From 96ebb65099adbfdf94d957d154e67daa231fafc1 Mon Sep 17 00:00:00 2001 From: Daniel Cousens Date: Tue, 22 Apr 2014 02:04:56 +1000 Subject: [PATCH 1/4] Removes ecdsa.getBigRandom --- src/ecdsa.js | 5 ----- test/ec.js | 6 +++--- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/src/ecdsa.js b/src/ecdsa.js index ebb2216..26b0444 100644 --- a/src/ecdsa.js +++ b/src/ecdsa.js @@ -52,11 +52,6 @@ function deterministicGenerateK(hash,key) { } var ecdsa = { - getBigRandom: function (limit) { - return new BigInteger(limit.bitLength(), rng). - mod(limit.subtract(BigInteger.ONE)). - add(BigInteger.ONE) - }, sign: function (hash, priv) { var d = priv var n = ecparams.getN() diff --git a/test/ec.js b/test/ec.js index 71b5c59..72979e1 100644 --- a/test/ec.js +++ b/test/ec.js @@ -1,21 +1,21 @@ var assert = require('assert') -var ecdsa = require('../').ecdsa var sec = require('../src/jsbn/sec') var ecparams = sec('secp256k1') +var BigInteger = require('..').BigInteger var ECPointFp = require('../').ECPointFp var ECKey = require('../').ECKey describe('ec', function() { describe('ECPointFp', function() { - it('behaviours correctly', function() { + it('behaves correctly', function() { var G = ecparams.getG() var n = ecparams.getN() assert.ok(G.multiply(n).isInfinity(), "Gn is infinite") - var k = ecdsa.getBigRandom(n) + var k = BigInteger.ONE var P = G.multiply(k) assert.ok(!P.isInfinity(), "kG is not infinite") assert.ok(P.isOnCurve(), "kG on curve") From 873dc95321821ec8bed0fb1d22557365e249a476 Mon Sep 17 00:00:00 2001 From: Daniel Cousens Date: Tue, 22 Apr 2014 02:08:00 +1000 Subject: [PATCH 2/4] Isolates test/ec.js ECPointFp.decodeFrom tests --- test/ec.js | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/test/ec.js b/test/ec.js index 72979e1..d3a2aad 100644 --- a/test/ec.js +++ b/test/ec.js @@ -5,7 +5,6 @@ var ecparams = sec('secp256k1') var BigInteger = require('..').BigInteger var ECPointFp = require('../').ECPointFp -var ECKey = require('../').ECKey describe('ec', function() { describe('ECPointFp', function() { @@ -26,19 +25,18 @@ describe('ec', function() { }) describe('decodeFrom', function() { - it('decodes valid ECPoints', function() { - var p1 = ECKey.makeRandom(false).pub.toBuffer() - assert.equal(p1.length, 65) - - var p1_q = ECPointFp.decodeFrom(ecparams.getCurve(), p1) - assert.ok(p1_q) - assert.ok(p1_q.validate()) - - var p2 = new Buffer('0486f356006a38b847bedec1bf47013776925d939d5a35a97a4d1263e550c7f1ab5aba44ab74d22892097a0e851addf07ba97e33416df5affaceeb35d5607cd23c', 'hex') + it('decodes compressed ECPoints', function() { + var s = new Buffer('02789ece95adf35fb3de994b8b16c90166736d70913a18378fff79503e8c5db7fb', 'hex') + var Q = ECPointFp.decodeFrom(ecparams.getCurve(), s) + assert.ok(Q) + assert.ok(Q.validate()) + }) - var p2_q = ECPointFp.decodeFrom(ecparams.getCurve(), p2) - assert.ok(p2_q) - assert.ok(p2_q.validate()) + it('decodes uncompressed ECPoints', function() { + var s = new Buffer('0486f356006a38b847bedec1bf47013776925d939d5a35a97a4d1263e550c7f1ab5aba44ab74d22892097a0e851addf07ba97e33416df5affaceeb35d5607cd23c', 'hex') + var Q = ECPointFp.decodeFrom(ecparams.getCurve(), s) + assert.ok(Q) + assert.ok(Q.validate()) }) }) }) From b95b5d5a0456f48f9991164b08fc2c2d54edc94d Mon Sep 17 00:00:00 2001 From: Daniel Cousens Date: Tue, 22 Apr 2014 02:11:25 +1000 Subject: [PATCH 3/4] Removes unused imports and unused parameter --- test/ecdsa.js | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/test/ecdsa.js b/test/ecdsa.js index 2d98f0d..617bfa6 100644 --- a/test/ecdsa.js +++ b/test/ecdsa.js @@ -2,9 +2,7 @@ var assert = require('assert') var crypto = require('../').crypto var ecdsa = require('..').ecdsa var sec = require('../src/jsbn/sec.js') -var BigInteger = require('../src/jsbn/jsbn.js') var ecparams = sec("secp256k1") -var rng = require('secure-random') var BigInteger = require('..').BigInteger var ECKey = require('..').ECKey @@ -19,7 +17,7 @@ describe('ecdsa', function() { var obj = ecdsa.parseSigCompact(signature) var pubKey = new ECPubKey(ecdsa.recoverPubKey(obj.r, obj.s, Message.magicHash('1111'), obj.i)) - assert.equal(pubKey.toHex(true), '02e8fcf4d749b35879bc1f3b14b49e67ab7301da3558c5a9b74a54f1e6339c334c') + assert.equal(pubKey.toHex(), '02e8fcf4d749b35879bc1f3b14b49e67ab7301da3558c5a9b74a54f1e6339c334c') }) }) From ae60e6eb953674526a989a99c84a93a024d192c8 Mon Sep 17 00:00:00 2001 From: Daniel Cousens Date: Tue, 22 Apr 2014 02:19:30 +1000 Subject: [PATCH 4/4] Replacse JSBN with bigi --- README.md | 5 - package.json | 1 + src/base58.js | 4 +- src/bigi.js | 13 + src/{jsbn => }/ec.js | 13 +- src/ecdsa.js | 26 +- src/eckey.js | 10 +- src/hdwallet.js | 6 +- src/index.js | 7 +- src/jsbn/jsbn.js | 1302 ----------------------------------------- src/{jsbn => }/sec.js | 4 +- src/transaction.js | 2 +- test/ec.js | 2 +- test/ecdsa.js | 2 +- test/jsbn.js | 36 -- 15 files changed, 52 insertions(+), 1381 deletions(-) create mode 100644 src/bigi.js rename src/{jsbn => }/ec.js (98%) delete mode 100644 src/jsbn/jsbn.js rename src/{jsbn => }/sec.js (98%) delete mode 100644 test/jsbn.js diff --git a/README.md b/README.md index 7c5a8f4..d97f501 100644 --- a/README.md +++ b/README.md @@ -122,11 +122,6 @@ BitcoinJS (c) 2011-2012 Stefan Thomas Released under MIT license http://bitcoinjs.org/ -JSBN (c) 2003-2005 Tom Wu -Released under BSD license -http://www-cs-students.stanford.edu/~tjw/jsbn/ - CryptoJS (c) 2009–2012 by Jeff Mott Released under New BSD license http://code.google.com/p/crypto-js/ - diff --git a/package.json b/package.json index a08b2ad..1734e24 100644 --- a/package.json +++ b/package.json @@ -42,6 +42,7 @@ "compile": "./node_modules/.bin/browserify ./src/index.js -s Bitcoin | ./node_modules/.bin/uglifyjs > bitcoinjs-min.js" }, "dependencies": { + "bigi": "0.2.0", "crypto-js": "3.1.2-3", "secure-random": "0.2.1" } diff --git a/src/base58.js b/src/base58.js index 7ba4b04..690f897 100644 --- a/src/base58.js +++ b/src/base58.js @@ -5,7 +5,7 @@ // Merged Buffer refactorings from base58-native by Stephen Pair // Copyright (c) 2013 BitPay Inc -var BigInteger = require('./jsbn/jsbn') +var BigInteger = require('./bigi') var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz' var ALPHABET_BUF = new Buffer(ALPHABET, 'ascii') @@ -16,7 +16,7 @@ for(var i = 0; i < ALPHABET.length; i++) { var BASE = BigInteger.valueOf(58) function encode(buffer) { - var bi = BigInteger.fromByteArrayUnsigned(buffer) + var bi = BigInteger.fromBuffer(buffer) var result = new Buffer(buffer.length << 1) var i = result.length - 1 diff --git a/src/bigi.js b/src/bigi.js new file mode 100644 index 0000000..9c4b1aa --- /dev/null +++ b/src/bigi.js @@ -0,0 +1,13 @@ +var assert = require('assert') +var BigInteger = require('bigi') + +BigInteger.fromBuffer = function(buffer) { + // FIXME: Transitionary + if (Buffer.isBuffer(buffer)) { + buffer = Array.prototype.slice.call(buffer) + } + + return BigInteger.fromByteArrayUnsigned(buffer) +} + +module.exports = BigInteger diff --git a/src/jsbn/ec.js b/src/ec.js similarity index 98% rename from src/jsbn/ec.js rename to src/ec.js index b2692fa..d06bf83 100644 --- a/src/jsbn/ec.js +++ b/src/ec.js @@ -2,13 +2,8 @@ // Ported loosely from BouncyCastle's Java EC code // Only Fp curves implemented for now -var BigInteger = require('./jsbn'), - sec = require('./sec'); +var BigInteger = require('./bigi') -// ---------------- -// ECFieldElementFp - -// constructor function ECFieldElementFp(q,x) { this.x = x; // TODO if(x.compareTo(q) >= 0) error @@ -343,12 +338,12 @@ ECPointFp.decodeFrom = function (curve, enc) { if (type == 4) { var xBa = enc.slice(1, 1 + dataLen/2), yBa = enc.slice(1 + dataLen/2, 1 + dataLen), - x = BigInteger.fromByteArrayUnsigned(xBa), - y = BigInteger.fromByteArrayUnsigned(yBa); + x = BigInteger.fromBuffer(xBa), + y = BigInteger.fromBuffer(yBa); } else { var xBa = enc.slice(1), - x = BigInteger.fromByteArrayUnsigned(xBa), + x = BigInteger.fromBuffer(xBa), p = curve.getQ(), xCubedPlus7 = x.multiply(x).multiply(x).add(new BigInteger('7')).mod(p), pPlus1Over4 = p.add(new BigInteger('1')) diff --git a/src/ecdsa.js b/src/ecdsa.js index 26b0444..82fd419 100644 --- a/src/ecdsa.js +++ b/src/ecdsa.js @@ -1,10 +1,12 @@ -var sec = require('./jsbn/sec') -var rng = require('secure-random') -var BigInteger = require('./jsbn/jsbn') +var BigInteger = require('./bigi') +var ECPointFp = require('./ec').ECPointFp + var convert = require('./convert') var HmacSHA256 = require('crypto-js/hmac-sha256') -var ECPointFp = require('./jsbn/ec').ECPointFp + +var sec = require('./sec') var ecparams = sec("secp256k1") + var P_OVER_FOUR = null function implShamirsTrick(P, k, Q, l) { @@ -48,14 +50,14 @@ function deterministicGenerateK(hash,key) { v = HmacSHA256(v,k) v = HmacSHA256(v,k) vArr = convert.wordArrayToBytes(v) - return BigInteger.fromByteArrayUnsigned(vArr) + return BigInteger.fromBuffer(vArr) } var ecdsa = { sign: function (hash, priv) { var d = priv var n = ecparams.getN() - var e = BigInteger.fromByteArrayUnsigned(hash) + var e = BigInteger.fromBuffer(hash) var k = deterministicGenerateK(hash,priv.toByteArrayUnsigned()) var G = ecparams.getG() @@ -93,7 +95,7 @@ var ecdsa = { } else { throw new Error("Invalid format for pubkey value, must be byte array or ECPointFp") } - var e = BigInteger.fromByteArrayUnsigned(hash) + var e = BigInteger.fromBuffer(hash) return ecdsa.verifyRaw(e, r, s, Q) }, @@ -183,8 +185,8 @@ var ecdsa = { //if (cursor != sig.length) // throw new Error("Extra bytes in signature") - var r = BigInteger.fromByteArrayUnsigned(rBa) - var s = BigInteger.fromByteArrayUnsigned(sBa) + var r = BigInteger.fromBuffer(rBa) + var s = BigInteger.fromBuffer(sBa) return {r: r, s: s} }, @@ -202,8 +204,8 @@ var ecdsa = { } var n = ecparams.getN() - var r = BigInteger.fromByteArrayUnsigned(sig.slice(1, 33)).mod(n) - var s = BigInteger.fromByteArrayUnsigned(sig.slice(33, 65)).mod(n) + var r = BigInteger.fromBuffer(sig.slice(1, 33)).mod(n) + var s = BigInteger.fromBuffer(sig.slice(33, 65)).mod(n) return {r: r, s: s, i: i} }, @@ -257,7 +259,7 @@ var ecdsa = { R.validate() // 1.5 Compute e from M - var e = BigInteger.fromByteArrayUnsigned(hash) + var e = BigInteger.fromBuffer(hash) var eNeg = BigInteger.ZERO.subtract(e).mod(n) // 1.6 Compute Q = r^-1 (sR - eG) diff --git a/src/eckey.js b/src/eckey.js index 7a50f3f..6b82ea0 100644 --- a/src/eckey.js +++ b/src/eckey.js @@ -7,11 +7,11 @@ var secureRandom = require('secure-random') var Address = require('./address') var crypto = require('./crypto') -var sec = require('./jsbn/sec') +var sec = require('./sec') var ecparams = sec('secp256k1') -var BigInteger = require('./jsbn/jsbn') -var ECPointFp = require('./jsbn/ec').ECPointFp +var BigInteger = require('./bigi') +var ECPointFp = require('./ec').ECPointFp function ECKey(D, compressed) { assert(D.compareTo(BigInteger.ZERO) > 0, 'Private key must be greater than 0') @@ -28,7 +28,7 @@ ECKey.fromBuffer = function(buffer, compressed) { assert(Buffer.isBuffer(buffer), 'First argument must be a Buffer') assert.strictEqual(buffer.length, 32, 'Invalid buffer length') - var D = BigInteger.fromByteArrayUnsigned(buffer) + var D = BigInteger.fromBuffer(buffer) return new ECKey(D, compressed) } ECKey.fromHex = function(hex, compressed) { @@ -52,7 +52,7 @@ ECKey.makeRandom = function(compressed, rng) { rng = rng || secureRandom var buffer = new Buffer(rng(32)) - var D = BigInteger.fromByteArrayUnsigned(buffer) + var D = BigInteger.fromBuffer(buffer) D = D.mod(ecparams.getN()) return new ECKey(D, compressed) diff --git a/src/hdwallet.js b/src/hdwallet.js index 19ac560..0840723 100644 --- a/src/hdwallet.js +++ b/src/hdwallet.js @@ -3,14 +3,14 @@ var base58 = require('./base58') var convert = require('./convert') var Address = require('./address') -var BigInteger = require('./jsbn/jsbn') +var BigInteger = require('./bigi') var CJS = require('crypto-js') var crypto = require('./crypto') var ECKey = require('./eckey').ECKey var ECPubKey = require('./eckey').ECPubKey var Network = require('./network') -var sec = require('./jsbn/sec') +var sec = require('./sec') var ecparams = sec("secp256k1") function HmacSHA512(buffer, secret) { @@ -215,7 +215,7 @@ HDWallet.prototype.derive = function(i) { var hd = new HDWallet() hd.network = this.network - var IL = BigInteger.fromByteArrayUnsigned(ILb) + var IL = BigInteger.fromBuffer(ILb) if (this.priv) { // ki = IL + kpar (mod n). diff --git a/src/index.js b/src/index.js index e65d0e5..81414e2 100644 --- a/src/index.js +++ b/src/index.js @@ -1,3 +1,4 @@ +var ec = require('./ec') var Key = require('./eckey') var T = require('./transaction') @@ -5,17 +6,19 @@ module.exports = { Address: require('./address'), base58: require('./base58'), base58check: require('./base58check'), - BigInteger: require('./jsbn/jsbn'), + BigInteger: require('./bigi'), convert: require('./convert'), crypto: require('./crypto'), + ec: ec, ecdsa: require('./ecdsa'), ECKey: Key.ECKey, - ECPointFp: require('./jsbn/ec').ECPointFp, + ECPointFp: ec.ECPointFp, ECPubKey: Key.ECPubKey, Message: require('./message'), Opcode: require('./opcode'), HDWallet: require('./hdwallet'), Script: require('./script'), + sec: require('./sec'), Transaction: T.Transaction, TransactionIn: T.TransactionIn, TransactionOut: T.TransactionOut, diff --git a/src/jsbn/jsbn.js b/src/jsbn/jsbn.js deleted file mode 100644 index 7e49c0a..0000000 --- a/src/jsbn/jsbn.js +++ /dev/null @@ -1,1302 +0,0 @@ -// Copyright (c) 2005 Tom Wu -// All Rights Reserved. -// See "LICENSE" for details. - -// Basic JavaScript BN library - subset useful for RSA encryption. - -// Bits per digit -var dbits; - -// JavaScript engine analysis -var canary = 0xdeadbeefcafe; -var j_lm = ((canary&0xffffff)==0xefcafe); - -// (public) Constructor -function BigInteger(a,b,c) { - if (!(this instanceof BigInteger)) { - return new BigInteger(a, b, c); - } - - if(a != null) { - if("number" == typeof a) this.fromNumber(a,b,c); - else if(b == null && "string" != typeof a) this.fromString(a,256); - else this.fromString(a,b); - } -} - -var proto = BigInteger.prototype; - -// return new, unset BigInteger -function nbi() { return new BigInteger(null); } - -// am: Compute w_j += (x*this_i), propagate carries, -// c is initial carry, returns final carry. -// c < 3*dvalue, x < 2*dvalue, this_i < dvalue -// We need to select the fastest one that works in this environment. - -// am1: use a single mult and divide to get the high bits, -// max digit bits should be 26 because -// max internal value = 2*dvalue^2-2*dvalue (< 2^53) -function am1(i,x,w,j,c,n) { - while(--n >= 0) { - var v = x*this[i++]+w[j]+c; - c = Math.floor(v/0x4000000); - w[j++] = v&0x3ffffff; - } - return c; -} -// am2 avoids a big mult-and-extract completely. -// Max digit bits should be <= 30 because we do bitwise ops -// on values up to 2*hdvalue^2-hdvalue-1 (< 2^31) -function am2(i,x,w,j,c,n) { - var xl = x&0x7fff, xh = x>>15; - while(--n >= 0) { - var l = this[i]&0x7fff; - var h = this[i++]>>15; - var m = xh*l+h*xl; - l = xl*l+((m&0x7fff)<<15)+w[j]+(c&0x3fffffff); - c = (l>>>30)+(m>>>15)+xh*h+(c>>>30); - w[j++] = l&0x3fffffff; - } - return c; -} -// Alternately, set max digit bits to 28 since some -// browsers slow down when dealing with 32-bit numbers. -function am3(i,x,w,j,c,n) { - var xl = x&0x3fff, xh = x>>14; - while(--n >= 0) { - var l = this[i]&0x3fff; - var h = this[i++]>>14; - var m = xh*l+h*xl; - l = xl*l+((m&0x3fff)<<14)+w[j]+c; - c = (l>>28)+(m>>14)+xh*h; - w[j++] = l&0xfffffff; - } - return c; -} - -// wtf? -BigInteger.prototype.am = am1; -dbits = 26; - -/* -if(j_lm && (navigator.appName == "Microsoft Internet Explorer")) { - BigInteger.prototype.am = am2; - dbits = 30; -} -else if(j_lm && (navigator.appName != "Netscape")) { - BigInteger.prototype.am = am1; - dbits = 26; -} -else { // Mozilla/Netscape seems to prefer am3 - BigInteger.prototype.am = am3; - dbits = 28; -} -*/ - -BigInteger.prototype.DB = dbits; -BigInteger.prototype.DM = ((1<= 0; --i) r[i] = this[i]; - r.t = this.t; - r.s = this.s; -} - -// (protected) set from integer value x, -DV <= x < DV -function bnpFromInt(x) { - this.t = 1; - this.s = (x<0)?-1:0; - if(x > 0) this[0] = x; - else if(x < -1) this[0] = x+DV; - else this.t = 0; -} - -// return bigint initialized to value -function nbv(i) { var r = nbi(); r.fromInt(i); return r; } - -// (protected) set from string and radix -function bnpFromString(s,b) { - var self = this; - - var k; - if(b == 16) k = 4; - else if(b == 8) k = 3; - else if(b == 256) k = 8; // byte array - else if(b == 2) k = 1; - else if(b == 32) k = 5; - else if(b == 4) k = 2; - else { self.fromRadix(s,b); return; } - self.t = 0; - self.s = 0; - var i = s.length, mi = false, sh = 0; - while(--i >= 0) { - var x = (k==8)?s[i]&0xff:intAt(s,i); - if(x < 0) { - if(s.charAt(i) == "-") mi = true; - continue; - } - mi = false; - if(sh == 0) - self[self.t++] = x; - else if(sh+k > self.DB) { - self[self.t-1] |= (x&((1<<(self.DB-sh))-1))<>(self.DB-sh)); - } - else - self[self.t-1] |= x<= self.DB) sh -= self.DB; - } - if(k == 8 && (s[0]&0x80) != 0) { - self.s = -1; - if(sh > 0) self[self.t-1] |= ((1<<(self.DB-sh))-1)< 0 && this[this.t-1] == c) --this.t; -} - -// (public) return string representation