search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / chrome / test / data / dromaeo / tests / v8-crypto.html
blob19a8ea6018c9e0f66cc28cd9c9c90e5fe7767fae
1 <html>
2 <head>
3 <script src="../htmlrunner.js"></script>
4 <script>
5 /*
6 * Copyright (c) 2003-2005 Tom Wu
7 * All Rights Reserved.
8 *
9 * Permission is hereby granted, free of charge, to any person obtaining
10 * a copy of this software and associated documentation files (the
11 * "Software"), to deal in the Software without restriction, including
12 * without limitation the rights to use, copy, modify, merge, publish,
13 * distribute, sublicense, and/or sell copies of the Software, and to
14 * permit persons to whom the Software is furnished to do so, subject to
15 * the following conditions:
16 *
17 * The above copyright notice and this permission notice shall be
18 * included in all copies or substantial portions of the Software.
19 *
20 * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
21 * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
22 * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
23 *
24 * IN NO EVENT SHALL TOM WU BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
25 * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
26 * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
27 * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
28 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
29 *
30 * In addition, the following condition applies:
31 *
32 * All redistributions must retain an intact copy of this copyright notice
33 * and disclaimer.
34 */
35
36
37 // The code has been adapted for use as a benchmark by Google.
38
39 // Basic JavaScript BN library - subset useful for RSA encryption.
40
41 // Bits per digit
42 var dbits;
43 var BI_DB;
44 var BI_DM;
45 var BI_DV;
46
47 var BI_FP;
48 var BI_FV;
49 var BI_F1;
50 var BI_F2;
51
52 // JavaScript engine analysis
53 var canary = 0xdeadbeefcafe;
54 var j_lm = ((canary&0xffffff)==0xefcafe);
55
56 // (public) Constructor
57 function BigInteger(a,b,c) {
58 this.array = new Array();
59 if(a != null)
60 if("number" == typeof a) this.fromNumber(a,b,c);
61 else if(b == null && "string" != typeof a) this.fromString(a,256);
62 else this.fromString(a,b);
63 }
64
65 // return new, unset BigInteger
66 function nbi() { return new BigInteger(null); }
67
68 // am: Compute w_j += (x*this_i), propagate carries,
69 // c is initial carry, returns final carry.
70 // c < 3*dvalue, x < 2*dvalue, this_i < dvalue
71 // We need to select the fastest one that works in this environment.
72
73 // am1: use a single mult and divide to get the high bits,
74 // max digit bits should be 26 because
75 // max internal value = 2*dvalue^2-2*dvalue (< 2^53)
76 function am1(i,x,w,j,c,n) {
77 var this_array = this.array;
78 var w_array = w.array;
79 while(--n >= 0) {
80 var v = x*this_array[i++]+w_array[j]+c;
81 c = Math.floor(v/0x4000000);
82 w_array[j++] = v&0x3ffffff;
83 }
84 return c;
85 }
86
87 // am2 avoids a big mult-and-extract completely.
88 // Max digit bits should be <= 30 because we do bitwise ops
89 // on values up to 2*hdvalue^2-hdvalue-1 (< 2^31)
90 function am2(i,x,w,j,c,n) {
91 var this_array = this.array;
92 var w_array = w.array;
93 var xl = x&0x7fff, xh = x>>15;
94 while(--n >= 0) {
95 var l = this_array[i]&0x7fff;
96 var h = this_array[i++]>>15;
97 var m = xh*l+h*xl;
98 l = xl*l+((m&0x7fff)<<15)+w_array[j]+(c&0x3fffffff);
99 c = (l>>>30)+(m>>>15)+xh*h+(c>>>30);
100 w_array[j++] = l&0x3fffffff;
101 }
102 return c;
103 }
104
105 // Alternately, set max digit bits to 28 since some
106 // browsers slow down when dealing with 32-bit numbers.
107 function am3(i,x,w,j,c,n) {
108 var this_array = this.array;
109 var w_array = w.array;
110
111 var xl = x&0x3fff, xh = x>>14;
112 while(--n >= 0) {
113 var l = this_array[i]&0x3fff;
114 var h = this_array[i++]>>14;
115 var m = xh*l+h*xl;
116 l = xl*l+((m&0x3fff)<<14)+w_array[j]+c;
117 c = (l>>28)+(m>>14)+xh*h;
118 w_array[j++] = l&0xfffffff;
119 }
120 return c;
121 }
122
123 // This is tailored to VMs with 2-bit tagging. It makes sure
124 // that all the computations stay within the 29 bits available.
125 function am4(i,x,w,j,c,n) {
126 var this_array = this.array;
127 var w_array = w.array;
128
129 var xl = x&0x1fff, xh = x>>13;
130 while(--n >= 0) {
131 var l = this_array[i]&0x1fff;
132 var h = this_array[i++]>>13;
133 var m = xh*l+h*xl;
134 l = xl*l+((m&0x1fff)<<13)+w_array[j]+c;
135 c = (l>>26)+(m>>13)+xh*h;
136 w_array[j++] = l&0x3ffffff;
137 }
138 return c;
139 }
140
141 // am3/28 is best for SM, Rhino, but am4/26 is best for v8.
142 // Kestrel (Opera 9.5) gets its best result with am4/26.
143 // IE7 does 9% better with am3/28 than with am4/26.
144 // Firefox (SM) gets 10% faster with am3/28 than with am4/26.
145
146 setupEngine = function(fn, bits) {
147 BigInteger.prototype.am = fn;
148 dbits = bits;
149
150 BI_DB = dbits;
151 BI_DM = ((1<<dbits)-1);
152 BI_DV = (1<<dbits);
153
154 BI_FP = 52;
155 BI_FV = Math.pow(2,BI_FP);
156 BI_F1 = BI_FP-dbits;
157 BI_F2 = 2*dbits-BI_FP;
158 }
159
160
161 // Digit conversions
162 var BI_RM = "0123456789abcdefghijklmnopqrstuvwxyz";
163 var BI_RC = new Array();
164 var rr,vv;
165 rr = "0".charCodeAt(0);
166 for(vv = 0; vv <= 9; ++vv) BI_RC[rr++] = vv;
167 rr = "a".charCodeAt(0);
168 for(vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv;
169 rr = "A".charCodeAt(0);
170 for(vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv;
171
172 function int2char(n) { return BI_RM.charAt(n); }
173 function intAt(s,i) {
174 var c = BI_RC[s.charCodeAt(i)];
175 return (c==null)?-1:c;
176 }
177
178 // (protected) copy this to r
179 function bnpCopyTo(r) {
180 var this_array = this.array;
181 var r_array = r.array;
182
183 for(var i = this.t-1; i >= 0; --i) r_array[i] = this_array[i];
184 r.t = this.t;
185 r.s = this.s;
186 }
187
188 // (protected) set from integer value x, -DV <= x < DV
189 function bnpFromInt(x) {
190 var this_array = this.array;
191 this.t = 1;
192 this.s = (x<0)?-1:0;
193 if(x > 0) this_array[0] = x;
194 else if(x < -1) this_array[0] = x+DV;
195 else this.t = 0;
196 }
197
198 // return bigint initialized to value
199 function nbv(i) { var r = nbi(); r.fromInt(i); return r; }
200
201 // (protected) set from string and radix
202 function bnpFromString(s,b) {
203 var this_array = this.array;
204 var k;
205 if(b == 16) k = 4;
206 else if(b == 8) k = 3;
207 else if(b == 256) k = 8; // byte array
208 else if(b == 2) k = 1;
209 else if(b == 32) k = 5;
