includes/clientside/static/crypto.js
author Dan
Thu, 17 Dec 2009 04:27:50 -0500
changeset 1168 277a9cdead3e
parent 843 4415e50e4e84
child 1227 bdac73ed481e
permissions -rw-r--r--
Namespace_Default: added a workaround for an inconsistency in SQL. Basically, if you join the same table multiple times under multiple aliases, COUNT() always uses the first instance. Was affecting the comment counter in the "discussion" button.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
582
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
     1
////////////////////////////////////////////////////////////////////////////////////////
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
     2
// Big Integer Library v. 5.1
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
     3
// Created 2000, last modified 2007
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
     4
// Leemon Baird
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
     5
// www.leemon.com
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
     6
//
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
     7
// Version history:
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
     8
//
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
     9
// v 5.1  8 Oct 2007 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    10
//   - renamed inverseModInt_ to inverseModInt since it doesn't change its parameters
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    11
//   - added functions GCD and randBigInt, which call GCD_ and randBigInt_
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    12
//   - fixed a bug found by Rob Visser (see comment with his name below)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    13
//   - improved comments
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    14
//
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    15
// This file is public domain.   You can use it for any purpose without restriction.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    16
// I do not guarantee that it is correct, so use it at your own risk.  If you use 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    17
// it for something interesting, I'd appreciate hearing about it.  If you find 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    18
// any bugs or make any improvements, I'd appreciate hearing about those too.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    19
// It would also be nice if my name and address were left in the comments.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    20
// But none of that is required.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    21
//
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    22
// This code defines a bigInt library for arbitrary-precision integers.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    23
// A bigInt is an array of integers storing the value in chunks of bpe bits, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    24
// little endian (buff[0] is the least significant word).
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    25
// Negative bigInts are stored two's complement.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    26
// Some functions assume their parameters have at least one leading zero element.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    27
// Functions with an underscore at the end of the name have unpredictable behavior in case of overflow, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    28
// so the caller must make sure the arrays must be big enough to hold the answer.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    29
// For each function where a parameter is modified, that same 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    30
// variable must not be used as another argument too.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    31
// So, you cannot square x by doing multMod_(x,x,n).  
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    32
// You must use squareMod_(x,n) instead, or do y=dup(x); multMod_(x,y,n).
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    33
//
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    34
// These functions are designed to avoid frequent dynamic memory allocation in the inner loop.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    35
// For most functions, if it needs a BigInt as a local variable it will actually use
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    36
// a global, and will only allocate to it only when it's not the right size.  This ensures
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    37
// that when a function is called repeatedly with same-sized parameters, it only allocates
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    38
// memory on the first call.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    39
//
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    40
// Note that for cryptographic purposes, the calls to Math.random() must 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    41
// be replaced with calls to a better pseudorandom number generator.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    42
//
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    43
// In the following, "bigInt" means a bigInt with at least one leading zero element,
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    44
// and "integer" means a nonnegative integer less than radix.  In some cases, integer 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    45
// can be negative.  Negative bigInts are 2s complement.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    46
// 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    47
// The following functions do not modify their inputs.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    48
// Those returning a bigInt, string, or Array will dynamically allocate memory for that value.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    49
// Those returning a boolean will return the integer 0 (false) or 1 (true).
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    50
// Those returning boolean or int will not allocate memory except possibly on the first time they're called with a given parameter size.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    51
// 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    52
// bigInt  add(x,y)               //return (x+y) for bigInts x and y.  
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    53
// bigInt  addInt(x,n)            //return (x+n) where x is a bigInt and n is an integer.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    54
// string  bigInt2str(x,base)     //return a string form of bigInt x in a given base, with 2 <= base <= 95
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    55
// int     bitSize(x)             //return how many bits long the bigInt x is, not counting leading zeros
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    56
// bigInt  dup(x)                 //return a copy of bigInt x
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    57
// boolean equals(x,y)            //is the bigInt x equal to the bigint y?
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    58
// boolean equalsInt(x,y)         //is bigint x equal to integer y?
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    59
// bigInt  expand(x,n)            //return a copy of x with at least n elements, adding leading zeros if needed
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    60
// Array   findPrimes(n)          //return array of all primes less than integer n
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    61
// bigInt  GCD(x,y)               //return greatest common divisor of bigInts x and y (each with same number of elements).
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    62
// boolean greater(x,y)           //is x>y?  (x and y are nonnegative bigInts)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    63
// boolean greaterShift(x,y,shift)//is (x <<(shift*bpe)) > y?
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    64
// bigInt  int2bigInt(t,n,m)      //return a bigInt equal to integer t, with at least n bits and m array elements
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    65
// bigInt  inverseMod(x,n)        //return (x**(-1) mod n) for bigInts x and n.  If no inverse exists, it returns null
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    66
// int     inverseModInt(x,n)     //return x**(-1) mod n, for integers x and n.  Return 0 if there is no inverse
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    67
// boolean isZero(x)              //is the bigInt x equal to zero?
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    68
// boolean millerRabin(x,b)       //does one round of Miller-Rabin base integer b say that bigInt x is possibly prime (as opposed to definitely composite)?
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    69
// bigInt  mod(x,n)               //return a new bigInt equal to (x mod n) for bigInts x and n.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    70
// int     modInt(x,n)            //return x mod n for bigInt x and integer n.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    71
// bigInt  mult(x,y)              //return x*y for bigInts x and y. This is faster when y<x.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    72
// bigInt  multMod(x,y,n)         //return (x*y mod n) for bigInts x,y,n.  For greater speed, let y<x.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    73
// boolean negative(x)            //is bigInt x negative?
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    74
// bigInt  powMod(x,y,n)          //return (x**y mod n) where x,y,n are bigInts and ** is exponentiation.  0**0=1. Faster for odd n.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    75
// bigInt  randBigInt(n,s)        //return an n-bit random BigInt (n>=1).  If s=1, then the most significant of those n bits is set to 1.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    76
// bigInt  randTruePrime(k)       //return a new, random, k-bit, true prime bigInt using Maurer's algorithm.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    77
// bigInt  str2bigInt(s,b,n,m)    //return a bigInt for number represented in string s in base b with at least n bits and m array elements
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    78
// bigInt  sub(x,y)               //return (x-y) for bigInts x and y.  Negative answers will be 2s complement
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    79
// bigInt  bigint_trim(x,k)              //return a copy of x with exactly k leading zero elements
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    80
//
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    81
//
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    82
// The following functions each have a non-underscored version, which most users should call instead.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    83
// These functions each write to a single parameter, and the caller is responsible for ensuring the array 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    84
// passed in is large enough to hold the result. 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    85
//
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    86
// void    addInt_(x,n)          //do x=x+n where x is a bigInt and n is an integer
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    87
// void    add_(x,y)             //do x=x+y for bigInts x and y
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    88
// void    copy_(x,y)            //do x=y on bigInts x and y
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    89
// void    copyInt_(x,n)         //do x=n on bigInt x and integer n
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    90
// void    GCD_(x,y)             //set x to the greatest common divisor of bigInts x and y, (y is destroyed).  (This never overflows its array).
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    91
// boolean inverseMod_(x,n)      //do x=x**(-1) mod n, for bigInts x and n. Returns 1 (0) if inverse does (doesn't) exist
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    92
// void    mod_(x,n)             //do x=x mod n for bigInts x and n. (This never overflows its array).
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    93
// void    mult_(x,y)            //do x=x*y for bigInts x and y.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    94
// void    multMod_(x,y,n)       //do x=x*y  mod n for bigInts x,y,n.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    95
// void    powMod_(x,y,n)        //do x=x**y mod n, where x,y,n are bigInts (n is odd) and ** is exponentiation.  0**0=1.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    96
// void    randBigInt_(b,n,s)    //do b = an n-bit random BigInt. if s=1, then nth bit (most significant bit) is set to 1. n>=1.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    97
// void    randTruePrime_(ans,k) //do ans = a random k-bit true random prime (not just probable prime) with 1 in the msb.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    98
// void    sub_(x,y)             //do x=x-y for bigInts x and y. Negative answers will be 2s complement.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
    99
//
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   100
// The following functions do NOT have a non-underscored version. 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   101
// They each write a bigInt result to one or more parameters.  The caller is responsible for
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   102
// ensuring the arrays passed in are large enough to hold the results. 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   103
//
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   104
// void addShift_(x,y,ys)       //do x=x+(y<<(ys*bpe))
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   105
// void carry_(x)               //do carries and borrows so each element of the bigInt x fits in bpe bits.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   106
// void divide_(x,y,q,r)        //divide x by y giving quotient q and remainder r
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   107
// int  divInt_(x,n)            //do x=floor(x/n) for bigInt x and integer n, and return the remainder. (This never overflows its array).
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   108
// int  eGCD_(x,y,d,a,b)        //sets a,b,d to positive bigInts such that d = GCD_(x,y) = a*x-b*y
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   109
// void halve_(x)               //do x=floor(|x|/2)*sgn(x) for bigInt x in 2's complement.  (This never overflows its array).
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   110
// void leftShift_(x,n)         //left shift bigInt x by n bits.  n<bpe.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   111
// void linComb_(x,y,a,b)       //do x=a*x+b*y for bigInts x and y and integers a and b
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   112
// void linCombShift_(x,y,b,ys) //do x=x+b*(y<<(ys*bpe)) for bigInts x and y, and integers b and ys
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   113
// void mont_(x,y,n,np)         //Montgomery multiplication (see comments where the function is defined)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   114
// void multInt_(x,n)           //do x=x*n where x is a bigInt and n is an integer.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   115
// void rightShift_(x,n)        //right shift bigInt x by n bits.  0 <= n < bpe. (This never overflows its array).
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   116
// void squareMod_(x,n)         //do x=x*x  mod n for bigInts x,n
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   117
// void subShift_(x,y,ys)       //do x=x-(y<<(ys*bpe)). Negative answers will be 2s complement.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   118
//
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   119
// The following functions are based on algorithms from the _Handbook of Applied Cryptography_
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   120
//    powMod_()           = algorithm 14.94, Montgomery exponentiation
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   121
//    eGCD_,inverseMod_() = algorithm 14.61, Binary extended GCD_
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   122
//    GCD_()              = algorothm 14.57, Lehmer's algorithm
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   123
//    mont_()             = algorithm 14.36, Montgomery multiplication
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   124
//    divide_()           = algorithm 14.20  Multiple-precision division
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   125
//    squareMod_()        = algorithm 14.16  Multiple-precision squaring
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   126
//    randTruePrime_()    = algorithm  4.62, Maurer's algorithm
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   127
//    millerRabin()       = algorithm  4.24, Miller-Rabin algorithm
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   128
//
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   129
// Profiling shows:
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   130
//     randTruePrime_() spends:
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   131
//         10% of its time in calls to powMod_()
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   132
//         85% of its time in calls to millerRabin()
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   133
//     millerRabin() spends:
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   134
//         99% of its time in calls to powMod_()   (always with a base of 2)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   135
//     powMod_() spends:
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   136
//         94% of its time in calls to mont_()  (almost always with x==y)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   137
//
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   138
// This suggests there are several ways to speed up this library slightly:
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   139
//     - convert powMod_ to use a Montgomery form of k-ary window (or maybe a Montgomery form of sliding window)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   140
//         -- this should especially focus on being fast when raising 2 to a power mod n
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   141
//     - convert randTruePrime_() to use a minimum r of 1/3 instead of 1/2 with the appropriate change to the test
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   142
//     - tune the parameters in randTruePrime_(), including c, m, and recLimit
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   143
//     - speed up the single loop in mont_() that takes 95% of the runtime, perhaps by reducing checking
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   144
//       within the loop when all the parameters are the same length.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   145
//
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   146
// There are several ideas that look like they wouldn't help much at all:
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   147
//     - replacing trial division in randTruePrime_() with a sieve (that speeds up something taking almost no time anyway)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   148
//     - increase bpe from 15 to 30 (that would help if we had a 32*32->64 multiplier, but not with JavaScript's 32*32->32)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   149
//     - speeding up mont_(x,y,n,np) when x==y by doing a non-modular, non-Montgomery square
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   150
//       followed by a Montgomery reduction.  The intermediate answer will be twice as long as x, so that
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   151
//       method would be slower.  This is unfortunate because the code currently spends almost all of its time
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   152
//       doing mont_(x,x,...), both for randTruePrime_() and powMod_().  A faster method for Montgomery squaring
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   153
//       would have a large impact on the speed of randTruePrime_() and powMod_().  HAC has a couple of poorly-worded
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   154
//       sentences that seem to imply it's faster to do a non-modular square followed by a single
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   155
//       Montgomery reduction, but that's obviously wrong.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   156
////////////////////////////////////////////////////////////////////////////////////////
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   157
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   158
//globals
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   159
bpe=0;         //bits stored per array element
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   160
mask=0;        //AND this with an array element to chop it down to bpe bits
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   161
radix=mask+1;  //equals 2^bpe.  A single 1 bit to the left of the last bit of mask.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   162
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   163
//the digits for converting to different bases
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   164
digitsStr='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_=!@#$%^&*()[]{}|;:,.<>/?`~ \\\'\"+-';
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   165
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   166
//initialize the global variables
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   167
for (bpe=0; (1<<(bpe+1)) > (1<<bpe); bpe++);  //bpe=number of bits in the mantissa on this platform
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   168
bpe>>=1;                   //bpe=number of bits in one element of the array representing the bigInt
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   169
mask=(1<<bpe)-1;           //AND the mask with an integer to get its bpe least significant bits
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   170
radix=mask+1;              //2^bpe.  a single 1 bit to the left of the first bit of mask
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   171
one=int2bigInt(1,1,1);     //constant used in powMod_()
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   172
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   173
//the following global variables are scratchpad memory to 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   174
//reduce dynamic memory allocation in the inner loop
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   175
t=new Array(0);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   176
ss=t;       //used in mult_()
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   177
s0=t;       //used in multMod_(), squareMod_() 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   178
s1=t;       //used in powMod_(), multMod_(), squareMod_() 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   179
s2=t;       //used in powMod_(), multMod_()
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   180
s3=t;       //used in powMod_()
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   181
s4=t; s5=t; //used in mod_()
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   182
s6=t;       //used in bigInt2str()
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   183
s7=t;       //used in powMod_()
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   184
T=t;        //used in GCD_()
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   185
sa=t;       //used in mont_()
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   186
mr_x1=t; mr_r=t; mr_a=t;                                      //used in millerRabin()
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   187
eg_v=t; eg_u=t; eg_A=t; eg_B=t; eg_C=t; eg_D=t;               //used in eGCD_(), inverseMod_()
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   188
md_q1=t; md_q2=t; md_q3=t; md_r=t; md_r1=t; md_r2=t; md_tt=t; //used in mod_()
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   189
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   190
primes=t; pows=t; s_i=t; s_i2=t; s_R=t; s_rm=t; s_q=t; s_n1=t; 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   191
  s_a=t; s_r2=t; s_n=t; s_b=t; s_d=t; s_x1=t; s_x2=t, s_aa=t; //used in randTruePrime_()
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   192
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   193
////////////////////////////////////////////////////////////////////////////////////////
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   194
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   195
//return array of all primes less than integer n
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   196
function findPrimes(n) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   197
  var i,s,p,ans;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   198
  s=new Array(n);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   199
  for (i=0;i<n;i++)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   200
    s[i]=0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   201
  s[0]=2;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   202
  p=0;    //first p elements of s are primes, the rest are a sieve
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   203
  for(;s[p]<n;) {                  //s[p] is the pth prime
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   204
    for(i=s[p]*s[p]; i<n; i+=s[p]) //mark multiples of s[p]
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   205
      s[i]=1;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   206
    p++;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   207
    s[p]=s[p-1]+1;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   208
    for(; s[p]<n && s[s[p]]; s[p]++); //find next prime (where s[p]==0)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   209
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   210
  ans=new Array(p);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   211
  for(i=0;i<p;i++)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   212
    ans[i]=s[i];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   213
  return ans;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   214
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   215
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   216
//does a single round of Miller-Rabin base b consider x to be a possible prime?
