[TASK] update sjcl

src/js/ripple/keypair.js

@@ -5,7 +5,7 @@ var UInt256 = require('./uint256').UInt256;
 var Base    = require('./base').Base;
 
 function KeyPair() {
-  this._curve  = sjcl.ecc.curves.c256;
+  this._curve  = sjcl.ecc.curves.k256;
   this._secret = null;
   this._pubkey = null;
 };
@@ -15,7 +15,7 @@ KeyPair.from_bn_secret = function(j) {
 };
 
 KeyPair.prototype.parse_bn_secret = function(j) {
-  this._secret = new sjcl.ecc.ecdsa.secretKey(sjcl.ecc.curves.c256, j);
+  this._secret = new sjcl.ecc.ecdsa.secretKey(sjcl.ecc.curves.k256, j);
   return this;
 };
 

src/js/ripple/seed.js

@@ -16,7 +16,7 @@ var KeyPair = require('./keypair').KeyPair;
 
 var Seed = extend(function () {
   // Internal form: NaN or BigInteger
-  this._curve = sjcl.ecc.curves.c256;
+  this._curve = sjcl.ecc.curves.k256;
   this._value = NaN;
 }, UInt);
 

src/js/sjcl-custom/sjcl-ecdsa-recoverablepublickey.js

@@ -65,7 +65,7 @@ sjcl.ecc.ecdsa.secretKey.prototype.signWithRecoverablePublicKey = function(hash,
  *
  *  @param {bitArray} hash
  *  @param {bitArray} signature
- *  @param {sjcl.ecc.curve} [sjcl.ecc.curves['c256']] curve
+ *  @param {sjcl.ecc.curve} [sjcl.ecc.curves['k256']] curve
  *  @returns {sjcl.ecc.ecdsa.publicKey} Public key
  */
 sjcl.ecc.ecdsa.publicKey.recoverFromSignature = function(hash, signature, curve) {
@@ -75,7 +75,7 @@ sjcl.ecc.ecdsa.publicKey.recoverFromSignature = function(hash, signature, curve)
   }
 
   if (!curve) {
-    curve = sjcl.ecc.curves['c256'];
+    curve = sjcl.ecc.curves['k256'];
   }
 
   // Convert hash to bits and determine encoding for output

src/js/sjcl-custom/sjcl-secp256k1.js

@@ -1,17 +1,16 @@
 // ----- for secp256k1 ------
 
-// Overwrite NIST-P256 with secp256k1
-sjcl.ecc.curves.c256 = new sjcl.ecc.curve(
-    sjcl.bn.pseudoMersennePrime(256, [[0,-1],[4,-1],[6,-1],[7,-1],[8,-1],[9,-1],[32,-1]]),
-    "0x14551231950b75fc4402da1722fc9baee",
-    0,
-    7,
-    "0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798",
-    "0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8"
-);
+sjcl.ecc.point.prototype.toBytesCompressed = function () {
+  var header = this.y.mod(2).toString() == "0x0" ? 0x02 : 0x03;
+  return [header].concat(sjcl.codec.bytes.fromBits(this.x.toBits()))
+};
 
 // Replace point addition and doubling algorithms
 // NIST-P256 is a=-3, we need algorithms for a=0
+//
+// This is a custom point addition formula that
+// only works for a=-3 Jacobian curve. It's much
+// faster than the generic implementation
 sjcl.ecc.pointJac.prototype.add = function(T) {
   var S = this;
   if (S.curve !== T.curve) {
@@ -43,14 +42,17 @@ sjcl.ecc.pointJac.prototype.add = function(T) {
   var j = h.mul(i);
   var r = s2.sub(S.y).doubleM();
   var v = S.x.mul(i);
-  
+
   var x = r.square().subM(j).subM(v.copy().doubleM());
   var y = r.mul(v.sub(x)).subM(S.y.mul(j).doubleM());
   var z = S.z.add(h).square().subM(z1z1).subM(hh);
 
   return new sjcl.ecc.pointJac(this.curve,x,y,z);
 };
 
+// This is a custom doubling algorithm that
+// only works for a=-3 Jacobian curve. It's much
+// faster than the generic implementation
 sjcl.ecc.pointJac.prototype.doubl = function () {
   if (this.isIdentity) { return this; }
 
