ecdh, ecdsa tests
This commit is contained in:
parent
2bb04bb02f
commit
4f316afb56
@ -318,8 +318,8 @@ sjcl.bn.prototype = {
|
||||
toBits: function(len) {
|
||||
this.fullReduce();
|
||||
len = len || this.exponent || this.limbs.length * this.radix;
|
||||
var i = Math.floor((len-1)/24), w=sjcl.bitArray, e = (len + 7 & -8) % this.radix || this.radix;
|
||||
out = [w.partial(e, this.getLimb(i))];
|
||||
var i = Math.floor((len-1)/24), w=sjcl.bitArray, e = (len + 7 & -8) % this.radix || this.radix,
|
||||
out = [w.partial(e, this.getLimb(i))];
|
||||
for (i--; i >= 0; i--) {
|
||||
out = w.concat(out, [w.partial(this.radix, this.getLimb(i))]);
|
||||
}
|
||||
|
@ -346,9 +346,9 @@ sjcl.ecc.elGamal.secretKey.prototype = {
|
||||
}
|
||||
};
|
||||
|
||||
sjcl.ecc._dh("dsa");
|
||||
sjcl.ecc._dh("ecdsa");
|
||||
|
||||
sjcl.ecc.dsa.secretKey.prototype = {
|
||||
sjcl.ecc.ecdsa.secretKey.prototype = {
|
||||
sign: function(hash, paranoia) {
|
||||
var R = this._curve.r,
|
||||
l = R.bitLength(),
|
||||
@ -359,7 +359,7 @@ sjcl.ecc.dsa.secretKey.prototype = {
|
||||
}
|
||||
};
|
||||
|
||||
sjcl.ecc.dsa.publicKey.prototype = {
|
||||
sjcl.ecc.ecdsa.publicKey.prototype = {
|
||||
verify: function(hash, rs) {
|
||||
var w = sjcl.bitArray,
|
||||
R = this._curve.r,
|
||||
|
8
sjcl.js
8
sjcl.js
@ -44,7 +44,7 @@ d[b].toString(16);b<this.limbs.length-1&&c.length<6;)c="0"+c;a=c+a}return"0x"+a}
|
||||
e=new sjcl.bn(a),f,g=1;if(!(a.limbs[0]&1))throw new sjcl.exception.invalid("inverseMod: p must be odd");do{if(d.limbs[0]&1){if(!d.greaterEquals(e)){f=d;d=e;e=f;f=b;b=c;c=f}d.subM(e);d.normalize();b.greaterEquals(c)||b.addM(a);b.subM(c)}d.halveM();b.limbs[0]&1&&b.addM(a);b.normalize();b.halveM();for(f=g=0;f<d.limbs.length;f++)g|=d.limbs[f]}while(g);if(!e.equals(1))throw new sjcl.exception.invalid("inverseMod: p and x must be relatively prime");return c},add:function(a){return this.copy().addM(a)},
|
||||
sub:function(a){return this.copy().subM(a)},mul:function(a){if(typeof a=="number")a=new this.d(a);var b,c=this.limbs,d=a.limbs,e=c.length,f=d.length,g=new this.d,h=g.limbs,j,n=this.maxMul;for(b=0;b<this.limbs.length+a.limbs.length+1;b++)h[b]=0;for(b=0;b<e;b++){j=c[b];for(a=0;a<f;a++)h[b+a]+=j*d[a];if(!--n){n=this.maxMul;g.cnormalize()}}return g.cnormalize().reduce()},square:function(){return this.mul(this)},power:function(a){if(typeof a=="number")a=[a];else if(a.limbs!==undefined)a=a.normalize().limbs;
|
||||
var b,c=new this.d(1),d=this;for(i=0;i<a.length;i++)for(b=0;b<this.radix;b++){if(a[i]&1<<b)c=c.mul(d);d=d.square()}return c},trim:function(){var a=this.limbs,b;do b=a.pop();while(a.length&&b==0);a.push(b);return this},reduce:function(){return this},fullReduce:function(){return this.normalize()},normalize:function(){var a=0,b,c=this.ipv,d,e=this.limbs,f=e.length,g=this.radixMask;for(b=0;b<f||a!==0&&a!==-1;b++){a=(e[b]||0)+a;d=e[b]=a&g;a=(a-d)*c}if(a==-1)e[b-1]-=this.placeVal;return this},cnormalize:function(){var a=
|
||||
0,b,c=this.ipv,d,e=this.limbs,f=e.length,g=this.radixMask;for(b=0;b<f-1;b++){a=e[b]+a;d=e[b]=a&g;a=(a-d)*c}e[b]+=a;return this},toBits:function(a){this.fullReduce();a=a||this.exponent||this.limbs.length*this.radix;var b=Math.floor((a-1)/24),c=sjcl.bitArray;out=[c.partial((a+7&-8)%this.radix||this.radix,this.getLimb(b))];for(b--;b>=0;b--)out=c.concat(out,[c.partial(this.radix,this.getLimb(b))]);return out},bitLength:function(){this.fullReduce();for(var a=this.radix*(this.limbs.length-1),b=this.limbs[this.limbs.length-
