Permalink
Browse files

resolve merge in sjcl.js

  • Loading branch information...
2 parents 824549c + c2608d5 commit 517013742c7ec75b2ac5d5ef43c00e359f42840c Mike Hamburg committed Apr 28, 2011
Showing with 1,083 additions and 1,082 deletions.
  1. +13 −5 Makefile
  2. +1 −1 config.mk
  3. +5 −4 configure
  4. +1 −1 core/bitArray.js
  5. +17 −0 core/bn.js
  6. +0 −115 core/cbc.js
  7. +7 −8 core/convenience.js
  8. +0 −380 core/ecc.js
  9. +2 −3 core/ocb2.js
  10. +165 −0 core/sha1.js
  11. +3 −0 core/sjcl.js
  12. +113 −0 core/srp.js
  13. +36 −68 sjcl.js
  14. +67 −0 test/bn_test.js
  15. +85 −0 test/bn_vectors.js
  16. +0 −33 test/cbc_test.js
  17. +0 −413 test/cbc_vectors.js
  18. +0 −18 test/ecdh_test.js
  19. +0 −29 test/ecdsa_test.js
  20. +6 −4 test/run_tests_browser.js
  21. +14 −0 test/sha1_test.js
  22. +516 −0 test/sha1_vectors.js
  23. +21 −0 test/srp_test.js
  24. +11 −0 test/srp_vectors.js
View
@@ -44,7 +44,7 @@ compression_stats: core.js core_closure.js core_yui.js
doc: $(SOURCES)
rm -fr $@
JSDOCDIR=$(JSDOCDIR) $(JSDOC) -t=$(JSTEMPLATEDIR) $(SOURCES) -d=$@
-
+
doc_private: $(SOURCES)
rm -fr $@
JSDOCDIR=$(JSDOCDIR) $(JSDOC) -t=$(JSTEMPLATEDIR) $(SOURCES) --private -d=$@
@@ -54,21 +54,29 @@ lint: core.js core/*.js test/*.js browserTest/*.js lint/coding_guidelines.pl
lint/coding_guidelines.pl core/*.js test/*.js browserTest/*.js
-TEST_SCRIPTS= browserTest/rhinoUtil.js \
- test/test.js \
+TEST_COMMON= browserTest/rhinoUtil.js test/test.js
+
+TEST_SCRIPTS= $(TEST_COMMON) \
test/aes_vectors.js test/aes_test.js \
test/ocb2_vectors.js test/ocb2_test.js \
test/ccm_vectors.js test/ccm_test.js \
test/sha256_vectors.js test/sha256_test.js \
test/sha256_test_brute_force.js \
+ test/sha1_vectors.js test/sha1_test.js \
test/hmac_vectors.js test/hmac_test.js \
- test/pbkdf2_test.js
+ test/pbkdf2_test.js \
+ test/bn_vectors.js test/bn_test.js
+
+TEST_SCRIPTS_OPT= $(TEST_COMMON) \
+ test/srp_vectors.js test/srp_test.js
# Rhino fails at -O 0. Probably because the big files full of test vectors blow the
-# bytecode limit.
+# bytecode limit. So, run most tests with -O -1. But modular exponentiation is
+# currently very slow (on Rhino), so run the SRP test with optimizations on.
