ic-ctbu-backend/plugin/RSAUtils/RSAUtils.js

/*
 * RSA, a suite of routines for performing RSA public-key computations in JavaScript.
 * Copyright 1998-2005 David Shapiro.
 * Dave Shapiro
 * dave@ohdave.com
 * changed by Fuchun, 2010-05-06
 * fcrpg2005@gmail.com
 */
/*
 * Modified by +v then, 2018-03-28
 */

var RSAUtils = {}

// var biRadixBase = 2
var biRadixBits = 16
var bitsPerDigit = biRadixBits
var biRadix = 1 << 16 // = 2^16 = 65536
var biHalfRadix = biRadix >>> 1
var biRadixSquared = biRadix * biRadix
var maxDigitVal = biRadix - 1
// var maxInteger = 9999999999999998

// maxDigits:
// Change this to accommodate your largest number size. Use setMaxDigits()
// to change it!
//
// In general, if you're working with numbers of size N bits, you'll need 2*N
// bits of storage. Each digit holds 16 bits. So, a 1024-bit key will need
//
// 1024 * 2 / 16 = 128 digits of storage.
//
var maxDigits
var ZERO_ARRAY
var bigZero, bigOne

var BigInt = function (flag) {
    if (typeof flag === 'boolean' && flag === true) {
        this.digits = null
    } else {
        this.digits = ZERO_ARRAY.slice(0)
    }
    this.isNeg = false
}

RSAUtils.setMaxDigits = function (value) {
    maxDigits = value
    ZERO_ARRAY = new Array(maxDigits)
    for (var iza = 0; iza < ZERO_ARRAY.length; iza++) {
        ZERO_ARRAY[iza] = 0
    }
    bigZero = new BigInt()
    bigOne = new BigInt()
    bigOne.digits[0] = 1
}
RSAUtils.setMaxDigits(20)

// The maximum number of digits in base 10 you can convert to an
// integer without JavaScript throwing up on you.
var dpl10 = 15

RSAUtils.biFromNumber = function (i) {
    var result = new BigInt()
    result.isNeg = i < 0
    i = Math.abs(i)
    var j = 0
    while (i > 0) {
        result.digits[j++] = i & maxDigitVal
        i = Math.floor(i / biRadix)
    }
    return result
}

// lr10 = 10 ^ dpl10
var lr10 = RSAUtils.biFromNumber(1000000000000000)

RSAUtils.biFromDecimal = function (s) {
    var isNeg = s.charAt(0) === '-'
    var i = isNeg ? 1 : 0
    var result
    // Skip leading zeros.
    while (i < s.length && s.charAt(i) === '0') ++i
    if (i === s.length) {
        result = new BigInt()
    } else {
        var digitCount = s.length - i
        var fgl = digitCount % dpl10
        if (fgl === 0) fgl = dpl10
        result = RSAUtils.biFromNumber(Number(s.substr(i, fgl)))
        i += fgl
        while (i < s.length) {
            result = RSAUtils.biAdd(RSAUtils.biMultiply(result, lr10),
                RSAUtils.biFromNumber(Number(s.substr(i, dpl10))))
            i += dpl10
        }
        result.isNeg = isNeg
    }
    return result
}

RSAUtils.biCopy = function (bi) {
    var result = new BigInt(true)
    result.digits = bi.digits.slice(0)
    result.isNeg = bi.isNeg
    return result
}

RSAUtils.reverseStr = function (s) {
    var result = ''
    for (var i = s.length - 1; i > -1; --i) {
        result += s.charAt(i)
    }
    return result
}

var hexatrigesimalToChar = [
    '0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
    'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j',
    'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't',
    'u', 'v', 'w', 'x', 'y', 'z'
]

RSAUtils.biToString = function (x, radix) { // 2 <= radix <= 36
    var b = new BigInt()
    b.digits[0] = radix
    var qr = RSAUtils.biDivideModulo(x, b)
    var result = hexatrigesimalToChar[qr[1].digits[0]]
    while (RSAUtils.biCompare(qr[0], bigZero) === 1) {
        qr = RSAUtils.biDivideModulo(qr[0], b)
        // digit = qr[1].digits[0]
        result += hexatrigesimalToChar[qr[1].digits[0]]
    }
    return (x.isNeg ? '-' : '') + RSAUtils.reverseStr(result)
}

