rmega 0.0.2

data/.gitignore

@@ -0,0 +1,19 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+.DS_Store
+.rvmrc

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in rmega.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Daniele Molteni
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,82 @@
+# Rmega
+
+Ruby library for the Mega.co.nz API.  
+Tested using ruby 1.9.3+ (OpenSSL 0.9.8r+)
+
+<div style="background-color: #000000; border-radius: 8px">
+  <img src="https://eu.static.mega.co.nz/images/mega/logo.png" />
+</div>
+
+
+
+## Usage
+
+```ruby
+storage = Rmega.login 'your_email', 'your_password'
+
+# Fetch all the nodes (files, folders, ecc.)
+nodes = storage.nodes
+
+# Find all nodes which name match a regexp
+nodes = storage.nodes_by_name /my.document/i
+
+# Download a file
+my_node.download '~/Download' # The name of the node is used
+my_node.download '~/Download/mydocument_42.zip' # Specify a new name
+
+# Download a file using a given url
+storage.download 'https://mega.co.nz/#!cER0GYbD!ZCHruEzLghAcEZuD44Dp0k--6m5duA08Xl4a_bUZYMI', '~/Download'
+
+# Upload a file (to the root node)
+storage.upload '~/Downloads/my_file.zip'
+
+# Upload a file to a specific folder
+storage.upload '~/Downloads/my_file.zip', folder_node
+
+# Trash a node
+my_node.trash
+
+# Gets the public url (the sharable one) of a file
+my_node.public_url
+
+# See the attributes of a node
+my_node.attributes
+
+# Find all nodes of certain type
+# types are: file, dir, root, inbox, trash
+files   = storage.nodes_by_type :file
+folders = storage.nodes_by_type :dir
+
+```
+
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'rmega'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install rmega
+
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Added some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request
+
+
+## Copyright
+
+This work is the result of a reverse engineering of the Mega's Javascript code.
+
+Copyright (c) 2013 Daniele Molteni  
+MIT License

data/Rakefile

@@ -0,0 +1,2 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"

data/lib/rmega.rb

@@ -0,0 +1,50 @@
+# Gem with ruby 1.9+
+require "openssl"
+require "json"
+require "logger"
+require "ostruct"
+
+# Gems in the bundle
+require "httpclient"
+require "execjs"
+require "ruby-progressbar"
+
+# Require all the other files
+require "rmega/version"
+require "rmega/utils"
+require "rmega/crypto/rsa"
+require "rmega/crypto/aes"
+require "rmega/crypto/aes_ctr"
+require "rmega/crypto/crypto"
+require "rmega/storage"
+require "rmega/node"
+require "rmega/session"
+
+module Rmega
+  def self.logger
+    @logger ||= begin
+      logger = Logger.new $stdout
+      logger.formatter = Proc.new { | severity, time, progname, msg| "#{msg}\n" }
+      logger.level = Logger::INFO
+      logger
+    end
+  end
+
+  def self.login email, password
+    session = Session.new email, password
+    session.storage
+  end
+
+  def self.default_options
+    {
+      show_progress:        true,
+      upload_timeout:       120,
+      api_request_timeout:  20,
+      api_url:              'https://eu.api.mega.co.nz/cs'
+    }
+  end
+
+  def self.options
+    @options ||= OpenStruct.new default_options
+  end
+end

data/lib/rmega/crypto/aes.rb

@@ -0,0 +1,33 @@
+module Rmega
+  module Crypto
+    module Aes
+      extend self
+
+      def packing
+        'l>*'
+      end
+
+      def cipher
+        @cipher ||= OpenSSL::Cipher::AES.new 128, :CBC
+      end
+
+      def encrypt key, data
+        cipher.reset
+        cipher.padding = 0
+        cipher.encrypt
+        cipher.key = key.pack(packing)
+        result = cipher.update data.pack(packing)
+        result.unpack packing
+      end
+
+      def decrypt key, data
+        cipher.reset
+        cipher.padding = 0
+        cipher.decrypt
+        cipher.key = key.pack packing
+        result = cipher.update data.pack(packing)
+        result.unpack packing
+      end
+    end
+  end
+end

