@ -44,7 +44,7 @@ d[b].toString(16);b<this.limbs.length-1&&c.length<6;)c="0"+c;a=c+a}return"0x"+a}
e = new sjcl . bn ( a ) , f , g = 1 ; if ( ! ( a . limbs [ 0 ] & 1 ) ) throw new sjcl . exception . invalid ( "inverseMod: p must be odd" ) ; do { if ( d . limbs [ 0 ] & 1 ) { if ( ! d . greaterEquals ( e ) ) { f = d ; d = e ; e = f ; f = b ; b = c ; c = f } d . subM ( e ) ; d . normalize ( ) ; b . greaterEquals ( c ) || b . addM ( a ) ; b . subM ( c ) } d . halveM ( ) ; b . limbs [ 0 ] & 1 && b . addM ( a ) ; b . normalize ( ) ; b . halveM ( ) ; for ( f = g = 0 ; f < d . limbs . length ; f ++ ) g |= d . limbs [ f ] } while ( g ) ; if ( ! e . equals ( 1 ) ) throw new sjcl . exception . invalid ( "inverseMod: p and x must be relatively prime" ) ; return c } , add : function ( a ) { return this . copy ( ) . addM ( a ) } ,
sub : function ( a ) { return this . copy ( ) . subM ( a ) } , mul : function ( a ) { if ( typeof a == "number" ) a = new this . d ( a ) ; var b , c = this . limbs , d = a . limbs , e = c . length , f = d . length , g = new this . d , h = g . limbs , j , n = this . maxMul ; for ( b = 0 ; b < this . limbs . length + a . limbs . length + 1 ; b ++ ) h [ b ] = 0 ; for ( b = 0 ; b < e ; b ++ ) { j = c [ b ] ; for ( a = 0 ; a < f ; a ++ ) h [ b + a ] += j * d [ a ] ; if ( ! -- n ) { n = this . maxMul ; g . cnormalize ( ) } } return g . cnormalize ( ) . reduce ( ) } , square : function ( ) { return this . mul ( this ) } , power : function ( a ) { if ( typeof a == "number" ) a = [ a ] ; else if ( a . limbs !== undefined ) a = a . normalize ( ) . limbs ;
var b , c = new this . d ( 1 ) , d = this ; for ( i = 0 ; i < a . length ; i ++ ) for ( b = 0 ; b < this . radix ; b ++ ) { if ( a [ i ] & 1 << b ) c = c . mul ( d ) ; d = d . square ( ) } return c } , trim : function ( ) { var a = this . limbs , b ; do b = a . pop ( ) ; while ( a . length && b == 0 ) ; a . push ( b ) ; return this } , reduce : function ( ) { return this } , fullReduce : function ( ) { return this . normalize ( ) } , normalize : function ( ) { var a = 0 , b , c = this . ipv , d , e = this . limbs , f = e . length , g = this . radixMask ; for ( b = 0 ; b < f || a !== 0 && a !== - 1 ; b ++ ) { a = ( e [ b ] || 0 ) + a ; d = e [ b ] = a & g ; a = ( a - d ) * c } if ( a == - 1 ) e [ b - 1 ] -= this . placeVal ; return this } , cnormalize : function ( ) { var a =
0 , b , c = this . ipv , d , e = this . limbs , f = e . length , g = this . radixMask ; for ( b = 0 ; b < f - 1 ; b ++ ) { a = e [ b ] + a ; d = e [ b ] = a & g ; a = ( a - d ) * c } e [ b ] += a ; return this } , toBits : function ( a ) { this . fullReduce ( ) ; a = a || this . exponent || this . limbs . length * this . radix ; var b = Math . floor ( ( a - 1 ) / 24 ) , c = sjcl . bitArray ; out = [ c . partial ( ( a + 7 & - 8 ) % this . radix || this . radix , this . getLimb ( b ) ) ] ; for ( b -- ; b >= 0 ; b -- ) out= c . concat ( out , [ c . partial ( this . radix , this . getLimb ( b ) ) ] ) ; return out } , bitLength : function ( ) { this . fullReduce ( ) ; for ( var a = this . radix * ( this . limbs . length - 1 ) , b = this . limbs [ this . limbs . length -