@@ -66,7 +68,9 @@ sjcl.ecc.pointJac.prototype.doubl = function () {
   return new sjcl.ecc.pointJac(this.curve, x, y, z);
 };
 
-sjcl.ecc.point.prototype.toBytesCompressed = function () {
-  var header = this.y.mod(2).toString() == "0x0" ? 0x02 : 0x03;
-  return [header].concat(sjcl.codec.bytes.fromBits(this.x.toBits()))
-};
+// DEPRECATED:
+// previously the c256 curve was overridden with the secp256k1 curve
+// since then, sjcl has been updated to support k256
+// this override exist to keep supporting the old c256 with k256 behavior
+// this will be removed in future release
+sjcl.ecc.curves.c256 = sjcl.ecc.curves.k256;

src/js/sjcl/.gitignore

@@ -0,0 +1,2 @@
+core.js
+core_closure.js

src/js/sjcl/.travis.yml

@@ -0,0 +1,9 @@
+before_script: ./configure --with-all
+
+language: node_js
+node_js:
+  - "0.11"
+  - "0.10"
+  - "0.8"
+# 0.6 appears to be unreliable on Travis at the moment.
+#  - "0.6"

src/js/sjcl/Makefile

@@ -54,10 +54,11 @@ lint: core.js core/*.js test/*.js browserTest/*.js lint/coding_guidelines.pl
 	lint/coding_guidelines.pl core/*.js test/*.js browserTest/*.js
 
 
-TEST_COMMON=  browserTest/rhinoUtil.js test/test.js
+TEST_COMMON=  browserTest/nodeUtil.js test/test.js
 
 TEST_SCRIPTS= $(TEST_COMMON) \
               test/aes_vectors.js test/aes_test.js \
+              test/bitArray_vectors.js test/bitArray_test.js \
               test/ocb2_vectors.js test/ocb2_test.js  \
               test/ccm_vectors.js test/ccm_test.js  \
               test/cbc_vectors.js test/cbc_test.js  \
@@ -70,18 +71,14 @@ TEST_SCRIPTS= $(TEST_COMMON) \
               test/hmac_vectors.js test/hmac_test.js \
               test/pbkdf2_test.js \
               test/bn_vectors.js test/bn_test.js \
-              test/ecdsa_test.js test/ecdsa_vectors.js test/ecdh_test.js
+              test/ecdsa_test.js test/ecdsa_vectors.js test/ecdh_test.js \
+              test/srp_vectors.js test/srp_test.js \
+              test/json_test.js
 
-TEST_SCRIPTS_OPT= $(TEST_COMMON) \
-              test/srp_vectors.js test/srp_test.js
+# Run all tests in node.js.
 
-# Rhino fails at -O 0.  Probably because the big files full of test vectors blow the
-# bytecode limit. So, run most tests with -O -1. But modular exponentiation is
-# currently very slow (on Rhino), so run the SRP test with optimizations on.
-
-test: sjcl.js $(TEST_SCRIPTS) test/run_tests_rhino.js
-	@rhino -O -1 -w test/run_tests_rhino.js $< $(TEST_SCRIPTS)
-	@rhino -O 9 -w test/run_tests_rhino.js $< $(TEST_SCRIPTS_OPT)
+test: sjcl.js $(TEST_SCRIPTS) test/run_tests_node.js
+	node test/run_tests_node.js $< $(TEST_SCRIPTS)
 
 tidy:
 	find . -name '*~' -delete

src/js/sjcl/README.md

@@ -0,0 +1,21 @@
+sjcl
+====
+
+[![Build Status](https://travis-ci.org/bitwiseshiftleft/sjcl.png)](https://travis-ci.org/bitwiseshiftleft/sjcl)
+
+Stanford Javascript Crypto Library
+
+Security Advisories
+===
+* 12.02.2014: the current development version has a paranoia bug in the ecc module. The bug was introduced in commit [ac0b3fe0](https://github.com/bitwiseshiftleft/sjcl/commit/ac0b3fe0) and might affect ecc key generation on platforms without a platform random number generator.
+* 
+
+Security Contact
+====
+Security Mail: [email protected]  
+OpenPGP-Key Fingerprint: 0D54 3E52 87B4 EC06 3FA9 0115 72ED A6C7 7AAF 48ED  
+Keyserver: pool.sks-keyservers.net  
+
+Documentation
+====
+The documentation is available [here](http://bitwiseshiftleft.github.io/sjcl/doc/)