data/lib/rmega/crypto/aes_ctr.rb

@@ -0,0 +1,89 @@
+module Rmega
+  module Crypto
+    module AesCtr
+      extend self
+
+      def decrypt key, nonce, data
+        raise "invalid nonce" if nonce.size != 4 or !nonce.respond_to?(:pack)
+        raise "invalid key" if key.size != 4 or !key.respond_to?(:pack)
+
+        mac = [nonce[0], nonce[1], nonce[0], nonce[1]]
+        enc = nil
+        a32 = Utils.str_to_a32 data
+        len = a32.size - 3
+        last_i = 0
+
+        (0..len).step(4) do |i|
+          enc = Aes.encrypt key, nonce
+          4.times do |m|
+            a32[i+m] = (a32[i+m] || 0) ^ (enc[m] || 0)
+            mac[m] = (mac[m] || 0) ^ (a32[i+m] || 0)
+          end
+          mac = Aes.encrypt key, mac
+          nonce[3] += 1
+          nonce[2] += 1 if nonce[3] == 0
+          last_i = i + 4
+        end
+
+        if last_i < a32.size
+          v = [0, 0, 0, 0]
+          (last_i..a32.size - 1).step(1) { |m| v[m-last_i] = a32[m] || 0 }
+
+          enc = Aes.encrypt key, nonce
+          4.times { |m| v[m] = v[m] ^ enc[m] }
+
+          j = data.size & 15
+          m = Utils.str_to_a32 Array.new(j+1).join(255.chr)+Array.new(17-j).join(0.chr)
+
+          4.times { |x| mac[x] = mac[x] ^ (v[x] & m[x]) }
+
+          mac = Aes.encrypt key, mac
+
+          (last_i..a32.size - 1).step(1) { |j| a32[j] = v[j - last_i] || 0 }
+        end
+
+        decrypted_data = Utils.a32_to_str(a32, data.size)
+
+        {data: decrypted_data, mac: mac}
+      end
+
+      def encrypt key, nonce, data
+        raise "invalid nonce" if nonce.size != 4 or !nonce.respond_to?(:pack)
+        raise "invalid key" if key.size != 4 or !key.respond_to?(:pack)
+
+        ctr = nonce.dup
+        mac = [ctr[0], ctr[1], ctr[0], ctr[1]]
+        ab32 = Utils.str_to_a32 data
+        len = ab32.size - 3
+        enc = nil
+        last_i = 0
+
+        (0..len).step(4) do |i|
+          4.times { |x| mac[x] = mac[x] ^ (ab32[i+x] || 0) }
+          mac = Aes.encrypt key, mac
+          enc = Aes.encrypt key, ctr
+          4.times { |x|  ab32[i+x] = (ab32[i+x] || 0) ^ (enc[x] || 0) }
+          ctr[3] += 1
+          ctr[2] += 1 if ctr[3].zero?
+          last_i = i + 4
+        end
+
+        i = last_i
+
+        if i < ab32.size
+          v = [0, 0, 0, 0]
+          (i..ab32.size - 1).step(1) { |j| v[j - i] = ab32[j] || 0 }
+          4.times { |x| mac[x] = mac[x] ^ v[x] }
+          mac = Aes.encrypt key, mac
+          enc = Aes.encrypt key, ctr
+          4.times { |x| v[x] = v[x] ^ enc[x] }
+          (i..ab32.size - 1).step(1) { |j| ab32[j] = v[j - i] || 0 }
+        end
+
+        decrypted_data = Utils.a32_to_str ab32, data.size
+        {data: decrypted_data, mac: mac}
+      end
+
+    end
+  end
+end

