLength() - 2; i > 0; --i) { + R = R.twice(); + + var hBit = h.testBit(i); + var eBit = e.testBit(i); + + if (hBit != eBit) { + R = R.add(hBit ? this : neg); + } + } + + return R; +} + +// Compute this*j + x*k (simultaneous multiplication) +function pointFpMultiplyTwo(j,x,k) { + var i; + if(j.bitLength() > k.bitLength()) + i = j.bitLength() - 1; + else + i = k.bitLength() - 1; + + var R = this.curve.getInfinity(); + var both = this.add(x); + while(i >= 0) { + R = R.twice(); + if(j.testBit(i)) { + if(k.testBit(i)) { + R = R.add(both); + } + else { + R = R.add(this); + } + } + else { + if(k.testBit(i)) { + R = R.add(x); + } + } + --i; + } + + return R; +} + +ECPointFp.prototype.getX = pointFpGetX; +ECPointFp.prototype.getY = pointFpGetY; +ECPointFp.prototype.equals = pointFpEquals; +ECPointFp.prototype.isInfinity = pointFpIsInfinity; +ECPointFp.prototype.negate = pointFpNegate; +ECPointFp.prototype.add = pointFpAdd; +ECPointFp.prototype.twice = pointFpTwice; +ECPointFp.prototype.multiply = pointFpMultiply; +ECPointFp.prototype.multiplyTwo = pointFpMultiplyTwo; + +// ---------------- +// ECCurveFp + +// constructor +function ECCurveFp(q,a,b) { + this.q = q; + this.a = this.fromBigInteger(a); + this.b = this.fromBigInteger(b); + this.infinity = new ECPointFp(this, null, null); + this.reducer = new Barrett(this.q); +} + +function curveFpGetQ() { + return this.q; +} + +function curveFpGetA() { + return this.a; +} + +function curveFpGetB() { + return this.b; +} + +function curveFpEquals(other) { + if(other == this) return true; + return(this.q.equals(other.q) && this.a.equals(other.a) && this.b.equals(other.b)); +} + +function curveFpGetInfinity() { + return this.infinity; +} + +function curveFpFromBigInteger(x) { + return new ECFieldElementFp(this.q, x); +} + +function curveReduce(x) { + this.reducer.reduce(x); +} + +// for now, work with hex strings because they're easier in JS +function curveFpDecodePointHex(s) { + switch(parseInt(s.substr(0,2), 16)) { // first byte + case 0: + return this.infinity; + case 2: + case 3: + // point compression not supported yet + return null; + case 4: + case 6: + case 7: + var len = (s.length - 2) / 2; + var xHex = s.substr(2, len); + var yHex = s.substr(len+2, len); + + return new ECPointFp(this, + this.fromBigInteger(new BigInteger(xHex, 16)), + this.fromBigInteger(new BigInteger(yHex, 16))); + + default: // unsupported + return null; + } +} + +function curveFpEncodePointHex(p) { + if (p.isInfinity()) return "00"; + var xHex = p.getX().toBigInteger().toString(16); + var yHex = p.getY().toBigInteger().toString(16); + var oLen = this.getQ().toString(16).length; + if ((oLen % 2) != 0) oLen++; + while (xHex.length < oLen) { + xHex = "0" + xHex; + } + while (yHex.length < oLen) { + yHex = "0" + yHex; + } + return "04" + xHex + yHex; +} + +ECCurveFp.prototype.getQ = curveFpGetQ; +ECCurveFp.prototype.getA = curveFpGetA; +ECCurveFp.prototype.getB = curveFpGetB; +ECCurveFp.prototype.equals = curveFpEquals; +ECCurveFp.prototype.getInfinity = curveFpGetInfinity; +ECCurveFp.prototype.fromBigInteger = curveFpFromBigInteger; +ECCurveFp.prototype.reduce = curveReduce; +ECCurveFp.prototype.decodePointHex = curveFpDecodePointHex; +ECCurveFp.prototype.encodePointHex = curveFpEncodePointHex; diff --git a/lib/jsbn/rng.js b/lib/jsbn/rng.js index 72ea41a..9db1382 100644 --- a/lib/jsbn/rng.js +++ b/lib/jsbn/rng.js @@ -1,59 +1,65 @@ // Random number generator - requires a PRNG backend, e.g. prng4.js + +// For best results, put code like +// +// in your main HTML document. + var rng_state; var rng_pool; var rng_pptr; +// Mix in a 32-bit integer into the pool +function rng_seed_int(x) { + rng_pool[rng_pptr++] ^= x & 255; + rng_pool[rng_pptr++] ^= (x >> 8) & 255; + rng_pool[rng_pptr++] ^= (x >> 16) & 255; + rng_pool[rng_pptr++] ^= (x >> 24) & 255; + if(rng_pptr >= rng_psize) rng_pptr -= rng_psize; +} + +// Mix in the current time (w/milliseconds) into the pool +function rng_seed_time() { + rng_seed_int(new Date().getTime()); +} + // Initialize the pool with junk if needed. if(rng_pool == null) { rng_pool = new Array(); rng_pptr = 0; var t; if(window.crypto && window.crypto.getRandomValues) { - // Extract entropy (2048 bits) from RNG if available - var z = new Uint32Array(256); - window.crypto.getRandomValues(z); - for (t = 0; t < z.length; ++t) - rng_pool[rng_pptr++] = z[t] & 255; + // Use webcrypto if available + var ua = new Uint8Array(32); + window.crypto.getRandomValues(ua); + for(t = 0; t < 32; ++t) + rng_pool[rng_pptr++] = ua[t]; } - - // Use mouse events for entropy, if we do not have enough entropy by the time - // we need it, entropy will be generated by Math.random. - var onMouseMoveListener = function(ev) { - this.count = this.count || 0; - if (this.count >= 256 || rng_pptr >= rng_psize) { - if (window.removeEventListener) - window.removeEventListener("mousemove", onMouseMoveListener, false); - else if (window.detachEvent) - window.detachEvent("onmousemove", onMouseMoveListener); - return; - } - try { - var mouseCoordinates = ev.x + ev.y; - rng_pool[rng_pptr++] = mouseCoordinates & 255; - this.count += 1; - } catch (e) { - // Sometimes Firefox will deny permission to access event properties for some reason. Ignore. - } - }; - if (window.addEventListener) - window.addEventListener("mousemove", onMouseMoveListener, false); - else if (window.attachEvent) - window.attachEvent("onmousemove", onMouseMoveListener); - + if(navigator.appName == "Netscape" && navigator.appVersion < "5" && window.crypto) { + // Extract entropy (256 bits) from NS4 RNG if available + var z = window.crypto.random(32); + for(t = 0; t < z.length; ++t) + rng_pool[rng_pptr++] = z.charCodeAt(t) & 255; + } + while(rng_pptr < rng_psize) { // extract some randomness from Math.random() + t = Math.floor(65536 * Math.random()); + rng_pool[rng_pptr++] = t >>> 8; + rng_pool[rng_pptr++] = t & 255; + } + rng_pptr = 0; + rng_seed_time(); + //rng_seed_int(window.screenX); + //rng_seed_int(window.screenY); } function rng_get_byte() { if(rng_state == null) { + rng_seed_time(); rng_state = prng_newstate(); - // At this point, we may not have collected enough entropy. If not, fall back to Math.random - while (rng_pptr < rng_psize) { - var random = Math.floor(65536 * Math.random()); - rng_pool[rng_pptr++] = random & 255; - } rng_state.init(rng_pool); for(rng_pptr = 0; rng_pptr < rng_pool.length; ++rng_pptr) rng_pool[rng_pptr] = 0; rng_pptr = 0; + //rng_pool = null; } // TODO: allow reseeding after first request return rng_state.next(); diff --git a/lib/jsbn/rsa.js b/lib/jsbn/rsa.js index 01e04ae..5b5d6bd 100644 --- a/lib/jsbn/rsa.js +++ b/lib/jsbn/rsa.js @@ -164,4 +164,3 @@ RSAKey.prototype.doPublic = RSADoPublic; RSAKey.prototype.setPublic = RSASetPublic; RSAKey.prototype.encrypt = RSAEncrypt; //RSAKey.prototype.encrypt_b64 = RSAEncryptB64; - diff --git a/lib/jsbn/rsa2.js b/lib/jsbn/rsa2.js index 1eef0fd..87fd739 100644 --- a/lib/jsbn/rsa2.js +++ b/lib/jsbn/rsa2.js @@ -208,4 +208,3 @@ RSAKey.prototype.setPrivateEx = RSASetPrivateEx; RSAKey.prototype.generate = RSAGenerate; RSAKey.prototype.decrypt = RSADecrypt; //RSAKey.prototype.b64_decrypt = RSAB64Decrypt; - diff --git a/lib/jsbn/sec.js b/lib/jsbn/sec.js new file mode 100644 index 0000000..54d3ca3 --- /dev/null +++ b/lib/jsbn/sec.js @@ -0,0 +1,157 @@ +// Named EC curves + +// Requires ec.js, jsbn.js, and jsbn2.js + +// ---------------- +// X9ECParameters + +// constructor +function X9ECParameters(curve,g,n,h) { + this.curve = curve; + this.g = g; + this.n = n; + this.h = h; +} + +function x9getCurve() { + return this.curve; +} + +function x9getG() { + return this.g; +} + +function x9getN() { + return