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   217
//x is a bigInt, and b is an integer
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   218
function millerRabin(x,b) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   219
  var i,j,k,s;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   220
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   221
  if (mr_x1.length!=x.length) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   222
    mr_x1=dup(x);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   223
    mr_r=dup(x);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   224
    mr_a=dup(x);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   225
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   226
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   227
  copyInt_(mr_a,b);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   228
  copy_(mr_r,x);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   229
  copy_(mr_x1,x);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   230
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   231
  addInt_(mr_r,-1);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   232
  addInt_(mr_x1,-1);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   233
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   234
  //s=the highest power of two that divides mr_r
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   235
  k=0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   236
  for (i=0;i<mr_r.length;i++)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   237
    for (j=1;j<mask;j<<=1)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   238
      if (x[i] & j) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   239
        s=(k<mr_r.length+bpe ? k : 0); 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   240
         i=mr_r.length;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   241
         j=mask;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   242
      } else
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   243
        k++;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   244
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   245
  if (s)                
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   246
    rightShift_(mr_r,s);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   247
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   248
  powMod_(mr_a,mr_r,x);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   249
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   250
  if (!equalsInt(mr_a,1) && !equals(mr_a,mr_x1)) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   251
    j=1;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   252
    while (j<=s-1 && !equals(mr_a,mr_x1)) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   253
      squareMod_(mr_a,x);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   254
      if (equalsInt(mr_a,1)) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   255
        return 0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   256
      }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   257
      j++;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   258
    }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   259
    if (!equals(mr_a,mr_x1)) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   260
      return 0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   261
    }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   262
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   263
  return 1;  
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   264
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   265
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   266
//returns how many bits long the bigInt is, not counting leading zeros.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   267
function bitSize(x) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   268
  var j,z,w;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   269
  for (j=x.length-1; (x[j]==0) && (j>0); j--);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   270
  for (z=0,w=x[j]; w; (w>>=1),z++);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   271
  z+=bpe*j;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   272
  return z;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   273
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   274
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   275
//return a copy of x with at least n elements, adding leading zeros if needed
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   276
function expand(x,n) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   277
  var ans=int2bigInt(0,(x.length>n ? x.length : n)*bpe,0);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   278
  copy_(ans,x);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   279
  return ans;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   280
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   281
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   282
//return a k-bit true random prime using Maurer's algorithm.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   283
function randTruePrime(k) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   284
  var ans=int2bigInt(0,k,0);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   285
  randTruePrime_(ans,k);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   286
  return bigint_trim(ans,1);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   287
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   288
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   289
//return a new bigInt equal to (x mod n) for bigInts x and n.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   290
function mod(x,n) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   291
  var ans=dup(x);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   292
  mod_(ans,n);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   293
  return bigint_trim(ans,1);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   294
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   295
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   296
//return (x+n) where x is a bigInt and n is an integer.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   297
function addInt(x,n) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   298
  var ans=expand(x,x.length+1);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   299
  addInt_(ans,n);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   300
  return bigint_trim(ans,1);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   301
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   302
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   303
//return x*y for bigInts x and y. This is faster when y<x.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   304
function mult(x,y) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   305
  var ans=expand(x,x.length+y.length);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   306
  mult_(ans,y);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   307
  return bigint_trim(ans,1);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   308
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   309
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   310
//return (x**y mod n) where x,y,n are bigInts and ** is exponentiation.  0**0=1. Faster for odd n.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   311
function powMod(x,y,n) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   312
  var ans=expand(x,n.length);  
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   313
  powMod_(ans,bigint_trim(y,2),bigint_trim(n,2),0);  //this should work without the trim, but doesn't
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   314
  return bigint_trim(ans,1);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   315
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   316
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   317
//return (x-y) for bigInts x and y.  Negative answers will be 2s complement
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   318
function sub(x,y) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   319
  var ans=expand(x,(x.length>y.length ? x.length+1 : y.length+1)); 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   320
  sub_(ans,y);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   321
  return bigint_trim(ans,1);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   322
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   323
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   324
//return (x+y) for bigInts x and y.  
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   325
function add(x,y) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   326
  var ans=expand(x,(x.length>y.length ? x.length+1 : y.length+1)); 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   327
  add_(ans,y);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   328
  return bigint_trim(ans,1);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   329
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   330
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   331
//return (x**(-1) mod n) for bigInts x and n.  If no inverse exists, it returns null
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   332
function inverseMod(x,n) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   333
  var ans=expand(x,n.length); 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   334
  var s;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   335
  s=inverseMod_(ans,n);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   336
  return s ? bigint_trim(ans,1) : null;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   337
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   338
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   339
//return (x*y mod n) for bigInts x,y,n.  For greater speed, let y<x.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   340
function multMod(x,y,n) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   341
  var ans=expand(x,n.length);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   342
  multMod_(ans,y,n);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   343
  return bigint_trim(ans,1);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   344
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   345
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   346
//generate a k-bit true random prime using Maurer's algorithm,
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   347
//and put it into ans.  The bigInt ans must be large enough to hold it.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   348
function randTruePrime_(ans,k) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   349
  var c,m,pm,dd,j,r,B,divisible,z,zz,recSize;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   350
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   351
  if (primes.length==0)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   352
    primes=findPrimes(30000);  //check for divisibility by primes <=30000
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   353
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   354
  if (pows.length==0) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   355
    pows=new Array(512);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   356
    for (j=0;j<512;j++) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   357
      pows[j]=Math.pow(2,j/511.-1.);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   358
    }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   359
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   360
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   361
  //c and m should be tuned for a particular machine and value of k, to maximize speed
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   362
  c=0.1;  //c=0.1 in HAC
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   363
  m=20;   //generate this k-bit number by first recursively generating a number that has between k/2 and k-m bits
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   364
  recLimit=20; //stop recursion when k <=recLimit.  Must have recLimit >= 2
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   365
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   366
  if (s_i2.length!=ans.length) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   367
    s_i2=dup(ans);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   368
    s_R =dup(ans);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   369
    s_n1=dup(ans);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   370
    s_r2=dup(ans);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   371
    s_d =dup(ans);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   372
    s_x1=dup(ans);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   373
    s_x2=dup(ans);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   374
    s_b =dup(ans);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   375
    s_n =dup(ans);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   376
    s_i =dup(ans);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   377
    s_rm=dup(ans);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   378
    s_q =dup(ans);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   379
    s_a =dup(ans);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   380
    s_aa=dup(ans);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   381
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   382
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   383
  if (k <= recLimit) {  //generate small random primes by trial division up to its square root
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   384
    pm=(1<<((k+2)>>1))-1; //pm is binary number with all ones, just over sqrt(2^k)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   385
    copyInt_(ans,0);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   386
    for (dd=1;dd;) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   387
      dd=0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   388
      ans[0]= 1 | (1<<(k-1)) | Math.floor(Math.random()*(1<<k));  //random, k-bit, odd integer, with msb 1
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   389
      for (j=1;(j<primes.length) && ((primes[j]&pm)==primes[j]);j++) { //trial division by all primes 3...sqrt(2^k)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   390
        if (0==(ans[0]%primes[j])) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   391
          dd=1;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   392
          break;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   393
        }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   394
      }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   395
    }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   396
    carry_(ans);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   397
    return;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   398
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   399
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   400
  B=c*k*k;    //try small primes up to B (or all the primes[] array if the largest is less than B).
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   401
  if (k>2*m)  //generate this k-bit number by first recursively generating a number that has between k/2 and k-m bits
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   402
    for (r=1; k-k*r<=m; )
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   403
      r=pows[Math.floor(Math.random()*512)];   //r=Math.pow(2,Math.random()-1);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   404
  else
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   405
    r=.5;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   406
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   407
  //simulation suggests the more complex algorithm using r=.333 is only slightly faster.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   408
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   409
  recSize=Math.floor(r*k)+1;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   410
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   411
  randTruePrime_(s_q,recSize);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   412
  copyInt_(s_i2,0);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   413
  s_i2[Math.floor((k-2)/bpe)] |= (1<<((k-2)%bpe));   //s_i2=2^(k-2)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   414
  divide_(s_i2,s_q,s_i,s_rm);                        //s_i=floor((2^(k-1))/(2q))
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   415
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   416
  z=bitSize(s_i);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   417
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   418
  for (;;) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   419
    for (;;) {  //generate z-bit numbers until one falls in the range [0,s_i-1]
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   420
      randBigInt_(s_R,z,0);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   421
      if (greater(s_i,s_R))
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   422
        break;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   423
    }                //now s_R is in the range [0,s_i-1]
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   424
    addInt_(s_R,1);  //now s_R is in the range [1,s_i]
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   425
    add_(s_R,s_i);   //now s_R is in the range [s_i+1,2*s_i]
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   426
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   427
    copy_(s_n,s_q);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   428
    mult_(s_n,s_R); 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   429
    multInt_(s_n,2);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   430
    addInt_(s_n,1);    //s_n=2*s_R*s_q+1
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   431
    
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   432
    copy_(s_r2,s_R);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   433
    multInt_(s_r2,2);  //s_r2=2*s_R
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   434
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   435
    //check s_n for divisibility by small primes up to B
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   436
    for (divisible=0,j=0; (j<primes.length) && (primes[j]<B); j++)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   437
      if (modInt(s_n,primes[j])==0) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   438
        divisible=1;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   439
        break;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   440
      }      
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   441
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   442
    if (!divisible)    //if it passes small primes check, then try a single Miller-Rabin base 2
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   443
      if (!millerRabin(s_n,2)) //this line represents 75% of the total runtime for randTruePrime_ 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   444
        divisible=1;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   445
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   446
    if (!divisible) {  //if it passes that test, continue checking s_n
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   447
      addInt_(s_n,-3);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   448
      for (j=s_n.length-1;(s_n[j]==0) && (j>0); j--);  //strip leading zeros
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   449
      for (zz=0,w=s_n[j]; w; (w>>=1),zz++);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   450
      zz+=bpe*j;                             //zz=number of bits in s_n, ignoring leading zeros
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   451
      for (;;) {  //generate z-bit numbers until one falls in the range [0,s_n-1]
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   452
        randBigInt_(s_a,zz,0);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   453
        if (greater(s_n,s_a))
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   454
          break;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   455
      }                //now s_a is in the range [0,s_n-1]
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   456
      addInt_(s_n,3);  //now s_a is in the range [0,s_n-4]
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   457
      addInt_(s_a,2);  //now s_a is in the range [2,s_n-2]
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   458
      copy_(s_b,s_a);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   459
      copy_(s_n1,s_n);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   460
      addInt_(s_n1,-1);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   461
      powMod_(s_b,s_n1,s_n);   //s_b=s_a^(s_n-1) modulo s_n
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   462
      addInt_(s_b,-1);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   463
      if (isZero(s_b)) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   464
        copy_(s_b,s_a);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   465
        powMod_(s_b,s_r2,s_n);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   466
        addInt_(s_b,-1);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   467
        copy_(s_aa,s_n);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   468
        copy_(s_d,s_b);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   469
        GCD_(s_d,s_n);  //if s_b and s_n are relatively prime, then s_n is a prime
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   470
        if (equalsInt(s_d,1)) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   471
          copy_(ans,s_aa);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   472
          return;     //if we've made it this far, then s_n is absolutely guaranteed to be prime
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   473
        }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   474
      }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   475
    }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   476
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   477
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   478
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   479
//Return an n-bit random BigInt (n>=1).  If s=1, then the most significant of those n bits is set to 1.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   480
function randBigInt(n,s) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   481
  var a,b;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   482
  a=Math.floor((n-1)/bpe)+2; //# array elements to hold the BigInt with a leading 0 element
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   483
  b=int2bigInt(0,0,a);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   484
  randBigInt_(b,n,s);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   485
  return b;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   486
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   487
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   488
//Set b to an n-bit random BigInt.  If s=1, then the most significant of those n bits is set to 1.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   489
//Array b must be big enough to hold the result. Must have n>=1
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   490
function randBigInt_(b,n,s) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   491
  var i,a;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   492
  for (i=0;i<b.length;i++)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   493
    b[i]=0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   494
  a=Math.floor((n-1)/bpe)+1; //# array elements to hold the BigInt
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   495
  for (i=0;i<a;i++) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   496
    b[i]=Math.floor(Math.random()*(1<<(bpe-1)));
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   497
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   498
  b[a-1] &= (2<<((n-1)%bpe))-1;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   499
  if (s==1)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   500
    b[a-1] |= (1<<((n-1)%bpe));
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   501
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   502
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   503
//Return the greatest common divisor of bigInts x and y (each with same number of elements).
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   504
function GCD(x,y) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   505
  var xc,yc;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   506
  xc=dup(x);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   507
  yc=dup(y);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   508
  GCD_(xc,yc);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   509
  return xc;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   510
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   511
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   512
//set x to the greatest common divisor of bigInts x and y (each with same number of elements).