data/lib/rmega/crypto/crypto.rb

@@ -0,0 +1,94 @@
+module Rmega
+  module Crypto
+    extend self
+
+    def prepare_key ary
+      pkey = [0x93C467E3,0x7DB0C7A4,0xD1BE3F81,0x0152CB56]
+      65536.times do
+        0.step(ary.size-1, 4) do |j|
+          key = [0,0,0,0]
+          4.times do |i|
+            key[i] = ary[i+j] if i+j < ary.size
+          end
+          pkey = Aes.encrypt key, pkey
+        end
+      end
+      pkey
+    end
+
+    def decrypt_sid key, csid, privk
+      # if csid ...
+      t = Utils.mpi2b Utils.base64urldecode(csid)
+      privk = Utils.a32_to_str decrypt_key(key, Utils.base64_to_a32(privk))
+      rsa_privk = Array.new 4
+      # else if tsid (todo)
+
+      # Decompose private key
+      4.times do |i|
+        l = ((privk[0].ord * 256 + privk[1].ord + 7) >> 3) + 2
+        rsa_privk[i] = Utils.mpi2b privk[0..l-1]
+        privk = privk[l..-1]
+      end
+
+      # TODO - remove execjs and build the key using the ruby lib
+      # rsa_key = Crypto::Rsa.build_rsa_key rsa_privk
+      decrypted_t = Rsa.decrypt t, rsa_privk
+      Utils.base64urlencode Utils.b2s(decrypted_t)[0..42]
+    end
+
+    def encrypt_attributes key, attributes_hash
+      a32key = key.dup
+      if a32key.size > 4
+        a32key = [a32key[0] ^ a32key[4], a32key[1] ^ a32key[5], a32key[2] ^ a32key[6], a32key[3] ^ a32key[7]]
+      end
+      attributes_str = "MEGA#{attributes_hash.to_json}"
+      attributes_str << ("\x00" * (16 - (attributes_str.size % 16)))
+      Crypto::Aes.encrypt a32key, Utils.str_to_a32(attributes_str)
+    end
+
+    def decrypt_attributes key, attributes_base64
+      a32key = key.dup
+      if a32key.size > 4
+        a32key = [a32key[0] ^ a32key[4], a32key[1] ^ a32key[5], a32key[2] ^ a32key[6], a32key[3] ^ a32key[7]]
+      end
+      attributes = Crypto::Aes.decrypt a32key, Utils.base64_to_a32(attributes_base64)
+      attributes = Utils.a32_to_str attributes
+      JSON.parse attributes.gsub(/^MEGA/, '').rstrip
+    end
+
+    def prepare_key_pw password_str
+      prepare_key Utils.str_to_a32(password_str)
+    end
+
+    def stringhash aes_key, string
+      s32 = Utils::str_to_a32 string
+      h32 = [0,0,0,0]
+
+      s32.size.times { |i| h32[i & 3] ^= s32[i] }
+      16384.times { h32 = Aes.encrypt aes_key, h32 }
+
+      Utils::a32_to_base64 [h32[0],h32[2]]
+    end
+
+    def encrypt_key key, data
+      return Aes.encrypt(key, data) if data.size == 4
+      x = []
+      (0..data.size).step(4) do |i|
+        # cdata = [data[i] || 0, data[i+1] || 0, data[i+2] || 0, data[i+3] || 0]
+        cdata = [data[i] || 0, data[i+1] || 0, data[i+2], data[i+3]].compact
+        x.concat Crypto::Aes.encrypt(key, cdata)
+      end
+      x
+    end
+
+    def decrypt_key key, data
+      return Aes.decrypt(key, data) if data.size == 4
+      x = []
+      (0..data.size).step(4) do |i|
+        cdata = [data[i] || 0, data[i+1] || 0, data[i+2] || 0, data[i+3] || 0]
+        x.concat Crypto::Aes.decrypt(key, cdata)
+      end
+      x
+    end
+  end
+end

data/lib/rmega/crypto/rsa.rb

@@ -0,0 +1,19 @@
+module Rmega
+  module Crypto
+    module Rsa
+      extend self
+
+      def script_path
+        File.join File.dirname(__FILE__), 'rsa_mega.js'
+      end
+
+      def context
+        @context ||= ExecJS.compile File.read(script_path)
+      end
+
+      def decrypt t, privk
+        context.call "RSAdecrypt", t, privk[2], privk[0], privk[1], privk[3]
+      end
+    end
+  end
+end