|
||||
0,b,c=this.ipv,d,e=this.limbs,f=e.length,g=this.radixMask;for(b=0;b<f-1;b++){a=e[b]+a;d=e[b]=a&g;a=(a-d)*c}e[b]+=a;return this},toBits:function(a){this.fullReduce();a=a||this.exponent||this.limbs.length*this.radix;var b=Math.floor((a-1)/24),c=sjcl.bitArray;a=[c.partial((a+7&-8)%this.radix||this.radix,this.getLimb(b))];for(b--;b>=0;b--)a=c.concat(a,[c.partial(this.radix,this.getLimb(b))]);return a},bitLength:function(){this.fullReduce();for(var a=this.radix*(this.limbs.length-1),b=this.limbs[this.limbs.length-
|
||||
1];b;b>>=1)a++;return a+7&-8}};sjcl.bn.fromBits=function(a){var b=new this,c=[],d=sjcl.bitArray,e=this.prototype,f=Math.min(this.bitLength||0x100000000,d.bitLength(a)),g=f%e.radix||e.radix;for(c[0]=d.extract(a,0,g);g<f;g+=e.radix)c.unshift(d.extract(a,g,e.radix));b.limbs=c;return b};sjcl.bn.prototype.ipv=1/(sjcl.bn.prototype.placeVal=Math.pow(2,sjcl.bn.prototype.radix));sjcl.bn.prototype.radixMask=(1<<sjcl.bn.prototype.radix)-1;
|
||||
sjcl.bn.pseudoMersennePrime=function(a,b){function c(g){this.initWith(g)}var d=c.prototype=new sjcl.bn,e,f;e=d.modOffset=Math.ceil(f=a/d.radix);d.exponent=a;d.offset=[];d.factor=[];d.minOffset=e;d.fullMask=0;d.fullOffset=[];d.fullFactor=[];d.modulus=c.modulus=new sjcl.bn(Math.pow(2,a));d.fullMask=0|-Math.pow(2,a%d.radix);for(e=0;e<b.length;e++){d.offset[e]=Math.floor(b[e][0]/d.radix-f);d.fullOffset[e]=Math.ceil(b[e][0]/d.radix-f);d.factor[e]=b[e][1]*Math.pow(0.5,a-b[e][0]+d.offset[e]*d.radix);d.fullFactor[e]=
|
||||
b[e][1]*Math.pow(0.5,a-b[e][0]+d.fullOffset[e]*d.radix);d.modulus.addM(new sjcl.bn(Math.pow(2,b[e][0])*b[e][1]));d.minOffset=Math.min(d.minOffset,-d.offset[e])}d.d=c;d.modulus.cnormalize();d.reduce=function(){var g,h,j,n=this.modOffset,l=this.limbs,m=this.offset,o=this.offset.length,q=this.factor,r;for(g=this.minOffset;l.length>n;){j=l.pop();r=l.length;for(h=0;h<o;h++)l[r+m[h]]-=q[h]*j;g--;if(g==0){l.push(0);this.cnormalize();g=this.minOffset}}this.cnormalize();return this};d.aa=d.fullMask==-1?d.reduce:
|
||||
@ -64,6 +64,6 @@ sjcl.ecc.curves={c192:new sjcl.ecc.curve(sjcl.bn.prime.p192,"0x662107c8eb94364e4
|
||||
c256:new sjcl.ecc.curve(sjcl.bn.prime.p256,"0x4319055358e8617b0c46353d039cdaae",-3,"0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b","0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296","0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5"),c384:new sjcl.ecc.curve(sjcl.bn.prime.p384,"0x389cb27e0bc8d21fa7e5f24cb74f58851313e696333ad68c",-3,"0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef","0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7",
|
||||
"0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f")};
|
||||
sjcl.ecc.Q=function(a){sjcl.ecc[a]={publicKey:function(b,c){this.e=b;this.Z=c instanceof Array?b.fromBits(c):c},secretKey:function(b,c){this.e=b;this.S=c},generateKeys:function(b,c){if(typeof b=="number"){b=sjcl.ecc.curves["c"+b];if(b===undefined)throw new sjcl.exception.invalid("no such curve");}c=sjcl.bn.random(b.r,c);var d=b.G.mult(c);return{pub:new sjcl.ecc[a].publicKey(b,d),sec:new sjcl.ecc[a].secretKey(b,c)}}}};sjcl.ecc.Q("elGamal");
|
||||
sjcl.ecc.elGamal.publicKey.prototype={kem:function(a){a=sjcl.bn.random(this.e.r,a);var b=this.e.G.mult(a).toBits();return{key:sjcl.hash.sha256.hash(this.Z.mult(a).toBits()),tag:b}}};sjcl.ecc.elGamal.secretKey.prototype={unkem:function(a){return sjcl.hash.sha256.hash(this.e.fromBits(a).mult(this.S).toBits())}};sjcl.ecc.Q("dsa");