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   513
//y is destroyed.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   514
function GCD_(x,y) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   515
  var i,xp,yp,A,B,C,D,q,sing;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   516
  if (T.length!=x.length)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   517
    T=dup(x);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   518
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   519
  sing=1;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   520
  while (sing) { //while y has nonzero elements other than y[0]
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   521
    sing=0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   522
    for (i=1;i<y.length;i++) //check if y has nonzero elements other than 0
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   523
      if (y[i]) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   524
        sing=1;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   525
        break;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   526
      }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   527
    if (!sing) break; //quit when y all zero elements except possibly y[0]
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   528
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   529
    for (i=x.length;!x[i] && i>=0;i--);  //find most significant element of x
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   530
    xp=x[i];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   531
    yp=y[i];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   532
    A=1; B=0; C=0; D=1;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   533
    while ((yp+C) && (yp+D)) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   534
      q =Math.floor((xp+A)/(yp+C));
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   535
      qp=Math.floor((xp+B)/(yp+D));
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   536
      if (q!=qp)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   537
        break;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   538
      t= A-q*C;   A=C;   C=t;    //  do (A,B,xp, C,D,yp) = (C,D,yp, A,B,xp) - q*(0,0,0, C,D,yp)      
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   539
      t= B-q*D;   B=D;   D=t;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   540
      t=xp-q*yp; xp=yp; yp=t;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   541
    }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   542
    if (B) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   543
      copy_(T,x);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   544
      linComb_(x,y,A,B); //x=A*x+B*y
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   545
      linComb_(y,T,D,C); //y=D*y+C*T
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   546
    } else {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   547
      mod_(x,y);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   548
      copy_(T,x);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   549
      copy_(x,y);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   550
      copy_(y,T);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   551
    } 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   552
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   553
  if (y[0]==0)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   554
    return;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   555
  t=modInt(x,y[0]);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   556
  copyInt_(x,y[0]);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   557
  y[0]=t;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   558
  while (y[0]) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   559
    x[0]%=y[0];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   560
    t=x[0]; x[0]=y[0]; y[0]=t;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   561
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   562
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   563
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   564
//do x=x**(-1) mod n, for bigInts x and n.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   565
//If no inverse exists, it sets x to zero and returns 0, else it returns 1.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   566
//The x array must be at least as large as the n array.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   567
function inverseMod_(x,n) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   568
  var k=1+2*Math.max(x.length,n.length);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   569
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   570
  if(!(x[0]&1)  && !(n[0]&1)) {  //if both inputs are even, then inverse doesn't exist
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   571
    copyInt_(x,0);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   572
    return 0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   573
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   574
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   575
  if (eg_u.length!=k) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   576
    eg_u=new Array(k);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   577
    eg_v=new Array(k);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   578
    eg_A=new Array(k);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   579
    eg_B=new Array(k);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   580
    eg_C=new Array(k);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   581
    eg_D=new Array(k);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   582
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   583
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   584
  copy_(eg_u,x);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   585
  copy_(eg_v,n);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   586
  copyInt_(eg_A,1);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   587
  copyInt_(eg_B,0);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   588
  copyInt_(eg_C,0);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   589
  copyInt_(eg_D,1);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   590
  for (;;) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   591
    while(!(eg_u[0]&1)) {  //while eg_u is even
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   592
      halve_(eg_u);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   593
      if (!(eg_A[0]&1) && !(eg_B[0]&1)) { //if eg_A==eg_B==0 mod 2
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   594
        halve_(eg_A);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   595
        halve_(eg_B);      
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   596
      } else {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   597
        add_(eg_A,n);  halve_(eg_A);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   598
        sub_(eg_B,x);  halve_(eg_B);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   599
      }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   600
    }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   601
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   602
    while (!(eg_v[0]&1)) {  //while eg_v is even
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   603
      halve_(eg_v);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   604
      if (!(eg_C[0]&1) && !(eg_D[0]&1)) { //if eg_C==eg_D==0 mod 2
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   605
        halve_(eg_C);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   606
        halve_(eg_D);      
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   607
      } else {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   608
        add_(eg_C,n);  halve_(eg_C);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   609
        sub_(eg_D,x);  halve_(eg_D);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   610
      }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   611
    }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   612
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   613
    if (!greater(eg_v,eg_u)) { //eg_v <= eg_u
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   614
      sub_(eg_u,eg_v);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   615
      sub_(eg_A,eg_C);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   616
      sub_(eg_B,eg_D);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   617
    } else {                   //eg_v > eg_u
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   618
      sub_(eg_v,eg_u);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   619
      sub_(eg_C,eg_A);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   620
      sub_(eg_D,eg_B);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   621
    }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   622
  
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   623
    if (equalsInt(eg_u,0)) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   624
      if (negative(eg_C)) //make sure answer is nonnegative
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   625
        add_(eg_C,n);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   626
      copy_(x,eg_C);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   627
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   628
      if (!equalsInt(eg_v,1)) { //if GCD_(x,n)!=1, then there is no inverse
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   629
        copyInt_(x,0);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   630
        return 0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   631
      }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   632
      return 1;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   633
    }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   634
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   635
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   636
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   637
//return x**(-1) mod n, for integers x and n.  Return 0 if there is no inverse
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   638
function inverseModInt(x,n) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   639
  var a=1,b=0,t;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   640
  for (;;) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   641
    if (x==1) return a;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   642
    if (x==0) return 0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   643
    b-=a*Math.floor(n/x);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   644
    n%=x;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   645
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   646
    if (n==1) return b; //to avoid negatives, change this b to n-b, and each -= to +=
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   647
    if (n==0) return 0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   648
    a-=b*Math.floor(x/n);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   649
    x%=n;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   650
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   651
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   652
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   653
//this deprecated function is for backward compatibility only. 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   654
function inverseModInt_(x,n) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   655
   return inverseModInt(x,n);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   656
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   657
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   658
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   659
//Given positive bigInts x and y, change the bigints v, a, and b to positive bigInts such that:
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   660
//     v = GCD_(x,y) = a*x-b*y
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   661
//The bigInts v, a, b, must have exactly as many elements as the larger of x and y.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   662
function eGCD_(x,y,v,a,b) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   663
  var g=0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   664
  var k=Math.max(x.length,y.length);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   665
  if (eg_u.length!=k) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   666
    eg_u=new Array(k);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   667
    eg_A=new Array(k);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   668
    eg_B=new Array(k);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   669
    eg_C=new Array(k);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   670
    eg_D=new Array(k);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   671
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   672
  while(!(x[0]&1)  && !(y[0]&1)) {  //while x and y both even
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   673
    halve_(x);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   674
    halve_(y);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   675
    g++;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   676
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   677
  copy_(eg_u,x);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   678
  copy_(v,y);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   679
  copyInt_(eg_A,1);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   680
  copyInt_(eg_B,0);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   681
  copyInt_(eg_C,0);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   682
  copyInt_(eg_D,1);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   683
  for (;;) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   684
    while(!(eg_u[0]&1)) {  //while u is even
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   685
      halve_(eg_u);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   686
      if (!(eg_A[0]&1) && !(eg_B[0]&1)) { //if A==B==0 mod 2
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   687
        halve_(eg_A);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   688
        halve_(eg_B);      
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   689
      } else {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   690
        add_(eg_A,y);  halve_(eg_A);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   691
        sub_(eg_B,x);  halve_(eg_B);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   692
      }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   693
    }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   694
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   695
    while (!(v[0]&1)) {  //while v is even
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   696
      halve_(v);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   697
      if (!(eg_C[0]&1) && !(eg_D[0]&1)) { //if C==D==0 mod 2
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   698
        halve_(eg_C);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   699
        halve_(eg_D);      
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   700
      } else {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   701
        add_(eg_C,y);  halve_(eg_C);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   702
        sub_(eg_D,x);  halve_(eg_D);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   703
      }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   704
    }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   705
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   706
    if (!greater(v,eg_u)) { //v<=u
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   707
      sub_(eg_u,v);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   708
      sub_(eg_A,eg_C);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   709
      sub_(eg_B,eg_D);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   710
    } else {                //v>u
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   711
      sub_(v,eg_u);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   712
      sub_(eg_C,eg_A);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   713
      sub_(eg_D,eg_B);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   714
    }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   715
    if (equalsInt(eg_u,0)) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   716
      if (negative(eg_C)) {   //make sure a (C)is nonnegative
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   717
        add_(eg_C,y);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   718
        sub_(eg_D,x);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   719
      }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   720
      multInt_(eg_D,-1);  ///make sure b (D) is nonnegative
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   721
      copy_(a,eg_C);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   722
      copy_(b,eg_D);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   723
      leftShift_(v,g);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   724
      return;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   725
    }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   726
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   727
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   728
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   729
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   730
//is bigInt x negative?
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   731
function negative(x) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   732
  return ((x[x.length-1]>>(bpe-1))&1);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   733
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   734
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   735
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   736
//is (x << (shift*bpe)) > y?
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   737
//x and y are nonnegative bigInts
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   738
//shift is a nonnegative integer
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   739
function greaterShift(x,y,shift) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   740
  var kx=x.length, ky=y.length;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   741
  k=((kx+shift)<ky) ? (kx+shift) : ky;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   742
  for (i=ky-1-shift; i<kx && i>=0; i++) 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   743
    if (x[i]>0)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   744
      return 1; //if there are nonzeros in x to the left of the first column of y, then x is bigger
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   745
  for (i=kx-1+shift; i<ky; i++)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   746
    if (y[i]>0)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   747
      return 0; //if there are nonzeros in y to the left of the first column of x, then x is not bigger
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   748
  for (i=k-1; i>=shift; i--)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   749
    if      (x[i-shift]>y[i]) return 1;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   750
    else if (x[i-shift]<y[i]) return 0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   751
  return 0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   752
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   753
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   754
//is x > y? (x and y both nonnegative)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   755
function greater(x,y) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   756
  var i;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   757
  var k=(x.length<y.length) ? x.length : y.length;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   758
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   759
  for (i=x.length;i<y.length;i++)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   760
    if (y[i])
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   761
      return 0;  //y has more digits
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   762
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   763
  for (i=y.length;i<x.length;i++)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   764
    if (x[i])
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   765
      return 1;  //x has more digits
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   766
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   767
  for (i=k-1;i>=0;i--)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   768
    if (x[i]>y[i])
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   769
      return 1;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   770
    else if (x[i]<y[i])
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   771
      return 0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   772
  return 0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   773
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   774
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   775
//divide x by y giving quotient q and remainder r.  (q=floor(x/y),  r=x mod y).  All 4 are bigints.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   776
//x must have at least one leading zero element.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   777
//y must be nonzero.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   778
//q and r must be arrays that are exactly the same length as x. (Or q can have more).
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   779
//Must have x.length >= y.length >= 2.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   780
function divide_(x,y,q,r) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   781
  var kx, ky;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   782
  var i,j,y1,y2,c,a,b;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   783
  copy_(r,x);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   784
  for (ky=y.length;y[ky-1]==0;ky--); //ky is number of elements in y, not including leading zeros
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   785
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   786
  //normalize: ensure the most significant element of y has its highest bit set  
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   787
  b=y[ky-1];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   788
  for (a=0; b; a++)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   789
    b>>=1;  
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   790
  a=bpe-a;  //a is how many bits to shift so that the high order bit of y is leftmost in its array element
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   791
  leftShift_(y,a);  //multiply both by 1<<a now, then divide both by that at the end
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   792
  leftShift_(r,a);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   793
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   794
  //Rob Visser discovered a bug: the following line was originally just before the normalization.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   795
  for (kx=r.length;r[kx-1]==0 && kx>ky;kx--); //kx is number of elements in normalized x, not including leading zeros
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   796
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   797
  copyInt_(q,0);                      // q=0
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   798
  while (!greaterShift(y,r,kx-ky)) {  // while (leftShift_(y,kx-ky) <= r) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   799
    subShift_(r,y,kx-ky);             //   r=r-leftShift_(y,kx-ky)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   800
    q[kx-ky]++;                       //   q[kx-ky]++;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   801
  }                                   // }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   802
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   803
  for (i=kx-1; i>=ky; i--) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   804
    if (r[i]==y[ky-1])
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   805
      q[i-ky]=mask;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   806
    else
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   807
      q[i-ky]=Math.floor((r[i]*radix+r[i-1])/y[ky-1]);	
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   808
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   809
    //The following for(;;) loop is equivalent to the commented while loop, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   810
    //except that the uncommented version avoids overflow.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   811
    //The commented loop comes from HAC, which assumes r[-1]==y[-1]==0
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   812
    //  while (q[i-ky]*(y[ky-1]*radix+y[ky-2]) > r[i]*radix*radix+r[i-1]*radix+r[i-2])
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   813
    //    q[i-ky]--;    
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   814
    for (;;) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   815
      y2=(ky>1 ? y[ky-2] : 0)*q[i-ky];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   816
      c=y2>>bpe;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   817
      y2=y2 & mask;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   818
      y1=c+q[i-ky]*y[ky-1];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   819
      c=y1>>bpe;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   820
      y1=y1 & mask;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   821
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   822
      if (c==r[i] ? y1==r[i-1] ? y2>(i>1 ? r[i-2] : 0) : y1>r[i-1] : c>r[i]) 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   823
        q[i-ky]--;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   824
      else
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   825
        break;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   826
    }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   827
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   828
    linCombShift_(r,y,-q[i-ky],i-ky);    //r=r-q[i-ky]*leftShift_(y,i-ky)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   829
    if (negative(r)) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   830
      addShift_(r,y,i-ky);         //r=r+leftShift_(y,i-ky)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   831
      q[i-ky]--;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   832
    }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   833
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   834
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   835
  rightShift_(y,a);  //undo the normalization step
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   836
  rightShift_(r,a);  //undo the normalization step
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   837
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   838
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   839
//do carries and borrows so each element of the bigInt x fits in bpe bits.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   840
function carry_(x) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   841
  var i,k,c,b;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   842
  k=x.length;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   843
  c=0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   844
  for (i=0;i<k;i++) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   845
    c+=x[i];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   846
    b=0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   847
    if (c<0) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   848
      b=-(c>>bpe);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   849
      c+=b*radix;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   850
    }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   851
    x[i]=c & mask;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   852
    c=(c>>bpe)-b;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   853
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   854
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   855
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   856
//return x mod n for bigInt x and integer n.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   857
function modInt(x,n) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   858
  var i,c=0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   859
  for (i=x.length-1; i>=0; i--)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   860
    c=(c*radix+x[i])%n;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   861
  return c;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   862
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   863
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   864
//convert the integer t into a bigInt with at least the given number of bits.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   865
//the returned array stores the bigInt in bpe-bit chunks, little endian (buff[0] is least significant word)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   866
//Pad the array with leading zeros so that it has at least minSize elements.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   867
//There will always be at least one leading 0 element.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   868
function int2bigInt(t,bits,minSize) {   
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   869
  var i,k;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   870
  k=Math.ceil(bits/bpe)+1;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   871
  k=minSize>k ? minSize : k;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   872
  buff=new Array(k);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   873
  copyInt_(buff,t);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   874
  return buff;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   875
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   876
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   877
//return the bigInt given a string representation in a given base.  
