undo ecc

core/bitArray.js

@@ -31,7 +31,7 @@
 sjcl.bitArray = {
   /**
    * Array slices in units of bits.
-   * @param {bitArray} a The array to slice.
+   * @param {bitArray a} The array to slice.
    * @param {Number} bstart The offset to the start of the slice, in bits.
    * @param {Number} bend The offset to the end of the slice, in bits.  If this is undefined,
    * slice until the end of the array.
@@ -42,27 +42,6 @@ sjcl.bitArray = {
     return (bend === undefined) ? a : sjcl.bitArray.clamp(a, bend-bstart);
   },
 
-  /**
-   * Extract a number packed into a bit array.
-   * @param {bitArray} a The array to slice.
-   * @param {Number} bstart The offset to the start of the slice, in bits.
-   * @param {Number} length The length of the number to extract.
-   * @return {Number} The requested slice.
-   */
-  extract: function(a, bstart, blength) {
-    // FIXME: this Math.floor is not necessary at all, but for some reason
-    // seems to suppress a bug in the Chromium JIT.
-    var x, sh = Math.floor((-bstart-blength) & 31);
-    if ((bstart + blength - 1 ^ bstart) & -32) {
-      // it crosses a boundary
-      x = (a[bstart/32|0] << (32 - sh)) ^ (a[bstart/32+1|0] >>> sh);
-    } else {
-      // within a single word
-      x = a[bstart/32|0] >>> sh;
-    }
-    return x & ((1<<blength) - 1);
-  },
-
   /**
    * Concatenate two bit arrays.
    * @param {bitArray} a1 The first array.

core/cbc.js

@@ -1,115 +0,0 @@
-/** @fileOverview CBC mode implementation
- *
- * @author Emily Stark
- * @author Mike Hamburg
- * @author Dan Boneh
- */
-
-/** @namespace
- * Dangerous: CBC mode with PKCS#5 padding.
- *
- * @author Emily Stark
- * @author Mike Hamburg
- * @author Dan Boneh
- */
-if (sjcl.beware === undefined) {
-  sjcl.beware = {};
-}
-sjcl.beware["CBC mode is dangerous because it doesn't protect message integrity."
-] = function() {
-  sjcl.mode.cbc = {
-    /** The name of the mode.
-     * @constant
-     */
-    name: "cbc",
-    
-    /** Encrypt in CBC mode with PKCS#5 padding.
-     * @param {Object} prp The block cipher.  It must have a block size of 16 bytes.
-     * @param {bitArray} plaintext The plaintext data.
-     * @param {bitArray} iv The initialization value.
-     * @param {bitArray} [adata=[]] The authenticated data.  Must be empty.
-     * @return The encrypted data, an array of bytes.
-     * @throws {sjcl.exception.invalid} if the IV isn't exactly 128 bits, or if any adata is specified.
-     */
-    encrypt: function(prp, plaintext, iv, adata) {
-      if (adata && adata.length) {
-        throw new sjcl.exception.invalid("cbc can't authenticate data");
-      }
-      if (sjcl.bitArray.bitLength(iv) !== 128) {
-        throw new sjcl.exception.invalid("cbc iv must be 128 bits");
-      }
-      var i,
-          w = sjcl.bitArray,
-          xor = w._xor4,
-          bl = w.bitLength(plaintext),
-          bp = 0,
-          output = [];
-
-      if (bl&7) {
-        throw new sjcl.exception.invalid("pkcs#5 padding only works for multiples of a byte");
-      }
-    
-      for (i=0; bp+128 <= bl; i+=4, bp+=128) {
-        /* Encrypt a non-final block */
-        iv = prp.encrypt(xor(iv, plaintext.slice(i,i+4)));
-        output.splice(i,0,iv[0],iv[1],iv[2],iv[3]);
-      }
-      
-      /* Construct the pad. */
-      bl = (16 - ((bl >> 3) & 15)) * 0x1010101;
-
-      /* Pad and encrypt. */
-      iv = prp.encrypt(xor(iv,w.concat(plaintext,[bl,bl,bl,bl]).slice(i,i+4)));
-      output.splice(i,0,iv[0],iv[1],iv[2],iv[3]);
-      return output;
-    },
-    
-    /** Decrypt in CBC mode.
-     * @param {Object} prp The block cipher.  It must have a block size of 16 bytes.
-     * @param {bitArray} ciphertext The ciphertext data.
-     * @param {bitArray} iv The initialization value.
-     * @param {bitArray} [adata=[]] The authenticated data.  It must be empty.
-     * @return The decrypted data, an array of bytes.
-     * @throws {sjcl.exception.invalid} if the IV isn't exactly 128 bits, or if any adata is specified.
-     * @throws {sjcl.exception.corrupt} if if the message is corrupt.
-     */
-    decrypt: function(prp, ciphertext, iv, adata) {
-      if (adata && adata.length) {
-        throw new sjcl.exception.invalid("cbc can't authenticate data");
-      }
-      if (sjcl.bitArray.bitLength(iv) !== 128) {
-        throw new sjcl.exception.invalid("cbc iv must be 128 bits");
-      }
-      if ((sjcl.bitArray.bitLength(ciphertext) & 127) || !ciphertext.length) {
-        throw new sjcl.exception.corrupt("cbc ciphertext must be a positive multiple of the block size");
-      }
-      var i,
-          w = sjcl.bitArray,
-          xor = w._xor4,
-          bi, bo,
-          output = [];
-          
-      adata = adata || [];
-    
-      for (i=0; i<ciphertext.length; i+=4) {
-        bi = ciphertext.slice(i,i+4);
-        bo = xor(iv,prp.decrypt(bi));
-        output.splice(i,0,bo[0],bo[1],bo[2],bo[3]);
-        iv = bi;
-      }
-
-      /* check and remove the pad */
-      bi = output[i-1] & 255;
-      if (bi == 0 || bi > 16) {
-        throw new sjcl.exception.corrupt("pkcs#5 padding corrupt");
-      }
-      bo = bi * 0x1010101;
-      if (!w.equal(w.bitSlice([bo,bo,bo,bo], 0, bi*8),
-                   w.bitSlice(output, output.length*32 - bi*8, output.length*32))) {
-        throw new sjcl.exception.corrupt("pkcs#5 padding corrupt");
-      }
-
-      return w.bitSlice(output, 0, output.length*32 - bi*8);
-    }
-  };
-};

