in src/rsa.js [409:504]
OAEP_DECODE: function(sha, p, f) {
var olen = RSA.RFS - 1,
SEED = [],
CHASH = [],
DBMASK = [],
comp,
hlen,
seedlen,
x, t, d, i, k, h, r;
seedlen = hlen = sha;
if (olen < seedlen + hlen + 1) {
return null;
}
for (i = 0; i < olen - seedlen; i++) {
DBMASK[i] = 0;
}
if (f.length < RSA.RFS) {
d = RSA.RFS - f.length;
for (i = RSA.RFS - 1; i >= d; i--) {
f[i] = f[i - d];
}
for (i = d - 1; i >= 0; i--) {
f[i] = 0;
}
}
h = this.hashit(sha, p, -1);
for (i = 0; i < hlen; i++) {
CHASH[i] = h[i];
}
x = f[0];
for (i = seedlen; i < olen; i++) {
DBMASK[i - seedlen] = f[i + 1];
}
this.MGF1(sha, DBMASK, seedlen, SEED);
for (i = 0; i < seedlen; i++) {
SEED[i] ^= f[i + 1];
}
this.MGF1(sha, SEED, olen - seedlen, f);
for (i = 0; i < olen - seedlen; i++) {
DBMASK[i] ^= f[i];
}
comp = true;
for (i = 0; i < hlen; i++) {
if (CHASH[i] != DBMASK[i]) {
comp = false;
}
}
for (i = 0; i < olen - seedlen - hlen; i++) {
DBMASK[i] = DBMASK[i + hlen];
}
for (i = 0; i < hlen; i++) {
SEED[i] = CHASH[i] = 0;
}
for (k = 0;; k++) {
if (k >= olen - seedlen - hlen) {
return null;
}
if (DBMASK[k] !== 0) {
break;
}
}
t = DBMASK[k];
if (!comp || x !== 0 || t != 0x01) {
for (i = 0; i < olen - seedlen; i++) {
DBMASK[i] = 0;
}
return null;
}
r = [];
for (i = 0; i < olen - seedlen - hlen - k - 1; i++) {
r[i] = DBMASK[i + k + 1];
}
for (i = 0; i < olen - seedlen; i++) {
DBMASK[i] = 0;
}
return r;
},