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   878
//Pad the array with leading zeros so that it has at least minSize elements.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   879
//If base=-1, then it reads in a space-separated list of array elements in decimal.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   880
//The array will always have at least one leading zero, unless base=-1.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   881
function str2bigInt(s,base,minSize) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   882
  var d, i, j, x, y, kk;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   883
  var k=s.length;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   884
  if (base==-1) { //comma-separated list of array elements in decimal
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   885
    x=new Array(0);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   886
    for (;;) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   887
      y=new Array(x.length+1);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   888
      for (i=0;i<x.length;i++)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   889
        y[i+1]=x[i];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   890
      y[0]=parseInt(s,10);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   891
      x=y;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   892
      d=s.indexOf(',',0);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   893
      if (d<1) 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   894
        break;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   895
      s=s.substring(d+1);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   896
      if (s.length==0)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   897
        break;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   898
    }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   899
    if (x.length<minSize) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   900
      y=new Array(minSize);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   901
      copy_(y,x);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   902
      return y;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   903
    }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   904
    return x;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   905
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   906
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   907
  x=int2bigInt(0,base*k,0);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   908
  for (i=0;i<k;i++) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   909
    d=digitsStr.indexOf(s.substring(i,i+1),0);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   910
    if (base<=36 && d>=36)  //convert lowercase to uppercase if base<=36
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   911
      d-=26;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   912
    if (d<base && d>=0) {   //ignore illegal characters
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   913
      multInt_(x,base);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   914
      addInt_(x,d);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   915
    }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   916
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   917
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   918
  for (k=x.length;k>0 && !x[k-1];k--); //strip off leading zeros
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   919
  k=minSize>k+1 ? minSize : k+1;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   920
  y=new Array(k);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   921
  kk=k<x.length ? k : x.length;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   922
  for (i=0;i<kk;i++)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   923
    y[i]=x[i];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   924
  for (;i<k;i++)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   925
    y[i]=0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   926
  return y;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   927
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   928
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   929
//is bigint x equal to integer y?
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   930
//y must have less than bpe bits
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   931
function equalsInt(x,y) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   932
  var i;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   933
  if (x[0]!=y)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   934
    return 0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   935
  for (i=1;i<x.length;i++)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   936
    if (x[i])
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   937
      return 0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   938
  return 1;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   939
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   940
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   941
//are bigints x and y equal?
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   942
//this works even if x and y are different lengths and have arbitrarily many leading zeros
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   943
function equals(x,y) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   944
  var i;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   945
  var k=x.length<y.length ? x.length : y.length;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   946
  for (i=0;i<k;i++)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   947
    if (x[i]!=y[i])
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   948
      return 0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   949
  if (x.length>y.length) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   950
    for (;i<x.length;i++)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   951
      if (x[i])
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   952
        return 0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   953
  } else {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   954
    for (;i<y.length;i++)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   955
      if (y[i])
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   956
        return 0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   957
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   958
  return 1;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   959
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   960
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   961
//is the bigInt x equal to zero?
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   962
function isZero(x) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   963
  var i;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   964
  for (i=0;i<x.length;i++)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   965
    if (x[i])
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   966
      return 0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   967
  return 1;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   968
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   969
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   970
//convert a bigInt into a string in a given base, from base 2 up to base 95.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   971
//Base -1 prints the contents of the array representing the number.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   972
function bigInt2str(x,base) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   973
  var i,t,s="";
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   974
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   975
  if (s6.length!=x.length) 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   976
    s6=dup(x);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   977
  else
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   978
    copy_(s6,x);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   979
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   980
  if (base==-1) { //return the list of array contents
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   981
    for (i=x.length-1;i>0;i--)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   982
      s+=x[i]+',';
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   983
    s+=x[0];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   984
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   985
  else { //return it in the given base
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   986
    while (!isZero(s6)) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   987
      t=divInt_(s6,base);  //t=s6 % base; s6=floor(s6/base);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   988
      s=digitsStr.substring(t,t+1)+s;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   989
    }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   990
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   991
  if (s.length==0)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   992
    s="0";
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   993
  return s;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   994
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   995
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   996
//returns a duplicate of bigInt x
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   997
function dup(x) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   998
  var i;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
   999
  buff=new Array(x.length);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1000
  copy_(buff,x);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1001
  return buff;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1002
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1003
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1004
//do x=y on bigInts x and y.  x must be an array at least as big as y (not counting the leading zeros in y).
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1005
function copy_(x,y) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1006
  var i;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1007
  var k=x.length<y.length ? x.length : y.length;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1008
  for (i=0;i<k;i++)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1009
    x[i]=y[i];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1010
  for (i=k;i<x.length;i++)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1011
    x[i]=0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1012
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1013
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1014
//do x=y on bigInt x and integer y.  
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1015
function copyInt_(x,n) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1016
  var i,c;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1017
  for (c=n,i=0;i<x.length;i++) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1018
    x[i]=c & mask;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1019
    c>>=bpe;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1020
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1021
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1022
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1023
//do x=x+n where x is a bigInt and n is an integer.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1024
//x must be large enough to hold the result.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1025
function addInt_(x,n) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1026
  var i,k,c,b;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1027
  x[0]+=n;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1028
  k=x.length;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1029
  c=0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1030
  for (i=0;i<k;i++) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1031
    c+=x[i];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1032
    b=0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1033
    if (c<0) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1034
      b=-(c>>bpe);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1035
      c+=b*radix;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1036
    }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1037
    x[i]=c & mask;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1038
    c=(c>>bpe)-b;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1039
    if (!c) return; //stop carrying as soon as the carry_ is zero
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1040
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1041
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1042
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1043
//right shift bigInt x by n bits.  0 <= n < bpe.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1044
function rightShift_(x,n) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1045
  var i;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1046
  var k=Math.floor(n/bpe);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1047
  if (k) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1048
    for (i=0;i<x.length-k;i++) //right shift x by k elements
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1049
      x[i]=x[i+k];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1050
    for (;i<x.length;i++)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1051
      x[i]=0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1052
    n%=bpe;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1053
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1054
  for (i=0;i<x.length-1;i++) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1055
    x[i]=mask & ((x[i+1]<<(bpe-n)) | (x[i]>>n));
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1056
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1057
  x[i]>>=n;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1058
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1059
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1060
//do x=floor(|x|/2)*sgn(x) for bigInt x in 2's complement
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1061
function halve_(x) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1062
  var i;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1063
  for (i=0;i<x.length-1;i++) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1064
    x[i]=mask & ((x[i+1]<<(bpe-1)) | (x[i]>>1));
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1065
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1066
  x[i]=(x[i]>>1) | (x[i] & (radix>>1));  //most significant bit stays the same
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1067
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1068
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1069
//left shift bigInt x by n bits.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1070
function leftShift_(x,n) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1071
  var i;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1072
  var k=Math.floor(n/bpe);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1073
  if (k) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1074
    for (i=x.length; i>=k; i--) //left shift x by k elements
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1075
      x[i]=x[i-k];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1076
    for (;i>=0;i--)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1077
      x[i]=0;  
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1078
    n%=bpe;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1079
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1080
  if (!n)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1081
    return;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1082
  for (i=x.length-1;i>0;i--) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1083
    x[i]=mask & ((x[i]<<n) | (x[i-1]>>(bpe-n)));
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1084
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1085
  x[i]=mask & (x[i]<<n);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1086
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1087
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1088
//do x=x*n where x is a bigInt and n is an integer.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1089
//x must be large enough to hold the result.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1090
function multInt_(x,n) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1091
  var i,k,c,b;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1092
  if (!n)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1093
    return;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1094
  k=x.length;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1095
  c=0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1096
  for (i=0;i<k;i++) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1097
    c+=x[i]*n;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1098
    b=0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1099
    if (c<0) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1100
      b=-(c>>bpe);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1101
      c+=b*radix;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1102
    }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1103
    x[i]=c & mask;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1104
    c=(c>>bpe)-b;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1105
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1106
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1107
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1108
//do x=floor(x/n) for bigInt x and integer n, and return the remainder
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1109
function divInt_(x,n) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1110
  var i,r=0,s;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1111
  for (i=x.length-1;i>=0;i--) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1112
    s=r*radix+x[i];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1113
    x[i]=Math.floor(s/n);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1114
    r=s%n;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1115
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1116
  return r;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1117
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1118
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1119
//do the linear combination x=a*x+b*y for bigInts x and y, and integers a and b.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1120
//x must be large enough to hold the answer.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1121
function linComb_(x,y,a,b) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1122
  var i,c,k,kk;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1123
  k=x.length<y.length ? x.length : y.length;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1124
  kk=x.length;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1125
  for (c=0,i=0;i<k;i++) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1126
    c+=a*x[i]+b*y[i];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1127
    x[i]=c & mask;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1128
    c>>=bpe;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1129
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1130
  for (i=k;i<kk;i++) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1131
    c+=a*x[i];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1132
    x[i]=c & mask;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1133
    c>>=bpe;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1134
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1135
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1136
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1137
//do the linear combination x=a*x+b*(y<<(ys*bpe)) for bigInts x and y, and integers a, b and ys.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1138
//x must be large enough to hold the answer.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1139
function linCombShift_(x,y,b,ys) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1140
  var i,c,k,kk;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1141
  k=x.length<ys+y.length ? x.length : ys+y.length;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1142
  kk=x.length;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1143
  for (c=0,i=ys;i<k;i++) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1144
    c+=x[i]+b*y[i-ys];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1145
    x[i]=c & mask;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1146
    c>>=bpe;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1147
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1148
  for (i=k;c && i<kk;i++) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1149
    c+=x[i];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1150
    x[i]=c & mask;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1151
    c>>=bpe;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1152
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1153
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1154
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1155
//do x=x+(y<<(ys*bpe)) for bigInts x and y, and integers a,b and ys.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1156
//x must be large enough to hold the answer.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1157
function addShift_(x,y,ys) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1158
  var i,c,k,kk;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1159
  k=x.length<ys+y.length ? x.length : ys+y.length;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1160
  kk=x.length;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1161
  for (c=0,i=ys;i<k;i++) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1162
    c+=x[i]+y[i-ys];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1163
    x[i]=c & mask;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1164
    c>>=bpe;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1165
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1166
  for (i=k;c && i<kk;i++) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1167
    c+=x[i];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1168
    x[i]=c & mask;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1169
    c>>=bpe;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1170
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1171
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1172
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1173
//do x=x-(y<<(ys*bpe)) for bigInts x and y, and integers a,b and ys.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1174
//x must be large enough to hold the answer.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1175
function subShift_(x,y,ys) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1176
  var i,c,k,kk;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1177
  k=x.length<ys+y.length ? x.length : ys+y.length;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1178
  kk=x.length;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1179
  for (c=0,i=ys;i<k;i++) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1180
    c+=x[i]-y[i-ys];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1181
    x[i]=c & mask;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1182
    c>>=bpe;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1183
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1184
  for (i=k;c && i<kk;i++) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1185
    c+=x[i];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1186
    x[i]=c & mask;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1187
    c>>=bpe;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1188
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1189
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1190
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1191
//do x=x-y for bigInts x and y.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1192
//x must be large enough to hold the answer.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1193
//negative answers will be 2s complement
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1194
function sub_(x,y) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1195
  var i,c,k,kk;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1196
  k=x.length<y.length ? x.length : y.length;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1197
  for (c=0,i=0;i<k;i++) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1198
    c+=x[i]-y[i];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1199
    x[i]=c & mask;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1200
    c>>=bpe;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1201
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1202
  for (i=k;c && i<x.length;i++) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1203
    c+=x[i];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1204
    x[i]=c & mask;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1205
    c>>=bpe;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1206
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1207
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1208
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1209
//do x=x+y for bigInts x and y.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1210
//x must be large enough to hold the answer.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1211
function add_(x,y) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1212
  var i,c,k,kk;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1213
  k=x.length<y.length ? x.length : y.length;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1214
  for (c=0,i=0;i<k;i++) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1215
    c+=x[i]+y[i];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1216
    x[i]=c & mask;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1217
    c>>=bpe;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1218
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1219
  for (i=k;c && i<x.length;i++) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1220
    c+=x[i];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1221
    x[i]=c & mask;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1222
    c>>=bpe;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1223
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1224
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1225
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1226
//do x=x*y for bigInts x and y.  This is faster when y<x.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1227
function mult_(x,y) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1228
  var i;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1229
  if (ss.length!=2*x.length)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1230
    ss=new Array(2*x.length);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1231
  copyInt_(ss,0);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1232
  for (i=0;i<y.length;i++)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1233
    if (y[i])
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1234
      linCombShift_(ss,x,y[i],i);   //ss=1*ss+y[i]*(x<<(i*bpe))
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1235
  copy_(x,ss);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1236
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1237
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1238
//do x=x mod n for bigInts x and n.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1239
function mod_(x,n) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1240
  if (s4.length!=x.length)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1241
    s4=dup(x);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1242
  else
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1243
    copy_(s4,x);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1244
  if (s5.length!=x.length)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1245
    s5=dup(x);  
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1246
  divide_(s4,n,s5,x);  //x = remainder of s4 / n
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1247
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1248
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1249
//do x=x*y mod n for bigInts x,y,n.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1250
//for greater speed, let y<x.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1251
function multMod_(x,y,n) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1252
  var i;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1253
  if (s0.length!=2*x.length)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1254
    s0=new Array(2*x.length);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1255
  copyInt_(s0,0);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1256
  for (i=0;i<y.length;i++)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1257
    if (y[i])
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1258
      linCombShift_(s0,x,y[i],i);   //s0=1*s0+y[i]*(x<<(i*bpe))
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1259
  mod_(s0,n);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1260
  copy_(x,s0);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1261
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1262
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1263
//do x=x*x mod n for bigInts x,n.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1264
function squareMod_(x,n) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1265
  var i,j,d,c,kx,kn,k;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1266
  for (kx=x.length; kx>0 && !x[kx-1]; kx--);  //ignore leading zeros in x
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1267
  k=kx>n.length ? 2*kx : 2*n.length; //k=# elements in the product, which is twice the elements in the larger of x and n
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1268
  if (s0.length!=k) 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1269
    s0=new Array(k);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1270
  copyInt_(s0,0);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1271
  for (i=0;i<kx;i++) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1272
    c=s0[2*i]+x[i]*x[i];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1273
    s0[2*i]=c & mask;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1274
    c>>=bpe;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1275
    for (j=i+1;j<kx;j++) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1276
      c=s0[i+j]+2*x[i]*x[j]+c;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1277
      s0[i+j]=(c & mask);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1278
      c>>=bpe;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1279
    }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1280
    s0[i+kx]=c;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1281
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1282
  mod_(s0,n);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1283
  copy_(x,s0);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1284
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1285
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1286
//return x with exactly k leading zero elements
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1287
function bigint_trim(x,k) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1288
  var i,y;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1289
  for (i=x.length; i>0 && !x[i-1]; i--);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1290
  y=new Array(i+k);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1291
  copy_(y,x);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1292
  return y;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1293
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1294
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1295
//do x=x**y mod n, where x,y,n are bigInts and ** is exponentiation.  0**0=1.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1296
//this is faster when n is odd.  x usually needs to have as many elements as n.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1297
function powMod_(x,y,n) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1298
  var k1,k2,kn,np;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1299
  if(s7.length!=n.length)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1300
    s7=dup(n);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1301
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1302
  //for even modulus, use a simple square-and-multiply algorithm,
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1303
  //rather than using the more complex Montgomery algorithm.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1304
  if ((n[0]&1)==0) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1305
    copy_(s7,x);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1306
    copyInt_(x,1);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1307
    while(!equalsInt(y,0)) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1308
      if (y[0]&1)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1309
        multMod_(x,s7,n);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1310
      divInt_(y,2);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1311
      squareMod_(s7,n); 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1312
    }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1313
    return;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1314
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1315
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1316
  //calculate np from n for the Montgomery multiplications
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1317
  copyInt_(s7,0);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1318
  for (kn=n.length;kn>0 && !n[kn-1];kn--);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1319
  np=radix-inverseModInt(modInt(n,radix),radix);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1320
  s7[kn]=1;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1321
  multMod_(x ,s7,n);   // x = x * 2**(kn*bp) mod n
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1322
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1323
  if (s3.length!=x.length)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1324
    s3=dup(x);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1325
  else
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1326
    copy_(s3,x);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1327
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1328
  for (k1=y.length-1;k1>0 & !y[k1]; k1--);  //k1=first nonzero element of y
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1329
  if (y[k1]==0) {  //anything to the 0th power is 1
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1330
    copyInt_(x,1);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1331
    return;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1332
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1333
  for (k2=1<<(bpe-1);k2 && !(y[k1] & k2); k2>>=1);  //k2=position of first 1 bit in y[k1]
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1334
  for (;;) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1335
    if (!(k2>>=1)) {  //look at next bit of y
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1336
      k1--;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1337
      if (k1<0) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1338
        mont_(x,one,n,np);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1339
        return;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1340
      }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1341
      k2=1<<(bpe-1);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1342
    }    
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1343
    mont_(x,x,n,np);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1344
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1345
    if (k2 & y[k1]) //if next bit is a 1
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1346
      mont_(x,s3,n,np);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1347
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1348
}    
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1349
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1350
//do x=x*y*Ri mod n for bigInts x,y,n, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1351
//  where Ri = 2**(-kn*bpe) mod n, and kn is the 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1352
//  number of elements in the n array, not 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1353
//  counting leading zeros.  