this.n; +} + +function x9getH() { + return this.h; +} + +X9ECParameters.prototype.getCurve = x9getCurve; +X9ECParameters.prototype.getG = x9getG; +X9ECParameters.prototype.getN = x9getN; +X9ECParameters.prototype.getH = x9getH; + +// ---------------- +// SECNamedCurves + +function fromHex(s) { return new BigInteger(s, 16); } + +function secp128r1() { + // p = 2^128 - 2^97 - 1 + var p = fromHex("FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF"); + var a = fromHex("FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC"); + var b = fromHex("E87579C11079F43DD824993C2CEE5ED3"); + //byte[] S = Hex.decode("000E0D4D696E6768756151750CC03A4473D03679"); + var n = fromHex("FFFFFFFE0000000075A30D1B9038A115"); + var h = BigInteger.ONE; + var curve = new ECCurveFp(p, a, b); + var G = curve.decodePointHex("04" + + "161FF7528B899B2D0C28607CA52C5B86" + + "CF5AC8395BAFEB13C02DA292DDED7A83"); + return new X9ECParameters(curve, G, n, h); +} + +function secp160k1() { + // p = 2^160 - 2^32 - 2^14 - 2^12 - 2^9 - 2^8 - 2^7 - 2^3 - 2^2 - 1 + var p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73"); + var a = BigInteger.ZERO; + var b = fromHex("7"); + //byte[] S = null; + var n = fromHex("0100000000000000000001B8FA16DFAB9ACA16B6B3"); + var h = BigInteger.ONE; + var curve = new ECCurveFp(p, a, b); + var G = curve.decodePointHex("04" + + "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB" + + "938CF935318FDCED6BC28286531733C3F03C4FEE"); + return new X9ECParameters(curve, G, n, h); +} + +function secp160r1() { + // p = 2^160 - 2^31 - 1 + var p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF"); + var a = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC"); + var b = fromHex("1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45"); + //byte[] S = Hex.decode("1053CDE42C14D696E67687561517533BF3F83345"); + var n = fromHex("0100000000000000000001F4C8F927AED3CA752257"); + var h = BigInteger.ONE; + var curve = new ECCurveFp(p, a, b); + var G = curve.decodePointHex("04" + + "4A96B5688EF573284664698968C38BB913CBFC82" + + "23A628553168947D59DCC912042351377AC5FB32"); + return new X9ECParameters(curve, G, n, h); +} + +function secp192k1() { + // p = 2^192 - 2^32 - 2^12 - 2^8 - 2^7 - 2^6 - 2^3 - 1 + var p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37"); + var a = BigInteger.ZERO; + var b = fromHex("3"); + //byte[] S = null; + var n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D"); + var h = BigInteger.ONE; + var curve = new ECCurveFp(p, a, b); + var G = curve.decodePointHex("04" + + "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D" + + "9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D"); + return new X9ECParameters(curve, G, n, h); +} + +function secp192r1() { + // p = 2^192 - 2^64 - 1 + var p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF"); + var a = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC"); + var b = fromHex("64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1"); + //byte[] S = Hex.decode("3045AE6FC8422F64ED579528D38120EAE12196D5"); + var n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831"); + var h = BigInteger.ONE; + var curve = new ECCurveFp(p, a, b); + var G = curve.decodePointHex("04" + + "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012" + + "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811"); + return new X9ECParameters(curve, G, n, h); +} + +function secp224r1() { + // p = 2^224 - 2^96 + 1 + var p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001"); + var a = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE"); + var b = fromHex("B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4"); + //byte[] S = Hex.decode("BD71344799D5C7FCDC45B59FA3B9AB8F6A948BC5"); + var n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D"); + var h = BigInteger.ONE; + var curve = new ECCurveFp(p, a, b); + var G = curve.decodePointHex("04" + + "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21" + + "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34"); + return new X9ECParameters(curve, G, n, h); +} + +function secp256r1() { + // p = 2^224 (2^32 - 1) + 2^192 + 2^96 - 1 + var p = fromHex("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF"); + var a = fromHex("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC"); + var b = fromHex("5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B"); + //byte[] S = Hex.decode("C49D360886E704936A6678E1139D26B7819F7E90"); + var n = fromHex("FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551"); + var h = BigInteger.ONE; + var curve = new ECCurveFp(p, a, b); + var G = curve.decodePointHex("04" + + "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296" + + "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5"); + return new X9ECParameters(curve, G, n, h); +} + +// TODO: make this into a proper hashtable +function getSECCurveByName(name) { + if(name == "secp128r1") return secp128r1(); + if(name == "secp160k1") return secp160k1(); + if(name == "secp160r1") return secp160r1(); + if(name == "secp192k1") return secp192k1(); + if(name == "secp192r1") return secp192r1(); + if(name == "secp224r1") return secp224r1(); + if(name == "secp256r1") return secp256r1(); + return null; +} diff --git a/lib/jsbn/sha1.js b/lib/jsbn/sha1.js new file mode 100644 index 0000000..b6b685d --- /dev/null +++ b/lib/jsbn/sha1.js @@ -0,0 +1,330 @@ +/* + * A JavaScript implementation of the Secure Hash Algorithm, SHA-1, as defined + * in FIPS 180-1 + * Version 2.2 Copyright Paul Johnston 2000 - 2009. + * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet + * Distributed under the BSD License + * See http://pajhome.org.uk/crypt/md5 for details. + */ + +/* + * Configurable variables. You may need to tweak these to be compatible with + * the server-side, but the defaults work in most cases. + */ +var hexcase = 0; /* hex output format. 0 - lowercase; 1 - uppercase */ +var b64pad = ""; /* base-64 pad character. "=" for strict RFC compliance */ + +/* + * These are the functions you'll usually want to call + * They take string arguments and return either hex or base-64 encoded strings + */ +function hex_sha1(s) { return rstr2hex(rstr_sha1(str2rstr_utf8(s))); } +function b64_sha1(s) { return rstr2b64(rstr_sha1(str2rstr_utf8(s))); } +function any_sha1(s, e) { return rstr2any(rstr_sha1(str2rstr_utf8(s)), e); } +function hex_hmac_sha1(k, d) + { return rstr2hex(rstr_hmac_sha1(str2rstr_utf8(k), str2rstr_utf8(d))); } +function b64_hmac_sha1(k, d) + { return rstr2b64(rstr_hmac_sha1(str2rstr_utf8(k), str2rstr_utf8(d))); } +function any_hmac_sha1(k, d, e) + { return rstr2any(rstr_hmac_sha1(str2rstr_utf8(k), str2rstr_utf8(d)), e); } + +/* + * Perform a simple self-test to see if the VM is working + */ +function sha1_vm_test() +{ + return hex_sha1("abc").toLowerCase() == "a9993e364706816aba3e25717850c26c9cd0d89d"; +} + +/* + * Calculate the SHA1 of a raw string + */ +function rstr_sha1(s) +{ + return binb2rstr(binb_sha1(rstr2binb(s), s.length * 8)); +} + +/* + * Calculate the HMAC-SHA1 of a key and some data (raw strings) + */ +function rstr_hmac_sha1(key, data) +{ + var bkey = rstr2binb(key); + if(bkey.length > 16) bkey = binb_sha1(bkey, key.length * 8); + + var ipad = Array(16), opad = Array(16); + for(var i = 0; i < 16; i++) + { + ipad[i] = bkey[i] ^ 0x36363636; + opad[i] = bkey[i] ^ 0x5C5C5C5C; + } + + var hash = binb_sha1(ipad.concat(rstr2binb(data)), 512 + data.length * 8); + return binb2rstr(binb_sha1(opad.concat(hash), 512 + 160)); +} + +/* + * Convert a raw string to a hex string + */ +function rstr2hex(input) +{ + try { hexcase } catch(e) { hexcase=0; } + var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef"; + var