210 else if(b == 4) k = 2;
211 else { this.fromRadix(s,b); return; }
212 this.t = 0;
213 this.s = 0;
214 var i = s.length, mi = false, sh = 0;
215 while(--i >= 0) {
216 var x = (k==8)?s[i]&0xff:intAt(s,i);
217 if(x < 0) {
218 if(s.charAt(i) == "-") mi = true;
219 continue;
220 }
221 mi = false;
222 if(sh == 0)
223 this_array[this.t++] = x;
224 else if(sh+k > BI_DB) {
225 this_array[this.t-1] |= (x&((1<<(BI_DB-sh))-1))<<sh;
226 this_array[this.t++] = (x>>(BI_DB-sh));
227 }
228 else
229 this_array[this.t-1] |= x<<sh;
230 sh += k;
231 if(sh >= BI_DB) sh -= BI_DB;
232 }
233 if(k == 8 && (s[0]&0x80) != 0) {
234 this.s = -1;
235 if(sh > 0) this_array[this.t-1] |= ((1<<(BI_DB-sh))-1)<<sh;
236 }
237 this.clamp();
238 if(mi) BigInteger.ZERO.subTo(this,this);
239 }
240
241 // (protected) clamp off excess high words
242 function bnpClamp() {
243 var this_array = this.array;
244 var c = this.s&BI_DM;
245 while(this.t > 0 && this_array[this.t-1] == c) --this.t;
246 }
247
248 // (public) return string representation in given radix
249 function bnToString(b) {
250 var this_array = this.array;
251 if(this.s < 0) return "-"+this.negate().toString(b);
252 var k;
253 if(b == 16) k = 4;
254 else if(b == 8) k = 3;
255 else if(b == 2) k = 1;
256 else if(b == 32) k = 5;
257 else if(b == 4) k = 2;
258 else return this.toRadix(b);
259 var km = (1<<k)-1, d, m = false, r = "", i = this.t;
260 var p = BI_DB-(i*BI_DB)%k;
261 if(i-- > 0) {
262 if(p < BI_DB && (d = this_array[i]>>p) > 0) { m = true; r = int2char(d); }
263 while(i >= 0) {
264 if(p < k) {
265 d = (this_array[i]&((1<<p)-1))<<(k-p);
266 d |= this_array[--i]>>(p+=BI_DB-k);
267 }
268 else {
269 d = (this_array[i]>>(p-=k))&km;
270 if(p <= 0) { p += BI_DB; --i; }
271 }
272 if(d > 0) m = true;
273 if(m) r += int2char(d);
274 }
275 }
276 return m?r:"0";
277 }
278
279 // (public) -this
280 function bnNegate() { var r = nbi(); BigInteger.ZERO.subTo(this,r); return r; }
281
282 // (public) |this|
283 function bnAbs() { return (this.s<0)?this.negate():this; }
284
285 // (public) return + if this > a, - if this < a, 0 if equal
286 function bnCompareTo(a) {
287 var this_array = this.array;
288 var a_array = a.array;
289
290 var r = this.s-a.s;
291 if(r != 0) return r;
292 var i = this.t;
293 r = i-a.t;
294 if(r != 0) return r;
295 while(--i >= 0) if((r=this_array[i]-a_array[i]) != 0) return r;
296 return 0;
297 }
298
299 // returns bit length of the integer x
300 function nbits(x) {
301 var r = 1, t;
302 if((t=x>>>16) != 0) { x = t; r += 16; }
303 if((t=x>>8) != 0) { x = t; r += 8; }
304 if((t=x>>4) != 0) { x = t; r += 4; }
305 if((t=x>>2) != 0) { x = t; r += 2; }
306 if((t=x>>1) != 0) { x = t; r += 1; }
307 return r;
308 }
309
310 // (public) return the number of bits in "this"
311 function bnBitLength() {
312 var this_array = this.array;
313 if(this.t <= 0) return 0;
314 return BI_DB*(this.t-1)+nbits(this_array[this.t-1]^(this.s&BI_DM));
315 }
316
317 // (protected) r = this << n*DB
318 function bnpDLShiftTo(n,r) {
319 var this_array = this.array;
320 var r_array = r.array;
321 var i;
322 for(i = this.t-1; i >= 0; --i) r_array[i+n] = this_array[i];
323 for(i = n-1; i >= 0; --i) r_array[i] = 0;
324 r.t = this.t+n;
325 r.s = this.s;
326 }
327
328 // (protected) r = this >> n*DB
329 function bnpDRShiftTo(n,r) {
330 var this_array = this.array;
331 var r_array = r.array;
332 for(var i = n; i < this.t; ++i) r_array[i-n] = this_array[i];
333 r.t = Math.max(this.t-n,0);
334 r.s = this.s;
335 }
336
337 // (protected) r = this << n
338 function bnpLShiftTo(n,r) {
339 var this_array = this.array;
340 var r_array = r.array;
341 var bs = n%BI_DB;
342 var cbs = BI_DB-bs;
343 var bm = (1<<cbs)-1;
344 var ds = Math.floor(n/BI_DB), c = (this.s<<bs)&BI_DM, i;
345 for(i = this.t-1; i >= 0; --i) {
346 r_array[i+ds+1] = (this_array[i]>>cbs)|c;
347 c = (this_array[i]&bm)<<bs;
348 }
349 for(i = ds-1; i >= 0; --i) r_array[i] = 0;
350 r_array[ds] = c;
351 r.t = this.t+ds+1;
352 r.s = this.s;
353 r.clamp();
354 }
355
356 // (protected) r = this >> n
357 function bnpRShiftTo(n,r) {
358 var this_array = this.array;
359 var r_array = r.array;
360 r.s = this.s;
361 var ds = Math.floor(n/BI_DB);
362 if(ds >= this.t) { r.t = 0; return; }
363 var bs = n%BI_DB;
364 var cbs = BI_DB-bs;
365 var bm = (1<<bs)-1;
366 r_array[0] = this_array[ds]>>bs;
367 for(var i = ds+1; i < this.t; ++i) {
368 r_array[i-ds-1] |= (this_array[i]&bm)<<cbs;
369 r_array[i-ds] = this_array[i]>>bs;
370 }
371 if(bs > 0) r_array[this.t-ds-1] |= (this.s&bm)<<cbs;
372 r.t = this.t-ds;
373 r.clamp();
374 }
375
376 // (protected) r = this - a
377 function bnpSubTo(a,r) {
378 var this_array = this.array;
379 var r_array = r.array;
380 var a_array = a.array;
381 var i = 0, c = 0, m = Math.min(a.t,this.t);
382 while(i < m) {
383 c += this_array[i]-a_array[i];
384 r_array[i++] = c&BI_DM;
385 c >>= BI_DB;
386 }
387 if(a.t < this.t) {
388 c -= a.s;
389 while(i < this.t) {
390 c += this_array[i];
391 r_array[i++] = c&BI_DM;
392 c >>= BI_DB;
393 }
394 c += this.s;
395 }
396 else {
397 c += this.s;
398 while(i < a.t) {
399 c -= a_array[i];
400 r_array[i++] = c&BI_DM;
401 c >>= BI_DB;
402 }
403 c -= a.s;
404 }
405 r.s = (c<0)?-1:0;
406 if(c < -1) r_array[i++] = BI_DV+c;
407 else if(c > 0) r_array[i++] = c;
408 r.t = i;
409 r.clamp();
410 }
411
412 // (protected) r = this * a, r != this,a (HAC 14.12)
413 // "this" should be the larger one if appropriate.
414 function bnpMultiplyTo(a,r) {
415 var this_array = this.array;
416 var r_array = r.array;
417 var x = this.abs(), y = a.abs();
418 var y_array = y.array;
419
420 var i = x.t;
421 r.t = i+y.t;
422 while(--i >= 0) r_array[i] = 0;
423 for(i = 0; i < y.t; ++i) r_array[i+x.t] = x.am(0,y_array[i],r,i,0,x.t);
424 r.s = 0;
425 r.clamp();
426 if(this.s != a.s) BigInteger.ZERO.subTo(r,r);
427 }
428
429 // (protected) r = this^2, r != this (HAC 14.16)
430 function bnpSquareTo(r) {
431 var x = this.abs();
432 var x_array = x.array;
433 var r_array = r.array;
434
435 var i = r.t = 2*x.t;
436 while(--i >= 0) r_array[i] = 0;
437 for(i = 0; i < x.t-1; ++i) {
438 var c = x.am(i,x_array[i],r,2*i,0,1);
439 if((r_array[i+x.t]+=x.am(i+1,2*x_array[i],r,2*i+1,c,x.t-i-1)) >= BI_DV) {
440 r_array[i+x.t] -= BI_DV;
441 r_array[i+x.t+1] = 1;
442 }
443 }
444 if(r.t > 0) r_array[r.t-1] += x.am(i,x_array[i],r,2*i,0,1);
445 r.s = 0;
446 r.clamp();
447 }
448
449 // (protected) divide this by m, quotient and remainder to q, r (HAC 14.20)
450 // r != q, this != m. q or r may be null.