0 , b , c = this . ipv , d , e = this . limbs , f = e . length , g = this . radixMask ; for ( b = 0 ; b < f - 1 ; b ++ ) { a = e [ b ] + a ; d = e [ b ] = a & g ; a = ( a - d ) * c } e [ b ] += a ; return this } , toBits : function ( a ) { this . fullReduce ( ) ; a = a || this . exponent || this . limbs . length * this . radix ; var b = Math . floor ( ( a - 1 ) / 24 ) , c = sjcl . bitArray ; a = [ c . partial ( ( a + 7 & - 8 ) % this . radix || this . radix , this . getLimb ( b ) ) ] ; for ( b -- ; b >= 0 ; b -- ) a= c . concat ( a , [ c . partial ( this . radix , this . getLimb ( b ) ) ] ) ; return a } , bitLength : function ( ) { this . fullReduce ( ) ; for ( var a = this . radix * ( this . limbs . length - 1 ) , b = this . limbs [ this . limbs . length -
1 ] ; b ; b >>= 1 ) a ++ ; return a + 7 & - 8 } } ; sjcl . bn . fromBits = function ( a ) { var b = new this , c = [ ] , d = sjcl . bitArray , e = this . prototype , f = Math . min ( this . bitLength || 0x100000000 , d . bitLength ( a ) ) , g = f % e . radix || e . radix ; for ( c [ 0 ] = d . extract ( a , 0 , g ) ; g < f ; g += e . radix ) c . unshift ( d . extract ( a , g , e . radix ) ) ; b . limbs = c ; return b } ; sjcl . bn . prototype . ipv = 1 / ( sjcl . bn . prototype . placeVal = Math . pow ( 2 , sjcl . bn . prototype . radix ) ) ; sjcl . bn . prototype . radixMask = ( 1 << sjcl . bn . prototype . radix ) - 1 ;
sjcl . bn . pseudoMersennePrime = function ( a , b ) { function c ( g ) { this . initWith ( g ) } var d = c . prototype = new sjcl . bn , e , f ; e = d . modOffset = Math . ceil ( f = a / d . radix ) ; d . exponent = a ; d . offset = [ ] ; d . factor = [ ] ; d . minOffset = e ; d . fullMask = 0 ; d . fullOffset = [ ] ; d . fullFactor = [ ] ; d . modulus = c . modulus = new sjcl . bn ( Math . pow ( 2 , a ) ) ; d . fullMask = 0 | - Math . pow ( 2 , a % d . radix ) ; for ( e = 0 ; e < b . length ; e ++ ) { d . offset [ e ] = Math . floor ( b [ e ] [ 0 ] / d . radix - f ) ; d . fullOffset [ e ] = Math . ceil ( b [ e ] [ 0 ] / d . radix - f ) ; d . factor [ e ] = b [ e ] [ 1 ] * Math . pow ( 0.5 , a - b [ e ] [ 0 ] + d . offset [ e ] * d . radix ) ; d . fullFactor [ e ] =
b [ e ] [ 1 ] * Math . pow ( 0.5 , a - b [ e ] [ 0 ] + d . fullOffset [ e ] * d . radix ) ; d . modulus . addM ( new sjcl . bn ( Math . pow ( 2 , b [ e ] [ 0 ] ) * b [ e ] [ 1 ] ) ) ; d . minOffset = Math . min ( d . minOffset , - d . offset [ e ] ) } d . d = c ; d . modulus . cnormalize ( ) ; d . reduce = function ( ) { var g , h , j , n = this . modOffset , l = this . limbs , m = this . offset , o = this . offset . length , q = this . factor , r ; for ( g = this . minOffset ; l . length > n ; ) { j = l . pop ( ) ; r = l . length ; for ( h = 0 ; h < o ; h ++ ) l [ r + m [ h ] ] -= q [ h ] * j ; g -- ; if ( g == 0 ) { l . push ( 0 ) ; this . cnormalize ( ) ; g = this . minOffset } } this . cnormalize ( ) ; return this } ; d . aa = d . fullMask == - 1 ? d . reduce :
@ -64,6 +64,6 @@ sjcl.ecc.curves={c192:new sjcl.ecc.curve(sjcl.bn.prime.p192,"0x662107c8eb94364e4
c256 : new sjcl . ecc . curve ( sjcl . bn . prime . p256 , "0x4319055358e8617b0c46353d039cdaae" , - 3 , "0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b" , "0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296" , "0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5" ) , c384 : new sjcl . ecc . curve ( sjcl . bn . prime . p384 , "0x389cb27e0bc8d21fa7e5f24cb74f58851313e696333ad68c" , - 3 , "0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef" , "0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7" ,
"0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f" ) } ;