output = ""; + var x; + for(var i = 0; i < input.length; i++) + { + x = input.charCodeAt(i); + output += hex_tab.charAt((x >>> 4) & 0x0F) + + hex_tab.charAt( x & 0x0F); + } + return output; +} + +/* + * Convert a raw string to a base-64 string + */ +function rstr2b64(input) +{ + try { b64pad } catch(e) { b64pad=''; } + var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + var output = ""; + var len = input.length; + for(var i = 0; i < len; i += 3) + { + var triplet = (input.charCodeAt(i) << 16) + | (i + 1 < len ? input.charCodeAt(i+1) << 8 : 0) + | (i + 2 < len ? input.charCodeAt(i+2) : 0); + for(var j = 0; j < 4; j++) + { + if(i * 8 + j * 6 > input.length * 8) output += b64pad; + else output += tab.charAt((triplet >>> 6*(3-j)) & 0x3F); + } + } + return output; +} + +/* + * Convert a raw string to an arbitrary string encoding + */ +function rstr2any(input, encoding) +{ + var divisor = encoding.length; + var remainders = Array(); + var i, q, x, quotient; + + /* Convert to an array of 16-bit big-endian values, forming the dividend */ + var dividend = Array(Math.ceil(input.length / 2)); + for(i = 0; i < dividend.length; i++) + { + dividend[i] = (input.charCodeAt(i * 2) << 8) | input.charCodeAt(i * 2 + 1); + } + + /* + * Repeatedly perform a long division. The binary array forms the dividend, + * the length of the encoding is the divisor. Once computed, the quotient + * forms the dividend for the next step. We stop when the dividend is zero. + * All remainders are stored for later use. + */ + while(dividend.length > 0) + { + quotient = Array(); + x = 0; + for(i = 0; i < dividend.length; i++) + { + x = (x << 16) + dividend[i]; + q = Math.floor(x / divisor); + x -= q * divisor; + if(quotient.length > 0 || q > 0) + quotient[quotient.length] = q; + } + remainders[remainders.length] = x; + dividend = quotient; + } + + /* Convert the remainders to the output string */ + var output = ""; + for(i = remainders.length - 1; i >= 0; i--) + output += encoding.charAt(remainders[i]); + + /* Append leading zero equivalents */ + var full_length = Math.ceil(input.length * 8 / + (Math.log(encoding.length) / Math.log(2))) + for(i = output.length; i < full_length; i++) + output = encoding[0] + output; + + return output; +} + +/* + * Encode a string as utf-8. + * For efficiency, this assumes the input is valid utf-16. + */ +function str2rstr_utf8(input) +{ + var output = ""; + var i = -1; + var x, y; + + while(++i < input.length) + { + /* Decode utf-16 surrogate pairs */ + x = input.charCodeAt(i); + y = i + 1 < input.length ? input.charCodeAt(i + 1) : 0; + if(0xD800 <= x && x <= 0xDBFF && 0xDC00 <= y && y <= 0xDFFF) + { + x = 0x10000 + ((x & 0x03FF) << 10) + (y & 0x03FF); + i++; + } + + /* Encode output as utf-8 */ + if(x <= 0x7F) + output += String.fromCharCode(x); + else if(x <= 0x7FF) + output += String.fromCharCode(0xC0 | ((x >>> 6 ) & 0x1F), + 0x80 | ( x & 0x3F)); + else if(x <= 0xFFFF) + output += String.fromCharCode(0xE0 | ((x >>> 12) & 0x0F), + 0x80 | ((x >>> 6 ) & 0x3F), + 0x80 | ( x & 0x3F)); + else if(x <= 0x1FFFFF) + output += String.fromCharCode(0xF0 | ((x >>> 18) & 0x07), + 0x80 | ((x >>> 12) & 0x3F), + 0x80 | ((x >>> 6 ) & 0x3F), + 0x80 | ( x & 0x3F)); + } + return output; +} + +/* + * Encode a string as utf-16 + */ +function str2rstr_utf16le(input) +{ + var output = ""; + for(var i = 0; i < input.length; i++) + output += String.fromCharCode( input.charCodeAt(i) & 0xFF, + (input.charCodeAt(i) >>> 8) & 0xFF); + return output; +} + +function str2rstr_utf16be(input) +{ + var output = ""; + for(var i = 0; i < input.length; i++) + output += String.fromCharCode((input.charCodeAt(i) >>> 8) & 0xFF, + input.charCodeAt(i) & 0xFF); + return output; +} + +/* + * Convert a raw string to an array of big-endian words + * Characters >255 have their high-byte