451 function bnpDivRemTo(m,q,r) {
452 var pm = m.abs();
453 if(pm.t <= 0) return;
454 var pt = this.abs();
455 if(pt.t < pm.t) {
456 if(q != null) q.fromInt(0);
457 if(r != null) this.copyTo(r);
458 return;
459 }
460 if(r == null) r = nbi();
461 var y = nbi(), ts = this.s, ms = m.s;
462 var pm_array = pm.array;
463 var nsh = BI_DB-nbits(pm_array[pm.t-1]); // normalize modulus
464 if(nsh > 0) { pm.lShiftTo(nsh,y); pt.lShiftTo(nsh,r); }
465 else { pm.copyTo(y); pt.copyTo(r); }
466 var ys = y.t;
467
468 var y_array = y.array;
469 var y0 = y_array[ys-1];
470 if(y0 == 0) return;
471 var yt = y0*(1<<BI_F1)+((ys>1)?y_array[ys-2]>>BI_F2:0);
472 var d1 = BI_FV/yt, d2 = (1<<BI_F1)/yt, e = 1<<BI_F2;
473 var i = r.t, j = i-ys, t = (q==null)?nbi():q;
474 y.dlShiftTo(j,t);
475
476 var r_array = r.array;
477 if(r.compareTo(t) >= 0) {
478 r_array[r.t++] = 1;
479 r.subTo(t,r);
480 }
481 BigInteger.ONE.dlShiftTo(ys,t);
482 t.subTo(y,y); // "negative" y so we can replace sub with am later
483 while(y.t < ys) y_array[y.t++] = 0;
484 while(--j >= 0) {
485 // Estimate quotient digit
486 var qd = (r_array[--i]==y0)?BI_DM:Math.floor(r_array[i]*d1+(r_array[i-1]+e)*d2);
487 if((r_array[i]+=y.am(0,qd,r,j,0,ys)) < qd) { // Try it out
488 y.dlShiftTo(j,t);
489 r.subTo(t,r);
490 while(r_array[i] < --qd) r.subTo(t,r);
491 }
492 }
493 if(q != null) {
494 r.drShiftTo(ys,q);
495 if(ts != ms) BigInteger.ZERO.subTo(q,q);
496 }
497 r.t = ys;
498 r.clamp();
499 if(nsh > 0) r.rShiftTo(nsh,r); // Denormalize remainder
500 if(ts < 0) BigInteger.ZERO.subTo(r,r);
501 }
502
503 // (public) this mod a
504 function bnMod(a) {
505 var r = nbi();
506 this.abs().divRemTo(a,null,r);
507 if(this.s < 0 && r.compareTo(BigInteger.ZERO) > 0) a.subTo(r,r);
508 return r;
509 }
510
511 // Modular reduction using "classic" algorithm
512 function Classic(m) { this.m = m; }
513 function cConvert(x) {
514 if(x.s < 0 || x.compareTo(this.m) >= 0) return x.mod(this.m);
515 else return x;
516 }
517 function cRevert(x) { return x; }
518 function cReduce(x) { x.divRemTo(this.m,null,x); }
519 function cMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); }
520 function cSqrTo(x,r) { x.squareTo(r); this.reduce(r); }
521
522 Classic.prototype.convert = cConvert;
523 Classic.prototype.revert = cRevert;
524 Classic.prototype.reduce = cReduce;
525 Classic.prototype.mulTo = cMulTo;
526 Classic.prototype.sqrTo = cSqrTo;
527
528 // (protected) return "-1/this % 2^DB"; useful for Mont. reduction
529 // justification:
530 // xy == 1 (mod m)
531 // xy = 1+km
532 // xy(2-xy) = (1+km)(1-km)
533 // x[y(2-xy)] = 1-k^2m^2
534 // x[y(2-xy)] == 1 (mod m^2)
535 // if y is 1/x mod m, then y(2-xy) is 1/x mod m^2
536 // should reduce x and y(2-xy) by m^2 at each step to keep size bounded.
537 // JS multiply "overflows" differently from C/C++, so care is needed here.
538 function bnpInvDigit() {
539 var this_array = this.array;
540 if(this.t < 1) return 0;
541 var x = this_array[0];
542 if((x&1) == 0) return 0;
543 var y = x&3; // y == 1/x mod 2^2
544 y = (y*(2-(x&0xf)*y))&0xf; // y == 1/x mod 2^4
545 y = (y*(2-(x&0xff)*y))&0xff; // y == 1/x mod 2^8
546 y = (y*(2-(((x&0xffff)*y)&0xffff)))&0xffff; // y == 1/x mod 2^16
547 // last step - calculate inverse mod DV directly;
548 // assumes 16 < DB <= 32 and assumes ability to handle 48-bit ints
549 y = (y*(2-x*y%BI_DV))%BI_DV; // y == 1/x mod 2^dbits
550 // we really want the negative inverse, and -DV < y < DV
551 return (y>0)?BI_DV-y:-y;
552 }
553
554 // Montgomery reduction
555 function Montgomery(m) {
556 this.m = m;
557 this.mp = m.invDigit();
558 this.mpl = this.mp&0x7fff;
559 this.mph = this.mp>>15;
560 this.um = (1<<(BI_DB-15))-1;
561 this.mt2 = 2*m.t;
562 }
563
564 // xR mod m
565 function montConvert(x) {
566 var r = nbi();
567 x.abs().dlShiftTo(this.m.t,r);
568 r.divRemTo(this.m,null,r);
569 if(x.s < 0 && r.compareTo(BigInteger.ZERO) > 0) this.m.subTo(r,r);
570 return r;
571 }
572
573 // x/R mod m
574 function montRevert(x) {
575 var r = nbi();
576 x.copyTo(r);
577 this.reduce(r);
578 return r;
579 }
580
581 // x = x/R mod m (HAC 14.32)
582 function montReduce(x) {
583 var x_array = x.array;
584 while(x.t <= this.mt2) // pad x so am has enough room later
585 x_array[x.t++] = 0;
586 for(var i = 0; i < this.m.t; ++i) {
587 // faster way of calculating u0 = x[i]*mp mod DV
588 var j = x_array[i]&0x7fff;
589 var u0 = (j*this.mpl+(((j*this.mph+(x_array[i]>>15)*this.mpl)&this.um)<<15))&BI_DM;
590 // use am to combine the multiply-shift-add into one call
591 j = i+this.m.t;
592 x_array[j] += this.m.am(0,u0,x,i,0,this.m.t);
593 // propagate carry
594 while(x_array[j] >= BI_DV) { x_array[j] -= BI_DV; x_array[++j]++; }
595 }
596 x.clamp();
597 x.drShiftTo(this.m.t,x);
598 if(x.compareTo(this.m) >= 0) x.subTo(this.m,x);
599 }
600
601 // r = "x^2/R mod m"; x != r
602 function montSqrTo(x,r) { x.squareTo(r); this.reduce(r); }
603
604 // r = "xy/R mod m"; x,y != r
605 function montMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); }
606
607 Montgomery.prototype.convert = montConvert;
608 Montgomery.prototype.revert = montRevert;
609 Montgomery.prototype.reduce = montReduce;
610 Montgomery.prototype.mulTo = montMulTo;
611 Montgomery.prototype.sqrTo = montSqrTo;
612
613 // (protected) true iff this is even
614 function bnpIsEven() {
615 var this_array = this.array;
616 return ((this.t>0)?(this_array[0]&1):this.s) == 0;
617 }
618
619 // (protected) this^e, e < 2^32, doing sqr and mul with "r" (HAC 14.79)
620 function bnpExp(e,z) {
621 if(e > 0xffffffff || e < 1) return BigInteger.ONE;
622 var r = nbi(), r2 = nbi(), g = z.convert(this), i = nbits(e)-1;
623 g.copyTo(r);
624 while(--i >= 0) {
625 z.sqrTo(r,r2);
626 if((e&(1<<i)) > 0) z.mulTo(r2,g,r);
627 else { var t = r; r = r2; r2 = t; }
628 }
629 return z.revert(r);
630 }
631
632 // (public) this^e % m, 0 <= e < 2^32
633 function bnModPowInt(e,m) {
634 var z;
635 if(e < 256 || m.isEven()) z = new Classic(m); else z = new Montgomery(m);
636 return this.exp(e,z);
637 }
638
639 // protected
640 BigInteger.prototype.copyTo = bnpCopyTo;
641 BigInteger.prototype.fromInt = bnpFromInt;
642 BigInteger.prototype.fromString = bnpFromString;
643 BigInteger.prototype.clamp = bnpClamp;
644 BigInteger.prototype.dlShiftTo = bnpDLShiftTo;
645 BigInteger.prototype.drShiftTo = bnpDRShiftTo;
646 BigInteger.prototype.lShiftTo = bnpLShiftTo;
647 BigInteger.prototype.rShiftTo = bnpRShiftTo;
648 BigInteger.prototype.subTo = bnpSubTo;
649 BigInteger.prototype.multiplyTo = bnpMultiplyTo;
650 BigInteger.prototype.squareTo = bnpSquareTo;
651 BigInteger.prototype.divRemTo = bnpDivRemTo;
652 BigInteger.prototype.invDigit = bnpInvDigit;
653 BigInteger.prototype.isEven = bnpIsEven;
654 BigInteger.prototype.exp = bnpExp;
655
656 // public
657 BigInteger.prototype.toString = bnToString;
658 BigInteger.prototype.negate = bnNegate;
659 BigInteger.prototype.abs = bnAbs;
660 BigInteger.prototype.compareTo = bnCompareTo;
661 BigInteger.prototype.bitLength = bnBitLength;
662 BigInteger.prototype.mod = bnMod;
663 BigInteger.prototype.modPowInt = bnModPowInt;
664
665 // "constants"
666 BigInteger.ZERO = nbv(0);
667 BigInteger.ONE = nbv(1);
668 // Copyright (c) 2005 Tom Wu
669 // All Rights Reserved.