data/lib/rmega/crypto/rsa_mega.js

@@ -0,0 +1,455 @@
+
+/* RSA public key encryption/decryption
+ * The following functions are (c) 2000 by John M Hanna and are
+ * released under the terms of the Gnu Public License.
+ * You must freely redistribute them with their source -- see the
+ * GPL for details.
+ *  -- Latest version found at http://sourceforge.net/projects/shop-js
+ *
+ * Modifications and GnuPG multi precision integer (mpi) conversion added
+ * 2004 by Herbert Hanewinkel, www.haneWIN.de
+ */
+
+// --- Arbitrary Precision Math ---
+// badd(a,b), bsub(a,b), bsqr(a), bmul(a,b)
+// bdiv(a,b), bmod(a,b), bexpmod(g,e,m), bmodexp(g,e,m)
+
+// bs is the shift, bm is the mask
+// set single precision bits to 28
+var bs=28;
+var bx2=1<<bs, bm=bx2-1, bx=bx2>>1, bd=bs>>1, bdm=(1<<bd)-1;
+
+var log2=Math.log(2);
+
+function zeros(n)
+{
+ var r=new Array(n);
+
+ while(n-->0) r[n]=0;
+ return r;
+}
+
+function zclip(r)
+{
+ var n = r.length;
+ if(r[n-1]) return r;
+ while(n>1 && r[n-1]==0) n--;
+ return r.slice(0,n);
+}
+
+// returns bit length of integer x
+function nbits(x)
+{
+  var n = 1, t;
+  if((t=x>>>16) != 0) { x = t; n += 16; }
+  if((t=x>>8) != 0) { x = t; n += 8; }
+  if((t=x>>4) != 0) { x = t; n += 4; }
+  if((t=x>>2) != 0) { x = t; n += 2; }
+  if((t=x>>1) != 0) { x = t; n += 1; }
+  return n;
+}
+
+function badd(a,b)
+{
+ var al=a.length;
+ var bl=b.length;
+
+ if(al < bl) return badd(b,a);
+
+ var r=new Array(al);
+ var c=0, n=0;
+
+ for(; n<bl; n++)
+ {
+  c+=a[n]+b[n];
+  r[n]=c & bm;
+  c>>>=bs;
+ }
+ for(; n<al; n++)
+ {
+  c+=a[n];
+  r[n]=c & bm;
+  c>>>=bs;
+ }
+ if(c) r[n]=c;
+ return r;
+}
+
+function bsub(a,b)
+{
+ var al=a.length;
+ var bl=b.length;
+
+ if(bl > al) return [];
+ if(bl == al)
+ {
+  if(b[bl-1] > a[bl-1]) return [];
+  if(bl==1) return [a[0]-b[0]];
+ }
+
+ var r=new Array(al);
+ var c=0;
+
+ for(var n=0; n<bl; n++)
+ {
+  c+=a[n]-b[n];
+  r[n]=c & bm;
+  c>>=bs;
+ }
+ for(;n<al; n++)
+ {
+  c+=a[n];
+  r[n]=c & bm;
+  c>>=bs;
+ }
+ if(c) return [];
+
+ return zclip(r);
+}
+
+function ip(w, n, x, y, c)
+{
+ var xl = x&bdm;
+ var xh = x>>bd;
+
+ var yl = y&bdm;
+ var yh = y>>bd;
+
+ var m = xh*yl+yh*xl;
+ var l = xl*yl+((m&bdm)<<bd)+w[n]+c;
+ w[n] = l&bm;
+ c = xh*yh+(m>>bd)+(l>>bs);
+ return c;
+}
+
+// Multiple-precision squaring, HAC Algorithm 14.16
+
+function bsqr(x)
+{
+ var t = x.length;
+ var n = 2*t;
+ var r = zeros(n);
+ var c = 0;
+ var i, j;
+
+ for(i = 0; i < t; i++)
+ {
+  c = ip(r,2*i,x[i],x[i],0);
+  for(j = i+1; j < t; j++)
+  {
+   c = ip(r,i+j,2*x[j],x[i],c);
+  }
+  r[i+t] = c;
+ }
+
+ return zclip(r);
+}
+
+// Multiple-precision multiplication, HAC Algorithm 14.12
+
+function bmul(x,y)
+{
+ var n = x.length;