test: sjcl.js $(TEST_SCRIPTS) test/run_tests_rhino.js
@rhino -O -1 -w test/run_tests_rhino.js $< $(TEST_SCRIPTS)
+ @rhino -O 9 -w test/run_tests_rhino.js $< $(TEST_SCRIPTS_OPT)
tidy:
find . -name '*~' -delete
View
@@ -1,2 +1,2 @@
-SOURCES= core/sjcl.js core/aes.js core/bitArray.js core/codecString.js core/codecHex.js core/codecBase64.js core/sha256.js core/ccm.js core/cbc.js core/ocb2.js core/hmac.js core/pbkdf2.js core/random.js core/convenience.js core/bn.js core/ecc.js
+SOURCES= core/sjcl.js core/aes.js core/bitArray.js core/codecString.js core/codecHex.js core/codecBase64.js core/sha256.js core/ccm.js core/ocb2.js core/hmac.js core/pbkdf2.js core/random.js core/convenience.js
COMPRESS= core_closure.js
View
@@ -4,20 +4,21 @@ use strict;
my ($arg, $i, $j, $targ);
-my @targets = qw/sjcl aes bitArray codecString codecHex codecBase64 codecBytes sha256 ccm cbc ocb2 hmac pbkdf2 random convenience bn ecc/;
+my @targets = qw/sjcl aes bitArray codecString codecHex codecBase64 codecBytes bn sha256 sha1 ccm ocb2 hmac pbkdf2 srp random convenience/;
my %deps = ('aes'=>'sjcl',
'bitArray'=>'sjcl',
'codecString'=>'bitArray',
'codecHex'=>'bitArray',
'codecBase64'=>'bitArray',
'codecBytes'=>'bitArray',
'sha256'=>'codecString',
- 'cbc'=>'bitArray,aes',
+ 'sha1'=>'codecString',
'ccm'=>'bitArray,aes',
'ocb2'=>'bitArray,aes',
'hmac'=>'sha256',
'pbkdf2'=>'hmac',
- 'ecc'=>'bn',
+ 'srp'=>'sha1,bn,bitArray',
+ 'bn'=>'bitArray,random',
'random'=>'sha256,aes',
'convenience'=>'ccm,pbkdf2,random');
@@ -26,7 +27,7 @@ my $compress = "closure";
my %enabled = ();
$enabled{$_} = 0 foreach (@targets);
-# by default, all but codecBytes, ecc, bn, cbc
+# by default, all but codecBytes, srp, bn
$enabled{$_} = 1 foreach (qw/aes bitArray codecString codecHex codecBase64 sha256 ccm ocb2 hmac pbkdf2 random convenience/);
# argument parsing
View
@@ -31,7 +31,7 @@
sjcl.bitArray = {
/**
* Array slices in units of bits.
- * @param {bitArray} a The array to slice.
+ * @param {bitArray a} The array to slice.
* @param {Number} bstart The offset to the start of the slice, in bits.
* @param {Number} bend The offset to the end of the slice, in bits. If this is undefined,
* slice until the end of the array.
View
@@ -275,6 +275,23 @@ sjcl.bn.prototype = {
return out;
},
+ /** this * that mod N */
+ mulmod: function(that, N) {
+ return this.mod(N).mul(that.mod(N)).mod(N);
+ },
+
+ /** this ^ x mod N */
+ powermod: function(x, N) {
+ var result = new sjcl.bn(1), a = new sjcl.bn(this), k = new sjcl.bn(x);
+ while (true) {
+ if (k.limbs[0] & 1) { result = result.mulmod(a, N); }
+ k.halveM();
+ if (k.equals(0)) { break; }
+ a = a.mulmod(a, N);
+ }
+ return result.normalize().reduce();
+ },
+
trim: function() {
var l = this.limbs, p;
do {
View
@@ -1,115 +0,0 @@
-/** @fileOverview CBC mode implementation
- *
- * @author Emily Stark
- * @author Mike Hamburg
- * @author Dan Boneh
- */
-
-/** @namespace
- * Dangerous: CBC mode with PKCS#5 padding.
- *
- * @author Emily Stark
- * @author Mike Hamburg
- * @author Dan Boneh
- */
-if (sjcl.beware === undefined) {
- sjcl.beware = {};
-}
-sjcl.beware["CBC mode is dangerous because it doesn't protect message integrity."
-] = function() {
- sjcl.mode.cbc = {
- /** The name of the mode.
- * @constant
- */
- name: "cbc",
-
- /** Encrypt in CBC mode with PKCS#5 padding.
- * @param {Object} prp The block cipher. It must have a block size of 16 bytes.
- * @param {bitArray} plaintext The plaintext data.
- * @param {bitArray} iv The initialization value.
- * @param {bitArray} [adata=[]] The authenticated data. Must be empty.
- * @return The encrypted data, an array of bytes.
- * @throws {sjcl.exception.invalid} if the IV isn't exactly 128 bits, or if any adata is specified.
- */
- encrypt: function(prp, plaintext, iv, adata) {
- if (adata && adata.length) {
- throw new sjcl.exception.invalid("cbc can't authenticate data");
- }
- if (sjcl.bitArray.bitLength(iv) !== 128) {
- throw new sjcl.exception.invalid("cbc iv must be 128 bits");
- }
- var i,
- w = sjcl.bitArray,
- xor = w._xor4,
- bl = w.bitLength(plaintext),
- bp = 0,
- output = [];
-
- if (bl&7) {
- throw new sjcl.exception.invalid("pkcs#5 padding only works for multiples of a byte");
- }
-
- for (i=0; bp+128 <= bl; i+=4, bp+=128) {
- /* Encrypt a non-final block */
- iv = prp.encrypt(xor(iv, plaintext.slice(i,i+4)));
- output.splice(i,0,iv[0],iv[1],iv[2],iv[3]);
- }
-
- /* Construct the pad. */
- bl = (16 - ((bl >> 3) & 15)) * 0x1010101;
-
- /* Pad and encrypt. */
- iv = prp.encrypt(xor(iv,w.concat(plaintext,[bl,bl,bl,bl]).slice(i,i+4)));
- output.splice(i,0,iv[0],iv[1],iv[2],iv[3]);
- return output;
- },
-
- /** Decrypt in CBC mode.