in given radix -function bnToString(b) { - var self = this; - if(self.s < 0) return "-"+self.negate().toString(b); - var k; - if(b == 16) k = 4; - else if(b == 8) k = 3; - else if(b == 2) k = 1; - else if(b == 32) k = 5; - else if(b == 4) k = 2; - else return self.toRadix(b); - var km = (1< 0) { - if(p < self.DB && (d = self[i]>>p) > 0) { m = true; r = int2char(d); } - while(i >= 0) { - if(p < k) { - d = (self[i]&((1<>(p+=self.DB-k); - } - else { - d = (self[i]>>(p-=k))&km; - if(p <= 0) { p += self.DB; --i; } - } - if(d > 0) m = true; - if(m) r += int2char(d); - } - } - return m?r:"0"; -} - -// (public) -this -function bnNegate() { var r = nbi(); BigInteger.ZERO.subTo(this,r); return r; } - -// (public) |this| -function bnAbs() { return (this.s<0)?this.negate():this; } - -// (public) return + if this > a, - if this < a, 0 if equal -function bnCompareTo(a) { - var r = this.s-a.s; - if(r != 0) return r; - var i = this.t; - r = i-a.t; - if(r != 0) return (this.s<0)?-r:r; - while(--i >= 0) if((r=this[i]-a[i]) != 0) return r; - return 0; -} - -// returns bit length of the integer x -function nbits(x) { - var r = 1, t; - if((t=x>>>16) != 0) { x = t; r += 16; } - if((t=x>>8) != 0) { x = t; r += 8; } - if((t=x>>4) != 0) { x = t; r += 4; } - if((t=x>>2) != 0) { x = t; r += 2; } - if((t=x>>1) != 0) { x = t; r += 1; } - return r; -} - -// (public) return the number of bits in "this" -function bnBitLength() { - if(this.t <= 0) return 0; - return this.DB*(this.t-1)+nbits(this[this.t-1]^(this.s&this.DM)); -} - -// (protected) r = this << n*DB -function bnpDLShiftTo(n,r) { - var i; - for(i = this.t-1; i >= 0; --i) r[i+n] = this[i]; - for(i = n-1; i >= 0; --i) r[i] = 0; - r.t = this.t+n; - r.s = this.s; -} - -// (protected) r = this >> n*DB -function bnpDRShiftTo(n,r) { - for(var i = n; i < this.t; ++i) r[i-n] = this[i]; - r.t = Math.max(this.t-n,0); - r.s = this.s; -} - -// (protected) r = this << n -function bnpLShiftTo(n,r) { - var self = this; - var bs = n%self.DB; - var cbs = self.DB-bs; - var bm = (1<= 0; --i) { - r[i+ds+1] = (self[i]>>cbs)|c; - c = (self[i]&bm)<= 0; --i) r[i] = 0; - r[ds] = c; - r.t = self.t+ds+1; - r.s = self.s; - r.clamp(); -} - -// (protected) r = this >> n -function bnpRShiftTo(n,r) { - var self = this; - r.s = self.s; - var ds = Math.floor(n/self.DB); - if(ds >= self.t) { r.t = 0; return; } - var bs = n%self.DB; - var cbs = self.DB-bs; - var bm = (1<>bs; - for(var i = ds+1; i < self.t; ++i) { - r[i-ds-1] |= (self[i]&bm)<>bs; - } - if(bs > 0) r[self.t-ds-1] |= (self.s&bm)<>= self.DB; - } - if(a.t < self.t) { - c -= a.s; - while(i < self.t) { - c += self[i]; - r[i++] = c&self.DM; - c >>= self.DB; - } - c += self.s; - } - else { - c += self.s; - while(i < a.t) { - c -= a[i]; - r[i++] = c&self.DM; - c >>= self.DB; - } - c -= a.s; - } - r.s = (c<0)?-1:0; - if(c < -1) r[i++] = self.DV+c; - else if(c > 0) r[i++] = c; - r.t = i; - r.clamp(); -} - -// (protected) r = this * a, r != this,a (HAC 14.12) -// "this" should be the larger one if appropriate. -function bnpMultiplyTo(a,r) { - var x = this.abs(), y = a.abs(); - var i = x.t; - r.t = i+y.t; - while(--i >= 0) r[i] = 0; - for(i = 0; i < y.t; ++i) r[i+x.t] = x.am(0,y[i],r,i,0,x.t); - r.s = 0; - r.clamp(); - if(this.s != a.s) BigInteger.ZERO.subTo(r,r); -} - -// (protected) r = this^2, r != this (HAC 14.16) -function bnpSquareTo(r) { - var x = this.abs(); - var i = r.t = 2*x.t; - while(--i >= 0) r[i] = 0; - for(i = 0; i < x.t-1; ++i) { - var c = x.am(i,x[i],r,2*i,0,1); - if((r[i+x.t]+=x.am(i+1,2*x[i],r,2*i+1,c,x.t-i-1)) >= x.DV) { - r[i+x.t] -= x.DV; - r[i+x.t+1] = 1; - } - } - if(r.t > 0) r[r.t-1] += x.am(i,x[i],r,2*i,0,1); - r.s = 0; - r.clamp(); -} - -// (protected) divide this by m, quotient and remainder to q, r (HAC 14.20) -// r != q, this != m. q or r may be null. -function bnpDivRemTo(m,q,r) { - var self = this; - var pm = m.abs(); - if(pm.t <= 0) return; - var pt = self.abs(); - if(pt.t < pm.t) { - if(q != null) q.fromInt(0); - if(r != null) self.copyTo(r); - return; - } - if(r == null) r = nbi(); - var y = nbi(), ts = self.s, ms = m.s; - var nsh = self.DB-nbits(pm[pm.t-1]); // normalize modulus - if(nsh > 0) { pm.lShiftTo(nsh,y); pt.lShiftTo(nsh,r); } - else { pm.copyTo(y); pt.copyTo(r); } - var ys = y.t; - var y0 = y[ys-1]; - if(y0 == 0) return; - var yt = y0*(1<1)?y[ys-2]>>self.F2:0); - var d1 = self.FV/yt, d2 = (1<= 0) { - r[r.t++] = 1; - r.subTo(t,r); - } - BigInteger.ONE.dlShiftTo(ys,t); - t.subTo(y,y); // "negative" y so we can replace sub with am later - while(y.t < ys) y[y.t++] = 0; - while(--j >= 0) { - // Estimate quotient digit - var qd = (r[--i]==y0)?self.DM:Math.floor(r[i]*d1+(r[i-1]+e)*d2); - if((r[i]+=y.am(0,qd,r,j,0,ys)) < qd) { // Try it out - y.dlShiftTo(j,t); - r.subTo(t,r); - while(r[i] < --qd) r.subTo(t,r); - } - } - if(q != null) { - r.drShiftTo(ys,q); - if(ts != ms) BigInteger.ZERO.subTo(q,q); - } - r.t = ys; - r.clamp(); - if(nsh > 0) r.rShiftTo(nsh,r); // Denormalize remainder - if(ts < 0) BigInteger.ZERO.subTo(r,r); -} - -// (public) this mod a -function bnMod(a) { - var r = nbi(); - this.abs().divRemTo(a,null,r); - if(this.s < 0 && r.compareTo(BigInteger.ZERO) > 0) a.subTo(r,r); - return r; -} - -// Modular reduction using "classic" algorithm -function Classic(m) { this.m = m; } -function cConvert(x) { - if(x.s < 0 || x.compareTo(this.m) >= 0) return x.mod(this.m); - else return x; -} -function cRevert(x) { return x; } -function cReduce(x) { x.divRemTo(this.m,null,x); } -function cMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); } -function cSqrTo(x,r) { x.squareTo(r); this.reduce(r); } - -Classic.prototype.convert = cConvert; -Classic.prototype.revert = cRevert; -Classic.prototype.reduce = cReduce; -Classic.prototype.mulTo = cMulTo; -Classic.prototype.sqrTo = cSqrTo; - -// (protected) return "-1/this % 2^DB"; useful for Mont. reduction -// justification: -// xy == 1 (mod m) -// xy = 1+km -// xy(2-xy) = (1+km)(1-km) -// x[y(2-xy)] = 1-k^2m^2 -// x[y(2-xy)] == 1 (mod m^2) -// if y is 1/x mod m, then y(2-xy) is 1/x mod m^2 -// should reduce x and y(2-xy) by m^2 at each step to keep size bounded. -// JS multiply "overflows" differently from C/C++, so care is needed here. -function bnpInvDigit() { - if(this.t < 1) return 0; - var x = this[0]; - if((x&1) == 0) return 0; - var y = x&3; // y == 1/x mod 2^2 - y = (y*(2-(x&0xf)*y))&0xf; // y == 1/x mod 2^4 - y = (y*(2-(x&0xff)*y))&0xff; // y == 1/x mod 2^8 - y = (y*(2-(((x&0xffff)*y)&0xffff)))&0xffff; // y == 1/x mod 2^16 - // last step - calculate inverse mod DV directly; - // assumes 16 < DB <= 32 and assumes ability to handle 48-bit ints - y = (y*(2-x*y%this.DV))%this.DV; // y == 1/x mod 2^dbits - // we really want the negative inverse, and -DV < y < DV - return (y>0)?this.DV-y:-y; -} - -// Montgomery reduction -function Montgomery(m) { - this.m = m; - this.mp = m.invDigit(); - this.mpl = this.mp&0x7fff; - this.mph = this.mp>>15; - this.um = (1<<(m.DB-15))-1; - this.mt2 = 2*m.t; -} - -// xR mod m -function montConvert(x) { - var r = nbi(); - x.abs().dlShiftTo(this.m.t,r); - r.divRemTo(this.m,null,r); - if(x.s < 0 && r.compareTo(BigInteger.ZERO) > 0) this.m.subTo(r,r); - return r; -} - -// x/R mod m -function montRevert(x) { - var r = nbi(); - x.copyTo(r); - this.reduce(r); - return r; -} - -// x = x/R mod m (HAC 14.32) -function montReduce(x) { - while(x.t <= this.mt2) // pad x so am has enough room later - x[x.t++] = 0; - for(var i = 0; i < this.m.t; ++i) { - // faster way of calculating u0 = x[i]*mp mod DV - var j = x[i]&0x7fff; - var u0 = (j*this.mpl+(((j*this.mph+(x[i]>>15)*this.mpl)&this.um)<<15))&x.DM; - // use am to combine the multiply-shift-add into one call - j = i+this.m.t; - x[j] += this.m.am(0,u0,x,i,0,this.m.t); - // propagate carry - while(x[j] >= x.DV) { x[j] -= x.DV; x[++j]++; } - } - x.clamp(); - x.drShiftTo(this.m.t,x); - if(x.compareTo(this.m) >= 0) x.subTo(this.m,x); -} - -// r = "x^2/R mod m"; x != r -function montSqrTo(x,r) { x.squareTo(r); this.reduce(r); } - -// r = "xy/R mod m"; x,y != r -function montMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); } - -Montgomery.prototype.convert = montConvert; -Montgomery.prototype.revert = montRevert; -Montgomery.prototype.reduce = montReduce; -Montgomery.prototype.mulTo = montMulTo; -Montgomery.prototype.sqrTo = montSqrTo; - -// (protected) true iff this is even -function bnpIsEven() { return ((this.t>0)?(this[0]&1):this.s) == 0; } - -// (protected) this^e, e < 2^32, doing sqr and mul with "r" (HAC 14.79) -function bnpExp(e,z) { - if(e > 0xffffffff || e < 1) return BigInteger.ONE; - var r = nbi(), r2 = nbi(), g = z.convert(this), i = nbits(e)-1; - g.copyTo(r); - while(--i >= 0) { - z.sqrTo(r,r2); - if((e&(1< 0) z.mulTo(r2,g,r); - else { var t = r; r = r2; r2 = t; } - } - return z.revert(r); -} - -// (public) this^e % m, 0 <= e < 2^32 -function bnModPowInt(e,m) { - var z; - if(e < 256 || m.isEven()) z = new Classic(m); else z = new Montgomery(m); - return this.exp(e,z); -} - -// protected -proto.copyTo = bnpCopyTo; -proto.fromInt = bnpFromInt; -proto.fromString = bnpFromString; -proto.clamp = bnpClamp; -proto.dlShiftTo = bnpDLShiftTo; -proto.drShiftTo = bnpDRShiftTo; -proto.lShiftTo = bnpLShiftTo; -proto.rShiftTo = bnpRShiftTo; -proto.subTo = bnpSubTo; -proto.multiplyTo = bnpMultiplyTo; -proto.squareTo = bnpSquareTo; -proto.divRemTo = bnpDivRemTo; -proto.invDigit = bnpInvDigit; -proto.isEven = bnpIsEven; -proto.exp = bnpExp; - -// public -proto.toString = bnToString; -proto.negate = bnNegate; -proto.abs = bnAbs; -proto.compareTo = bnCompareTo; -proto.bitLength = bnBitLength; -proto.mod = bnMod; -proto.modPowInt = bnModPowInt; - -//// jsbn2 - -function nbi() { return new BigInteger(null); } - -// (public) -function bnClone() { var r = nbi(); this.copyTo(r); return r; } - -// (public) return value as integer -function bnIntValue() { - if(this.s < 0) { - if(this.t == 1) return this[0]-this.DV; - else if(this.t == 0) return -1; - } - else if(this.t == 1) return this[0]; - else if(this.t == 0) return 0; - // assumes 16 < DB < 32 - return ((this[1]&((1<<(32-this.DB))-1))<>24; } - -// (public) return value as short (assumes DB>=16) -function bnShortValue() { return (this.t==0)?this.s:(this[0]<<16)>>16; } - -// (protected) return x s.t. r^x < DV -function bnpChunkSize(r) { return Math.floor(Math.LN2*this.DB/Math.log(r)); } - -// (public) 0 if this == 0, 1 if this > 0 -function bnSigNum() { - if(this.s < 0) return -1; - else if(this.t <= 0 || (this.t == 1 && this[0] <= 0)) return 0; - else return 1; -} - -// (protected) convert to radix string -function bnpToRadix(b) { - if(b == null) b = 10; - if(this.signum() == 0 || b < 2 || b > 36) return "0"; - var cs = this.chunkSize(b); - var a = Math.pow(b,cs); - var d = nbv(a), y = nbi(), z = nbi(), r = ""; - this.divRemTo(d,y,z); - while(y.signum() > 0) { - r = (a+z.intValue()).toString(b).substr(1) + r; - y.divRemTo(d,y,z); - } - return z.intValue().toString(b) + r; -} - -// (protected) convert from radix string -function bnpFromRadix(s,b) { - var self = this; - self.fromInt(0); - if(b == null) b = 10; - var cs = self.chunkSize(b); - var d = Math.pow(b,cs), mi = false, j = 0, w = 0; - for(var i = 0; i < s.length; ++i) { - var x = intAt(s,i); - if(x < 0) { - if(s.charAt(i) == "-" && self.signum() == 0) mi = true; - continue; - } - w = b*w+x; - if(++j >= cs) { - self.dMultiply(d); - self.dAddOffset(w,0); - j = 0; - w = 0; - } - } - if(j > 