diff --git a/core/bitArray.js b/core/bitArray.js index 40e4acd..803b9c5 100644 --- a/core/bitArray.js +++ b/core/bitArray.js @@ -42,6 +42,27 @@ sjcl.bitArray = { return (bend === undefined) ? a : sjcl.bitArray.clamp(a, bend-bstart); }, + /** + * Extract a number packed into a bit array. + * @param {bitArray} a The array to slice. + * @param {Number} bstart The offset to the start of the slice, in bits. + * @param {Number} length The length of the number to extract. + * @return {Number} The requested slice. + */ + extract: function(a, bstart, blength) { + // FIXME: this Math.floor is not necessary at all, but for some reason + // seems to suppress a bug in the Chromium JIT. + var x, sh = Math.floor((-bstart-blength) & 31); + if ((bstart + blength - 1 ^ bstart) & -32) { + // it crosses a boundary + x = (a[bstart/32|0] << (32 - sh)) ^ (a[bstart/32+1|0] >>> sh); + } else { + // within a single word + x = a[bstart/32|0] >>> sh; + } + return x & ((1<= this.limbs.length) ? 0 : this.limbs[i]; + }, + + /** + * Constant time comparison function. + * Returns 1 if this >= that, or zero otherwise. + */ + greaterEquals: function(that) { + if (typeof that === "number") { that = new this._class(that); } + var less = 0, greater = 0, i, a, b; + i = Math.max(this.limbs.length, that.limbs.length) - 1; + for (; i>= 0; i--) { + a = this.getLimb(i); + b = that.getLimb(i); + greater |= (b - a) & ~less; + less |= (a - b) & ~greater; + } + return (greater | ~less) >>> 31; + }, + + /** + * Convert to a hex string. + */ + toString: function() { + this.fullReduce(); + var out="", i, s, l = this.limbs; + for (i=0; i < this.limbs.length; i++) { + s = l[i].toString(16); + while (i < this.limbs.length - 1 && s.length < 6) { + s = "0" + s; + } + out = s + out; + } + return "0x"+out; + }, + + /** this += that. Does not normalize. */ + addM: function(that) { + if (typeof(that) !== "object") { that = new this._class(that); } + var i, l=this.limbs, ll=that.limbs; + for (i=l.length; i> r; + } + if (carry) { + l.push(carry); + } + return this; + }, + + /** this /= 2, rounded down. Requires normalized; ends up normalized. */ + halveM: function() { + var i, carry=0, tmp, r=this.radix, l=this.limbs; + for (i=l.length-1; i>=0; i--) { + tmp = l[i]; + l[i] = (tmp+carry)>>1; + carry = (tmp&1) << r; + } + if (!l[l.length-1]) { + l.pop(); + } + return this; + }, + + /** this -= that. Does not normalize. */ + subM: function(that) { + if (typeof(that) !== "object") { that = new this._class(that); } + var i, l=this.limbs, ll=that.limbs; + for (i=l.length; i 0; ci--) { + that.halveM(); + if (out.greaterEquals(that)) { + out.subM(that).normalize(); + } + } + return out.trim(); + }, + + /** return inverse mod prime p. p must be odd. Binary extended Euclidean algorithm mod p. */ + inverseMod: function(p) { + var a = new sjcl.bn(1), b = new sjcl.bn(0), x = new sjcl.bn(this), y = new sjcl.bn(p), tmp, i, nz=1; + + if (!(p.limbs[0] & 1)) { + throw (new sjcl.exception.invalid("inverseMod: p must be odd")); + } + + // invariant: y is odd + do { + if (x.limbs[0] & 1) { + if (!x.greaterEquals(y)) { + // x < y; swap everything + tmp = x; x = y; y = tmp; + tmp = a; a = b; b = tmp; + } + x.subM(y); + x.normalize(); + + if (!a.greaterEquals(b)) { + a.addM(p); + } + a.subM(b); + } + + // cut everything in half + x.halveM(); + if (a.limbs[0] & 1) { + a.addM(p); + } + a.normalize(); + a.halveM(); + + // check for termination: x ?