670 // See "LICENSE" for details.
671
672 // Extended JavaScript BN functions, required for RSA private ops.
673
674 // (public)
675 function bnClone() { var r = nbi(); this.copyTo(r); return r; }
676
677 // (public) return value as integer
678 function bnIntValue() {
679 var this_array = this.array;
680 if(this.s < 0) {
681 if(this.t == 1) return this_array[0]-BI_DV;
682 else if(this.t == 0) return -1;
683 }
684 else if(this.t == 1) return this_array[0];
685 else if(this.t == 0) return 0;
686 // assumes 16 < DB < 32
687 return ((this_array[1]&((1<<(32-BI_DB))-1))<<BI_DB)|this_array[0];
688 }
689
690 // (public) return value as byte
691 function bnByteValue() {
692 var this_array = this.array;
693 return (this.t==0)?this.s:(this_array[0]<<24)>>24;
694 }
695
696 // (public) return value as short (assumes DB>=16)
697 function bnShortValue() {
698 var this_array = this.array;
699 return (this.t==0)?this.s:(this_array[0]<<16)>>16;
700 }
701
702 // (protected) return x s.t. r^x < DV
703 function bnpChunkSize(r) { return Math.floor(Math.LN2*BI_DB/Math.log(r)); }
704
705 // (public) 0 if this == 0, 1 if this > 0
706 function bnSigNum() {
707 var this_array = this.array;
708 if(this.s < 0) return -1;
709 else if(this.t <= 0 || (this.t == 1 && this_array[0] <= 0)) return 0;
710 else return 1;
711 }
712
713 // (protected) convert to radix string
714 function bnpToRadix(b) {
715 if(b == null) b = 10;
716 if(this.signum() == 0 || b < 2 || b > 36) return "0";
717 var cs = this.chunkSize(b);
718 var a = Math.pow(b,cs);
719 var d = nbv(a), y = nbi(), z = nbi(), r = "";
720 this.divRemTo(d,y,z);
721 while(y.signum() > 0) {
722 r = (a+z.intValue()).toString(b).substr(1) + r;
723 y.divRemTo(d,y,z);
724 }
725 return z.intValue().toString(b) + r;
726 }
727
728 // (protected) convert from radix string
729 function bnpFromRadix(s,b) {
730 this.fromInt(0);
731 if(b == null) b = 10;
732 var cs = this.chunkSize(b);
733 var d = Math.pow(b,cs), mi = false, j = 0, w = 0;
734 for(var i = 0; i < s.length; ++i) {
735 var x = intAt(s,i);
736 if(x < 0) {
737 if(s.charAt(i) == "-" && this.signum() == 0) mi = true;
738 continue;
739 }
740 w = b*w+x;
741 if(++j >= cs) {
742 this.dMultiply(d);
743 this.dAddOffset(w,0);
744 j = 0;
745 w = 0;
746 }
747 }
748 if(j > 0) {
749 this.dMultiply(Math.pow(b,j));
750 this.dAddOffset(w,0);
751 }
752 if(mi) BigInteger.ZERO.subTo(this,this);
753 }
754
755 // (protected) alternate constructor
756 function bnpFromNumber(a,b,c) {
757 if("number" == typeof b) {
758 // new BigInteger(int,int,RNG)
759 if(a < 2) this.fromInt(1);
760 else {
761 this.fromNumber(a,c);
762 if(!this.testBit(a-1)) // force MSB set
763 this.bitwiseTo(BigInteger.ONE.shiftLeft(a-1),op_or,this);
764 if(this.isEven()) this.dAddOffset(1,0); // force odd
765 while(!this.isProbablePrime(b)) {
766 this.dAddOffset(2,0);
767 if(this.bitLength() > a) this.subTo(BigInteger.ONE.shiftLeft(a-1),this);
768 }
769 }
770 }
771 else {
772 // new BigInteger(int,RNG)
773 var x = new Array(), t = a&7;
774 x.length = (a>>3)+1;
775 b.nextBytes(x);
776 if(t > 0) x[0] &= ((1<<t)-1); else x[0] = 0;
777 this.fromString(x,256);
778 }
779 }
780
781 // (public) convert to bigendian byte array
782 function bnToByteArray() {
783 var this_array = this.array;
784 var i = this.t, r = new Array();
785 r[0] = this.s;
786 var p = BI_DB-(i*BI_DB)%8, d, k = 0;
787 if(i-- > 0) {
788 if(p < BI_DB && (d = this_array[i]>>p) != (this.s&BI_DM)>>p)
789 r[k++] = d|(this.s<<(BI_DB-p));
790 while(i >= 0) {
791 if(p < 8) {
792 d = (this_array[i]&((1<<p)-1))<<(8-p);
793 d |= this_array[--i]>>(p+=BI_DB-8);
794 }
795 else {
796 d = (this_array[i]>>(p-=8))&0xff;
797 if(p <= 0) { p += BI_DB; --i; }
798 }
799 if((d&0x80) != 0) d |= -256;
800 if(k == 0 && (this.s&0x80) != (d&0x80)) ++k;
801 if(k > 0 || d != this.s) r[k++] = d;
802 }
803 }
804 return r;
805 }
806
807 function bnEquals(a) { return(this.compareTo(a)==0); }
808 function bnMin(a) { return(this.compareTo(a)<0)?this:a; }
809 function bnMax(a) { return(this.compareTo(a)>0)?this:a; }
810
811 // (protected) r = this op a (bitwise)
812 function bnpBitwiseTo(a,op,r) {
813 var this_array = this.array;
814 var a_array = a.array;
815 var r_array = r.array;
816 var i, f, m = Math.min(a.t,this.t);
817 for(i = 0; i < m; ++i) r_array[i] = op(this_array[i],a_array[i]);
818 if(a.t < this.t) {
819 f = a.s&BI_DM;
820 for(i = m; i < this.t; ++i) r_array[i] = op(this_array[i],f);
821 r.t = this.t;
822 }
823 else {
824 f = this.s&BI_DM;
825 for(i = m; i < a.t; ++i) r_array[i] = op(f,a_array[i]);
826 r.t = a.t;
827 }
828 r.s = op(this.s,a.s);
829 r.clamp();
830 }
831
832 // (public) this & a
833 function op_and(x,y) { return x&y; }
834 function bnAnd(a) { var r = nbi(); this.bitwiseTo(a,op_and,r); return r; }
835
836 // (public) this | a
837 function op_or(x,y) { return x|y; }
838 function bnOr(a) { var r = nbi(); this.bitwiseTo(a,op_or,r); return r; }
839
840 // (public) this ^ a
841 function op_xor(x,y) { return x^y; }
842 function bnXor(a) { var r = nbi(); this.bitwiseTo(a,op_xor,r); return r; }
843
844 // (public) this & ~a
845 function op_andnot(x,y) { return x&~y; }
846 function bnAndNot(a) { var r = nbi(); this.bitwiseTo(a,op_andnot,r); return r; }
847
848 // (public) ~this
849 function bnNot() {
850 var this_array = this.array;
851 var r = nbi();
852 var r_array = r.array;
853
854 for(var i = 0; i < this.t; ++i) r_array[i] = BI_DM&~this_array[i];
855 r.t = this.t;
856 r.s = ~this.s;
857 return r;
858 }
859
860 // (public) this << n
861 function bnShiftLeft(n) {
862 var r = nbi();
863 if(n < 0) this.rShiftTo(-n,r); else this.lShiftTo(n,r);
864 return r;
865 }
866
867 // (public) this >> n
868 function bnShiftRight(n) {
869 var r = nbi();
870 if(n < 0) this.lShiftTo(-n,r); else this.rShiftTo(n,r);
871 return r;
872 }
873
874 // return index of lowest 1-bit in x, x < 2^31
875 function lbit(x) {
876 if(x == 0) return -1;
877 var r = 0;
878 if((x&0xffff) == 0) { x >>= 16; r += 16; }
879 if((x&0xff) == 0) { x >>= 8; r += 8; }
880 if((x&0xf) == 0) { x >>= 4; r += 4; }
881 if((x&3) == 0) { x >>= 2; r += 2; }
882 if((x&1) == 0) ++r;
883 return r;
884 }
885
886 // (public) returns index of lowest 1-bit (or -1 if none)
887 function bnGetLowestSetBit() {
888 var this_array = this.array;
889 for(var i = 0; i < this.t; ++i)
890 if(this_array[i] != 0) return i*BI_DB+lbit(this_array[i]);
891 if(this.s < 0) return this.t*BI_DB;
892 return -1;
893 }