core/convenience.js

@@ -58,8 +58,7 @@
     /* do the encryption */
     p.ct = sjcl.mode[p.mode].encrypt(prp, plaintext, p.iv, p.adata, p.tag);
     
-    //return j.encode(j._subtract(p, j.defaults));
-    return j.encode(p);
+    return j.encode(j._subtract(p, j.defaults));
   },
   
   /** Simple decryption function.
@@ -123,7 +122,7 @@
         if (!i.match(/^[a-z0-9]+$/i)) {
           throw new sjcl.exception.invalid("json encode: invalid property name");
         }
-        out += comma + '"' + i + '":';
+        out += comma + i + ':';
         comma = ',';
         
         switch (typeof obj[i]) {
@@ -161,13 +160,13 @@
     }
     var a = str.replace(/^\{|\}$/g, '').split(/,/), out={}, i, m;
     for (i=0; i<a.length; i++) {
-      if (!(m=a[i].match(/^(?:(["']?)([a-z][a-z0-9]*)\1):(?:(\d+)|"([a-z0-9+\/%*_.@=\-]*)")$/i))) {
+      if (!(m=a[i].match(/^([a-z][a-z0-9]*):(?:(\d+)|"([a-z0-9+\/%*_.@=\-]*)")$/i))) {
         throw new sjcl.exception.invalid("json decode: this isn't json!");
       }
-      if (m[3]) {
-        out[m[2]] = parseInt(m[3],10);
+      if (m[2]) {
+        out[m[1]] = parseInt(m[2],10);
       } else {
-        out[m[2]] = m[2].match(/^(ct|salt|iv)$/) ? sjcl.codec.base64.toBits(m[4]) : unescape(m[4]);
+        out[m[1]] = m[1].match(/^(ct|salt|iv)$/) ? sjcl.codec.base64.toBits(m[3]) : unescape(m[3]);
       }
     }
     return out;
@@ -197,6 +196,7 @@
   
   /** Remove all elements of minus from plus.  Does not modify plus.
    * @private
+   */
   _subtract: function (plus, minus) {
     var out = {}, i;
     
@@ -208,7 +208,6 @@
     
     return out;
   },
-  */
   
   /** Return only the specified elements of src.
    * @private

core/ocb2.js

@@ -50,8 +50,7 @@ sjcl.mode.ocb2 = {
       /* Encrypt a non-final block */
       bi = plaintext.slice(i,i+4);
       checksum = xor(checksum, bi);
-      bi = xor(delta,prp.encrypt(xor(delta, bi)));
-      output.splice(i,0,bi[0],bi[1],bi[2],bi[3]);
+      output = output.concat(xor(delta,prp.encrypt(xor(delta, bi))));
       delta = times2(delta);
     }
     
@@ -106,7 +105,7 @@ sjcl.mode.ocb2 = {
       /* Decrypt a non-final block */
       bi = xor(delta, prp.decrypt(xor(delta, ciphertext.slice(i,i+4))));
       checksum = xor(checksum, bi);
-      output.splice(i,0,bi[0],bi[1],bi[2],bi[3]);
+      output = output.concat(bi);
       delta = times2(delta);
     }
     

core/sjcl.js

@@ -59,7 +59,7 @@ var sjcl = {
       this.toString = function() { return "BUG: "+this.message; };
       this.message = message;
     },
-    
+
     /** @class Something isn't ready. */
     notReady: function(message) {
       this.toString = function() { return "NOT READY: "+this.message; };