= 0 + for (i=nz=0; i= 0; i--) { + out = w.concat(out, [w.partial(this.radix, this.getLimb(i))]); + } + return out; + }, + + /** Return the length in bits, rounded up to the nearest byte. */ + bitLength: function() { + this.fullReduce(); + var out = this.radix * (this.limbs.length - 1), + b = this.limbs[this.limbs.length - 1]; + for (; b; b >>= 1) { + out ++; + } + return out+7 & -8; + } +}; + +sjcl.bn.fromBits = function(bits) { + var Class = this, out = new Class(), words=[], w=sjcl.bitArray, t = this.prototype, + l = Math.min(this.bitLength || 0x100000000, w.bitLength(bits)), e = l % t.radix || t.radix; + + words[0] = w.extract(bits, 0, e); + for (; e < l; e += t.radix) { + words.unshift(w.extract(bits, e, t.radix)); + } + + out.limbs = words; + return out; +}; + + + +sjcl.bn.prototype.ipv = 1 / (sjcl.bn.prototype.placeVal = Math.pow(2,sjcl.bn.prototype.radix)); +sjcl.bn.prototype.radixMask = (1 << sjcl.bn.prototype.radix) - 1; + +/** + * Creates a new subclass of bn, based on reduction modulo a pseudo-Mersenne prime, + * i.e. a prime of the form 2^e + sum(a * 2^b),where the sum is negative and sparse. + */ +sjcl.bn.pseudoMersennePrime = function(exponent, coeff) { + function p(it) { + this.initWith(it); + /*if (this.limbs[this.modOffset]) { + this.reduce(); + }*/ + } + + var ppr = p.prototype = new sjcl.bn(), i, tmp, mo; + mo = ppr.modOffset = Math.ceil(tmp = exponent / ppr.radix); + ppr.exponent = exponent; + ppr.offset = []; + ppr.factor = []; + ppr.minOffset = mo; + ppr.fullMask = 0; + ppr.fullOffset = []; + ppr.fullFactor = []; + ppr.modulus = p.modulus = new sjcl.bn(Math.pow(2,exponent)); + + ppr.fullMask = 0|-Math.pow(2, exponent % ppr.radix); + + for (i=0; i mo) { + l = limbs.pop(); + ll = limbs.length; + for (k=0; k>> 32-n); + }, + + /** + * Perform one cycle of SHA-1. + * @param {bitArray} words one block of words. + * @private + */ + _block:function (words) { + var t, tmp, a, b, c, d, e, + w = words.slice(0), + h = this._h, + k = this._key; + + a = h[0]; b = h[1]; c = h[2]; d = h[3]; e = h[4]; + + for (t=0; t<=79; t++) { + if (t >= 16) { + w[t] = this._S(1, w[t-3] ^ w[t-8] ^ w[t-14] ^ w[t-16]); + } + tmp = (this._S(5, a) + this._f(t, b, c, d) + e + w[t] + + this._key[Math.floor(t/20)]) | 0; + e = d; + d = c; + c = this._S(30, b); + b = a; + a = tmp; + } + + h[0] = (h[0]+a) |0; + h[1] = (h[1]+b) |0; + h[2] = (h[2]+c) |0; + h[3] = (h[3]+d) |0; + h[4] = (h[4]+e) |0; + } +}; diff --git a/core/sjcl.js b/core/sjcl.js index 4c751cd..6ac1f0e 100644 --- a/core/sjcl.js +++ b/core/sjcl.js @@ -19,6 +19,9 @@ var sjcl = { /** @namespace Hash functions. Right now only SHA256 is implemented. */ hash: {}, + + /** @namespace Key exchange functions. Right now only SRP is implemented. */ + keyexchange: {}, /** @namespace Block cipher modes of operation. */ mode: {}, diff --git a/core/srp.js b/core/srp.js new file mode 100644 index 0000000..d1dba28 --- /dev/null +++ b/core/srp.js @@ -0,0 +1,113 @@ +/** @fileOverview Javascript SRP implementation. + * + * This file contains a partial implementation of the SRP (Secure Remote + * Password) password-authenticated key exchange protocol. Given a user + * identity, salt, and SRP group, it generates the SRP verifier that may + * be sent to a remote server to establish and SRP account. + * + * For more information, see http://srp.stanford.edu/. + * + * @author Quinn Slack + */ + +/** + * Compute the SRP verifier from the username, password, salt, and group. + * @class SRP + */ +sjcl.keyexchange.srp = { + /** + * Calculates SRP v, the verifier. + * v = g^x mod N [RFC 5054] + * @param {String} I The username. + * @param {String} P The password. + * @param {Object} s A bitArray of the salt. + * @param {Object} group The SRP group. Use sjcl.keyexchange.srp.knownGroup + to obtain this object. + * @return {Object} A bitArray of SRP v. + */ + makeVerifier: function(I, P, s, group) { + var x; + x = this.makeX(I, P, s); + x = sjcl.bn.fromBits(x); + return group.g.powermod(x, group.N); + }, + + /** + * Calculates SRP x. + * x = SHA1( | SHA( | ":" | )) [RFC 2945] + * @param {String} I The username. + * @param {String} P The password. + * @param {Object} s A bitArray of the salt. + * @return {Object} A bitArray of SRP x. + */ + makeX: function(I, P, s) { + var inner = sjcl.hash.sha1.hash(I + ':' + P); + return sjcl.hash.sha1.hash(sjcl.bitArray.concat(s, inner)); + }, + + /** + * Returns the known SRP group with the given size (in bits). + * @param {String} i The size of the known SRP group. + * @return {Object} An object with "N" and "g" properties. + */ + knownGroup:function(i) { + if (typeof i !== "string") { i = i.toString(); } + if (!this._didInitKnownGroups) { this._initKnownGroups(); } + return this._knownGroups[i]; + }, + + /** + * Initializes bignum objects for known group parameters. + * @private + */ + _didInitKnownGroups: false, + _initKnownGroups:function() { + var i, size, group; + for (i=0; i < this._knownGroupSizes.length; i++) { + size = this._knownGroupSizes[i].toString(); + group = this._knownGroups[size]; + group.N = new sjcl.bn(group.N); + group.g = new sjcl.bn(group.g); + } + this._didInitKnownGroups = true; + }, + + _knownGroupSizes: [1024, 1536, 2048], + _knownGroups: { + 1024: { + N: "EEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C" + + "9C256576D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE4" + + "8E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B29" + + "7BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9A" + + "FD5138FE8376435B9FC61D2FC0EB06E3", + g:2 + }, + + 1536: { + N: "9DEF3CAFB939277AB1F12A8617A47BBBDBA51DF499AC4C80BEEEA961" + + "4B19CC4D5F4F5F556E27CBDE51C6A94BE4607A291558903BA0D0F843" + + "80B655BB9A22E8DCDF028A7CEC67F0D08134B1C8B97989149B609E0B" + + "E3BAB63D47548381DBC5B1FC764E3F4B53DD9DA1158BFD3E2B9C8CF5" + + "6EDF019539349627DB2FD53D24B7C48665772E437D6C7F8CE442734A" + + "F7CCB7AE837C264AE3A9BEB87F8A2FE9B8B5292E5A021FFF5E91479E" + + "8CE7A28C2442C6F315180F93499A234DCF76E3FED135F9BB", + g: 2 + }, + + 2048: { + N: "AC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC319294" + + "3DB56050A37329CBB4A099ED8193E0757767A13DD52312AB4B03310D" + + "CD7F48A9DA04FD50E8083969EDB767B0CF6095179A163AB3661A05FB" + + "D5FAAAE82918A9962F0B93B855F97993EC975EEAA80D740ADBF4FF74" + + "7359D041D5C33EA71D281E446B14773BCA97B43A23FB801676BD207A" + + "436C6481F1D2B9078717461A5B9D32E688F87748544523B524B0D57D" + + "5EA77A2775D2ECFA032CFBDBF52FB3786160279004E57AE6AF874E73" + + "03CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DBFBB6" + + "94B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F" + + "9E4AFF73", + g: 2 + } + } + +}; + diff --git a/sjcl.js b/sjcl.js index 3db340a..01d6ff4 100644 --- a/sjcl.js +++ b/sjcl.js @@ -1,12 +1,12 @@ -"use strict";var sjcl={cipher:{},hash:{},mode:{},misc:{},codec:{},exception:{corrupt:function(a){this.toString=function(){return"CORRUPT: "+this.message};this.message=a},invalid:function(a){this.toString=function(){return"INVALID: "+this.message};this.message=a},bug:function(a){this.toString=function(){return"BUG: "+this.message};this.message=a},notready:function(a){this.toString=function(){return"NOT READY: "+this.message};this.message=a}}}; +"use strict";var sjcl={cipher:{},hash:{},keyexchange:{},mode:{},misc:{},codec:{},exception:{corrupt:function(a){this.toString=function(){return"CORRUPT: "+this.message};this.message=a},invalid:function(a){this.toString=function(){return"INVALID: "+this.message};this.message=a},bug:function(a){this.toString=function(){return"BUG: "+this.message};this.message=a},notReady:function(a){this.toString=function(){return"NOT READY: "+this.message};this.message=a}}}; sjcl.cipher.aes=function(a){this.h[0][0][0]||this.w();var b,c,d,e,f=this.h[0][4],g=this.h[1];b=a.length;var h=1;if(b!==4&&b!==6&&b!==8)throw new sjcl.exception.invalid("invalid aes key size");this.a=[d=a.slice(0),e=[]];for(a=b;a<4*b+28;a++){c=d[a-1];if(a%b===0||b===8&&a%b===4){c=f[c>>>24]<<24^f[c>>16&255]<<16^f[c>>8&255]<<8^f[c&255];if(a%b===0){c=c<<8^c>>>24^h<<24;h=h<<1^(h>>7)*283}}d[a]=d[a-b]^c}for(b=0;a;b++,a--){c=d[b&3?a:a-4];e[b]=a<=4||b<4?c:g[0][f[c>>>24]]^g[1][f[c>>16&255]]^g[2][f[c>>8&255]]^ g[3][f[c&255]]}}; sjcl.cipher.aes.prototype={encrypt:function(a){return this.H(a,0)},decrypt:function(a){return this.H(a,1)},h:[[[],[],[],[],[]],[[],[],[],[],[]]],w:function(){var a=this.h[0],b=this.h[1],c=a[4],d=b[4],e,f,g,h=[],i=[],k,j,l,m;for(e=0;e<0x100;e++)i[(h[e]=e<<1^(e>>7)*283)^e]=e;for(f=g=0;!c[f];f^=k||1,g=i[g]||1){l=g^g<<1^g<<2^g<<3^g<<4;l=l>>8^l&255^99;c[f]=l;d[l]=f;j=h[e=h[k=h[f]]];m=j*0x1010101^e*0x10001^k*0x101^f*0x1010100;j=h[l]*0x101^l*0x1010100;for(e=0;e<4;e++){a[e][f]=j=j<<24^j>>>8;b[e][l]=m=m<<24^m>>>8}}for(e= 0;e<5;e++){a[e]=a[e].slice(0);b[e]=b[e].slice(0)}},H:function(a,b){if(a.length!==4)throw new sjcl.exception.invalid("invalid aes block size");var c=this.a[b],d=a[0]^c[0],e=a[b?3:1]^c[1],f=a[2]^c[2];a=a[b?1:3]^c[3];var g,h,i,k=c.length/4-2,j,l=4,m=[0,0,0,0];g=this.h[b];var n=g[0],o=g[1],p=g[2],q=g[3],r=g[4];for(j=0;j>>24]^o[e>>16&255]^p[f>>8&255]^q[a&255]^c[l];h=n[e>>>24]^o[f>>16&255]^p[a>>8&255]^q[d&255]^c[l+1];i=n[f>>>24]^o[a>>16&255]^p[d>>8&255]^q[e&255]^c[l+2];a=n[a>>>24]^o[d>>16& 255]^p[e>>8&255]^q[f&255]^c[l+3];l+=4;d=g;e=h;f=i}for(j=0;j<4;j++){m[b?3&-j:j]=r[d>>>24]<<24^r[e>>16&255]<<16^r[f>>8&255]<<8^r[a&255]^c[l++];g=d;d=e;e=f;f=a;a=g}return