894
895 // return number of 1 bits in x
896 function cbit(x) {
897 var r = 0;
898 while(x != 0) { x &= x-1; ++r; }
899 return r;
900 }
901
902 // (public) return number of set bits
903 function bnBitCount() {
904 var r = 0, x = this.s&BI_DM;
905 for(var i = 0; i < this.t; ++i) r += cbit(this_array[i]^x);
906 return r;
907 }
908
909 // (public) true iff nth bit is set
910 function bnTestBit(n) {
911 var this_array = this.array;
912 var j = Math.floor(n/BI_DB);
913 if(j >= this.t) return(this.s!=0);
914 return((this_array[j]&(1<<(n%BI_DB)))!=0);
915 }
916
917 // (protected) this op (1<<n)
918 function bnpChangeBit(n,op) {
919 var r = BigInteger.ONE.shiftLeft(n);
920 this.bitwiseTo(r,op,r);
921 return r;
922 }
923
924 // (public) this | (1<<n)
925 function bnSetBit(n) { return this.changeBit(n,op_or); }
926
927 // (public) this & ~(1<<n)
928 function bnClearBit(n) { return this.changeBit(n,op_andnot); }
929
930 // (public) this ^ (1<<n)
931 function bnFlipBit(n) { return this.changeBit(n,op_xor); }
932
933 // (protected) r = this + a
934 function bnpAddTo(a,r) {
935 var this_array = this.array;
936 var a_array = a.array;
937 var r_array = r.array;
938 var i = 0, c = 0, m = Math.min(a.t,this.t);
939 while(i < m) {
940 c += this_array[i]+a_array[i];
941 r_array[i++] = c&BI_DM;
942 c >>= BI_DB;
943 }
944 if(a.t < this.t) {
945 c += a.s;
946 while(i < this.t) {
947 c += this_array[i];
948 r_array[i++] = c&BI_DM;
949 c >>= BI_DB;
950 }
951 c += this.s;
952 }
953 else {
954 c += this.s;
955 while(i < a.t) {
956 c += a_array[i];
957 r_array[i++] = c&BI_DM;
958 c >>= BI_DB;
959 }
960 c += a.s;
961 }
962 r.s = (c<0)?-1:0;
963 if(c > 0) r_array[i++] = c;
964 else if(c < -1) r_array[i++] = BI_DV+c;
965 r.t = i;
966 r.clamp();
967 }
968
969 // (public) this + a
970 function bnAdd(a) { var r = nbi(); this.addTo(a,r); return r; }
971
972 // (public) this - a
973 function bnSubtract(a) { var r = nbi(); this.subTo(a,r); return r; }
974
975 // (public) this * a
976 function bnMultiply(a) { var r = nbi(); this.multiplyTo(a,r); return r; }
977
978 // (public) this / a
979 function bnDivide(a) { var r = nbi(); this.divRemTo(a,r,null); return r; }
980
981 // (public) this % a
982 function bnRemainder(a) { var r = nbi(); this.divRemTo(a,null,r); return r; }
983
984 // (public) [this/a,this%a]
985 function bnDivideAndRemainder(a) {
986 var q = nbi(), r = nbi();
987 this.divRemTo(a,q,r);
988 return new Array(q,r);
989 }
990
991 // (protected) this *= n, this >= 0, 1 < n < DV
992 function bnpDMultiply(n) {
993 var this_array = this.array;
994 this_array[this.t] = this.am(0,n-1,this,0,0,this.t);
995 ++this.t;
996 this.clamp();
997 }
998
999 // (protected) this += n << w words, this >= 0
1000 function bnpDAddOffset(n,w) {
1001 var this_array = this.array;
1002 while(this.t <= w) this_array[this.t++] = 0;
1003 this_array[w] += n;
1004 while(this_array[w] >= BI_DV) {
1005 this_array[w] -= BI_DV;
1006 if(++w >= this.t) this_array[this.t++] = 0;
1007 ++this_array[w];
1008 }
1009 }
1010
1011 // A "null" reducer
1012 function NullExp() {}
1013 function nNop(x) { return x; }
1014 function nMulTo(x,y,r) { x.multiplyTo(y,r); }
1015 function nSqrTo(x,r) { x.squareTo(r); }
1016
1017 NullExp.prototype.convert = nNop;
1018 NullExp.prototype.revert = nNop;
1019 NullExp.prototype.mulTo = nMulTo;
1020 NullExp.prototype.sqrTo = nSqrTo;
1021
1022 // (public) this^e
1023 function bnPow(e) { return this.exp(e,new NullExp()); }
1024
1025 // (protected) r = lower n words of "this * a", a.t <= n
1026 // "this" should be the larger one if appropriate.
1027 function bnpMultiplyLowerTo(a,n,r) {
1028 var r_array = r.array;
1029 var a_array = a.array;
1030 var i = Math.min(this.t+a.t,n);
1031 r.s = 0; // assumes a,this >= 0
1032 r.t = i;
1033 while(i > 0) r_array[--i] = 0;
1034 var j;
1035 for(j = r.t-this.t; i < j; ++i) r_array[i+this.t] = this.am(0,a_array[i],r,i,0,this.t);
1036 for(j = Math.min(a.t,n); i < j; ++i) this.am(0,a_array[i],r,i,0,n-i);
1037 r.clamp();
1038 }
1039
1040 // (protected) r = "this * a" without lower n words, n > 0
1041 // "this" should be the larger one if appropriate.
1042 function bnpMultiplyUpperTo(a,n,r) {
1043 var r_array = r.array;
1044 var a_array = a.array;
1045 --n;
1046 var i = r.t = this.t+a.t-n;
1047 r.s = 0; // assumes a,this >= 0
1048 while(--i >= 0) r_array[i] = 0;
1049 for(i = Math.max(n-this.t,0); i < a.t; ++i)
1050 r_array[this.t+i-n] = this.am(n-i,a_array[i],r,0,0,this.t+i-n);
1051 r.clamp();
1052 r.drShiftTo(1,r);
1053 }
1054
1055 // Barrett modular reduction
1056 function Barrett(m) {
1057 // setup Barrett
1058 this.r2 = nbi();
1059 this.q3 = nbi();
1060 BigInteger.ONE.dlShiftTo(2*m.t,this.r2);
1061 this.mu = this.r2.divide(m);
1062 this.m = m;
1063 }
1064
1065 function barrettConvert(x) {
1066 if(x.s < 0 || x.t > 2*this.m.t) return x.mod(this.m);
1067 else if(x.compareTo(this.m) < 0) return x;
1068 else { var r = nbi(); x.copyTo(r); this.reduce(r); return r; }
1069 }
1070
1071 function barrettRevert(x) { return x; }
1072
1073 // x = x mod m (HAC 14.42)
1074 function barrettReduce(x) {
1075 x.drShiftTo(this.m.t-1,this.r2);
1076 if(x.t > this.m.t+1) { x.t = this.m.t+1; x.clamp(); }
1077 this.mu.multiplyUpperTo(this.r2,this.m.t+1,this.q3);
1078 this.m.multiplyLowerTo(this.q3,this.m.t+1,this.r2);
1079 while(x.compareTo(this.r2) < 0) x.dAddOffset(1,this.m.t+1);
1080 x.subTo(this.r2,x);
1081 while(x.compareTo(this.m) >= 0) x.subTo(this.m,x);
1082 }
1083
1084 // r = x^2 mod m; x != r
1085 function barrettSqrTo(x,r) { x.squareTo(r); this.reduce(r); }
1086
1087 // r = x*y mod m; x,y != r
1088 function barrettMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); }
1089
1090 Barrett.prototype.convert = barrettConvert;
1091 Barrett.prototype.revert = barrettRevert;
1092 Barrett.prototype.reduce = barrettReduce;
1093 Barrett.prototype.mulTo = barrettMulTo;
1094 Barrett.prototype.sqrTo = barrettSqrTo;
1095
1096 // (public) this^e % m (HAC 14.85)
1097 function bnModPow(e,m) {
1098 var e_array = e.array;
1099 var i = e.bitLength(), k, r = nbv(1), z;
1100 if(i <= 0) return r;
1101 else if(i < 18) k = 1;
1102 else if(i < 48) k = 3;
1103 else if(i < 144) k = 4;
1104 else if(i < 768) k = 5;
1105 else k = 6;
1106 if(i < 8)
1107 z = new Classic(m);
1108 else if(m.isEven())
1109 z = new Barrett(m);
1110 else
1111 z = new Montgomery(m);
1112
1113 // precomputation
1114 var g = new Array(), n = 3, k1 = k-1, km = (1<<k)-1;