|
||||
sjcl.ecc.dsa.secretKey.prototype={sign:function(a,b){var c=this.e.r,d=c.bitLength();b=this.e.G.mult(kkkk=sjcl.bn.random(c.sub(1),b).add(1)).x.mod(c);a=sjcl.bn.fromBits(a).add(b.mul(this.S)).inverseMod(c).mul(kkkk).mod(c);return sjcl.bitArray.concat(b.toBits(d),a.toBits(d))}};
|
||||
sjcl.ecc.dsa.publicKey.prototype={verify:function(a,b){var c=sjcl.bitArray,d=this.e.r,e=d.bitLength(),f=sjcl.bn.fromBits(c.bitSlice(b,0,e));b=sjcl.bn.fromBits(c.bitSlice(b,e,2*e));a=sjcl.bn.fromBits(a).mul(b).mod(d);c=f.mul(b).mod(d);a=this.e.G.mult2(a,c,this.Z).x;c=sjcl.exception.corrupt;if(f.equals(0)||b.equals(0)||f.greaterEquals(d)||b.greaterEquals(d)||!a.equals(f))throw new c("signature didn't check out");return true}};
|
||||
sjcl.ecc.elGamal.publicKey.prototype={kem:function(a){a=sjcl.bn.random(this.e.r,a);var b=this.e.G.mult(a).toBits();return{key:sjcl.hash.sha256.hash(this.Z.mult(a).toBits()),tag:b}}};sjcl.ecc.elGamal.secretKey.prototype={unkem:function(a){return sjcl.hash.sha256.hash(this.e.fromBits(a).mult(this.S).toBits())}};sjcl.ecc.Q("ecdsa");
|
||||
sjcl.ecc.ecdsa.secretKey.prototype={sign:function(a,b){var c=this.e.r,d=c.bitLength();b=this.e.G.mult(kkkk=sjcl.bn.random(c.sub(1),b).add(1)).x.mod(c);a=sjcl.bn.fromBits(a).add(b.mul(this.S)).inverseMod(c).mul(kkkk).mod(c);return sjcl.bitArray.concat(b.toBits(d),a.toBits(d))}};
|
||||
sjcl.ecc.ecdsa.publicKey.prototype={verify:function(a,b){var c=sjcl.bitArray,d=this.e.r,e=d.bitLength(),f=sjcl.bn.fromBits(c.bitSlice(b,0,e));b=sjcl.bn.fromBits(c.bitSlice(b,e,2*e));a=sjcl.bn.fromBits(a).mul(b).mod(d);c=f.mul(b).mod(d);a=this.e.G.mult2(a,c,this.Z).x;c=sjcl.exception.corrupt;if(f.equals(0)||b.equals(0)||f.greaterEquals(d)||b.greaterEquals(d)||!a.equals(f))throw new c("signature didn't check out");return true}};
|
||||
|
15
test/ecdh_test.js
Normal file
15
test/ecdh_test.js
Normal file
@ -0,0 +1,15 @@
|
||||
new sjcl.test.TestCase("ECDH test", function (cb) {
|
||||
if (!sjcl.ecc) {
|
||||
this.unimplemented();
|
||||
cb && cb();
|
||||
return;
|
||||
}
|
||||
|
||||
var keys = sjcl.ecc.elGamal.generateKeys(192,0),
|
||||
keyTag = keys.pub.kem(0),
|
||||
key2 = keys.sec.unkem(keyTag.tag);
|
||||
|
||||
this.require(sjcl.bitArray.equal(keyTag.key, key2));
|
||||
|
||||
cb && cb();
|
||||
});
|
29
test/ecdsa_test.js
Normal file
29
test/ecdsa_test.js
Normal file
@ -0,0 +1,29 @@
|
||||
new sjcl.test.TestCase("ECSA test", function (cb) {
|
||||
if (!sjcl.ecc) {
|
||||
this.unimplemented();
|
||||
cb && cb();
|
||||
return;
|
||||
}
|
||||
|
||||
var keys = sjcl.ecc.ecdsa.generateKeys(192,0),
|
||||
hash = sjcl.hash.sha256.hash("The quick brown fox jumps over the lazy dog."),
|
||||
signature = keys.sec.sign(hash,0);
|
||||
|
||||
try {
|
||||
keys.pub.verify(hash, signature);
|
||||
this.pass();
|
||||
} catch (e) {
|
||||
this.fail("good message rejected");
|
||||
}
|
||||
|
||||
hash[1] ^= 8; // minor change to hash
|
||||
|
||||
try {
|
||||
keys.pub.verify(hash, signature);
|
||||
this.fail();
|
||||
} catch (e) {
|
||||
this.pass("bad message accepted");
|
||||
}
|
||||
|
||||
cb && cb();
|
||||
});
|
@ -13,7 +13,9 @@ function testCore(coreName, cb) {
|
||||
"sha256_test_brute_force.js",
|
||||
"hmac_test.js",
|
||||
"hmac_vectors.js",
|
||||
"pbkdf2_test.js"
|
||||
"pbkdf2_test.js",
|
||||
"ecdh_test.js",
|
||||
"ecdsa_test.js"
|
||||
], i;
|
||||
|
||||
for (i=1; i<testFiles.length; i++) {
|
||||
|
Loading…
Reference in New Issue
Block a user