Index: typo3/sysext/rsaauth/resources/jsbn/rsa.js =================================================================== --- typo3/sysext/rsaauth/resources/jsbn/rsa.js (Revision 8581) +++ typo3/sysext/rsaauth/resources/jsbn/rsa.js (Arbeitskopie) @@ -1,5 +1,7 @@ // Depends on jsbn.js and rng.js +// Version 1.1: support utf-8 encoding in pkcs1pad2 + // convert a (hex) string to a bignum object function parseBigInt(str,r) { return new BigInteger(str,r); @@ -24,13 +26,27 @@ // PKCS#1 (type 2, random) pad input string s to n bytes, and return a bigint function pkcs1pad2(s,n) { - if(n < s.length + 11) { + if(n < s.length + 11) { // TODO: fix for utf-8 alert("Message too long for RSA"); return null; } var ba = new Array(); var i = s.length - 1; - while(i >= 0 && n > 0) ba[--n] = s.charCodeAt(i--); + while(i >= 0 && n > 0) { + var c = s.charCodeAt(i--); + if(c < 128) { // encode using utf-8 + ba[--n] = c; + } + else if((c > 127) && (c < 2048)) { + ba[--n] = (c & 63) | 128; + ba[--n] = (c >> 6) | 192; + } + else { + ba[--n] = (c & 63) | 128; + ba[--n] = ((c >> 6) & 63) | 128; + ba[--n] = (c >> 12) | 224; + } + } ba[--n] = 0; var rng = new SecureRandom(); var x = new Array(); Index: typo3/sysext/rsaauth/resources/jsbn/rng.js =================================================================== --- typo3/sysext/rsaauth/resources/jsbn/rng.js (Revision 8581) +++ typo3/sysext/rsaauth/resources/jsbn/rng.js (Arbeitskopie) @@ -32,7 +32,7 @@ var z = window.crypto.random(32); for(t = 0; t < z.length; ++t) rng_pool[rng_pptr++] = z.charCodeAt(t) & 255; - } + } while(rng_pptr < rng_psize) { // extract some randomness from Math.random() t = Math.floor(65536 * Math.random()); rng_pool[rng_pptr++] = t >>> 8; Index: typo3/sysext/rsaauth/resources/jsbn/rsa2.js =================================================================== --- typo3/sysext/rsaauth/resources/jsbn/rsa2.js (Revision 8581) +++ typo3/sysext/rsaauth/resources/jsbn/rsa2.js (Arbeitskopie) @@ -1,5 +1,7 @@ // Depends on rsa.js and jsbn2.js +// Version 1.1: support utf-8 decoding in pkcs1unpad2 + // Undo PKCS#1 (type 2, random) padding and, if valid, return the plaintext function pkcs1unpad2(d,n) { var b = d.toByteArray(); @@ -11,8 +13,20 @@ while(b[i] != 0) if(++i >= b.length) return null; var ret = ""; - while(++i < b.length) - ret += String.fromCharCode(b[i]); + while(++i < b.length) { + var c = b[i] & 255; + if(c < 128) { // utf-8 decode + ret += String.fromCharCode(c); + } + else if((c > 191) && (c < 224)) { + ret += String.fromCharCode(((c & 31) << 6) | (b[i+1] & 63)); + ++i; + } + else { + ret += String.fromCharCode(((c & 15) << 12) | ((b[i+1] & 63) << 6) | (b[i+2] & 63)); + i += 2; + } + } return ret; } Index: typo3/sysext/rsaauth/resources/jsbn/jsbn2.js =================================================================== --- typo3/sysext/rsaauth/resources/jsbn/jsbn2.js (Revision 8581) +++ typo3/sysext/rsaauth/resources/jsbn/jsbn2.js (Arbeitskopie) @@ -1,9 +1,11 @@ -// Copyright (c) 2005 Tom Wu +// Copyright (c) 2005-2009 Tom Wu // All Rights Reserved. // See "LICENSE" for details. // Extended JavaScript BN functions, required for RSA private ops. +// Version 1.1: new BigInteger("0", 10) returns "proper" zero + // (public) function bnClone() { var r = nbi(); this.copyTo(r); return r; } @@ -310,6 +312,7 @@ // (protected) this += n << w words, this >= 0 function bnpDAddOffset(n,w) { + if(n == 0) return; while(this.t <= w) this[this.t++] = 0; this[w] += n; while(this[w] >= this.DV) {