RSAUtils.biToDecimal = function (x) {
    var b = new BigInt()
    b.digits[0] = 10
    var qr = RSAUtils.biDivideModulo(x, b)
    var result = String(qr[1].digits[0])
    while (RSAUtils.biCompare(qr[0], bigZero) === 1) {
        qr = RSAUtils.biDivideModulo(qr[0], b)
        result += String(qr[1].digits[0])
    }
    return (x.isNeg ? '-' : '') + RSAUtils.reverseStr(result)
}

var hexToChar = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
    'a', 'b', 'c', 'd', 'e', 'f']

RSAUtils.digitToHex = function (n) {
    var mask = 0xf
    var result = ''
    for (var i = 0; i < 4; ++i) {
        result += hexToChar[n & mask]
        n >>>= 4
    }
    return RSAUtils.reverseStr(result)
}

RSAUtils.biToHex = function (x) {
    var result = ''
    // var n = RSAUtils.biHighIndex(x)
    for (var i = RSAUtils.biHighIndex(x); i > -1; --i) {
        result += RSAUtils.digitToHex(x.digits[i])
    }
    return result
}

RSAUtils.charToHex = function (c) {
    var ZERO = 48
    var NINE = ZERO + 9
    var littleA = 97
    var littleZ = littleA + 25
    var bigA = 65
    var bigZ = 65 + 25
    var result

    if (c >= ZERO && c <= NINE) {
        result = c - ZERO
    } else if (c >= bigA && c <= bigZ) {
        result = 10 + c - bigA
    } else if (c >= littleA && c <= littleZ) {
        result = 10 + c - littleA
    } else {
        result = 0
    }
    return result
}

RSAUtils.hexToDigit = function (s) {
    var result = 0
    var sl = Math.min(s.length, 4)
    for (var i = 0; i < sl; ++i) {
        result <<= 4
        result |= RSAUtils.charToHex(s.charCodeAt(i))
    }
    return result
}

RSAUtils.biFromHex = function (s) {
    var result = new BigInt()
    var sl = s.length
    for (var i = sl, j = 0; i > 0; i -= 4, ++j) {
        result.digits[j] = RSAUtils.hexToDigit(s.substr(Math.max(i - 4, 0), Math.min(i, 4)))
    }
    return result
}

RSAUtils.biFromString = function (s, radix) {
    var isNeg = s.charAt(0) === '-'
    var istop = isNeg ? 1 : 0
    var result = new BigInt()
    var place = new BigInt()
    place.digits[0] = 1 // radix^0
    for (var i = s.length - 1; i >= istop; i--) {
        var c = s.charCodeAt(i)
        var digit = RSAUtils.charToHex(c)
        var biDigit = RSAUtils.biMultiplyDigit(place, digit)
        result = RSAUtils.biAdd(result, biDigit)
        place = RSAUtils.biMultiplyDigit(place, radix)
    }
    result.isNeg = isNeg
    return result
}

RSAUtils.biDump = function (b) {
    return (b.isNeg ? '-' : '') + b.digits.join(' ')
}

RSAUtils.biAdd = function (x, y) {
    var result

    if (x.isNeg !== y.isNeg) {
        y.isNeg = !y.isNeg
        result = RSAUtils.biSubtract(x, y)
        y.isNeg = !y.isNeg
    } else {
        result = new BigInt()
        var c = 0
        var n
        for (var i = 0; i < x.digits.length; ++i) {
            n = x.digits[i] + y.digits[i] + c
            result.digits[i] = n % biRadix
            c = Number(n >= biRadix)
        }
        result.isNeg = x.isNeg
    }
    return result
}