sjcl . ecc . Q = function ( a ) { sjcl . ecc [ a ] = { publicKey : function ( b , c ) { this . e = b ; this . Z = c instanceof Array ? b . fromBits ( c ) : c } , secretKey : function ( b , c ) { this . e = b ; this . S = c } , generateKeys : function ( b , c ) { if ( typeof b == "number" ) { b = sjcl . ecc . curves [ "c" + b ] ; if ( b === undefined ) throw new sjcl . exception . invalid ( "no such curve" ) ; } c = sjcl . bn . random ( b . r , c ) ; var d = b . G . mult ( c ) ; return { pub : new sjcl . ecc [ a ] . publicKey ( b , d ) , sec : new sjcl . ecc [ a ] . secretKey ( b , c ) } } } } ; sjcl . ecc . Q ( "elGamal" ) ;
sjcl . ecc . elGamal . publicKey . prototype = { kem : function ( a ) { a = sjcl . bn . random ( this . e . r , a ) ; var b = this . e . G . mult ( a ) . toBits ( ) ; return { key : sjcl . hash . sha256 . hash ( this . Z . mult ( a ) . toBits ( ) ) , tag : b } } } ; sjcl . ecc . elGamal . secretKey . prototype = { unkem : function ( a ) { return sjcl . hash . sha256 . hash ( this . e . fromBits ( a ) . mult ( this . S ) . toBits ( ) ) } } ; sjcl . ecc . Q ( " dsa") ;
sjcl . ecc . dsa. secretKey . prototype = { sign : function ( a , b ) { var c = this . e . r , d = c . bitLength ( ) ; b = this . e . G . mult ( kkkk = sjcl . bn . random ( c . sub ( 1 ) , b ) . add ( 1 ) ) . x . mod ( c ) ; a = sjcl . bn . fromBits ( a ) . add ( b . mul ( this . S ) ) . inverseMod ( c ) . mul ( kkkk ) . mod ( c ) ; return sjcl . bitArray . concat ( b . toBits ( d ) , a . toBits ( d ) ) } } ;
sjcl . ecc . dsa. publicKey . prototype = { verify : function ( a , b ) { var c = sjcl . bitArray , d = this . e . r , e = d . bitLength ( ) , f = sjcl . bn . fromBits ( c . bitSlice ( b , 0 , e ) ) ; b = sjcl . bn . fromBits ( c . bitSlice ( b , e , 2 * e ) ) ; a = sjcl . bn . fromBits ( a ) . mul ( b ) . mod ( d ) ; c = f . mul ( b ) . mod ( d ) ; a = this . e . G . mult2 ( a , c , this . Z ) . x ; c = sjcl . exception . corrupt ; if ( f . equals ( 0 ) || b . equals ( 0 ) || f . greaterEquals ( d ) || b . greaterEquals ( d ) || ! a . equals ( f ) ) throw new c ( "signature didn't check out" ) ; return true } } ;
sjcl . ecc . elGamal . publicKey . prototype = { kem : function ( a ) { a = sjcl . bn . random ( this . e . r , a ) ; var b = this . e . G . mult ( a ) . toBits ( ) ; return { key : sjcl . hash . sha256 . hash ( this . Z . mult ( a ) . toBits ( ) ) , tag : b } } } ; sjcl . ecc . elGamal . secretKey . prototype = { unkem : function ( a ) { return sjcl . hash . sha256 . hash ( this . e . fromBits ( a ) . mult ( this . S ) . toBits ( ) ) } } ; sjcl . ecc . Q ( " ec dsa") ;
sjcl . ecc . ec dsa. secretKey . prototype = { sign : function ( a , b ) { var c = this . e . r , d = c . bitLength ( ) ; b = this . e . G . mult ( kkkk = sjcl . bn . random ( c . sub ( 1 ) , b ) . add ( 1 ) ) . x . mod ( c ) ; a = sjcl . bn . fromBits ( a ) . add ( b . mul ( this . S ) ) . inverseMod ( c ) . mul ( kkkk ) . mod ( c ) ; return sjcl . bitArray . concat ( b . toBits ( d ) , a . toBits ( d ) ) } } ;
sjcl . ecc . ec dsa. publicKey . prototype = { verify : function ( a , b ) { var c = sjcl . bitArray , d = this . e . r , e = d . bitLength ( ) , f = sjcl . bn . fromBits ( c . bitSlice ( b , 0 , e ) ) ; b = sjcl . bn . fromBits ( c . bitSlice ( b , e , 2 * e ) ) ; a = sjcl . bn . fromBits ( a ) . mul ( b ) . mod ( d ) ; c = f . mul ( b ) . mod ( d ) ; a = this . e . G . mult2 ( a , c , this . Z ) . x ; c = sjcl . exception . corrupt ; if ( f . equals ( 0 ) || b . equals ( 0 ) || f . greaterEquals ( d ) || b . greaterEquals ( d ) || ! a . equals ( f ) ) throw new c ( "signature didn't check out" ) ; return true } } ;