]> git.immae.eu Git - perso/Immae/Projets/Cryptomonnaies/BIP39.git/blame - src/js/bitcoinjs-bip38-2.0.2.js
projects / perso / Immae / Projets / Cryptomonnaies / BIP39.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add experimental incomplete combined js libs
[perso/Immae/Projets/Cryptomonnaies/BIP39.git] / src / js / bitcoinjs-bip38-2.0.2.js
CommitLineData
0f0a888e
IC		 1(function(f){if(typeof exports==="object"&&typeof module!=="undefined"){module.exports=f()}else if(typeof define==="function"&&define.amd){define([],f)}else{var g;if(typeof window!=="undefined"){g=window}else if(typeof global!=="undefined"){g=global}else if(typeof self!=="undefined"){g=self}else{g=this}g.bitcoinjsBip38 = f()}})(function(){var define,module,exports;return (function e(t,n,r){function s(o,u){if(!n[o]){if(!t[o]){var a=typeof require=="function"&&require;if(!u&&a)return a(o,!0);if(i)return i(o,!0);var f=new Error("Cannot find module '"+o+"'");throw f.code="MODULE_NOT_FOUND",f}var l=n[o]={exports:{}};t[o][0].call(l.exports,function(e){var n=t[o][1][e];return s(n?n:e)},l,l.exports,e,t,n,r)}return n[o].exports}var i=typeof require=="function"&&require;for(var o=0;o<r.length;o++)s(r[o]);return s})({1:[function(require,module,exports){
2var asn1 = exports;
3
4asn1.bignum = require('bn.js');
5
6asn1.define = require('./asn1/api').define;
7asn1.base = require('./asn1/base');
8asn1.constants = require('./asn1/constants');
9asn1.decoders = require('./asn1/decoders');
10asn1.encoders = require('./asn1/encoders');
11
12},{"./asn1/api":2,"./asn1/base":4,"./asn1/constants":8,"./asn1/decoders":10,"./asn1/encoders":13,"bn.js":17}],2:[function(require,module,exports){
13var asn1 = require('../asn1');
14var inherits = require('inherits');
15
16var api = exports;
17
18api.define = function define(name, body) {
19 return new Entity(name, body);
20};
21
22function Entity(name, body) {
23 this.name = name;
24 this.body = body;
25
26 this.decoders = {};
27 this.encoders = {};
28};
29
30Entity.prototype._createNamed = function createNamed(base) {
31 var named;
32 try {
33 named = require('vm').runInThisContext(
34 '(function ' + this.name + '(entity) {\n' +
35 ' this._initNamed(entity);\n' +
36 '})'
37 );
38 } catch (e) {
39 named = function (entity) {
40 this._initNamed(entity);
41 };
42 }
43 inherits(named, base);
44 named.prototype._initNamed = function initnamed(entity) {
45 base.call(this, entity);
46 };
47
48 return new named(this);
49};
50
51Entity.prototype._getDecoder = function _getDecoder(enc) {
52 enc = enc || 'der';
53 // Lazily create decoder
54 if (!this.decoders.hasOwnProperty(enc))
55 this.decoders[enc] = this._createNamed(asn1.decoders[enc]);
56 return this.decoders[enc];
57};
58
59Entity.prototype.decode = function decode(data, enc, options) {
60 return this._getDecoder(enc).decode(data, options);
61};
62
63Entity.prototype._getEncoder = function _getEncoder(enc) {
64 enc = enc || 'der';
65 // Lazily create encoder
66 if (!this.encoders.hasOwnProperty(enc))
67 this.encoders[enc] = this._createNamed(asn1.encoders[enc]);
68 return this.encoders[enc];
69};
70
71Entity.prototype.encode = function encode(data, enc, /* internal */ reporter) {
72 return this._getEncoder(enc).encode(data, reporter);
73};
74
75},{"../asn1":1,"inherits":95,"vm":149}],3:[function(require,module,exports){
76var inherits = require('inherits');
77var Reporter = require('../base').Reporter;
78var Buffer = require('buffer').Buffer;
79
80function DecoderBuffer(base, options) {
81 Reporter.call(this, options);
82 if (!Buffer.isBuffer(base)) {
83 this.error('Input not Buffer');
84 return;
85 }
86
87 this.base = base;
88 this.offset = 0;
89 this.length = base.length;
90}
91inherits(DecoderBuffer, Reporter);
92exports.DecoderBuffer = DecoderBuffer;
93
94DecoderBuffer.prototype.save = function save() {
95 return { offset: this.offset, reporter: Reporter.prototype.save.call(this) };
96};
97
98DecoderBuffer.prototype.restore = function restore(save) {
99 // Return skipped data
100 var res = new DecoderBuffer(this.base);
101 res.offset = save.offset;
102 res.length = this.offset;
103
104 this.offset = save.offset;
105 Reporter.prototype.restore.call(this, save.reporter);
106
107 return res;
108};
109
110DecoderBuffer.prototype.isEmpty = function isEmpty() {
111 return this.offset === this.length;
112};
113
114DecoderBuffer.prototype.readUInt8 = function readUInt8(fail) {
115 if (this.offset + 1 <= this.length)
116 return this.base.readUInt8(this.offset++, true);
117 else
118 return this.error(fail || 'DecoderBuffer overrun');
119}
120
121DecoderBuffer.prototype.skip = function skip(bytes, fail) {
122 if (!(this.offset + bytes <= this.length))
123 return this.error(fail || 'DecoderBuffer overrun');
124
125 var res = new DecoderBuffer(this.base);
126
127 // Share reporter state
128 res._reporterState = this._reporterState;
129
130 res.offset = this.offset;
131 res.length = this.offset + bytes;
132 this.offset += bytes;
133 return res;
134}
135
136DecoderBuffer.prototype.raw = function raw(save) {
137 return this.base.slice(save ? save.offset : this.offset, this.length);
138}
139
140function EncoderBuffer(value, reporter) {
141 if (Array.isArray(value)) {
142 this.length = 0;
143 this.value = value.map(function(item) {
144 if (!(item instanceof EncoderBuffer))
145 item = new EncoderBuffer(item, reporter);
146 this.length += item.length;
147 return item;
148 }, this);
149 } else if (typeof value === 'number') {
150 if (!(0 <= value && value <= 0xff))
151 return reporter.error('non-byte EncoderBuffer value');
152 this.value = value;
153 this.length = 1;
154 } else if (typeof value === 'string') {
155 this.value = value;
156 this.length = Buffer.byteLength(value);
157 } else if (Buffer.isBuffer(value)) {
158 this.value = value;
159 this.length = value.length;
160 } else {
161 return reporter.error('Unsupported type: ' + typeof value);
162 }
163}
164exports.EncoderBuffer = EncoderBuffer;
165
166EncoderBuffer.prototype.join = function join(out, offset) {
167 if (!out)
168 out = new Buffer(this.length);
169 if (!offset)
170 offset = 0;
171
172 if (this.length === 0)
173 return out;
174
175 if (Array.isArray(this.value)) {
176 this.value.forEach(function(item) {
177 item.join(out, offset);
178 offset += item.length;
179 });
180 } else {
181 if (typeof this.value === 'number')
182 out[offset] = this.value;
183 else if (typeof this.value === 'string')
184 out.write(this.value, offset);
185 else if (Buffer.isBuffer(this.value))
186 this.value.copy(out, offset);
187 offset += this.length;
188 }
189
190 return out;
191};
192
193},{"../base":4,"buffer":47,"inherits":95}],4:[function(require,module,exports){
194var base = exports;
195
196base.Reporter = require('./reporter').Reporter;
197base.DecoderBuffer = require('./buffer').DecoderBuffer;
198base.EncoderBuffer = require('./buffer').EncoderBuffer;
199base.Node = require('./node');
200
201},{"./buffer":3,"./node":5,"./reporter":6}],5:[function(require,module,exports){
202var Reporter = require('../base').Reporter;
203var EncoderBuffer = require('../base').EncoderBuffer;
204var DecoderBuffer = require('../base').DecoderBuffer;
205var assert = require('minimalistic-assert');
206
207// Supported tags
208var tags = [
209 'seq', 'seqof', 'set', 'setof', 'objid', 'bool',
210 'gentime', 'utctime', 'null_', 'enum', 'int', 'objDesc',
211 'bitstr', 'bmpstr', 'charstr', 'genstr', 'graphstr', 'ia5str', 'iso646str',
212 'numstr', 'octstr', 'printstr', 't61str', 'unistr', 'utf8str', 'videostr'
213];
214
215// Public methods list
216var methods = [
217 'key', 'obj', 'use', 'optional', 'explicit', 'implicit', 'def', 'choice',
218 'any', 'contains'
219].concat(tags);
220
221// Overrided methods list
222var overrided = [
223 '_peekTag', '_decodeTag', '_use',
224 '_decodeStr', '_decodeObjid', '_decodeTime',
225 '_decodeNull', '_decodeInt', '_decodeBool', '_decodeList',
226
227 '_encodeComposite', '_encodeStr', '_encodeObjid', '_encodeTime',
228 '_encodeNull', '_encodeInt', '_encodeBool'
229];
230
231function Node(enc, parent) {
232 var state = {};
233 this._baseState = state;
234
235 state.enc = enc;
236
237 state.parent = parent || null;
238 state.children = null;
239
240 // State
241 state.tag = null;
242 state.args = null;
243 state.reverseArgs = null;
244 state.choice = null;
245 state.optional = false;
246 state.any = false;
247 state.obj = false;
248 state.use = null;
249 state.useDecoder = null;
250 state.key = null;
251 state['default'] = null;
252 state.explicit = null;
253 state.implicit = null;
254 state.contains = null;
255
256 // Should create new instance on each method
257 if (!state.parent) {
258 state.children = [];
259 this._wrap();
260 }
261}
262module.exports = Node;
263
264var stateProps = [
265 'enc', 'parent', 'children', 'tag', 'args', 'reverseArgs', 'choice',
266 'optional', 'any', 'obj', 'use', 'alteredUse', 'key', 'default', 'explicit',
267 'implicit', 'contains'
268];
269
270Node.prototype.clone = function clone() {
271 var state = this._baseState;
272 var cstate = {};
273 stateProps.forEach(function(prop) {
274 cstate[prop] = state[prop];
275 });
276 var res = new this.constructor(cstate.parent);
277 res._baseState = cstate;
278 return res;
279};
280
281Node.prototype._wrap = function wrap() {
282 var state = this._baseState;
283 methods.forEach(function(method) {
284 this[method] = function _wrappedMethod() {
285 var clone = new this.constructor(this);
286 state.children.push(clone);
287 return clone[method].apply(clone, arguments);
288 };
289 }, this);
290};
291
292Node.prototype._init = function init(body) {
293 var state = this._baseState;
294
295 assert(state.parent === null);
296 body.call(this);
297
298 // Filter children
299 state.children = state.children.filter(function(child) {
300 return child._baseState.parent === this;
301 }, this);
302 assert.equal(state.children.length, 1, 'Root node can have only one child');
303};
304
305Node.prototype._useArgs = function useArgs(args) {
306 var state = this._baseState;
307
308 // Filter children and args
309 var children = args.filter(function(arg) {
310 return arg instanceof this.constructor;
311 }, this);
312 args = args.filter(function(arg) {
313 return !(arg instanceof this.constructor);
314 }, this);
315
316 if (children.length !== 0) {
317 assert(state.children === null);
318 state.children = children;
319
320 // Replace parent to maintain backward link
321 children.forEach(function(child) {
322 child._baseState.parent = this;
323 }, this);
324 }
325 if (args.length !== 0) {
326 assert(state.args === null);
327 state.args = args;
328 state.reverseArgs = args.map(function(arg) {
329 if (typeof arg !== 'object' || arg.constructor !== Object)
330 return arg;
331
332 var res = {};
333 Object.keys(arg).forEach(function(key) {
334 if (key == (key | 0))
335 key |= 0;
336 var value = arg[key];
337 res[value] = key;
338 });
339 return res;
340 });
341 }
342};
343
344//
345// Overrided methods
346//
347
348overrided.forEach(function(method) {
349 Node.prototype[method] = function _overrided() {
350 var state = this._baseState;
351 throw new Error(method + ' not implemented for encoding: ' + state.enc);
352 };
353});
354
355//
356// Public methods
357//
358
359tags.forEach(function(tag) {
360 Node.prototype[tag] = function _tagMethod() {
361 var state = this._baseState;
362 var args = Array.prototype.slice.call(arguments);
363
364 assert(state.tag === null);
365 state.tag = tag;
366
367 this._useArgs(args);
368
369 return this;
370 };
371});
372
373Node.prototype.use = function use(item) {
374 assert(item);
375 var state = this._baseState;
376
377 assert(state.use === null);
378 state.use = item;
379
380 return this;
381};
382
383Node.prototype.optional = function optional() {
384 var state = this._baseState;
385
386 state.optional = true;
387
388 return this;
389};
390
391Node.prototype.def = function def(val) {
392 var state = this._baseState;
393
394 assert(state['default'] === null);
395 state['default'] = val;
396 state.optional = true;
397
398 return this;
399};
400
401Node.prototype.explicit = function explicit(num) {
402 var state = this._baseState;
403
404 assert(state.explicit === null && state.implicit === null);
405 state.explicit = num;
406
407 return this;
408};
409
410Node.prototype.implicit = function implicit(num) {
411 var state = this._baseState;
412
413 assert(state.explicit === null && state.implicit === null);
414 state.implicit = num;
415
416 return this;
417};
418
419Node.prototype.obj = function obj() {
420 var state = this._baseState;
421 var args = Array.prototype.slice.call(arguments);
422
423 state.obj = true;
424
425 if (args.length !== 0)
426 this._useArgs(args);
427
428 return this;
429};
430
431Node.prototype.key = function key(newKey) {
432 var state = this._baseState;
433
434 assert(state.key === null);
435 state.key = newKey;
436
437 return this;
438};
439
440Node.prototype.any = function any() {
441 var state = this._baseState;
442
443 state.any = true;
444
445 return this;
446};
447
448Node.prototype.choice = function choice(obj) {
449 var state = this._baseState;
450
451 assert(state.choice === null);
452 state.choice = obj;
453 this._useArgs(Object.keys(obj).map(function(key) {
454 return obj[key];
455 }));
456
457 return this;
458};
459
460Node.prototype.contains = function contains(item) {
461 var state = this._baseState;
462
463 assert(state.use === null);
464 state.contains = item;
465
466 return this;
467};
468
469//
470// Decoding
471//
472
473Node.prototype._decode = function decode(input, options) {
474 var state = this._baseState;
475
476 // Decode root node
477 if (state.parent === null)
478 return input.wrapResult(state.children[0]._decode(input, options));
479
480 var result = state['default'];
481 var present = true;
482
483 var prevKey = null;
484 if (state.key !== null)
485 prevKey = input.enterKey(state.key);
486
487 // Check if tag is there
488 if (state.optional) {
489 var tag = null;
490 if (state.explicit !== null)
491 tag = state.explicit;
492 else if (state.implicit !== null)
493 tag = state.implicit;
494 else if (state.tag !== null)
495 tag = state.tag;
496
497 if (tag === null && !state.any) {
498 // Trial and Error
499 var save = input.save();
500 try {
501 if (state.choice === null)
502 this._decodeGeneric(state.tag, input, options);
503 else
504 this._decodeChoice(input, options);
505 present = true;
506 } catch (e) {
507 present = false;
508 }
509 input.restore(save);
510 } else {
511 present = this._peekTag(input, tag, state.any);
512
513 if (input.isError(present))
514 return present;
515 }
516 }
517
518 // Push object on stack
519 var prevObj;
520 if (state.obj && present)
521 prevObj = input.enterObject();
522
523 if (present) {
524 // Unwrap explicit values
525 if (state.explicit !== null) {
526 var explicit = this._decodeTag(input, state.explicit);
527 if (input.isError(explicit))
528 return explicit;
529 input = explicit;
530 }
531
532 var start = input.offset;
533
534 // Unwrap implicit and normal values
535 if (state.use === null && state.choice === null) {
536 if (state.any)
537 var save = input.save();
538 var body = this._decodeTag(
539 input,
540 state.implicit !== null ? state.implicit : state.tag,
541 state.any
542 );
543 if (input.isError(body))
544 return body;
545
546 if (state.any)
547 result = input.raw(save);
548 else
549 input = body;
550 }
551
552 if (options && options.track && state.tag !== null)
553 options.track(input.path(), start, input.length, 'tagged');
554
555 if (options && options.track && state.tag !== null)
556 options.track(input.path(), input.offset, input.length, 'content');
557
558 // Select proper method for tag
559 if (state.any)
560 result = result;
561 else if (state.choice === null)
562 result = this._decodeGeneric(state.tag, input, options);
563 else
564 result = this._decodeChoice(input, options);
565
566 if (input.isError(result))
567 return result;
568
569 // Decode children
570 if (!state.any && state.choice === null && state.children !== null) {
571 state.children.forEach(function decodeChildren(child) {
572 // NOTE: We are ignoring errors here, to let parser continue with other
573 // parts of encoded data
574 child._decode(input, options);
575 });
576 }
577
578 // Decode contained/encoded by schema, only in bit or octet strings
579 if (state.contains && (state.tag === 'octstr' || state.tag === 'bitstr')) {
580 var data = new DecoderBuffer(result);
581 result = this._getUse(state.contains, input._reporterState.obj)
582 ._decode(data, options);
583 }
584 }
585
586 // Pop object
587 if (state.obj && present)
588 result = input.leaveObject(prevObj);
589
590 // Set key
591 if (state.key !== null && (result !== null || present === true))
592 input.leaveKey(prevKey, state.key, result);
593 else if (prevKey !== null)
594 input.exitKey(prevKey);
595
596 return result;
597};
598
599Node.prototype._decodeGeneric = function decodeGeneric(tag, input, options) {
600 var state = this._baseState;
601
602 if (tag === 'seq' || tag === 'set')
603 return null;
604 if (tag === 'seqof' || tag === 'setof')
605 return this._decodeList(input, tag, state.args[0], options);
606 else if (/str$/.test(tag))
607 return this._decodeStr(input, tag, options);
608 else if (tag === 'objid' && state.args)
609 return this._decodeObjid(input, state.args[0], state.args[1], options);
610 else if (tag === 'objid')
611 return this._decodeObjid(input, null, null, options);
612 else if (tag === 'gentime' || tag === 'utctime')
613 return this._decodeTime(input, tag, options);
614 else if (tag === 'null_')
615 return this._decodeNull(input, options);
616 else if (tag === 'bool')
617 return this._decodeBool(input, options);
618 else if (tag === 'objDesc')
619 return this._decodeStr(input, tag, options);
620 else if (tag === 'int' || tag === 'enum')
621 return this._decodeInt(input, state.args && state.args[0], options);
622
623 if (state.use !== null) {
624 return this._getUse(state.use, input._reporterState.obj)
625 ._decode(input, options);
626 } else {
627 return input.error('unknown tag: ' + tag);
628 }
629};
630
631Node.prototype._getUse = function _getUse(entity, obj) {
632
633 var state = this._baseState;
634 // Create altered use decoder if implicit is set
635 state.useDecoder = this._use(entity, obj);
636 assert(state.useDecoder._baseState.parent === null);
637 state.useDecoder = state.useDecoder._baseState.children[0];
638 if (state.implicit !== state.useDecoder._baseState.implicit) {
639 state.useDecoder = state.useDecoder.clone();
640 state.useDecoder._baseState.implicit = state.implicit;
641 }
642 return state.useDecoder;
643};
644
645Node.prototype._decodeChoice = function decodeChoice(input, options) {
646 var state = this._baseState;
647 var result = null;
648 var match = false;
649
650 Object.keys(state.choice).some(function(key) {
651 var save = input.save();
652 var node = state.choice[key];
653 try {
654 var value = node._decode(input, options);
655 if (input.isError(value))
656 return false;
657
658 result = { type: key, value: value };
659 match = true;
660 } catch (e) {
661 input.restore(save);
662 return false;
663 }
664 return true;
665 }, this);
666
667 if (!match)
668 return input.error('Choice not matched');
669
670 return result;
671};
672
673//
674// Encoding
675//
676
677Node.prototype._createEncoderBuffer = function createEncoderBuffer(data) {
678 return new EncoderBuffer(data, this.reporter);
679};
680
681Node.prototype._encode = function encode(data, reporter, parent) {
682 var state = this._baseState;
683 if (state['default'] !== null && state['default'] === data)
684 return;
685
686 var result = this._encodeValue(data, reporter, parent);
687 if (result === undefined)
688 return;
689
690 if (this._skipDefault(result, reporter, parent))
691 return;
692
693 return result;
694};
695
696Node.prototype._encodeValue = function encode(data, reporter, parent) {
697 var state = this._baseState;
698
699 // Decode root node
700 if (state.parent === null)
701 return state.children[0]._encode(data, reporter || new Reporter());
702
703 var result = null;
704
705 // Set reporter to share it with a child class
706 this.reporter = reporter;
707
708 // Check if data is there
709 if (state.optional && data === undefined) {
710 if (state['default'] !== null)
711 data = state['default']
712 else
713 return;
714 }
715
716 // Encode children first
717 var content = null;
718 var primitive = false;
719 if (state.any) {
720 // Anything that was given is translated to buffer
721 result = this._createEncoderBuffer(data);
722 } else if (state.choice) {
723 result = this._encodeChoice(data, reporter);
724 } else if (state.contains) {
725 content = this._getUse(state.contains, parent)._encode(data, reporter);
726 primitive = true;
727 } else if (state.children) {
728 content = state.children.map(function(child) {
729 if (child._baseState.tag === 'null_')
730 return child._encode(null, reporter, data);
731
732 if (child._baseState.key === null)
733 return reporter.error('Child should have a key');
734 var prevKey = reporter.enterKey(child._baseState.key);
735
736 if (typeof data !== 'object')
737 return reporter.error('Child expected, but input is not object');
738
739 var res = child._encode(data[child._baseState.key], reporter, data);
740 reporter.leaveKey(prevKey);
741
742 return res;
743 }, this).filter(function(child) {
744 return child;
745 });
746 content = this._createEncoderBuffer(content);
747 } else {
748 if (state.tag === 'seqof' || state.tag === 'setof') {
749 // TODO(indutny): this should be thrown on DSL level
750 if (!(state.args && state.args.length === 1))
751 return reporter.error('Too many args for : ' + state.tag);
752
753 if (!Array.isArray(data))
754 return reporter.error('seqof/setof, but data is not Array');
755
756 var child = this.clone();
757 child._baseState.implicit = null;
758 content = this._createEncoderBuffer(data.map(function(item) {
759 var state = this._baseState;
760
761 return this._getUse(state.args[0], data)._encode(item, reporter);
762 }, child));
763 } else if (state.use !== null) {
764 result = this._getUse(state.use, parent)._encode(data, reporter);
765 } else {
766 content = this._encodePrimitive(state.tag, data);
767 primitive = true;
768 }
769 }
770
771 // Encode data itself
772 var result;
773 if (!state.any && state.choice === null) {
774 var tag = state.implicit !== null ? state.implicit : state.tag;
775 var cls = state.implicit === null ? 'universal' : 'context';
776
777 if (tag === null) {
778 if (state.use === null)
779 reporter.error('Tag could be ommited only for .use()');
780 } else {
781 if (state.use === null)
782 result = this._encodeComposite(tag, primitive, cls, content);
783 }
784 }
785
786 // Wrap in explicit
787 if (state.explicit !== null)
788 result = this._encodeComposite(state.explicit, false, 'context', result);
789
790 return result;
791};
792
793Node.prototype._encodeChoice = function encodeChoice(data, reporter) {
794 var state = this._baseState;
795
796 var node = state.choice[data.type];
797 if (!node) {
798 assert(
799 false,
800 data.type + ' not found in ' +
801 JSON.stringify(Object.keys(state.choice)));
802 }
803 return node._encode(data.value, reporter);
804};
805
806Node.prototype._encodePrimitive = function encodePrimitive(tag, data) {
807 var state = this._baseState;
808
809 if (/str$/.test(tag))
810 return this._encodeStr(data, tag);
811 else if (tag === 'objid' && state.args)
812 return this._encodeObjid(data, state.reverseArgs[0], state.args[1]);
813 else if (tag === 'objid')
814 return this._encodeObjid(data, null, null);
815 else if (tag === 'gentime' || tag === 'utctime')
816 return this._encodeTime(data, tag);
817 else if (tag === 'null_')
818 return this._encodeNull();
819 else if (tag === 'int' || tag === 'enum')
820 return this._encodeInt(data, state.args && state.reverseArgs[0]);
821 else if (tag === 'bool')
822 return this._encodeBool(data);
823 else if (tag === 'objDesc')
824 return this._encodeStr(data, tag);
825 else
826 throw new Error('Unsupported tag: ' + tag);
827};
828
829Node.prototype._isNumstr = function isNumstr(str) {
830 return /^[0-9 ]*$/.test(str);
831};
832
833Node.prototype._isPrintstr = function isPrintstr(str) {
834 return /^[A-Za-z0-9 '\(\)\+,\-\.\/:=\?]*$/.test(str);
835};
836
837},{"../base":4,"minimalistic-assert":99}],6:[function(require,module,exports){
838var inherits = require('inherits');
839
840function Reporter(options) {
841 this._reporterState = {
842 obj: null,
843 path: [],
844 options: options || {},
845 errors: []
846 };
847}
848exports.Reporter = Reporter;
849
850Reporter.prototype.isError = function isError(obj) {
851 return obj instanceof ReporterError;
852};
853
854Reporter.prototype.save = function save() {
855 var state = this._reporterState;
856
857 return { obj: state.obj, pathLen: state.path.length };
858};
859
860Reporter.prototype.restore = function restore(data) {
861 var state = this._reporterState;
862
863 state.obj = data.obj;
864 state.path = state.path.slice(0, data.pathLen);
865};
866
867Reporter.prototype.enterKey = function enterKey(key) {
868 return this._reporterState.path.push(key);
869};
870
871Reporter.prototype.exitKey = function exitKey(index) {
872 var state = this._reporterState;
873
874 state.path = state.path.slice(0, index - 1);
875};
876
877Reporter.prototype.leaveKey = function leaveKey(index, key, value) {
878 var state = this._reporterState;
879
880 this.exitKey(index);
881 if (state.obj !== null)
882 state.obj[key] = value;
883};
884
885Reporter.prototype.path = function path() {
886 return this._reporterState.path.join('/');
887};
888
889Reporter.prototype.enterObject = function enterObject() {
890 var state = this._reporterState;
891
892 var prev = state.obj;
893 state.obj = {};
894 return prev;
895};
896
897Reporter.prototype.leaveObject = function leaveObject(prev) {
898 var state = this._reporterState;
899
900 var now = state.obj;
901 state.obj = prev;
902 return now;
903};
904
905Reporter.prototype.error = function error(msg) {
906 var err;
907 var state = this._reporterState;
908
909 var inherited = msg instanceof ReporterError;
910 if (inherited) {
911 err = msg;
912 } else {
913 err = new ReporterError(state.path.map(function(elem) {
914 return '[' + JSON.stringify(elem) + ']';
915 }).join(''), msg.message || msg, msg.stack);
916 }
917
918 if (!state.options.partial)
919 throw err;
920
921 if (!inherited)
922 state.errors.push(err);
923
924 return err;
925};
926
927Reporter.prototype.wrapResult = function wrapResult(result) {
928 var state = this._reporterState;
929 if (!state.options.partial)
930 return result;
931
932 return {
933 result: this.isError(result) ? null : result,
934 errors: state.errors
935 };
936};
937
938function ReporterError(path, msg) {
939 this.path = path;
940 this.rethrow(msg);
941};
942inherits(ReporterError, Error);
943
944ReporterError.prototype.rethrow = function rethrow(msg) {
945 this.message = msg + ' at: ' + (this.path || '(shallow)');
946 if (Error.captureStackTrace)
947 Error.captureStackTrace(this, ReporterError);
948
949 if (!this.stack) {
950 try {
951 // IE only adds stack when thrown
952 throw new Error(this.message);
953 } catch (e) {
954 this.stack = e.stack;
955 }
956 }
957 return this;
958};
959
960},{"inherits":95}],7:[function(require,module,exports){
961var constants = require('../constants');
962
963exports.tagClass = {
964 0: 'universal',
965 1: 'application',
966 2: 'context',
967 3: 'private'
968};
969exports.tagClassByName = constants._reverse(exports.tagClass);
970
971exports.tag = {
972 0x00: 'end',
973 0x01: 'bool',
974 0x02: 'int',
975 0x03: 'bitstr',
976 0x04: 'octstr',
977 0x05: 'null_',
978 0x06: 'objid',
979 0x07: 'objDesc',
980 0x08: 'external',
981 0x09: 'real',
982 0x0a: 'enum',
983 0x0b: 'embed',
984 0x0c: 'utf8str',
985 0x0d: 'relativeOid',
986 0x10: 'seq',
987 0x11: 'set',
988 0x12: 'numstr',
989 0x13: 'printstr',
990 0x14: 't61str',
991 0x15: 'videostr',
992 0x16: 'ia5str',
993 0x17: 'utctime',
994 0x18: 'gentime',
995 0x19: 'graphstr',
996 0x1a: 'iso646str',
997 0x1b: 'genstr',
998 0x1c: 'unistr',
999 0x1d: 'charstr',
1000 0x1e: 'bmpstr'
1001};
1002exports.tagByName = constants._reverse(exports.tag);
1003
1004},{"../constants":8}],8:[function(require,module,exports){
1005var constants = exports;
1006
1007// Helper
1008constants._reverse = function reverse(map) {
1009 var res = {};
1010
1011 Object.keys(map).forEach(function(key) {
1012 // Convert key to integer if it is stringified
1013 if ((key | 0) == key)
1014 key = key | 0;
1015
1016 var value = map[key];
1017 res[value] = key;
1018 });
1019
1020 return res;
1021};
1022
1023constants.der = require('./der');
1024
1025},{"./der":7}],9:[function(require,module,exports){
1026var inherits = require('inherits');
1027
1028var asn1 = require('../../asn1');
1029var base = asn1.base;
1030var bignum = asn1.bignum;
1031
1032// Import DER constants
1033var der = asn1.constants.der;
1034
1035function DERDecoder(entity) {
1036 this.enc = 'der';
1037 this.name = entity.name;
1038 this.entity = entity;
1039
1040 // Construct base tree
1041 this.tree = new DERNode();
1042 this.tree._init(entity.body);
1043};
1044module.exports = DERDecoder;
1045
1046DERDecoder.prototype.decode = function decode(data, options) {
1047 if (!(data instanceof base.DecoderBuffer))
1048 data = new base.DecoderBuffer(data, options);
1049
1050 return this.tree._decode(data, options);
1051};
1052
1053// Tree methods
1054
1055function DERNode(parent) {
1056 base.Node.call(this, 'der', parent);
1057}
1058inherits(DERNode, base.Node);
1059
1060DERNode.prototype._peekTag = function peekTag(buffer, tag, any) {
1061 if (buffer.isEmpty())
1062 return false;
1063
1064 var state = buffer.save();
1065 var decodedTag = derDecodeTag(buffer, 'Failed to peek tag: "' + tag + '"');
1066 if (buffer.isError(decodedTag))
1067 return decodedTag;
1068
1069 buffer.restore(state);
1070
1071 return decodedTag.tag === tag || decodedTag.tagStr === tag ||
1072 (decodedTag.tagStr + 'of') === tag || any;
1073};
1074
1075DERNode.prototype._decodeTag = function decodeTag(buffer, tag, any) {
1076 var decodedTag = derDecodeTag(buffer,
1077 'Failed to decode tag of "' + tag + '"');
1078 if (buffer.isError(decodedTag))
1079 return decodedTag;
1080
1081 var len = derDecodeLen(buffer,
1082 decodedTag.primitive,
1083 'Failed to get length of "' + tag + '"');
1084
1085 // Failure
1086 if (buffer.isError(len))
1087 return len;
1088
1089 if (!any &&
1090 decodedTag.tag !== tag &&
1091 decodedTag.tagStr !== tag &&
1092 decodedTag.tagStr + 'of' !== tag) {
1093 return buffer.error('Failed to match tag: "' + tag + '"');
1094 }
1095
1096 if (decodedTag.primitive || len !== null)
1097 return buffer.skip(len, 'Failed to match body of: "' + tag + '"');
1098
1099 // Indefinite length... find END tag
1100 var state = buffer.save();
1101 var res = this._skipUntilEnd(
1102 buffer,
1103 'Failed to skip indefinite length body: "' + this.tag + '"');
1104 if (buffer.isError(res))
1105 return res;
1106
1107 len = buffer.offset - state.offset;
1108 buffer.restore(state);
1109 return buffer.skip(len, 'Failed to match body of: "' + tag + '"');
1110};
1111
1112DERNode.prototype._skipUntilEnd = function skipUntilEnd(buffer, fail) {
1113 while (true) {
1114 var tag = derDecodeTag(buffer, fail);
1115 if (buffer.isError(tag))
1116 return tag;
1117 var len = derDecodeLen(buffer, tag.primitive, fail);
1118 if (buffer.isError(len))
1119 return len;
1120
1121 var res;
1122 if (tag.primitive || len !== null)
1123 res = buffer.skip(len)
1124 else
1125 res = this._skipUntilEnd(buffer, fail);
1126
1127 // Failure
1128 if (buffer.isError(res))
1129 return res;
1130
1131 if (tag.tagStr === 'end')
1132 break;
1133 }
1134};
1135
1136DERNode.prototype._decodeList = function decodeList(buffer, tag, decoder,
1137 options) {
1138 var result = [];
1139 while (!buffer.isEmpty()) {
1140 var possibleEnd = this._peekTag(buffer, 'end');
1141 if (buffer.isError(possibleEnd))
1142 return possibleEnd;
1143
1144 var res = decoder.decode(buffer, 'der', options);
1145 if (buffer.isError(res) && possibleEnd)
1146 break;
1147 result.push(res);
1148 }
1149 return result;
1150};
1151
1152DERNode.prototype._decodeStr = function decodeStr(buffer, tag) {
1153 if (tag === 'bitstr') {
1154 var unused = buffer.readUInt8();
1155 if (buffer.isError(unused))
1156 return unused;
1157 return { unused: unused, data: buffer.raw() };
1158 } else if (tag === 'bmpstr') {
1159 var raw = buffer.raw();
1160 if (raw.length % 2 === 1)
1161 return buffer.error('Decoding of string type: bmpstr length mismatch');
1162
1163 var str = '';
1164 for (var i = 0; i < raw.length / 2; i++) {
1165 str += String.fromCharCode(raw.readUInt16BE(i * 2));
1166 }
1167 return str;
1168 } else if (tag === 'numstr') {
1169 var numstr = buffer.raw().toString('ascii');
1170 if (!this._isNumstr(numstr)) {
1171 return buffer.error('Decoding of string type: ' +
1172 'numstr unsupported characters');
1173 }
1174 return numstr;
1175 } else if (tag === 'octstr') {
1176 return buffer.raw();
1177 } else if (tag === 'objDesc') {
1178 return buffer.raw();
1179 } else if (tag === 'printstr') {
1180 var printstr = buffer.raw().toString('ascii');
1181 if (!this._isPrintstr(printstr)) {
1182 return buffer.error('Decoding of string type: ' +
1183 'printstr unsupported characters');
1184 }
1185 return printstr;
1186 } else if (/str$/.test(tag)) {
1187 return buffer.raw().toString();
1188 } else {
1189 return buffer.error('Decoding of string type: ' + tag + ' unsupported');
1190 }
1191};
1192
1193DERNode.prototype._decodeObjid = function decodeObjid(buffer, values, relative) {
1194 var result;
1195 var identifiers = [];
1196 var ident = 0;
1197 while (!buffer.isEmpty()) {
1198 var subident = buffer.readUInt8();
1199 ident <<= 7;
1200 ident |= subident & 0x7f;
1201 if ((subident & 0x80) === 0) {
1202 identifiers.push(ident);
1203 ident = 0;
1204 }
1205 }
1206 if (subident & 0x80)
1207 identifiers.push(ident);
1208
1209 var first = (identifiers[0] / 40) | 0;
1210 var second = identifiers[0] % 40;
1211
1212 if (relative)
1213 result = identifiers;
1214 else
1215 result = [first, second].concat(identifiers.slice(1));
1216
1217 if (values) {
1218 var tmp = values[result.join(' ')];
1219 if (tmp === undefined)
1220 tmp = values[result.join('.')];
1221 if (tmp !== undefined)
1222 result = tmp;
1223 }
1224
1225 return result;
1226};
1227
1228DERNode.prototype._decodeTime = function decodeTime(buffer, tag) {
1229 var str = buffer.raw().toString();
1230 if (tag === 'gentime') {
1231 var year = str.slice(0, 4) | 0;