RSAUtils.biSubtract = function (x, y) {
    var result
    if (x.isNeg !== y.isNeg) {
        y.isNeg = !y.isNeg
        result = RSAUtils.biAdd(x, y)
        y.isNeg = !y.isNeg
    } else {
        result = new BigInt()
        var n, c
        c = 0
        for (var i = 0; i < x.digits.length; ++i) {
            n = x.digits[i] - y.digits[i] + c
            result.digits[i] = n % biRadix
            // Stupid non-conforming modulus operation.
            if (result.digits[i] < 0) result.digits[i] += biRadix
            c = 0 - Number(n < 0)
        }
        // Fix up the negative sign, if any.
        if (c === -1) {
            c = 0
            for (i = 0; i < x.digits.length; ++i) {
                n = 0 - result.digits[i] + c
                result.digits[i] = n % biRadix
                // Stupid non-conforming modulus operation.
                if (result.digits[i] < 0) result.digits[i] += biRadix
                c = 0 - Number(n < 0)
            }
            // Result is opposite sign of arguments.
            result.isNeg = !x.isNeg
        } else {
            // Result is same sign.
            result.isNeg = x.isNeg
        }
    }
    return result
}

RSAUtils.biHighIndex = function (x) {
    var result = x.digits.length - 1
    while (result > 0 && x.digits[result] === 0) --result
    return result
}

RSAUtils.biNumBits = function (x) {
    var n = RSAUtils.biHighIndex(x)
    var d = x.digits[n]
    var m = (n + 1) * bitsPerDigit
    var result
    for (result = m; result > m - bitsPerDigit; --result) {
        if ((d & 0x8000) !== 0) break
        d <<= 1
    }
    return result
}

RSAUtils.biMultiply = function (x, y) {
    var result = new BigInt()
    var c
    var n = RSAUtils.biHighIndex(x)
    var t = RSAUtils.biHighIndex(y)
    // var u, uv, k
    var uv, k

    for (var i = 0; i <= t; ++i) {
        c = 0
        k = i
        for (var j = 0; j <= n; ++j, ++k) {
            uv = result.digits[k] + x.digits[j] * y.digits[i] + c
            result.digits[k] = uv & maxDigitVal
            c = uv >>> biRadixBits
            // c = Math.floor(uv / biRadix);
        }
        result.digits[i + n + 1] = c
    }
    // Someone give me a logical xor, please.
    result.isNeg = x.isNeg !== y.isNeg
    return result
}

RSAUtils.biMultiplyDigit = function (x, y) {
    var n, c, uv, result

    result = new BigInt()
    n = RSAUtils.biHighIndex(x)
    c = 0
    for (var j = 0; j <= n; ++j) {
        uv = result.digits[j] + x.digits[j] * y + c
        result.digits[j] = uv & maxDigitVal
        c = uv >>> biRadixBits
        // c = Math.floor(uv / biRadix);
    }
    result.digits[1 + n] = c
    return result
}

RSAUtils.arrayCopy = function (src, srcStart, dest, destStart, n) {
    var m = Math.min(srcStart + n, src.length)
    for (var i = srcStart, j = destStart; i < m; ++i, ++j) {
        dest[j] = src[i]
    }
}

var highBitMasks = [0x0000, 0x8000, 0xC000, 0xE000, 0xF000, 0xF800,
    0xFC00, 0xFE00, 0xFF00, 0xFF80, 0xFFC0, 0xFFE0,
    0xFFF0, 0xFFF8, 0xFFFC, 0xFFFE, 0xFFFF]

RSAUtils.biShiftLeft = function (x, n) {
    var digitCount = Math.floor(n / bitsPerDigit)
    var result = new BigInt()
    RSAUtils.arrayCopy(x.digits, 0, result.digits, digitCount,
        result.digits.length - digitCount)
    var bits = n % bitsPerDigit
    var rightBits = bitsPerDigit - bits
    for (var i = result.digits.length - 1, i1 = i - 1; i > 0; --i, --i1) {
        result.digits[i] = ((result.digits[i] << bits) & maxDigitVal) |
            ((result.digits[i1] & highBitMasks[bits]) >>>
                (rightBits))
    }
    result.digits[0] = ((result.digits[i] << bits) & maxDigitVal)
    result.isNeg = x.isNeg
    return result
}

var lowBitMasks = [0x0000, 0x0001, 0x0003, 0x0007, 0x000F, 0x001F,
    0x003F, 0x007F, 0x00FF, 0x01FF, 0x03FF, 0x07FF,
    0x0FFF, 0x1FFF, 0x3FFF, 0x7FFF, 0xFFFF]