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1354
//x must be large enough to hold the answer.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1355
//It's OK if x and y are the same variable.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1356
//must have:
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1357
//  x,y < n
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1358
//  n is odd
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1359
//  np = -(n^(-1)) mod radix
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1360
function mont_(x,y,n,np) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1361
  var i,j,c,ui,t;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1362
  var kn=n.length;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1363
  var ky=y.length;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1364
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1365
  if (sa.length!=kn)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1366
    sa=new Array(kn);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1367
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1368
  for (;kn>0 && n[kn-1]==0;kn--); //ignore leading zeros of n
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1369
  //this function sometimes gives wrong answers when the next line is uncommented
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1370
  //for (;ky>0 && y[ky-1]==0;ky--); //ignore leading zeros of y
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1371
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1372
  copyInt_(sa,0);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1373
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1374
  //the following loop consumes 95% of the runtime for randTruePrime_() and powMod_() for large keys
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1375
  for (i=0; i<kn; i++) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1376
    t=sa[0]+x[i]*y[0];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1377
    ui=((t & mask) * np) & mask;  //the inner "& mask" is needed on Macintosh MSIE, but not windows MSIE
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1378
    c=(t+ui*n[0]) >> bpe;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1379
    t=x[i];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1380
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1381
    //do sa=(sa+x[i]*y+ui*n)/b   where b=2**bpe
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1382
    for (j=1;j<ky;j++) { 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1383
      c+=sa[j]+t*y[j]+ui*n[j];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1384
      sa[j-1]=c & mask;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1385
      c>>=bpe;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1386
    }    
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1387
    for (;j<kn;j++) { 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1388
      c+=sa[j]+ui*n[j];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1389
      sa[j-1]=c & mask;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1390
      c>>=bpe;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1391
    }    
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1392
    sa[j-1]=c & mask;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1393
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1394
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1395
  if (!greater(n,sa))
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1396
    sub_(sa,n);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1397
  copy_(x,sa);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1398
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1399
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1400
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1401
/* rijndael.js      Rijndael Reference Implementation
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1402
   Copyright (c) 2001 Fritz Schneider
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1403
 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1404
 This software is provided as-is, without express or implied warranty.  
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1405
 Permission to use, copy, modify, distribute or sell this software, with or
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1406
 without fee, for any purpose and by any individual or organization, is hereby
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1407
 granted, provided that the above copyright notice and this paragraph appear 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1408
 in all copies. Distribution as a part of an application or binary must
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1409
 include the above copyright notice in the documentation and/or other materials
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1410
 provided with the application or distribution.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1411
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1412
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1413
   As the above disclaimer notes, you are free to use this code however you
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1414
   want. However, I would request that you send me an email 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1415
   (fritz /at/ cs /dot/ ucsd /dot/ edu) to say hi if you find this code useful
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1416
   or instructional. Seeing that people are using the code acts as 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1417
   encouragement for me to continue development. If you *really* want to thank
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1418
   me you can buy the book I wrote with Thomas Powell, _JavaScript:
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1419
   _The_Complete_Reference_ :)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1420
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1421
   This code is an UNOPTIMIZED REFERENCE implementation of Rijndael. 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1422
   If there is sufficient interest I can write an optimized (word-based, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1423
   table-driven) version, although you might want to consider using a 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1424
   compiled language if speed is critical to your application. As it stands,
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1425
   one run of the monte carlo test (10,000 encryptions) can take up to 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1426
   several minutes, depending upon your processor. You shouldn't expect more
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1427
   than a few kilobytes per second in throughput.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1428
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1429
   Also note that there is very little error checking in these functions. 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1430
   Doing proper error checking is always a good idea, but the ideal 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1431
   implementation (using the instanceof operator and exceptions) requires
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1432
   IE5+/NS6+, and I've chosen to implement this code so that it is compatible
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1433
   with IE4/NS4. 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1434
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1435
   And finally, because JavaScript doesn't have an explicit byte/char data 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1436
   type (although JavaScript 2.0 most likely will), when I refer to "byte" 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1437
   in this code I generally mean "32 bit integer with value in the interval 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1438
   [0,255]" which I treat as a byte.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1439
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1440
   See http://www-cse.ucsd.edu/~fritz/rijndael.html for more documentation
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1441
   of the (very simple) API provided by this code.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1442
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1443
                                               Fritz Schneider
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1444
                                               fritz at cs.ucsd.edu
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1445
 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1446
*/
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1447
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1448
// Rijndael parameters --  Valid values are 128, 192, or 256
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1449
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1450
var keySizeInBits =   ( typeof AES_BITS == 'number' ) ? AES_BITS : 128;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1451
var blockSizeInBits = ( typeof AES_BLOCKSIZE == 'number' ) ? AES_BLOCKSIZE : 128;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1452
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1453
///////  You shouldn't have to modify anything below this line except for
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1454
///////  the function getRandomBytes().
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1455
//
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1456
// Note: in the following code the two dimensional arrays are indexed as
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1457
//       you would probably expect, as array[row][column]. The state arrays
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1458
//       are 2d arrays of the form state[4][Nb].
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1459
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1460
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1461
// The number of rounds for the cipher, indexed by [Nk][Nb]
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1462
var roundsArray = [ ,,,,[,,,,10,, 12,, 14],, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1463
                        [,,,,12,, 12,, 14],, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1464
                        [,,,,14,, 14,, 14] ];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1465
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1466
// The number of bytes to shift by in shiftRow, indexed by [Nb][row]
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1467
var shiftOffsets = [ ,,,,[,1, 2, 3],,[,1, 2, 3],,[,1, 3, 4] ];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1468
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1469
// The round constants used in subkey expansion
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1470
var Rcon = [ 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1471
0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1472
0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1473
0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1474
0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1475
0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91 ];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1476
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1477
// Precomputed lookup table for the SBox
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1478
var SBox = [
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1479
 99, 124, 119, 123, 242, 107, 111, 197,  48,   1, 103,  43, 254, 215, 171, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1480
118, 202, 130, 201, 125, 250,  89,  71, 240, 173, 212, 162, 175, 156, 164, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1481
114, 192, 183, 253, 147,  38,  54,  63, 247, 204,  52, 165, 229, 241, 113, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1482
216,  49,  21,   4, 199,  35, 195,  24, 150,   5, 154,   7,  18, 128, 226, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1483
235,  39, 178, 117,   9, 131,  44,  26,  27, 110,  90, 160,  82,  59, 214, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1484
179,  41, 227,  47, 132,  83, 209,   0, 237,  32, 252, 177,  91, 106, 203, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1485
190,  57,  74,  76,  88, 207, 208, 239, 170, 251,  67,  77,  51, 133,  69, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1486
249,   2, 127,  80,  60, 159, 168,  81, 163,  64, 143, 146, 157,  56, 245, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1487
188, 182, 218,  33,  16, 255, 243, 210, 205,  12,  19, 236,  95, 151,  68,  
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1488
23,  196, 167, 126,  61, 100,  93,  25, 115,  96, 129,  79, 220,  34,  42, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1489
144, 136,  70, 238, 184,  20, 222,  94,  11, 219, 224,  50,  58,  10,  73,
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1490
  6,  36,  92, 194, 211, 172,  98, 145, 149, 228, 121, 231, 200,  55, 109, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1491
141, 213,  78, 169, 108,  86, 244, 234, 101, 122, 174,   8, 186, 120,  37,  
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1492
 46,  28, 166, 180, 198, 232, 221, 116,  31,  75, 189, 139, 138, 112,  62, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1493
181, 102,  72,   3, 246,  14,  97,  53,  87, 185, 134, 193,  29, 158, 225,
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1494
248, 152,  17, 105, 217, 142, 148, 155,  30, 135, 233, 206,  85,  40, 223,
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1495
140, 161, 137,  13, 191, 230,  66, 104,  65, 153,  45,  15, 176,  84, 187,  
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1496
 22 ];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1497
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1498
// Precomputed lookup table for the inverse SBox
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1499
var SBoxInverse = [
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1500
 82,   9, 106, 213,  48,  54, 165,  56, 191,  64, 163, 158, 129, 243, 215, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1501
251, 124, 227,  57, 130, 155,  47, 255, 135,  52, 142,  67,  68, 196, 222, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1502
233, 203,  84, 123, 148,  50, 166, 194,  35,  61, 238,  76, 149,  11,  66, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1503
250, 195,  78,   8,  46, 161, 102,  40, 217,  36, 178, 118,  91, 162,  73, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1504
109, 139, 209,  37, 114, 248, 246, 100, 134, 104, 152,  22, 212, 164,  92, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1505
204,  93, 101, 182, 146, 108, 112,  72,  80, 253, 237, 185, 218,  94,  21,  
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1506
 70,  87, 167, 141, 157, 132, 144, 216, 171,   0, 140, 188, 211,  10, 247, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1507
228,  88,   5, 184, 179,  69,   6, 208,  44,  30, 143, 202,  63,  15,   2, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1508
193, 175, 189,   3,   1,  19, 138, 107,  58, 145,  17,  65,  79, 103, 220, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1509
234, 151, 242, 207, 206, 240, 180, 230, 115, 150, 172, 116,  34, 231, 173,
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1510
 53, 133, 226, 249,  55, 232,  28, 117, 223, 110,  71, 241,  26, 113,  29, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1511
 41, 197, 137, 111, 183,  98,  14, 170,  24, 190,  27, 252,  86,  62,  75, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1512
198, 210, 121,  32, 154, 219, 192, 254, 120, 205,  90, 244,  31, 221, 168,
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1513
 51, 136,   7, 199,  49, 177,  18,  16,  89,  39, 128, 236,  95,  96,  81,
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1514
127, 169,  25, 181,  74,  13,  45, 229, 122, 159, 147, 201, 156, 239, 160,
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1515
224,  59,  77, 174,  42, 245, 176, 200, 235, 187,  60, 131,  83, 153,  97, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1516
 23,  43,   4, 126, 186, 119, 214,  38, 225, 105,  20,  99,  85,  33,  12,
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1517
125 ];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1518
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1519
function str_split(string, chunklen)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1520
{
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1521
  if(!chunklen) chunklen = 1;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1522
  ret = new Array();
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1523
  for ( i = 0; i < string.length; i+=chunklen )
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1524
  {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1525
    ret[ret.length] = string.slice(i, i+chunklen);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1526
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1527
  return ret;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1528
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1529
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1530
// This method circularly shifts the array left by the number of elements
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1531
// given in its parameter. It returns the resulting array and is used for 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1532
// the ShiftRow step. Note that shift() and push() could be used for a more 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1533
// elegant solution, but they require IE5.5+, so I chose to do it manually. 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1534
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1535
function cyclicShiftLeft(theArray, positions) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1536
  var temp = theArray.slice(0, positions);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1537
  theArray = theArray.slice(positions).concat(temp);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1538
  return theArray;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1539
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1540
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1541
// Cipher parameters ... do not change these
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1542
var Nk = keySizeInBits / 32;                   
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1543
var Nb = blockSizeInBits / 32;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1544
var Nr = roundsArray[Nk][Nb];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1545
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1546
// Multiplies the element "poly" of GF(2^8) by x. See the Rijndael spec.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1547
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1548
function xtime(poly) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1549
  poly <<= 1;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1550
  return ((poly & 0x100) ? (poly ^ 0x11B) : (poly));
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1551
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1552
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1553
// Multiplies the two elements of GF(2^8) together and returns the result.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1554
// See the Rijndael spec, but should be straightforward: for each power of
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1555
// the indeterminant that has a 1 coefficient in x, add y times that power
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1556
// to the result. x and y should be bytes representing elements of GF(2^8)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1557
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1558
function mult_GF256(x, y) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1559
  var bit, result = 0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1560
  
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1561
  for (bit = 1; bit < 256; bit *= 2, y = xtime(y)) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1562
    if (x & bit) 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1563
      result ^= y;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1564
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1565
  return result;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1566
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1567
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1568
// Performs the substitution step of the cipher. State is the 2d array of
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1569
// state information (see spec) and direction is string indicating whether
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1570
// we are performing the forward substitution ("encrypt") or inverse 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1571
// substitution (anything else)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1572
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1573
function byteSub(state, direction) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1574
  var S;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1575
  if (direction == "encrypt")           // Point S to the SBox we're using
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1576
    S = SBox;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1577
  else
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1578
    S = SBoxInverse;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1579
  for (var i = 0; i < 4; i++)           // Substitute for every byte in state
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1580
    for (var j = 0; j < Nb; j++)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1581
       state[i][j] = S[state[i][j]];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1582
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1583
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1584
// Performs the row shifting step of the cipher.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1585
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1586
function shiftRow(state, direction) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1587
  for (var i=1; i<4; i++)               // Row 0 never shifts
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1588
    if (direction == "encrypt")
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1589
       state[i] = cyclicShiftLeft(state[i], shiftOffsets[Nb][i]);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1590
    else
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1591
       state[i] = cyclicShiftLeft(state[i], Nb - shiftOffsets[Nb][i]);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1592
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1593
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1594
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1595
// Performs the column mixing step of the cipher. Most of these steps can
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1596
// be combined into table lookups on 32bit values (at least for encryption)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1597
// to greatly increase the speed. 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1598
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1599
function mixColumn(state, direction) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1600
  var b = [];                            // Result of matrix multiplications
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1601
  for (var j = 0; j < Nb; j++) {         // Go through each column...