0) { - self.dMultiply(Math.pow(b,j)); - self.dAddOffset(w,0); - } - if(mi) BigInteger.ZERO.subTo(self,self); -} - -// (protected) alternate constructor -function bnpFromNumber(a,b,c) { - var self = this; - if("number" == typeof b) { - // new BigInteger(int,int,RNG) - if(a < 2) self.fromInt(1); - else { - self.fromNumber(a,c); - if(!self.testBit(a-1)) // force MSB set - self.bitwiseTo(BigInteger.ONE.shiftLeft(a-1),op_or,self); - if(self.isEven()) self.dAddOffset(1,0); // force odd - while(!self.isProbablePrime(b)) { - self.dAddOffset(2,0); - if(self.bitLength() > a) self.subTo(BigInteger.ONE.shiftLeft(a-1),self); - } - } - } - else { - // new BigInteger(int,RNG) - var t = a&7; - var length = (a>>3)+1; - var x = b(length, {array: true}); - if(t > 0) x[0] &= ((1< 0) { - if(p < self.DB && (d = self[i]>>p) != (self.s&self.DM)>>p) - r[k++] = d|(self.s<<(self.DB-p)); - while(i >= 0) { - if(p < 8) { - d = (self[i]&((1<>(p+=self.DB-8); - } - else { - d = (self[i]>>(p-=8))&0xff; - if(p <= 0) { p += self.DB; --i; } - } - if((d&0x80) != 0) d |= -256; - if(k === 0 && (self.s&0x80) != (d&0x80)) ++k; - if(k > 0 || d != self.s) r[k++] = d; - } - } - return r; -} - -function bnEquals(a) { return(this.compareTo(a)==0); } -function bnMin(a) { return(this.compareTo(a)<0)?this:a; } -function bnMax(a) { return(this.compareTo(a)>0)?this:a; } - -// (protected) r = this op a (bitwise) -function bnpBitwiseTo(a,op,r) { - var self = this; - var i, f, m = Math.min(a.t,self.t); - for(i = 0; i < m; ++i) r[i] = op(self[i],a[i]); - if(a.t < self.t) { - f = a.s&self.DM; - for(i = m; i < self.t; ++i) r[i] = op(self[i],f); - r.t = self.t; - } - else { - f = self.s&self.DM; - for(i = m; i < a.t; ++i) r[i] = op(f,a[i]); - r.t = a.t; - } - r.s = op(self.s,a.s); - r.clamp(); -} - -// (public) this & a -function op_and(x,y) { return x&y; } -function bnAnd(a) { var r = nbi(); this.bitwiseTo(a,op_and,r); return r; } - -// (public) this | a -function op_or(x,y) { return x|y; } -function bnOr(a) { var r = nbi(); this.bitwiseTo(a,op_or,r); return r; } - -// (public) this ^ a -function op_xor(x,y) { return x^y; } -function bnXor(a) { var r = nbi(); this.bitwiseTo(a,op_xor,r); return r; } - -// (public) this & ~a -function op_andnot(x,y) { return x&~y; } -function bnAndNot(a) { var r = nbi(); this.bitwiseTo(a,op_andnot,r); return r; } - -// (public) ~this -function bnNot() { - var r = nbi(); - for(var i = 0; i < this.t; ++i) r[i] = this.DM&~this[i]; - r.t = this.t; - r.s = ~this.s; - return r; -} - -// (public) this << n -function bnShiftLeft(n) { - var r = nbi(); - if(n < 0) this.rShiftTo(-n,r); else this.lShiftTo(n,r); - return r; -} - -// (public) this >> n -function bnShiftRight(n) { - var r = nbi(); - if(n < 0) this.lShiftTo(-n,r); else this.rShiftTo(n,r); - return r; -} - -// return index of lowest 1-bit in x, x < 2^31 -function lbit(x) { - if(x == 0) return -1; - var r = 0; - if((x&0xffff) == 0) { x >>= 16; r += 16; } - if((x&0xff) == 0) { x >>= 8; r += 8; } - if((x&0xf) == 0) { x >>= 4; r += 4; } - if((x&3) == 0) { x >>= 2; r += 2; } - if((x&1) == 0) ++r; - return r; -} - -// (public) returns index of lowest 1-bit (or -1 if none) -function bnGetLowestSetBit() { - for(var i = 0; i < this.t; ++i) - if(this[i] != 0) return i*this.DB+lbit(this[i]); - if(this.s < 0) return this.t*this.DB; - return -1; -} - -// return number of 1 bits in x -function cbit(x) { - var r = 0; - while(x != 0) { x &= x-1; ++r; } - return r; -} - -// (public) return number of set bits -function bnBitCount() { - var r = 0, x = this.s&this.DM; - for(var i = 0; i < this.t; ++i) r += cbit(this[i]^x); - return r; -} - -// (public) true iff nth bit is set -function bnTestBit(n) { - var j = Math.floor(n/this.DB); - if(j >= this.t) return(this.s!=0); - return((this[j]&(1<<(n%this.DB)))!=0); -} - -// (protected) this op (1<>= self.DB; - } - if(a.t < self.t) { - c += a.s; - while(i < self.t) { - c += self[i]; - r[i++] = c&self.DM; - c >>= self.DB; - } - c += self.s; - } - else { - c += self.s; - while(i < a.t) { - c += a[i]; - r[i++] = c&self.DM; - c >>= self.DB; - } - c += a.s; - } - r.s = (c<0)?-1:0; - if(c > 0) r[i++] = c; - else if(c < -1) r[i++] = self.DV+c; - r.t = i; - r.clamp(); -} - -// (public) this + a -function bnAdd(a) { var r = nbi(); this.addTo(a,r); return r; } - -// (public) this - a -function bnSubtract(a) { var r = nbi(); this.subTo(a,r); return r; } - -// (public) this * a -function bnMultiply(a) { var r = nbi(); this.multiplyTo(a,r); return r; } - -// (public) this^2 -function bnSquare() { var r = nbi(); this.squareTo(r); return r; } - -// (public) this / a -function bnDivide(a) { var r = nbi(); this.divRemTo(a,r,null); return r; } - -// (public) this % a -function bnRemainder(a) { var r = nbi(); this.divRemTo(a,null,r); return r; } - -// (public) [this/a,this%a] -function bnDivideAndRemainder(a) { - var q = nbi(), r = nbi(); - this.divRemTo(a,q,r); - return new Array(q,r); -} - -// (protected) this *= n, this >= 0, 1 < n < DV -function bnpDMultiply(n) { - this[this.t] = this.am(0,n-1,this,0,0,this.t); - ++this.t; - this.clamp(); -} - -// (protected) this += n << w words, this >= 0 -function bnpDAddOffset(n,w) { - if(n == 0) return; - while(this.t <= w) this[this.t++] = 0; - this[w] += n; - while(this[w] >= this.DV) { - this[w] -= this.DV; - if(++w >= this.t) this[this.t++] = 0; - ++this[w]; - } -} - -// A "null" reducer -function NullExp() {} -function nNop(x) { return x; } -function nMulTo(x,y,r) { x.multiplyTo(y,r); } -function nSqrTo(x,r) { x.squareTo(r); } - -NullExp.prototype.convert = nNop; -NullExp.prototype.revert = nNop; -NullExp.prototype.mulTo = nMulTo; -NullExp.prototype.sqrTo = nSqrTo; - -// (public) this^e -function bnPow(e) { return this.exp(e,new NullExp()); } - -// (protected) r = lower n words of "this * a", a.t <= n -// "this" should be the larger one if appropriate. -function bnpMultiplyLowerTo(a,n,r) { - var i = Math.min(this.t+a.t,n); - r.s = 0; // assumes a,this >= 0 - r.t = i; - while(i > 0) r[--i] = 0; - var j; - for(j = r.t-this.t; i < j; ++i) r[i+this.t] = this.am(0,a[i],r,i,0,this.t); - for(j = Math.min(a.t,n); i < j; ++i) this.am(0,a[i],r,i,0,n-i); - r.clamp(); -} - -// (protected) r = "this * a" without lower n words, n > 0 -// "this" should be the larger one if appropriate. -function bnpMultiplyUpperTo(a,n,r) { - --n; - var i = r.t = this.t+a.t-n; - r.s = 0; // assumes a,this >= 0 - while(--i >= 0) r[i] = 0; - for(i = Math.max(n-this.t,0); i < a.t; ++i) - r[this.t+i-n] = this.am(n-i,a[i],r,0,0,this.t+i-n); - r.clamp(); - r.drShiftTo(1,r); -} - -// Barrett modular reduction -function Barrett(m) { - // setup Barrett - this.r2 = nbi(); - this.q3 = nbi(); - BigInteger.ONE.dlShiftTo(2*m.t,this.r2); - this.mu = this.r2.divide(m); - this.m = m; -} - -function barrettConvert(x) { - if(x.s < 0 || x.t > 2*this.m.t) return x.mod(this.m); - else if(x.compareTo(this.m) < 0) return x; - else { var r = nbi(); x.copyTo(r); this.reduce(r); return r; } -} - -function barrettRevert(x) { return x; } - -// x = x mod m (HAC 14.42) -function barrettReduce(x) { - var self = this; - x.drShiftTo(self.m.t-1,self.r2); - if(x.t > self.m.t+1) { x.t = self.m.t+1; x.clamp(); } - self.mu.multiplyUpperTo(self.r2,self.m.t+1,self.q3); - self.m.multiplyLowerTo(self.q3,self.m.t+1,self.r2); - while(x.compareTo(self.r2) < 0) x.dAddOffset(1,self.m.t+1); - x.subTo(self.r2,x); - while(x.compareTo(self.m) >= 0) x.subTo(self.m,x); -} - -// r = x^2 mod m; x != r -function barrettSqrTo(x,r) { x.squareTo(r); this.reduce(r); } - -// r = x*y mod m; x,y != r -function barrettMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); } - -Barrett.prototype.convert = barrettConvert; -Barrett.prototype.revert = barrettRevert; -Barrett.prototype.reduce = barrettReduce; -Barrett.prototype.mulTo = barrettMulTo; -Barrett.prototype.sqrTo = barrettSqrTo; - -// (public) this^e % m (HAC 14.85) -function bnModPow(e,m) { - var i = e.bitLength(), k, r = nbv(1), z; - if(i <= 0) return r; - else if(i < 18) k = 1; - else if(i < 48) k = 3; - else if(i < 144) k = 4; - else if(i < 768) k = 5; - else k = 6; - if(i < 8) - z = new Classic(m); - else if(m.isEven()) - z = new Barrett(m); - else - z = new Montgomery(m); - - // precomputation - var g = new Array(), n = 3, k1 = k-1, km = (1< 1) { - var g2 = nbi(); - z.sqrTo(g[1],g2); - while(n <= km) { - g[n] = nbi(); - z.mulTo(g2,g[n-2],g[n]); - n += 2; - } - } - - var j = e.t-1, w, is1 = true, r2 = nbi(), t; - i = nbits(e[j])-1; - while(j >= 0) { - if(i >= k1) w = (e[j]>>(i-k1))&km; - else { - w = (e[j]&((1<<(i+1))-1))<<(k1-i); - if(j > 0) w |= e[j-1]>>(this.DB+i-k1); - } - - n = k; - while((w&1) == 0) { w >>= 1; --n; } - if((i -= n) < 0) { i += this.DB; --j; } - if(is1) { // ret == 1, don't bother squaring or multiplying it - g[w].copyTo(r); - is1 = false; - } - else { - while(n > 1) { z.sqrTo(r,r2); z.sqrTo(r2,r); n -= 2; } - if(n > 0) z.sqrTo(r,r2); else { t = r; r = r2; r2 = t; } - z.mulTo(r2,g[w],r); - } - - while(j >= 0 && (e[j]&(1< 0) { - x.rShiftTo(g,x); - y.rShiftTo(g,y); - } - while(x.signum() > 0) { - if((i = x.getLowestSetBit()) > 0) x.rShiftTo(i,x); - if((i = y.getLowestSetBit()) > 0) y.rShiftTo(i,y); - if(x.compareTo(y) >= 0) { - x.subTo(y,x); - x.rShiftTo(1,x); - } - else { - y.subTo(x,y); - y.rShiftTo(1,y); - } - } - if(g > 0) y.lShiftTo(g,y); - return y; -} - -// (protected) this % n, n < 2^26 -function bnpModInt(n) { - if(n <= 0) return 0; - var d = this.DV%n, r = (this.s<0)?n-1:0; - if(this.t > 0) - if(d == 0) r = this[0]%n; - else for(var i = this.t-1; i >= 0; --i) r = (d*r+this[i])%n; - return r; -} - -// (public) 1/this % m (HAC 14.61) -function bnModInverse(m) { - var ac = m.isEven(); - if((this.isEven() && ac) || m.signum() == 0) return BigInteger.ZERO; - var u = m.clone(), v = this.clone(); - var a = nbv(1), b = nbv(0), c = nbv(0), d = nbv(1); - while(u.signum() != 0) { - while(u.isEven()) { - u.rShiftTo(1,u); - if(ac) { - if(!a.isEven() || !b.isEven()) { a.addTo(this,a); b.subTo(m,b); } - a.rShiftTo(1,a); - } - else if(!b.isEven()) b.subTo(m,b); - b.rShiftTo(1,b); - } - while(v.isEven()) { - v.rShiftTo(1,v); - if(ac) { - if(!c.isEven() || !d.isEven()) { c.addTo(this,c); d.subTo(m,d); } - c.rShiftTo(1,c); - } - else if(!d.isEven()) d.subTo(m,d); - d.rShiftTo(1,d); - } - if(u.compareTo(v) >= 0) { - u.subTo(v,u); - if(ac) a.subTo(c,a); - b.subTo(d,b); - } - else { - v.subTo(u,v); - if(ac) c.subTo(a,c); - d.subTo(b,d); - } - } - if(v.compareTo(BigInteger.ONE) != 0) return BigInteger.ZERO; - if(d.compareTo(m) >= 0) return d.subtract(m); - if(d.signum() < 0) d.addTo(m,d); else return d; - if(d.signum() < 0) return d.add(m); else return d; -} - -// protected -proto.chunkSize = bnpChunkSize; -proto.toRadix = bnpToRadix; -proto.fromRadix = bnpFromRadix; -proto.fromNumber = bnpFromNumber; -proto.bitwiseTo = bnpBitwiseTo; -proto.changeBit = bnpChangeBit; -proto.addTo = bnpAddTo; -proto.dMultiply = bnpDMultiply; -proto.dAddOffset = bnpDAddOffset; -proto.multiplyLowerTo = bnpMultiplyLowerTo; -proto.multiplyUpperTo = bnpMultiplyUpperTo; -proto.modInt = bnpModInt; - -// public -proto.clone = bnClone; -proto.intValue = bnIntValue; -proto.byteValue = bnByteValue; -proto.shortValue = bnShortValue; -proto.signum = bnSigNum; -proto.toByteArray = bnToByteArray; -proto.equals = bnEquals; -proto.min = bnMin; -proto.max = bnMax; -proto.and = bnAnd; -proto.or = bnOr; -proto.xor = bnXor; -proto.andNot = bnAndNot; -proto.not = bnNot; -proto.shiftLeft = bnShiftLeft; -proto.shiftRight = bnShiftRight; -proto.getLowestSetBit = bnGetLowestSetBit; -proto.bitCount = bnBitCount; -proto.testBit = bnTestBit; -proto.setBit = bnSetBit; -proto.clearBit = bnClearBit; -proto.flipBit = bnFlipBit; -proto.add = bnAdd; -proto.subtract = bnSubtract; -proto.multiply = bnMultiply; -proto.divide = bnDivide; -proto.remainder = bnRemainder; -proto.divideAndRemainder = bnDivideAndRemainder; -proto.modPow = bnModPow; -proto.modInverse = bnModInverse; -proto.pow = bnPow; -proto.gcd = bnGCD; - -// JSBN-specific extension -proto.square = bnSquare; - -// BigInteger interfaces not implemented in jsbn: - -// BigInteger(int signum, byte[] magnitude) -// double doubleValue() -// float floatValue() -// int hashCode() -// long longValue() -// static BigInteger valueOf(long val) - -// "constants" -BigInteger.ZERO = nbv(0); -BigInteger.ONE = nbv(1); -BigInteger.valueOf = nbv; - - -/// bitcoinjs addons - -/** - * Turns a byte array into a big integer. - * - * This function will interpret a byte array as a big integer in big - * endian notation and ignore leading zeros. - */ -BigInteger.fromByteArrayUnsigned = function(ba) { - // FIXME: BigInteger doesn't yet support Buffers - if (Buffer.isBuffer(ba)) ba = Array.prototype.slice.call(ba) - - if (!ba.length) { - return new BigInteger.valueOf(0); - } else if (ba[0] & 0x80) { - // Prepend a zero so the BigInteger class doesn't mistake this - // for a negative integer. - return new BigInteger([0].concat(ba)); - } else { - return new BigInteger(ba); - } -}; - -/** - * Parse a signed big integer byte representation. - * - * For details on the format please see BigInteger.toByteArraySigned. - */ -BigInteger.fromByteArraySigned = function(ba) { - // Check for negative value - if (ba[0] & 0x80) { - // Remove sign bit - ba[0] &= 0x7f; - - return BigInteger.fromByteArrayUnsigned(ba).negate(); - } else { - return BigInteger.fromByteArrayUnsigned(ba); - } -}; - -/** - * Returns a byte array representation of the big integer. - * - * This returns the absolute of the contained value in big endian - * form. A value of zero results in an empty array. - */ -BigInteger.prototype.toByteArrayUnsigned = function() { - var ba = this.abs().toByteArray(); - - // Empty array, nothing to do - if (!ba.length) { - return ba; - } - - // remove leading 0 - if (ba[0] === 0) { - ba = ba.slice(1); - } - - // all values must be positive - for (var i=0 ; i 0x00 - * 1 => 0x01 - * -1 => 0x81 - * 127 => 0x7f - * -127 => 0xff - * 128 => 0x0080 - * -128 => 0x8080 - * 255 => 0x00ff - * -255 => 0x80ff - * 16300 => 0x3fac - * -16300 => 0xbfac - * 62300 => 0x00f35c - * -62300 => 0x80f35c -*/ -BigInteger.prototype.toByteArraySigned = function() { - var val = this.toByteArrayUnsigned(); - var neg = this.s < 0; - - // if the first bit is set, we always unshift - // either unshift 0x80 or 0x00 - if (val[0] & 0x80) { - val.unshift((neg) ? 0x80 : 0x00); - } - // if the first bit isn't set, set it if negative - else if (neg) { - val[0] |= 0x80; - } - - return val; -}; - -module.exports = BigInteger; diff --git a/src/jsbn/sec.js b/src/sec.js similarity index 98% rename from src/jsbn/sec.js rename to src/sec.js index 3dee7e2..6aa9e6f 100644 --- a/src/jsbn/sec.js +++ b/src/sec.js @@ -1,8 +1,8 @@ // Named EC curves +var BigInteger = require('./bigi') var ECCurveFp = require('./ec') -var ECPointFp = require('./ec').ECPointFp -var BigInteger = require('./jsbn') +var ECPointFp = ECCurveFp.ECPointFp // ---------------- // X9ECParameters diff --git a/src/transaction.js b/src/transaction.js index 203762b..00083bc 100644 --- a/src/transaction.js +++ b/src/transaction.js @@ -2,7 +2,7 @@ var assert = require('assert') var Address = require('./address') -var BigInteger = require('./jsbn/jsbn') +var BigInteger = require('./bigi') var Script = require('./script') var convert = require('./convert') var crypto = require('./crypto') diff --git a/test/ec.js b/test/ec.js index d3a2aad..dc74cf3 100644 --- a/test/ec.js +++ b/test/ec.js @@ -1,6 +1,6 @@ var assert = require('assert') -var sec = require('../src/jsbn/sec') +var sec = require('../').sec var ecparams = sec('secp256k1') var BigInteger = require('..').BigInteger diff --git a/test/ecdsa.js b/test/ecdsa.js index 617bfa6..fc5803b 100644 --- a/test/ecdsa.js +++ b/test/ecdsa.js @@ -1,7 +1,7 @@ var assert = require('assert') var crypto = require('../').crypto var ecdsa = require('..').ecdsa -var sec = require('../src/jsbn/sec.js') +var sec = require('..').sec var ecparams = sec("secp256k1") var BigInteger = require('..').BigInteger diff --git a/test/jsbn.js b/test/jsbn.js deleted file mode 100644 index 19429fa..0000000 --- a/test/jsbn.js +++ /dev/null @@ -1,36 +0,0 @@ -var assert = require('assert') -var BigInteger = require('../src/jsbn/jsbn.js') -var bytesToHex = require('../src/convert.js').bytesToHex -var secureRandom = require('secure-random') - -describe('BigInteger', function() { - describe('toByteArraySigned', function() { - it('handles examples', function() { - function hex(num) { - var bytes = BigInteger.valueOf(num).toByteArraySigned() - var h = bytesToHex(bytes) - return '0x' + h - } - - assert.equal(hex( 0), '0x') - assert.equal(hex( 1), '0x01') - assert.equal(hex(-1), '0x81') - assert.equal(hex( 127), '0x7f') - assert.equal(hex(-127), '0xff') - assert.equal(hex( 255), '0x00ff') - assert.equal(hex(-255), '0x80ff') - assert.equal(hex( 16300), '0x3fac') - assert.equal(hex(-16300), '0xbfac') - assert.equal(hex( 62300), '0x00f35c') - assert.equal(hex(-62300), '0x80f35c') - }) - }) - - describe('with RNG passed into constructor as the 2nd argument', function(){ - it('returns a BigInteger with the limit of the specified length', function(){ - var bitLength = 256 - var i = new BigInteger(bitLength, secureRandom) - assert(i.bitLength() <= 256) - }) - }) -})