RSAUtils.biShiftRight = function (x, n) {
    var digitCount = Math.floor(n / bitsPerDigit)
    var result = new BigInt()
    RSAUtils.arrayCopy(x.digits, digitCount, result.digits, 0,
        x.digits.length - digitCount)
    var bits = n % bitsPerDigit
    var leftBits = bitsPerDigit - bits
    for (var i = 0, i1 = i + 1; i < result.digits.length - 1; ++i, ++i1) {
        result.digits[i] = (result.digits[i] >>> bits) |
            ((result.digits[i1] & lowBitMasks[bits]) << leftBits)
    }
    result.digits[result.digits.length - 1] >>>= bits
    result.isNeg = x.isNeg
    return result
}

RSAUtils.biMultiplyByRadixPower = function (x, n) {
    var result = new BigInt()
    RSAUtils.arrayCopy(x.digits, 0, result.digits, n, result.digits.length - n)
    return result
}

RSAUtils.biDivideByRadixPower = function (x, n) {
    var result = new BigInt()
    RSAUtils.arrayCopy(x.digits, n, result.digits, 0, result.digits.length - n)
    return result
}

RSAUtils.biModuloByRadixPower = function (x, n) {
    var result = new BigInt()
    RSAUtils.arrayCopy(x.digits, 0, result.digits, 0, n)
    return result
}

RSAUtils.biCompare = function (x, y) {
    if (x.isNeg !== y.isNeg) {
        return 1 - 2 * Number(x.isNeg)
    }
    for (var i = x.digits.length - 1; i >= 0; --i) {
        if (x.digits[i] !== y.digits[i]) {
            if (x.isNeg) {
                return 1 - 2 * Number(x.digits[i] > y.digits[i])
            } else {
                return 1 - 2 * Number(x.digits[i] < y.digits[i])
            }
        }
    }
    return 0
}

RSAUtils.biDivideModulo = function (x, y) {
    var nb = RSAUtils.biNumBits(x)
    var tb = RSAUtils.biNumBits(y)
    var origYIsNeg = y.isNeg
    var q, r
    if (nb < tb) {
        // |x| < |y|
        if (x.isNeg) {
            q = RSAUtils.biCopy(bigOne)
            q.isNeg = !y.isNeg
            x.isNeg = false
            y.isNeg = false
            r = RSAUtils.biSubtract(y, x)
            // Restore signs, 'cause they're references.
            x.isNeg = true
            y.isNeg = origYIsNeg
        } else {
            q = new BigInt()
            r = RSAUtils.biCopy(x)
        }
        return [q, r]
    }

    q = new BigInt()
    r = x

    // Normalize Y.
    var t = Math.ceil(tb / bitsPerDigit) - 1
    var lambda = 0
    while (y.digits[t] < biHalfRadix) {
        y = RSAUtils.biShiftLeft(y, 1)
        ++lambda
        ++tb
        t = Math.ceil(tb / bitsPerDigit) - 1
    }
    // Shift r over to keep the quotient constant. We'll shift the
    // remainder back at the end.
    r = RSAUtils.biShiftLeft(r, lambda)
    nb += lambda // Update the bit count for x.
    var n = Math.ceil(nb / bitsPerDigit) - 1

    var b = RSAUtils.biMultiplyByRadixPower(y, n - t)
    while (RSAUtils.biCompare(r, b) !== -1) {
        ++q.digits[n - t]
        r = RSAUtils.biSubtract(r, b)
    }
    for (var i = n; i > t; --i) {
        var ri = (i >= r.digits.length) ? 0 : r.digits[i]
        var ri1 = (i - 1 >= r.digits.length) ? 0 : r.digits[i - 1]
        var ri2 = (i - 2 >= r.digits.length) ? 0 : r.digits[i - 2]
        var yt = (t >= y.digits.length) ? 0 : y.digits[t]
        var yt1 = (t - 1 >= y.digits.length) ? 0 : y.digits[t - 1]
        if (ri === yt) {
            q.digits[i - t - 1] = maxDigitVal
        } else {
            q.digits[i - t - 1] = Math.floor((ri * biRadix + ri1) / yt)
        }