1232 var mon = str.slice(4, 6) | 0;
1233 var day = str.slice(6, 8) | 0;
1234 var hour = str.slice(8, 10) | 0;
1235 var min = str.slice(10, 12) | 0;
1236 var sec = str.slice(12, 14) | 0;
1237 } else if (tag === 'utctime') {
1238 var year = str.slice(0, 2) | 0;
1239 var mon = str.slice(2, 4) | 0;
1240 var day = str.slice(4, 6) | 0;
1241 var hour = str.slice(6, 8) | 0;
1242 var min = str.slice(8, 10) | 0;
1243 var sec = str.slice(10, 12) | 0;
1244 if (year < 70)
1245 year = 2000 + year;
1246 else
1247 year = 1900 + year;
1248 } else {
1249 return buffer.error('Decoding ' + tag + ' time is not supported yet');
1250 }
1251
1252 return Date.UTC(year, mon - 1, day, hour, min, sec, 0);
1253};
1254
1255DERNode.prototype._decodeNull = function decodeNull(buffer) {
1256 return null;
1257};
1258
1259DERNode.prototype._decodeBool = function decodeBool(buffer) {
1260 var res = buffer.readUInt8();
1261 if (buffer.isError(res))
1262 return res;
1263 else
1264 return res !== 0;
1265};
1266
1267DERNode.prototype._decodeInt = function decodeInt(buffer, values) {
1268 // Bigint, return as it is (assume big endian)
1269 var raw = buffer.raw();
1270 var res = new bignum(raw);
1271
1272 if (values)
1273 res = values[res.toString(10)] || res;
1274
1275 return res;
1276};
1277
1278DERNode.prototype._use = function use(entity, obj) {
1279 if (typeof entity === 'function')
1280 entity = entity(obj);
1281 return entity._getDecoder('der').tree;
1282};
1283
1284// Utility methods
1285
1286function derDecodeTag(buf, fail) {
1287 var tag = buf.readUInt8(fail);
1288 if (buf.isError(tag))
1289 return tag;
1290
1291 var cls = der.tagClass[tag >> 6];
1292 var primitive = (tag & 0x20) === 0;
1293
1294 // Multi-octet tag - load
1295 if ((tag & 0x1f) === 0x1f) {
1296 var oct = tag;
1297 tag = 0;
1298 while ((oct & 0x80) === 0x80) {
1299 oct = buf.readUInt8(fail);
1300 if (buf.isError(oct))
1301 return oct;
1302
1303 tag <<= 7;
1304 tag |= oct & 0x7f;
1305 }
1306 } else {
1307 tag &= 0x1f;
1308 }
1309 var tagStr = der.tag[tag];
1310
1311 return {
1312 cls: cls,
1313 primitive: primitive,
1314 tag: tag,
1315 tagStr: tagStr
1316 };
1317}
1318
1319function derDecodeLen(buf, primitive, fail) {
1320 var len = buf.readUInt8(fail);
1321 if (buf.isError(len))
1322 return len;
1323
1324 // Indefinite form
1325 if (!primitive && len === 0x80)
1326 return null;
1327
1328 // Definite form
1329 if ((len & 0x80) === 0) {
1330 // Short form
1331 return len;
1332 }
1333
1334 // Long form
1335 var num = len & 0x7f;
1336 if (num > 4)
1337 return buf.error('length octect is too long');
1338
1339 len = 0;
1340 for (var i = 0; i < num; i++) {
1341 len <<= 8;
1342 var j = buf.readUInt8(fail);
1343 if (buf.isError(j))
1344 return j;
1345 len |= j;
1346 }
1347
1348 return len;
1349}
1350
1351},{"../../asn1":1,"inherits":95}],10:[function(require,module,exports){
1352var decoders = exports;
1353
1354decoders.der = require('./der');
1355decoders.pem = require('./pem');
1356
1357},{"./der":9,"./pem":11}],11:[function(require,module,exports){
1358var inherits = require('inherits');
1359var Buffer = require('buffer').Buffer;
1360
1361var DERDecoder = require('./der');
1362
1363function PEMDecoder(entity) {
1364 DERDecoder.call(this, entity);
1365 this.enc = 'pem';
1366};
1367inherits(PEMDecoder, DERDecoder);
1368module.exports = PEMDecoder;
1369
1370PEMDecoder.prototype.decode = function decode(data, options) {
1371 var lines = data.toString().split(/[\r\n]+/g);
1372
1373 var label = options.label.toUpperCase();
1374
1375 var re = /^-----(BEGIN|END) ([^-]+)-----$/;
1376 var start = -1;
1377 var end = -1;
1378 for (var i = 0; i < lines.length; i++) {
1379 var match = lines[i].match(re);
1380 if (match === null)
1381 continue;
1382
1383 if (match[2] !== label)
1384 continue;
1385
1386 if (start === -1) {
1387 if (match[1] !== 'BEGIN')
1388 break;
1389 start = i;
1390 } else {
1391 if (match[1] !== 'END')
1392 break;
1393 end = i;
1394 break;
1395 }
1396 }
1397 if (start === -1 || end === -1)
1398 throw new Error('PEM section not found for: ' + label);
1399
1400 var base64 = lines.slice(start + 1, end).join('');
1401 // Remove excessive symbols
1402 base64.replace(/[^a-z0-9\+\/=]+/gi, '');
1403
1404 var input = new Buffer(base64, 'base64');
1405 return DERDecoder.prototype.decode.call(this, input, options);
1406};
1407
1408},{"./der":9,"buffer":47,"inherits":95}],12:[function(require,module,exports){
1409var inherits = require('inherits');
1410var Buffer = require('buffer').Buffer;
1411
1412var asn1 = require('../../asn1');
1413var base = asn1.base;
1414
1415// Import DER constants
1416var der = asn1.constants.der;
1417
1418function DEREncoder(entity) {
1419 this.enc = 'der';
1420 this.name = entity.name;
1421 this.entity = entity;
1422
1423 // Construct base tree
1424 this.tree = new DERNode();
1425 this.tree._init(entity.body);
1426};
1427module.exports = DEREncoder;
1428
1429DEREncoder.prototype.encode = function encode(data, reporter) {
1430 return this.tree._encode(data, reporter).join();
1431};
1432
1433// Tree methods
1434
1435function DERNode(parent) {
1436 base.Node.call(this, 'der', parent);
1437}
1438inherits(DERNode, base.Node);
1439
1440DERNode.prototype._encodeComposite = function encodeComposite(tag,
1441 primitive,
1442 cls,
1443 content) {
1444 var encodedTag = encodeTag(tag, primitive, cls, this.reporter);
1445
1446 // Short form
1447 if (content.length < 0x80) {
1448 var header = new Buffer(2);
1449 header[0] = encodedTag;
1450 header[1] = content.length;
1451 return this._createEncoderBuffer([ header, content ]);
1452 }
1453
1454 // Long form
1455 // Count octets required to store length
1456 var lenOctets = 1;
1457 for (var i = content.length; i >= 0x100; i >>= 8)
1458 lenOctets++;
1459
1460 var header = new Buffer(1 + 1 + lenOctets);
1461 header[0] = encodedTag;
1462 header[1] = 0x80 | lenOctets;
1463
1464 for (var i = 1 + lenOctets, j = content.length; j > 0; i--, j >>= 8)
1465 header[i] = j & 0xff;
1466
1467 return this._createEncoderBuffer([ header, content ]);
1468};
1469
1470DERNode.prototype._encodeStr = function encodeStr(str, tag) {
1471 if (tag === 'bitstr') {
1472 return this._createEncoderBuffer([ str.unused | 0, str.data ]);
1473 } else if (tag === 'bmpstr') {
1474 var buf = new Buffer(str.length * 2);
1475 for (var i = 0; i < str.length; i++) {
1476 buf.writeUInt16BE(str.charCodeAt(i), i * 2);
1477 }
1478 return this._createEncoderBuffer(buf);
1479 } else if (tag === 'numstr') {
1480 if (!this._isNumstr(str)) {
1481 return this.reporter.error('Encoding of string type: numstr supports ' +
1482 'only digits and space');
1483 }
1484 return this._createEncoderBuffer(str);
1485 } else if (tag === 'printstr') {
1486 if (!this._isPrintstr(str)) {
1487 return this.reporter.error('Encoding of string type: printstr supports ' +
1488 'only latin upper and lower case letters, ' +
1489 'digits, space, apostrophe, left and rigth ' +
1490 'parenthesis, plus sign, comma, hyphen, ' +
1491 'dot, slash, colon, equal sign, ' +
1492 'question mark');
1493 }
1494 return this._createEncoderBuffer(str);
1495 } else if (/str$/.test(tag)) {
1496 return this._createEncoderBuffer(str);
1497 } else if (tag === 'objDesc') {
1498 return this._createEncoderBuffer(str);
1499 } else {
1500 return this.reporter.error('Encoding of string type: ' + tag +
1501 ' unsupported');
1502 }
1503};
1504
1505DERNode.prototype._encodeObjid = function encodeObjid(id, values, relative) {
1506 if (typeof id === 'string') {
1507 if (!values)
1508 return this.reporter.error('string objid given, but no values map found');
1509 if (!values.hasOwnProperty(id))
1510 return this.reporter.error('objid not found in values map');
1511 id = values[id].split(/[\s\.]+/g);
1512 for (var i = 0; i < id.length; i++)
1513 id[i] |= 0;
1514 } else if (Array.isArray(id)) {
1515 id = id.slice();
1516 for (var i = 0; i < id.length; i++)
1517 id[i] |= 0;
1518 }
1519
1520 if (!Array.isArray(id)) {
1521 return this.reporter.error('objid() should be either array or string, ' +
1522 'got: ' + JSON.stringify(id));
1523 }
1524
1525 if (!relative) {
1526 if (id[1] >= 40)
1527 return this.reporter.error('Second objid identifier OOB');
1528 id.splice(0, 2, id[0] * 40 + id[1]);
1529 }
1530
1531 // Count number of octets
1532 var size = 0;
1533 for (var i = 0; i < id.length; i++) {
1534 var ident = id[i];
1535 for (size++; ident >= 0x80; ident >>= 7)
1536 size++;
1537 }
1538
1539 var objid = new Buffer(size);
1540 var offset = objid.length - 1;
1541 for (var i = id.length - 1; i >= 0; i--) {
1542 var ident = id[i];
1543 objid[offset--] = ident & 0x7f;
1544 while ((ident >>= 7) > 0)
1545 objid[offset--] = 0x80 | (ident & 0x7f);
1546 }
1547
1548 return this._createEncoderBuffer(objid);
1549};
1550
1551function two(num) {
1552 if (num < 10)
1553 return '0' + num;
1554 else
1555 return num;
1556}
1557
1558DERNode.prototype._encodeTime = function encodeTime(time, tag) {
1559 var str;
1560 var date = new Date(time);
1561
1562 if (tag === 'gentime') {
1563 str = [
1564 two(date.getFullYear()),
1565 two(date.getUTCMonth() + 1),
1566 two(date.getUTCDate()),
1567 two(date.getUTCHours()),
1568 two(date.getUTCMinutes()),
1569 two(date.getUTCSeconds()),
1570 'Z'
1571 ].join('');
1572 } else if (tag === 'utctime') {
1573 str = [
1574 two(date.getFullYear() % 100),
1575 two(date.getUTCMonth() + 1),
1576 two(date.getUTCDate()),
1577 two(date.getUTCHours()),
1578 two(date.getUTCMinutes()),
1579 two(date.getUTCSeconds()),
1580 'Z'
1581 ].join('');
1582 } else {
1583 this.reporter.error('Encoding ' + tag + ' time is not supported yet');
1584 }
1585
1586 return this._encodeStr(str, 'octstr');
1587};
1588
1589DERNode.prototype._encodeNull = function encodeNull() {
1590 return this._createEncoderBuffer('');
1591};
1592
1593DERNode.prototype._encodeInt = function encodeInt(num, values) {
1594 if (typeof num === 'string') {
1595 if (!values)
1596 return this.reporter.error('String int or enum given, but no values map');
1597 if (!values.hasOwnProperty(num)) {
1598 return this.reporter.error('Values map doesn\'t contain: ' +
1599 JSON.stringify(num));
1600 }
1601 num = values[num];
1602 }
1603
1604 // Bignum, assume big endian
1605 if (typeof num !== 'number' && !Buffer.isBuffer(num)) {
1606 var numArray = num.toArray();
1607 if (!num.sign && numArray[0] & 0x80) {
1608 numArray.unshift(0);
1609 }
1610 num = new Buffer(numArray);
1611 }
1612
1613 if (Buffer.isBuffer(num)) {
1614 var size = num.length;
1615 if (num.length === 0)
1616 size++;
1617
1618 var out = new Buffer(size);
1619 num.copy(out);
1620 if (num.length === 0)
1621 out[0] = 0
1622 return this._createEncoderBuffer(out);
1623 }
1624
1625 if (num < 0x80)
1626 return this._createEncoderBuffer(num);
1627
1628 if (num < 0x100)
1629 return this._createEncoderBuffer([0, num]);
1630
1631 var size = 1;
1632 for (var i = num; i >= 0x100; i >>= 8)
1633 size++;
1634
1635 var out = new Array(size);
1636 for (var i = out.length - 1; i >= 0; i--) {
1637 out[i] = num & 0xff;
1638 num >>= 8;
1639 }
1640 if(out[0] & 0x80) {
1641 out.unshift(0);
1642 }
1643
1644 return this._createEncoderBuffer(new Buffer(out));
1645};
1646
1647DERNode.prototype._encodeBool = function encodeBool(value) {
1648 return this._createEncoderBuffer(value ? 0xff : 0);
1649};
1650
1651DERNode.prototype._use = function use(entity, obj) {
1652 if (typeof entity === 'function')
1653 entity = entity(obj);
1654 return entity._getEncoder('der').tree;
1655};
1656
1657DERNode.prototype._skipDefault = function skipDefault(dataBuffer, reporter, parent) {
1658 var state = this._baseState;
1659 var i;
1660 if (state['default'] === null)
1661 return false;
1662
1663 var data = dataBuffer.join();
1664 if (state.defaultBuffer === undefined)
1665 state.defaultBuffer = this._encodeValue(state['default'], reporter, parent).join();
1666
1667 if (data.length !== state.defaultBuffer.length)
1668 return false;
1669
1670 for (i=0; i < data.length; i++)
1671 if (data[i] !== state.defaultBuffer[i])
1672 return false;
1673
1674 return true;
1675};
1676
1677// Utility methods
1678
1679function encodeTag(tag, primitive, cls, reporter) {
1680 var res;
1681
1682 if (tag === 'seqof')
1683 tag = 'seq';
1684 else if (tag === 'setof')
1685 tag = 'set';
1686
1687 if (der.tagByName.hasOwnProperty(tag))
1688 res = der.tagByName[tag];
1689 else if (typeof tag === 'number' && (tag | 0) === tag)
1690 res = tag;
1691 else
1692 return reporter.error('Unknown tag: ' + tag);
1693
1694 if (res >= 0x1f)
1695 return reporter.error('Multi-octet tag encoding unsupported');
1696
1697 if (!primitive)
1698 res |= 0x20;
1699
1700 res |= (der.tagClassByName[cls || 'universal'] << 6);
1701
1702 return res;
1703}
1704
1705},{"../../asn1":1,"buffer":47,"inherits":95}],13:[function(require,module,exports){
1706var encoders = exports;
1707
1708encoders.der = require('./der');
1709encoders.pem = require('./pem');
1710
1711},{"./der":12,"./pem":14}],14:[function(require,module,exports){
1712var inherits = require('inherits');
1713
1714var DEREncoder = require('./der');
1715
1716function PEMEncoder(entity) {
1717 DEREncoder.call(this, entity);
1718 this.enc = 'pem';
1719};
1720inherits(PEMEncoder, DEREncoder);
1721module.exports = PEMEncoder;
1722
1723PEMEncoder.prototype.encode = function encode(data, options) {
1724 var buf = DEREncoder.prototype.encode.call(this, data);
1725
1726 var p = buf.toString('base64');
1727 var out = [ '-----BEGIN ' + options.label + '-----' ];
1728 for (var i = 0; i < p.length; i += 64)
1729 out.push(p.slice(i, i + 64));
1730 out.push('-----END ' + options.label + '-----');
1731 return out.join('\n');
1732};
1733
1734},{"./der":12,"inherits":95}],15:[function(require,module,exports){
1735(function (global){
1736'use strict';
1737
1738// compare and isBuffer taken from https://github.com/feross/buffer/blob/680e9e5e488f22aac27599a57dc844a6315928dd/index.js
1739// original notice:
1740
1741/*!
1742 * The buffer module from node.js, for the browser.
1743 *
1744 * @author Feross Aboukhadijeh <feross@feross.org> <http://feross.org>
1745 * @license MIT
1746 */
1747function compare(a, b) {
1748 if (a === b) {
1749 return 0;
1750 }
1751
1752 var x = a.length;
1753 var y = b.length;
1754
1755 for (var i = 0, len = Math.min(x, y); i < len; ++i) {
1756 if (a[i] !== b[i]) {
1757 x = a[i];
1758 y = b[i];
1759 break;
1760 }
1761 }
1762
1763 if (x < y) {
1764 return -1;
1765 }
1766 if (y < x) {
1767 return 1;
1768 }
1769 return 0;
1770}
1771function isBuffer(b) {
1772 if (global.Buffer && typeof global.Buffer.isBuffer === 'function') {
1773 return global.Buffer.isBuffer(b);
1774 }
1775 return !!(b != null && b._isBuffer);
1776}
1777
1778// based on node assert, original notice:
1779
1780// http://wiki.commonjs.org/wiki/Unit_Testing/1.0
1781//
1782// THIS IS NOT TESTED NOR LIKELY TO WORK OUTSIDE V8!
1783//
1784// Originally from narwhal.js (http://narwhaljs.org)
1785// Copyright (c) 2009 Thomas Robinson <280north.com>
1786//
1787// Permission is hereby granted, free of charge, to any person obtaining a copy
1788// of this software and associated documentation files (the 'Software'), to
1789// deal in the Software without restriction, including without limitation the
1790// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
1791// sell copies of the Software, and to permit persons to whom the Software is
1792// furnished to do so, subject to the following conditions:
1793//
1794// The above copyright notice and this permission notice shall be included in
1795// all copies or substantial portions of the Software.
1796//
1797// THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
1798// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
1799// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
1800// AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
1801// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
1802// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
1803
1804var util = require('util/');
1805var hasOwn = Object.prototype.hasOwnProperty;
1806var pSlice = Array.prototype.slice;
1807var functionsHaveNames = (function () {
1808 return function foo() {}.name === 'foo';
1809}());
1810function pToString (obj) {
1811 return Object.prototype.toString.call(obj);
1812}
1813function isView(arrbuf) {
1814 if (isBuffer(arrbuf)) {
1815 return false;
1816 }
1817 if (typeof global.ArrayBuffer !== 'function') {
1818 return false;
1819 }
1820 if (typeof ArrayBuffer.isView === 'function') {
1821 return ArrayBuffer.isView(arrbuf);
1822 }
1823 if (!arrbuf) {
1824 return false;
1825 }
1826 if (arrbuf instanceof DataView) {
1827 return true;
1828 }
1829 if (arrbuf.buffer && arrbuf.buffer instanceof ArrayBuffer) {
1830 return true;
1831 }
1832 return false;
1833}
1834// 1. The assert module provides functions that throw
1835// AssertionError's when particular conditions are not met. The
1836// assert module must conform to the following interface.
1837
1838var assert = module.exports = ok;
1839
1840// 2. The AssertionError is defined in assert.
1841// new assert.AssertionError({ message: message,
1842// actual: actual,
1843// expected: expected })
1844
1845var regex = /\s*function\s+([^\(\s]*)\s*/;
1846// based on https://github.com/ljharb/function.prototype.name/blob/adeeeec8bfcc6068b187d7d9fb3d5bb1d3a30899/implementation.js
1847function getName(func) {
1848 if (!util.isFunction(func)) {
1849 return;
1850 }
1851 if (functionsHaveNames) {
1852 return func.name;
1853 }
1854 var str = func.toString();
1855 var match = str.match(regex);
1856 return match && match[1];
1857}
1858assert.AssertionError = function AssertionError(options) {
1859 this.name = 'AssertionError';
1860 this.actual = options.actual;
1861 this.expected = options.expected;
1862 this.operator = options.operator;
1863 if (options.message) {
1864 this.message = options.message;
1865 this.generatedMessage = false;
1866 } else {
1867 this.message = getMessage(this);
1868 this.generatedMessage = true;
1869 }
1870 var stackStartFunction = options.stackStartFunction || fail;
1871 if (Error.captureStackTrace) {
1872 Error.captureStackTrace(this, stackStartFunction);
1873 } else {
1874 // non v8 browsers so we can have a stacktrace
1875 var err = new Error();
1876 if (err.stack) {
1877 var out = err.stack;
1878
1879 // try to strip useless frames
1880 var fn_name = getName(stackStartFunction);
1881 var idx = out.indexOf('\n' + fn_name);
1882 if (idx >= 0) {
1883 // once we have located the function frame
1884 // we need to strip out everything before it (and its line)
1885 var next_line = out.indexOf('\n', idx + 1);
1886 out = out.substring(next_line + 1);
1887 }
1888
1889 this.stack = out;
1890 }
1891 }
1892};
1893
1894// assert.AssertionError instanceof Error
1895util.inherits(assert.AssertionError, Error);
1896
1897function truncate(s, n) {
1898 if (typeof s === 'string') {
1899 return s.length < n ? s : s.slice(0, n);
1900 } else {
1901 return s;
1902 }
1903}
1904function inspect(something) {
1905 if (functionsHaveNames || !util.isFunction(something)) {
1906 return util.inspect(something);
1907 }
1908 var rawname = getName(something);
1909 var name = rawname ? ': ' + rawname : '';
1910 return '[Function' + name + ']';
1911}
1912function getMessage(self) {
1913 return truncate(inspect(self.actual), 128) + ' ' +
1914 self.operator + ' ' +
1915 truncate(inspect(self.expected), 128);
1916}
1917
1918// At present only the three keys mentioned above are used and
1919// understood by the spec. Implementations or sub modules can pass
1920// other keys to the AssertionError's constructor - they will be
1921// ignored.
1922
1923// 3. All of the following functions must throw an AssertionError
1924// when a corresponding condition is not met, with a message that
1925// may be undefined if not provided. All assertion methods provide
1926// both the actual and expected values to the assertion error for
1927// display purposes.
1928
1929function fail(actual, expected, message, operator, stackStartFunction) {
1930 throw new assert.AssertionError({
1931 message: message,
1932 actual: actual,
1933 expected: expected,
1934 operator: operator,
1935 stackStartFunction: stackStartFunction
1936 });
1937}
1938
1939// EXTENSION! allows for well behaved errors defined elsewhere.
1940assert.fail = fail;
1941
1942// 4. Pure assertion tests whether a value is truthy, as determined
1943// by !!guard.
1944// assert.ok(guard, message_opt);
1945// This statement is equivalent to assert.equal(true, !!guard,
1946// message_opt);. To test strictly for the value true, use
1947// assert.strictEqual(true, guard, message_opt);.
1948
1949function ok(value, message) {
1950 if (!value) fail(value, true, message, '==', assert.ok);
1951}
1952assert.ok = ok;
1953
1954// 5. The equality assertion tests shallow, coercive equality with
1955// ==.
1956// assert.equal(actual, expected, message_opt);
1957
1958assert.equal = function equal(actual, expected, message) {
1959 if (actual != expected) fail(actual, expected, message, '==', assert.equal);
1960};
1961
1962// 6. The non-equality assertion tests for whether two objects are not equal
1963// with != assert.notEqual(actual, expected, message_opt);
1964
1965assert.notEqual = function notEqual(actual, expected, message) {
1966 if (actual == expected) {
1967 fail(actual, expected, message, '!=', assert.notEqual);
1968 }
1969};
1970
1971// 7. The equivalence assertion tests a deep equality relation.
1972// assert.deepEqual(actual, expected, message_opt);
1973
1974assert.deepEqual = function deepEqual(actual, expected, message) {
1975 if (!_deepEqual(actual, expected, false)) {
1976 fail(actual, expected, message, 'deepEqual', assert.deepEqual);
1977 }
1978};
1979
1980assert.deepStrictEqual = function deepStrictEqual(actual, expected, message) {
1981 if (!_deepEqual(actual, expected, true)) {
1982 fail(actual, expected, message, 'deepStrictEqual', assert.deepStrictEqual);
1983 }
1984};
1985
1986function _deepEqual(actual, expected, strict, memos) {
1987 // 7.1. All identical values are equivalent, as determined by ===.
1988 if (actual === expected) {
1989 return true;
1990 } else if (isBuffer(actual) && isBuffer(expected)) {
1991 return compare(actual, expected) === 0;
1992
1993 // 7.2. If the expected value is a Date object, the actual value is
1994 // equivalent if it is also a Date object that refers to the same time.
1995 } else if (util.isDate(actual) && util.isDate(expected)) {
1996 return actual.getTime() === expected.getTime();
1997
1998 // 7.3 If the expected value is a RegExp object, the actual value is
1999 // equivalent if it is also a RegExp object with the same source and
2000 // properties (`global`, `multiline`, `lastIndex`, `ignoreCase`).
2001 } else if (util.isRegExp(actual) && util.isRegExp(expected)) {
2002 return actual.source === expected.source &&
2003 actual.global === expected.global &&
2004 actual.multiline === expected.multiline &&
2005 actual.lastIndex === expected.lastIndex &&
2006 actual.ignoreCase === expected.ignoreCase;
2007
2008 // 7.4. Other pairs that do not both pass typeof value == 'object',
2009 // equivalence is determined by ==.
2010 } else if ((actual === null || typeof actual !== 'object') &&
2011 (expected === null || typeof expected !== 'object')) {
2012 return strict ? actual === expected : actual == expected;
2013
2014 // If both values are instances of typed arrays, wrap their underlying
2015 // ArrayBuffers in a Buffer each to increase performance
2016 // This optimization requires the arrays to have the same type as checked by
2017 // Object.prototype.toString (aka pToString). Never perform binary
2018 // comparisons for Float*Arrays, though, since e.g. +0 === -0 but their
2019 // bit patterns are not identical.
2020 } else if (isView(actual) && isView(expected) &&
2021 pToString(actual) === pToString(expected) &&
2022 !(actual instanceof Float32Array ||
2023 actual instanceof Float64Array)) {
2024 return compare(new Uint8Array(actual.buffer),
2025 new Uint8Array(expected.buffer)) === 0;
2026
2027 // 7.5 For all other Object pairs, including Array objects, equivalence is
2028 // determined by having the same number of owned properties (as verified
2029 // with Object.prototype.hasOwnProperty.call), the same set of keys
2030 // (although not necessarily the same order), equivalent values for every
2031 // corresponding key, and an identical 'prototype' property. Note: this
2032 // accounts for both named and indexed properties on Arrays.
2033 } else if (isBuffer(actual) !== isBuffer(expected)) {
2034 return false;
2035 } else {
2036 memos = memos || {actual: [], expected: []};
2037
2038 var actualIndex = memos.actual.indexOf(actual);
2039 if (actualIndex !== -1) {
2040 if (actualIndex === memos.expected.indexOf(expected)) {
2041 return true;
2042 }
2043 }
2044
2045 memos.actual.push(actual);
2046 memos.expected.push(expected);
2047
2048 return objEquiv(actual, expected, strict, memos);
2049 }
2050}
2051
2052function isArguments(object) {
2053 return Object.prototype.toString.call(object) == '[object Arguments]';
2054}
2055
2056function objEquiv(a, b, strict, actualVisitedObjects) {
2057 if (a === null || a === undefined || b === null || b === undefined)
2058 return false;
2059 // if one is a primitive, the other must be same
2060 if (util.isPrimitive(a) || util.isPrimitive(b))
2061 return a === b;
2062 if (strict && Object.getPrototypeOf(a) !== Object.getPrototypeOf(b))
2063 return false;
2064 var aIsArgs = isArguments(a);
2065 var bIsArgs = isArguments(b);
2066 if ((aIsArgs && !bIsArgs) || (!aIsArgs && bIsArgs))
2067 return false;
2068 if (aIsArgs) {
2069 a = pSlice.call(a);
2070 b = pSlice.call(b);
2071 return _deepEqual(a, b, strict);
2072 }
2073 var ka = objectKeys(a);
2074 var kb = objectKeys(b);
2075 var key, i;
2076 // having the same number of owned properties (keys incorporates
2077 // hasOwnProperty)
2078 if (ka.length !== kb.length)
2079 return false;
2080 //the same set of keys (although not necessarily the same order),
2081 ka.sort();
2082 kb.sort();
2083 //~~~cheap key test
2084 for (i = ka.length - 1; i >= 0; i--) {
2085 if (ka[i] !== kb[i])
2086 return false;
2087 }
2088 //equivalent values for every corresponding key, and
2089 //~~~possibly expensive deep test
2090 for (i = ka.length - 1; i >= 0; i--) {
2091 key = ka[i];
2092 if (!_deepEqual(a[key], b[key], strict, actualVisitedObjects))
2093 return false;
2094 }
2095 return true;
2096}
2097
2098// 8. The non-equivalence assertion tests for any deep inequality.
2099// assert.notDeepEqual(actual, expected, message_opt);
2100
2101assert.notDeepEqual = function notDeepEqual(actual, expected, message) {
2102 if (_deepEqual(actual, expected, false)) {
2103 fail(actual, expected, message, 'notDeepEqual', assert.notDeepEqual);
2104 }
2105};
2106
2107assert.notDeepStrictEqual = notDeepStrictEqual;
2108function notDeepStrictEqual(actual, expected, message) {
2109 if (_deepEqual(actual, expected, true)) {
2110 fail(actual, expected, message, 'notDeepStrictEqual', notDeepStrictEqual);
2111 }
2112}
2113
2114
2115// 9. The strict equality assertion tests strict equality, as determined by ===.
2116// assert.strictEqual(actual, expected, message_opt);
2117
2118assert.strictEqual = function strictEqual(actual, expected, message) {
2119 if (actual !== expected) {
2120 fail(actual, expected, message, '===', assert.strictEqual);
2121 }
2122};
2123
2124// 10. The strict non-equality assertion tests for strict inequality, as
2125// determined by !==. assert.notStrictEqual(actual, expected, message_opt);
2126
2127assert.notStrictEqual = function notStrictEqual(actual, expected, message) {
2128 if (actual === expected) {
2129 fail(actual, expected, message, '!==', assert.notStrictEqual);
2130 }
2131};
2132
2133function expectedException(actual, expected) {
2134 if (!actual || !expected) {
2135 return false;
2136 }
2137
2138 if (Object.prototype.toString.call(expected) == '[object RegExp]') {
2139 return expected.test(actual);
2140 }
2141
2142 try {
2143 if (actual instanceof expected) {
2144 return true;
2145 }
2146 } catch (e) {
2147 // Ignore. The instanceof check doesn't work for arrow functions.
2148 }
2149
2150 if (Error.isPrototypeOf(expected)) {
2151 return false;
2152 }
2153
2154 return expected.call({}, actual) === true;
2155}
2156
2157function _tryBlock(block) {
2158 var error;
2159 try {
2160 block();
2161 } catch (e) {
2162 error = e;
2163 }
2164 return error;
2165}
2166
2167function _throws(shouldThrow, block, expected, message) {
2168 var actual;
2169
2170 if (typeof block !== 'function') {
2171 throw new TypeError('"block" argument must be a function');
2172 }
2173
2174 if (typeof expected === 'string') {
2175 message = expected;
2176 expected = null;
2177 }
2178
2179 actual = _tryBlock(block);
2180
2181 message = (expected && expected.name ? ' (' + expected.name + ').' : '.') +
2182 (message ? ' ' + message : '.');
2183
2184 if (shouldThrow && !actual) {
2185 fail(actual, expected, 'Missing expected exception' + message);
2186 }
2187
2188 var userProvidedMessage = typeof message === 'string';
2189 var isUnwantedException = !shouldThrow && util.isError(actual);
2190 var isUnexpectedException = !shouldThrow && actual && !expected;
2191
2192 if ((isUnwantedException &&
2193 userProvidedMessage &&
2194 expectedException(actual, expected)) ||
2195 isUnexpectedException) {
2196 fail(actual, expected, 'Got unwanted exception' + message);
2197 }
2198
2199 if ((shouldThrow && actual && expected &&
2200 !expectedException(actual, expected)) || (!shouldThrow && actual)) {
2201 throw actual;
2202 }
2203}
2204
2205// 11. Expected to throw an error:
2206// assert.throws(block, Error_opt, message_opt);
2207
2208assert.throws = function(block, /*optional*/error, /*optional*/message) {
2209 _throws(true, block, error, message);
2210};
2211
2212// EXTENSION! This is annoying to write outside this module.
2213assert.doesNotThrow = function(block, /*optional*/error, /*optional*/message) {
2214 _throws(false, block, error, message);
2215};
2216
2217assert.ifError = function(err) { if (err) throw err; };
2218
2219var objectKeys = Object.keys || function (obj) {
2220 var keys = [];
2221 for (var key in obj) {
2222 if (hasOwn.call(obj, key)) keys.push(key);
2223 }
2224 return keys;
2225};
2226
2227}).call(this,typeof global !== "undefined" ? global : typeof self !== "undefined" ? self : typeof window !== "undefined" ? window : {})
2228},{"util/":148}],16:[function(require,module,exports){
2229'use strict'
2230
2231exports.byteLength = byteLength
2232exports.toByteArray = toByteArray
2233exports.fromByteArray = fromByteArray
2234
2235var lookup = []
2236var revLookup = []
2237var Arr = typeof Uint8Array !== 'undefined' ? Uint8Array : Array
2238
2239var code = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
2240for (var i = 0, len = code.length; i < len; ++i) {
2241 lookup[i] = code[i]
2242 revLookup[code.charCodeAt(i)] = i
2243}
2244
2245revLookup['-'.charCodeAt(0)] = 62
2246revLookup['_'.charCodeAt(0)] = 63
2247
2248function placeHoldersCount (b64) {
2249 var len = b64.length
2250 if (len % 4 > 0) {
2251 throw new Error('Invalid string. Length must be a multiple of 4')
2252 }
2253
2254 // the number of equal signs (place holders)
2255 // if there are two placeholders, than the two characters before it
2256 // represent one byte
2257 // if there is only one, then the three characters before it represent 2 bytes
2258 // this is just a cheap hack to not do indexOf twice
2259 return b64[len - 2] === '=' ? 2 : b64[len - 1] === '=' ? 1 : 0
2260}
2261
2262function byteLength (b64) {
2263 // base64 is 4/3 + up to two characters of the original data
2264 return b64.length * 3 / 4 - placeHoldersCount(b64)
2265}
2266
2267function toByteArray (b64) {
2268 var i, j, l, tmp, placeHolders, arr
2269 var len = b64.length
2270 placeHolders = placeHoldersCount(b64)
2271
2272 arr = new Arr(len * 3 / 4 - placeHolders)
2273
2274 // if there are placeholders, only get up to the last complete 4 chars
2275 l = placeHolders > 0 ? len - 4 : len
2276
2277 var L = 0
2278
2279 for (i = 0, j = 0; i < l; i += 4, j += 3) {
2280 tmp = (revLookup[b64.charCodeAt(i)] << 18) | (revLookup[b64.charCodeAt(i + 1)] << 12) | (revLookup[b64.charCodeAt(i + 2)] << 6) | revLookup[b64.charCodeAt(i + 3)]
2281 arr[L++] = (tmp >> 16) & 0xFF
2282 arr[L++] = (tmp >> 8) & 0xFF
2283 arr[L++] = tmp & 0xFF
2284 }
2285
2286 if (placeHolders === 2) {
2287 tmp = (revLookup[b64.charCodeAt(i)] << 2) | (revLookup[b64.charCodeAt(i + 1)] >> 4)
2288 arr[L++] = tmp & 0xFF
2289 } else if (placeHolders === 1) {
2290 tmp = (revLookup[b64.charCodeAt(i)] << 10) | (revLookup[b64.charCodeAt(i + 1)] << 4) | (revLookup[b64.charCodeAt(i + 2)] >> 2)
2291 arr[L++] = (tmp >> 8) & 0xFF
2292 arr[L++] = tmp & 0xFF
2293 }
2294
2295 return arr
2296}
2297
2298function tripletToBase64 (num) {
2299 return lookup[num >> 18 & 0x3F] + lookup[num >> 12 & 0x3F] + lookup[num >> 6 & 0x3F] + lookup[num & 0x3F]
2300}
2301
2302function encodeChunk (uint8, start, end) {
2303 var tmp
2304 var output = []
2305 for (var i = start; i < end; i += 3) {
2306 tmp = (uint8[i] << 16) + (uint8[i + 1] << 8) + (uint8[i + 2])
2307 output.push(tripletToBase64(tmp))
2308 }
2309 return output.join('')
2310}
2311
2312function fromByteArray (uint8) {
2313 var tmp
2314 var len = uint8.length
2315 var extraBytes = len % 3 // if we have 1 byte left, pad 2 bytes
2316 var output = ''
2317 var parts = []
2318 var maxChunkLength = 16383 // must be multiple of 3
2319
2320 // go through the array every three bytes, we'll deal with trailing stuff later
2321 for (var i = 0, len2 = len - extraBytes; i < len2; i += maxChunkLength) {
2322 parts.push(encodeChunk(uint8, i, (i + maxChunkLength) > len2 ? len2 : (i + maxChunkLength)))
2323 }
2324
2325 // pad the end with zeros, but make sure to not forget the extra bytes
2326 if (extraBytes === 1) {
2327 tmp = uint8[len - 1]
2328 output += lookup[tmp >> 2]
2329 output += lookup[(tmp << 4) & 0x3F]
2330 output += '=='
2331 } else if (extraBytes === 2) {
2332 tmp = (uint8[len - 2] << 8) + (uint8[len - 1])
2333 output += lookup[tmp >> 10]
2334 output += lookup[(tmp >> 4) & 0x3F]
2335 output += lookup[(tmp << 2) & 0x3F]
2336 output += '='
2337 }
2338
2339 parts.push(output)
2340
2341 return parts.join('')
2342}
2343
2344},{}],17:[function(require,module,exports){
2345(function (module, exports) {
2346 'use strict';
2347
2348 // Utils
2349 function assert (val, msg) {
2350 if (!val) throw new Error(msg || 'Assertion failed');
2351 }
2352
2353 // Could use `inherits` module, but don't want to move from single file
2354 // architecture yet.