1115 g[1] = z.convert(this);
1116 if(k > 1) {
1117 var g2 = nbi();
1118 z.sqrTo(g[1],g2);
1119 while(n <= km) {
1120 g[n] = nbi();
1121 z.mulTo(g2,g[n-2],g[n]);
1122 n += 2;
1123 }
1124 }
1125
1126 var j = e.t-1, w, is1 = true, r2 = nbi(), t;
1127 i = nbits(e_array[j])-1;
1128 while(j >= 0) {
1129 if(i >= k1) w = (e_array[j]>>(i-k1))&km;
1130 else {
1131 w = (e_array[j]&((1<<(i+1))-1))<<(k1-i);
1132 if(j > 0) w |= e_array[j-1]>>(BI_DB+i-k1);
1133 }
1134
1135 n = k;
1136 while((w&1) == 0) { w >>= 1; --n; }
1137 if((i -= n) < 0) { i += BI_DB; --j; }
1138 if(is1) { // ret == 1, don't bother squaring or multiplying it
1139 g[w].copyTo(r);
1140 is1 = false;
1141 }
1142 else {
1143 while(n > 1) { z.sqrTo(r,r2); z.sqrTo(r2,r); n -= 2; }
1144 if(n > 0) z.sqrTo(r,r2); else { t = r; r = r2; r2 = t; }
1145 z.mulTo(r2,g[w],r);
1146 }
1147
1148 while(j >= 0 && (e_array[j]&(1<<i)) == 0) {
1149 z.sqrTo(r,r2); t = r; r = r2; r2 = t;
1150 if(--i < 0) { i = BI_DB-1; --j; }
1151 }
1152 }
1153 return z.revert(r);
1154 }
1155
1156 // (public) gcd(this,a) (HAC 14.54)
1157 function bnGCD(a) {
1158 var x = (this.s<0)?this.negate():this.clone();
1159 var y = (a.s<0)?a.negate():a.clone();
1160 if(x.compareTo(y) < 0) { var t = x; x = y; y = t; }
1161 var i = x.getLowestSetBit(), g = y.getLowestSetBit();
1162 if(g < 0) return x;
1163 if(i < g) g = i;
1164 if(g > 0) {
1165 x.rShiftTo(g,x);
1166 y.rShiftTo(g,y);
1167 }
1168 while(x.signum() > 0) {
1169 if((i = x.getLowestSetBit()) > 0) x.rShiftTo(i,x);
1170 if((i = y.getLowestSetBit()) > 0) y.rShiftTo(i,y);
1171 if(x.compareTo(y) >= 0) {
1172 x.subTo(y,x);
1173 x.rShiftTo(1,x);
1174 }
1175 else {
1176 y.subTo(x,y);
1177 y.rShiftTo(1,y);
1178 }
1179 }
1180 if(g > 0) y.lShiftTo(g,y);
1181 return y;
1182 }
1183
1184 // (protected) this % n, n < 2^26
1185 function bnpModInt(n) {
1186 var this_array = this.array;
1187 if(n <= 0) return 0;
1188 var d = BI_DV%n, r = (this.s<0)?n-1:0;
1189 if(this.t > 0)
1190 if(d == 0) r = this_array[0]%n;
1191 else for(var i = this.t-1; i >= 0; --i) r = (d*r+this_array[i])%n;
1192 return r;
1193 }
1194
1195 // (public) 1/this % m (HAC 14.61)
1196 function bnModInverse(m) {
1197 var ac = m.isEven();
1198 if((this.isEven() && ac) || m.signum() == 0) return BigInteger.ZERO;
1199 var u = m.clone(), v = this.clone();
1200 var a = nbv(1), b = nbv(0), c = nbv(0), d = nbv(1);
1201 while(u.signum() != 0) {
1202 while(u.isEven()) {
1203 u.rShiftTo(1,u);
1204 if(ac) {
1205 if(!a.isEven() || !b.isEven()) { a.addTo(this,a); b.subTo(m,b); }
1206 a.rShiftTo(1,a);
1207 }
1208 else if(!b.isEven()) b.subTo(m,b);
1209 b.rShiftTo(1,b);
1210 }
1211 while(v.isEven()) {
1212 v.rShiftTo(1,v);
1213 if(ac) {
1214 if(!c.isEven() || !d.isEven()) { c.addTo(this,c); d.subTo(m,d); }
1215 c.rShiftTo(1,c);
1216 }
1217 else if(!d.isEven()) d.subTo(m,d);
1218 d.rShiftTo(1,d);
1219 }
1220 if(u.compareTo(v) >= 0) {
1221 u.subTo(v,u);
1222 if(ac) a.subTo(c,a);
1223 b.subTo(d,b);
1224 }
1225 else {
1226 v.subTo(u,v);
1227 if(ac) c.subTo(a,c);
1228 d.subTo(b,d);
1229 }
1230 }
1231 if(v.compareTo(BigInteger.ONE) != 0) return BigInteger.ZERO;
1232 if(d.compareTo(m) >= 0) return d.subtract(m);
1233 if(d.signum() < 0) d.addTo(m,d); else return d;
1234 if(d.signum() < 0) return d.add(m); else return d;
1235 }
1236
1237 var lowprimes = [2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509];
1238 var lplim = (1<<26)/lowprimes[lowprimes.length-1];
1239
1240 // (public) test primality with certainty >= 1-.5^t
1241 function bnIsProbablePrime(t) {
1242 var i, x = this.abs();
1243 var x_array = x.array;
1244 if(x.t == 1 && x_array[0] <= lowprimes[lowprimes.length-1]) {
1245 for(i = 0; i < lowprimes.length; ++i)
1246 if(x_array[0] == lowprimes[i]) return true;
1247 return false;
1248 }
1249 if(x.isEven()) return false;
1250 i = 1;
1251 while(i < lowprimes.length) {
1252 var m = lowprimes[i], j = i+1;
1253 while(j < lowprimes.length && m < lplim) m *= lowprimes[j++];
1254 m = x.modInt(m);
1255 while(i < j) if(m%lowprimes[i++] == 0) return false;
1256 }
1257 return x.millerRabin(t);
1258 }
1259
1260 // (protected) true if probably prime (HAC 4.24, Miller-Rabin)
1261 function bnpMillerRabin(t) {
1262 var n1 = this.subtract(BigInteger.ONE);
1263 var k = n1.getLowestSetBit();
1264 if(k <= 0) return false;
1265 var r = n1.shiftRight(k);
1266 t = (t+1)>>1;
1267 if(t > lowprimes.length) t = lowprimes.length;
1268 var a = nbi();
1269 for(var i = 0; i < t; ++i) {
1270 a.fromInt(lowprimes[i]);
1271 var y = a.modPow(r,this);
1272 if(y.compareTo(BigInteger.ONE) != 0 && y.compareTo(n1) != 0) {
1273 var j = 1;
1274 while(j++ < k && y.compareTo(n1) != 0) {
1275 y = y.modPowInt(2,this);
1276 if(y.compareTo(BigInteger.ONE) == 0) return false;
1277 }
1278 if(y.compareTo(n1) != 0) return false;
1279 }
1280 }
1281 return true;
1282 }
1283
1284 // protected
1285 BigInteger.prototype.chunkSize = bnpChunkSize;
1286 BigInteger.prototype.toRadix = bnpToRadix;
1287 BigInteger.prototype.fromRadix = bnpFromRadix;
1288 BigInteger.prototype.fromNumber = bnpFromNumber;
1289 BigInteger.prototype.bitwiseTo = bnpBitwiseTo;
1290 BigInteger.prototype.changeBit = bnpChangeBit;
1291 BigInteger.prototype.addTo = bnpAddTo;
1292 BigInteger.prototype.dMultiply = bnpDMultiply;
1293 BigInteger.prototype.dAddOffset = bnpDAddOffset;
1294 BigInteger.prototype.multiplyLowerTo = bnpMultiplyLowerTo;
1295 BigInteger.prototype.multiplyUpperTo = bnpMultiplyUpperTo;
1296 BigInteger.prototype.modInt = bnpModInt;
1297 BigInteger.prototype.millerRabin = bnpMillerRabin;
1298
1299 // public
1300 BigInteger.prototype.clone = bnClone;
1301 BigInteger.prototype.intValue = bnIntValue;
1302 BigInteger.prototype.byteValue = bnByteValue;
1303 BigInteger.prototype.shortValue = bnShortValue;
1304 BigInteger.prototype.signum = bnSigNum;
1305 BigInteger.prototype.toByteArray = bnToByteArray;
1306 BigInteger.prototype.equals = bnEquals;
1307 BigInteger.prototype.min = bnMin;
1308 BigInteger.prototype.max = bnMax;
1309 BigInteger.prototype.and = bnAnd;
1310 BigInteger.prototype.or = bnOr;
1311 BigInteger.prototype.xor = bnXor;
1312 BigInteger.prototype.andNot = bnAndNot;
1313 BigInteger.prototype.not = bnNot;
1314 BigInteger.prototype.shiftLeft = bnShiftLeft;
1315 BigInteger.prototype.shiftRight = bnShiftRight;
1316 BigInteger.prototype.getLowestSetBit = bnGetLowestSetBit;
1317 BigInteger.prototype.bitCount = bnBitCount;
1318 BigInteger.prototype.testBit = bnTestBit;