        var c1 = q.digits[i - t - 1] * ((yt * biRadix) + yt1)
        var c2 = (ri * biRadixSquared) + ((ri1 * biRadix) + ri2)
        while (c1 > c2) {
            --q.digits[i - t - 1]
            c1 = q.digits[i - t - 1] * ((yt * biRadix) | yt1)
            c2 = (ri * biRadix * biRadix) + ((ri1 * biRadix) + ri2)
        }

        b = RSAUtils.biMultiplyByRadixPower(y, i - t - 1)
        r = RSAUtils.biSubtract(r, RSAUtils.biMultiplyDigit(b, q.digits[i - t - 1]))
        if (r.isNeg) {
            r = RSAUtils.biAdd(r, b)
            --q.digits[i - t - 1]
        }
    }
    r = RSAUtils.biShiftRight(r, lambda)
    // Fiddle with the signs and stuff to make sure that 0 <= r < y.
    q.isNeg = x.isNeg !== origYIsNeg
    if (x.isNeg) {
        if (origYIsNeg) {
            q = RSAUtils.biAdd(q, bigOne)
        } else {
            q = RSAUtils.biSubtract(q, bigOne)
        }
        y = RSAUtils.biShiftRight(y, lambda)
        r = RSAUtils.biSubtract(y, r)
    }
    // Check for the unbelievably stupid degenerate case of r === -0.
    if (r.digits[0] === 0 && RSAUtils.biHighIndex(r) === 0) r.isNeg = false

    return [q, r]
}

RSAUtils.biDivide = function (x, y) {
    return RSAUtils.biDivideModulo(x, y)[0]
}

RSAUtils.biModulo = function (x, y) {
    return RSAUtils.biDivideModulo(x, y)[1]
}

RSAUtils.biMultiplyMod = function (x, y, m) {
    return RSAUtils.biModulo(RSAUtils.biMultiply(x, y), m)
}

RSAUtils.biPow = function (x, y) {
    var result = bigOne
    var a = x
    while (true) {
        if ((y & 1) !== 0) result = RSAUtils.biMultiply(result, a)
        y >>= 1
        if (y === 0) break
        a = RSAUtils.biMultiply(a, a)
    }
    return result
}

RSAUtils.biPowMod = function (x, y, m) {
    var result = bigOne
    var a = x
    var k = y
    while (true) {
        if ((k.digits[0] & 1) !== 0) result = RSAUtils.biMultiplyMod(result, a, m)
        k = RSAUtils.biShiftRight(k, 1)
        if (k.digits[0] === 0 && RSAUtils.biHighIndex(k) === 0) break
        a = RSAUtils.biMultiplyMod(a, a, m)
    }
    return result
}

var BarrettMu = function (m) {
    this.modulus = RSAUtils.biCopy(m)
    this.k = RSAUtils.biHighIndex(this.modulus) + 1
    var b2k = new BigInt()
    b2k.digits[2 * this.k] = 1 // b2k = b^(2k)
    this.mu = RSAUtils.biDivide(b2k, this.modulus)
    this.bkplus1 = new BigInt()
    this.bkplus1.digits[this.k + 1] = 1 // bkplus1 = b^(k+1)
    this.modulo = BarrettMuModulo
    this.multiplyMod = BarrettMuMultiplyMod
    this.powMod = BarrettMuPowMod
}