2355 function inherits (ctor, superCtor) {
2356 ctor.super_ = superCtor;
2357 var TempCtor = function () {};
2358 TempCtor.prototype = superCtor.prototype;
2359 ctor.prototype = new TempCtor();
2360 ctor.prototype.constructor = ctor;
2361 }
2362
2363 // BN
2364
2365 function BN (number, base, endian) {
2366 if (BN.isBN(number)) {
2367 return number;
2368 }
2369
2370 this.negative = 0;
2371 this.words = null;
2372 this.length = 0;
2373
2374 // Reduction context
2375 this.red = null;
2376
2377 if (number !== null) {
2378 if (base === 'le' || base === 'be') {
2379 endian = base;
2380 base = 10;
2381 }
2382
2383 this._init(number || 0, base || 10, endian || 'be');
2384 }
2385 }
2386 if (typeof module === 'object') {
2387 module.exports = BN;
2388 } else {
2389 exports.BN = BN;
2390 }
2391
2392 BN.BN = BN;
2393 BN.wordSize = 26;
2394
2395 var Buffer;
2396 try {
2397 Buffer = require('buf' + 'fer').Buffer;
2398 } catch (e) {
2399 }
2400
2401 BN.isBN = function isBN (num) {
2402 if (num instanceof BN) {
2403 return true;
2404 }
2405
2406 return num !== null && typeof num === 'object' &&
2407 num.constructor.wordSize === BN.wordSize && Array.isArray(num.words);
2408 };
2409
2410 BN.max = function max (left, right) {
2411 if (left.cmp(right) > 0) return left;
2412 return right;
2413 };
2414
2415 BN.min = function min (left, right) {
2416 if (left.cmp(right) < 0) return left;
2417 return right;
2418 };
2419
2420 BN.prototype._init = function init (number, base, endian) {
2421 if (typeof number === 'number') {
2422 return this._initNumber(number, base, endian);
2423 }
2424
2425 if (typeof number === 'object') {
2426 return this._initArray(number, base, endian);
2427 }
2428
2429 if (base === 'hex') {
2430 base = 16;
2431 }
2432 assert(base === (base | 0) && base >= 2 && base <= 36);
2433
2434 number = number.toString().replace(/\s+/g, '');
2435 var start = 0;
2436 if (number[0] === '-') {
2437 start++;
2438 }
2439
2440 if (base === 16) {
2441 this._parseHex(number, start);
2442 } else {
2443 this._parseBase(number, base, start);
2444 }
2445
2446 if (number[0] === '-') {
2447 this.negative = 1;
2448 }
2449
2450 this.strip();
2451
2452 if (endian !== 'le') return;
2453
2454 this._initArray(this.toArray(), base, endian);
2455 };
2456
2457 BN.prototype._initNumber = function _initNumber (number, base, endian) {
2458 if (number < 0) {
2459 this.negative = 1;
2460 number = -number;
2461 }
2462 if (number < 0x4000000) {
2463 this.words = [ number & 0x3ffffff ];
2464 this.length = 1;
2465 } else if (number < 0x10000000000000) {
2466 this.words = [
2467 number & 0x3ffffff,
2468 (number / 0x4000000) & 0x3ffffff
2469 ];
2470 this.length = 2;
2471 } else {
2472 assert(number < 0x20000000000000); // 2 ^ 53 (unsafe)
2473 this.words = [
2474 number & 0x3ffffff,
2475 (number / 0x4000000) & 0x3ffffff,
2476 1
2477 ];
2478 this.length = 3;
2479 }
2480
2481 if (endian !== 'le') return;
2482
2483 // Reverse the bytes
2484 this._initArray(this.toArray(), base, endian);
2485 };
2486
2487 BN.prototype._initArray = function _initArray (number, base, endian) {
2488 // Perhaps a Uint8Array
2489 assert(typeof number.length === 'number');
2490 if (number.length <= 0) {
2491 this.words = [ 0 ];
2492 this.length = 1;
2493 return this;
2494 }
2495
2496 this.length = Math.ceil(number.length / 3);
2497 this.words = new Array(this.length);
2498 for (var i = 0; i < this.length; i++) {
2499 this.words[i] = 0;
2500 }
2501
2502 var j, w;
2503 var off = 0;
2504 if (endian === 'be') {
2505 for (i = number.length - 1, j = 0; i >= 0; i -= 3) {
2506 w = number[i] | (number[i - 1] << 8) | (number[i - 2] << 16);
2507 this.words[j] |= (w << off) & 0x3ffffff;
2508 this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff;
2509 off += 24;
2510 if (off >= 26) {
2511 off -= 26;
2512 j++;
2513 }
2514 }
2515 } else if (endian === 'le') {
2516 for (i = 0, j = 0; i < number.length; i += 3) {
2517 w = number[i] | (number[i + 1] << 8) | (number[i + 2] << 16);
2518 this.words[j] |= (w << off) & 0x3ffffff;
2519 this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff;
2520 off += 24;
2521 if (off >= 26) {
2522 off -= 26;
2523 j++;
2524 }
2525 }
2526 }
2527 return this.strip();
2528 };
2529
2530 function parseHex (str, start, end) {
2531 var r = 0;
2532 var len = Math.min(str.length, end);
2533 for (var i = start; i < len; i++) {
2534 var c = str.charCodeAt(i) - 48;
2535
2536 r <<= 4;
2537
2538 // 'a' - 'f'
2539 if (c >= 49 && c <= 54) {
2540 r |= c - 49 + 0xa;
2541
2542 // 'A' - 'F'
2543 } else if (c >= 17 && c <= 22) {
2544 r |= c - 17 + 0xa;
2545
2546 // '0' - '9'
2547 } else {
2548 r |= c & 0xf;
2549 }
2550 }
2551 return r;
2552 }
2553
2554 BN.prototype._parseHex = function _parseHex (number, start) {
2555 // Create possibly bigger array to ensure that it fits the number
2556 this.length = Math.ceil((number.length - start) / 6);
2557 this.words = new Array(this.length);
2558 for (var i = 0; i < this.length; i++) {
2559 this.words[i] = 0;
2560 }
2561
2562 var j, w;
2563 // Scan 24-bit chunks and add them to the number
2564 var off = 0;
2565 for (i = number.length - 6, j = 0; i >= start; i -= 6) {
2566 w = parseHex(number, i, i + 6);
2567 this.words[j] |= (w << off) & 0x3ffffff;
2568 // NOTE: `0x3fffff` is intentional here, 26bits max shift + 24bit hex limb
2569 this.words[j + 1] |= w >>> (26 - off) & 0x3fffff;
2570 off += 24;
2571 if (off >= 26) {
2572 off -= 26;
2573 j++;
2574 }
2575 }
2576 if (i + 6 !== start) {
2577 w = parseHex(number, start, i + 6);
2578 this.words[j] |= (w << off) & 0x3ffffff;
2579 this.words[j + 1] |= w >>> (26 - off) & 0x3fffff;
2580 }
2581 this.strip();
2582 };
2583
2584 function parseBase (str, start, end, mul) {
2585 var r = 0;
2586 var len = Math.min(str.length, end);
2587 for (var i = start; i < len; i++) {
2588 var c = str.charCodeAt(i) - 48;
2589
2590 r *= mul;
2591
2592 // 'a'
2593 if (c >= 49) {
2594 r += c - 49 + 0xa;
2595
2596 // 'A'
2597 } else if (c >= 17) {
2598 r += c - 17 + 0xa;
2599
2600 // '0' - '9'
2601 } else {
2602 r += c;
2603 }
2604 }
2605 return r;
2606 }
2607
2608 BN.prototype._parseBase = function _parseBase (number, base, start) {
2609 // Initialize as zero
2610 this.words = [ 0 ];
2611 this.length = 1;
2612
2613 // Find length of limb in base
2614 for (var limbLen = 0, limbPow = 1; limbPow <= 0x3ffffff; limbPow *= base) {
2615 limbLen++;
2616 }
2617 limbLen--;
2618 limbPow = (limbPow / base) | 0;
2619
2620 var total = number.length - start;
2621 var mod = total % limbLen;
2622 var end = Math.min(total, total - mod) + start;
2623
2624 var word = 0;
2625 for (var i = start; i < end; i += limbLen) {
2626 word = parseBase(number, i, i + limbLen, base);
2627
2628 this.imuln(limbPow);
2629 if (this.words[0] + word < 0x4000000) {
2630 this.words[0] += word;
2631 } else {
2632 this._iaddn(word);
2633 }
2634 }
2635
2636 if (mod !== 0) {
2637 var pow = 1;
2638 word = parseBase(number, i, number.length, base);
2639
2640 for (i = 0; i < mod; i++) {
2641 pow *= base;
2642 }
2643
2644 this.imuln(pow);
2645 if (this.words[0] + word < 0x4000000) {
2646 this.words[0] += word;
2647 } else {
2648 this._iaddn(word);
2649 }
2650 }
2651 };
2652
2653 BN.prototype.copy = function copy (dest) {
2654 dest.words = new Array(this.length);
2655 for (var i = 0; i < this.length; i++) {
2656 dest.words[i] = this.words[i];
2657 }
2658 dest.length = this.length;
2659 dest.negative = this.negative;
2660 dest.red = this.red;
2661 };
2662
2663 BN.prototype.clone = function clone () {
2664 var r = new BN(null);
2665 this.copy(r);
2666 return r;
2667 };
2668
2669 BN.prototype._expand = function _expand (size) {
2670 while (this.length < size) {
2671 this.words[this.length++] = 0;
2672 }
2673 return this;
2674 };
2675
2676 // Remove leading `0` from `this`
2677 BN.prototype.strip = function strip () {
2678 while (this.length > 1 && this.words[this.length - 1] === 0) {
2679 this.length--;
2680 }
2681 return this._normSign();
2682 };
2683
2684 BN.prototype._normSign = function _normSign () {
2685 // -0 = 0
2686 if (this.length === 1 && this.words[0] === 0) {
2687 this.negative = 0;
2688 }
2689 return this;
2690 };
2691
2692 BN.prototype.inspect = function inspect () {
2693 return (this.red ? '<BN-R: ' : '<BN: ') + this.toString(16) + '>';
2694 };
2695
2696 /*
2697
2698 var zeros = [];
2699 var groupSizes = [];
2700 var groupBases = [];
2701
2702 var s = '';
2703 var i = -1;
2704 while (++i < BN.wordSize) {
2705 zeros[i] = s;
2706 s += '0';
2707 }
2708 groupSizes[0] = 0;
2709 groupSizes[1] = 0;
2710 groupBases[0] = 0;
2711 groupBases[1] = 0;
2712 var base = 2 - 1;
2713 while (++base < 36 + 1) {
2714 var groupSize = 0;
2715 var groupBase = 1;
2716 while (groupBase < (1 << BN.wordSize) / base) {
2717 groupBase *= base;
2718 groupSize += 1;
2719 }
2720 groupSizes[base] = groupSize;
2721 groupBases[base] = groupBase;
2722 }
2723
2724 */
2725
2726 var zeros = [
2727 '',
2728 '0',
2729 '00',
2730 '000',
2731 '0000',
2732 '00000',
2733 '000000',
2734 '0000000',
2735 '00000000',
2736 '000000000',
2737 '0000000000',
2738 '00000000000',
2739 '000000000000',
2740 '0000000000000',
2741 '00000000000000',
2742 '000000000000000',
2743 '0000000000000000',
2744 '00000000000000000',
2745 '000000000000000000',
2746 '0000000000000000000',
2747 '00000000000000000000',
2748 '000000000000000000000',
2749 '0000000000000000000000',
2750 '00000000000000000000000',
2751 '000000000000000000000000',
2752 '0000000000000000000000000'
2753 ];
2754
2755 var groupSizes = [
2756 0, 0,
2757 25, 16, 12, 11, 10, 9, 8,
2758 8, 7, 7, 7, 7, 6, 6,
2759 6, 6, 6, 6, 6, 5, 5,
2760 5, 5, 5, 5, 5, 5, 5,
2761 5, 5, 5, 5, 5, 5, 5
2762 ];
2763
2764 var groupBases = [
2765 0, 0,
2766 33554432, 43046721, 16777216, 48828125, 60466176, 40353607, 16777216,
2767 43046721, 10000000, 19487171, 35831808, 62748517, 7529536, 11390625,
2768 16777216, 24137569, 34012224, 47045881, 64000000, 4084101, 5153632,
2769 6436343, 7962624, 9765625, 11881376, 14348907, 17210368, 20511149,
2770 24300000, 28629151, 33554432, 39135393, 45435424, 52521875, 60466176
2771 ];
2772
2773 BN.prototype.toString = function toString (base, padding) {
2774 base = base || 10;
2775 padding = padding | 0 || 1;
2776
2777 var out;
2778 if (base === 16 || base === 'hex') {
2779 out = '';
2780 var off = 0;
2781 var carry = 0;
2782 for (var i = 0; i < this.length; i++) {
2783 var w = this.words[i];
2784 var word = (((w << off) | carry) & 0xffffff).toString(16);
2785 carry = (w >>> (24 - off)) & 0xffffff;
2786 if (carry !== 0 || i !== this.length - 1) {
2787 out = zeros[6 - word.length] + word + out;
2788 } else {
2789 out = word + out;
2790 }
2791 off += 2;
2792 if (off >= 26) {
2793 off -= 26;
2794 i--;
2795 }
2796 }
2797 if (carry !== 0) {
2798 out = carry.toString(16) + out;
2799 }
2800 while (out.length % padding !== 0) {
2801 out = '0' + out;
2802 }
2803 if (this.negative !== 0) {
2804 out = '-' + out;
2805 }
2806 return out;
2807 }
2808
2809 if (base === (base | 0) && base >= 2 && base <= 36) {
2810 // var groupSize = Math.floor(BN.wordSize * Math.LN2 / Math.log(base));
2811 var groupSize = groupSizes[base];
2812 // var groupBase = Math.pow(base, groupSize);
2813 var groupBase = groupBases[base];
2814 out = '';
2815 var c = this.clone();
2816 c.negative = 0;
2817 while (!c.isZero()) {
2818 var r = c.modn(groupBase).toString(base);
2819 c = c.idivn(groupBase);
2820
2821 if (!c.isZero()) {
2822 out = zeros[groupSize - r.length] + r + out;
2823 } else {
2824 out = r + out;
2825 }
2826 }
2827 if (this.isZero()) {
2828 out = '0' + out;
2829 }
2830 while (out.length % padding !== 0) {
2831 out = '0' + out;
2832 }
2833 if (this.negative !== 0) {
2834 out = '-' + out;
2835 }
2836 return out;
2837 }
2838
2839 assert(false, 'Base should be between 2 and 36');
2840 };
2841
2842 BN.prototype.toNumber = function toNumber () {
2843 var ret = this.words[0];
2844 if (this.length === 2) {
2845 ret += this.words[1] * 0x4000000;
2846 } else if (this.length === 3 && this.words[2] === 0x01) {
2847 // NOTE: at this stage it is known that the top bit is set
2848 ret += 0x10000000000000 + (this.words[1] * 0x4000000);
2849 } else if (this.length > 2) {
2850 assert(false, 'Number can only safely store up to 53 bits');
2851 }
2852 return (this.negative !== 0) ? -ret : ret;
2853 };
2854
2855 BN.prototype.toJSON = function toJSON () {
2856 return this.toString(16);
2857 };
2858
2859 BN.prototype.toBuffer = function toBuffer (endian, length) {
2860 assert(typeof Buffer !== 'undefined');
2861 return this.toArrayLike(Buffer, endian, length);
2862 };
2863
2864 BN.prototype.toArray = function toArray (endian, length) {
2865 return this.toArrayLike(Array, endian, length);
2866 };
2867
2868 BN.prototype.toArrayLike = function toArrayLike (ArrayType, endian, length) {
2869 var byteLength = this.byteLength();
2870 var reqLength = length || Math.max(1, byteLength);
2871 assert(byteLength <= reqLength, 'byte array longer than desired length');
2872 assert(reqLength > 0, 'Requested array length <= 0');
2873
2874 this.strip();
2875 var littleEndian = endian === 'le';
2876 var res = new ArrayType(reqLength);
2877
2878 var b, i;
2879 var q = this.clone();
2880 if (!littleEndian) {
2881 // Assume big-endian
2882 for (i = 0; i < reqLength - byteLength; i++) {
2883 res[i] = 0;
2884 }
2885
2886 for (i = 0; !q.isZero(); i++) {
2887 b = q.andln(0xff);
2888 q.iushrn(8);
2889
2890 res[reqLength - i - 1] = b;
2891 }
2892 } else {
2893 for (i = 0; !q.isZero(); i++) {
2894 b = q.andln(0xff);
2895 q.iushrn(8);
2896
2897 res[i] = b;
2898 }
2899
2900 for (; i < reqLength; i++) {
2901 res[i] = 0;
2902 }
2903 }
2904
2905 return res;
2906 };
2907
2908 if (Math.clz32) {
2909 BN.prototype._countBits = function _countBits (w) {
2910 return 32 - Math.clz32(w);
2911 };
2912 } else {
2913 BN.prototype._countBits = function _countBits (w) {
2914 var t = w;
2915 var r = 0;
2916 if (t >= 0x1000) {
2917 r += 13;
2918 t >>>= 13;
2919 }
2920 if (t >= 0x40) {
2921 r += 7;
2922 t >>>= 7;
2923 }
2924 if (t >= 0x8) {
2925 r += 4;
2926 t >>>= 4;
2927 }
2928 if (t >= 0x02) {
2929 r += 2;
2930 t >>>= 2;
2931 }
2932 return r + t;
2933 };
2934 }
2935
2936 BN.prototype._zeroBits = function _zeroBits (w) {
2937 // Short-cut
2938 if (w === 0) return 26;
2939
2940 var t = w;
2941 var r = 0;
2942 if ((t & 0x1fff) === 0) {
2943 r += 13;
2944 t >>>= 13;
2945 }
2946 if ((t & 0x7f) === 0) {
2947 r += 7;
2948 t >>>= 7;
2949 }
2950 if ((t & 0xf) === 0) {
2951 r += 4;
2952 t >>>= 4;
2953 }
2954 if ((t & 0x3) === 0) {
2955 r += 2;
2956 t >>>= 2;
2957 }
2958 if ((t & 0x1) === 0) {
2959 r++;
2960 }
2961 return r;
2962 };
2963
2964 // Return number of used bits in a BN
2965 BN.prototype.bitLength = function bitLength () {
2966 var w = this.words[this.length - 1];
2967 var hi = this._countBits(w);
2968 return (this.length - 1) * 26 + hi;
2969 };
2970
2971 function toBitArray (num) {
2972 var w = new Array(num.bitLength());
2973
2974 for (var bit = 0; bit < w.length; bit++) {
2975 var off = (bit / 26) | 0;
2976 var wbit = bit % 26;
2977
2978 w[bit] = (num.words[off] & (1 << wbit)) >>> wbit;
2979 }
2980
2981 return w;
2982 }
2983
2984 // Number of trailing zero bits
2985 BN.prototype.zeroBits = function zeroBits () {
2986 if (this.isZero()) return 0;
2987
2988 var r = 0;
2989 for (var i = 0; i < this.length; i++) {
2990 var b = this._zeroBits(this.words[i]);
2991 r += b;
2992 if (b !== 26) break;
2993 }
2994 return r;
2995 };
2996
2997 BN.prototype.byteLength = function byteLength () {
2998 return Math.ceil(this.bitLength() / 8);
2999 };
3000
3001 BN.prototype.toTwos = function toTwos (width) {
3002 if (this.negative !== 0) {
3003 return this.abs().inotn(width).iaddn(1);
3004 }
3005 return this.clone();
3006 };
3007
3008 BN.prototype.fromTwos = function fromTwos (width) {
3009 if (this.testn(width - 1)) {
3010 return this.notn(width).iaddn(1).ineg();
3011 }
3012 return this.clone();
3013 };
3014
3015 BN.prototype.isNeg = function isNeg () {
3016 return this.negative !== 0;
3017 };
3018
3019 // Return negative clone of `this`
3020 BN.prototype.neg = function neg () {
3021 return this.clone().ineg();
3022 };
3023
3024 BN.prototype.ineg = function ineg () {
3025 if (!this.isZero()) {
3026 this.negative ^= 1;
3027 }
3028
3029 return this;
3030 };
3031
3032 // Or `num` with `this` in-place
3033 BN.prototype.iuor = function iuor (num) {
3034 while (this.length < num.length) {
3035 this.words[this.length++] = 0;
3036 }
3037
3038 for (var i = 0; i < num.length; i++) {
3039 this.words[i] = this.words[i] | num.words[i];
3040 }
3041
3042 return this.strip();
3043 };
3044
3045 BN.prototype.ior = function ior (num) {
3046 assert((this.negative | num.negative) === 0);
3047 return this.iuor(num);
3048 };
3049
3050 // Or `num` with `this`
3051 BN.prototype.or = function or (num) {
3052 if (this.length > num.length) return this.clone().ior(num);
3053 return num.clone().ior(this);
3054 };
3055
3056 BN.prototype.uor = function uor (num) {
3057 if (this.length > num.length) return this.clone().iuor(num);
3058 return num.clone().iuor(this);
3059 };
3060
3061 // And `num` with `this` in-place
3062 BN.prototype.iuand = function iuand (num) {
3063 // b = min-length(num, this)
3064 var b;
3065 if (this.length > num.length) {
3066 b = num;
3067 } else {
3068 b = this;
3069 }
3070
3071 for (var i = 0; i < b.length; i++) {
3072 this.words[i] = this.words[i] & num.words[i];
3073 }
3074
3075 this.length = b.length;
3076
3077 return this.strip();
3078 };
3079
3080 BN.prototype.iand = function iand (num) {
3081 assert((this.negative | num.negative) === 0);
3082 return this.iuand(num);
3083 };
3084
3085 // And `num` with `this`
3086 BN.prototype.and = function and (num) {
3087 if (this.length > num.length) return this.clone().iand(num);
3088 return num.clone().iand(this);
3089 };
3090
3091 BN.prototype.uand = function uand (num) {
3092 if (this.length > num.length) return this.clone().iuand(num);
3093 return num.clone().iuand(this);
3094 };
3095
3096 // Xor `num` with `this` in-place
3097 BN.prototype.iuxor = function iuxor (num) {
3098 // a.length > b.length
3099 var a;
3100 var b;
3101 if (this.length > num.length) {
3102 a = this;
3103 b = num;
3104 } else {
3105 a = num;
3106 b = this;
3107 }
3108
3109 for (var i = 0; i < b.length; i++) {
3110 this.words[i] = a.words[i] ^ b.words[i];
3111 }
3112
3113 if (this !== a) {
3114 for (; i < a.length; i++) {
3115 this.words[i] = a.words[i];
3116 }
3117 }
3118
3119 this.length = a.length;
3120
3121 return this.strip();
3122 };
3123
3124 BN.prototype.ixor = function ixor (num) {
3125 assert((this.negative | num.negative) === 0);
3126 return this.iuxor(num);
3127 };
3128
3129 // Xor `num` with `this`
3130 BN.prototype.xor = function xor (num) {
3131 if (this.length > num.length) return this.clone().ixor(num);
3132 return num.clone().ixor(this);
3133 };
3134
3135 BN.prototype.uxor = function uxor (num) {
3136 if (this.length > num.length) return this.clone().iuxor(num);
3137 return num.clone().iuxor(this);
3138 };
3139
3140 // Not ``this`` with ``width`` bitwidth
3141 BN.prototype.inotn = function inotn (width) {
3142 assert(typeof width === 'number' && width >= 0);
3143
3144 var bytesNeeded = Math.ceil(width / 26) | 0;
3145 var bitsLeft = width % 26;
3146
3147 // Extend the buffer with leading zeroes
3148 this._expand(bytesNeeded);
3149
3150 if (bitsLeft > 0) {
3151 bytesNeeded--;
3152 }
3153
3154 // Handle complete words
3155 for (var i = 0; i < bytesNeeded; i++) {
3156 this.words[i] = ~this.words[i] & 0x3ffffff;
3157 }
3158
3159 // Handle the residue
3160 if (bitsLeft > 0) {
3161 this.words[i] = ~this.words[i] & (0x3ffffff >> (26 - bitsLeft));
3162 }
3163
3164 // And remove leading zeroes
3165 return this.strip();
3166 };
3167
3168 BN.prototype.notn = function notn (width) {
3169 return this.clone().inotn(width);
3170 };
3171
3172 // Set `bit` of `this`
3173 BN.prototype.setn = function setn (bit, val) {
3174 assert(typeof bit === 'number' && bit >= 0);
3175
3176 var off = (bit / 26) | 0;
3177 var wbit = bit % 26;
3178
3179 this._expand(off + 1);
3180
3181 if (val) {
3182 this.words[off] = this.words[off] | (1 << wbit);
3183 } else {
3184 this.words[off] = this.words[off] & ~(1 << wbit);
3185 }
3186
3187 return this.strip();
3188 };
3189
3190 // Add `num` to `this` in-place
3191 BN.prototype.iadd = function iadd (num) {
3192 var r;
3193
3194 // negative + positive
3195 if (this.negative !== 0 && num.negative === 0) {
3196 this.negative = 0;
3197 r = this.isub(num);
3198 this.negative ^= 1;
3199 return this._normSign();
3200
3201 // positive + negative
3202 } else if (this.negative === 0 && num.negative !== 0) {
3203 num.negative = 0;
3204 r = this.isub(num);
3205 num.negative = 1;
3206 return r._normSign();
3207 }
3208
3209 // a.length > b.length
3210 var a, b;
3211 if (this.length > num.length) {
3212 a = this;
3213 b = num;
3214 } else {
3215 a = num;
3216 b = this;
3217 }
3218
3219 var carry = 0;
3220 for (var i = 0; i < b.length; i++) {
3221 r = (a.words[i] | 0) + (b.words[i] | 0) + carry;
3222 this.words[i] = r & 0x3ffffff;
3223 carry = r >>> 26;
3224 }
3225 for (; carry !== 0 && i < a.length; i++) {
3226 r = (a.words[i] | 0) + carry;
3227 this.words[i] = r & 0x3ffffff;
3228 carry = r >>> 26;
3229 }
3230
3231 this.length = a.length;
3232 if (carry !== 0) {
3233 this.words[this.length] = carry;
3234 this.length++;
3235 // Copy the rest of the words
3236 } else if (a !== this) {
3237 for (; i < a.length; i++) {
3238 this.words[i] = a.words[i];
3239 }
3240 }
3241
3242 return this;
3243 };
3244
3245 // Add `num` to `this`
3246 BN.prototype.add = function add (num) {
3247 var res;
3248 if (num.negative !== 0 && this.negative === 0) {
3249 num.negative = 0;
3250 res = this.sub(num);
3251 num.negative ^= 1;
3252 return res;
3253 } else if (num.negative === 0 && this.negative !== 0) {
3254 this.negative = 0;
3255 res = num.sub(this);
3256 this.negative = 1;
3257 return res;
3258 }
3259
3260 if (this.length > num.length) return this.clone().iadd(num);
3261
3262 return num.clone().iadd(this);
3263 };
3264
3265 // Subtract `num` from `this` in-place
3266 BN.prototype.isub = function isub (num) {
3267 // this - (-num) = this + num
3268 if (num.negative !== 0) {
3269 num.negative = 0;
3270 var r = this.iadd(num);
3271 num.negative = 1;
3272 return r._normSign();
3273
3274 // -this - num = -(this + num)
3275 } else if (this.negative !== 0) {
3276 this.negative = 0;
3277 this.iadd(num);
3278 this.negative = 1;
3279 return this._normSign();
3280 }
3281
3282 // At this point both numbers are positive
3283 var cmp = this.cmp(num);
3284
3285 // Optimization - zeroify
3286 if (cmp === 0) {
3287 this.negative = 0;
3288 this.length = 1;
3289 this.words[0] = 0;
3290 return this;
3291 }
3292
3293 // a > b
3294 var a, b;
3295 if (cmp > 0) {
3296 a = this;
3297 b = num;
3298 } else {
3299 a = num;
3300 b = this;
3301 }
3302
3303 var carry = 0;
3304 for (var i = 0; i < b.length; i++) {
3305 r = (a.words[i] | 0) - (b.words[i] | 0) + carry;
3306 carry = r >> 26;
3307 this.words[i] = r & 0x3ffffff;
3308 }
3309 for (; carry !== 0 && i < a.length; i++) {
3310 r = (a.words[i] | 0) + carry;
3311 carry = r >> 26;
3312 this.words[i] = r & 0x3ffffff;
3313 }
3314
3315 // Copy rest of the words
3316 if (carry === 0 && i < a.length && a !== this) {
3317 for (; i < a.length; i++) {
3318 this.words[i] = a.words[i];
3319 }
3320 }
3321
3322 this.length = Math.max(this.length, i);
3323
3324 if (a !== this) {
3325 this.negative = 1;
3326 }
3327
3328 return this.strip();
3329 };
3330
3331 // Subtract `num` from `this`
3332 BN.prototype.sub = function sub (num) {
3333 return this.clone().isub(num);
3334 };
3335
3336 function smallMulTo (self, num, out) {
3337 out.negative = num.negative ^ self.negative;
3338 var len = (self.length + num.length) | 0;
3339 out.length = len;
3340 len = (len - 1) | 0;
3341
3342 // Peel one iteration (compiler can't do it, because of code complexity)
3343 var a = self.words[0] | 0;
3344 var b = num.words[0] | 0;
3345 var r = a * b;
3346
3347 var lo = r & 0x3ffffff;
3348 var carry = (r / 0x4000000) | 0;
3349 out.words[0] = lo;
3350
3351 for (var k = 1; k < len; k++) {
3352 // Sum all words with the same `i + j = k` and accumulate `ncarry`,
3353 // note that ncarry could be >= 0x3ffffff
3354 var ncarry = carry >>> 26;
3355 var rword = carry & 0x3ffffff;
3356 var maxJ = Math.min(k, num.length - 1);
3357 for (var j = Math.max(0, k - self.length + 1); j <= maxJ; j++) {
3358 var i = (k - j) | 0;
3359 a = self.words[i] | 0;
3360 b = num.words[j] | 0;
3361 r = a * b + rword;
3362 ncarry += (r / 0x4000000) | 0;
3363 rword = r & 0x3ffffff;
3364 }
3365 out.words[k] = rword | 0;
3366 carry = ncarry | 0;
3367 }
3368 if (carry !== 0) {
3369 out.words[k] = carry | 0;
3370 } else {
3371 out.length--;
3372 }
3373
3374 return out.strip();
3375 }
3376
3377 // TODO(indutny): it may be reasonable to omit it for users who don't need
3378 // to work with 256-bit numbers, otherwise it gives 20% improvement for 256-bit
3379 // multiplication (like elliptic secp256k1).
3380 var comb10MulTo = function comb10MulTo (self, num, out) {
3381 var a = self.words;
3382 var b = num.words;
3383 var o = out.words;
3384 var c = 0;
3385 var lo;
3386 var mid;
3387 var hi;
3388 var a0 = a[0] | 0;
3389 var al0 = a0 & 0x1fff;
3390 var ah0 = a0 >>> 13;
3391 var a1 = a[1] | 0;
3392 var al1 = a1 & 0x1fff;
3393 var ah1 = a1 >>> 13;
3394 var a2 = a[2] | 0;
3395 var al2 = a2 & 0x1fff;
3396 var ah2 = a2 >>> 13;
3397 var a3 = a[3] | 0;
3398 var al3 = a3 & 0x1fff;
3399 var ah3 = a3 >>> 13;
3400 var a4 = a[4] | 0;
3401 var al4 = a4 & 0x1fff;
3402 var ah4 = a4 >>> 13;
3403 var a5 = a[5] | 0;
3404 var al5 = a5 & 0x1fff;
3405 var ah5 = a5 >>> 13;
3406 var a6 = a[6] | 0;
3407 var al6 = a6 & 0x1fff;
3408 var ah6 = a6 >>> 13;
3409 var a7 = a[7] | 0;
3410 var al7 = a7 & 0x1fff;
3411 var ah7 = a7 >>> 13;
3412 var a8 = a[8] | 0;
3413 var al8 = a8 & 0x1fff;
3414 var ah8 = a8 >>> 13;
3415 var a9 = a[9] | 0;
3416 var al9 = a9 & 0x1fff;
3417 var ah9 = a9 >>> 13;
3418 var b0 = b[0] | 0;
3419 var bl0 = b0 & 0x1fff;
3420 var bh0 = b0 >>> 13;
3421 var b1 = b[1] | 0;
3422 var bl1 = b1 & 0x1fff;
3423 var bh1 = b1 >>> 13;
3424 var b2 = b[2] | 0;
3425 var bl2 = b2 & 0x1fff;
3426 var bh2 = b2 >>> 13;
3427 var b3 = b[3] | 0;
3428 var bl3 = b3 & 0x1fff;
3429 var bh3 = b3 >>> 13;
3430 var b4 = b[4] | 0;
3431 var bl4 = b4 & 0x1fff;
3432 var bh4 = b4 >>> 13;
3433 var b5 = b[5] | 0;
3434 var bl5 = b5 & 0x1fff;
3435 var bh5 = b5 >>> 13;
3436 var b6 = b[6] | 0;
3437 var bl6 = b6 & 0x1fff;
3438 var bh6 = b6 >>> 13;
3439 var b7 = b[7] | 0;
3440 var bl7 = b7 & 0x1fff;
3441 var bh7 = b7 >>> 13;
3442 var b8 = b[8] | 0;
3443 var bl8 = b8 & 0x1fff;
3444 var bh8 = b8 >>> 13;
3445 var b9 = b[9] | 0;
3446 var bl9 = b9 & 0x1fff;
3447 var bh9 = b9 >>> 13;
3448
3449 out.negative = self.negative ^ num.negative;
3450 out.length = 19;
3451 /* k = 0 */
3452 lo = Math.imul(al0, bl0);
3453 mid = Math.imul(al0, bh0);
3454 mid = (mid + Math.imul(ah0, bl0)) | 0;
3455 hi = Math.imul(ah0, bh0);
3456 var w0 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;
3457 c = (((hi + (mid >>> 13)) | 0) + (w0 >>> 26)) | 0;
3458 w0 &= 0x3ffffff;
3459 /* k = 1 */
3460 lo = Math.imul(al1, bl0);
3461 mid = Math.imul(al1, bh0);
3462 mid = (mid + Math.imul(ah1, bl0)) | 0;
3463 hi = Math.imul(ah1, bh0);
3464 lo = (lo + Math.imul(al0, bl1)) | 0;
3465 mid = (mid + Math.imul(al0, bh1)) | 0;
3466 mid = (mid + Math.imul(ah0, bl1)) | 0;
3467 hi = (hi + Math.imul(ah0, bh1)) | 0;
3468 var w1 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;
3469 c = (((hi + (mid >>> 13)) | 0) + (w1 >>> 26)) | 0;
3470 w1 &= 0x3ffffff;
3471 /* k = 2 */
3472 lo = Math.imul(al2, bl0);
3473 mid = Math.imul(al2, bh0);
3474 mid = (mid + Math.imul(ah2, bl0)) | 0;
3475 hi = Math.imul(ah2, bh0);
3476 lo = (lo + Math.imul(al1, bl1)) | 0;
3477 mid = (mid + Math.imul(al1, bh1)) | 0;
3478 mid = (mid + Math.imul(ah1, bl1)) | 0;
3479 hi = (hi + Math.imul(ah1, bh1)) | 0;
3480 lo = (lo + Math.imul(al0, bl2)) | 0;
3481 mid = (mid + Math.imul(al0, bh2)) | 0;
3482 mid = (mid + Math.imul(ah0, bl2)) | 0;
3483 hi = (hi + Math.imul(ah0, bh2)) | 0;
3484 var w2 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;
3485 c = (((hi + (mid >>> 13)) | 0) + (w2 >>> 26)) | 0;
3486 w2 &= 0x3ffffff;
3487 /* k = 3 */
3488 lo = Math.imul(al3, bl0);
3489 mid = Math.imul(al3, bh0);
3490 mid = (mid + Math.imul(ah3, bl0)) | 0;
3491 hi = Math.imul(ah3, bh0);
3492 lo = (lo + Math.imul(al2, bl1)) | 0;
3493 mid = (mid + Math.imul(al2, bh1)) | 0;
3494 mid = (mid + Math.imul(ah2, bl1)) | 0;
3495 hi = (hi + Math.imul(ah2, bh1)) | 0;
3496 lo = (lo + Math.imul(al1, bl2)) | 0;
3497 mid = (mid + Math.imul(al1, bh2)) | 0;
3498 mid = (mid + Math.imul(ah1, bl2)) | 0;
3499 hi = (hi + Math.imul(ah1, bh2)) | 0;
3500 lo = (lo + Math.imul(al0, bl3)) | 0;