silently ignored. + */ +function rstr2binb(input) +{ + var output = Array(input.length >> 2); + for(var i = 0; i < output.length; i++) + output[i] = 0; + for(var i = 0; i < input.length * 8; i += 8) + output[i>>5] |= (input.charCodeAt(i / 8) & 0xFF) << (24 - i % 32); + return output; +} + +/* + * Convert an array of big-endian words to a string + */ +function binb2rstr(input) +{ + var output = ""; + for(var i = 0; i < input.length * 32; i += 8) + output += String.fromCharCode((input[i>>5] >>> (24 - i % 32)) & 0xFF); + return output; +} + +/* + * Calculate the SHA-1 of an array of big-endian words, and a bit length + */ +function binb_sha1(x, len) +{ + /* append padding */ + x[len >> 5] |= 0x80 << (24 - len % 32); + x[((len + 64 >> 9) << 4) + 15] = len; + + var w = Array(80); + var a = 1732584193; + var b = -271733879; + var c = -1732584194; + var d = 271733878; + var e = -1009589776; + + for(var i = 0; i < x.length; i += 16) + { + var olda = a; + var oldb = b; + var oldc = c; + var oldd = d; + var olde = e; + + for(var j = 0; j < 80; j++) + { + if(j < 16) w[j] = x[i + j]; + else w[j] = bit_rol(w[j-3] ^ w[j-8] ^ w[j-14] ^ w[j-16], 1); + var t = safe_add(safe_add(bit_rol(a, 5), sha1_ft(j, b, c, d)), + safe_add(safe_add(e, w[j]), sha1_kt(j))); + e = d; + d = c; + c = bit_rol(b, 30); + b = a; + a = t; + } + + a = safe_add(a, olda); + b = safe_add(b, oldb); + c = safe_add(c, oldc); + d = safe_add(d, oldd); + e = safe_add(e, olde); + } + return Array(a, b, c, d, e); + +} + +/* + * Perform the appropriate triplet combination function for the current + * iteration + */ +function sha1_ft(t, b, c, d) +{ + if(t < 20) return (b & c) | ((~b) & d); + if(t < 40) return b ^ c ^ d; + if(t < 60) return (b & c) | (b & d) | (c & d); + return b ^ c ^ d; +} + +/* + * Determine the appropriate additive constant for the current iteration + */ +function sha1_kt(t) +{ + return (t < 20) ? 1518500249 : (t < 40) ? 1859775393 : + (t < 60) ? -1894007588 : -899497514; +} + +/* + * Add integers, wrapping at 2^32. This uses 16-bit operations internally + * to work around bugs in some JS interpreters. + */ +function safe_add(x, y) +{ + var lsw = (x & 0xFFFF) + (y & 0xFFFF); + var msw = (x >> 16) + (y >> 16) + (lsw >> 16); + return (msw << 16) | (lsw & 0xFFFF); +} + +/* + * Bitwise rotate a 32-bit number to the left. + */ +function bit_rol(num, cnt) +{ + return (num << cnt) | (num >>> (32 - cnt)); +} diff --git a/src/jsencrypt.js b/src/jsencrypt.js index e6573d0..3d9f50f 100644 --- a/src/jsencrypt.js +++ b/src/jsencrypt.js @@ -423,10 +423,13 @@ JSEncrypt.prototype.decrypt = function (string) { * @return {string} the encrypted string encoded in base64 * @public */ -JSEncrypt.prototype.encrypt = function (string) { +JSEncrypt.prototype.encrypt = function (string, use_oaep) { // Return the encrypted string. try { - return hex2b64(this.getKey().encrypt(string)); + if (use_oaep) { + return hex2b64(this.getKey().encrypt(string, oaep_pad)); + } + return hex2b64(this.getKey().encrypt(string)); } catch (ex) { return false; From 931d72239d6260de8516f467b29ef32861eb5158 Mon Sep 17 00:00:00 2001 From: alfaro Date: Thu, 29 Jun 2017 15:43:52 -0500 Subject: [PATCH 4/4] updated readme --- README.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/README.md b/README.md index 5c0ea9a..6d335d8 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,21 @@ +This fork was modified to be able to use oaep padding and public keys with format +``` +-----BEGIN RSA PUBLIC KEY----- +xxx... +-----END RSA PUBLIC KEY----- +``` + +To use oaep padding pass true as a second parameter in the encrypt function, example: +``` +var encrypted = encrypt.encrypt($('#input').val(), true); +``` + +Thanks to @machinewu and @jeanphix + + +Original Readme +==================== + Website ====================== http://travistidwell.com/jsencrypt