src/js/sjcl/bower.json

@@ -0,0 +1,12 @@
+{
+	"name": "sjcl",
+	"version": "1.0.0",
+	"main": ["./sjcl.js"],
+	"ignore": [
+		"**/*",
+		"!README.md",
+		"!README/*",
+		"!bower.json",
+		"!sjcl.js"
+	]
+}

src/js/sjcl/browserTest/browserUtil.js

@@ -1,6 +1,6 @@
 browserUtil = {};
 
-browserUtil.isRhino = (typeof(window) === 'undefined');
+browserUtil.isNodeJS = (typeof(window) === 'undefined');
 
 /**
  * Pause (for the graphics to update and the script timer to clear), then run the

src/js/sjcl/browserTest/entropy.html

@@ -0,0 +1,88 @@
+<html>
+<head>
+
+<title>Entropy Generator Progress</title>
+<!-- ProgressBar source: http://stackoverflow.com/questions/7190898/progress-bar-with-html-and-css -->
+
+<style>
+#progressbar {
+  background-color: black;
+  border-radius: 13px; /* (height of inner div) / 2 + padding */
+  padding: 3px;
+}
+#progressbar > div {
+   background-color: orange;
+   width: 0%; /* Adjust with JavaScript */
+   height: 20px;
+   border-radius: 10px;
+}
+</style>
+
+<script type="text/javascript" src="../sjcl.js">
+</script>
+
+<script type="text/javascript">
+
+var busy = 0;
+var collecting = 0;
+
+function showprogress () {
+	var barwidth = document.getElementById ("progresswidth");
+	var paranoia = parseInt (document.getElementById ("paranoialevel").value);
+	var progress = 100 * sjcl.random.getProgress (paranoia);
+	barwidth.style.width = progress+"%";
+	if (!sjcl.random.isReady (paranoia)) {
+		setTimeout ("showprogress()", 10, "JavaScript");
+	} else {
+		busy = 0;
+		document.getElementById ("startbutton").style.disabled = 1;
+	}
+}
+
+function startup () {
+	if (collecting == 0) {
+		sjcl.random.startCollectors ();
+		collecting = 1;
+	}
+	if (busy == 0) {
+		busy = 1;
+		document.getElementById ("startbutton").style.disabled = 1;
+		showprogress ();
+	}
+}
+
+function consume (numbits) {
+	var collector = document.getElementById ("collector");
+	collector.value = "retrieving random data";
+	var paranoia = document.getElementById ("paranoialevel").value;
+	var numwords = Math.ceil (numbits / 32);
+	var bits = sjcl.random.randomWords (numwords, paranoia);
+	collector.value = '';
+	for (var i=0; i<numwords; i++) {
+		var hi = (bits [i] >> 16) & 0x0000ffff;
+		var lo =  bits [i]        & 0x0000ffff;
+		collector.value = collector.value + hi.toString (16) + lo.toString (16);
+	}
+	startup ();
+}
+
+</script>
+
+</head>
+<body>
+<h1>Entropy Generator Progress</h1>
+
+<p>Target: 192 bits, available at paranoia level 5.</p>
+
+<p>Corresponding paranoia level from [0,1..10]: <input type="text" value="5" id="paranoialevel"/> <input type=button onclick="startup ()" id="startbutton" value=" Start &gt;&gt; "> (the idea being that you can see the progress bar advance gently from empty/black to full/yellow after you press this)</p>
+
+<p><input type=button onclick="consume (192)" value=" Consume 192 bits &gt;&gt; "><input type=text id=collector size=50 value="" onkeypress="consume (192)"> (also consumes 192 bits with every keypress in the text field; use key repeat to consume swiftly)</p>
+
+<div id="progressbar">
+  <div id="progresswidth"></div>
+</div>
+
+<p>Please move your mouse, play around and generally introduce entropy into your environment.</p>
+
+</body>
+</html>