m}}; -sjcl.bitArray={bitSlice:function(a,b,c){a=sjcl.bitArray.P(a.slice(b/32),32-(b&31)).slice(1);return c===undefined?a:sjcl.bitArray.clamp(a,c-b)},concat:function(a,b){if(a.length===0||b.length===0)return a.concat(b);var c=a[a.length-1],d=sjcl.bitArray.getPartial(c);return d===32?a.concat(b):sjcl.bitArray.P(b,d,c|0,a.slice(0,a.length-1))},bitLength:function(a){var b=a.length;if(b===0)return 0;return(b-1)*32+sjcl.bitArray.getPartial(a[b-1])},clamp:function(a,b){if(a.length*320&&b)a[c-1]=sjcl.bitArray.partial(b,a[c-1]&2147483648>>b-1,1);return a},partial:function(a,b,c){if(a===32)return b;return(c?b|0:b<<32-a)+a*0x10000000000},getPartial:function(a){return Math.round(a/0x10000000000)||32},equal:function(a,b){if(sjcl.bitArray.bitLength(a)!==sjcl.bitArray.bitLength(b))return false;var c=0,d;for(d=0;d=32;b-=32){d.push(c);c=0}if(b===0)return d.concat(a); -for(e=0;e>>b);c=a[e]<<32-b}e=a.length?a[a.length-1]:0;a=sjcl.bitArray.getPartial(e);d.push(sjcl.bitArray.partial(b+a&31,b+a>32?c:d.pop(),1));return d},k:function(a,b){return[a[0]^b[0],a[1]^b[1],a[2]^b[2],a[3]^b[3]]}}; +sjcl.bitArray={bitSlice:function(a,b,c){a=sjcl.bitArray.P(a.slice(b/32),32-(b&31)).slice(1);return c===undefined?a:sjcl.bitArray.clamp(a,c-b)},extract:function(a,b,c){var d=Math.floor(-b-c&31);return((b+c-1^b)&-32?a[b/32|0]<<32-d^a[b/32+1|0]>>>d:a[b/32|0]>>>d)&(1<0&&b)a[c-1]=sjcl.bitArray.partial(b,a[c-1]&2147483648>>b-1,1);return a},partial:function(a,b,c){if(a===32)return b;return(c?b|0:b<<32-a)+a*0x10000000000},getPartial:function(a){return Math.round(a/0x10000000000)||32},equal:function(a,b){if(sjcl.bitArray.bitLength(a)!==sjcl.bitArray.bitLength(b))return false;var c=0,d;for(d=0;d=32;b-=32){d.push(c);c=0}if(b===0)return d.concat(a);for(e=0;e>>b);c=a[e]<<32-b}e=a.length?a[a.length-1]:0;a=sjcl.bitArray.getPartial(e);d.push(sjcl.bitArray.partial(b+a&31,b+a>32?c:d.pop(),1));return d},k:function(a,b){return[a[0]^b[0],a[1]^b[1],a[2]^b[2],a[3]^b[3]]}}; sjcl.codec.utf8String={fromBits:function(a){var b="",c=sjcl.bitArray.bitLength(a),d,e;for(d=0;d>>24);e<<=8}return decodeURIComponent(escape(b))},toBits:function(a){a=unescape(encodeURIComponent(a));var b=[],c,d=0;for(c=0;c>>e)>>>26);if(e<6){g=a[d]<<6-e;e+=26;d++}else{g<<=6;e-=6}}for(;c.length&3&&!b;)c+="=";return c},toBits:function(a){a=a.replace(/\s|=/g,"");var b=[],c,d=0,e=sjcl.codec.base64.D,f=0,g;for(c=0;c>>31,a[1]<<1^a[2]>>>31,a[2]<<1^a[3]>>>31,a[3]<<1^(a[0]>>>31)*135]}};sjcl.misc.hmac=function(a,b){this.M=b=b||sjcl.hash.sha256;var c=[[],[]],d=b.prototype.blockSize/32;this.l=[new b,new b];if(a.length>d)a=b.hash(a);for(b=0;b0;){b++;e>>>=1}this.b[g].update([d,this.J++,2,b,f,a.length].concat(a));break;case "string":if(b===undefined)b=a.length;this.b[g].update([d,this.J++,3,b,f,a.length]);this.b[g].update(a);break;default:throw new sjcl.exception.bug("random: addEntropy only supports number, array or string");}this.j[g]+=b;this.f+=b;if(h===0){this.isReady()!==0&&this.K("seeded",Math.max(this.g, this.f));this.K("progress",this.getProgress())}},isReady:function(a){a=this.B[a!