function BarrettMuModulo(x) {
    var $dmath = RSAUtils
    var q1 = $dmath.biDivideByRadixPower(x, this.k - 1)
    var q2 = $dmath.biMultiply(q1, this.mu)
    var q3 = $dmath.biDivideByRadixPower(q2, this.k + 1)
    var r1 = $dmath.biModuloByRadixPower(x, this.k + 1)
    var r2term = $dmath.biMultiply(q3, this.modulus)
    var r2 = $dmath.biModuloByRadixPower(r2term, this.k + 1)
    var r = $dmath.biSubtract(r1, r2)
    if (r.isNeg) {
        r = $dmath.biAdd(r, this.bkplus1)
    }
    var rgtem = $dmath.biCompare(r, this.modulus) >= 0
    while (rgtem) {
        r = $dmath.biSubtract(r, this.modulus)
        rgtem = $dmath.biCompare(r, this.modulus) >= 0
    }
    return r
}

function BarrettMuMultiplyMod(x, y) {
    /*
     x = this.modulo(x);
     y = this.modulo(y);
     */
    var xy = RSAUtils.biMultiply(x, y)
    return this.modulo(xy)
}

function BarrettMuPowMod(x, y) {
    var result = new BigInt()
    result.digits[0] = 1
    var a = x
    var k = y
    while (true) {
        if ((k.digits[0] & 1) !== 0) result = this.multiplyMod(result, a)
        k = RSAUtils.biShiftRight(k, 1)
        if (k.digits[0] === 0 && RSAUtils.biHighIndex(k) === 0) break
        a = this.multiplyMod(a, a)
    }
    return result
}

var RSAKeyPair = function (encryptionExponent, decryptionExponent, modulus) {
    var $dmath = RSAUtils
    this.e = $dmath.biFromHex(encryptionExponent)
    this.d = $dmath.biFromHex(decryptionExponent)
    this.m = $dmath.biFromHex(modulus)
    // We can do two bytes per digit, so
    // chunkSize = 2 * (number of digits in modulus - 1).
    // Since biHighIndex returns the high index, not the number of digits, 1 has
    // already been subtracted.
    this.chunkSize = 2 * $dmath.biHighIndex(this.m)
    this.radix = 16
    this.barrett = new BarrettMu(this.m)
}

RSAUtils.getKeyPair = function (encryptionExponent, decryptionExponent, modulus) {
    return new RSAKeyPair(encryptionExponent, decryptionExponent, modulus)
}

// var twoDigit = function (n) {
//   return (n < 10 ? '0' : '') + String(n)
// }

// Altered by Rob Saunders (rob@robsaunders.net). New routine pads the
// string after it has been converted to an array. This fixes an
// incompatibility with Flash MX's ActionScript.
RSAUtils.encryptedString = function (key, s) {
    var a = []
    var sl = s.length
    var i = 0
    while (i < sl) {
        a[i] = s.charCodeAt(i)
        i++
    }

    while (a.length % key.chunkSize !== 0) {
        a[i++] = 0
    }

    var al = a.length
    var result = ''
    var j, k, block
    for (i = 0; i < al; i += key.chunkSize) {
        block = new BigInt()
        j = 0
        for (k = i; k < i + key.chunkSize; ++j) {
            block.digits[j] = a[k++]
            block.digits[j] += a[k++] << 8
        }
        var crypt = key.barrett.powMod(block, key.e)
        var text = key.radix === 16 ? RSAUtils.biToHex(crypt) : RSAUtils.biToString(crypt, key.radix)
        result += text + ' '
    }
    return result.substring(0, result.length - 1) // Remove last space.
}

RSAUtils.decryptedString = function (key, s) {
    var blocks = s.split(' ')
    var result = ''
    var i, j, block
    for (i = 0; i < blocks.length; ++i) {
        var bi
        if (key.radix === 16) {
            bi = RSAUtils.biFromHex(blocks[i])
        } else {
            bi = RSAUtils.biFromString(blocks[i], key.radix)
        }
        block = key.barrett.powMod(bi, key.d)
        for (j = 0; j <= RSAUtils.biHighIndex(block); ++j) {
            result += String.fromCharCode(block.digits[j] & 255,
                block.digits[j] >> 8)
        }
    }
    // Remove trailing null, if any.
    if (result.charCodeAt(result.length - 1) === 0) {
        result = result.substring(0, result.length - 1)
    }
    return result
}

RSAUtils.setMaxDigits(130)

module.exports = {
    RSAUtils
};