1319 BigInteger.prototype.setBit = bnSetBit;
1320 BigInteger.prototype.clearBit = bnClearBit;
1321 BigInteger.prototype.flipBit = bnFlipBit;
1322 BigInteger.prototype.add = bnAdd;
1323 BigInteger.prototype.subtract = bnSubtract;
1324 BigInteger.prototype.multiply = bnMultiply;
1325 BigInteger.prototype.divide = bnDivide;
1326 BigInteger.prototype.remainder = bnRemainder;
1327 BigInteger.prototype.divideAndRemainder = bnDivideAndRemainder;
1328 BigInteger.prototype.modPow = bnModPow;
1329 BigInteger.prototype.modInverse = bnModInverse;
1330 BigInteger.prototype.pow = bnPow;
1331 BigInteger.prototype.gcd = bnGCD;
1332 BigInteger.prototype.isProbablePrime = bnIsProbablePrime;
1333
1334 // BigInteger interfaces not implemented in jsbn:
1335
1336 // BigInteger(int signum, byte[] magnitude)
1337 // double doubleValue()
1338 // float floatValue()
1339 // int hashCode()
1340 // long longValue()
1341 // static BigInteger valueOf(long val)
1342 // prng4.js - uses Arcfour as a PRNG
1343
1344 function Arcfour() {
1345 this.i = 0;
1346 this.j = 0;
1347 this.S = new Array();
1348 }
1349
1350 // Initialize arcfour context from key, an array of ints, each from [0..255]
1351 function ARC4init(key) {
1352 var i, j, t;
1353 for(i = 0; i < 256; ++i)
1354 this.S[i] = i;
1355 j = 0;
1356 for(i = 0; i < 256; ++i) {
1357 j = (j + this.S[i] + key[i % key.length]) & 255;
1358 t = this.S[i];
1359 this.S[i] = this.S[j];
1360 this.S[j] = t;
1361 }
1362 this.i = 0;
1363 this.j = 0;
1364 }
1365
1366 function ARC4next() {
1367 var t;
1368 this.i = (this.i + 1) & 255;
1369 this.j = (this.j + this.S[this.i]) & 255;
1370 t = this.S[this.i];
1371 this.S[this.i] = this.S[this.j];
1372 this.S[this.j] = t;
1373 return this.S[(t + this.S[this.i]) & 255];
1374 }
1375
1376 Arcfour.prototype.init = ARC4init;
1377 Arcfour.prototype.next = ARC4next;
1378
1379 // Plug in your RNG constructor here
1380 function prng_newstate() {
1381 return new Arcfour();
1382 }
1383
1384 // Pool size must be a multiple of 4 and greater than 32.
1385 // An array of bytes the size of the pool will be passed to init()
1386 var rng_psize = 256;
1387 // Random number generator - requires a PRNG backend, e.g. prng4.js
1388
1389 // For best results, put code like
1390 // <body onClick='rng_seed_time();' onKeyPress='rng_seed_time();'>
1391 // in your main HTML document.
1392
1393 var rng_state;
1394 var rng_pool;
1395 var rng_pptr;
1396
1397 // Mix in a 32-bit integer into the pool
1398 function rng_seed_int(x) {
1399 rng_pool[rng_pptr++] ^= x & 255;
1400 rng_pool[rng_pptr++] ^= (x >> 8) & 255;
1401 rng_pool[rng_pptr++] ^= (x >> 16) & 255;
1402 rng_pool[rng_pptr++] ^= (x >> 24) & 255;
1403 if(rng_pptr >= rng_psize) rng_pptr -= rng_psize;
1404 }
1405
1406 // Mix in the current time (w/milliseconds) into the pool
1407 function rng_seed_time() {
1408 // Use pre-computed date to avoid making the benchmark
1409 // results dependent on the current date.
1410 rng_seed_int(1122926989487);
1411 }
1412
1413 // Initialize the pool with junk if needed.
1414 if(rng_pool == null) {
1415 rng_pool = new Array();
1416 rng_pptr = 0;
1417 var t;
1418 while(rng_pptr < rng_psize) { // extract some randomness from Math.random()
1419 t = Math.floor(65536 * Math.random());
1420 rng_pool[rng_pptr++] = t >>> 8;
1421 rng_pool[rng_pptr++] = t & 255;
1422 }
1423 rng_pptr = 0;
1424 rng_seed_time();
1425 //rng_seed_int(window.screenX);
1426 //rng_seed_int(window.screenY);
1427 }
1428
1429 function rng_get_byte() {
1430 if(rng_state == null) {
1431 rng_seed_time();
1432 rng_state = prng_newstate();
1433 rng_state.init(rng_pool);
1434 for(rng_pptr = 0; rng_pptr < rng_pool.length; ++rng_pptr)
1435 rng_pool[rng_pptr] = 0;
1436 rng_pptr = 0;
1437 //rng_pool = null;
1438 }
1439 // TODO: allow reseeding after first request
1440 return rng_state.next();
1441 }
1442
1443 function rng_get_bytes(ba) {
1444 var i;
1445 for(i = 0; i < ba.length; ++i) ba[i] = rng_get_byte();
1446 }
1447
1448 function SecureRandom() {}
1449
1450 SecureRandom.prototype.nextBytes = rng_get_bytes;
1451 // Depends on jsbn.js and rng.js
1452
1453 // convert a (hex) string to a bignum object
1454 function parseBigInt(str,r) {
1455 return new BigInteger(str,r);
1456 }
1457
1458 function linebrk(s,n) {
1459 var ret = "";
1460 var i = 0;
1461 while(i + n < s.length) {
1462 ret += s.substring(i,i+n) + "\n";
1463 i += n;
1464 }
1465 return ret + s.substring(i,s.length);
1466 }
1467
1468 function byte2Hex(b) {
1469 if(b < 0x10)
1470 return "0" + b.toString(16);
1471 else
1472 return b.toString(16);
1473 }
1474
1475 // PKCS#1 (type 2, random) pad input string s to n bytes, and return a bigint
1476 function pkcs1pad2(s,n) {
1477 if(n < s.length + 11) {
1478 alert("Message too long for RSA");
1479 return null;
1480 }
1481 var ba = new Array();
1482 var i = s.length - 1;
1483 while(i >= 0 && n > 0) ba[--n] = s.charCodeAt(i--);
1484 ba[--n] = 0;
1485 var rng = new SecureRandom();
1486 var x = new Array();
1487 while(n > 2) { // random non-zero pad
1488 x[0] = 0;
1489 while(x[0] == 0) rng.nextBytes(x);
1490 ba[--n] = x[0];
1491 }
1492 ba[--n] = 2;
1493 ba[--n] = 0;
1494 return new BigInteger(ba);
1495 }
1496
1497 // "empty" RSA key constructor
1498 function RSAKey() {
1499 this.n = null;
1500 this.e = 0;
1501 this.d = null;
1502 this.p = null;
1503 this.q = null;
1504 this.dmp1 = null;
1505 this.dmq1 = null;
1506 this.coeff = null;
1507 }
1508
1509 // Set the public key fields N and e from hex strings
1510 function RSASetPublic(N,E) {
1511 if(N != null && E != null && N.length > 0 && E.length > 0) {
1512 this.n = parseBigInt(N,16);
1513 this.e = parseInt(E,16);
1514 }
1515 else
1516 alert("Invalid RSA public key");
1517 }
1518
1519 // Perform raw public operation on "x": return x^e (mod n)
1520 function RSADoPublic(x) {
1521 return x.modPowInt(this.e, this.n);
1522 }
1523
1524 // Return the PKCS#1 RSA encryption of "text" as an even-length hex string
1525 function RSAEncrypt(text) {
1526 var m = pkcs1pad2(text,(this.n.bitLength()+7)>>3);
1527 if(m == null) return null;
1528 var c = this.doPublic(m);
1529 if(c == null) return null;
1530 var h = c.toString(16);
1531 if((h.length & 1) == 0) return h; else return "0" + h;
1532 }
1533
1534 // Return the PKCS#1 RSA encryption of "text" as a Base64-encoded string
1535 //function RSAEncryptB64(text) {
1536 // var h = this.encrypt(text);
1537 // if(h) return hex2b64(h); else return null;
1538 //}