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1602
    for (var i = 0; i < 4; i++) {        // and for each row in the column...
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1603
      if (direction == "encrypt")
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1604
        b[i] = mult_GF256(state[i][j], 2) ^          // perform mixing
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1605
               mult_GF256(state[(i+1)%4][j], 3) ^ 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1606
               state[(i+2)%4][j] ^ 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1607
               state[(i+3)%4][j];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1608
      else 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1609
        b[i] = mult_GF256(state[i][j], 0xE) ^ 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1610
               mult_GF256(state[(i+1)%4][j], 0xB) ^
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1611
               mult_GF256(state[(i+2)%4][j], 0xD) ^
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1612
               mult_GF256(state[(i+3)%4][j], 9);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1613
    }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1614
    for (var i = 0; i < 4; i++)          // Place result back into column
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1615
      state[i][j] = b[i];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1616
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1617
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1618
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1619
// Adds the current round key to the state information. Straightforward.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1620
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1621
function addRoundKey(state, roundKey) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1622
  for (var j = 0; j < Nb; j++) {                 // Step through columns...
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1623
    state[0][j] ^= (roundKey[j] & 0xFF);         // and XOR
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1624
    state[1][j] ^= ((roundKey[j]>>8) & 0xFF);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1625
    state[2][j] ^= ((roundKey[j]>>16) & 0xFF);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1626
    state[3][j] ^= ((roundKey[j]>>24) & 0xFF);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1627
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1628
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1629
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1630
// This function creates the expanded key from the input (128/192/256-bit)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1631
// key. The parameter key is an array of bytes holding the value of the key.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1632
// The returned value is an array whose elements are the 32-bit words that 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1633
// make up the expanded key.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1634
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1635
function keyExpansion(key) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1636
  var expandedKey = new Array();
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1637
  var temp;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1638
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1639
  // in case the key size or parameters were changed...
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1640
  Nk = keySizeInBits / 32;                   
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1641
  Nb = blockSizeInBits / 32;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1642
  Nr = roundsArray[Nk][Nb];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1643
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1644
  for (var j=0; j < Nk; j++)     // Fill in input key first
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1645
    expandedKey[j] = 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1646
      (key[4*j]) | (key[4*j+1]<<8) | (key[4*j+2]<<16) | (key[4*j+3]<<24);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1647
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1648
  // Now walk down the rest of the array filling in expanded key bytes as
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1649
  // per Rijndael's spec
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1650
  for (j = Nk; j < Nb * (Nr + 1); j++) {    // For each word of expanded key
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1651
    temp = expandedKey[j - 1];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1652
    if (j % Nk == 0) 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1653
      temp = ( (SBox[(temp>>8) & 0xFF]) |
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1654
               (SBox[(temp>>16) & 0xFF]<<8) |
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1655
               (SBox[(temp>>24) & 0xFF]<<16) |
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1656
               (SBox[temp & 0xFF]<<24) ) ^ Rcon[Math.floor(j / Nk) - 1];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1657
    else if (Nk > 6 && j % Nk == 4)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1658
      temp = (SBox[(temp>>24) & 0xFF]<<24) |
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1659
             (SBox[(temp>>16) & 0xFF]<<16) |
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1660
             (SBox[(temp>>8) & 0xFF]<<8) |
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1661
             (SBox[temp & 0xFF]);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1662
    expandedKey[j] = expandedKey[j-Nk] ^ temp;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1663
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1664
  return expandedKey;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1665
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1666
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1667
// Rijndael's round functions... 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1668
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1669
function Round(state, roundKey) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1670
  byteSub(state, "encrypt");
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1671
  shiftRow(state, "encrypt");
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1672
  mixColumn(state, "encrypt");
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1673
  addRoundKey(state, roundKey);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1674
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1675
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1676
function InverseRound(state, roundKey) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1677
  addRoundKey(state, roundKey);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1678
  mixColumn(state, "decrypt");
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1679
  shiftRow(state, "decrypt");
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1680
  byteSub(state, "decrypt");
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1681
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1682
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1683
function FinalRound(state, roundKey) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1684
  byteSub(state, "encrypt");
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1685
  shiftRow(state, "encrypt");
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1686
  addRoundKey(state, roundKey);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1687
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1688
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1689
function InverseFinalRound(state, roundKey){
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1690
  addRoundKey(state, roundKey);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1691
  shiftRow(state, "decrypt");
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1692
  byteSub(state, "decrypt");  
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1693
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1694
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1695
// encrypt is the basic encryption function. It takes parameters
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1696
// block, an array of bytes representing a plaintext block, and expandedKey,
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1697
// an array of words representing the expanded key previously returned by
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1698
// keyExpansion(). The ciphertext block is returned as an array of bytes.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1699
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1700
function encrypt(block, expandedKey) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1701
  var i;  
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1702
  if (!block || block.length*8 != blockSizeInBits)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1703
     return; 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1704
  if (!expandedKey)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1705
     return;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1706
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1707
  block = packBytes(block);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1708
  addRoundKey(block, expandedKey);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1709
  for (i=1; i<Nr; i++) 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1710
    Round(block, expandedKey.slice(Nb*i, Nb*(i+1)));
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1711
  FinalRound(block, expandedKey.slice(Nb*Nr)); 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1712
  return unpackBytes(block);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1713
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1714
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1715
// decrypt is the basic decryption function. It takes parameters
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1716
// block, an array of bytes representing a ciphertext block, and expandedKey,
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1717
// an array of words representing the expanded key previously returned by
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1718
// keyExpansion(). The decrypted block is returned as an array of bytes.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1719
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1720
function decrypt(block, expandedKey) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1721
  var i;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1722
  if (!block || block.length*8 != blockSizeInBits)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1723
     return;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1724
  if (!expandedKey)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1725
     return;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1726
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1727
  block = packBytes(block);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1728
  InverseFinalRound(block, expandedKey.slice(Nb*Nr)); 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1729
  for (i = Nr - 1; i>0; i--) 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1730
    InverseRound(block, expandedKey.slice(Nb*i, Nb*(i+1)));
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1731
  addRoundKey(block, expandedKey);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1732
  return unpackBytes(block);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1733
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1734
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1735
// This function packs an array of bytes into the four row form defined by
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1736
// Rijndael. It assumes the length of the array of bytes is divisible by
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1737
// four. Bytes are filled in according to the Rijndael spec (starting with
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1738
// column 0, row 0 to 3). This function returns a 2d array.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1739
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1740
function packBytes(octets) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1741
  var state = new Array();
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1742
  if (!octets || octets.length % 4)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1743
    return;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1744
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1745
  state[0] = new Array();  state[1] = new Array(); 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1746
  state[2] = new Array();  state[3] = new Array();
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1747
  for (var j=0; j<octets.length; j+= 4) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1748
     state[0][j/4] = octets[j];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1749
     state[1][j/4] = octets[j+1];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1750
     state[2][j/4] = octets[j+2];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1751
     state[3][j/4] = octets[j+3];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1752
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1753
  return state;  
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1754
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1755
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1756
// This function unpacks an array of bytes from the four row format preferred
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1757
// by Rijndael into a single 1d array of bytes. It assumes the input "packed"
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1758
// is a packed array. Bytes are filled in according to the Rijndael spec. 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1759
// This function returns a 1d array of bytes.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1760
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1761
function unpackBytes(packed) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1762
  var result = new Array();
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1763
  for (var j=0; j<packed[0].length; j++) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1764
    result[result.length] = packed[0][j];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1765
    result[result.length] = packed[1][j];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1766
    result[result.length] = packed[2][j];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1767
    result[result.length] = packed[3][j];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1768
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1769
  return result;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1770
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1771
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1772
// This function takes a prospective plaintext (string or array of bytes)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1773
// and pads it with zero bytes if its length is not a multiple of the block 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1774
// size. If plaintext is a string, it is converted to an array of bytes
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1775
// in the process. The type checking can be made much nicer using the 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1776
// instanceof operator, but this operator is not available until IE5.0 so I 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1777
// chose to use the heuristic below. 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1778
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1779
function formatPlaintext(plaintext) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1780
  var bpb = blockSizeInBits / 8;               // bytes per block
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1781
  var i;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1782
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1783
  // if primitive string or String instance
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1784
  if (typeof plaintext == "string" || plaintext.split) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1785
    // alert('AUUGH you idiot it\'s NOT A STRING ITS A '+typeof(plaintext)+'!!!');
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1786
    // return false;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1787
    plaintext = plaintext.split("");
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1788
    // Unicode issues here (ignoring high byte)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1789
    for (i=0; i<plaintext.length; i++)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1790
      plaintext[i] = plaintext[i].charCodeAt(0) & 0xFF;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1791
  } 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1792
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1793
  for (i = bpb - (plaintext.length % bpb); i > 0 && i < bpb; i--) 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1794
    plaintext[plaintext.length] = 0;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1795
  
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1796
  return plaintext;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1797
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1798
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1799
// Returns an array containing "howMany" random bytes. YOU SHOULD CHANGE THIS
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1800
// TO RETURN HIGHER QUALITY RANDOM BYTES IF YOU ARE USING THIS FOR A "REAL"
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1801
// APPLICATION.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1802
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1803
function getRandomBytes(howMany) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1804
  var i;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1805
  var bytes = new Array();
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1806
  for (i=0; i<howMany; i++)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1807
    bytes[i] = Math.round(Math.random()*255);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1808
  return bytes;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1809
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1810
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1811
// rijndaelEncrypt(plaintext, key, mode)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1812
// Encrypts the plaintext using the given key and in the given mode. 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1813
// The parameter "plaintext" can either be a string or an array of bytes. 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1814
// The parameter "key" must be an array of key bytes. If you have a hex 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1815
// string representing the key, invoke hexToByteArray() on it to convert it 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1816
// to an array of bytes. The third parameter "mode" is a string indicating
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1817
// the encryption mode to use, either "ECB" or "CBC". If the parameter is
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1818
// omitted, ECB is assumed.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1819
// 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1820
// An array of bytes representing the cihpertext is returned. To convert 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1821
// this array to hex, invoke byteArrayToHex() on it. If you are using this 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1822
// "for real" it is a good idea to change the function getRandomBytes() to 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1823
// something that returns truly random bits.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1824
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1825
function rijndaelEncrypt(plaintext, key, mode) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1826
  var expandedKey, i, aBlock;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1827
  var bpb = blockSizeInBits / 8;          // bytes per block
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1828
  var ct;                                 // ciphertext
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1829
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1830
  if (typeof plaintext != 'object' || typeof key != 'object')
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1831
  {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1832
    alert( 'Invalid params\nplaintext: '+typeof(plaintext)+'\nkey: '+typeof(key) );
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1833
    return false;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1834
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1835
  if (key.length*8 == keySizeInBits+8)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1836
    key.length = keySizeInBits / 8;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1837
  if (key.length*8 != keySizeInBits)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1838
  {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1839
    alert( 'Key length is bad!\nLength: '+key.length+'\nExpected: '+keySizeInBits / 8 );
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1840
    return false;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1841
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1842
  if (mode == "CBC")
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1843
    ct = getRandomBytes(bpb);             // get IV
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1844
  else {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1845
    mode = "ECB";
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1846
    ct = new Array();
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1847
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1848
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1849
  // convert plaintext to byte array and pad with zeros if necessary. 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1850
  plaintext = formatPlaintext(plaintext);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1851
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1852
  expandedKey = keyExpansion(key);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1853
  
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1854
  for (var block=0; block<plaintext.length / bpb; block++) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1855
    aBlock = plaintext.slice(block*bpb, (block+1)*bpb);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1856
    if (mode == "CBC")
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1857
      for (var i=0; i<bpb; i++) 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1858
        aBlock[i] ^= ct[block*bpb + i];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1859
    ct = ct.concat(encrypt(aBlock, expandedKey));
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1860
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1861
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1862
  return ct;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1863
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1864
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1865
// rijndaelDecrypt(ciphertext, key, mode)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1866
// Decrypts the using the given key and mode. The parameter "ciphertext" 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1867
// must be an array of bytes. The parameter "key" must be an array of key 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1868
// bytes. If you have a hex string representing the ciphertext or key, 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1869
// invoke hexToByteArray() on it to convert it to an array of bytes. The
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1870
// parameter "mode" is a string, either "CBC" or "ECB".