3501 mid = (mid + Math.imul(al0, bh3)) | 0;
3502 mid = (mid + Math.imul(ah0, bl3)) | 0;
3503 hi = (hi + Math.imul(ah0, bh3)) | 0;
3504 var w3 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;
3505 c = (((hi + (mid >>> 13)) | 0) + (w3 >>> 26)) | 0;
3506 w3 &= 0x3ffffff;
3507 /* k = 4 */
3508 lo = Math.imul(al4, bl0);
3509 mid = Math.imul(al4, bh0);
3510 mid = (mid + Math.imul(ah4, bl0)) | 0;
3511 hi = Math.imul(ah4, bh0);
3512 lo = (lo + Math.imul(al3, bl1)) | 0;
3513 mid = (mid + Math.imul(al3, bh1)) | 0;
3514 mid = (mid + Math.imul(ah3, bl1)) | 0;
3515 hi = (hi + Math.imul(ah3, bh1)) | 0;
3516 lo = (lo + Math.imul(al2, bl2)) | 0;
3517 mid = (mid + Math.imul(al2, bh2)) | 0;
3518 mid = (mid + Math.imul(ah2, bl2)) | 0;
3519 hi = (hi + Math.imul(ah2, bh2)) | 0;
3520 lo = (lo + Math.imul(al1, bl3)) | 0;
3521 mid = (mid + Math.imul(al1, bh3)) | 0;
3522 mid = (mid + Math.imul(ah1, bl3)) | 0;
3523 hi = (hi + Math.imul(ah1, bh3)) | 0;
3524 lo = (lo + Math.imul(al0, bl4)) | 0;
3525 mid = (mid + Math.imul(al0, bh4)) | 0;
3526 mid = (mid + Math.imul(ah0, bl4)) | 0;
3527 hi = (hi + Math.imul(ah0, bh4)) | 0;
3528 var w4 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;
3529 c = (((hi + (mid >>> 13)) | 0) + (w4 >>> 26)) | 0;
3530 w4 &= 0x3ffffff;
3531 /* k = 5 */
3532 lo = Math.imul(al5, bl0);
3533 mid = Math.imul(al5, bh0);
3534 mid = (mid + Math.imul(ah5, bl0)) | 0;
3535 hi = Math.imul(ah5, bh0);
3536 lo = (lo + Math.imul(al4, bl1)) | 0;
3537 mid = (mid + Math.imul(al4, bh1)) | 0;
3538 mid = (mid + Math.imul(ah4, bl1)) | 0;
3539 hi = (hi + Math.imul(ah4, bh1)) | 0;
3540 lo = (lo + Math.imul(al3, bl2)) | 0;
3541 mid = (mid + Math.imul(al3, bh2)) | 0;
3542 mid = (mid + Math.imul(ah3, bl2)) | 0;
3543 hi = (hi + Math.imul(ah3, bh2)) | 0;
3544 lo = (lo + Math.imul(al2, bl3)) | 0;
3545 mid = (mid + Math.imul(al2, bh3)) | 0;
3546 mid = (mid + Math.imul(ah2, bl3)) | 0;
3547 hi = (hi + Math.imul(ah2, bh3)) | 0;
3548 lo = (lo + Math.imul(al1, bl4)) | 0;
3549 mid = (mid + Math.imul(al1, bh4)) | 0;
3550 mid = (mid + Math.imul(ah1, bl4)) | 0;
3551 hi = (hi + Math.imul(ah1, bh4)) | 0;
3552 lo = (lo + Math.imul(al0, bl5)) | 0;
3553 mid = (mid + Math.imul(al0, bh5)) | 0;
3554 mid = (mid + Math.imul(ah0, bl5)) | 0;
3555 hi = (hi + Math.imul(ah0, bh5)) | 0;
3556 var w5 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;
3557 c = (((hi + (mid >>> 13)) | 0) + (w5 >>> 26)) | 0;
3558 w5 &= 0x3ffffff;
3559 /* k = 6 */
3560 lo = Math.imul(al6, bl0);
3561 mid = Math.imul(al6, bh0);
3562 mid = (mid + Math.imul(ah6, bl0)) | 0;
3563 hi = Math.imul(ah6, bh0);
3564 lo = (lo + Math.imul(al5, bl1)) | 0;
3565 mid = (mid + Math.imul(al5, bh1)) | 0;
3566 mid = (mid + Math.imul(ah5, bl1)) | 0;
3567 hi = (hi + Math.imul(ah5, bh1)) | 0;
3568 lo = (lo + Math.imul(al4, bl2)) | 0;
3569 mid = (mid + Math.imul(al4, bh2)) | 0;
3570 mid = (mid + Math.imul(ah4, bl2)) | 0;
3571 hi = (hi + Math.imul(ah4, bh2)) | 0;
3572 lo = (lo + Math.imul(al3, bl3)) | 0;
3573 mid = (mid + Math.imul(al3, bh3)) | 0;
3574 mid = (mid + Math.imul(ah3, bl3)) | 0;
3575 hi = (hi + Math.imul(ah3, bh3)) | 0;
3576 lo = (lo + Math.imul(al2, bl4)) | 0;
3577 mid = (mid + Math.imul(al2, bh4)) | 0;
3578 mid = (mid + Math.imul(ah2, bl4)) | 0;
3579 hi = (hi + Math.imul(ah2, bh4)) | 0;
3580 lo = (lo + Math.imul(al1, bl5)) | 0;
3581 mid = (mid + Math.imul(al1, bh5)) | 0;
3582 mid = (mid + Math.imul(ah1, bl5)) | 0;
3583 hi = (hi + Math.imul(ah1, bh5)) | 0;
3584 lo = (lo + Math.imul(al0, bl6)) | 0;
3585 mid = (mid + Math.imul(al0, bh6)) | 0;
3586 mid = (mid + Math.imul(ah0, bl6)) | 0;
3587 hi = (hi + Math.imul(ah0, bh6)) | 0;
3588 var w6 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;
3589 c = (((hi + (mid >>> 13)) | 0) + (w6 >>> 26)) | 0;
3590 w6 &= 0x3ffffff;
3591 /* k = 7 */
3592 lo = Math.imul(al7, bl0);
3593 mid = Math.imul(al7, bh0);
3594 mid = (mid + Math.imul(ah7, bl0)) | 0;
3595 hi = Math.imul(ah7, bh0);
3596 lo = (lo + Math.imul(al6, bl1)) | 0;
3597 mid = (mid + Math.imul(al6, bh1)) | 0;
3598 mid = (mid + Math.imul(ah6, bl1)) | 0;
3599 hi = (hi + Math.imul(ah6, bh1)) | 0;
3600 lo = (lo + Math.imul(al5, bl2)) | 0;
3601 mid = (mid + Math.imul(al5, bh2)) | 0;
3602 mid = (mid + Math.imul(ah5, bl2)) | 0;
3603 hi = (hi + Math.imul(ah5, bh2)) | 0;
3604 lo = (lo + Math.imul(al4, bl3)) | 0;
3605 mid = (mid + Math.imul(al4, bh3)) | 0;
3606 mid = (mid + Math.imul(ah4, bl3)) | 0;
3607 hi = (hi + Math.imul(ah4, bh3)) | 0;
3608 lo = (lo + Math.imul(al3, bl4)) | 0;
3609 mid = (mid + Math.imul(al3, bh4)) | 0;
3610 mid = (mid + Math.imul(ah3, bl4)) | 0;
3611 hi = (hi + Math.imul(ah3, bh4)) | 0;
3612 lo = (lo + Math.imul(al2, bl5)) | 0;
3613 mid = (mid + Math.imul(al2, bh5)) | 0;
3614 mid = (mid + Math.imul(ah2, bl5)) | 0;
3615 hi = (hi + Math.imul(ah2, bh5)) | 0;
3616 lo = (lo + Math.imul(al1, bl6)) | 0;
3617 mid = (mid + Math.imul(al1, bh6)) | 0;
3618 mid = (mid + Math.imul(ah1, bl6)) | 0;
3619 hi = (hi + Math.imul(ah1, bh6)) | 0;
3620 lo = (lo + Math.imul(al0, bl7)) | 0;
3621 mid = (mid + Math.imul(al0, bh7)) | 0;
3622 mid = (mid + Math.imul(ah0, bl7)) | 0;
3623 hi = (hi + Math.imul(ah0, bh7)) | 0;
3624 var w7 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;
3625 c = (((hi + (mid >>> 13)) | 0) + (w7 >>> 26)) | 0;
3626 w7 &= 0x3ffffff;
3627 /* k = 8 */
3628 lo = Math.imul(al8, bl0);
3629 mid = Math.imul(al8, bh0);
3630 mid = (mid + Math.imul(ah8, bl0)) | 0;
3631 hi = Math.imul(ah8, bh0);
3632 lo = (lo + Math.imul(al7, bl1)) | 0;
3633 mid = (mid + Math.imul(al7, bh1)) | 0;
3634 mid = (mid + Math.imul(ah7, bl1)) | 0;
3635 hi = (hi + Math.imul(ah7, bh1)) | 0;
3636 lo = (lo + Math.imul(al6, bl2)) | 0;
3637 mid = (mid + Math.imul(al6, bh2)) | 0;
3638 mid = (mid + Math.imul(ah6, bl2)) | 0;
3639 hi = (hi + Math.imul(ah6, bh2)) | 0;
3640 lo = (lo + Math.imul(al5, bl3)) | 0;
3641 mid = (mid + Math.imul(al5, bh3)) | 0;
3642 mid = (mid + Math.imul(ah5, bl3)) | 0;
3643 hi = (hi + Math.imul(ah5, bh3)) | 0;
3644 lo = (lo + Math.imul(al4, bl4)) | 0;
3645 mid = (mid + Math.imul(al4, bh4)) | 0;
3646 mid = (mid + Math.imul(ah4, bl4)) | 0;
3647 hi = (hi + Math.imul(ah4, bh4)) | 0;
3648 lo = (lo + Math.imul(al3, bl5)) | 0;
3649 mid = (mid + Math.imul(al3, bh5)) | 0;
3650 mid = (mid + Math.imul(ah3, bl5)) | 0;
3651 hi = (hi + Math.imul(ah3, bh5)) | 0;
3652 lo = (lo + Math.imul(al2, bl6)) | 0;
3653 mid = (mid + Math.imul(al2, bh6)) | 0;
3654 mid = (mid + Math.imul(ah2, bl6)) | 0;
3655 hi = (hi + Math.imul(ah2, bh6)) | 0;
3656 lo = (lo + Math.imul(al1, bl7)) | 0;
3657 mid = (mid + Math.imul(al1, bh7)) | 0;
3658 mid = (mid + Math.imul(ah1, bl7)) | 0;
3659 hi = (hi + Math.imul(ah1, bh7)) | 0;
3660 lo = (lo + Math.imul(al0, bl8)) | 0;
3661 mid = (mid + Math.imul(al0, bh8)) | 0;
3662 mid = (mid + Math.imul(ah0, bl8)) | 0;
3663 hi = (hi + Math.imul(ah0, bh8)) | 0;
3664 var w8 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;
3665 c = (((hi + (mid >>> 13)) | 0) + (w8 >>> 26)) | 0;
3666 w8 &= 0x3ffffff;
3667 /* k = 9 */
3668 lo = Math.imul(al9, bl0);
3669 mid = Math.imul(al9, bh0);
3670 mid = (mid + Math.imul(ah9, bl0)) | 0;
3671 hi = Math.imul(ah9, bh0);
3672 lo = (lo + Math.imul(al8, bl1)) | 0;
3673 mid = (mid + Math.imul(al8, bh1)) | 0;
3674 mid = (mid + Math.imul(ah8, bl1)) | 0;
3675 hi = (hi + Math.imul(ah8, bh1)) | 0;
3676 lo = (lo + Math.imul(al7, bl2)) | 0;
3677 mid = (mid + Math.imul(al7, bh2)) | 0;
3678 mid = (mid + Math.imul(ah7, bl2)) | 0;
3679 hi = (hi + Math.imul(ah7, bh2)) | 0;
3680 lo = (lo + Math.imul(al6, bl3)) | 0;
3681 mid = (mid + Math.imul(al6, bh3)) | 0;
3682 mid = (mid + Math.imul(ah6, bl3)) | 0;
3683 hi = (hi + Math.imul(ah6, bh3)) | 0;
3684 lo = (lo + Math.imul(al5, bl4)) | 0;
3685 mid = (mid + Math.imul(al5, bh4)) | 0;
3686 mid = (mid + Math.imul(ah5, bl4)) | 0;
3687 hi = (hi + Math.imul(ah5, bh4)) | 0;
3688 lo = (lo + Math.imul(al4, bl5)) | 0;
3689 mid = (mid + Math.imul(al4, bh5)) | 0;
3690 mid = (mid + Math.imul(ah4, bl5)) | 0;
3691 hi = (hi + Math.imul(ah4, bh5)) | 0;
3692 lo = (lo + Math.imul(al3, bl6)) | 0;
3693 mid = (mid + Math.imul(al3, bh6)) | 0;
3694 mid = (mid + Math.imul(ah3, bl6)) | 0;
3695 hi = (hi + Math.imul(ah3, bh6)) | 0;
3696 lo = (lo + Math.imul(al2, bl7)) | 0;
3697 mid = (mid + Math.imul(al2, bh7)) | 0;
3698 mid = (mid + Math.imul(ah2, bl7)) | 0;
3699 hi = (hi + Math.imul(ah2, bh7)) | 0;
3700 lo = (lo + Math.imul(al1, bl8)) | 0;
3701 mid = (mid + Math.imul(al1, bh8)) | 0;
3702 mid = (mid + Math.imul(ah1, bl8)) | 0;
3703 hi = (hi + Math.imul(ah1, bh8)) | 0;
3704 lo = (lo + Math.imul(al0, bl9)) | 0;
3705 mid = (mid + Math.imul(al0, bh9)) | 0;
3706 mid = (mid + Math.imul(ah0, bl9)) | 0;
3707 hi = (hi + Math.imul(ah0, bh9)) | 0;
3708 var w9 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;
3709 c = (((hi + (mid >>> 13)) | 0) + (w9 >>> 26)) | 0;
3710 w9 &= 0x3ffffff;
3711 /* k = 10 */
3712 lo = Math.imul(al9, bl1);
3713 mid = Math.imul(al9, bh1);
3714 mid = (mid + Math.imul(ah9, bl1)) | 0;
3715 hi = Math.imul(ah9, bh1);
3716 lo = (lo + Math.imul(al8, bl2)) | 0;
3717 mid = (mid + Math.imul(al8, bh2)) | 0;
3718 mid = (mid + Math.imul(ah8, bl2)) | 0;
3719 hi = (hi + Math.imul(ah8, bh2)) | 0;
3720 lo = (lo + Math.imul(al7, bl3)) | 0;
3721 mid = (mid + Math.imul(al7, bh3)) | 0;
3722 mid = (mid + Math.imul(ah7, bl3)) | 0;
3723 hi = (hi + Math.imul(ah7, bh3)) | 0;
3724 lo = (lo + Math.imul(al6, bl4)) | 0;
3725 mid = (mid + Math.imul(al6, bh4)) | 0;
3726 mid = (mid + Math.imul(ah6, bl4)) | 0;
3727 hi = (hi + Math.imul(ah6, bh4)) | 0;
3728 lo = (lo + Math.imul(al5, bl5)) | 0;
3729 mid = (mid + Math.imul(al5, bh5)) | 0;
3730 mid = (mid + Math.imul(ah5, bl5)) | 0;
3731 hi = (hi + Math.imul(ah5, bh5)) | 0;
3732 lo = (lo + Math.imul(al4, bl6)) | 0;
3733 mid = (mid + Math.imul(al4, bh6)) | 0;
3734 mid = (mid + Math.imul(ah4, bl6)) | 0;
3735 hi = (hi + Math.imul(ah4, bh6)) | 0;
3736 lo = (lo + Math.imul(al3, bl7)) | 0;
3737 mid = (mid + Math.imul(al3, bh7)) | 0;
3738 mid = (mid + Math.imul(ah3, bl7)) | 0;
3739 hi = (hi + Math.imul(ah3, bh7)) | 0;
3740 lo = (lo + Math.imul(al2, bl8)) | 0;
3741 mid = (mid + Math.imul(al2, bh8)) | 0;
3742 mid = (mid + Math.imul(ah2, bl8)) | 0;
3743 hi = (hi + Math.imul(ah2, bh8)) | 0;
3744 lo = (lo + Math.imul(al1, bl9)) | 0;
3745 mid = (mid + Math.imul(al1, bh9)) | 0;
3746 mid = (mid + Math.imul(ah1, bl9)) | 0;
3747 hi = (hi + Math.imul(ah1, bh9)) | 0;
3748 var w10 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;
3749 c = (((hi + (mid >>> 13)) | 0) + (w10 >>> 26)) | 0;
3750 w10 &= 0x3ffffff;
3751 /* k = 11 */
3752 lo = Math.imul(al9, bl2);
3753 mid = Math.imul(al9, bh2);
3754 mid = (mid + Math.imul(ah9, bl2)) | 0;
3755 hi = Math.imul(ah9, bh2);
3756 lo = (lo + Math.imul(al8, bl3)) | 0;
3757 mid = (mid + Math.imul(al8, bh3)) | 0;
3758 mid = (mid + Math.imul(ah8, bl3)) | 0;
3759 hi = (hi + Math.imul(ah8, bh3)) | 0;
3760 lo = (lo + Math.imul(al7, bl4)) | 0;
3761 mid = (mid + Math.imul(al7, bh4)) | 0;
3762 mid = (mid + Math.imul(ah7, bl4)) | 0;
3763 hi = (hi + Math.imul(ah7, bh4)) | 0;
3764 lo = (lo + Math.imul(al6, bl5)) | 0;
3765 mid = (mid + Math.imul(al6, bh5)) | 0;
3766 mid = (mid + Math.imul(ah6, bl5)) | 0;
3767 hi = (hi + Math.imul(ah6, bh5)) | 0;
3768 lo = (lo + Math.imul(al5, bl6)) | 0;
3769 mid = (mid + Math.imul(al5, bh6)) | 0;
3770 mid = (mid + Math.imul(ah5, bl6)) | 0;
3771 hi = (hi + Math.imul(ah5, bh6)) | 0;
3772 lo = (lo + Math.imul(al4, bl7)) | 0;
3773 mid = (mid + Math.imul(al4, bh7)) | 0;
3774 mid = (mid + Math.imul(ah4, bl7)) | 0;
3775 hi = (hi + Math.imul(ah4, bh7)) | 0;
3776 lo = (lo + Math.imul(al3, bl8)) | 0;
3777 mid = (mid + Math.imul(al3, bh8)) | 0;
3778 mid = (mid + Math.imul(ah3, bl8)) | 0;
3779 hi = (hi + Math.imul(ah3, bh8)) | 0;
3780 lo = (lo + Math.imul(al2, bl9)) | 0;
3781 mid = (mid + Math.imul(al2, bh9)) | 0;
3782 mid = (mid + Math.imul(ah2, bl9)) | 0;
3783 hi = (hi + Math.imul(ah2, bh9)) | 0;
3784 var w11 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;
3785 c = (((hi + (mid >>> 13)) | 0) + (w11 >>> 26)) | 0;
3786 w11 &= 0x3ffffff;
3787 /* k = 12 */
3788 lo = Math.imul(al9, bl3);
3789 mid = Math.imul(al9, bh3);
3790 mid = (mid + Math.imul(ah9, bl3)) | 0;
3791 hi = Math.imul(ah9, bh3);
3792 lo = (lo + Math.imul(al8, bl4)) | 0;
3793 mid = (mid + Math.imul(al8, bh4)) | 0;
3794 mid = (mid + Math.imul(ah8, bl4)) | 0;
3795 hi = (hi + Math.imul(ah8, bh4)) | 0;
3796 lo = (lo + Math.imul(al7, bl5)) | 0;
3797 mid = (mid + Math.imul(al7, bh5)) | 0;
3798 mid = (mid + Math.imul(ah7, bl5)) | 0;
3799 hi = (hi + Math.imul(ah7, bh5)) | 0;
3800 lo = (lo + Math.imul(al6, bl6)) | 0;
3801 mid = (mid + Math.imul(al6, bh6)) | 0;
3802 mid = (mid + Math.imul(ah6, bl6)) | 0;
3803 hi = (hi + Math.imul(ah6, bh6)) | 0;
3804 lo = (lo + Math.imul(al5, bl7)) | 0;
3805 mid = (mid + Math.imul(al5, bh7)) | 0;
3806 mid = (mid + Math.imul(ah5, bl7)) | 0;
3807 hi = (hi + Math.imul(ah5, bh7)) | 0;
3808 lo = (lo + Math.imul(al4, bl8)) | 0;
3809 mid = (mid + Math.imul(al4, bh8)) | 0;
3810 mid = (mid + Math.imul(ah4, bl8)) | 0;
3811 hi = (hi + Math.imul(ah4, bh8)) | 0;
3812 lo = (lo + Math.imul(al3, bl9)) | 0;
3813 mid = (mid + Math.imul(al3, bh9)) | 0;
3814 mid = (mid + Math.imul(ah3, bl9)) | 0;
3815 hi = (hi + Math.imul(ah3, bh9)) | 0;
3816 var w12 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;
3817 c = (((hi + (mid >>> 13)) | 0) + (w12 >>> 26)) | 0;
3818 w12 &= 0x3ffffff;
3819 /* k = 13 */
3820 lo = Math.imul(al9, bl4);
3821 mid = Math.imul(al9, bh4);
3822 mid = (mid + Math.imul(ah9, bl4)) | 0;
3823 hi = Math.imul(ah9, bh4);
3824 lo = (lo + Math.imul(al8, bl5)) | 0;
3825 mid = (mid + Math.imul(al8, bh5)) | 0;
3826 mid = (mid + Math.imul(ah8, bl5)) | 0;
3827 hi = (hi + Math.imul(ah8, bh5)) | 0;
3828 lo = (lo + Math.imul(al7, bl6)) | 0;
3829 mid = (mid + Math.imul(al7, bh6)) | 0;
3830 mid = (mid + Math.imul(ah7, bl6)) | 0;
3831 hi = (hi + Math.imul(ah7, bh6)) | 0;
3832 lo = (lo + Math.imul(al6, bl7)) | 0;
3833 mid = (mid + Math.imul(al6, bh7)) | 0;
3834 mid = (mid + Math.imul(ah6, bl7)) | 0;
3835 hi = (hi + Math.imul(ah6, bh7)) | 0;
3836 lo = (lo + Math.imul(al5, bl8)) | 0;
3837 mid = (mid + Math.imul(al5, bh8)) | 0;
3838 mid = (mid + Math.imul(ah5, bl8)) | 0;
3839 hi = (hi + Math.imul(ah5, bh8)) | 0;
3840 lo = (lo + Math.imul(al4, bl9)) | 0;
3841 mid = (mid + Math.imul(al4, bh9)) | 0;
3842 mid = (mid + Math.imul(ah4, bl9)) | 0;
3843 hi = (hi + Math.imul(ah4, bh9)) | 0;
3844 var w13 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;
3845 c = (((hi + (mid >>> 13)) | 0) + (w13 >>> 26)) | 0;
3846 w13 &= 0x3ffffff;
3847 /* k = 14 */
3848 lo = Math.imul(al9, bl5);
3849 mid = Math.imul(al9, bh5);
3850 mid = (mid + Math.imul(ah9, bl5)) | 0;
3851 hi = Math.imul(ah9, bh5);
3852 lo = (lo + Math.imul(al8, bl6)) | 0;
3853 mid = (mid + Math.imul(al8, bh6)) | 0;
3854 mid = (mid + Math.imul(ah8, bl6)) | 0;
3855 hi = (hi + Math.imul(ah8, bh6)) | 0;
3856 lo = (lo + Math.imul(al7, bl7)) | 0;
3857 mid = (mid + Math.imul(al7, bh7)) | 0;
3858 mid = (mid + Math.imul(ah7, bl7)) | 0;
3859 hi = (hi + Math.imul(ah7, bh7)) | 0;
3860 lo = (lo + Math.imul(al6, bl8)) | 0;
3861 mid = (mid + Math.imul(al6, bh8)) | 0;
3862 mid = (mid + Math.imul(ah6, bl8)) | 0;
3863 hi = (hi + Math.imul(ah6, bh8)) | 0;
3864 lo = (lo + Math.imul(al5, bl9)) | 0;
3865 mid = (mid + Math.imul(al5, bh9)) | 0;
3866 mid = (mid + Math.imul(ah5, bl9)) | 0;
3867 hi = (hi + Math.imul(ah5, bh9)) | 0;
3868 var w14 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;
3869 c = (((hi + (mid >>> 13)) | 0) + (w14 >>> 26)) | 0;
3870 w14 &= 0x3ffffff;
3871 /* k = 15 */
3872 lo = Math.imul(al9, bl6);
3873 mid = Math.imul(al9, bh6);
3874 mid = (mid + Math.imul(ah9, bl6)) | 0;
3875 hi = Math.imul(ah9, bh6);
3876 lo = (lo + Math.imul(al8, bl7)) | 0;
3877 mid = (mid + Math.imul(al8, bh7)) | 0;
3878 mid = (mid + Math.imul(ah8, bl7)) | 0;
3879 hi = (hi + Math.imul(ah8, bh7)) | 0;
3880 lo = (lo + Math.imul(al7, bl8)) | 0;
3881 mid = (mid + Math.imul(al7, bh8)) | 0;
3882 mid = (mid + Math.imul(ah7, bl8)) | 0;
3883 hi = (hi + Math.imul(ah7, bh8)) | 0;
3884 lo = (lo + Math.imul(al6, bl9)) | 0;
3885 mid = (mid + Math.imul(al6, bh9)) | 0;
3886 mid = (mid + Math.imul(ah6, bl9)) | 0;
3887 hi = (hi + Math.imul(ah6, bh9)) | 0;
3888 var w15 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;
3889 c = (((hi + (mid >>> 13)) | 0) + (w15 >>> 26)) | 0;
3890 w15 &= 0x3ffffff;
3891 /* k = 16 */
3892 lo = Math.imul(al9, bl7);
3893 mid = Math.imul(al9, bh7);
3894 mid = (mid + Math.imul(ah9, bl7)) | 0;
3895 hi = Math.imul(ah9, bh7);
3896 lo = (lo + Math.imul(al8, bl8)) | 0;
3897 mid = (mid + Math.imul(al8, bh8)) | 0;
3898 mid = (mid + Math.imul(ah8, bl8)) | 0;
3899 hi = (hi + Math.imul(ah8, bh8)) | 0;
3900 lo = (lo + Math.imul(al7, bl9)) | 0;
3901 mid = (mid + Math.imul(al7, bh9)) | 0;
3902 mid = (mid + Math.imul(ah7, bl9)) | 0;
3903 hi = (hi + Math.imul(ah7, bh9)) | 0;
3904 var w16 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;
3905 c = (((hi + (mid >>> 13)) | 0) + (w16 >>> 26)) | 0;
3906 w16 &= 0x3ffffff;
3907 /* k = 17 */
3908 lo = Math.imul(al9, bl8);
3909 mid = Math.imul(al9, bh8);
3910 mid = (mid + Math.imul(ah9, bl8)) | 0;
3911 hi = Math.imul(ah9, bh8);
3912 lo = (lo + Math.imul(al8, bl9)) | 0;
3913 mid = (mid + Math.imul(al8, bh9)) | 0;
3914 mid = (mid + Math.imul(ah8, bl9)) | 0;
3915 hi = (hi + Math.imul(ah8, bh9)) | 0;
3916 var w17 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;
3917 c = (((hi + (mid >>> 13)) | 0) + (w17 >>> 26)) | 0;
3918 w17 &= 0x3ffffff;
3919 /* k = 18 */
3920 lo = Math.imul(al9, bl9);
3921 mid = Math.imul(al9, bh9);
3922 mid = (mid + Math.imul(ah9, bl9)) | 0;
3923 hi = Math.imul(ah9, bh9);
3924 var w18 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0;
3925 c = (((hi + (mid >>> 13)) | 0) + (w18 >>> 26)) | 0;
3926 w18 &= 0x3ffffff;
3927 o[0] = w0;
3928 o[1] = w1;
3929 o[2] = w2;
3930 o[3] = w3;
3931 o[4] = w4;
3932 o[5] = w5;
3933 o[6] = w6;
3934 o[7] = w7;
3935 o[8] = w8;
3936 o[9] = w9;
3937 o[10] = w10;
3938 o[11] = w11;
3939 o[12] = w12;
3940 o[13] = w13;
3941 o[14] = w14;
3942 o[15] = w15;
3943 o[16] = w16;
3944 o[17] = w17;
3945 o[18] = w18;
3946 if (c !== 0) {
3947 o[19] = c;
3948 out.length++;
3949 }
3950 return out;
3951 };
3952
3953 // Polyfill comb
3954 if (!Math.imul) {
3955 comb10MulTo = smallMulTo;
3956 }
3957
3958 function bigMulTo (self, num, out) {
3959 out.negative = num.negative ^ self.negative;
3960 out.length = self.length + num.length;
3961
3962 var carry = 0;
3963 var hncarry = 0;
3964 for (var k = 0; k < out.length - 1; k++) {
3965 // Sum all words with the same `i + j = k` and accumulate `ncarry`,
3966 // note that ncarry could be >= 0x3ffffff
3967 var ncarry = hncarry;
3968 hncarry = 0;
3969 var rword = carry & 0x3ffffff;
3970 var maxJ = Math.min(k, num.length - 1);
3971 for (var j = Math.max(0, k - self.length + 1); j <= maxJ; j++) {
3972 var i = k - j;
3973 var a = self.words[i] | 0;
3974 var b = num.words[j] | 0;
3975 var r = a * b;
3976
3977 var lo = r & 0x3ffffff;
3978 ncarry = (ncarry + ((r / 0x4000000) | 0)) | 0;
3979 lo = (lo + rword) | 0;
3980 rword = lo & 0x3ffffff;
3981 ncarry = (ncarry + (lo >>> 26)) | 0;
3982
3983 hncarry += ncarry >>> 26;
3984 ncarry &= 0x3ffffff;
3985 }
3986 out.words[k] = rword;
3987 carry = ncarry;
3988 ncarry = hncarry;
3989 }
3990 if (carry !== 0) {
3991 out.words[k] = carry;
3992 } else {
3993 out.length--;
3994 }
3995
3996 return out.strip();
3997 }
3998
3999 function jumboMulTo (self, num, out) {
4000 var fftm = new FFTM();
4001 return fftm.mulp(self, num, out);
4002 }
4003
4004 BN.prototype.mulTo = function mulTo (num, out) {
4005 var res;
4006 var len = this.length + num.length;
4007 if (this.length === 10 && num.length === 10) {
4008 res = comb10MulTo(this, num, out);
4009 } else if (len < 63) {
4010 res = smallMulTo(this, num, out);
4011 } else if (len < 1024) {
4012 res = bigMulTo(this, num, out);
4013 } else {
4014 res = jumboMulTo(this, num, out);
4015 }
4016
4017 return res;
4018 };
4019
4020 // Cooley-Tukey algorithm for FFT
4021 // slightly revisited to rely on looping instead of recursion
4022
4023 function FFTM (x, y) {
4024 this.x = x;
4025 this.y = y;
4026 }
4027
4028 FFTM.prototype.makeRBT = function makeRBT (N) {
4029 var t = new Array(N);
4030 var l = BN.prototype._countBits(N) - 1;
4031 for (var i = 0; i < N; i++) {
4032 t[i] = this.revBin(i, l, N);
4033 }
4034
4035 return t;
4036 };
4037
4038 // Returns binary-reversed representation of `x`
4039 FFTM.prototype.revBin = function revBin (x, l, N) {
4040 if (x === 0 || x === N - 1) return x;
4041
4042 var rb = 0;
4043 for (var i = 0; i < l; i++) {
4044 rb |= (x & 1) << (l - i - 1);
4045 x >>= 1;
4046 }
4047
4048 return rb;
4049 };
4050
4051 // Performs "tweedling" phase, therefore 'emulating'
4052 // behaviour of the recursive algorithm
4053 FFTM.prototype.permute = function permute (rbt, rws, iws, rtws, itws, N) {
4054 for (var i = 0; i < N; i++) {
4055 rtws[i] = rws[rbt[i]];
4056 itws[i] = iws[rbt[i]];
4057 }
4058 };
4059
4060 FFTM.prototype.transform = function transform (rws, iws, rtws, itws, N, rbt) {
4061 this.permute(rbt, rws, iws, rtws, itws, N);
4062
4063 for (var s = 1; s < N; s <<= 1) {
4064 var l = s << 1;
4065
4066 var rtwdf = Math.cos(2 * Math.PI / l);
4067 var itwdf = Math.sin(2 * Math.PI / l);
4068
4069 for (var p = 0; p < N; p += l) {
4070 var rtwdf_ = rtwdf;
4071 var itwdf_ = itwdf;
4072
4073 for (var j = 0; j < s; j++) {
4074 var re = rtws[p + j];
4075 var ie = itws[p + j];
4076
4077 var ro = rtws[p + j + s];
4078 var io = itws[p + j + s];
4079
4080 var rx = rtwdf_ * ro - itwdf_ * io;
4081
4082 io = rtwdf_ * io + itwdf_ * ro;
4083 ro = rx;
4084
4085 rtws[p + j] = re + ro;
4086 itws[p + j] = ie + io;
4087
4088 rtws[p + j + s] = re - ro;
4089 itws[p + j + s] = ie - io;
4090
4091 /* jshint maxdepth : false */
4092 if (j !== l) {
4093 rx = rtwdf * rtwdf_ - itwdf * itwdf_;
4094
4095 itwdf_ = rtwdf * itwdf_ + itwdf * rtwdf_;
4096 rtwdf_ = rx;
4097 }
4098 }
4099 }
4100 }
4101 };
4102
4103 FFTM.prototype.guessLen13b = function guessLen13b (n, m) {
4104 var N = Math.max(m, n) | 1;
4105 var odd = N & 1;
4106 var i = 0;
4107 for (N = N / 2 | 0; N; N = N >>> 1) {
4108 i++;
4109 }
4110
4111 return 1 << i + 1 + odd;
4112 };
4113
4114 FFTM.prototype.conjugate = function conjugate (rws, iws, N) {
4115 if (N <= 1) return;
4116
4117 for (var i = 0; i < N / 2; i++) {
4118 var t = rws[i];
4119
4120 rws[i] = rws[N - i - 1];
4121 rws[N - i - 1] = t;
4122
4123 t = iws[i];
4124
4125 iws[i] = -iws[N - i - 1];
4126 iws[N - i - 1] = -t;
4127 }
4128 };
4129
4130 FFTM.prototype.normalize13b = function normalize13b (ws, N) {
4131 var carry = 0;
4132 for (var i = 0; i < N / 2; i++) {
4133 var w = Math.round(ws[2 * i + 1] / N) * 0x2000 +
4134 Math.round(ws[2 * i] / N) +
4135 carry;
4136
4137 ws[i] = w & 0x3ffffff;
4138
4139 if (w < 0x4000000) {
4140 carry = 0;
4141 } else {
4142 carry = w / 0x4000000 | 0;
4143 }
4144 }
4145
4146 return ws;
4147 };
4148
4149 FFTM.prototype.convert13b = function convert13b (ws, len, rws, N) {
4150 var carry = 0;
4151 for (var i = 0; i < len; i++) {
4152 carry = carry + (ws[i] | 0);
4153
4154 rws[2 * i] = carry & 0x1fff; carry = carry >>> 13;
4155 rws[2 * i + 1] = carry & 0x1fff; carry = carry >>> 13;
4156 }
4157
4158 // Pad with zeroes
4159 for (i = 2 * len; i < N; ++i) {
4160 rws[i] = 0;
4161 }
4162
4163 assert(carry === 0);
4164 assert((carry & ~0x1fff) === 0);
4165 };
4166
4167 FFTM.prototype.stub = function stub (N) {
4168 var ph = new Array(N);
4169 for (var i = 0; i < N; i++) {
4170 ph[i] = 0;
4171 }
4172
4173 return ph;
4174 };
4175
4176 FFTM.prototype.mulp = function mulp (x, y, out) {
4177 var N = 2 * this.guessLen13b(x.length, y.length);
4178
4179 var rbt = this.makeRBT(N);
4180
4181 var _ = this.stub(N);
4182
4183 var rws = new Array(N);
4184 var rwst = new Array(N);
4185 var iwst = new Array(N);
4186
4187 var nrws = new Array(N);
4188 var nrwst = new Array(N);
4189 var niwst = new Array(N);
4190
4191 var rmws = out.words;
4192 rmws.length = N;
4193
4194 this.convert13b(x.words, x.length, rws, N);
4195 this.convert13b(y.words, y.length, nrws, N);
4196
4197 this.transform(rws, _, rwst, iwst, N, rbt);
4198 this.transform(nrws, _, nrwst, niwst, N, rbt);
4199
4200 for (var i = 0; i < N; i++) {
4201 var rx = rwst[i] * nrwst[i] - iwst[i] * niwst[i];
4202 iwst[i] = rwst[i] * niwst[i] + iwst[i] * nrwst[i];
4203 rwst[i] = rx;
4204 }
4205
4206 this.conjugate(rwst, iwst, N);
4207 this.transform(rwst, iwst, rmws, _, N, rbt);
4208 this.conjugate(rmws, _, N);
4209 this.normalize13b(rmws, N);
4210
4211 out.negative = x.negative ^ y.negative;
4212 out.length = x.length + y.length;
4213 return out.strip();
4214 };
4215
4216 // Multiply `this` by `num`
4217 BN.prototype.mul = function mul (num) {
4218 var out = new BN(null);
4219 out.words = new Array(this.length + num.length);
4220 return this.mulTo(num, out);
4221 };
4222
4223 // Multiply employing FFT
4224 BN.prototype.mulf = function mulf (num) {
4225 var out = new BN(null);
4226 out.words = new Array(this.length + num.length);
4227 return jumboMulTo(this, num, out);
4228 };
4229
4230 // In-place Multiplication
4231 BN.prototype.imul = function imul (num) {
4232 return this.clone().mulTo(num, this);
4233 };
4234
4235 BN.prototype.imuln = function imuln (num) {
4236 assert(typeof num === 'number');
4237 assert(num < 0x4000000);
4238
4239 // Carry
4240 var carry = 0;
4241 for (var i = 0; i < this.length; i++) {
4242 var w = (this.words[i] | 0) * num;
4243 var lo = (w & 0x3ffffff) + (carry & 0x3ffffff);
4244 carry >>= 26;
4245 carry += (w / 0x4000000) | 0;
4246 // NOTE: lo is 27bit maximum
4247 carry += lo >>> 26;
4248 this.words[i] = lo & 0x3ffffff;
4249 }
4250
4251 if (carry !== 0) {
4252 this.words[i] = carry;
4253 this.length++;
4254 }
4255
4256 return this;
4257 };
4258
4259 BN.prototype.muln = function muln (num) {
4260 return this.clone().imuln(num);
4261 };
4262
4263 // `this` * `this`
4264 BN.prototype.sqr = function sqr () {
4265 return this.mul(this);
4266 };
4267
4268 // `this` * `this` in-place
4269 BN.prototype.isqr = function isqr () {
4270 return this.imul(this.clone());
4271 };
4272
4273 // Math.pow(`this`, `num`)
4274 BN.prototype.pow = function pow (num) {
4275 var w = toBitArray(num);
4276 if (w.length === 0) return new BN(1);
4277
4278 // Skip leading zeroes
4279 var res = this;
4280 for (var i = 0; i < w.length; i++, res = res.sqr()) {
4281 if (w[i] !== 0) break;
4282 }
4283
4284 if (++i < w.length) {
4285 for (var q = res.sqr(); i < w.length; i++, q = q.sqr()) {
4286 if (w[i] === 0) continue;
4287
4288 res = res.mul(q);
4289 }
4290 }
4291
4292 return res;
4293 };
4294
4295 // Shift-left in-place
4296 BN.prototype.iushln = function iushln (bits) {
4297 assert(typeof bits === 'number' && bits >= 0);
4298 var r = bits % 26;
4299 var s = (bits - r) / 26;
4300 var carryMask = (0x3ffffff >>> (26 - r)) << (26 - r);
4301 var i;
4302
4303 if (r !== 0) {
4304 var carry = 0;
4305
4306 for (i = 0; i < this.length; i++) {
4307 var newCarry = this.words[i] & carryMask;
4308 var c = ((this.words[i] | 0) - newCarry) << r;
4309 this.words[i] = c | carry;
4310 carry = newCarry >>> (26 - r);
4311 }
4312
4313 if (carry) {
4314 this.words[i] = carry;
4315 this.length++;
4316 }
4317 }
4318
4319 if (s !== 0) {
4320 for (i = this.length - 1; i >= 0; i--) {
4321 this.words[i + s] = this.words[i];
4322 }
4323
4324 for (i = 0; i < s; i++) {
4325 this.words[i] = 0;
4326 }
4327
4328 this.length += s;
4329 }
4330
4331 return this.strip();
4332 };
4333
4334 BN.prototype.ishln = function ishln (bits) {
4335 // TODO(indutny): implement me
4336 assert(this.negative === 0);
4337 return this.iushln(bits);
4338 };
4339
4340 // Shift-right in-place
4341 // NOTE: `hint` is a lowest bit before trailing zeroes
4342 // NOTE: if `extended` is present - it will be filled with destroyed bits
4343 BN.prototype.iushrn = function iushrn (bits, hint, extended) {
4344 assert(typeof bits === 'number' && bits >= 0);
4345 var h;
4346 if (hint) {
4347 h = (hint - (hint % 26)) / 26;
4348 } else {
4349 h = 0;
4350 }
4351
4352 var r = bits % 26;
4353 var s = Math.min((bits - r) / 26, this.length);
4354 var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r);
4355 var maskedWords = extended;
4356
4357 h -= s;
4358 h = Math.max(0, h);
4359
4360 // Extended mode, copy masked part
4361 if (maskedWords) {
4362 for (var i = 0; i < s; i++) {
4363 maskedWords.words[i] = this.words[i];
4364 }
4365 maskedWords.length = s;
4366 }
4367
4368 if (s === 0) {
4369 // No-op, we should not move anything at all
4370 } else if (this.length > s) {
4371 this.length -= s;
4372 for (i = 0; i < this.length; i++) {
4373 this.words[i] = this.words[i + s];
4374 }
4375 } else {
4376 this.words[0] = 0;
4377 this.length = 1;
4378 }
4379
4380 var carry = 0;
4381 for (i = this.length - 1; i >= 0 && (carry !== 0 || i >= h); i--) {