+ var t = y.length;
+ var r = zeros(n+t-1);
+ var c, i, j;
+
+ for(i = 0; i < t; i++)
+ {
+  c = 0;
+  for(j = 0; j < n; j++)
+  {
+   c = ip(r,i+j,x[j],y[i],c);
+  }
+  r[i+n] = c;
+ }
+
+ return zclip(r);
+}
+
+function toppart(x,start,len)
+{
+ var n=0;
+ while(start >= 0 && len-->0) n=n*bx2+x[start--];
+ return n;
+}
+
+// Multiple-precision division, HAC Algorithm 14.20
+
+function bdiv(a,b)
+{
+ var n=a.length-1;
+ var t=b.length-1;
+ var nmt=n-t;
+
+ // trivial cases; a < b
+ if(n < t || n==t && (a[n]<b[n] || n>0 && a[n]==b[n] && a[n-1]<b[n-1]))
+ {
+  this.q=[0]; this.mod=a;
+  return this;
+ }
+
+ // trivial cases; q < 4
+ if(n==t && toppart(a,t,2)/toppart(b,t,2) <4)
+ {
+  var x=a.concat();
+  var qq=0;
+  var xx;
+  for(;;)
+  {
+   xx=bsub(x,b);
+   if(xx.length==0) break;
+   x=xx; qq++;
+  }
+  this.q=[qq]; this.mod=x;
+  return this;
+ }
+
+ // normalize
+ var shift2=Math.floor(Math.log(b[t])/log2)+1;
+ var shift=bs-shift2;
+
+ var x=a.concat();
+ var y=b.concat();
+
+ if(shift)
+ {
+  for(i=t; i>0; i--) y[i]=((y[i]<<shift) & bm) | (y[i-1] >> shift2);
+  y[0]=(y[0]<<shift) & bm;
+  if(x[n] & ((bm <<shift2) & bm))
+  {
+   x[++n]=0; nmt++;
+  }
+  for(i=n; i>0; i--) x[i]=((x[i]<<shift) & bm) | (x[i-1] >> shift2);
+  x[0]=(x[0]<<shift) & bm;
+ }
+
+ var i, j, x2;
+ var q=zeros(nmt+1);
+ var y2=zeros(nmt).concat(y);
+ for(;;)
+ {
+  x2=bsub(x,y2);
+  if(x2.length==0) break;
+  q[nmt]++;
+  x=x2;
+ }
+
+ var yt=y[t], top=toppart(y,t,2)
+ for(i=n; i>t; i--)
+ {
+  var m=i-t-1;
+  if(i >= x.length) q[m]=1;
+  else if(x[i] == yt) q[m]=bm;
+  else q[m]=Math.floor(toppart(x,i,2)/yt);
+
+  var topx=toppart(x,i,3);
+  while(q[m] * top > topx) q[m]--;
+
+  //x-=q[m]*y*b^m
+  y2=y2.slice(1);
+  x2=bsub(x,bmul([q[m]],y2));
+  if(x2.length==0)
+  {
+   q[m]--;
+   x2=bsub(x,bmul([q[m]],y2));
+  }
+  x=x2;
+ }
+ // de-normalize
+ if(shift)
+ {
+  for(i=0; i<x.length-1; i++) x[i]=(x[i]>>shift) | ((x[i+1] << shift2) & bm);
+  x[x.length-1]>>=shift;
+ }
+
+ this.q = zclip(q);
+ this.mod = zclip(x);
+ return this;
+}
+
+function simplemod(i,m) // returns the mod where m < 2^bd
+{
+ var c=0, v;
+ for(var n=i.length-1; n>=0; n--)
+ {
+  v=i[n];
+  c=((v >> bd) + (c<<bd)) % m;
+  c=((v & bdm) + (c<<bd)) % m;
+ }
+ return c;
+}
+
+function bmod(p,m)
+{
+ if(m.length==1)
+ {
+  if(p.length==1) return [p[0] % m[0]];
+  if(m[0] < bdm) return [simplemod(p,m[0])];
+ }
+
+ var r=bdiv(p,m);
+ return r.mod;
+}
+
+// Barrett's modular reduction, HAC Algorithm 14.42
+
+function bmod2(x,m,mu)
+{
+ var xl=x.length - (m.length << 1);
+ if(xl > 0) return bmod2(x.slice(0,xl).concat(bmod2(x.slice(xl),m,mu)),m,mu);
+
+ var ml1=m.length+1, ml2=m.length-1,rr;
+ //var q1=x.slice(ml2)
+ //var q2=bmul(q1,mu)