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1871
// 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1872
// An array of bytes representing the plaintext is returned. To convert 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1873
// this array to a hex string, invoke byteArrayToHex() on it. To convert it 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1874
// to a string of characters, you can use byteArrayToString().
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1875
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1876
function rijndaelDecrypt(ciphertext, key, mode) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1877
  var expandedKey;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1878
  var bpb = blockSizeInBits / 8;          // bytes per block
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1879
  var pt = new Array();                   // plaintext array
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1880
  var aBlock;                             // a decrypted block
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1881
  var block;                              // current block number
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1882
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1883
  if (!ciphertext || !key || typeof ciphertext == "string")
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1884
    return;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1885
  if (key.length*8 != keySizeInBits)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1886
    return; 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1887
  if (!mode)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1888
    mode = "ECB";                         // assume ECB if mode omitted
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1889
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1890
  expandedKey = keyExpansion(key);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1891
 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1892
  // work backwards to accomodate CBC mode 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1893
  for (block=(ciphertext.length / bpb)-1; block>0; block--) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1894
    aBlock = 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1895
     decrypt(ciphertext.slice(block*bpb,(block+1)*bpb), expandedKey);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1896
    if (mode == "CBC") 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1897
      for (var i=0; i<bpb; i++) 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1898
        pt[(block-1)*bpb + i] = aBlock[i] ^ ciphertext[(block-1)*bpb + i];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1899
    else 
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1900
      pt = aBlock.concat(pt);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1901
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1902
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1903
  // do last block if ECB (skips the IV in CBC)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1904
  if (mode == "ECB")
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1905
    pt = decrypt(ciphertext.slice(0, bpb), expandedKey).concat(pt);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1906
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1907
  return pt;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1908
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1909
830
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1910
// This method takes a byte array (byteArray) and converts it to a string by
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1911
// applying String.fromCharCode() to each value and concatenating the result.
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1912
// The resulting string is returned. Note that this function SKIPS zero bytes
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1913
// under the assumption that they are padding added in formatPlaintext().
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1914
// Obviously, do not invoke this method on raw data that can contain zero
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1915
// bytes. It is really only appropriate for printable ASCII/Latin-1 
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1916
// values. Roll your own function for more robust functionality :)
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1917
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1918
function byteArrayToString(byteArray) {
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1919
  var result = "";
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1920
  for ( var i=0; i < byteArray.length; i++ )
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1921
    if (byteArray[i] != 0) 
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1922
      result += '%' + byteArray[i].toString(16);
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1923
  return decodeURIComponent(result);
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1924
}
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1925
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1926
// This function takes an array of bytes (byteArray) and converts them
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1927
// to a hexadecimal string. Array element 0 is found at the beginning of 
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1928
// the resulting string, high nibble first. Consecutive elements follow
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1929
// similarly, for example [16, 255] --> "10ff". The function returns a 
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1930
// string.
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1931
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1932
function byteArrayToHex(byteArray) {
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1933
  var result = "";
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1934
  if (!byteArray)
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1935
    return;
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1936
  for (var i=0; i<byteArray.length; i++)
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1937
    result += ((byteArray[i]<16) ? "0" : "") + byteArray[i].toString(16);
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1938
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1939
  return result;
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1940
}
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1941
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1942
// This function converts a string containing hexadecimal digits to an 
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1943
// array of bytes. The resulting byte array is filled in the order the
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1944
// values occur in the string, for example "10FF" --> [16, 255]. This
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1945
// function returns an array. 
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1946
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1947
function hexToByteArray(hexString) {
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1948
  /*
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1949
  var byteArray = [];
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1950
  if (hexString.length % 2)             // must have even length
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1951
    return;
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1952
  if (hexString.indexOf("0x") == 0 || hexString.indexOf("0X") == 0)
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1953
    hexString = hexString.substring(2);
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1954
  for (var i = 0; i<hexString.length; i += 2) 
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1955
    byteArray[Math.floor(i/2)] = parseInt(hexString.slice(i, i+2), 16);
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1956
  return byteArray;
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1957
  */
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1958
  var bytes = new Array();
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1959
  hexString = str_split(hexString, 2);
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1960
  //alert(hexString.toString());
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1961
  //return false;
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1962
  for( var i in hexString )
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1963
  {
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1964
    bytes[bytes.length] = parseInt(hexString[i], 16);
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1965
  }
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1966
  //alert(bytes.toString());
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1967
  return bytes;
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1968
}
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1969
582
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1970
function stringToByteArray(text)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1971
{
830
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1972
  // Modified for Enano 2009-02-16 to be Unicode-safe
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1973
  var result = new Array();
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1974
  text = encodeURIComponent(text);
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1975
  for ( var i = 0; i < text.length; i++ )
582
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1976
  {
830
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1977
    var ch = text.charCodeAt(i);
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1978
    var a = false;
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1979
    if ( ch == 37 ) // "%"
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1980
    {
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1981
      var hexch = text.substr(i, 3);
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1982
      if ( hexch.match(/^%[a-f0-9][a-f0-9]$/i) )
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1983
      {
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1984
        result[result.length] = (unescape(hexch)).charCodeAt(0);
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1985
        a = true;
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1986
        i += 2;
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1987
      }
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1988
    }
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1989
    if ( !a )
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1990
    {
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1991
      result[result.length] = ch;
79fb483807f6 Added Unicode support for usernames and passwords (this is probably best considered a JS crypto bug)
Dan
parents: 712
diff changeset
  1992
    }
582
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1993
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1994
  return result;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1995
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1996
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1997
function aes_self_test()
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1998
{
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  1999
  //
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2000
  // Encryption test
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2001
  //
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2002
  
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2003
  var str = '';
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2004
  for(i=0;i<keySizeInBits/4;i++)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2005
  {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2006
    str+='0';
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2007
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2008
  str = hexToByteArray(str);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2009
  var ct  = rijndaelEncrypt(str, str, 'ECB');
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2010
  ct      = byteArrayToHex(ct);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2011
  var v;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2012
  switch(keySizeInBits)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2013
  {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2014
    // These test vectors are for 128-bit block size.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2015
    case 128:
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2016
      v = '66e94bd4ef8a2c3b884cfa59ca342b2e';
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2017
      break;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2018
    case 192:
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2019
      v = 'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7';
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2020
      break;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2021
    case 256:
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2022
      v = 'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087';
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2023
      break;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2024
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2025
  return ( ct == v && md5_vm_test() );
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2026
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2027
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2028
/*
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2029
 * EnanoMath, an abstraction layer for big-integer (arbitrary precision)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2030
 * mathematics.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2031
 */
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2032
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2033
var EnanoMathLayers = {};
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2034
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2035
// EnanoMath layer: Leemon (frontend to BigInt library by Leemon Baird)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2036
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2037
EnanoMathLayers.Leemon = {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2038
  Base: 10,
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2039
  PowMod: function(a, b, c)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2040
  {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2041
    a = str2bigInt(a, this.Base);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2042
    b = str2bigInt(b, this.Base);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2043
    c = str2bigInt(c, this.Base);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2044
    var result = powMod(a, b, c);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2045
    result = bigInt2str(result, this.Base);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2046
    return result;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2047
  },
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2048
  RandomInt: function(bits)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2049
  {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2050
    var result = randBigInt(bits);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2051
    return bigInt2str(result, this.Base);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2052
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2053
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2054
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2055
var EnanoMath = EnanoMathLayers.Leemon;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2056
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2057
/*
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2058
 * The Diffie-Hellman key exchange protocol.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2059
 */
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2060
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2061
// Our prime number as a base for operations.
712
331e009416d5 SECURITY: Changed Diffie-Hellman parameters to prime and generator created through OpenSSL
Dan
parents: 582
diff changeset
  2062
var dh_prime = '7916586051748534588306961133067968196965257961415756656521818848750723547477673457670019632882524164647651492025728980571833579341743988603191694784406703';
582
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2063
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2064
// g, a primitive root used as an exponent
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2065
// (2 and 5 are acceptable, but BigInt is faster with odd numbers)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2066
var dh_g = '5';
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2067
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2068
/**
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2069
 * Generates a Diffie-Hellman private key
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2070
 * @return string(BigInt)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2071
 */
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2072
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2073
function dh_gen_private()
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2074
{
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2075
  return EnanoMath.RandomInt(256);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2076
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2077
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2078
/**
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2079
 * Calculates the public key from the private key
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2080
 * @param string(BigInt)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2081
 * @return string(BigInt)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2082
 */
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2083
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2084
function dh_gen_public(b)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2085
{
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2086
  return EnanoMath.PowMod(dh_g, b, dh_prime);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2087
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2088
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2089
/**
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2090
 * Calculates the shared secret.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2091
 * @param string(BigInt) Our private key
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2092
 * @param string(BigInt) Remote party's public key
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2093
 * @return string(BigInt)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2094
 */
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2095
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2096
function dh_gen_shared_secret(b, A)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2097
{
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2098
  return EnanoMath.PowMod(A, b, dh_prime);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2099
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2100
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2101
/* A JavaScript implementation of the Secure Hash Algorithm, SHA-256
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2102
 * Version 0.3 Copyright Angel Marin 2003-2004 - http://anmar.eu.org/
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2103
 * Distributed under the BSD License
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2104
 * Some bits taken from Paul Johnston's SHA-1 implementation
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2105
 */
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2106
/*
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2107
Copyright (c) 2003-2004, Angel Marin
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2108
All rights reserved.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2109
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2110
Redistribution and use in source and binary forms, with or without modification,
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2111
are permitted provided that the following conditions are met:
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2112
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2113