4382 var word = this.words[i] | 0;
4383 this.words[i] = (carry << (26 - r)) | (word >>> r);
4384 carry = word & mask;
4385 }
4386
4387 // Push carried bits as a mask
4388 if (maskedWords && carry !== 0) {
4389 maskedWords.words[maskedWords.length++] = carry;
4390 }
4391
4392 if (this.length === 0) {
4393 this.words[0] = 0;
4394 this.length = 1;
4395 }
4396
4397 return this.strip();
4398 };
4399
4400 BN.prototype.ishrn = function ishrn (bits, hint, extended) {
4401 // TODO(indutny): implement me
4402 assert(this.negative === 0);
4403 return this.iushrn(bits, hint, extended);
4404 };
4405
4406 // Shift-left
4407 BN.prototype.shln = function shln (bits) {
4408 return this.clone().ishln(bits);
4409 };
4410
4411 BN.prototype.ushln = function ushln (bits) {
4412 return this.clone().iushln(bits);
4413 };
4414
4415 // Shift-right
4416 BN.prototype.shrn = function shrn (bits) {
4417 return this.clone().ishrn(bits);
4418 };
4419
4420 BN.prototype.ushrn = function ushrn (bits) {
4421 return this.clone().iushrn(bits);
4422 };
4423
4424 // Test if n bit is set
4425 BN.prototype.testn = function testn (bit) {
4426 assert(typeof bit === 'number' && bit >= 0);
4427 var r = bit % 26;
4428 var s = (bit - r) / 26;
4429 var q = 1 << r;
4430
4431 // Fast case: bit is much higher than all existing words
4432 if (this.length <= s) return false;
4433
4434 // Check bit and return
4435 var w = this.words[s];
4436
4437 return !!(w & q);
4438 };
4439
4440 // Return only lowers bits of number (in-place)
4441 BN.prototype.imaskn = function imaskn (bits) {
4442 assert(typeof bits === 'number' && bits >= 0);
4443 var r = bits % 26;
4444 var s = (bits - r) / 26;
4445
4446 assert(this.negative === 0, 'imaskn works only with positive numbers');
4447
4448 if (this.length <= s) {
4449 return this;
4450 }
4451
4452 if (r !== 0) {
4453 s++;
4454 }
4455 this.length = Math.min(s, this.length);
4456
4457 if (r !== 0) {
4458 var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r);
4459 this.words[this.length - 1] &= mask;
4460 }
4461
4462 return this.strip();
4463 };
4464
4465 // Return only lowers bits of number
4466 BN.prototype.maskn = function maskn (bits) {
4467 return this.clone().imaskn(bits);
4468 };
4469
4470 // Add plain number `num` to `this`
4471 BN.prototype.iaddn = function iaddn (num) {
4472 assert(typeof num === 'number');
4473 assert(num < 0x4000000);
4474 if (num < 0) return this.isubn(-num);
4475
4476 // Possible sign change
4477 if (this.negative !== 0) {
4478 if (this.length === 1 && (this.words[0] | 0) < num) {
4479 this.words[0] = num - (this.words[0] | 0);
4480 this.negative = 0;
4481 return this;
4482 }
4483
4484 this.negative = 0;
4485 this.isubn(num);
4486 this.negative = 1;
4487 return this;
4488 }
4489
4490 // Add without checks
4491 return this._iaddn(num);
4492 };
4493
4494 BN.prototype._iaddn = function _iaddn (num) {
4495 this.words[0] += num;
4496
4497 // Carry
4498 for (var i = 0; i < this.length && this.words[i] >= 0x4000000; i++) {
4499 this.words[i] -= 0x4000000;
4500 if (i === this.length - 1) {
4501 this.words[i + 1] = 1;
4502 } else {
4503 this.words[i + 1]++;
4504 }
4505 }
4506 this.length = Math.max(this.length, i + 1);
4507
4508 return this;
4509 };
4510
4511 // Subtract plain number `num` from `this`
4512 BN.prototype.isubn = function isubn (num) {
4513 assert(typeof num === 'number');
4514 assert(num < 0x4000000);
4515 if (num < 0) return this.iaddn(-num);
4516
4517 if (this.negative !== 0) {
4518 this.negative = 0;
4519 this.iaddn(num);
4520 this.negative = 1;
4521 return this;
4522 }
4523
4524 this.words[0] -= num;
4525
4526 if (this.length === 1 && this.words[0] < 0) {
4527 this.words[0] = -this.words[0];
4528 this.negative = 1;
4529 } else {
4530 // Carry
4531 for (var i = 0; i < this.length && this.words[i] < 0; i++) {
4532 this.words[i] += 0x4000000;
4533 this.words[i + 1] -= 1;
4534 }
4535 }
4536
4537 return this.strip();
4538 };
4539
4540 BN.prototype.addn = function addn (num) {
4541 return this.clone().iaddn(num);
4542 };
4543
4544 BN.prototype.subn = function subn (num) {
4545 return this.clone().isubn(num);
4546 };
4547
4548 BN.prototype.iabs = function iabs () {
4549 this.negative = 0;
4550
4551 return this;
4552 };
4553
4554 BN.prototype.abs = function abs () {
4555 return this.clone().iabs();
4556 };
4557
4558 BN.prototype._ishlnsubmul = function _ishlnsubmul (num, mul, shift) {
4559 var len = num.length + shift;
4560 var i;
4561
4562 this._expand(len);
4563
4564 var w;
4565 var carry = 0;
4566 for (i = 0; i < num.length; i++) {
4567 w = (this.words[i + shift] | 0) + carry;
4568 var right = (num.words[i] | 0) * mul;
4569 w -= right & 0x3ffffff;
4570 carry = (w >> 26) - ((right / 0x4000000) | 0);
4571 this.words[i + shift] = w & 0x3ffffff;
4572 }
4573 for (; i < this.length - shift; i++) {
4574 w = (this.words[i + shift] | 0) + carry;
4575 carry = w >> 26;
4576 this.words[i + shift] = w & 0x3ffffff;
4577 }
4578
4579 if (carry === 0) return this.strip();
4580
4581 // Subtraction overflow
4582 assert(carry === -1);
4583 carry = 0;
4584 for (i = 0; i < this.length; i++) {
4585 w = -(this.words[i] | 0) + carry;
4586 carry = w >> 26;
4587 this.words[i] = w & 0x3ffffff;
4588 }
4589 this.negative = 1;
4590
4591 return this.strip();
4592 };
4593
4594 BN.prototype._wordDiv = function _wordDiv (num, mode) {
4595 var shift = this.length - num.length;
4596
4597 var a = this.clone();
4598 var b = num;
4599
4600 // Normalize
4601 var bhi = b.words[b.length - 1] | 0;
4602 var bhiBits = this._countBits(bhi);
4603 shift = 26 - bhiBits;
4604 if (shift !== 0) {
4605 b = b.ushln(shift);
4606 a.iushln(shift);
4607 bhi = b.words[b.length - 1] | 0;
4608 }
4609
4610 // Initialize quotient
4611 var m = a.length - b.length;
4612 var q;
4613
4614 if (mode !== 'mod') {
4615 q = new BN(null);
4616 q.length = m + 1;
4617 q.words = new Array(q.length);
4618 for (var i = 0; i < q.length; i++) {
4619 q.words[i] = 0;
4620 }
4621 }
4622
4623 var diff = a.clone()._ishlnsubmul(b, 1, m);
4624 if (diff.negative === 0) {
4625 a = diff;
4626 if (q) {
4627 q.words[m] = 1;
4628 }
4629 }
4630
4631 for (var j = m - 1; j >= 0; j--) {
4632 var qj = (a.words[b.length + j] | 0) * 0x4000000 +
4633 (a.words[b.length + j - 1] | 0);
4634
4635 // NOTE: (qj / bhi) is (0x3ffffff * 0x4000000 + 0x3ffffff) / 0x2000000 max
4636 // (0x7ffffff)
4637 qj = Math.min((qj / bhi) | 0, 0x3ffffff);
4638
4639 a._ishlnsubmul(b, qj, j);
4640 while (a.negative !== 0) {
4641 qj--;
4642 a.negative = 0;
4643 a._ishlnsubmul(b, 1, j);
4644 if (!a.isZero()) {
4645 a.negative ^= 1;
4646 }
4647 }
4648 if (q) {
4649 q.words[j] = qj;
4650 }
4651 }
4652 if (q) {
4653 q.strip();
4654 }
4655 a.strip();
4656
4657 // Denormalize
4658 if (mode !== 'div' && shift !== 0) {
4659 a.iushrn(shift);
4660 }
4661
4662 return {
4663 div: q || null,
4664 mod: a
4665 };
4666 };
4667
4668 // NOTE: 1) `mode` can be set to `mod` to request mod only,
4669 // to `div` to request div only, or be absent to
4670 // request both div & mod
4671 // 2) `positive` is true if unsigned mod is requested
4672 BN.prototype.divmod = function divmod (num, mode, positive) {
4673 assert(!num.isZero());
4674
4675 if (this.isZero()) {
4676 return {
4677 div: new BN(0),
4678 mod: new BN(0)
4679 };
4680 }
4681
4682 var div, mod, res;
4683 if (this.negative !== 0 && num.negative === 0) {
4684 res = this.neg().divmod(num, mode);
4685
4686 if (mode !== 'mod') {
4687 div = res.div.neg();
4688 }
4689
4690 if (mode !== 'div') {
4691 mod = res.mod.neg();
4692 if (positive && mod.negative !== 0) {
4693 mod.iadd(num);
4694 }
4695 }
4696
4697 return {
4698 div: div,
4699 mod: mod
4700 };
4701 }
4702
4703 if (this.negative === 0 && num.negative !== 0) {
4704 res = this.divmod(num.neg(), mode);
4705
4706 if (mode !== 'mod') {
4707 div = res.div.neg();
4708 }
4709
4710 return {
4711 div: div,
4712 mod: res.mod
4713 };
4714 }
4715
4716 if ((this.negative & num.negative) !== 0) {
4717 res = this.neg().divmod(num.neg(), mode);
4718
4719 if (mode !== 'div') {
4720 mod = res.mod.neg();
4721 if (positive && mod.negative !== 0) {
4722 mod.isub(num);
4723 }
4724 }
4725
4726 return {
4727 div: res.div,
4728 mod: mod
4729 };
4730 }
4731
4732 // Both numbers are positive at this point
4733
4734 // Strip both numbers to approximate shift value
4735 if (num.length > this.length || this.cmp(num) < 0) {
4736 return {
4737 div: new BN(0),
4738 mod: this
4739 };
4740 }
4741
4742 // Very short reduction
4743 if (num.length === 1) {
4744 if (mode === 'div') {
4745 return {
4746 div: this.divn(num.words[0]),
4747 mod: null
4748 };
4749 }
4750
4751 if (mode === 'mod') {
4752 return {
4753 div: null,
4754 mod: new BN(this.modn(num.words[0]))
4755 };
4756 }
4757
4758 return {
4759 div: this.divn(num.words[0]),
4760 mod: new BN(this.modn(num.words[0]))
4761 };
4762 }
4763
4764 return this._wordDiv(num, mode);
4765 };
4766
4767 // Find `this` / `num`
4768 BN.prototype.div = function div (num) {
4769 return this.divmod(num, 'div', false).div;
4770 };
4771
4772 // Find `this` % `num`
4773 BN.prototype.mod = function mod (num) {
4774 return this.divmod(num, 'mod', false).mod;
4775 };
4776
4777 BN.prototype.umod = function umod (num) {
4778 return this.divmod(num, 'mod', true).mod;
4779 };
4780
4781 // Find Round(`this` / `num`)
4782 BN.prototype.divRound = function divRound (num) {
4783 var dm = this.divmod(num);
4784
4785 // Fast case - exact division
4786 if (dm.mod.isZero()) return dm.div;
4787
4788 var mod = dm.div.negative !== 0 ? dm.mod.isub(num) : dm.mod;
4789
4790 var half = num.ushrn(1);
4791 var r2 = num.andln(1);
4792 var cmp = mod.cmp(half);
4793
4794 // Round down
4795 if (cmp < 0 || r2 === 1 && cmp === 0) return dm.div;
4796
4797 // Round up
4798 return dm.div.negative !== 0 ? dm.div.isubn(1) : dm.div.iaddn(1);
4799 };
4800
4801 BN.prototype.modn = function modn (num) {
4802 assert(num <= 0x3ffffff);
4803 var p = (1 << 26) % num;
4804
4805 var acc = 0;
4806 for (var i = this.length - 1; i >= 0; i--) {
4807 acc = (p * acc + (this.words[i] | 0)) % num;
4808 }
4809
4810 return acc;
4811 };
4812
4813 // In-place division by number
4814 BN.prototype.idivn = function idivn (num) {
4815 assert(num <= 0x3ffffff);
4816
4817 var carry = 0;
4818 for (var i = this.length - 1; i >= 0; i--) {
4819 var w = (this.words[i] | 0) + carry * 0x4000000;
4820 this.words[i] = (w / num) | 0;
4821 carry = w % num;
4822 }
4823
4824 return this.strip();
4825 };
4826
4827 BN.prototype.divn = function divn (num) {
4828 return this.clone().idivn(num);
4829 };
4830
4831 BN.prototype.egcd = function egcd (p) {
4832 assert(p.negative === 0);
4833 assert(!p.isZero());
4834
4835 var x = this;
4836 var y = p.clone();
4837
4838 if (x.negative !== 0) {
4839 x = x.umod(p);
4840 } else {
4841 x = x.clone();
4842 }
4843
4844 // A * x + B * y = x
4845 var A = new BN(1);
4846 var B = new BN(0);
4847
4848 // C * x + D * y = y
4849 var C = new BN(0);
4850 var D = new BN(1);
4851
4852 var g = 0;
4853
4854 while (x.isEven() && y.isEven()) {
4855 x.iushrn(1);
4856 y.iushrn(1);
4857 ++g;
4858 }
4859
4860 var yp = y.clone();
4861 var xp = x.clone();
4862
4863 while (!x.isZero()) {
4864 for (var i = 0, im = 1; (x.words[0] & im) === 0 && i < 26; ++i, im <<= 1);
4865 if (i > 0) {
4866 x.iushrn(i);
4867 while (i-- > 0) {
4868 if (A.isOdd() || B.isOdd()) {
4869 A.iadd(yp);
4870 B.isub(xp);
4871 }
4872
4873 A.iushrn(1);
4874 B.iushrn(1);
4875 }
4876 }
4877
4878 for (var j = 0, jm = 1; (y.words[0] & jm) === 0 && j < 26; ++j, jm <<= 1);
4879 if (j > 0) {
4880 y.iushrn(j);
4881 while (j-- > 0) {
4882 if (C.isOdd() || D.isOdd()) {
4883 C.iadd(yp);
4884 D.isub(xp);
4885 }
4886
4887 C.iushrn(1);
4888 D.iushrn(1);
4889 }
4890 }
4891
4892 if (x.cmp(y) >= 0) {
4893 x.isub(y);
4894 A.isub(C);
4895 B.isub(D);
4896 } else {
4897 y.isub(x);
4898 C.isub(A);
4899 D.isub(B);
4900 }
4901 }
4902
4903 return {
4904 a: C,
4905 b: D,
4906 gcd: y.iushln(g)
4907 };
4908 };
4909
4910 // This is reduced incarnation of the binary EEA
4911 // above, designated to invert members of the
4912 // _prime_ fields F(p) at a maximal speed
4913 BN.prototype._invmp = function _invmp (p) {
4914 assert(p.negative === 0);
4915 assert(!p.isZero());
4916
4917 var a = this;
4918 var b = p.clone();
4919
4920 if (a.negative !== 0) {
4921 a = a.umod(p);
4922 } else {
4923 a = a.clone();
4924 }
4925
4926 var x1 = new BN(1);
4927 var x2 = new BN(0);
4928
4929 var delta = b.clone();
4930
4931 while (a.cmpn(1) > 0 && b.cmpn(1) > 0) {
4932 for (var i = 0, im = 1; (a.words[0] & im) === 0 && i < 26; ++i, im <<= 1);
4933 if (i > 0) {
4934 a.iushrn(i);
4935 while (i-- > 0) {
4936 if (x1.isOdd()) {
4937 x1.iadd(delta);
4938 }
4939
4940 x1.iushrn(1);
4941 }
4942 }
4943
4944 for (var j = 0, jm = 1; (b.words[0] & jm) === 0 && j < 26; ++j, jm <<= 1);
4945 if (j > 0) {
4946 b.iushrn(j);
4947 while (j-- > 0) {
4948 if (x2.isOdd()) {
4949 x2.iadd(delta);
4950 }
4951
4952 x2.iushrn(1);
4953 }
4954 }
4955
4956 if (a.cmp(b) >= 0) {
4957 a.isub(b);
4958 x1.isub(x2);
4959 } else {
4960 b.isub(a);
4961 x2.isub(x1);
4962 }
4963 }
4964
4965 var res;
4966 if (a.cmpn(1) === 0) {
4967 res = x1;
4968 } else {
4969 res = x2;
4970 }
4971
4972 if (res.cmpn(0) < 0) {
4973 res.iadd(p);
4974 }
4975
4976 return res;
4977 };
4978
4979 BN.prototype.gcd = function gcd (num) {
4980 if (this.isZero()) return num.abs();
4981 if (num.isZero()) return this.abs();
4982
4983 var a = this.clone();
4984 var b = num.clone();
4985 a.negative = 0;
4986 b.negative = 0;
4987
4988 // Remove common factor of two
4989 for (var shift = 0; a.isEven() && b.isEven(); shift++) {
4990 a.iushrn(1);
4991 b.iushrn(1);
4992 }
4993
4994 do {
4995 while (a.isEven()) {
4996 a.iushrn(1);
4997 }
4998 while (b.isEven()) {
4999 b.iushrn(1);
5000 }
5001
5002 var r = a.cmp(b);
5003 if (r < 0) {
5004 // Swap `a` and `b` to make `a` always bigger than `b`
5005 var t = a;
5006 a = b;
5007 b = t;
5008 } else if (r === 0 || b.cmpn(1) === 0) {
5009 break;
5010 }
5011
5012 a.isub(b);
5013 } while (true);
5014
5015 return b.iushln(shift);
5016 };
5017
5018 // Invert number in the field F(num)
5019 BN.prototype.invm = function invm (num) {
5020 return this.egcd(num).a.umod(num);
5021 };
5022
5023 BN.prototype.isEven = function isEven () {
5024 return (this.words[0] & 1) === 0;
5025 };
5026
5027 BN.prototype.isOdd = function isOdd () {
5028 return (this.words[0] & 1) === 1;
5029 };
5030
5031 // And first word and num
5032 BN.prototype.andln = function andln (num) {
5033 return this.words[0] & num;
5034 };
5035
5036 // Increment at the bit position in-line
5037 BN.prototype.bincn = function bincn (bit) {
5038 assert(typeof bit === 'number');
5039 var r = bit % 26;
5040 var s = (bit - r) / 26;
5041 var q = 1 << r;
5042
5043 // Fast case: bit is much higher than all existing words
5044 if (this.length <= s) {
5045 this._expand(s + 1);
5046 this.words[s] |= q;
5047 return this;
5048 }
5049
5050 // Add bit and propagate, if needed
5051 var carry = q;
5052 for (var i = s; carry !== 0 && i < this.length; i++) {
5053 var w = this.words[i] | 0;
5054 w += carry;
5055 carry = w >>> 26;
5056 w &= 0x3ffffff;
5057 this.words[i] = w;
5058 }
5059 if (carry !== 0) {
5060 this.words[i] = carry;
5061 this.length++;
5062 }
5063 return this;
5064 };
5065
5066 BN.prototype.isZero = function isZero () {
5067 return this.length === 1 && this.words[0] === 0;
5068 };
5069
5070 BN.prototype.cmpn = function cmpn (num) {
5071 var negative = num < 0;
5072
5073 if (this.negative !== 0 && !negative) return -1;
5074 if (this.negative === 0 && negative) return 1;
5075
5076 this.strip();
5077
5078 var res;
5079 if (this.length > 1) {
5080 res = 1;
5081 } else {
5082 if (negative) {
5083 num = -num;
5084 }
5085
5086 assert(num <= 0x3ffffff, 'Number is too big');
5087
5088 var w = this.words[0] | 0;
5089 res = w === num ? 0 : w < num ? -1 : 1;
5090 }
5091 if (this.negative !== 0) return -res | 0;
5092 return res;
5093 };
5094
5095 // Compare two numbers and return:
5096 // 1 - if `this` > `num`
5097 // 0 - if `this` == `num`
5098 // -1 - if `this` < `num`
5099 BN.prototype.cmp = function cmp (num) {
5100 if (this.negative !== 0 && num.negative === 0) return -1;
5101 if (this.negative === 0 && num.negative !== 0) return 1;
5102
5103 var res = this.ucmp(num);
5104 if (this.negative !== 0) return -res | 0;
5105 return res;
5106 };
5107
5108 // Unsigned comparison
5109 BN.prototype.ucmp = function ucmp (num) {
5110 // At this point both numbers have the same sign
5111 if (this.length > num.length) return 1;
5112 if (this.length < num.length) return -1;
5113
5114 var res = 0;
5115 for (var i = this.length - 1; i >= 0; i--) {
5116 var a = this.words[i] | 0;
5117 var b = num.words[i] | 0;
5118
5119 if (a === b) continue;
5120 if (a < b) {
5121 res = -1;
5122 } else if (a > b) {
5123 res = 1;
5124 }
5125 break;
5126 }
5127 return res;
5128 };
5129
5130 BN.prototype.gtn = function gtn (num) {
5131 return this.cmpn(num) === 1;
5132 };
5133
5134 BN.prototype.gt = function gt (num) {
5135 return this.cmp(num) === 1;
5136 };
5137
5138 BN.prototype.gten = function gten (num) {
5139 return this.cmpn(num) >= 0;
5140 };
5141
5142 BN.prototype.gte = function gte (num) {
5143 return this.cmp(num) >= 0;
5144 };
5145
5146 BN.prototype.ltn = function ltn (num) {
5147 return this.cmpn(num) === -1;
5148 };
5149
5150 BN.prototype.lt = function lt (num) {
5151 return this.cmp(num) === -1;
5152 };
5153
5154 BN.prototype.lten = function lten (num) {
5155 return this.cmpn(num) <= 0;
5156 };
5157
5158 BN.prototype.lte = function lte (num) {
5159 return this.cmp(num) <= 0;
5160 };
5161
5162 BN.prototype.eqn = function eqn (num) {
5163 return this.cmpn(num) === 0;
5164 };
5165
5166 BN.prototype.eq = function eq (num) {
5167 return this.cmp(num) === 0;
5168 };
5169
5170 //
5171 // A reduce context, could be using montgomery or something better, depending
5172 // on the `m` itself.
5173 //
5174 BN.red = function red (num) {
5175 return new Red(num);
5176 };
5177
5178 BN.prototype.toRed = function toRed (ctx) {
5179 assert(!this.red, 'Already a number in reduction context');
5180 assert(this.negative === 0, 'red works only with positives');
5181 return ctx.convertTo(this)._forceRed(ctx);
5182 };
5183
5184 BN.prototype.fromRed = function fromRed () {
5185 assert(this.red, 'fromRed works only with numbers in reduction context');
5186 return this.red.convertFrom(this);
5187 };
5188
5189 BN.prototype._forceRed = function _forceRed (ctx) {
5190 this.red = ctx;
5191 return this;
5192 };
5193
5194 BN.prototype.forceRed = function forceRed (ctx) {
5195 assert(!this.red, 'Already a number in reduction context');
5196 return this._forceRed(ctx);
5197 };
5198
5199 BN.prototype.redAdd = function redAdd (num) {
5200 assert(this.red, 'redAdd works only with red numbers');
5201 return this.red.add(this, num);
5202 };
5203
5204 BN.prototype.redIAdd = function redIAdd (num) {
5205 assert(this.red, 'redIAdd works only with red numbers');
5206 return this.red.iadd(this, num);
5207 };
5208
5209 BN.prototype.redSub = function redSub (num) {
5210 assert(this.red, 'redSub works only with red numbers');
5211 return this.red.sub(this, num);
5212 };
5213
5214 BN.prototype.redISub = function redISub (num) {
5215 assert(this.red, 'redISub works only with red numbers');
5216 return this.red.isub(this, num);
5217 };
5218
5219 BN.prototype.redShl = function redShl (num) {
5220 assert(this.red, 'redShl works only with red numbers');
5221 return this.red.shl(this, num);
5222 };
5223
5224 BN.prototype.redMul = function redMul (num) {
5225 assert(this.red, 'redMul works only with red numbers');
5226 this.red._verify2(this, num);
5227 return this.red.mul(this, num);
5228 };
5229
5230 BN.prototype.redIMul = function redIMul (num) {
5231 assert(this.red, 'redMul works only with red numbers');
5232 this.red._verify2(this, num);
5233 return this.red.imul(this, num);
5234 };
5235
5236 BN.prototype.redSqr = function redSqr () {
5237 assert(this.red, 'redSqr works only with red numbers');
5238 this.red._verify1(this);
5239 return this.red.sqr(this);
5240 };
5241
5242 BN.prototype.redISqr = function redISqr () {
5243 assert(this.red, 'redISqr works only with red numbers');
5244 this.red._verify1(this);
5245 return this.red.isqr(this);
5246 };
5247
5248 // Square root over p
5249 BN.prototype.redSqrt = function redSqrt () {
5250 assert(this.red, 'redSqrt works only with red numbers');
5251 this.red._verify1(this);
5252 return this.red.sqrt(this);
5253 };
5254
5255 BN.prototype.redInvm = function redInvm () {
5256 assert(this.red, 'redInvm works only with red numbers');
5257 this.red._verify1(this);
5258 return this.red.invm(this);
5259 };
5260
5261 // Return negative clone of `this` % `red modulo`
5262 BN.prototype.redNeg = function redNeg () {
5263 assert(this.red, 'redNeg works only with red numbers');
5264 this.red._verify1(this);
5265 return this.red.neg(this);
5266 };
5267
5268 BN.prototype.redPow = function redPow (num) {
5269 assert(this.red && !num.red, 'redPow(normalNum)');
5270 this.red._verify1(this);
5271 return this.red.pow(this, num);
5272 };
5273
5274 // Prime numbers with efficient reduction
5275 var primes = {
5276 k256: null,
5277 p224: null,
5278 p192: null,
5279 p25519: null
5280 };
5281
5282 // Pseudo-Mersenne prime
5283 function MPrime (name, p) {
5284 // P = 2 ^ N - K
5285 this.name = name;
5286 this.p = new BN(p, 16);
5287 this.n = this.p.bitLength();
5288 this.k = new BN(1).iushln(this.n).isub(this.p);
5289
5290 this.tmp = this._tmp();
5291 }
5292
5293 MPrime.prototype._tmp = function _tmp () {
5294 var tmp = new BN(null);
5295 tmp.words = new Array(Math.ceil(this.n / 13));
5296 return tmp;
5297 };
5298
5299 MPrime.prototype.ireduce = function ireduce (num) {
5300 // Assumes that `num` is less than `P^2`
5301 // num = HI * (2 ^ N - K) + HI * K + LO = HI * K + LO (mod P)
5302 var r = num;
5303 var rlen;
5304
5305 do {
5306 this.split(r, this.tmp);
5307 r = this.imulK(r);
5308 r = r.iadd(this.tmp);
5309 rlen = r.bitLength();
5310 } while (rlen > this.n);
5311
5312 var cmp = rlen < this.n ? -1 : r.ucmp(this.p);
5313 if (cmp === 0) {
5314 r.words[0] = 0;
5315 r.length = 1;
5316 } else if (cmp > 0) {
5317 r.isub(this.p);
5318 } else {
5319 r.strip();
5320 }
5321
5322 return r;
5323 };
5324
5325 MPrime.prototype.split = function split (input, out) {
5326 input.iushrn(this.n, 0, out);
5327 };
5328
5329 MPrime.prototype.imulK = function imulK (num) {
5330 return num.imul(this.k);
5331 };
5332
5333 function K256 () {
5334 MPrime.call(
5335 this,
5336 'k256',
5337 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f');
5338 }
5339 inherits(K256, MPrime);
5340
5341 K256.prototype.split = function split (input, output) {
5342 // 256 = 9 * 26 + 22
5343 var mask = 0x3fffff;
5344
5345 var outLen = Math.min(input.length, 9);
5346 for (var i = 0; i < outLen; i++) {
5347 output.words[i] = input.words[i];
5348 }
5349 output.length = outLen;
5350
5351 if (input.length <= 9) {
5352 input.words[0] = 0;
5353 input.length = 1;
5354 return;
5355 }
5356
5357 // Shift by 9 limbs
5358 var prev = input.words[9];
5359 output.words[output.length++] = prev & mask;
5360
5361 for (i = 10; i < input.length; i++) {
5362 var next = input.words[i] | 0;
5363 input.words[i - 10] = ((next & mask) << 4) | (prev >>> 22);
5364 prev = next;
5365 }
5366 prev >>>= 22;
5367 input.words[i - 10] = prev;
5368 if (prev === 0 && input.length > 10) {
5369 input.length -= 10;
5370 } else {
5371 input.length -= 9;
5372 }
5373 };
5374
5375 K256.prototype.imulK = function imulK (num) {
5376 // K = 0x1000003d1 = [ 0x40, 0x3d1 ]
5377 num.words[num.length] = 0;
5378 num.words[num.length + 1] = 0;
5379 num.length += 2;
5380
5381 // bounded at: 0x40 * 0x3ffffff + 0x3d0 = 0x100000390
5382 var lo = 0;
5383 for (var i = 0; i < num.length; i++) {
5384 var w = num.words[i] | 0;
5385 lo += w * 0x3d1;
5386 num.words[i] = lo & 0x3ffffff;
5387 lo = w * 0x40 + ((lo / 0x4000000) | 0);
5388 }
5389
5390 // Fast length reduction
5391 if (num.words[num.length - 1] === 0) {
5392 num.length--;
5393 if (num.words[num.length - 1] === 0) {
5394 num.length--;
5395 }
5396 }
5397 return num;
5398 };
5399
5400 function P224 () {
5401 MPrime.call(
5402 this,
5403 'p224',
5404 'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001');
5405 }
5406 inherits(P224, MPrime);
5407
5408 function P192 () {
5409 MPrime.call(
5410 this,
5411 'p192',
5412 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff');
5413 }
5414 inherits(P192, MPrime);
5415
5416 function P25519 () {
5417 // 2 ^ 255 - 19
5418 MPrime.call(
5419 this,
5420 '25519',
5421 '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed');
5422 }
5423 inherits(P25519, MPrime);
5424
5425 P25519.prototype.imulK = function imulK (num) {
5426 // K = 0x13
5427 var carry = 0;
5428 for (var i = 0; i < num.length; i++) {
5429 var hi = (num.words[i] | 0) * 0x13 + carry;
5430 var lo = hi & 0x3ffffff;
5431 hi >>>= 26;
5432
5433 num.words[i] = lo;
5434 carry = hi;
5435 }
5436 if (carry !== 0) {
5437 num.words[num.length++] = carry;
5438 }
5439 return num;
5440 };
5441
5442 // Exported mostly for testing purposes, use plain name instead
5443 BN._prime = function prime (name) {
5444 // Cached version of prime
5445 if (primes[name]) return primes[name];
5446
5447 var prime;
5448 if (name === 'k256') {
5449 prime = new K256();
5450 } else if (name === 'p224') {
5451 prime = new P224();
5452 } else if (name === 'p192') {
5453 prime = new P192();
5454 } else if (name === 'p25519') {
5455 prime = new P25519();
5456 } else {
5457 throw new Error('Unknown prime ' + name);
5458 }
5459 primes[name] = prime;
5460
5461 return prime;
5462 };
5463
5464 //
5465 // Base reduction engine
5466 //
5467 function Red (m) {
5468 if (typeof m === 'string') {
5469 var prime = BN._prime(m);
5470 this.m = prime.p;
5471 this.prime = prime;
5472 } else {
5473 assert(m.gtn(1), 'modulus must be greater than 1');
5474 this.m = m;
5475 this.prime = null;
5476 }
5477 }
5478
5479 Red.prototype._verify1 = function _verify1 (a) {
5480 assert(a.negative === 0, 'red works only with positives');
5481 assert(a.red, 'red works only with red numbers');
5482 };
5483
5484 Red.prototype._verify2 = function _verify2 (a, b) {
5485 assert((a.negative | b.negative) === 0, 'red works only with positives');
5486 assert(a.red && a.red === b.red,
5487 'red works only with red numbers');
5488 };
5489
5490 Red.prototype.imod = function imod (a) {
5491 if (this.prime) return this.prime.ireduce(a)._forceRed(this);
5492 return a.umod(this.m)._forceRed(this);
5493 };
5494
5495 Red.prototype.neg = function neg (a) {
5496 if (a.isZero()) {
5497 return a.clone();
5498 }
5499
5500 return this.m.sub(a)._forceRed(this);
5501 };
5502
5503 Red.prototype.add = function add (a, b) {
5504 this._verify2(a, b);
5505
5506 var res = a.add(b);
5507 if (res.cmp(this.m) >= 0) {
5508 res.isub(this.m);
5509 }
5510 return res._forceRed(this);
5511 };
5512
5513 Red.prototype.iadd = function iadd (a, b) {
5514 this._verify2(a, b);
5515
5516 var res = a.iadd(b);
5517 if (res.cmp(this.m) >= 0) {
5518 res.isub(this.m);
5519 }
5520 return res;
5521 };
5522
5523 Red.prototype.sub = function sub (a, b) {
5524 this._verify2(a, b);
5525
5526 var res = a.sub(b);
5527 if (res.cmpn(0) < 0) {
5528 res.iadd(this.m);
5529 }
5530 return res._forceRed(this);
5531 };
5532
5533 Red.prototype.isub = function isub (a, b) {
5534 this._verify2(a, b);
5535
5536 var res = a.isub(b);
5537 if (res.cmpn(0) < 0) {
5538 res.iadd(this.m);
5539 }
5540 return res;
5541 };
5542
5543 Red.prototype.shl = function shl (a, num) {
5544 this._verify1(a);
5545 return this.imod(a.ushln(num));
5546 };
5547
5548 Red.prototype.imul = function imul (a, b) {
5549 this._verify2(a, b);
5550 return this.imod(a.imul(b));
5551 };
5552
5553 Red.prototype.mul = function mul (a, b) {
5554 this._verify2(a, b);
5555 return this.imod(a.mul(b));
5556 };
5557
5558 Red.prototype.isqr = function isqr (a) {
5559 return this.imul(a, a.clone());
5560 };
5561
5562 Red.prototype.sqr = function sqr (a) {
5563 return this.mul(a, a);
5564 };
5565
5566 Red.prototype.sqrt = function sqrt (a) {
5567 if (a.isZero()) return a.clone();
5568
5569 var mod3 = this.m.andln(3);
5570 assert(mod3 % 2 === 1);
5571
5572 // Fast case
5573 if (mod3 === 3) {
5574 var pow = this.m.add(new BN(1)).iushrn(2);
5575 return this.pow(a, pow);
5576 }
5577
5578 // Tonelli-Shanks algorithm (Totally unoptimized and slow)
5579 //
5580 // Find Q and S, that Q * 2 ^ S = (P - 1)
5581 var q = this.m.subn(1);
5582 var s = 0;
5583 while (!q.isZero() && q.andln(1) === 0) {
5584 s++;
5585 q.iushrn(1);
5586 }
5587 assert(!q.isZero());
5588
5589 var one = new BN(1).toRed(this);
5590 var nOne = one.redNeg();
5591
5592 // Find quadratic non-residue
5593 // NOTE: Max is such because of generalized Riemann hypothesis.