src/js/sjcl/browserTest/nodeUtil.js

@@ -0,0 +1,44 @@
+browserUtil = {
+  isNodeJS: true,
+
+  pauseAndThen: function (cb) { cb(); },
+
+  cpsIterate: function (f, start, end, pause, callback) {
+    function go() {
+      var called = false;
+      if (start >= end) {
+        callback && callback();
+      } else {
+        f(start, function () {
+          if (!called) { called = true; start++; go(); }
+        });
+      }
+    }
+    go (start);
+  },
+
+  cpsMap: function (map, list, pause, callback) {
+    browserUtil.cpsIterate(function (i, cb) { map(list[i], i, list.length, cb); },
+                           0, list.length, pause, callback);
+  },
+
+  loadScripts: function(scriptNames, callback) {
+    for (i=0; i<scriptNames.length; i++) {
+      load(scriptNames[i]);
+      callback && callback();
+    }
+  },
+
+  write: function(type, message) {
+    console.log(message);
+    return { update: function (type2, message2) {
+      if (type2 === 'pass') { console.log("  + " + message2); }
+      else if (type2 === 'unimplemented') { console.log("  ? " + message2); }
+      else { console.log("  - " + message2); }
+    }};
+  },
+
+  writeNewline: function () { console.log(""); },
+
+  status: function(message) {}
+};

src/js/sjcl/compress/digitize.pl

@@ -16,7 +16,7 @@ sub digitize {
 }
 
 while (<>) {
-    s/([^a-zA-Z0-9_])(\d+)/$1 . digitize $2/eg;
+    s/([^a-zA-Z0-9_"])(\d+)/$1 . digitize $2/eg;
     print;
 }
 

src/js/sjcl/configure

@@ -4,12 +4,13 @@ use strict;
 
 my ($arg, $i, $j, $targ);
 
-my @targets = qw/sjcl aes bitArray codecString codecHex codecBase64 codecBytes sha256 sha512 sha1 ccm cbc ocb2 gcm hmac pbkdf2 random convenience bn ecc srp/;
+my @targets = qw/sjcl aes bitArray codecString codecHex codecBase32 codecBase64 codecBytes sha256 sha512 sha1 ccm cbc ocb2 gcm hmac pbkdf2 random convenience bn ecc srp/;
 my %deps = ('aes'=>'sjcl',
             'bitArray'=>'sjcl',
             'codecString'=>'bitArray',
             'codecHex'=>'bitArray',
             'codecBase64'=>'bitArray',
+            'codecBase32'=>'bitArray',
             'codecBytes'=>'bitArray',
             'sha256'=>'codecString',
             'sha512'=>'codecString',
@@ -32,10 +33,10 @@ my %enabled = ();
 $enabled{$_} = 0 foreach (@targets);
 
 # by default, all but codecBytes, srp, bn
-$enabled{$_} = 1 foreach (qw/aes bitArray codecString codecHex codecBase64 sha256 ccm ocb2 gcm hmac pbkdf2 random convenience/);
+$enabled{$_} = 1 foreach (qw/aes bitArray codecString codecHex codecBase32 codecBase64 sha256 ccm ocb2 gcm hmac pbkdf2 random convenience/);
 
 # argument parsing
-while ($arg = shift @ARGV) {
+while (my $arg = shift @ARGV) {
   if ($arg =~ /^--?with-all$/) {
     foreach (@targets) {
       if ($enabled{$_} == 0) {
@@ -97,7 +98,7 @@ my $config = '';
 my $pconfig;
 
 # dependency analysis: forbidden
-foreach $i (@targets) {
+foreach my $i (@targets) {
   if ($enabled{$i} > 0) {
     foreach $j (split /,/, $deps{$i}) {
       if ($enabled{$j} == -1) {
@@ -114,7 +115,7 @@ foreach $i (@targets) {
 }
 
 # reverse
-foreach $i (reverse @targets) {
+foreach my $i (reverse @targets) {
   if ($enabled{$i} > 0) {
     foreach $j (split /,/, $deps{$i}) {
       if ($enabled{$j} < $enabled{$i}) {