 * Redistributions of source code must retain the above copyright notice, this
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2114
   list of conditions and the following disclaimer.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2115
 * Redistributions in binary form must reproduce the above copyright notice,
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2116
   this list of conditions and the following disclaimer in the documentation
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2117
   and/or other materials provided with the distribution.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2118
 * Neither the name of the <ORGANIZATION> nor the names of its contributors may
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2119
   be used to endorse or promote products derived from this software without
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2120
   specific prior written permission.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2121
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2122
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2123
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2124
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2125
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2126
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2127
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2128
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2129
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2130
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2131
OF THE POSSIBILITY OF SUCH DAMAGE.
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2132
*/
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2133
var chrsz = 8;  /* bits per input character. 8 - ASCII; 16 - Unicode  */
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2134
function safe_add (x, y) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2135
  var lsw = (x & 0xFFFF) + (y & 0xFFFF);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2136
  var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2137
  return (msw << 16) | (lsw & 0xFFFF);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2138
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2139
function S (X, n) {return ( X >>> n ) | (X << (32 - n));}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2140
function R (X, n) {return ( X >>> n );}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2141
function Ch(x, y, z) {return ((x & y) ^ ((~x) & z));}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2142
function Maj(x, y, z) {return ((x & y) ^ (x & z) ^ (y & z));}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2143
function Sigma0256(x) {return (S(x, 2) ^ S(x, 13) ^ S(x, 22));}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2144
function Sigma1256(x) {return (S(x, 6) ^ S(x, 11) ^ S(x, 25));}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2145
function Gamma0256(x) {return (S(x, 7) ^ S(x, 18) ^ R(x, 3));}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2146
function Gamma1256(x) {return (S(x, 17) ^ S(x, 19) ^ R(x, 10));}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2147
function core_sha256 (m, l) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2148
    var K = new Array(0x428A2F98,0x71374491,0xB5C0FBCF,0xE9B5DBA5,0x3956C25B,0x59F111F1,0x923F82A4,0xAB1C5ED5,0xD807AA98,0x12835B01,0x243185BE,0x550C7DC3,0x72BE5D74,0x80DEB1FE,0x9BDC06A7,0xC19BF174,0xE49B69C1,0xEFBE4786,0xFC19DC6,0x240CA1CC,0x2DE92C6F,0x4A7484AA,0x5CB0A9DC,0x76F988DA,0x983E5152,0xA831C66D,0xB00327C8,0xBF597FC7,0xC6E00BF3,0xD5A79147,0x6CA6351,0x14292967,0x27B70A85,0x2E1B2138,0x4D2C6DFC,0x53380D13,0x650A7354,0x766A0ABB,0x81C2C92E,0x92722C85,0xA2BFE8A1,0xA81A664B,0xC24B8B70,0xC76C51A3,0xD192E819,0xD6990624,0xF40E3585,0x106AA070,0x19A4C116,0x1E376C08,0x2748774C,0x34B0BCB5,0x391C0CB3,0x4ED8AA4A,0x5B9CCA4F,0x682E6FF3,0x748F82EE,0x78A5636F,0x84C87814,0x8CC70208,0x90BEFFFA,0xA4506CEB,0xBEF9A3F7,0xC67178F2);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2149
    var HASH = new Array(0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2150
    var W = new Array(64);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2151
    var a, b, c, d, e, f, g, h, i, j;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2152
    var T1, T2;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2153
    /* append padding */
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2154
    m[l >> 5] |= 0x80 << (24 - l % 32);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2155
    m[((l + 64 >> 9) << 4) + 15] = l;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2156
    for ( var i = 0; i<m.length; i+=16 ) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2157
        a = HASH[0]; b = HASH[1]; c = HASH[2]; d = HASH[3]; e = HASH[4]; f = HASH[5]; g = HASH[6]; h = HASH[7];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2158
        for ( var j = 0; j<64; j++) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2159
            if (j < 16) W[j] = m[j + i];
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2160
            else W[j] = safe_add(safe_add(safe_add(Gamma1256(W[j - 2]), W[j - 7]), Gamma0256(W[j - 15])), W[j - 16]);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2161
            T1 = safe_add(safe_add(safe_add(safe_add(h, Sigma1256(e)), Ch(e, f, g)), K[j]), W[j]);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2162
            T2 = safe_add(Sigma0256(a), Maj(a, b, c));
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2163
            h = g; g = f; f = e; e = safe_add(d, T1); d = c; c = b; b = a; a = safe_add(T1, T2);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2164
        }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2165
        HASH[0] = safe_add(a, HASH[0]); HASH[1] = safe_add(b, HASH[1]); HASH[2] = safe_add(c, HASH[2]); HASH[3] = safe_add(d, HASH[3]); HASH[4] = safe_add(e, HASH[4]); HASH[5] = safe_add(f, HASH[5]); HASH[6] = safe_add(g, HASH[6]); HASH[7] = safe_add(h, HASH[7]);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2166
    }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2167
    return HASH;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2168
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2169
function str2binb (str) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2170
  var bin = Array();
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2171
  var mask = (1 << chrsz) - 1;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2172
  for(var i = 0; i < str.length * chrsz; i += chrsz)
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2173
    bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (24 - i%32);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2174
  return bin;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2175
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2176
function binb2hex (binarray) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2177
  var hexcase = 0; /* hex output format. 0 - lowercase; 1 - uppercase */
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2178
  var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2179
  var str = "";
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2180
  for (var i = 0; i < binarray.length * 4; i++) {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2181
    str += hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8+4)) & 0xF) + hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8  )) & 0xF);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2182
  }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2183
  return str;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2184
}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2185
function hex_sha256(s){return binb2hex(core_sha256(str2binb(s),s.length * chrsz));}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2186
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2187
// Javascript implementation of the and SHA1 hash algorithms - both written by Paul Johnston, licensed under the BSD license
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2188
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2189
// MD5
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2190
var hexcase = 0; var b64pad  = ""; var chrsz   = 8;
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2191
function hex_md5(s){ return binl2hex(core_md5(str2binl(s), s.length * chrsz));}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2192
function b64_md5(s){ return binl2b64(core_md5(str2binl(s), s.length * chrsz));}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2193
function str_md5(s){ return binl2str(core_md5(str2binl(s), s.length * chrsz));}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2194
function hex_hmac_md5(key, data) { return binl2hex(core_hmac_md5(key, data)); }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2195
function b64_hmac_md5(key, data) { return binl2b64(core_hmac_md5(key, data)); }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2196
function str_hmac_md5(key, data) { return binl2str(core_hmac_md5(key, data)); }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2197
function md5_vm_test() { return hex_md5("abc") == "900150983cd24fb0d6963f7d28e17f72"; }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2198
function core_md5(x, len) { x[len >> 5] |= 0x80 << ((len) % 32); x[(((len + 64) >>> 9) << 4) + 14] = len; var a =  1732584193; var b = -271733879; var c = -1732584194; var d =  271733878; for(var i = 0; i < x.length; i += 16) { var olda = a; var oldb = b; var oldc = c; var oldd = d; a = md5_ff(a, b, c, d, x[i+ 0], 7 , -680876936);d = md5_ff(d, a, b, c, x[i+ 1], 12, -389564586);c = md5_ff(c, d, a, b, x[i+ 2], 17,  606105819);b = md5_ff(b, c, d, a, x[i+ 3], 22, -1044525330);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2199
         a = md5_ff(a, b, c, d, x[i+ 4], 7 , -176418897);d = md5_ff(d, a, b, c, x[i+ 5], 12,  1200080426);c = md5_ff(c, d, a, b, x[i+ 6], 17, -1473231341);b = md5_ff(b, c, d, a, x[i+ 7], 22, -45705983);a = md5_ff(a, b, c, d, x[i+ 8], 7 ,  1770035416);d = md5_ff(d, a, b, c, x[i+ 9], 12, -1958414417);c = md5_ff(c, d, a, b, x[i+10], 17, -42063);b = md5_ff(b, c, d, a, x[i+11], 22, -1990404162);a = md5_ff(a, b, c, d, x[i+12], 7 ,  1804603682);d = md5_ff(d, a, b, c, x[i+13], 12, -40341101);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2200
         c = md5_ff(c, d, a, b, x[i+14], 17, -1502002290);b = md5_ff(b, c, d, a, x[i+15], 22,  1236535329);a = md5_gg(a, b, c, d, x[i+ 1], 5 , -165796510);d = md5_gg(d, a, b, c, x[i+ 6], 9 , -1069501632);c = md5_gg(c, d, a, b, x[i+11], 14,  643717713);b = md5_gg(b, c, d, a, x[i+ 0], 20, -373897302);a = md5_gg(a, b, c, d, x[i+ 5], 5 , -701558691);d = md5_gg(d, a, b, c, x[i+10], 9 ,  38016083);c = md5_gg(c, d, a, b, x[i+15], 14, -660478335);b = md5_gg(b, c, d, a, x[i+ 4], 20, -405537848);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2201
         a = md5_gg(a, b, c, d, x[i+ 9], 5 ,  568446438);d = md5_gg(d, a, b, c, x[i+14], 9 , -1019803690);c = md5_gg(c, d, a, b, x[i+ 3], 14, -187363961);b = md5_gg(b, c, d, a, x[i+ 8], 20,  1163531501);a = md5_gg(a, b, c, d, x[i+13], 5 , -1444681467);d = md5_gg(d, a, b, c, x[i+ 2], 9 , -51403784);c = md5_gg(c, d, a, b, x[i+ 7], 14,  1735328473);b = md5_gg(b, c, d, a, x[i+12], 20, -1926607734);a = md5_hh(a, b, c, d, x[i+ 5], 4 , -378558);d = md5_hh(d, a, b, c, x[i+ 8], 11, -2022574463);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2202
         c = md5_hh(c, d, a, b, x[i+11], 16,  1839030562);b = md5_hh(b, c, d, a, x[i+14], 23, -35309556);a = md5_hh(a, b, c, d, x[i+ 1], 4 , -1530992060);d = md5_hh(d, a, b, c, x[i+ 4], 11,  1272893353);c = md5_hh(c, d, a, b, x[i+ 7], 16, -155497632);b = md5_hh(b, c, d, a, x[i+10], 23, -1094730640);a = md5_hh(a, b, c, d, x[i+13], 4 ,  681279174);d = md5_hh(d, a, b, c, x[i+ 0], 11, -358537222);c = md5_hh(c, d, a, b, x[i+ 3], 16, -722521979);b = md5_hh(b, c, d, a, x[i+ 6], 23,  76029189);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2203
         a = md5_hh(a, b, c, d, x[i+ 9], 4 , -640364487);d = md5_hh(d, a, b, c, x[i+12], 11, -421815835);c = md5_hh(c, d, a, b, x[i+15], 16,  530742520);b = md5_hh(b, c, d, a, x[i+ 2], 23, -995338651);a = md5_ii(a, b, c, d, x[i+ 0], 6 , -198630844);d = md5_ii(d, a, b, c, x[i+ 7], 10,  1126891415);c = md5_ii(c, d, a, b, x[i+14], 15, -1416354905);b = md5_ii(b, c, d, a, x[i+ 5], 21, -57434055);a = md5_ii(a, b, c, d, x[i+12], 6 ,  1700485571);d = md5_ii(d, a, b, c, x[i+ 3], 10, -1894986606);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2204
         c = md5_ii(c, d, a, b, x[i+10], 15, -1051523);b = md5_ii(b, c, d, a, x[i+ 1], 21, -2054922799);a = md5_ii(a, b, c, d, x[i+ 8], 6 ,  1873313359);d = md5_ii(d, a, b, c, x[i+15], 10, -30611744);c = md5_ii(c, d, a, b, x[i+ 6], 15, -1560198380);b = md5_ii(b, c, d, a, x[i+13], 21,  1309151649);a = md5_ii(a, b, c, d, x[i+ 4], 6 , -145523070);d = md5_ii(d, a, b, c, x[i+11], 10, -1120210379);c = md5_ii(c, d, a, b, x[i+ 2], 15,  718787259);b = md5_ii(b, c, d, a, x[i+ 9], 21, -343485551);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2205
         a = safe_add(a, olda); b = safe_add(b, oldb); c = safe_add(c, oldc); d = safe_add(d, oldd); } return Array(a, b, c, d); }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2206
function md5_cmn(q, a, b, x, s, t) { return safe_add(bit_rol(safe_add(safe_add(a, q), safe_add(x, t)), s),b); }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2207
function md5_ff(a, b, c, d, x, s, t) { return md5_cmn((b & c) | ((~b) & d), a, b, x, s, t); }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2208
function md5_gg(a, b, c, d, x, s, t) { return md5_cmn((b & d) | (c & (~d)), a, b, x, s, t); }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2209
function md5_hh(a, b, c, d, x, s, t) { return md5_cmn(b ^ c ^ d, a, b, x, s, t); }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2210
function md5_ii(a, b, c, d, x, s, t) { return md5_cmn(c ^ (b | (~d)), a, b, x, s, t); }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2211
function core_hmac_md5(key, data) { var bkey = str2binl(key); if(bkey.length > 16) bkey = core_md5(bkey, key.length * chrsz); var ipad = Array(16), opad = Array(16); for(var i = 0; i < 16; i++) { ipad[i] = bkey[i] ^ 0x36363636; opad[i] = bkey[i] ^ 0x5C5C5C5C; } var hash = core_md5(ipad.concat(str2binl(data)), 512 + data.length * chrsz); return core_md5(opad.concat(hash), 512 + 128); }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2212
function safe_add(x, y) {var lsw = (x & 0xFFFF) + (y & 0xFFFF);var msw = (x >> 16) + (y >> 16) + (lsw >> 16);return (msw << 16) | (lsw & 0xFFFF); }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2213
function bit_rol(num, cnt) { return (num << cnt) | (num >>> (32 - cnt)); }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2214
function str2binl(str) { var bin = Array(); var mask = (1 << chrsz) - 1; for(var i = 0; i < str.length * chrsz; i += chrsz)bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (i%32); return bin;}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2215
function binl2str(bin) { var str = ""; var mask = (1 << chrsz) - 1; for(var i = 0; i < bin.length * 32; i += chrsz) str += String.fromCharCode((bin[i>>5] >>> (i % 32)) & mask); return str; }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2216
function binl2hex(binarray) { var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef"; var str = ""; for(var i = 0; i < binarray.length * 4; i++) { str += hex_tab.charAt((binarray[i>>2] >> ((i%4)*8+4)) & 0xF) + hex_tab.charAt((binarray[i>>2] >> ((i%4)*8  )) & 0xF); } return str; }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2217
function binl2b64(binarray) { var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; var str = ""; for(var i = 0; i < binarray.length * 4; i += 3) { var triplet = (((binarray[i >> 2] >> 8 * ( i   %4)) & 0xFF) << 16) | (((binarray[i+1 >> 2] >> 8 * ((i+1)%4)) & 0xFF) << 8 ) |  ((binarray[i+2 >> 2] >> 8 * ((i+2)%4)) & 0xFF); for(var j = 0; j < 4; j++) { if(i * 8 + j * 6 > binarray.length * 32) str += b64pad; else str += tab.charAt((triplet >> 6*(3-j)) & 0x3F); } } return str; }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2218
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2219
// SHA1
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2220
function hex_sha1(s){return binb2hex(core_sha1(str2binb(s),s.length * chrsz));}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2221
function b64_sha1(s){return binb2b64(core_sha1(str2binb(s),s.length * chrsz));}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2222
function str_sha1(s){return binb2str(core_sha1(str2binb(s),s.length * chrsz));}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2223
function hex_hmac_sha1(key, data){ return binb2hex(core_hmac_sha1(key, data));}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2224
function b64_hmac_sha1(key, data){ return binb2b64(core_hmac_sha1(key, data));}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2225
function str_hmac_sha1(key, data){ return binb2str(core_hmac_sha1(key, data));}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2226
function sha1_vm_test() {   return hex_sha1("abc") == "a9993e364706816aba3e25717850c26c9cd0d89d"; }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2227
function core_sha1(x, len) { x[len >> 5] |= 0x80 << (24 - len % 32); x[((len + 64 >> 9) << 4) + 15] = len; var w = Array(80); var a =  1732584193; var b = -271733879; var c = -1732584194; var d =  271733878; var e = -1009589776; for(var i = 0; i < x.length; i += 16) { var olda = a; var oldb = b; var oldc = c; var oldd = d; var olde = e; for(var j = 0; j < 80; j++) { if(j < 16) w[j] = x[i + j]; else w[j] = rol(w[j-3] ^ w[j-8] ^ w[j-14] ^ w[j-16], 1); var t = safe_add(safe_add(rol(a, 5), sha1_ft(j, b, c, d)), safe_add(safe_add(e, w[j]), sha1_kt(j))); e = d; d = c; c = rol(b, 30); b = a; a = t; } a = safe_add(a, olda); b = safe_add(b, oldb); c = safe_add(c, oldc); d = safe_add(d, oldd); e = safe_add(e, olde); } return Array(a, b, c, d, e);}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2228
function sha1_ft(t, b, c, d){ if(t < 20) return (b & c) | ((~b) & d); if(t < 40) return b ^ c ^ d; if(t < 60) return (b & c) | (b & d) | (c & d); return b ^ c ^ d;}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2229
function sha1_kt(t){ return (t < 20) ?  1518500249 : (t < 40) ?  1859775393 : (t < 60) ? -1894007588 : -899497514;}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2230
function core_hmac_sha1(key, data){ var bkey = str2binb(key); if(bkey.length > 16) bkey = core_sha1(bkey, key.length * chrsz); var ipad = Array(16), opad = Array(16); for(var i = 0; i < 16; i++) { ipad[i] = bkey[i] ^ 0x36363636; opad[i] = bkey[i] ^ 0x5C5C5C5C; } var hash = core_sha1(ipad.concat(str2binb(data)), 512 + data.length * chrsz); return core_sha1(opad.concat(hash), 512 + 160);}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2231
function safe_add(x, y){ var lsw = (x & 0xFFFF) + (y & 0xFFFF); var msw = (x >> 16) + (y >> 16) + (lsw >> 16); return (msw << 16) | (lsw & 0xFFFF);}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2232
function rol(num, cnt){ return (num << cnt) | (num >>> (32 - cnt));}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2233
function str2binb(str){ var bin = Array(); var mask = (1 << chrsz) - 1; for(var i = 0; i < str.length * chrsz; i += chrsz) bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (32 - chrsz - i%32); return bin;}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2234
function binb2str(bin){ var str = ""; var mask = (1 << chrsz) - 1; for(var i = 0; i < bin.length * 32; i += chrsz) str += String.fromCharCode((bin[i>>5] >>> (32 - chrsz - i%32)) & mask); return str;}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2235
function binb2hex(binarray){ var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef"; var str = ""; for(var i = 0; i < binarray.length * 4; i++) { str += hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8+4)) & 0xF) + hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8  )) & 0xF); } return str;}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2236
function binb2b64(binarray){ var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; var str = ""; for(var i = 0; i < binarray.length * 4; i += 3) { var triplet = (((binarray[i   >> 2] >> 8 * (3 -  i   %4)) & 0xFF) << 16) | (((binarray[i+1 >> 2] >> 8 * (3 - (i+1)%4)) & 0xFF) << 8 ) |  ((binarray[i+2 >> 2] >> 8 * (3 - (i+2)%4)) & 0xFF); for(var j = 0; j < 4; j++) { if(i * 8 + j * 6 > binarray.length * 32) str += b64pad; else str += tab.charAt((triplet >> 6*(3-j)) & 0x3F); } } return str;}
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents:
diff changeset
  2237