5594 var lpow = this.m.subn(1).iushrn(1);
5595 var z = this.m.bitLength();
5596 z = new BN(2 * z * z).toRed(this);
5597
5598 while (this.pow(z, lpow).cmp(nOne) !== 0) {
5599 z.redIAdd(nOne);
5600 }
5601
5602 var c = this.pow(z, q);
5603 var r = this.pow(a, q.addn(1).iushrn(1));
5604 var t = this.pow(a, q);
5605 var m = s;
5606 while (t.cmp(one) !== 0) {
5607 var tmp = t;
5608 for (var i = 0; tmp.cmp(one) !== 0; i++) {
5609 tmp = tmp.redSqr();
5610 }
5611 assert(i < m);
5612 var b = this.pow(c, new BN(1).iushln(m - i - 1));
5613
5614 r = r.redMul(b);
5615 c = b.redSqr();
5616 t = t.redMul(c);
5617 m = i;
5618 }
5619
5620 return r;
5621 };
5622
5623 Red.prototype.invm = function invm (a) {
5624 var inv = a._invmp(this.m);
5625 if (inv.negative !== 0) {
5626 inv.negative = 0;
5627 return this.imod(inv).redNeg();
5628 } else {
5629 return this.imod(inv);
5630 }
5631 };
5632
5633 Red.prototype.pow = function pow (a, num) {
5634 if (num.isZero()) return new BN(1);
5635 if (num.cmpn(1) === 0) return a.clone();
5636
5637 var windowSize = 4;
5638 var wnd = new Array(1 << windowSize);
5639 wnd[0] = new BN(1).toRed(this);
5640 wnd[1] = a;
5641 for (var i = 2; i < wnd.length; i++) {
5642 wnd[i] = this.mul(wnd[i - 1], a);
5643 }
5644
5645 var res = wnd[0];
5646 var current = 0;
5647 var currentLen = 0;
5648 var start = num.bitLength() % 26;
5649 if (start === 0) {
5650 start = 26;
5651 }
5652
5653 for (i = num.length - 1; i >= 0; i--) {
5654 var word = num.words[i];
5655 for (var j = start - 1; j >= 0; j--) {
5656 var bit = (word >> j) & 1;
5657 if (res !== wnd[0]) {
5658 res = this.sqr(res);
5659 }
5660
5661 if (bit === 0 && current === 0) {
5662 currentLen = 0;
5663 continue;
5664 }
5665
5666 current <<= 1;
5667 current |= bit;
5668 currentLen++;
5669 if (currentLen !== windowSize && (i !== 0 || j !== 0)) continue;
5670
5671 res = this.mul(res, wnd[current]);
5672 currentLen = 0;
5673 current = 0;
5674 }
5675 start = 26;
5676 }
5677
5678 return res;
5679 };
5680
5681 Red.prototype.convertTo = function convertTo (num) {
5682 var r = num.umod(this.m);
5683
5684 return r === num ? r.clone() : r;
5685 };
5686
5687 Red.prototype.convertFrom = function convertFrom (num) {
5688 var res = num.clone();
5689 res.red = null;
5690 return res;
5691 };
5692
5693 //
5694 // Montgomery method engine
5695 //
5696
5697 BN.mont = function mont (num) {
5698 return new Mont(num);
5699 };
5700
5701 function Mont (m) {
5702 Red.call(this, m);
5703
5704 this.shift = this.m.bitLength();
5705 if (this.shift % 26 !== 0) {
5706 this.shift += 26 - (this.shift % 26);
5707 }
5708
5709 this.r = new BN(1).iushln(this.shift);
5710 this.r2 = this.imod(this.r.sqr());
5711 this.rinv = this.r._invmp(this.m);
5712
5713 this.minv = this.rinv.mul(this.r).isubn(1).div(this.m);
5714 this.minv = this.minv.umod(this.r);
5715 this.minv = this.r.sub(this.minv);
5716 }
5717 inherits(Mont, Red);
5718
5719 Mont.prototype.convertTo = function convertTo (num) {
5720 return this.imod(num.ushln(this.shift));
5721 };
5722
5723 Mont.prototype.convertFrom = function convertFrom (num) {
5724 var r = this.imod(num.mul(this.rinv));
5725 r.red = null;
5726 return r;
5727 };
5728
5729 Mont.prototype.imul = function imul (a, b) {
5730 if (a.isZero() || b.isZero()) {
5731 a.words[0] = 0;
5732 a.length = 1;
5733 return a;
5734 }
5735
5736 var t = a.imul(b);
5737 var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m);
5738 var u = t.isub(c).iushrn(this.shift);
5739 var res = u;
5740
5741 if (u.cmp(this.m) >= 0) {
5742 res = u.isub(this.m);
5743 } else if (u.cmpn(0) < 0) {
5744 res = u.iadd(this.m);
5745 }
5746
5747 return res._forceRed(this);
5748 };
5749
5750 Mont.prototype.mul = function mul (a, b) {
5751 if (a.isZero() || b.isZero()) return new BN(0)._forceRed(this);
5752
5753 var t = a.mul(b);
5754 var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m);
5755 var u = t.isub(c).iushrn(this.shift);
5756 var res = u;
5757 if (u.cmp(this.m) >= 0) {
5758 res = u.isub(this.m);
5759 } else if (u.cmpn(0) < 0) {
5760 res = u.iadd(this.m);
5761 }
5762
5763 return res._forceRed(this);
5764 };
5765
5766 Mont.prototype.invm = function invm (a) {
5767 // (AR)^-1 * R^2 = (A^-1 * R^-1) * R^2 = A^-1 * R
5768 var res = this.imod(a._invmp(this.m).mul(this.r2));
5769 return res._forceRed(this);
5770 };
5771})(typeof module === 'undefined' || module, this);
5772
5773},{}],18:[function(require,module,exports){
5774var r;
5775
5776module.exports = function rand(len) {
5777 if (!r)
5778 r = new Rand(null);
5779
5780 return r.generate(len);
5781};
5782
5783function Rand(rand) {
5784 this.rand = rand;
5785}
5786module.exports.Rand = Rand;
5787
5788Rand.prototype.generate = function generate(len) {
5789 return this._rand(len);
5790};
5791
5792// Emulate crypto API using randy
5793Rand.prototype._rand = function _rand(n) {
5794 if (this.rand.getBytes)
5795 return this.rand.getBytes(n);
5796
5797 var res = new Uint8Array(n);
5798 for (var i = 0; i < res.length; i++)
5799 res[i] = this.rand.getByte();
5800 return res;
5801};
5802
5803if (typeof self === 'object') {
5804 if (self.crypto && self.crypto.getRandomValues) {
5805 // Modern browsers
5806 Rand.prototype._rand = function _rand(n) {
5807 var arr = new Uint8Array(n);
5808 self.crypto.getRandomValues(arr);
5809 return arr;
5810 };
5811 } else if (self.msCrypto && self.msCrypto.getRandomValues) {
5812 // IE
5813 Rand.prototype._rand = function _rand(n) {
5814 var arr = new Uint8Array(n);
5815 self.msCrypto.getRandomValues(arr);
5816 return arr;
5817 };
5818
5819 // Safari's WebWorkers do not have `crypto`
5820 } else if (typeof window === 'object') {
5821 // Old junk
5822 Rand.prototype._rand = function() {
5823 throw new Error('Not implemented yet');
5824 };
5825 }
5826} else {
5827 // Node.js or Web worker with no crypto support
5828 try {
5829 var crypto = require('crypto');
5830 if (typeof crypto.randomBytes !== 'function')
5831 throw new Error('Not supported');
5832
5833 Rand.prototype._rand = function _rand(n) {
5834 return crypto.randomBytes(n);
5835 };
5836 } catch (e) {
5837 }
5838}
5839
5840},{"crypto":19}],19:[function(require,module,exports){
5841
5842},{}],20:[function(require,module,exports){
5843(function (Buffer){
5844// based on the aes implimentation in triple sec
5845// https://github.com/keybase/triplesec
5846
5847// which is in turn based on the one from crypto-js
5848// https://code.google.com/p/crypto-js/
5849
5850var uint_max = Math.pow(2, 32)
5851function fixup_uint32 (x) {
5852 var ret, x_pos
5853 ret = x > uint_max || x < 0 ? (x_pos = Math.abs(x) % uint_max, x < 0 ? uint_max - x_pos : x_pos) : x
5854 return ret
5855}
5856function scrub_vec (v) {
5857 for (var i = 0; i < v.length; v++) {
5858 v[i] = 0
5859 }
5860 return false
5861}
5862
5863function Global () {
5864 this.SBOX = []
5865 this.INV_SBOX = []
5866 this.SUB_MIX = [[], [], [], []]
5867 this.INV_SUB_MIX = [[], [], [], []]
5868 this.init()
5869 this.RCON = [0x00, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36]
5870}
5871
5872Global.prototype.init = function () {
5873 var d, i, sx, t, x, x2, x4, x8, xi, _i
5874 d = (function () {
5875 var _i, _results
5876 _results = []
5877 for (i = _i = 0; _i < 256; i = ++_i) {
5878 if (i < 128) {
5879 _results.push(i << 1)
5880 } else {
5881 _results.push((i << 1) ^ 0x11b)
5882 }
5883 }
5884 return _results
5885 })()
5886 x = 0
5887 xi = 0
5888 for (i = _i = 0; _i < 256; i = ++_i) {
5889 sx = xi ^ (xi << 1) ^ (xi << 2) ^ (xi << 3) ^ (xi << 4)
5890 sx = (sx >>> 8) ^ (sx & 0xff) ^ 0x63
5891 this.SBOX[x] = sx
5892 this.INV_SBOX[sx] = x
5893 x2 = d[x]
5894 x4 = d[x2]
5895 x8 = d[x4]
5896 t = (d[sx] * 0x101) ^ (sx * 0x1010100)
5897 this.SUB_MIX[0][x] = (t << 24) | (t >>> 8)
5898 this.SUB_MIX[1][x] = (t << 16) | (t >>> 16)
5899 this.SUB_MIX[2][x] = (t << 8) | (t >>> 24)
5900 this.SUB_MIX[3][x] = t
5901 t = (x8 * 0x1010101) ^ (x4 * 0x10001) ^ (x2 * 0x101) ^ (x * 0x1010100)
5902 this.INV_SUB_MIX[0][sx] = (t << 24) | (t >>> 8)
5903 this.INV_SUB_MIX[1][sx] = (t << 16) | (t >>> 16)
5904 this.INV_SUB_MIX[2][sx] = (t << 8) | (t >>> 24)
5905 this.INV_SUB_MIX[3][sx] = t
5906 if (x === 0) {
5907 x = xi = 1
5908 } else {
5909 x = x2 ^ d[d[d[x8 ^ x2]]]
5910 xi ^= d[d[xi]]
5911 }
5912 }
5913 return true
5914}
5915
5916var G = new Global()
5917
5918AES.blockSize = 4 * 4
5919
5920AES.prototype.blockSize = AES.blockSize
5921
5922AES.keySize = 256 / 8
5923
5924AES.prototype.keySize = AES.keySize
5925
5926function bufferToArray (buf) {
5927 var len = buf.length / 4
5928 var out = new Array(len)
5929 var i = -1
5930 while (++i < len) {
5931 out[i] = buf.readUInt32BE(i * 4)
5932 }
5933 return out
5934}
5935function AES (key) {
5936 this._key = bufferToArray(key)
5937 this._doReset()
5938}
5939
5940AES.prototype._doReset = function () {
5941 var invKsRow, keySize, keyWords, ksRow, ksRows, t
5942 keyWords = this._key
5943 keySize = keyWords.length
5944 this._nRounds = keySize + 6
5945 ksRows = (this._nRounds + 1) * 4
5946 this._keySchedule = []
5947 for (ksRow = 0; ksRow < ksRows; ksRow++) {
5948 this._keySchedule[ksRow] = ksRow < keySize ? keyWords[ksRow] : (t = this._keySchedule[ksRow - 1], (ksRow % keySize) === 0 ? (t = (t << 8) | (t >>> 24), t = (G.SBOX[t >>> 24] << 24) | (G.SBOX[(t >>> 16) & 0xff] << 16) | (G.SBOX[(t >>> 8) & 0xff] << 8) | G.SBOX[t & 0xff], t ^= G.RCON[(ksRow / keySize) | 0] << 24) : keySize > 6 && ksRow % keySize === 4 ? t = (G.SBOX[t >>> 24] << 24) | (G.SBOX[(t >>> 16) & 0xff] << 16) | (G.SBOX[(t >>> 8) & 0xff] << 8) | G.SBOX[t & 0xff] : void 0, this._keySchedule[ksRow - keySize] ^ t)
5949 }
5950 this._invKeySchedule = []
5951 for (invKsRow = 0; invKsRow < ksRows; invKsRow++) {
5952 ksRow = ksRows - invKsRow
5953 t = this._keySchedule[ksRow - (invKsRow % 4 ? 0 : 4)]
5954 this._invKeySchedule[invKsRow] = invKsRow < 4 || ksRow <= 4 ? t : G.INV_SUB_MIX[0][G.SBOX[t >>> 24]] ^ G.INV_SUB_MIX[1][G.SBOX[(t >>> 16) & 0xff]] ^ G.INV_SUB_MIX[2][G.SBOX[(t >>> 8) & 0xff]] ^ G.INV_SUB_MIX[3][G.SBOX[t & 0xff]]
5955 }
5956 return true
5957}
5958
5959AES.prototype.encryptBlock = function (M) {
5960 M = bufferToArray(new Buffer(M))
5961 var out = this._doCryptBlock(M, this._keySchedule, G.SUB_MIX, G.SBOX)
5962 var buf = new Buffer(16)
5963 buf.writeUInt32BE(out[0], 0)
5964 buf.writeUInt32BE(out[1], 4)
5965 buf.writeUInt32BE(out[2], 8)
5966 buf.writeUInt32BE(out[3], 12)
5967 return buf
5968}
5969
5970AES.prototype.decryptBlock = function (M) {
5971 M = bufferToArray(new Buffer(M))
5972 var temp = [M[3], M[1]]
5973 M[1] = temp[0]
5974 M[3] = temp[1]
5975 var out = this._doCryptBlock(M, this._invKeySchedule, G.INV_SUB_MIX, G.INV_SBOX)
5976 var buf = new Buffer(16)
5977 buf.writeUInt32BE(out[0], 0)
5978 buf.writeUInt32BE(out[3], 4)
5979 buf.writeUInt32BE(out[2], 8)
5980 buf.writeUInt32BE(out[1], 12)
5981 return buf
5982}
5983
5984AES.prototype.scrub = function () {
5985 scrub_vec(this._keySchedule)
5986 scrub_vec(this._invKeySchedule)
5987 scrub_vec(this._key)
5988}
5989
5990AES.prototype._doCryptBlock = function (M, keySchedule, SUB_MIX, SBOX) {
5991 var ksRow, s0, s1, s2, s3, t0, t1, t2, t3
5992
5993 s0 = M[0] ^ keySchedule[0]
5994 s1 = M[1] ^ keySchedule[1]
5995 s2 = M[2] ^ keySchedule[2]
5996 s3 = M[3] ^ keySchedule[3]
5997 ksRow = 4
5998 for (var round = 1; round < this._nRounds; round++) {
5999 t0 = SUB_MIX[0][s0 >>> 24] ^ SUB_MIX[1][(s1 >>> 16) & 0xff] ^ SUB_MIX[2][(s2 >>> 8) & 0xff] ^ SUB_MIX[3][s3 & 0xff] ^ keySchedule[ksRow++]
6000 t1 = SUB_MIX[0][s1 >>> 24] ^ SUB_MIX[1][(s2 >>> 16) & 0xff] ^ SUB_MIX[2][(s3 >>> 8) & 0xff] ^ SUB_MIX[3][s0 & 0xff] ^ keySchedule[ksRow++]
6001 t2 = SUB_MIX[0][s2 >>> 24] ^ SUB_MIX[1][(s3 >>> 16) & 0xff] ^ SUB_MIX[2][(s0 >>> 8) & 0xff] ^ SUB_MIX[3][s1 & 0xff] ^ keySchedule[ksRow++]
6002 t3 = SUB_MIX[0][s3 >>> 24] ^ SUB_MIX[1][(s0 >>> 16) & 0xff] ^ SUB_MIX[2][(s1 >>> 8) & 0xff] ^ SUB_MIX[3][s2 & 0xff] ^ keySchedule[ksRow++]
6003 s0 = t0
6004 s1 = t1
6005 s2 = t2
6006 s3 = t3
6007 }
6008 t0 = ((SBOX[s0 >>> 24] << 24) | (SBOX[(s1 >>> 16) & 0xff] << 16) | (SBOX[(s2 >>> 8) & 0xff] << 8) | SBOX[s3 & 0xff]) ^ keySchedule[ksRow++]
6009 t1 = ((SBOX[s1 >>> 24] << 24) | (SBOX[(s2 >>> 16) & 0xff] << 16) | (SBOX[(s3 >>> 8) & 0xff] << 8) | SBOX[s0 & 0xff]) ^ keySchedule[ksRow++]
6010 t2 = ((SBOX[s2 >>> 24] << 24) | (SBOX[(s3 >>> 16) & 0xff] << 16) | (SBOX[(s0 >>> 8) & 0xff] << 8) | SBOX[s1 & 0xff]) ^ keySchedule[ksRow++]
6011 t3 = ((SBOX[s3 >>> 24] << 24) | (SBOX[(s0 >>> 16) & 0xff] << 16) | (SBOX[(s1 >>> 8) & 0xff] << 8) | SBOX[s2 & 0xff]) ^ keySchedule[ksRow++]
6012 return [
6013 fixup_uint32(t0),
6014 fixup_uint32(t1),
6015 fixup_uint32(t2),
6016 fixup_uint32(t3)
6017 ]
6018}
6019
6020exports.AES = AES
6021
6022}).call(this,require("buffer").Buffer)
6023},{"buffer":47}],21:[function(require,module,exports){
6024(function (Buffer){
6025var aes = require('./aes')
6026var Transform = require('cipher-base')
6027var inherits = require('inherits')
6028var GHASH = require('./ghash')
6029var xor = require('buffer-xor')
6030inherits(StreamCipher, Transform)
6031module.exports = StreamCipher
6032
6033function StreamCipher (mode, key, iv, decrypt) {
6034 if (!(this instanceof StreamCipher)) {
6035 return new StreamCipher(mode, key, iv)
6036 }
6037 Transform.call(this)
6038 this._finID = Buffer.concat([iv, new Buffer([0, 0, 0, 1])])
6039 iv = Buffer.concat([iv, new Buffer([0, 0, 0, 2])])
6040 this._cipher = new aes.AES(key)
6041 this._prev = new Buffer(iv.length)
6042 this._cache = new Buffer('')
6043 this._secCache = new Buffer('')
6044 this._decrypt = decrypt
6045 this._alen = 0
6046 this._len = 0
6047 iv.copy(this._prev)
6048 this._mode = mode
6049 var h = new Buffer(4)
6050 h.fill(0)
6051 this._ghash = new GHASH(this._cipher.encryptBlock(h))
6052 this._authTag = null
6053 this._called = false
6054}
6055StreamCipher.prototype._update = function (chunk) {
6056 if (!this._called && this._alen) {
6057 var rump = 16 - (this._alen % 16)
6058 if (rump < 16) {
6059 rump = new Buffer(rump)
6060 rump.fill(0)
6061 this._ghash.update(rump)
6062 }
6063 }
6064 this._called = true
6065 var out = this._mode.encrypt(this, chunk)
6066 if (this._decrypt) {
6067 this._ghash.update(chunk)
6068 } else {
6069 this._ghash.update(out)
6070 }
6071 this._len += chunk.length
6072 return out
6073}
6074StreamCipher.prototype._final = function () {
6075 if (this._decrypt && !this._authTag) {
6076 throw new Error('Unsupported state or unable to authenticate data')
6077 }
6078 var tag = xor(this._ghash.final(this._alen * 8, this._len * 8), this._cipher.encryptBlock(this._finID))
6079 if (this._decrypt) {
6080 if (xorTest(tag, this._authTag)) {
6081 throw new Error('Unsupported state or unable to authenticate data')
6082 }
6083 } else {
6084 this._authTag = tag
6085 }
6086 this._cipher.scrub()
6087}
6088StreamCipher.prototype.getAuthTag = function getAuthTag () {
6089 if (!this._decrypt && Buffer.isBuffer(this._authTag)) {
6090 return this._authTag
6091 } else {
6092 throw new Error('Attempting to get auth tag in unsupported state')
6093 }
6094}
6095StreamCipher.prototype.setAuthTag = function setAuthTag (tag) {
6096 if (this._decrypt) {
6097 this._authTag = tag
6098 } else {
6099 throw new Error('Attempting to set auth tag in unsupported state')
6100 }
6101}
6102StreamCipher.prototype.setAAD = function setAAD (buf) {
6103 if (!this._called) {
6104 this._ghash.update(buf)
6105 this._alen += buf.length
6106 } else {
6107 throw new Error('Attempting to set AAD in unsupported state')
6108 }
6109}
6110function xorTest (a, b) {
6111 var out = 0
6112 if (a.length !== b.length) {
6113 out++
6114 }
6115 var len = Math.min(a.length, b.length)
6116 var i = -1
6117 while (++i < len) {
6118 out += (a[i] ^ b[i])
6119 }
6120 return out
6121}
6122
6123}).call(this,require("buffer").Buffer)
6124},{"./aes":20,"./ghash":25,"buffer":47,"buffer-xor":46,"cipher-base":48,"inherits":95}],22:[function(require,module,exports){
6125var ciphers = require('./encrypter')
6126exports.createCipher = exports.Cipher = ciphers.createCipher
6127exports.createCipheriv = exports.Cipheriv = ciphers.createCipheriv
6128var deciphers = require('./decrypter')
6129exports.createDecipher = exports.Decipher = deciphers.createDecipher
6130exports.createDecipheriv = exports.Decipheriv = deciphers.createDecipheriv
6131var modes = require('./modes')
6132function getCiphers () {
6133 return Object.keys(modes)
6134}
6135exports.listCiphers = exports.getCiphers = getCiphers
6136
6137},{"./decrypter":23,"./encrypter":24,"./modes":26}],23:[function(require,module,exports){
6138(function (Buffer){
6139var aes = require('./aes')
6140var Transform = require('cipher-base')
6141var inherits = require('inherits')
6142var modes = require('./modes')
6143var StreamCipher = require('./streamCipher')
6144var AuthCipher = require('./authCipher')
6145var ebtk = require('evp_bytestokey')
6146
6147inherits(Decipher, Transform)
6148function Decipher (mode, key, iv) {
6149 if (!(this instanceof Decipher)) {
6150 return new Decipher(mode, key, iv)
6151 }
6152 Transform.call(this)
6153 this._cache = new Splitter()
6154 this._last = void 0
6155 this._cipher = new aes.AES(key)
6156 this._prev = new Buffer(iv.length)
6157 iv.copy(this._prev)
6158 this._mode = mode
6159 this._autopadding = true
6160}
6161Decipher.prototype._update = function (data) {
6162 this._cache.add(data)
6163 var chunk
6164 var thing
6165 var out = []
6166 while ((chunk = this._cache.get(this._autopadding))) {
6167 thing = this._mode.decrypt(this, chunk)
6168 out.push(thing)
6169 }
6170 return Buffer.concat(out)
6171}
6172Decipher.prototype._final = function () {
6173 var chunk = this._cache.flush()
6174 if (this._autopadding) {
6175 return unpad(this._mode.decrypt(this, chunk))
6176 } else if (chunk) {
6177 throw new Error('data not multiple of block length')
6178 }
6179}
6180Decipher.prototype.setAutoPadding = function (setTo) {
6181 this._autopadding = !!setTo
6182 return this
6183}
6184function Splitter () {
6185 if (!(this instanceof Splitter)) {
6186 return new Splitter()
6187 }
6188 this.cache = new Buffer('')
6189}
6190Splitter.prototype.add = function (data) {
6191 this.cache = Buffer.concat([this.cache, data])
6192}
6193
6194Splitter.prototype.get = function (autoPadding) {
6195 var out
6196 if (autoPadding) {
6197 if (this.cache.length > 16) {
6198 out = this.cache.slice(0, 16)
6199 this.cache = this.cache.slice(16)
6200 return out
6201 }
6202 } else {
6203 if (this.cache.length >= 16) {
6204 out = this.cache.slice(0, 16)
6205 this.cache = this.cache.slice(16)
6206 return out
6207 }
6208 }
6209 return null
6210}
6211Splitter.prototype.flush = function () {
6212 if (this.cache.length) {
6213 return this.cache
6214 }
6215}
6216function unpad (last) {
6217 var padded = last[15]
6218 var i = -1
6219 while (++i < padded) {
6220 if (last[(i + (16 - padded))] !== padded) {
6221 throw new Error('unable to decrypt data')
6222 }
6223 }
6224 if (padded === 16) {
6225 return
6226 }
6227 return last.slice(0, 16 - padded)
6228}
6229
6230var modelist = {
6231 ECB: require('./modes/ecb'),
6232 CBC: require('./modes/cbc'),
6233 CFB: require('./modes/cfb'),
6234 CFB8: require('./modes/cfb8'),
6235 CFB1: require('./modes/cfb1'),
6236 OFB: require('./modes/ofb'),
6237 CTR: require('./modes/ctr'),
6238 GCM: require('./modes/ctr')
6239}
6240
6241function createDecipheriv (suite, password, iv) {
6242 var config = modes[suite.toLowerCase()]
6243 if (!config) {
6244 throw new TypeError('invalid suite type')
6245 }
6246 if (typeof iv === 'string') {
6247 iv = new Buffer(iv)
6248 }
6249 if (typeof password === 'string') {
6250 password = new Buffer(password)
6251 }
6252 if (password.length !== config.key / 8) {
6253 throw new TypeError('invalid key length ' + password.length)
6254 }
6255 if (iv.length !== config.iv) {
6256 throw new TypeError('invalid iv length ' + iv.length)
6257 }
6258 if (config.type === 'stream') {
6259 return new StreamCipher(modelist[config.mode], password, iv, true)
6260 } else if (config.type === 'auth') {
6261 return new AuthCipher(modelist[config.mode], password, iv, true)
6262 }
6263 return new Decipher(modelist[config.mode], password, iv)
6264}
6265
6266function createDecipher (suite, password) {
6267 var config = modes[suite.toLowerCase()]
6268 if (!config) {
6269 throw new TypeError('invalid suite type')
6270 }
6271 var keys = ebtk(password, false, config.key, config.iv)
6272 return createDecipheriv(suite, keys.key, keys.iv)
6273}
6274exports.createDecipher = createDecipher
6275exports.createDecipheriv = createDecipheriv
6276
6277}).call(this,require("buffer").Buffer)
6278},{"./aes":20,"./authCipher":21,"./modes":26,"./modes/cbc":27,"./modes/cfb":28,"./modes/cfb1":29,"./modes/cfb8":30,"./modes/ctr":31,"./modes/ecb":32,"./modes/ofb":33,"./streamCipher":34,"buffer":47,"cipher-base":48,"evp_bytestokey":84,"inherits":95}],24:[function(require,module,exports){
6279(function (Buffer){
6280var aes = require('./aes')
6281var Transform = require('cipher-base')
6282var inherits = require('inherits')
6283var modes = require('./modes')
6284var ebtk = require('evp_bytestokey')
6285var StreamCipher = require('./streamCipher')
6286var AuthCipher = require('./authCipher')
6287inherits(Cipher, Transform)
6288function Cipher (mode, key, iv) {
6289 if (!(this instanceof Cipher)) {
6290 return new Cipher(mode, key, iv)
6291 }
6292 Transform.call(this)
6293 this._cache = new Splitter()
6294 this._cipher = new aes.AES(key)
6295 this._prev = new Buffer(iv.length)
6296 iv.copy(this._prev)
6297 this._mode = mode
6298 this._autopadding = true
6299}
6300Cipher.prototype._update = function (data) {
6301 this._cache.add(data)
6302 var chunk
6303 var thing
6304 var out = []
6305 while ((chunk = this._cache.get())) {
6306 thing = this._mode.encrypt(this, chunk)
6307 out.push(thing)
6308 }
6309 return Buffer.concat(out)
6310}
6311Cipher.prototype._final = function () {
6312 var chunk = this._cache.flush()
6313 if (this._autopadding) {
6314 chunk = this._mode.encrypt(this, chunk)
6315 this._cipher.scrub()
6316 return chunk
6317 } else if (chunk.toString('hex') !== '10101010101010101010101010101010') {
6318 this._cipher.scrub()
6319 throw new Error('data not multiple of block length')
6320 }
6321}
6322Cipher.prototype.setAutoPadding = function (setTo) {
6323 this._autopadding = !!setTo
6324 return this
6325}
6326
6327function Splitter () {
6328 if (!(this instanceof Splitter)) {
6329 return new Splitter()
6330 }
6331 this.cache = new Buffer('')
6332}
6333Splitter.prototype.add = function (data) {
6334 this.cache = Buffer.concat([this.cache, data])
6335}
6336
6337Splitter.prototype.get = function () {
6338 if (this.cache.length > 15) {
6339 var out = this.cache.slice(0, 16)
6340 this.cache = this.cache.slice(16)
6341 return out
6342 }
6343 return null
6344}
6345Splitter.prototype.flush = function () {
6346 var len = 16 - this.cache.length
6347 var padBuff = new Buffer(len)
6348
6349 var i = -1
6350 while (++i < len) {
6351 padBuff.writeUInt8(len, i)
6352 }
6353 var out = Buffer.concat([this.cache, padBuff])
6354 return out
6355}
6356var modelist = {
6357 ECB: require('./modes/ecb'),
6358 CBC: require('./modes/cbc'),
6359 CFB: require('./modes/cfb'),
6360 CFB8: require('./modes/cfb8'),
6361 CFB1: require('./modes/cfb1'),
6362 OFB: require('./modes/ofb'),
6363 CTR: require('./modes/ctr'),
6364 GCM: require('./modes/ctr')
6365}
6366
6367function createCipheriv (suite, password, iv) {
6368 var config = modes[suite.toLowerCase()]
6369 if (!config) {
6370 throw new TypeError('invalid suite type')
6371 }
6372 if (typeof iv === 'string') {
6373 iv = new Buffer(iv)
6374 }
6375 if (typeof password === 'string') {
6376 password = new Buffer(password)
6377 }
6378 if (password.length !== config.key / 8) {
6379 throw new TypeError('invalid key length ' + password.length)
6380 }
6381 if (iv.length !== config.iv) {
6382 throw new TypeError('invalid iv length ' + iv.length)
6383 }
6384 if (config.type === 'stream') {
6385 return new StreamCipher(modelist[config.mode], password, iv)
6386 } else if (config.type === 'auth') {
6387 return new AuthCipher(modelist[config.mode], password, iv)
6388 }
6389 return new Cipher(modelist[config.mode], password, iv)
6390}
6391function createCipher (suite, password) {
6392 var config = modes[suite.toLowerCase()]
6393 if (!config) {
6394 throw new TypeError('invalid suite type')
6395 }
6396 var keys = ebtk(password, false, config.key, config.iv)
6397 return createCipheriv(suite, keys.key, keys.iv)
6398}
6399
6400exports.createCipheriv = createCipheriv
6401exports.createCipher = createCipher
6402
6403}).call(this,require("buffer").Buffer)
6404},{"./aes":20,"./authCipher":21,"./modes":26,"./modes/cbc":27,"./modes/cfb":28,"./modes/cfb1":29,"./modes/cfb8":30,"./modes/ctr":31,"./modes/ecb":32,"./modes/ofb":33,"./streamCipher":34,"buffer":47,"cipher-base":48,"evp_bytestokey":84,"inherits":95}],25:[function(require,module,exports){
6405(function (Buffer){
6406var zeros = new Buffer(16)
6407zeros.fill(0)
6408module.exports = GHASH
6409function GHASH (key) {
6410 this.h = key
6411 this.state = new Buffer(16)
6412 this.state.fill(0)
6413 this.cache = new Buffer('')
6414}
6415// from http://bitwiseshiftleft.github.io/sjcl/doc/symbols/src/core_gcm.js.html
6416// by Juho Vähä-Herttua
6417GHASH.prototype.ghash = function (block) {
6418 var i = -1
6419 while (++i < block.length) {
6420 this.state[i] ^= block[i]
6421 }
6422 this._multiply()
6423}
6424
6425GHASH.prototype._multiply = function () {
6426 var Vi = toArray(this.h)
6427 var Zi = [0, 0, 0, 0]
6428 var j, xi, lsb_Vi
6429 var i = -1
6430 while (++i < 128) {
6431 xi = (this.state[~~(i / 8)] & (1 << (7 - i % 8))) !== 0
6432 if (xi) {
6433 // Z_i+1 = Z_i ^ V_i
6434 Zi = xor(Zi, Vi)
6435 }
6436
6437 // Store the value of LSB(V_i)
6438 lsb_Vi = (Vi[3] & 1) !== 0
6439
6440 // V_i+1 = V_i >> 1
6441 for (j = 3; j > 0; j--) {
6442 Vi[j] = (Vi[j] >>> 1) | ((Vi[j - 1] & 1) << 31)
6443 }
6444 Vi[0] = Vi[0] >>> 1
6445
6446 // If LSB(V_i) is 1, V_i+1 = (V_i >> 1) ^ R
6447 if (lsb_Vi) {
6448 Vi[0] = Vi[0] ^ (0xe1 << 24)
6449 }
6450 }
6451 this.state = fromArray(Zi)
6452}
6453GHASH.prototype.update = function (buf) {
6454 this.cache = Buffer.concat([this.cache, buf])
6455 var chunk
6456 while (this.cache.length >= 16) {
6457 chunk = this.cache.slice(0, 16)
6458 this.cache = this.cache.slice(16)
6459 this.ghash(chunk)
6460 }
6461}
6462GHASH.prototype.final = function (abl, bl) {
6463 if (this.cache.length) {
6464 this.ghash(Buffer.concat([this.cache, zeros], 16))
6465 }
6466 this.ghash(fromArray([
6467 0, abl,
6468 0, bl
6469 ]))
6470 return this.state
6471}
6472
6473function toArray (buf) {
6474 return [
6475 buf.readUInt32BE(0),
6476 buf.readUInt32BE(4),
6477 buf.readUInt32BE(8),
6478 buf.readUInt32BE(12)
6479 ]
6480}
6481function fromArray (out) {
6482 out = out.map(fixup_uint32)
6483 var buf = new Buffer(16)
6484 buf.writeUInt32BE(out[0], 0)
6485 buf.writeUInt32BE(out[1], 4)
6486 buf.writeUInt32BE(out[2], 8)
6487 buf.writeUInt32BE(out[3], 12)
6488 return buf
6489}
6490var uint_max = Math.pow(2, 32)
6491function fixup_uint32 (x) {
6492 var ret, x_pos
6493 ret = x > uint_max || x < 0 ? (x_pos = Math.abs(x) % uint_max, x < 0 ? uint_max - x_pos : x_pos) : x
6494 return ret
6495}
6496function xor (a, b) {
6497 return [
6498 a[0] ^ b[0],
6499 a[1] ^ b[1],
6500 a[2] ^ b[2],
6501 a[3] ^ b[3]
6502 ]
6503}
6504
6505}).call(this,require("buffer").Buffer)
6506},{"buffer":47}],26:[function(require,module,exports){
6507exports['aes-128-ecb'] = {
6508 cipher: 'AES',
6509 key: 128,
6510 iv: 0,
6511 mode: 'ECB',
6512 type: 'block'
6513}
6514exports['aes-192-ecb'] = {
6515 cipher: 'AES',
6516 key: 192,
6517 iv: 0,
6518 mode: 'ECB',
6519 type: 'block'
6520}
6521exports['aes-256-ecb'] = {
6522 cipher: 'AES',
6523 key: 256,
6524 iv: 0,
6525 mode: 'ECB',
6526 type: 'block'
6527}
6528exports['aes-128-cbc'] = {
6529 cipher: 'AES',
6530 key: 128,
6531 iv: 16,
6532 mode: 'CBC',
6533 type: 'block'
6534}
6535exports['aes-192-cbc'] = {
6536 cipher: 'AES',
6537 key: 192,
6538 iv: 16,
6539 mode: 'CBC',
6540 type: 'block'
6541}
6542exports['aes-256-cbc'] = {
6543 cipher: 'AES',
6544 key: 256,
6545 iv: 16,
6546 mode: 'CBC',
6547 type: 'block'
6548}
6549exports['aes128'] = exports['aes-128-cbc']
6550exports['aes192'] = exports['aes-192-cbc']
6551exports['aes256'] = exports['aes-256-cbc']
6552exports['aes-128-cfb'] = {
6553 cipher: 'AES',
6554 key: 128,
6555 iv: 16,
6556 mode: 'CFB',
6557 type: 'stream'
6558}
6559exports['aes-192-cfb'] = {
6560 cipher: 'AES',
6561 key: 192,
6562 iv: 16,
6563 mode: 'CFB',
6564 type: 'stream'
6565}
6566exports['aes-256-cfb'] = {
6567 cipher: 'AES',
6568 key: 256,
6569 iv: 16,
6570 mode: 'CFB',
6571 type: 'stream'
6572}
6573exports['aes-128-cfb8'] = {
6574 cipher: 'AES',
6575 key: 128,
6576 iv: 16,
6577 mode: 'CFB8',
6578 type: 'stream'
6579}
6580exports['aes-192-cfb8'] = {
6581 cipher: 'AES',
6582 key: 192,
6583 iv: 16,
6584 mode: 'CFB8',
6585 type: 'stream'
6586}
6587exports['aes-256-cfb8'] = {
6588 cipher: 'AES',
6589 key: 256,
6590 iv: 16,
6591 mode: 'CFB8',
6592 type: 'stream'
6593}
6594exports['aes-128-cfb1'] = {
6595 cipher: 'AES',
6596 key: 128,
6597 iv: 16,
6598 mode: 'CFB1',
6599 type: 'stream'
6600}
6601exports['aes-192-cfb1'] = {
6602 cipher: 'AES',
6603 key: 192,
6604 iv: 16,
6605 mode: 'CFB1',
6606 type: 'stream'
6607}
6608exports['aes-256-cfb1'] = {
6609 cipher: 'AES',
6610 key: 256,
6611 iv: 16,
6612 mode: 'CFB1',
6613 type: 'stream'
6614}
6615exports['aes-128-ofb'] = {
6616 cipher: 'AES',
6617 key: 128,
6618 iv: 16,
6619 mode: 'OFB',
6620 type: 'stream'
6621}
6622exports['aes-192-ofb'] = {
6623 cipher: 'AES',
6624 key: 192,
6625 iv: 16,
6626 mode: 'OFB',
6627 type: 'stream'
6628}
6629exports['aes-256-ofb'] = {
6630 cipher: 'AES',
6631 key: 256,
6632 iv: 16,
6633 mode: 'OFB',
6634 type: 'stream'
6635}
6636exports['aes-128-ctr'] = {
6637 cipher: 'AES',
6638 key: 128,
6639 iv: 16,
6640 mode: 'CTR',
6641 type: 'stream'
6642}
6643exports['aes-192-ctr'] = {
6644 cipher: 'AES',
6645 key: 192,
6646 iv: 16,
6647 mode: 'CTR',
6648 type: 'stream'
6649}
6650exports['aes-256-ctr'] = {
6651 cipher: 'AES',
6652 key: 256,
6653 iv: 16,
6654 mode: 'CTR',
6655 type: 'stream'
6656}
6657exports['aes-128-gcm'] = {
6658 cipher: 'AES',
6659 key: 128,
6660 iv: 12,
6661 mode: 'GCM',
6662 type: 'auth'
6663}
6664exports['aes-192-gcm'] = {
6665 cipher: 'AES',
6666 key: 192,
6667 iv: 12,
6668 mode: 'GCM',
6669 type: 'auth'
6670}
6671exports['aes-256-gcm'] = {
6672 cipher: 'AES',
6673 key: 256,
6674 iv: 12,
6675 mode: 'GCM',
6676 type: 'auth'
6677}
6678
6679},{}],27:[function(require,module,exports){
6680var xor = require('buffer-xor')
6681
6682exports.encrypt = function (self, block) {
6683 var data = xor(block, self._prev)
6684
6685 self._prev = self._cipher.encryptBlock(data)
6686 return self._prev
6687}
6688
6689exports.decrypt = function (self, block) {
6690 var pad = self._prev
6691
6692 self._prev = block
6693 var out = self._cipher.decryptBlock(block)
6694
6695 return xor(out, pad)
6696}
6697
6698},{"buffer-xor":46}],28:[function(require,module,exports){
6699(function (Buffer){
6700var xor = require('buffer-xor')
6701
6702exports.encrypt = function (self, data, decrypt) {
6703 var out = new Buffer('')
6704 var len
6705
6706 while (data.length) {
6707 if (self._cache.length === 0) {
6708 self._cache = self._cipher.encryptBlock(self._prev)
6709 self._prev = new Buffer('')
6710 }
6711
6712 if (self._cache.length <= data.length) {
6713 len = self._cache.length
6714 out = Buffer.concat([out, encryptStart(self, data.slice(0, len), decrypt)])
6715 data = data.slice(len)
6716 } else {
6717 out = Buffer.concat([out, encryptStart(self, data, decrypt)])
6718 break
6719 }
6720 }
6721
6722 return out
6723}
6724function encryptStart (self, data, decrypt) {
6725 var len = data.length
6726 var out = xor(data, self._cache)
6727 self._cache = self._cache.slice(len)
6728 self._prev = Buffer.concat([self._prev, decrypt ? data : out])
6729 return out
6730}
6731
6732}).call(this,require("buffer").Buffer)
6733},{"buffer":47,"buffer-xor":46}],29:[function(require,module,exports){
6734(function (Buffer){
6735function encryptByte (self, byteParam, decrypt) {
6736 var pad
6737 var i = -1
6738 var len = 8
6739 var out = 0
6740 var bit, value
6741 while (++i < len) {
6742 pad = self._cipher.encryptBlock(self._prev)
6743 bit = (byteParam & (1 << (7 - i))) ? 0x80 : 0
6744 value = pad[0] ^ bit
6745 out += ((value & 0x80) >> (i % 8))
6746 self._prev = shiftIn(self._prev, decrypt ? bit : value)
6747 }
6748 return out
6749}
6750exports.encrypt = function (self, chunk, decrypt) {
6751 var len = chunk.length
6752 var out = new Buffer(len)
6753 var i = -1
6754 while (++i < len) {
6755 out[i] = encryptByte(self, chunk[i], decrypt)
6756 }
6757 return out
6758}
6759function shiftIn (buffer, value) {
6760 var len = buffer.length
6761 var i = -1
6762 var out = new Buffer(buffer.length)
6763 buffer = Buffer.concat([buffer, new Buffer([value])])
6764 while (++i < len) {
6765 out[i] = buffer[i] << 1 | buffer[i + 1] >> (7)
6766 }
6767 return out
6768}
6769
6770}).call(this,require("buffer").Buffer)
6771},{"buffer":47}],30:[function(require,module,exports){
6772(function (Buffer){
6773function encryptByte (self, byteParam, decrypt) {
6774 var pad = self._cipher.encryptBlock(self._prev)
6775 var out = pad[0] ^ byteParam
6776 self._prev = Buffer.concat([self._prev.slice(1), new Buffer([decrypt ? byteParam : out])])
6777 return out
6778}
6779exports.encrypt = function (self, chunk, decrypt) {
6780 var len = chunk.length
6781 var out = new Buffer(len)
6782 var i = -1
6783 while (++i < len) {
6784 out[i] = encryptByte(self, chunk[i], decrypt)
6785 }
6786 return out
6787}
6788
6789}).call(this,require("buffer").Buffer)
6790},{"buffer":47}],31:[function(require,module,exports){
6791(function (Buffer){
6792var xor = require('buffer-xor')
6793
6794function incr32 (iv) {
6795 var len = iv.length
6796 var item
6797 while (len--) {
6798 item = iv.readUInt8(len)
6799 if (item === 255) {
6800 iv.writeUInt8(0, len)
6801 } else {
6802 item++
6803 iv.writeUInt8(item, len)
6804 break
6805 }
6806 }
6807}
6808
6809function getBlock (self) {
6810 var out = self._cipher.encryptBlock(self._prev)
6811 incr32(self._prev)
6812 return out
6813}
6814