1539
1540 // protected
1541 RSAKey.prototype.doPublic = RSADoPublic;
1542
1543 // public
1544 RSAKey.prototype.setPublic = RSASetPublic;
1545 RSAKey.prototype.encrypt = RSAEncrypt;
1546 //RSAKey.prototype.encrypt_b64 = RSAEncryptB64;
1547 // Depends on rsa.js and jsbn2.js
1548
1549 // Undo PKCS#1 (type 2, random) padding and, if valid, return the plaintext
1550 function pkcs1unpad2(d,n) {
1551 var b = d.toByteArray();
1552 var i = 0;
1553 while(i < b.length && b[i] == 0) ++i;
1554 if(b.length-i != n-1 || b[i] != 2)
1555 return null;
1556 ++i;
1557 while(b[i] != 0)
1558 if(++i >= b.length) return null;
1559 var ret = "";
1560 while(++i < b.length)
1561 ret += String.fromCharCode(b[i]);
1562 return ret;
1563 }
1564
1565 // Set the private key fields N, e, and d from hex strings
1566 function RSASetPrivate(N,E,D) {
1567 if(N != null && E != null && N.length > 0 && E.length > 0) {
1568 this.n = parseBigInt(N,16);
1569 this.e = parseInt(E,16);
1570 this.d = parseBigInt(D,16);
1571 }
1572 else
1573 alert("Invalid RSA private key");
1574 }
1575
1576 // Set the private key fields N, e, d and CRT params from hex strings
1577 function RSASetPrivateEx(N,E,D,P,Q,DP,DQ,C) {
1578 if(N != null && E != null && N.length > 0 && E.length > 0) {
1579 this.n = parseBigInt(N,16);
1580 this.e = parseInt(E,16);
1581 this.d = parseBigInt(D,16);
1582 this.p = parseBigInt(P,16);
1583 this.q = parseBigInt(Q,16);
1584 this.dmp1 = parseBigInt(DP,16);
1585 this.dmq1 = parseBigInt(DQ,16);
1586 this.coeff = parseBigInt(C,16);
1587 }
1588 else
1589 alert("Invalid RSA private key");
1590 }
1591
1592 // Generate a new random private key B bits long, using public expt E
1593 function RSAGenerate(B,E) {
1594 var rng = new SecureRandom();
1595 var qs = B>>1;
1596 this.e = parseInt(E,16);
1597 var ee = new BigInteger(E,16);
1598 for(;;) {
1599 for(;;) {
1600 this.p = new BigInteger(B-qs,1,rng);
1601 if(this.p.subtract(BigInteger.ONE).gcd(ee).compareTo(BigInteger.ONE) == 0 && this.p.isProbablePrime(10)) break;
1602 }
1603 for(;;) {
1604 this.q = new BigInteger(qs,1,rng);
1605 if(this.q.subtract(BigInteger.ONE).gcd(ee).compareTo(BigInteger.ONE) == 0 && this.q.isProbablePrime(10)) break;
1606 }
1607 if(this.p.compareTo(this.q) <= 0) {
1608 var t = this.p;
1609 this.p = this.q;
1610 this.q = t;
1611 }
1612 var p1 = this.p.subtract(BigInteger.ONE);
1613 var q1 = this.q.subtract(BigInteger.ONE);
1614 var phi = p1.multiply(q1);
1615 if(phi.gcd(ee).compareTo(BigInteger.ONE) == 0) {
1616 this.n = this.p.multiply(this.q);
1617 this.d = ee.modInverse(phi);
1618 this.dmp1 = this.d.mod(p1);
1619 this.dmq1 = this.d.mod(q1);
1620 this.coeff = this.q.modInverse(this.p);
1621 break;
1622 }
1623 }
1624 }
1625
1626 // Perform raw private operation on "x": return x^d (mod n)
1627 function RSADoPrivate(x) {
1628 if(this.p == null || this.q == null)
1629 return x.modPow(this.d, this.n);
1630
1631 // TODO: re-calculate any missing CRT params
1632 var xp = x.mod(this.p).modPow(this.dmp1, this.p);
1633 var xq = x.mod(this.q).modPow(this.dmq1, this.q);
1634
1635 while(xp.compareTo(xq) < 0)
1636 xp = xp.add(this.p);
1637 return xp.subtract(xq).multiply(this.coeff).mod(this.p).multiply(this.q).add(xq);
1638 }
1639
1640 // Return the PKCS#1 RSA decryption of "ctext".
1641 // "ctext" is an even-length hex string and the output is a plain string.
1642 function RSADecrypt(ctext) {
1643 var c = parseBigInt(ctext, 16);
1644 var m = this.doPrivate(c);
1645 if(m == null) return null;
1646 return pkcs1unpad2(m, (this.n.bitLength()+7)>>3);
1647 }
1648
1649 // Return the PKCS#1 RSA decryption of "ctext".
1650 // "ctext" is a Base64-encoded string and the output is a plain string.
1651 //function RSAB64Decrypt(ctext) {
1652 // var h = b64tohex(ctext);
1653 // if(h) return this.decrypt(h); else return null;
1654 //}
1655
1656 // protected
1657 RSAKey.prototype.doPrivate = RSADoPrivate;
1658
1659 // public
1660 RSAKey.prototype.setPrivate = RSASetPrivate;
1661 RSAKey.prototype.setPrivateEx = RSASetPrivateEx;
1662 RSAKey.prototype.generate = RSAGenerate;
1663 RSAKey.prototype.decrypt = RSADecrypt;
1664 //RSAKey.prototype.b64_decrypt = RSAB64Decrypt;
1665
1666
1667 nValue="a5261939975948bb7a58dffe5ff54e65f0498f9175f5a09288810b8975871e99af3b5dd94057b0fc07535f5f97444504fa35169d461d0d30cf0192e307727c065168c788771c561a9400fb49175e9e6aa4e23fe11af69e9412dd23b0cb6684c4c2429bce139e848ab26d0829073351f4acd36074eafd036a5eb83359d2a698d3";
1668 eValue="10001";
1669 dValue="8e9912f6d3645894e8d38cb58c0db81ff516cf4c7e5a14c7f1eddb1459d2cded4d8d293fc97aee6aefb861859c8b6a3d1dfe710463e1f9ddc72048c09751971c4a580aa51eb523357a3cc48d31cfad1d4a165066ed92d4748fb6571211da5cb14bc11b6e2df7c1a559e6d5ac1cd5c94703a22891464fba23d0d965086277a161";
1670 pValue="d090ce58a92c75233a6486cb0a9209bf3583b64f540c76f5294bb97d285eed33aec220bde14b2417951178ac152ceab6da7090905b478195498b352048f15e7d";
1671 qValue="cab575dc652bb66df15a0359609d51d1db184750c00c6698b90ef3465c99655103edbf0d54c56aec0ce3c4d22592338092a126a0cc49f65a4a30d222b411e58f";
1672 dmp1Value="1a24bca8e273df2f0e47c199bbf678604e7df7215480c77c8db39f49b000ce2cf7500038acfff5433b7d582a01f1826e6f4d42e1c57f5e1fef7b12aabc59fd25";
1673 dmq1Value="3d06982efbbe47339e1f6d36b1216b8a741d410b0c662f54f7118b27b9a4ec9d914337eb39841d8666f3034408cf94f5b62f11c402fc994fe15a05493150d9fd";
1674 coeffValue="3a3e731acd8960b7ff9eb81a7ff93bd1cfa74cbd56987db58b4594fb09c09084db1734c8143f98b602b981aaa9243ca28deb69b5b280ee8dcee0fd2625e53250";
1675
1676 setupEngine(am3, 28);
1677
1678 var TEXT = "The quick brown fox jumped over the extremely lazy frog! " +
1679 "Now is the time for all good men to come to the party.";
1680 var encrypted;
1681
1682 window.onload = function(){ startTest("v8-crypto", 'f0250ffa');
1683
1684 test("RSA Encrypt", function encrypt() {
1685 var RSA = new RSAKey();
1686 RSA.setPublic(nValue, eValue);
1687 RSA.setPrivateEx(nValue, eValue, dValue, pValue, qValue, dmp1Value, dmq1Value, coeffValue);
1688 encrypted = RSA.encrypt(TEXT);
1689 });
1690
1691 test("RSA Decrypt", function decrypt() {
1692 var RSA = new RSAKey();
1693 RSA.setPublic(nValue, eValue);
1694 RSA.setPrivateEx(nValue, eValue, dValue, pValue, qValue, dmp1Value, dmq1Value, coeffValue);
1695 var decrypted = RSA.decrypt(encrypted);
1696 if (decrypted != TEXT) {
1697 throw new Error("Crypto operation failed");
1698 }
1699 });
1700
1701 endTest(); };
1702 </script>
1703 </head>
1704 <body></body>
1705 </html>