+ var q3=bmul(x.slice(ml2),mu).slice(ml1);
+ var r1=x.slice(0,ml1);
+ var r2=bmul(q3,m).slice(0,ml1);
+ var r=bsub(r1,r2);
+ 
+ if(r.length==0)
+ {
+  r1[ml1]=1;
+  r=bsub(r1,r2);
+ }
+ for(var n=0;;n++)
+ {
+  rr=bsub(r,m);
+  if(rr.length==0) break;
+  r=rr;
+  if(n>=3) return bmod2(r,m,mu);
+ }
+ return r;
+}
+
+// Modular exponentiation, HAC Algorithm 14.79
+
+function bexpmod(g,e,m)
+{
+ var a = g.concat();
+ var l = e.length-1;
+ var n = nbits(e[l])-2;
+
+ for(; l >= 0; l--)
+ {
+  for(; n >= 0; n-=1)
+  {
+   a=bmod(bsqr(a),m);
+   if(e[l] & (1<<n)) a=bmod(bmul(a,g),m);
+  }
+  n = bs-1;
+ }
+ return a;
+}
+
+// Modular exponentiation using Barrett reduction
+
+function bmodexp(g,e,m)
+{
+ var a=g.concat();
+ var l=e.length-1;
+ var n=m.length*2;
+ var mu=zeros(n+1);
+ mu[n]=1;
+ mu=bdiv(mu,m).q;
+
+ n = nbits(e[l])-2;
+
+ for(; l >= 0; l--)
+ {
+  for(; n >= 0; n-=1)
+  {
+   a=bmod2(bsqr(a),m, mu);
+   if(e[l] & (1<<n)) a=bmod2(bmul(a,g),m, mu);
+  }
+  n = bs-1;
+ }
+ return a;
+}
+
+// -----------------------------------------------------
+// Compute s**e mod m for RSA public key operation
+
+function RSAencrypt(s, e, m) { return bexpmod(s,e,m); }
+
+// Compute m**d mod p*q for RSA private key operations.
+
+function RSAdecrypt(m, d, p, q, u)
+{
+ var xp = bmodexp(bmod(m,p), bmod(d,bsub(p,[1])), p);
+ var xq = bmodexp(bmod(m,q), bmod(d,bsub(q,[1])), q);
+
+ var t=bsub(xq,xp);
+ if(t.length==0)
+ {
+  t=bsub(xp,xq);
+  t=bmod(bmul(t, u), q);
+  t=bsub(q,t);
+ }
+ else
+ {
+  t=bmod(bmul(t, u), q);
+ } 
+ return badd(bmul(t,p), xp);
+}
+
+// -----------------------------------------------------------------
+// conversion functions: num array <-> multi precision integer (mpi)
+// mpi: 2 octets with length in bits + octets in big endian order
+
+function mpi2b(s)
+{
+ var bn=1, r=[0], rn=0, sb=256;
+ var c, sn=s.length;
+ if(sn < 2) return 0;
+
+ var len=(sn-2)*8;
+ var bits=s.charCodeAt(0)*256+s.charCodeAt(1);
+ if(bits > len || bits < len-8) return 0;
+
+ for(var n=0; n<len; n++)
+ {
+  if((sb<<=1) > 255)
+  {
+   sb=1; c=s.charCodeAt(--sn);
+  }
+  if(bn > bm)
+  {
+   bn=1;
+   r[++rn]=0;
+  }
+  if(c & sb) r[rn]|=bn;
+  bn<<=1;
+ }
+ return r;
+}
+
+function b2mpi(b)
+{
+ var bn=1, bc=0, r=[0], rb=1, rn=0;
+ var bits=b.length*bs;
+ var n, rr='';
+
+ for(n=0; n<bits; n++)
+ {
+  if(b[bc] & bn) r[rn]|=rb;
+  if((rb<<=1) > 255)
+  {
+   rb=1; r[++rn]=0;
+  }
+  if((bn<<=1) > bm)
+  {
+   bn=1; bc++;
+  }
+ }
+
+ while(rn && r[rn]==0) rn--;
+
+ bn=256;
+ for(bits=8; bits>0; bits--) if(r[rn] & (bn>>=1)) break;
+ bits+=rn*8;
+
+ rr+=String.fromCharCode(bits/256)+String.fromCharCode(bits%256);
+ if(bits) for(n=rn; n>=0; n--) rr+=String.fromCharCode(r[n]);
+ return rr;
+}