6815exports.encrypt = function (self, chunk) {
6816 while (self._cache.length < chunk.length) {
6817 self._cache = Buffer.concat([self._cache, getBlock(self)])
6818 }
6819 var pad = self._cache.slice(0, chunk.length)
6820 self._cache = self._cache.slice(chunk.length)
6821 return xor(chunk, pad)
6822}
6823
6824}).call(this,require("buffer").Buffer)
6825},{"buffer":47,"buffer-xor":46}],32:[function(require,module,exports){
6826exports.encrypt = function (self, block) {
6827 return self._cipher.encryptBlock(block)
6828}
6829exports.decrypt = function (self, block) {
6830 return self._cipher.decryptBlock(block)
6831}
6832
6833},{}],33:[function(require,module,exports){
6834(function (Buffer){
6835var xor = require('buffer-xor')
6836
6837function getBlock (self) {
6838 self._prev = self._cipher.encryptBlock(self._prev)
6839 return self._prev
6840}
6841
6842exports.encrypt = function (self, chunk) {
6843 while (self._cache.length < chunk.length) {
6844 self._cache = Buffer.concat([self._cache, getBlock(self)])
6845 }
6846
6847 var pad = self._cache.slice(0, chunk.length)
6848 self._cache = self._cache.slice(chunk.length)
6849 return xor(chunk, pad)
6850}
6851
6852}).call(this,require("buffer").Buffer)
6853},{"buffer":47,"buffer-xor":46}],34:[function(require,module,exports){
6854(function (Buffer){
6855var aes = require('./aes')
6856var Transform = require('cipher-base')
6857var inherits = require('inherits')
6858
6859inherits(StreamCipher, Transform)
6860module.exports = StreamCipher
6861function StreamCipher (mode, key, iv, decrypt) {
6862 if (!(this instanceof StreamCipher)) {
6863 return new StreamCipher(mode, key, iv)
6864 }
6865 Transform.call(this)
6866 this._cipher = new aes.AES(key)
6867 this._prev = new Buffer(iv.length)
6868 this._cache = new Buffer('')
6869 this._secCache = new Buffer('')
6870 this._decrypt = decrypt
6871 iv.copy(this._prev)
6872 this._mode = mode
6873}
6874StreamCipher.prototype._update = function (chunk) {
6875 return this._mode.encrypt(this, chunk, this._decrypt)
6876}
6877StreamCipher.prototype._final = function () {
6878 this._cipher.scrub()
6879}
6880
6881}).call(this,require("buffer").Buffer)
6882},{"./aes":20,"buffer":47,"cipher-base":48,"inherits":95}],35:[function(require,module,exports){
6883var ebtk = require('evp_bytestokey')
6884var aes = require('browserify-aes/browser')
6885var DES = require('browserify-des')
6886var desModes = require('browserify-des/modes')
6887var aesModes = require('browserify-aes/modes')
6888function createCipher (suite, password) {
6889 var keyLen, ivLen
6890 suite = suite.toLowerCase()
6891 if (aesModes[suite]) {
6892 keyLen = aesModes[suite].key
6893 ivLen = aesModes[suite].iv
6894 } else if (desModes[suite]) {
6895 keyLen = desModes[suite].key * 8
6896 ivLen = desModes[suite].iv
6897 } else {
6898 throw new TypeError('invalid suite type')
6899 }
6900 var keys = ebtk(password, false, keyLen, ivLen)
6901 return createCipheriv(suite, keys.key, keys.iv)
6902}
6903function createDecipher (suite, password) {
6904 var keyLen, ivLen
6905 suite = suite.toLowerCase()
6906 if (aesModes[suite]) {
6907 keyLen = aesModes[suite].key
6908 ivLen = aesModes[suite].iv
6909 } else if (desModes[suite]) {
6910 keyLen = desModes[suite].key * 8
6911 ivLen = desModes[suite].iv
6912 } else {
6913 throw new TypeError('invalid suite type')
6914 }
6915 var keys = ebtk(password, false, keyLen, ivLen)
6916 return createDecipheriv(suite, keys.key, keys.iv)
6917}
6918
6919function createCipheriv (suite, key, iv) {
6920 suite = suite.toLowerCase()
6921 if (aesModes[suite]) {
6922 return aes.createCipheriv(suite, key, iv)
6923 } else if (desModes[suite]) {
6924 return new DES({
6925 key: key,
6926 iv: iv,
6927 mode: suite
6928 })
6929 } else {
6930 throw new TypeError('invalid suite type')
6931 }
6932}
6933function createDecipheriv (suite, key, iv) {
6934 suite = suite.toLowerCase()
6935 if (aesModes[suite]) {
6936 return aes.createDecipheriv(suite, key, iv)
6937 } else if (desModes[suite]) {
6938 return new DES({
6939 key: key,
6940 iv: iv,
6941 mode: suite,
6942 decrypt: true
6943 })
6944 } else {
6945 throw new TypeError('invalid suite type')
6946 }
6947}
6948exports.createCipher = exports.Cipher = createCipher
6949exports.createCipheriv = exports.Cipheriv = createCipheriv
6950exports.createDecipher = exports.Decipher = createDecipher
6951exports.createDecipheriv = exports.Decipheriv = createDecipheriv
6952function getCiphers () {
6953 return Object.keys(desModes).concat(aes.getCiphers())
6954}
6955exports.listCiphers = exports.getCiphers = getCiphers
6956
6957},{"browserify-aes/browser":22,"browserify-aes/modes":26,"browserify-des":36,"browserify-des/modes":37,"evp_bytestokey":84}],36:[function(require,module,exports){
6958(function (Buffer){
6959var CipherBase = require('cipher-base')
6960var des = require('des.js')
6961var inherits = require('inherits')
6962
6963var modes = {
6964 'des-ede3-cbc': des.CBC.instantiate(des.EDE),
6965 'des-ede3': des.EDE,
6966 'des-ede-cbc': des.CBC.instantiate(des.EDE),
6967 'des-ede': des.EDE,
6968 'des-cbc': des.CBC.instantiate(des.DES),
6969 'des-ecb': des.DES
6970}
6971modes.des = modes['des-cbc']
6972modes.des3 = modes['des-ede3-cbc']
6973module.exports = DES
6974inherits(DES, CipherBase)
6975function DES (opts) {
6976 CipherBase.call(this)
6977 var modeName = opts.mode.toLowerCase()
6978 var mode = modes[modeName]
6979 var type
6980 if (opts.decrypt) {
6981 type = 'decrypt'
6982 } else {
6983 type = 'encrypt'
6984 }
6985 var key = opts.key
6986 if (modeName === 'des-ede' || modeName === 'des-ede-cbc') {
6987 key = Buffer.concat([key, key.slice(0, 8)])
6988 }
6989 var iv = opts.iv
6990 this._des = mode.create({
6991 key: key,
6992 iv: iv,
6993 type: type
6994 })
6995}
6996DES.prototype._update = function (data) {
6997 return new Buffer(this._des.update(data))
6998}
6999DES.prototype._final = function () {
7000 return new Buffer(this._des.final())
7001}
7002
7003}).call(this,require("buffer").Buffer)
7004},{"buffer":47,"cipher-base":48,"des.js":57,"inherits":95}],37:[function(require,module,exports){
7005exports['des-ecb'] = {
7006 key: 8,
7007 iv: 0
7008}
7009exports['des-cbc'] = exports.des = {
7010 key: 8,
7011 iv: 8
7012}
7013exports['des-ede3-cbc'] = exports.des3 = {
7014 key: 24,
7015 iv: 8
7016}
7017exports['des-ede3'] = {
7018 key: 24,
7019 iv: 0
7020}
7021exports['des-ede-cbc'] = {
7022 key: 16,
7023 iv: 8
7024}
7025exports['des-ede'] = {
7026 key: 16,
7027 iv: 0
7028}
7029
7030},{}],38:[function(require,module,exports){
7031(function (Buffer){
7032var bn = require('bn.js');
7033var randomBytes = require('randombytes');
7034module.exports = crt;
7035function blind(priv) {
7036 var r = getr(priv);
7037 var blinder = r.toRed(bn.mont(priv.modulus))
7038 .redPow(new bn(priv.publicExponent)).fromRed();
7039 return {
7040 blinder: blinder,
7041 unblinder:r.invm(priv.modulus)
7042 };
7043}
7044function crt(msg, priv) {
7045 var blinds = blind(priv);
7046 var len = priv.modulus.byteLength();
7047 var mod = bn.mont(priv.modulus);
7048 var blinded = new bn(msg).mul(blinds.blinder).umod(priv.modulus);
7049 var c1 = blinded.toRed(bn.mont(priv.prime1));
7050 var c2 = blinded.toRed(bn.mont(priv.prime2));
7051 var qinv = priv.coefficient;
7052 var p = priv.prime1;
7053 var q = priv.prime2;
7054 var m1 = c1.redPow(priv.exponent1);
7055 var m2 = c2.redPow(priv.exponent2);
7056 m1 = m1.fromRed();
7057 m2 = m2.fromRed();
7058 var h = m1.isub(m2).imul(qinv).umod(p);
7059 h.imul(q);
7060 m2.iadd(h);
7061 return new Buffer(m2.imul(blinds.unblinder).umod(priv.modulus).toArray(false, len));
7062}
7063crt.getr = getr;
7064function getr(priv) {
7065 var len = priv.modulus.byteLength();
7066 var r = new bn(randomBytes(len));
7067 while (r.cmp(priv.modulus) >= 0 || !r.umod(priv.prime1) || !r.umod(priv.prime2)) {
7068 r = new bn(randomBytes(len));
7069 }
7070 return r;
7071}
7072
7073}).call(this,require("buffer").Buffer)
7074},{"bn.js":17,"buffer":47,"randombytes":119}],39:[function(require,module,exports){
7075module.exports = require('./browser/algorithms.json')
7076
7077},{"./browser/algorithms.json":40}],40:[function(require,module,exports){
7078module.exports={
7079 "sha224WithRSAEncryption": {
7080 "sign": "rsa",
7081 "hash": "sha224",
7082 "id": "302d300d06096086480165030402040500041c"
7083 },
7084 "RSA-SHA224": {
7085 "sign": "ecdsa/rsa",
7086 "hash": "sha224",
7087 "id": "302d300d06096086480165030402040500041c"
7088 },
7089 "sha256WithRSAEncryption": {
7090 "sign": "rsa",
7091 "hash": "sha256",
7092 "id": "3031300d060960864801650304020105000420"
7093 },
7094 "RSA-SHA256": {
7095 "sign": "ecdsa/rsa",
7096 "hash": "sha256",
7097 "id": "3031300d060960864801650304020105000420"
7098 },
7099 "sha384WithRSAEncryption": {
7100 "sign": "rsa",
7101 "hash": "sha384",
7102 "id": "3041300d060960864801650304020205000430"
7103 },
7104 "RSA-SHA384": {
7105 "sign": "ecdsa/rsa",
7106 "hash": "sha384",
7107 "id": "3041300d060960864801650304020205000430"
7108 },
7109 "sha512WithRSAEncryption": {
7110 "sign": "rsa",
7111 "hash": "sha512",
7112 "id": "3051300d060960864801650304020305000440"
7113 },
7114 "RSA-SHA512": {
7115 "sign": "ecdsa/rsa",
7116 "hash": "sha512",
7117 "id": "3051300d060960864801650304020305000440"
7118 },
7119 "RSA-SHA1": {
7120 "sign": "rsa",
7121 "hash": "sha1",
7122 "id": "3021300906052b0e03021a05000414"
7123 },
7124 "ecdsa-with-SHA1": {
7125 "sign": "ecdsa",
7126 "hash": "sha1",
7127 "id": ""
7128 },
7129 "sha256": {
7130 "sign": "ecdsa",
7131 "hash": "sha256",
7132 "id": ""
7133 },
7134 "sha224": {
7135 "sign": "ecdsa",
7136 "hash": "sha224",
7137 "id": ""
7138 },
7139 "sha384": {
7140 "sign": "ecdsa",
7141 "hash": "sha384",
7142 "id": ""
7143 },
7144 "sha512": {
7145 "sign": "ecdsa",
7146 "hash": "sha512",
7147 "id": ""
7148 },
7149 "DSA-SHA": {
7150 "sign": "dsa",
7151 "hash": "sha1",
7152 "id": ""
7153 },
7154 "DSA-SHA1": {
7155 "sign": "dsa",
7156 "hash": "sha1",
7157 "id": ""
7158 },
7159 "DSA": {
7160 "sign": "dsa",
7161 "hash": "sha1",
7162 "id": ""
7163 },
7164 "DSA-WITH-SHA224": {
7165 "sign": "dsa",
7166 "hash": "sha224",
7167 "id": ""
7168 },
7169 "DSA-SHA224": {
7170 "sign": "dsa",
7171 "hash": "sha224",
7172 "id": ""
7173 },
7174 "DSA-WITH-SHA256": {
7175 "sign": "dsa",
7176 "hash": "sha256",
7177 "id": ""
7178 },
7179 "DSA-SHA256": {
7180 "sign": "dsa",
7181 "hash": "sha256",
7182 "id": ""
7183 },
7184 "DSA-WITH-SHA384": {
7185 "sign": "dsa",
7186 "hash": "sha384",
7187 "id": ""
7188 },
7189 "DSA-SHA384": {
7190 "sign": "dsa",
7191 "hash": "sha384",
7192 "id": ""
7193 },
7194 "DSA-WITH-SHA512": {
7195 "sign": "dsa",
7196 "hash": "sha512",
7197 "id": ""
7198 },
7199 "DSA-SHA512": {
7200 "sign": "dsa",
7201 "hash": "sha512",
7202 "id": ""
7203 },
7204 "DSA-RIPEMD160": {
7205 "sign": "dsa",
7206 "hash": "rmd160",
7207 "id": ""
7208 },
7209 "ripemd160WithRSA": {
7210 "sign": "rsa",
7211 "hash": "rmd160",
7212 "id": "3021300906052b2403020105000414"
7213 },
7214 "RSA-RIPEMD160": {
7215 "sign": "rsa",
7216 "hash": "rmd160",
7217 "id": "3021300906052b2403020105000414"
7218 },
7219 "md5WithRSAEncryption": {
7220 "sign": "rsa",
7221 "hash": "md5",
7222 "id": "3020300c06082a864886f70d020505000410"
7223 },
7224 "RSA-MD5": {
7225 "sign": "rsa",
7226 "hash": "md5",
7227 "id": "3020300c06082a864886f70d020505000410"
7228 }
7229}
7230
7231},{}],41:[function(require,module,exports){
7232module.exports={
7233 "1.3.132.0.10": "secp256k1",
7234 "1.3.132.0.33": "p224",
7235 "1.2.840.10045.3.1.1": "p192",
7236 "1.2.840.10045.3.1.7": "p256",
7237 "1.3.132.0.34": "p384",
7238 "1.3.132.0.35": "p521"
7239}
7240
7241},{}],42:[function(require,module,exports){
7242(function (Buffer){
7243var createHash = require('create-hash')
7244var stream = require('stream')
7245var inherits = require('inherits')
7246var sign = require('./sign')
7247var verify = require('./verify')
7248
7249var algorithms = require('./algorithms.json')
7250Object.keys(algorithms).forEach(function (key) {
7251 algorithms[key].id = new Buffer(algorithms[key].id, 'hex')
7252 algorithms[key.toLowerCase()] = algorithms[key]
7253})
7254
7255function Sign (algorithm) {
7256 stream.Writable.call(this)
7257
7258 var data = algorithms[algorithm]
7259 if (!data) throw new Error('Unknown message digest')
7260
7261 this._hashType = data.hash
7262 this._hash = createHash(data.hash)
7263 this._tag = data.id
7264 this._signType = data.sign
7265}
7266inherits(Sign, stream.Writable)
7267
7268Sign.prototype._write = function _write (data, _, done) {
7269 this._hash.update(data)
7270 done()
7271}
7272
7273Sign.prototype.update = function update (data, enc) {
7274 if (typeof data === 'string') data = new Buffer(data, enc)
7275
7276 this._hash.update(data)
7277 return this
7278}
7279
7280Sign.prototype.sign = function signMethod (key, enc) {
7281 this.end()
7282 var hash = this._hash.digest()
7283 var sig = sign(hash, key, this._hashType, this._signType, this._tag)
7284
7285 return enc ? sig.toString(enc) : sig
7286}
7287
7288function Verify (algorithm) {
7289 stream.Writable.call(this)
7290
7291 var data = algorithms[algorithm]
7292 if (!data) throw new Error('Unknown message digest')
7293
7294 this._hash = createHash(data.hash)
7295 this._tag = data.id
7296 this._signType = data.sign
7297}
7298inherits(Verify, stream.Writable)
7299
7300Verify.prototype._write = function _write (data, _, done) {
7301 this._hash.update(data)
7302 done()
7303}
7304
7305Verify.prototype.update = function update (data, enc) {
7306 if (typeof data === 'string') data = new Buffer(data, enc)
7307
7308 this._hash.update(data)
7309 return this
7310}
7311
7312Verify.prototype.verify = function verifyMethod (key, sig, enc) {
7313 if (typeof sig === 'string') sig = new Buffer(sig, enc)
7314
7315 this.end()
7316 var hash = this._hash.digest()
7317 return verify(sig, hash, key, this._signType, this._tag)
7318}
7319
7320function createSign (algorithm) {
7321 return new Sign(algorithm)
7322}
7323
7324function createVerify (algorithm) {
7325 return new Verify(algorithm)
7326}
7327
7328module.exports = {
7329 Sign: createSign,
7330 Verify: createVerify,
7331 createSign: createSign,
7332 createVerify: createVerify
7333}
7334
7335}).call(this,require("buffer").Buffer)
7336},{"./algorithms.json":40,"./sign":43,"./verify":44,"buffer":47,"create-hash":51,"inherits":95,"stream":143}],43:[function(require,module,exports){
7337(function (Buffer){
7338// much of this based on https://github.com/indutny/self-signed/blob/gh-pages/lib/rsa.js
7339var createHmac = require('create-hmac')
7340var crt = require('browserify-rsa')
7341var EC = require('elliptic').ec
7342var BN = require('bn.js')
7343var parseKeys = require('parse-asn1')
7344var curves = require('./curves.json')
7345
7346function sign (hash, key, hashType, signType, tag) {
7347 var priv = parseKeys(key)
7348 if (priv.curve) {
7349 // rsa keys can be interpreted as ecdsa ones in openssl
7350 if (signType !== 'ecdsa' && signType !== 'ecdsa/rsa') throw new Error('wrong private key type')
7351 return ecSign(hash, priv)
7352 } else if (priv.type === 'dsa') {
7353 if (signType !== 'dsa') throw new Error('wrong private key type')
7354 return dsaSign(hash, priv, hashType)
7355 } else {
7356 if (signType !== 'rsa' && signType !== 'ecdsa/rsa') throw new Error('wrong private key type')
7357 }
7358 hash = Buffer.concat([tag, hash])
7359 var len = priv.modulus.byteLength()
7360 var pad = [ 0, 1 ]
7361 while (hash.length + pad.length + 1 < len) pad.push(0xff)
7362 pad.push(0x00)
7363 var i = -1
7364 while (++i < hash.length) pad.push(hash[i])
7365
7366 var out = crt(pad, priv)
7367 return out
7368}
7369
7370function ecSign (hash, priv) {
7371 var curveId = curves[priv.curve.join('.')]
7372 if (!curveId) throw new Error('unknown curve ' + priv.curve.join('.'))
7373
7374 var curve = new EC(curveId)
7375 var key = curve.keyFromPrivate(priv.privateKey)
7376 var out = key.sign(hash)
7377
7378 return new Buffer(out.toDER())
7379}
7380
7381function dsaSign (hash, priv, algo) {
7382 var x = priv.params.priv_key
7383 var p = priv.params.p
7384 var q = priv.params.q
7385 var g = priv.params.g
7386 var r = new BN(0)
7387 var k
7388 var H = bits2int(hash, q).mod(q)
7389 var s = false
7390 var kv = getKey(x, q, hash, algo)
7391 while (s === false) {
7392 k = makeKey(q, kv, algo)
7393 r = makeR(g, k, p, q)
7394 s = k.invm(q).imul(H.add(x.mul(r))).mod(q)
7395 if (s.cmpn(0) === 0) {
7396 s = false
7397 r = new BN(0)
7398 }
7399 }
7400 return toDER(r, s)
7401}
7402
7403function toDER (r, s) {
7404 r = r.toArray()
7405 s = s.toArray()
7406
7407 // Pad values
7408 if (r[0] & 0x80) r = [ 0 ].concat(r)
7409 if (s[0] & 0x80) s = [ 0 ].concat(s)
7410
7411 var total = r.length + s.length + 4
7412 var res = [ 0x30, total, 0x02, r.length ]
7413 res = res.concat(r, [ 0x02, s.length ], s)
7414 return new Buffer(res)
7415}
7416
7417function getKey (x, q, hash, algo) {
7418 x = new Buffer(x.toArray())
7419 if (x.length < q.byteLength()) {
7420 var zeros = new Buffer(q.byteLength() - x.length)
7421 zeros.fill(0)
7422 x = Buffer.concat([ zeros, x ])
7423 }
7424 var hlen = hash.length
7425 var hbits = bits2octets(hash, q)
7426 var v = new Buffer(hlen)
7427 v.fill(1)
7428 var k = new Buffer(hlen)
7429 k.fill(0)
7430 k = createHmac(algo, k).update(v).update(new Buffer([ 0 ])).update(x).update(hbits).digest()
7431 v = createHmac(algo, k).update(v).digest()
7432 k = createHmac(algo, k).update(v).update(new Buffer([ 1 ])).update(x).update(hbits).digest()
7433 v = createHmac(algo, k).update(v).digest()
7434 return { k: k, v: v }
7435}
7436
7437function bits2int (obits, q) {
7438 var bits = new BN(obits)
7439 var shift = (obits.length << 3) - q.bitLength()
7440 if (shift > 0) bits.ishrn(shift)
7441 return bits
7442}
7443
7444function bits2octets (bits, q) {
7445 bits = bits2int(bits, q)
7446 bits = bits.mod(q)
7447 var out = new Buffer(bits.toArray())
7448 if (out.length < q.byteLength()) {
7449 var zeros = new Buffer(q.byteLength() - out.length)
7450 zeros.fill(0)
7451 out = Buffer.concat([ zeros, out ])
7452 }
7453 return out
7454}
7455
7456function makeKey (q, kv, algo) {
7457 var t
7458 var k
7459
7460 do {
7461 t = new Buffer(0)
7462
7463 while (t.length * 8 < q.bitLength()) {
7464 kv.v = createHmac(algo, kv.k).update(kv.v).digest()
7465 t = Buffer.concat([ t, kv.v ])
7466 }
7467
7468 k = bits2int(t, q)
7469 kv.k = createHmac(algo, kv.k).update(kv.v).update(new Buffer([ 0 ])).digest()
7470 kv.v = createHmac(algo, kv.k).update(kv.v).digest()
7471 } while (k.cmp(q) !== -1)
7472
7473 return k
7474}
7475
7476function makeR (g, k, p, q) {
7477 return g.toRed(BN.mont(p)).redPow(k).fromRed().mod(q)
7478}
7479
7480module.exports = sign
7481module.exports.getKey = getKey
7482module.exports.makeKey = makeKey
7483
7484}).call(this,require("buffer").Buffer)
7485},{"./curves.json":41,"bn.js":17,"browserify-rsa":38,"buffer":47,"create-hmac":54,"elliptic":67,"parse-asn1":105}],44:[function(require,module,exports){
7486(function (Buffer){
7487// much of this based on https://github.com/indutny/self-signed/blob/gh-pages/lib/rsa.js
7488var BN = require('bn.js')
7489var EC = require('elliptic').ec
7490var parseKeys = require('parse-asn1')
7491var curves = require('./curves.json')
7492
7493function verify (sig, hash, key, signType, tag) {
7494 var pub = parseKeys(key)
7495 if (pub.type === 'ec') {
7496 // rsa keys can be interpreted as ecdsa ones in openssl
7497 if (signType !== 'ecdsa' && signType !== 'ecdsa/rsa') throw new Error('wrong public key type')
7498 return ecVerify(sig, hash, pub)
7499 } else if (pub.type === 'dsa') {
7500 if (signType !== 'dsa') throw new Error('wrong public key type')
7501 return dsaVerify(sig, hash, pub)
7502 } else {
7503 if (signType !== 'rsa' && signType !== 'ecdsa/rsa') throw new Error('wrong public key type')
7504 }
7505 hash = Buffer.concat([tag, hash])
7506 var len = pub.modulus.byteLength()
7507 var pad = [ 1 ]
7508 var padNum = 0
7509 while (hash.length + pad.length + 2 < len) {
7510 pad.push(0xff)
7511 padNum++
7512 }
7513 pad.push(0x00)
7514 var i = -1
7515 while (++i < hash.length) {
7516 pad.push(hash[i])
7517 }
7518 pad = new Buffer(pad)
7519 var red = BN.mont(pub.modulus)
7520 sig = new BN(sig).toRed(red)
7521
7522 sig = sig.redPow(new BN(pub.publicExponent))
7523 sig = new Buffer(sig.fromRed().toArray())
7524 var out = padNum < 8 ? 1 : 0
7525 len = Math.min(sig.length, pad.length)
7526 if (sig.length !== pad.length) out = 1
7527
7528 i = -1
7529 while (++i < len) out |= sig[i] ^ pad[i]
7530 return out === 0
7531}
7532
7533function ecVerify (sig, hash, pub) {
7534 var curveId = curves[pub.data.algorithm.curve.join('.')]
7535 if (!curveId) throw new Error('unknown curve ' + pub.data.algorithm.curve.join('.'))
7536
7537 var curve = new EC(curveId)
7538 var pubkey = pub.data.subjectPrivateKey.data
7539
7540 return curve.verify(hash, sig, pubkey)
7541}
7542
7543function dsaVerify (sig, hash, pub) {
7544 var p = pub.data.p
7545 var q = pub.data.q
7546 var g = pub.data.g
7547 var y = pub.data.pub_key
7548 var unpacked = parseKeys.signature.decode(sig, 'der')
7549 var s = unpacked.s
7550 var r = unpacked.r
7551 checkValue(s, q)
7552 checkValue(r, q)
7553 var montp = BN.mont(p)
7554 var w = s.invm(q)
7555 var v = g.toRed(montp)
7556 .redPow(new BN(hash).mul(w).mod(q))
7557 .fromRed()
7558 .mul(y.toRed(montp).redPow(r.mul(w).mod(q)).fromRed())
7559 .mod(p)
7560 .mod(q)
7561 return v.cmp(r) === 0
7562}
7563
7564function checkValue (b, q) {
7565 if (b.cmpn(0) <= 0) throw new Error('invalid sig')
7566 if (b.cmp(q) >= q) throw new Error('invalid sig')
7567}
7568
7569module.exports = verify
7570
7571}).call(this,require("buffer").Buffer)
7572},{"./curves.json":41,"bn.js":17,"buffer":47,"elliptic":67,"parse-asn1":105}],45:[function(require,module,exports){
7573(function (global){
7574'use strict';
7575
7576var buffer = require('buffer');
7577var Buffer = buffer.Buffer;
7578var SlowBuffer = buffer.SlowBuffer;
7579var MAX_LEN = buffer.kMaxLength || 2147483647;
7580exports.alloc = function alloc(size, fill, encoding) {
7581 if (typeof Buffer.alloc === 'function') {
7582 return Buffer.alloc(size, fill, encoding);
7583 }
7584 if (typeof encoding === 'number') {
7585 throw new TypeError('encoding must not be number');
7586 }
7587 if (typeof size !== 'number') {
7588 throw new TypeError('size must be a number');
7589 }
7590 if (size > MAX_LEN) {
7591 throw new RangeError('size is too large');
7592 }
7593 var enc = encoding;
7594 var _fill = fill;
7595 if (_fill === undefined) {
7596 enc = undefined;
7597 _fill = 0;
7598 }
7599 var buf = new Buffer(size);
7600 if (typeof _fill === 'string') {
7601 var fillBuf = new Buffer(_fill, enc);
7602 var flen = fillBuf.length;
7603 var i = -1;
7604 while (++i < size) {
7605 buf[i] = fillBuf[i % flen];
7606 }
7607 } else {
7608 buf.fill(_fill);
7609 }
7610 return buf;
7611}
7612exports.allocUnsafe = function allocUnsafe(size) {
7613 if (typeof Buffer.allocUnsafe === 'function') {
7614 return Buffer.allocUnsafe(size);
7615 }
7616 if (typeof size !== 'number') {
7617 throw new TypeError('size must be a number');
7618 }
7619 if (size > MAX_LEN) {
7620 throw new RangeError('size is too large');
7621 }
7622 return new Buffer(size);
7623}
7624exports.from = function from(value, encodingOrOffset, length) {
7625 if (typeof Buffer.from === 'function' && (!global.Uint8Array || Uint8Array.from !== Buffer.from)) {
7626 return Buffer.from(value, encodingOrOffset, length);
7627 }
7628 if (typeof value === 'number') {
7629 throw new TypeError('"value" argument must not be a number');
7630 }
7631 if (typeof value === 'string') {
7632 return new Buffer(value, encodingOrOffset);
7633 }
7634 if (typeof ArrayBuffer !== 'undefined' && value instanceof ArrayBuffer) {
7635 var offset = encodingOrOffset;
7636 if (arguments.length === 1) {
7637 return new Buffer(value);
7638 }
7639 if (typeof offset === 'undefined') {
7640 offset = 0;
7641 }
7642 var len = length;
7643 if (typeof len === 'undefined') {
7644 len = value.byteLength - offset;
7645 }
7646 if (offset >= value.byteLength) {
7647 throw new RangeError('\'offset\' is out of bounds');
7648 }
7649 if (len > value.byteLength - offset) {
7650 throw new RangeError('\'length\' is out of bounds');
7651 }
7652 return new Buffer(value.slice(offset, offset + len));
7653 }
7654 if (Buffer.isBuffer(value)) {
7655 var out = new Buffer(value.length);
7656 value.copy(out, 0, 0, value.length);
7657 return out;
7658 }
7659 if (value) {
7660 if (Array.isArray(value) || (typeof ArrayBuffer !== 'undefined' && value.buffer instanceof ArrayBuffer) || 'length' in value) {
7661 return new Buffer(value);
7662 }
7663 if (value.type === 'Buffer' && Array.isArray(value.data)) {
7664 return new Buffer(value.data);
7665 }
7666 }
7667
7668 throw new TypeError('First argument must be a string, Buffer, ' + 'ArrayBuffer, Array, or array-like object.');
7669}
7670exports.allocUnsafeSlow = function allocUnsafeSlow(size) {
7671 if (typeof Buffer.allocUnsafeSlow === 'function') {
7672 return Buffer.allocUnsafeSlow(size);
7673 }
7674 if (typeof size !== 'number') {
7675 throw new TypeError('size must be a number');
7676 }
7677 if (size >= MAX_LEN) {
7678 throw new RangeError('size is too large');
7679 }
7680 return new SlowBuffer(size);
7681}
7682
7683}).call(this,typeof global !== "undefined" ? global : typeof self !== "undefined" ? self : typeof window !== "undefined" ? window : {})
7684},{"buffer":47}],46:[function(require,module,exports){
7685(function (Buffer){
7686module.exports = function xor (a, b) {
7687 var length = Math.min(a.length, b.length)
7688 var buffer = new Buffer(length)
7689
7690 for (var i = 0; i < length; ++i) {
7691 buffer[i] = a[i] ^ b[i]
7692 }
7693
7694 return buffer
7695}
7696
7697}).call(this,require("buffer").Buffer)
7698},{"buffer":47}],47:[function(require,module,exports){
7699/*!
7700 * The buffer module from node.js, for the browser.
7701 *
7702 * @author Feross Aboukhadijeh <feross@feross.org> <http://feross.org>
7703 * @license MIT
7704 */
7705/* eslint-disable no-proto */
7706
7707'use strict'
7708
7709var base64 = require('base64-js')
7710var ieee754 = require('ieee754')
7711
7712exports.Buffer = Buffer
7713exports.SlowBuffer = SlowBuffer
7714exports.INSPECT_MAX_BYTES = 50
7715
7716var K_MAX_LENGTH = 0x7fffffff
7717exports.kMaxLength = K_MAX_LENGTH
7718
7719/**
7720 * If `Buffer.TYPED_ARRAY_SUPPORT`:
7721 * === true Use Uint8Array implementation (fastest)
7722 * === false Print warning and recommend using `buffer` v4.x which has an Object
7723 * implementation (most compatible, even IE6)
7724 *
7725 * Browsers that support typed arrays are IE 10+, Firefox 4+, Chrome 7+, Safari 5.1+,
7726 * Opera 11.6+, iOS 4.2+.
7727 *
7728 * We report that the browser does not support typed arrays if the are not subclassable
7729 * using __proto__. Firefox 4-29 lacks support for adding new properties to `Uint8Array`
7730 * (See: https://bugzilla.mozilla.org/show_bug.cgi?id=695438). IE 10 lacks support
7731 * for __proto__ and has a buggy typed array implementation.
7732 */
7733Buffer.TYPED_ARRAY_SUPPORT = typedArraySupport()
7734
7735if (!Buffer.TYPED_ARRAY_SUPPORT && typeof console !== 'undefined' &&
7736 typeof console.error === 'function') {
7737 console.error(
7738 'This browser lacks typed array (Uint8Array) support which is required by ' +
7739 '`buffer` v5.x. Use `buffer` v4.x if you require old browser support.'
7740 )
7741}
7742
7743function typedArraySupport () {
7744 // Can typed array instances can be augmented?
7745 try {
7746 var arr = new Uint8Array(1)
7747 arr.__proto__ = {__proto__: Uint8Array.prototype, foo: function () { return 42 }}
7748 return arr.foo() === 42
7749 } catch (e) {
7750 return false
7751 }
7752}
7753
7754function createBuffer (length) {
7755 if (length > K_MAX_LENGTH) {
7756 throw new RangeError('Invalid typed array length')
7757 }
7758 // Return an augmented `Uint8Array` instance
7759 var buf = new Uint8Array(length)
7760 buf.__proto__ = Buffer.prototype
7761 return buf
7762}
7763
7764/**
7765 * The Buffer constructor returns instances of `Uint8Array` that have their
7766 * prototype changed to `Buffer.prototype`. Furthermore, `Buffer` is a subclass of
7767 * `Uint8Array`, so the returned instances will have all the node `Buffer` methods
7768 * and the `Uint8Array` methods. Square bracket notation works as expected -- it
7769 * returns a single octet.
7770 *
7771 * The `Uint8Array` prototype remains unmodified.
7772 */
7773
7774function Buffer (arg, encodingOrOffset, length) {
7775 // Common case.
7776 if (typeof arg === 'number') {
7777 if (typeof encodingOrOffset === 'string') {
7778 throw new Error(
7779 'If encoding is specified then the first argument must be a string'
7780 )
7781 }
7782 return allocUnsafe(arg)
7783 }
7784 return from(arg, encodingOrOffset, length)
7785}
7786
7787// Fix subarray() in ES2016. See: https://github.com/feross/buffer/pull/97
7788if (typeof Symbol !== 'undefined' && Symbol.species &&
7789 Buffer[Symbol.species] === Buffer) {
7790 Object.defineProperty(Buffer, Symbol.species, {
7791 value: null,
7792 configurable: true,
7793 enumerable: false,
7794 writable: false
7795 })
7796}
7797
7798Buffer.poolSize = 8192 // not used by this implementation
7799
7800function from (value, encodingOrOffset, length) {
7801 if (typeof value === 'number') {
7802 throw new TypeError('"value" argument must not be a number')
7803 }
7804
7805 if (value instanceof ArrayBuffer) {
7806 return fromArrayBuffer(value, encodingOrOffset, length)
7807 }
7808
7809 if (typeof value === 'string') {
7810 return fromString(value, encodingOrOffset)
7811 }
7812
7813 return fromObject(value)
7814}
7815
7816/**
7817 * Functionally equivalent to Buffer(arg, encoding) but throws a TypeError
7818 * if value is a number.
7819 * Buffer.from(str[, encoding])
7820 * Buffer.from(array)
7821 * Buffer.from(buffer)
7822 * Buffer.from(arrayBuffer[, byteOffset[, length]])
7823 **/
7824Buffer.from = function (value, encodingOrOffset, length) {
7825 return from(value, encodingOrOffset, length)
7826}
7827
7828// Note: Change prototype *after* Buffer.from is defined to workaround Chrome bug:
7829// https://github.com/feross/buffer/pull/148
7830Buffer.prototype.__proto__ = Uint8Array.prototype
7831Buffer.__proto__ = Uint8Array
7832
7833function assertSize (size) {
7834 if (typeof size !== 'number') {
7835 throw new TypeError('"size" argument must be a number')
7836 } else if (size < 0) {
7837 throw new RangeError('"size" argument must not be negative')
7838 }
7839}
7840
7841function alloc (size, fill, encoding) {
7842 assertSize(size)
7843 if (size <= 0) {
7844 return createBuffer(size)
7845 }
7846 if (fill !== undefined) {
7847 // Only pay attention to encoding if it's a string. This
7848 // prevents accidentally sending in a number that would
7849 // be interpretted as a start offset.
7850 return typeof encoding === 'string'
7851 ? createBuffer(size).fill(fill, encoding)
7852 : createBuffer(size).fill(fill)
7853 }
7854 return createBuffer(size)
7855}
7856
7857/**
7858 * Creates a new filled Buffer instance.
7859 * alloc(size[, fill[, encoding]])
7860 **/
7861Buffer.alloc = function (size, fill, encoding) {
7862 return alloc(size, fill, encoding)
7863}
7864
7865function allocUnsafe (size) {
7866 assertSize(size)
7867 return createBuffer(size < 0 ? 0 : checked(size) | 0)
7868}
7869
7870/**
7871 * Equivalent to Buffer(num), by default creates a non-zero-filled Buffer instance.
7872 * */
7873Buffer.allocUnsafe = function (size) {
7874 return allocUnsafe(size)
7875}
7876/**
7877 * Equivalent to SlowBuffer(num), by default creates a non-zero-filled Buffer instance.
7878 */
7879Buffer.allocUnsafeSlow = function (size) {
7880 return allocUnsafe(size)
7881}
7882
7883function fromString (string, encoding) {
7884 if (typeof encoding !== 'string' || encoding === '') {
7885 encoding = 'utf8'
7886 }
7887
7888 if (!Buffer.isEncoding(encoding)) {
7889 throw new TypeError('"encoding" must be a valid string encoding')
7890 }
7891
7892 var length = byteLength(string, encoding) | 0
7893 var buf = createBuffer(length)
7894
7895 var actual = buf.write(string, encoding)
7896
7897 if (actual !== length) {
7898 // Writing a hex string, for example, that contains invalid characters will
7899 // cause everything after the first invalid character to be ignored. (e.g.
7900 // 'abxxcd' will be treated as 'ab')
7901 buf = buf.slice(0, actual)
7902 }
7903
7904 return buf
7905}
7906
7907function fromArrayLike (array) {
7908 var length = array.length < 0 ? 0 : checked(array.length) | 0
7909 var buf = createBuffer(length)
7910 for (var i = 0; i < length; i += 1) {
7911 buf[i] = array[i] & 255
7912 }
7913 return buf
7914}
7915
7916function fromArrayBuffer (array, byteOffset, length) {
7917 if (byteOffset < 0 || array.byteLength < byteOffset) {
7918 throw new RangeError('\'offset\' is out of bounds')
7919 }
7920
7921 if (array.byteLength < byteOffset + (length || 0)) {
7922 throw new RangeError('\'length\' is out of bounds')
7923 }
7924
7925 var buf
7926 if (byteOffset === undefined && length === undefined) {
7927 buf = new Uint8Array(array)
7928 } else if (length === undefined) {
7929 buf = new Uint8Array(array, byteOffset)
7930 } else {
7931 buf = new Uint8Array(array, byteOffset, length)
7932 }
7933
7934 // Return an augmented `Uint8Array` instance
7935 buf.__proto__ = Buffer.prototype
7936 return buf
7937}
7938
7939function fromObject (obj) {
7940 if (Buffer.isBuffer(obj)) {
7941 var len = checked(obj.length) | 0
7942 var buf = createBuffer(len)
7943
7944 if (buf.length === 0) {
7945 return buf
7946 }
7947
7948 obj.copy(buf, 0, 0, len)
7949 return buf
7950 }
7951
7952 if (obj) {
7953 if (isArrayBufferView(obj) || 'length' in obj) {
7954 if (typeof obj.length !== 'number' || numberIsNaN(obj.length)) {
7955 return createBuffer(0)
7956 }
7957 return fromArrayLike(obj)
7958 }
7959
7960 if (obj.type === 'Buffer' && Array.isArray(obj.data)) {
7961 return fromArrayLike(obj.data)
7962 }
7963 }
7964
7965 throw new TypeError('First argument must be a string, Buffer, ArrayBuffer, Array, or array-like object.')
7966}
7967
7968function checked (length) {
7969 // Note: cannot use `length < K_MAX_LENGTH` here because that fails when
7970 // length is NaN (which is otherwise coerced to zero.)
