browserify-rsa
Advanced tools
Comparing version 4.0.1 to 4.1.0
69
index.js
@@ -1,40 +0,35 @@ | ||
var bn = require('bn.js'); | ||
var randomBytes = require('randombytes'); | ||
module.exports = crt; | ||
function blind(priv) { | ||
var r = getr(priv); | ||
var blinder = r.toRed(bn.mont(priv.modulus)) | ||
.redPow(new bn(priv.publicExponent)).fromRed(); | ||
return { | ||
blinder: blinder, | ||
unblinder:r.invm(priv.modulus) | ||
}; | ||
var BN = require('bn.js') | ||
var randomBytes = require('randombytes') | ||
function blind (priv) { | ||
var r = getr(priv) | ||
var blinder = r.toRed(BN.mont(priv.modulus)).redPow(new BN(priv.publicExponent)).fromRed() | ||
return { blinder: blinder, unblinder: r.invm(priv.modulus) } | ||
} | ||
function crt(msg, priv) { | ||
var blinds = blind(priv); | ||
var len = priv.modulus.byteLength(); | ||
var mod = bn.mont(priv.modulus); | ||
var blinded = new bn(msg).mul(blinds.blinder).umod(priv.modulus); | ||
var c1 = blinded.toRed(bn.mont(priv.prime1)); | ||
var c2 = blinded.toRed(bn.mont(priv.prime2)); | ||
var qinv = priv.coefficient; | ||
var p = priv.prime1; | ||
var q = priv.prime2; | ||
var m1 = c1.redPow(priv.exponent1); | ||
var m2 = c2.redPow(priv.exponent2); | ||
m1 = m1.fromRed(); | ||
m2 = m2.fromRed(); | ||
var h = m1.isub(m2).imul(qinv).umod(p); | ||
h.imul(q); | ||
m2.iadd(h); | ||
return new Buffer(m2.imul(blinds.unblinder).umod(priv.modulus).toArray(false, len)); | ||
function getr (priv) { | ||
var len = priv.modulus.byteLength() | ||
var r | ||
do { | ||
r = new BN(randomBytes(len)) | ||
} while (r.cmp(priv.modulus) >= 0 || !r.umod(priv.prime1) || !r.umod(priv.prime2)) | ||
return r | ||
} | ||
crt.getr = getr; | ||
function getr(priv) { | ||
var len = priv.modulus.byteLength(); | ||
var r = new bn(randomBytes(len)); | ||
while (r.cmp(priv.modulus) >= 0 || !r.umod(priv.prime1) || !r.umod(priv.prime2)) { | ||
r = new bn(randomBytes(len)); | ||
} | ||
return r; | ||
function crt (msg, priv) { | ||
var blinds = blind(priv) | ||
var len = priv.modulus.byteLength() | ||
var blinded = new BN(msg).mul(blinds.blinder).umod(priv.modulus) | ||
var c1 = blinded.toRed(BN.mont(priv.prime1)) | ||
var c2 = blinded.toRed(BN.mont(priv.prime2)) | ||
var qinv = priv.coefficient | ||
var p = priv.prime1 | ||
var q = priv.prime2 | ||
var m1 = c1.redPow(priv.exponent1).fromRed() | ||
var m2 = c2.redPow(priv.exponent2).fromRed() | ||
var h = m1.isub(m2).imul(qinv).umod(p).imul(q) | ||
return m2.iadd(h).imul(blinds.unblinder).umod(priv.modulus).toArrayLike(Buffer, 'be', len) | ||
} | ||
crt.getr = getr | ||
module.exports = crt |
{ | ||
"name": "browserify-rsa", | ||
"version": "4.0.1", | ||
"version": "4.1.0", | ||
"description": "RSA for browserify", | ||
"bugs": { | ||
"url": "https://github.com/crypto-browserify/browserify-rsa/issues" | ||
}, | ||
"license": "MIT", | ||
"files": [ | ||
"index.js" | ||
], | ||
"main": "index.js", | ||
"repository": { | ||
"type": "git", | ||
"url": "https://github.com:crypto-browserify/browserify-rsa.git" | ||
}, | ||
"scripts": { | ||
"test": "node test.js | tspec" | ||
"lint": "standard", | ||
"test": "npm run lint && npm run unit", | ||
"unit": "tape test/*.js" | ||
}, | ||
"author": "", | ||
"license": "MIT", | ||
"dependencies": { | ||
"bn.js": "^4.1.0", | ||
"bn.js": "^5.0.0", | ||
"randombytes": "^2.0.1" | ||
}, | ||
"repository": { | ||
"type": "git", | ||
"url": "git@github.com:crypto-browserify/browserify-rsa.git" | ||
}, | ||
"devDependencies": { | ||
"parse-asn1": "^5.0.0", | ||
"tap-spec": "^2.1.2", | ||
"tape": "^3.0.3" | ||
"standard": "^6.0.8", | ||
"tape": "^4.5.1" | ||
} | ||
} |
Sorry, the diff of this file is not supported yet
No contributors or author data
MaintenancePackage does not specify a list of contributors or an author in package.json.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
No bug tracker
MaintenancePackage does not have a linked bug tracker in package.json.
Found 1 instance in 1 package
1
18
0
0
3678
4
31
+ Addedbn.js@5.2.1(transitive)
- Removedbn.js@4.12.0(transitive)
Updatedbn.js@^5.0.0