- * @param {Object} prp The block cipher. It must have a block size of 16 bytes.
- * @param {bitArray} ciphertext The ciphertext data.
- * @param {bitArray} iv The initialization value.
- * @param {bitArray} [adata=[]] The authenticated data. It must be empty.
- * @return The decrypted data, an array of bytes.
- * @throws {sjcl.exception.invalid} if the IV isn't exactly 128 bits, or if any adata is specified.
- * @throws {sjcl.exception.corrupt} if if the message is corrupt.
- */
- decrypt: function(prp, ciphertext, iv, adata) {
- if (adata && adata.length) {
- throw new sjcl.exception.invalid("cbc can't authenticate data");
- }
- if (sjcl.bitArray.bitLength(iv) !== 128) {
- throw new sjcl.exception.invalid("cbc iv must be 128 bits");
- }
- if ((sjcl.bitArray.bitLength(ciphertext) & 127) || !ciphertext.length) {
- throw new sjcl.exception.corrupt("cbc ciphertext must be a positive multiple of the block size");
- }
- var i,
- w = sjcl.bitArray,
- xor = w._xor4,
- bi, bo,
- output = [];
-
- adata = adata || [];
-
- for (i=0; i<ciphertext.length; i+=4) {
- bi = ciphertext.slice(i,i+4);
- bo = xor(iv,prp.decrypt(bi));
- output.splice(i,0,bo[0],bo[1],bo[2],bo[3]);
- iv = bi;
- }
-
- /* check and remove the pad */
- bi = output[i-1] & 255;
- if (bi == 0 || bi > 16) {
- throw new sjcl.exception.corrupt("pkcs#5 padding corrupt");
- }
- bo = bi * 0x1010101;
- if (!w.equal(w.bitSlice([bo,bo,bo,bo], 0, bi*8),
- w.bitSlice(output, output.length*32 - bi*8, output.length*32))) {
- throw new sjcl.exception.corrupt("pkcs#5 padding corrupt");
- }
-
- return w.bitSlice(output, 0, output.length*32 - bi*8);
- }
- };
-};
View
@@ -58,8 +58,7 @@
/* do the encryption */
p.ct = sjcl.mode[p.mode].encrypt(prp, plaintext, p.iv, p.adata, p.tag);
- //return j.encode(j._subtract(p, j.defaults));
- return j.encode(p);
+ return j.encode(j._subtract(p, j.defaults));
},
/** Simple decryption function.
@@ -123,7 +122,7 @@
if (!i.match(/^[a-z0-9]+$/i)) {
throw new sjcl.exception.invalid("json encode: invalid property name");
}
- out += comma + '"' + i + '":';
+ out += comma + i + ':';
comma = ',';
switch (typeof obj[i]) {
@@ -161,13 +160,13 @@
}
var a = str.replace(/^\{|\}$/g, '').split(/,/), out={}, i, m;
for (i=0; i<a.length; i++) {
- if (!(m=a[i].match(/^(?:(["']?)([a-z][a-z0-9]*)\1):(?:(\d+)|"([a-z0-9+\/%*_.@=\-]*)")$/i))) {
+ if (!(m=a[i].match(/^([a-z][a-z0-9]*):(?:(\d+)|"([a-z0-9+\/%*_.@=\-]*)")$/i))) {
throw new sjcl.exception.invalid("json decode: this isn't json!");
}
- if (m[3]) {
- out[m[2]] = parseInt(m[3],10);
+ if (m[2]) {
+ out[m[1]] = parseInt(m[2],10);
} else {
- out[m[2]] = m[2].match(/^(ct|salt|iv)$/) ? sjcl.codec.base64.toBits(m[4]) : unescape(m[4]);
+ out[m[1]] = m[1].match(/^(ct|salt|iv)$/) ? sjcl.codec.base64.toBits(m[3]) : unescape(m[3]);
}
}
return out;
@@ -197,6 +196,7 @@
/** Remove all elements of minus from plus. Does not modify plus.
* @private
+ */
_subtract: function (plus, minus) {
var out = {}, i;
@@ -208,7 +208,6 @@
return out;
},
- */
/** Return only the specified elements of src.
* @private
Oops, something went wrong.

0 comments on commit 5170137

Please sign in to comment.