==undefined?a:this.t];return this.g&&this.g>=a?this.j[0]>80&&(new Date).valueOf()>this.O?3:1:this.f>=a?2:0},getProgress:function(a){a=this.B[a?a:this.t];return this.g>=a?1["0"]:this.f>a?1["0"]:this.f/a},startCollectors:function(){if(!this.m){if(window.addEventListener){window.addEventListener("load",this.o,false);window.addEventListener("mousemove",this.p,false)}else if(document.attachEvent){document.attachEvent("onload", this.o);document.attachEvent("onmousemove",this.p)}else throw new sjcl.exception.bug("can't attach event");this.m=true}},stopCollectors:function(){if(this.m){if(window.removeEventListener){window.removeEventListener("load",this.o);window.removeEventListener("mousemove",this.p)}else if(window.detachEvent){window.detachEvent("onload",this.o);window.detachEvent("onmousemove",this.p)}this.m=false}},addEventListener:function(a,b){this.r[a][this.Q++]=b},removeEventListener:function(a,b){var c;a=this.r[a]; diff --git a/test/bn_test.js b/test/bn_test.js new file mode 100644 index 0000000..7756b30 --- /dev/null +++ b/test/bn_test.js @@ -0,0 +1,67 @@ +new sjcl.test.TestCase("Bignum modular reduction test", function (cb) { + if (!sjcl.bn) { + this.unimplemented(); + cb && cb(); + return; + } + + var a, N, r; + for (i=0; i < sjcl.test.vector.bn_mod.length; i++) { + tv = sjcl.test.vector.bn_mod[i]; + try { + a = new sjcl.bn(tv.a); + N = new sjcl.bn(tv.N); + r = a.mod(N); + this.require(r.equals(new sjcl.bn(tv.r))); + } catch(e) { + this.fail(e); + } + } + cb && cb(); +}); + +new sjcl.test.TestCase("Bignum modular multiplication test", function (cb) { + if (!sjcl.bn) { + this.unimplemented(); + cb && cb(); + return; + } + + var a, b, N, r; + for(var j=0;j<10;j++)for (i=0; i < sjcl.test.vector.bn_mulmod.length; i++) { + tv = sjcl.test.vector.bn_mulmod[i]; + try { + a = new sjcl.bn(tv.a); + b = new sjcl.bn(tv.b); + N = new sjcl.bn(tv.N); + r = a.mulmod(b, N); + this.require(r.equals(new sjcl.bn(tv.r))); + } catch(e) { + this.fail(e); + } + } + cb && cb(); +}); + +new sjcl.test.TestCase("Bignum modular exponentiation test", function (cb) { + if (!sjcl.bn) { + this.unimplemented(); + cb && cb(); + return; + } + + var i, tv, g, x, N, v; + for (i=0; i < sjcl.test.vector.bn_powermod.length; i++) { + tv = sjcl.test.vector.bn_powermod[i]; + try { + g = new sjcl.bn(tv.g); + x = new sjcl.bn(tv.x); + N = new sjcl.bn(tv.N); + v = g.powermod(x, N); + this.require(v.equals(new sjcl.bn(tv.v))); + } catch(e) { + this.fail(e); + } + } + cb && cb(); +}); diff --git a/test/bn_vectors.js b/test/bn_vectors.js new file mode 100644 index 0000000..3dd5a3b --- /dev/null +++ b/test/bn_vectors.js @@ -0,0 +1,85 @@ +// Verify with Mathematica: +// BaseForm[Mod[16^^a, 16^^N], 16] +// should return "16^^r". +sjcl.test.vector.bn_mod = [ + { + a: "cfb9caac51a13eb13592d47863e463b306547683070424a7c7a41302e30453c2f5f6f2c432a267d2d72746c534d6c233c5c6740776e5c473592d4786377d745c534f2d502427612249266a45382a6f512e527d475577484f277e7a4ce62c7919c0b34b9f125124c574bac9738edb0998bfa8f5b8076c5266ae06e1b9121303d7ff8f0380a24526474d592a7d5e69f125124c574bac9738ed77d745c534f2d502427612249266a45382a6f512e527d4755560144ced0a078454a727d24db5d77484f27b0998bfa8f5b8076c5266ae06e1b9121303d7ff8f0380a24526474d592a7d5e682b2358377d745c534f2d502427612249266a45382a6f512e527d4755560144ced0a078454a727d24db5d77484f277e7b3d28256d71482d2a287d666b3ac7053b02c6543592d47863b6a0541cfa603219b694bec483592d478630", + N: "c3219b694b6a0541cfa60c46a0541cfa60c4c574bac9738edb0998bfa8f5b8076c5266ae06e1b9121303d7ff8f0380a2f51de2fdc93bba83b4c4f49e2D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D498254b6afa60c4835920541cfa60c4c4f49e2D3383B4813D692C855c8a7d64e9", + r: "3c3312d60b052287f92b61bc1e890a3f43f46f302086fc19d7555059f957607981f89d7\ +25b775c70c47e940a874e143efec01558c9cbe5f15df716d812c61cef1a2c6561ee999\ +0b5db8e54827a16018fee6c111c9a8e66897f849ccd9114639ab086f8ecfa558b58555\ +47b1eb110e245f51598bc98486af1813423877189e66a84cd7ead55" + } +] + +// Verify with Mathematica: +// BaseForm[Mod[16^^a * 16^^b, 16^^N], 16] +// should return "16^^r". +sjcl.test.vector.bn_mulmod = [ + { + a: "94B7555AABE9127CC58CCF4993DB6CF84D16C1244021612e464d6e2f4c724f2b3e275a43385a5a6d4c7441284648362a4526474d592a7d5e682b2358377d745c534f2d502427612249266a45382a6f512e527d475577484f277e7b3d28256d71482d2a287d666b52247027", + b: "70424648242f4273612a524e4a44717b655b487b395d2f407d4c7141503e33442a657637257968345237677d6e736f5f24546b642a23283e463b306547683070424a7c7a41302e30453c2f5f6f2c432a267d2d72746c534d6c233c5c6740776e5c4725562029623d7a673d", + N: "EEAF0AB9ADB38D8775FF3C0B9EA27496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3", + r: "266bd21de6da4ce62c7919c0b34b9f125124c574bac9738edb0998bfa8f5b8076c5266ae06e1b9121303d7ff8f0380a2f51de2fdc93bba83b4c4f49e2ddc65c24a8e2ecbac374e49181792aeeada8fc5438073187b2cf3d63f93d560144ced0a078454a727d24db5d09e56" + } +] + +sjcl.test.vector.bn_powermod = [ + { + g: 2, + x: 3, + N: 3, + v: 2 + }, + { + g: 2, + x: "10000000000000000000000000", + N: 1337, + v: 1206 + }, + { + g: 17, + x: 90, + N: 34717861147, + v: 28445204336 + }, + { + g: 2, + x: "0x844A000000000000000000000", + N: 13, + v: 9 + }, + { + g: 2, + x: 0x1010, + N: 131, + v: 59 + }, + { + g: 2, + x: "43207437777777877617151", + N: 13, + v: 2 + }, + { + g: 2, + x: "389274238947216444871600001871964319565192765874149", + N: 117, + v: 44 + }, + { + g: 2, + x: "89457115510016156219817846189181057618965150496979174671534084187", + N: "1897166415676096761", + v: "16840615e646a4c5c8d" + }//, + // // This was disabled because it's slow (~2.5s with `rhino -O 9`). Once + // // a better powermod algorithm is implemented (e.g., using Montgomery + // // reduction), this can be re-enabled. + // { + // g: 2, + // x: "eeaf0ab9adb3008dd6c314c9c25600057674df692c0006e0d5d8e2050b98be48e4", + // N: "b48130d6e07674df740e1d33b4816e0d5d8e20e2050b98be48e457674df74096ea", + // v: "9c3219b694befb9caac51a13eb1ac7053b02c654b6a0541cfa60c483592d478630" + // } +] diff --git a/test/run_tests_browser.js b/test/run_tests_browser.js index 2abf8c0..30e4f8a 100644 --- a/test/run_tests_browser.js +++ b/test/run_tests_browser.js @@ -11,9 +11,15 @@ function testCore(coreName, cb) { "sha256_test.js", "sha256_vectors.js", "sha256_test_brute_force.js", + "sha1_test.js", + "sha1_vectors.js", "hmac_test.js", "hmac_vectors.js", - "pbkdf2_test.js" + "pbkdf2_test.js", + "bn_test.js", + "bn_vectors.js", + "srp_test.js", + "srp_vectors.js" ], i; for (i=1; i