7971 if (length >= K_MAX_LENGTH) {
7972 throw new RangeError('Attempt to allocate Buffer larger than maximum ' +
7973 'size: 0x' + K_MAX_LENGTH.toString(16) + ' bytes')
7974 }
7975 return length | 0
7976}
7977
7978function SlowBuffer (length) {
7979 if (+length != length) { // eslint-disable-line eqeqeq
7980 length = 0
7981 }
7982 return Buffer.alloc(+length)
7983}
7984
7985Buffer.isBuffer = function isBuffer (b) {
7986 return b != null && b._isBuffer === true
7987}
7988
7989Buffer.compare = function compare (a, b) {
7990 if (!Buffer.isBuffer(a) || !Buffer.isBuffer(b)) {
7991 throw new TypeError('Arguments must be Buffers')
7992 }
7993
7994 if (a === b) return 0
7995
7996 var x = a.length
7997 var y = b.length
7998
7999 for (var i = 0, len = Math.min(x, y); i < len; ++i) {
8000 if (a[i] !== b[i]) {
8001 x = a[i]
8002 y = b[i]
8003 break
8004 }
8005 }
8006
8007 if (x < y) return -1
8008 if (y < x) return 1
8009 return 0
8010}
8011
8012Buffer.isEncoding = function isEncoding (encoding) {
8013 switch (String(encoding).toLowerCase()) {
8014 case 'hex':
8015 case 'utf8':
8016 case 'utf-8':
8017 case 'ascii':
8018 case 'latin1':
8019 case 'binary':
8020 case 'base64':
8021 case 'ucs2':
8022 case 'ucs-2':
8023 case 'utf16le':
8024 case 'utf-16le':
8025 return true
8026 default:
8027 return false
8028 }
8029}
8030
8031Buffer.concat = function concat (list, length) {
8032 if (!Array.isArray(list)) {
8033 throw new TypeError('"list" argument must be an Array of Buffers')
8034 }
8035
8036 if (list.length === 0) {
8037 return Buffer.alloc(0)
8038 }
8039
8040 var i
8041 if (length === undefined) {
8042 length = 0
8043 for (i = 0; i < list.length; ++i) {
8044 length += list[i].length
8045 }
8046 }
8047
8048 var buffer = Buffer.allocUnsafe(length)
8049 var pos = 0
8050 for (i = 0; i < list.length; ++i) {
8051 var buf = list[i]
8052 if (!Buffer.isBuffer(buf)) {
8053 throw new TypeError('"list" argument must be an Array of Buffers')
8054 }
8055 buf.copy(buffer, pos)
8056 pos += buf.length
8057 }
8058 return buffer
8059}
8060
8061function byteLength (string, encoding) {
8062 if (Buffer.isBuffer(string)) {
8063 return string.length
8064 }
8065 if (isArrayBufferView(string) || string instanceof ArrayBuffer) {
8066 return string.byteLength
8067 }
8068 if (typeof string !== 'string') {
8069 string = '' + string
8070 }
8071
8072 var len = string.length
8073 if (len === 0) return 0
8074
8075 // Use a for loop to avoid recursion
8076 var loweredCase = false
8077 for (;;) {
8078 switch (encoding) {
8079 case 'ascii':
8080 case 'latin1':
8081 case 'binary':
8082 return len
8083 case 'utf8':
8084 case 'utf-8':
8085 case undefined:
8086 return utf8ToBytes(string).length
8087 case 'ucs2':
8088 case 'ucs-2':
8089 case 'utf16le':
8090 case 'utf-16le':
8091 return len * 2
8092 case 'hex':
8093 return len >>> 1
8094 case 'base64':
8095 return base64ToBytes(string).length
8096 default:
8097 if (loweredCase) return utf8ToBytes(string).length // assume utf8
8098 encoding = ('' + encoding).toLowerCase()
8099 loweredCase = true
8100 }
8101 }
8102}
8103Buffer.byteLength = byteLength
8104
8105function slowToString (encoding, start, end) {
8106 var loweredCase = false
8107
8108 // No need to verify that "this.length <= MAX_UINT32" since it's a read-only
8109 // property of a typed array.
8110
8111 // This behaves neither like String nor Uint8Array in that we set start/end
8112 // to their upper/lower bounds if the value passed is out of range.
8113 // undefined is handled specially as per ECMA-262 6th Edition,
8114 // Section 13.3.3.7 Runtime Semantics: KeyedBindingInitialization.
8115 if (start === undefined || start < 0) {
8116 start = 0
8117 }
8118 // Return early if start > this.length. Done here to prevent potential uint32
8119 // coercion fail below.
8120 if (start > this.length) {
8121 return ''
8122 }
8123
8124 if (end === undefined || end > this.length) {
8125 end = this.length
8126 }
8127
8128 if (end <= 0) {
8129 return ''
8130 }
8131
8132 // Force coersion to uint32. This will also coerce falsey/NaN values to 0.
8133 end >>>= 0
8134 start >>>= 0
8135
8136 if (end <= start) {
8137 return ''
8138 }
8139
8140 if (!encoding) encoding = 'utf8'
8141
8142 while (true) {
8143 switch (encoding) {
8144 case 'hex':
8145 return hexSlice(this, start, end)
8146
8147 case 'utf8':
8148 case 'utf-8':
8149 return utf8Slice(this, start, end)
8150
8151 case 'ascii':
8152 return asciiSlice(this, start, end)
8153
8154 case 'latin1':
8155 case 'binary':
8156 return latin1Slice(this, start, end)
8157
8158 case 'base64':
8159 return base64Slice(this, start, end)
8160
8161 case 'ucs2':
8162 case 'ucs-2':
8163 case 'utf16le':
8164 case 'utf-16le':
8165 return utf16leSlice(this, start, end)
8166
8167 default:
8168 if (loweredCase) throw new TypeError('Unknown encoding: ' + encoding)
8169 encoding = (encoding + '').toLowerCase()
8170 loweredCase = true
8171 }
8172 }
8173}
8174
8175// This property is used by `Buffer.isBuffer` (and the `is-buffer` npm package)
8176// to detect a Buffer instance. It's not possible to use `instanceof Buffer`
8177// reliably in a browserify context because there could be multiple different
8178// copies of the 'buffer' package in use. This method works even for Buffer
8179// instances that were created from another copy of the `buffer` package.
8180// See: https://github.com/feross/buffer/issues/154
8181Buffer.prototype._isBuffer = true
8182
8183function swap (b, n, m) {
8184 var i = b[n]
8185 b[n] = b[m]
8186 b[m] = i
8187}
8188
8189Buffer.prototype.swap16 = function swap16 () {
8190 var len = this.length
8191 if (len % 2 !== 0) {
8192 throw new RangeError('Buffer size must be a multiple of 16-bits')
8193 }
8194 for (var i = 0; i < len; i += 2) {
8195 swap(this, i, i + 1)
8196 }
8197 return this
8198}
8199
8200Buffer.prototype.swap32 = function swap32 () {
8201 var len = this.length
8202 if (len % 4 !== 0) {
8203 throw new RangeError('Buffer size must be a multiple of 32-bits')
8204 }
8205 for (var i = 0; i < len; i += 4) {
8206 swap(this, i, i + 3)
8207 swap(this, i + 1, i + 2)
8208 }
8209 return this
8210}
8211
8212Buffer.prototype.swap64 = function swap64 () {
8213 var len = this.length
8214 if (len % 8 !== 0) {
8215 throw new RangeError('Buffer size must be a multiple of 64-bits')
8216 }
8217 for (var i = 0; i < len; i += 8) {
8218 swap(this, i, i + 7)
8219 swap(this, i + 1, i + 6)
8220 swap(this, i + 2, i + 5)
8221 swap(this, i + 3, i + 4)
8222 }
8223 return this
8224}
8225
8226Buffer.prototype.toString = function toString () {
8227 var length = this.length
8228 if (length === 0) return ''
8229 if (arguments.length === 0) return utf8Slice(this, 0, length)
8230 return slowToString.apply(this, arguments)
8231}
8232
8233Buffer.prototype.equals = function equals (b) {
8234 if (!Buffer.isBuffer(b)) throw new TypeError('Argument must be a Buffer')
8235 if (this === b) return true
8236 return Buffer.compare(this, b) === 0
8237}
8238
8239Buffer.prototype.inspect = function inspect () {
8240 var str = ''
8241 var max = exports.INSPECT_MAX_BYTES
8242 if (this.length > 0) {
8243 str = this.toString('hex', 0, max).match(/.{2}/g).join(' ')
8244 if (this.length > max) str += ' ... '
8245 }
8246 return '<Buffer ' + str + '>'
8247}
8248
8249Buffer.prototype.compare = function compare (target, start, end, thisStart, thisEnd) {
8250 if (!Buffer.isBuffer(target)) {
8251 throw new TypeError('Argument must be a Buffer')
8252 }
8253
8254 if (start === undefined) {
8255 start = 0
8256 }
8257 if (end === undefined) {
8258 end = target ? target.length : 0
8259 }
8260 if (thisStart === undefined) {
8261 thisStart = 0
8262 }
8263 if (thisEnd === undefined) {
8264 thisEnd = this.length
8265 }
8266
8267 if (start < 0 || end > target.length || thisStart < 0 || thisEnd > this.length) {
8268 throw new RangeError('out of range index')
8269 }
8270
8271 if (thisStart >= thisEnd && start >= end) {
8272 return 0
8273 }
8274 if (thisStart >= thisEnd) {
8275 return -1
8276 }
8277 if (start >= end) {
8278 return 1
8279 }
8280
8281 start >>>= 0
8282 end >>>= 0
8283 thisStart >>>= 0
8284 thisEnd >>>= 0
8285
8286 if (this === target) return 0
8287
8288 var x = thisEnd - thisStart
8289 var y = end - start
8290 var len = Math.min(x, y)
8291
8292 var thisCopy = this.slice(thisStart, thisEnd)
8293 var targetCopy = target.slice(start, end)
8294
8295 for (var i = 0; i < len; ++i) {
8296 if (thisCopy[i] !== targetCopy[i]) {
8297 x = thisCopy[i]
8298 y = targetCopy[i]
8299 break
8300 }
8301 }
8302
8303 if (x < y) return -1
8304 if (y < x) return 1
8305 return 0
8306}
8307
8308// Finds either the first index of `val` in `buffer` at offset >= `byteOffset`,
8309// OR the last index of `val` in `buffer` at offset <= `byteOffset`.
8310//
8311// Arguments:
8312// - buffer - a Buffer to search
8313// - val - a string, Buffer, or number
8314// - byteOffset - an index into `buffer`; will be clamped to an int32
8315// - encoding - an optional encoding, relevant is val is a string
8316// - dir - true for indexOf, false for lastIndexOf
8317function bidirectionalIndexOf (buffer, val, byteOffset, encoding, dir) {
8318 // Empty buffer means no match
8319 if (buffer.length === 0) return -1
8320
8321 // Normalize byteOffset
8322 if (typeof byteOffset === 'string') {
8323 encoding = byteOffset
8324 byteOffset = 0
8325 } else if (byteOffset > 0x7fffffff) {
8326 byteOffset = 0x7fffffff
8327 } else if (byteOffset < -0x80000000) {
8328 byteOffset = -0x80000000
8329 }
8330 byteOffset = +byteOffset // Coerce to Number.
8331 if (numberIsNaN(byteOffset)) {
8332 // byteOffset: it it's undefined, null, NaN, "foo", etc, search whole buffer
8333 byteOffset = dir ? 0 : (buffer.length - 1)
8334 }
8335
8336 // Normalize byteOffset: negative offsets start from the end of the buffer
8337 if (byteOffset < 0) byteOffset = buffer.length + byteOffset
8338 if (byteOffset >= buffer.length) {
8339 if (dir) return -1
8340 else byteOffset = buffer.length - 1
8341 } else if (byteOffset < 0) {
8342 if (dir) byteOffset = 0
8343 else return -1
8344 }
8345
8346 // Normalize val
8347 if (typeof val === 'string') {
8348 val = Buffer.from(val, encoding)
8349 }
8350
8351 // Finally, search either indexOf (if dir is true) or lastIndexOf
8352 if (Buffer.isBuffer(val)) {
8353 // Special case: looking for empty string/buffer always fails
8354 if (val.length === 0) {
8355 return -1
8356 }
8357 return arrayIndexOf(buffer, val, byteOffset, encoding, dir)
8358 } else if (typeof val === 'number') {
8359 val = val & 0xFF // Search for a byte value [0-255]
8360 if (typeof Uint8Array.prototype.indexOf === 'function') {
8361 if (dir) {
8362 return Uint8Array.prototype.indexOf.call(buffer, val, byteOffset)
8363 } else {
8364 return Uint8Array.prototype.lastIndexOf.call(buffer, val, byteOffset)
8365 }
8366 }
8367 return arrayIndexOf(buffer, [ val ], byteOffset, encoding, dir)
8368 }
8369
8370 throw new TypeError('val must be string, number or Buffer')
8371}
8372
8373function arrayIndexOf (arr, val, byteOffset, encoding, dir) {
8374 var indexSize = 1
8375 var arrLength = arr.length
8376 var valLength = val.length
8377
8378 if (encoding !== undefined) {
8379 encoding = String(encoding).toLowerCase()
8380 if (encoding === 'ucs2' || encoding === 'ucs-2' ||
8381 encoding === 'utf16le' || encoding === 'utf-16le') {
8382 if (arr.length < 2 || val.length < 2) {
8383 return -1
8384 }
8385 indexSize = 2
8386 arrLength /= 2
8387 valLength /= 2
8388 byteOffset /= 2
8389 }
8390 }
8391
8392 function read (buf, i) {
8393 if (indexSize === 1) {
8394 return buf[i]
8395 } else {
8396 return buf.readUInt16BE(i * indexSize)
8397 }
8398 }
8399
8400 var i
8401 if (dir) {
8402 var foundIndex = -1
8403 for (i = byteOffset; i < arrLength; i++) {
8404 if (read(arr, i) === read(val, foundIndex === -1 ? 0 : i - foundIndex)) {
8405 if (foundIndex === -1) foundIndex = i
8406 if (i - foundIndex + 1 === valLength) return foundIndex * indexSize
8407 } else {
8408 if (foundIndex !== -1) i -= i - foundIndex
8409 foundIndex = -1
8410 }
8411 }
8412 } else {
8413 if (byteOffset + valLength > arrLength) byteOffset = arrLength - valLength
8414 for (i = byteOffset; i >= 0; i--) {
8415 var found = true
8416 for (var j = 0; j < valLength; j++) {
8417 if (read(arr, i + j) !== read(val, j)) {
8418 found = false
8419 break
8420 }
8421 }
8422 if (found) return i
8423 }
8424 }
8425
8426 return -1
8427}
8428
8429Buffer.prototype.includes = function includes (val, byteOffset, encoding) {
8430 return this.indexOf(val, byteOffset, encoding) !== -1
8431}
8432
8433Buffer.prototype.indexOf = function indexOf (val, byteOffset, encoding) {
8434 return bidirectionalIndexOf(this, val, byteOffset, encoding, true)
8435}
8436
8437Buffer.prototype.lastIndexOf = function lastIndexOf (val, byteOffset, encoding) {
8438 return bidirectionalIndexOf(this, val, byteOffset, encoding, false)
8439}
8440
8441function hexWrite (buf, string, offset, length) {
8442 offset = Number(offset) || 0
8443 var remaining = buf.length - offset
8444 if (!length) {
8445 length = remaining
8446 } else {
8447 length = Number(length)
8448 if (length > remaining) {
8449 length = remaining
8450 }
8451 }
8452
8453 // must be an even number of digits
8454 var strLen = string.length
8455 if (strLen % 2 !== 0) throw new TypeError('Invalid hex string')
8456
8457 if (length > strLen / 2) {
8458 length = strLen / 2
8459 }
8460 for (var i = 0; i < length; ++i) {
8461 var parsed = parseInt(string.substr(i * 2, 2), 16)
8462 if (numberIsNaN(parsed)) return i
8463 buf[offset + i] = parsed
8464 }
8465 return i
8466}
8467
8468function utf8Write (buf, string, offset, length) {
8469 return blitBuffer(utf8ToBytes(string, buf.length - offset), buf, offset, length)
8470}
8471
8472function asciiWrite (buf, string, offset, length) {
8473 return blitBuffer(asciiToBytes(string), buf, offset, length)
8474}
8475
8476function latin1Write (buf, string, offset, length) {
8477 return asciiWrite(buf, string, offset, length)
8478}
8479
8480function base64Write (buf, string, offset, length) {
8481 return blitBuffer(base64ToBytes(string), buf, offset, length)
8482}
8483
8484function ucs2Write (buf, string, offset, length) {
8485 return blitBuffer(utf16leToBytes(string, buf.length - offset), buf, offset, length)
8486}
8487
8488Buffer.prototype.write = function write (string, offset, length, encoding) {
8489 // Buffer#write(string)
8490 if (offset === undefined) {
8491 encoding = 'utf8'
8492 length = this.length
8493 offset = 0
8494 // Buffer#write(string, encoding)
8495 } else if (length === undefined && typeof offset === 'string') {
8496 encoding = offset
8497 length = this.length
8498 offset = 0
8499 // Buffer#write(string, offset[, length][, encoding])
8500 } else if (isFinite(offset)) {
8501 offset = offset >>> 0
8502 if (isFinite(length)) {
8503 length = length >>> 0
8504 if (encoding === undefined) encoding = 'utf8'
8505 } else {
8506 encoding = length
8507 length = undefined
8508 }
8509 } else {
8510 throw new Error(
8511 'Buffer.write(string, encoding, offset[, length]) is no longer supported'
8512 )
8513 }
8514
8515 var remaining = this.length - offset
8516 if (length === undefined || length > remaining) length = remaining
8517
8518 if ((string.length > 0 && (length < 0 || offset < 0)) || offset > this.length) {
8519 throw new RangeError('Attempt to write outside buffer bounds')
8520 }
8521
8522 if (!encoding) encoding = 'utf8'
8523
8524 var loweredCase = false
8525 for (;;) {
8526 switch (encoding) {
8527 case 'hex':
8528 return hexWrite(this, string, offset, length)
8529
8530 case 'utf8':
8531 case 'utf-8':
8532 return utf8Write(this, string, offset, length)
8533
8534 case 'ascii':
8535 return asciiWrite(this, string, offset, length)
8536
8537 case 'latin1':
8538 case 'binary':
8539 return latin1Write(this, string, offset, length)
8540
8541 case 'base64':
8542 // Warning: maxLength not taken into account in base64Write
8543 return base64Write(this, string, offset, length)
8544
8545 case 'ucs2':
8546 case 'ucs-2':
8547 case 'utf16le':
8548 case 'utf-16le':
8549 return ucs2Write(this, string, offset, length)
8550
8551 default:
8552 if (loweredCase) throw new TypeError('Unknown encoding: ' + encoding)
8553 encoding = ('' + encoding).toLowerCase()
8554 loweredCase = true
8555 }
8556 }
8557}
8558
8559Buffer.prototype.toJSON = function toJSON () {
8560 return {
8561 type: 'Buffer',
8562 data: Array.prototype.slice.call(this._arr || this, 0)
8563 }
8564}
8565
8566function base64Slice (buf, start, end) {
8567 if (start === 0 && end === buf.length) {
8568 return base64.fromByteArray(buf)
8569 } else {
8570 return base64.fromByteArray(buf.slice(start, end))
8571 }
8572}
8573
8574function utf8Slice (buf, start, end) {
8575 end = Math.min(buf.length, end)
8576 var res = []
8577
8578 var i = start
8579 while (i < end) {
8580 var firstByte = buf[i]
8581 var codePoint = null
8582 var bytesPerSequence = (firstByte > 0xEF) ? 4
8583 : (firstByte > 0xDF) ? 3
8584 : (firstByte > 0xBF) ? 2
8585 : 1
8586
8587 if (i + bytesPerSequence <= end) {
8588 var secondByte, thirdByte, fourthByte, tempCodePoint
8589
8590 switch (bytesPerSequence) {
8591 case 1:
8592 if (firstByte < 0x80) {
8593 codePoint = firstByte
8594 }
8595 break
8596 case 2:
8597 secondByte = buf[i + 1]
8598 if ((secondByte & 0xC0) === 0x80) {
8599 tempCodePoint = (firstByte & 0x1F) << 0x6 | (secondByte & 0x3F)
8600 if (tempCodePoint > 0x7F) {
8601 codePoint = tempCodePoint
8602 }
8603 }
8604 break
8605 case 3:
8606 secondByte = buf[i + 1]
8607 thirdByte = buf[i + 2]
8608 if ((secondByte & 0xC0) === 0x80 && (thirdByte & 0xC0) === 0x80) {
8609 tempCodePoint = (firstByte & 0xF) << 0xC | (secondByte & 0x3F) << 0x6 | (thirdByte & 0x3F)
8610 if (tempCodePoint > 0x7FF && (tempCodePoint < 0xD800 || tempCodePoint > 0xDFFF)) {
8611 codePoint = tempCodePoint
8612 }
8613 }
8614 break
8615 case 4:
8616 secondByte = buf[i + 1]
8617 thirdByte = buf[i + 2]
8618 fourthByte = buf[i + 3]
8619 if ((secondByte & 0xC0) === 0x80 && (thirdByte & 0xC0) === 0x80 && (fourthByte & 0xC0) === 0x80) {
8620 tempCodePoint = (firstByte & 0xF) << 0x12 | (secondByte & 0x3F) << 0xC | (thirdByte & 0x3F) << 0x6 | (fourthByte & 0x3F)
8621 if (tempCodePoint > 0xFFFF && tempCodePoint < 0x110000) {
8622 codePoint = tempCodePoint
8623 }
8624 }
8625 }
8626 }
8627
8628 if (codePoint === null) {
8629 // we did not generate a valid codePoint so insert a
8630 // replacement char (U+FFFD) and advance only 1 byte
8631 codePoint = 0xFFFD
8632 bytesPerSequence = 1
8633 } else if (codePoint > 0xFFFF) {
8634 // encode to utf16 (surrogate pair dance)
8635 codePoint -= 0x10000
8636 res.push(codePoint >>> 10 & 0x3FF | 0xD800)
8637 codePoint = 0xDC00 | codePoint & 0x3FF
8638 }
8639
8640 res.push(codePoint)
8641 i += bytesPerSequence
8642 }
8643
8644 return decodeCodePointsArray(res)
8645}
8646
8647// Based on http://stackoverflow.com/a/22747272/680742, the browser with
8648// the lowest limit is Chrome, with 0x10000 args.
8649// We go 1 magnitude less, for safety
8650var MAX_ARGUMENTS_LENGTH = 0x1000
8651
8652function decodeCodePointsArray (codePoints) {
8653 var len = codePoints.length
8654 if (len <= MAX_ARGUMENTS_LENGTH) {
8655 return String.fromCharCode.apply(String, codePoints) // avoid extra slice()
8656 }
8657
8658 // Decode in chunks to avoid "call stack size exceeded".
8659 var res = ''
8660 var i = 0
8661 while (i < len) {
8662 res += String.fromCharCode.apply(
8663 String,
8664 codePoints.slice(i, i += MAX_ARGUMENTS_LENGTH)
8665 )
8666 }
8667 return res
8668}
8669
8670function asciiSlice (buf, start, end) {
8671 var ret = ''
8672 end = Math.min(buf.length, end)
8673
8674 for (var i = start; i < end; ++i) {
8675 ret += String.fromCharCode(buf[i] & 0x7F)
8676 }
8677 return ret
8678}
8679
8680function latin1Slice (buf, start, end) {
8681 var ret = ''
8682 end = Math.min(buf.length, end)
8683
8684 for (var i = start; i < end; ++i) {
8685 ret += String.fromCharCode(buf[i])
8686 }
8687 return ret
8688}
8689
8690function hexSlice (buf, start, end) {
8691 var len = buf.length
8692
8693 if (!start || start < 0) start = 0
8694 if (!end || end < 0 || end > len) end = len
8695
8696 var out = ''
8697 for (var i = start; i < end; ++i) {
8698 out += toHex(buf[i])
8699 }
8700 return out
8701}
8702
8703function utf16leSlice (buf, start, end) {
8704 var bytes = buf.slice(start, end)
8705 var res = ''
8706 for (var i = 0; i < bytes.length; i += 2) {
8707 res += String.fromCharCode(bytes[i] + (bytes[i + 1] * 256))
8708 }
8709 return res
8710}
8711
8712Buffer.prototype.slice = function slice (start, end) {
8713 var len = this.length
8714 start = ~~start
8715 end = end === undefined ? len : ~~end
8716
8717 if (start < 0) {
8718 start += len
8719 if (start < 0) start = 0
8720 } else if (start > len) {
8721 start = len
8722 }
8723
8724 if (end < 0) {
8725 end += len
8726 if (end < 0) end = 0
8727 } else if (end > len) {
8728 end = len
8729 }
8730
8731 if (end < start) end = start
8732
8733 var newBuf = this.subarray(start, end)
8734 // Return an augmented `Uint8Array` instance
8735 newBuf.__proto__ = Buffer.prototype
8736 return newBuf
8737}
8738
8739/*
8740 * Need to make sure that buffer isn't trying to write out of bounds.
8741 */
8742function checkOffset (offset, ext, length) {
8743 if ((offset % 1) !== 0 || offset < 0) throw new RangeError('offset is not uint')
8744 if (offset + ext > length) throw new RangeError('Trying to access beyond buffer length')
8745}
8746
8747Buffer.prototype.readUIntLE = function readUIntLE (offset, byteLength, noAssert) {
8748 offset = offset >>> 0
8749 byteLength = byteLength >>> 0
8750 if (!noAssert) checkOffset(offset, byteLength, this.length)
8751
8752 var val = this[offset]
8753 var mul = 1
8754 var i = 0
8755 while (++i < byteLength && (mul *= 0x100)) {
8756 val += this[offset + i] * mul
8757 }
8758
8759 return val
8760}
8761
8762Buffer.prototype.readUIntBE = function readUIntBE (offset, byteLength, noAssert) {
8763 offset = offset >>> 0
8764 byteLength = byteLength >>> 0
8765 if (!noAssert) {
8766 checkOffset(offset, byteLength, this.length)
8767 }
8768
8769 var val = this[offset + --byteLength]
8770 var mul = 1
8771 while (byteLength > 0 && (mul *= 0x100)) {
8772 val += this[offset + --byteLength] * mul
8773 }
8774
8775 return val
8776}
8777
8778Buffer.prototype.readUInt8 = function readUInt8 (offset, noAssert) {
8779 offset = offset >>> 0
8780 if (!noAssert) checkOffset(offset, 1, this.length)
8781 return this[offset]
8782}
8783
8784Buffer.prototype.readUInt16LE = function readUInt16LE (offset, noAssert) {
8785 offset = offset >>> 0
8786 if (!noAssert) checkOffset(offset, 2, this.length)
8787 return this[offset] | (this[offset + 1] << 8)
8788}
8789
8790Buffer.prototype.readUInt16BE = function readUInt16BE (offset, noAssert) {
8791 offset = offset >>> 0
8792 if (!noAssert) checkOffset(offset, 2, this.length)
8793 return (this[offset] << 8) | this[offset + 1]
8794}
8795
8796Buffer.prototype.readUInt32LE = function readUInt32LE (offset, noAssert) {
8797 offset = offset >>> 0
8798 if (!noAssert) checkOffset(offset, 4, this.length)
8799
8800 return ((this[offset]) |
8801 (this[offset + 1] << 8) |
8802 (this[offset + 2] << 16)) +
8803 (this[offset + 3] * 0x1000000)
8804}
8805
8806Buffer.prototype.readUInt32BE = function readUInt32BE (offset, noAssert) {
8807 offset = offset >>> 0
8808 if (!noAssert) checkOffset(offset, 4, this.length)
8809
8810 return (this[offset] * 0x1000000) +
8811 ((this[offset + 1] << 16) |
8812 (this[offset + 2] << 8) |
8813 this[offset + 3])
8814}
8815
8816Buffer.prototype.readIntLE = function readIntLE (offset, byteLength, noAssert) {
8817 offset = offset >>> 0
8818 byteLength = byteLength >>> 0
8819 if (!noAssert) checkOffset(offset, byteLength, this.length)
8820
8821 var val = this[offset]
8822 var mul = 1
8823 var i = 0
8824 while (++i < byteLength && (mul *= 0x100)) {
8825 val += this[offset + i] * mul
8826 }
8827 mul *= 0x80
8828
8829 if (val >= mul) val -= Math.pow(2, 8 * byteLength)
8830
8831 return val
8832}
8833
8834Buffer.prototype.readIntBE = function readIntBE (offset, byteLength, noAssert) {
8835 offset = offset >>> 0
8836 byteLength = byteLength >>> 0
8837 if (!noAssert) checkOffset(offset, byteLength, this.length)
8838
8839 var i = byteLength
8840 var mul = 1
8841 var val = this[offset + --i]
8842 while (i > 0 && (mul *= 0x100)) {
8843 val += this[offset + --i] * mul
8844 }
8845 mul *= 0x80
8846
8847 if (val >= mul) val -= Math.pow(2, 8 * byteLength)
8848
8849 return val
8850}
8851
8852Buffer.prototype.readInt8 = function readInt8 (offset, noAssert) {
8853 offset = offset >>> 0
8854 if (!noAssert) checkOffset(offset, 1, this.length)
8855 if (!(this[offset] & 0x80)) return (this[offset])
8856 return ((0xff - this[offset] + 1) * -1)
8857}
8858
8859Buffer.prototype.readInt16LE = function readInt16LE (offset, noAssert) {
8860 offset = offset >>> 0
8861 if (!noAssert) checkOffset(offset, 2, this.length)
8862 var val = this[offset] | (this[offset + 1] << 8)
8863 return (val & 0x8000) ? val | 0xFFFF0000 : val
8864}
8865
8866Buffer.prototype.readInt16BE = function readInt16BE (offset, noAssert) {
8867 offset = offset >>> 0
8868 if (!noAssert) checkOffset(offset, 2, this.length)
8869 var val = this[offset + 1] | (this[offset] << 8)
8870 return (val & 0x8000) ? val | 0xFFFF0000 : val
8871}
8872
8873Buffer.prototype.readInt32LE = function readInt32LE (offset, noAssert) {
8874 offset = offset >>> 0
8875 if (!noAssert) checkOffset(offset, 4, this.length)
8876
8877 return (this[offset]) |
8878 (this[offset + 1] << 8) |
8879 (this[offset + 2] << 16) |
8880 (this[offset + 3] << 24)
8881}
8882
8883Buffer.prototype.readInt32BE = function readInt32BE (offset, noAssert) {
8884 offset = offset >>> 0
8885 if (!noAssert) checkOffset(offset, 4, this.length)
8886
8887 return (this[offset] << 24) |
8888 (this[offset + 1] << 16) |
8889 (this[offset + 2] << 8) |
8890 (this[offset + 3])
8891}
8892
8893Buffer.prototype.readFloatLE = function readFloatLE (offset, noAssert) {
8894 offset = offset >>> 0
8895 if (!noAssert) checkOffset(offset, 4, this.length)
8896 return ieee754.read(this, offset, true, 23, 4)
8897}
8898
8899Buffer.prototype.readFloatBE = function readFloatBE (offset, noAssert) {
8900 offset = offset >>> 0
8901 if (!noAssert) checkOffset(offset, 4, this.length)
8902 return ieee754.read(this, offset, false, 23, 4)
8903}
8904
8905Buffer.prototype.readDoubleLE = function readDoubleLE (offset, noAssert) {
8906 offset = offset >>> 0
8907 if (!noAssert) checkOffset(offset, 8, this.length)
8908 return ieee754.read(this, offset, true, 52, 8)
8909}
8910
8911Buffer.prototype.readDoubleBE = function readDoubleBE (offset, noAssert) {
8912 offset = offset >>> 0
8913 if (!noAssert) checkOffset(offset, 8, this.length)
8914 return ieee754.read(this, offset, false, 52, 8)
8915}
8916
8917function checkInt (buf, value, offset, ext, max, min) {
8918 if (!Buffer.isBuffer(buf)) throw new TypeError('"buffer" argument must be a Buffer instance')
8919 if (value > max || value < min) throw new RangeError('"value" argument is out of bounds')
8920 if (offset + ext > buf.length) throw new RangeError('Index out of range')
8921}
8922
8923Buffer.prototype.writeUIntLE = function writeUIntLE (value, offset, byteLength, noAssert) {
8924 value = +value
8925 offset = offset >>> 0
8926 byteLength = byteLength >>> 0
8927 if (!noAssert) {
8928 var maxBytes = Math.pow(2, 8 * byteLength) - 1
8929 checkInt(this, value, offset, byteLength, maxBytes, 0)
8930 }
8931
8932 var mul = 1
8933 var i = 0
8934 this[offset] = value & 0xFF
8935 while (++i < byteLength && (mul *= 0x100)) {
8936 this[offset + i] = (value / mul) & 0xFF
8937 }
8938
8939 return offset + byteLength
8940}
8941
8942Buffer.prototype.writeUIntBE = function writeUIntBE (value, offset, byteLength, noAssert) {
8943 value = +value
8944 offset = offset >>> 0
8945 byteLength = byteLength >>> 0
8946 if (!noAssert) {
8947 var maxBytes = Math.pow(2, 8 * byteLength) - 1
8948 checkInt(this, value, offset, byteLength, maxBytes, 0)
8949 }
8950
8951 var i = byteLength - 1
8952 var mul = 1
8953 this[offset + i] = value & 0xFF
8954 while (--i >= 0 && (mul *= 0x100)) {
8955 this[offset + i] = (value / mul) & 0xFF
8956 }
8957
8958 return offset + byteLength
8959}
8960
8961Buffer.prototype.writeUInt8 = function writeUInt8 (value, offset, noAssert) {
8962 value = +value
8963 offset = offset >>> 0
8964 if (!noAssert) checkInt(this, value, offset, 1, 0xff, 0)
8965 this[offset] = (value & 0xff)
8966 return offset + 1
8967}
8968
8969Buffer.prototype.writeUInt16LE = function writeUInt16LE (value, offset, noAssert) {
8970 value = +value
8971 offset = offset >>> 0
8972 if (!noAssert) checkInt(this, value, offset, 2, 0xffff, 0)
8973 this[offset] = (value & 0xff)
8974 this[offset + 1] = (value >>> 8)
8975 return offset + 2
8976}
8977
8978Buffer.prototype.writeUInt16BE = function writeUInt16BE (value, offset, noAssert) {
8979 value = +value
8980 offset = offset >>> 0
8981 if (!noAssert) checkInt(this, value, offset, 2, 0xffff, 0)
8982 this[offset] = (value >>> 8)
8983 this[offset + 1] = (value & 0xff)
8984 return offset + 2
8985}
8986
8987Buffer.prototype.writeUInt32LE = function writeUInt32LE (value, offset, noAssert) {
8988 value = +value
8989 offset = offset >>> 0
8990 if (!noAssert) checkInt(this, value, offset, 4, 0xffffffff, 0)
8991 this[offset + 3] = (value >>> 24)
8992 this[offset + 2] = (value >>> 16)
8993 this[offset + 1] = (value >>> 8)
8994 this[offset] = (value & 0xff)
8995 return offset + 4
8996}
8997
8998Buffer.prototype.writeUInt32BE = function writeUInt32BE (value, offset, noAssert) {
8999 value = +value
9000 offset = offset >>> 0
9001 if (!noAssert) checkInt(this, value, offset, 4, 0xffffffff, 0)
9002 this[offset] = (value >>> 24)
9003 this[offset + 1] = (value >>> 16)
9004 this[offset + 2] = (value >>> 8)
9005 this[offset + 3] = (value & 0xff)
9006 return offset + 4
9007}
9008
9009Buffer.prototype.writeIntLE = function writeIntLE (value, offset, byteLength, noAssert) {
9010 value = +value
9011 offset = offset >>> 0
9012 if (!noAssert) {
9013 var limit = Math.pow(2, (8 * byteLength) - 1)
9014
9015 checkInt(this, value, offset, byteLength, limit - 1, -limit)
9016 }
9017
9018 var i = 0
9019 var mul = 1
9020 var sub = 0
9021 this[offset] = value & 0xFF
9022 while (++i < byteLength && (mul *= 0x100)) {
9023 if (value < 0 && sub === 0 && this[offset + i - 1] !== 0) {
9024 sub = 1
9025 }
9026 this[offset + i] = ((value / mul) >> 0) - sub & 0xFF
9027 }
9028
9029 return offset + byteLength
9030}
9031
9032Buffer.prototype.writeIntBE = function writeIntBE (value, offset, byteLength, noAssert) {
9033 value = +value
9034 offset = offset >>> 0
9035 if (!noAssert) {
9036 var limit = Math.pow(2, (8 * byteLength) - 1)
9037
9038 checkInt(this, value, offset, byteLength, limit - 1, -limit)
9039 }
9040
9041 var i = byteLength - 1
9042 var mul = 1
9043 var sub = 0
9044 this[offset + i] = value & 0xFF
9045 while (--i >= 0 && (mul *= 0x100)) {
9046 if (value < 0 && sub === 0 && this[offset + i + 1] !== 0) {
9047 sub = 1
9048 }
9049 this[offset + i] = ((value / mul) >> 0) - sub & 0xFF
9050 }
9051
9052 return offset + byteLength
9053}
9054
9055Buffer.prototype.writeInt8 = function writeInt8 (value, offset, noAssert) {
9056 value = +value
9057 offset = offset >>> 0
9058 if (!noAssert) checkInt(this, value, offset, 1, 0x7f, -0x80)
9059 if (value < 0) value = 0xff + value + 1
9060 this[offset] = (value & 0xff)
9061 return offset + 1
9062}
9063
9064Buffer.prototype.writeInt16LE = function writeInt16LE (value, offset, noAssert) {
9065 value = +value
9066 offset = offset >>> 0
9067 if (!noAssert) checkInt(this, value, offset, 2, 0x7fff, -0x8000)
9068 this[offset] = (value & 0xff)
9069 this[offset + 1] = (value >>> 8)
9070 return offset + 2
9071}
9072
9073Buffer.prototype.writeInt16BE = function writeInt16BE (value, offset, noAssert) {
9074 value = +value
9075 offset = offset >>> 0
9076 if (!noAssert) checkInt(this, value, offset, 2, 0x7fff, -0x8000)
9077 this[offset] = (value >>> 8)
9078 this[offset + 1] = (value & 0xff)
9079 return offset + 2
9080}
9081
9082Buffer.prototype.writeInt32LE = function writeInt32LE (value, offset, noAssert) {
9083 value = +value
9084 offset = offset >>> 0
9085 if (!noAssert) checkInt(this, value, offset, 4, 0x7fffffff, -0x80000000)
9086 this[offset] = (value & 0xff)
9087 this[offset + 1] = (value >>> 8)
9088 this[offset + 2] = (value >>> 16)
9089 this[offset + 3] = (value >>> 24)
9090 return offset + 4
9091}
9092
9093Buffer.prototype.writeInt32BE = function writeInt32BE (value, offset, noAssert) {
9094 value = +value
9095 offset = offset >>> 0
9096 if (!noAssert) checkInt(this, value, offset, 4, 0x7fffffff, -0x80000000)
9097 if (value < 0) value = 0xffffffff + value + 1
9098 this[offset] = (value >>> 24)
9099 this[offset + 1] = (value >>> 16)
9100 this[offset + 2] = (value >>> 8)
9101 this[offset + 3] = (value & 0xff)
9102 return offset + 4
9103}
9104
9105function checkIEEE754 (buf, value, offset, ext, max, min) {
9106 if (offset + ext > buf.length) throw new RangeError('Index out of range')
9107 if (offset < 0) throw new RangeError('Index out of range')
9108}
9109
9110function writeFloat (buf, value, offset, littleEndian, noAssert) {
9111 value = +value
9112 offset = offset >>> 0
9113 if (!noAssert) {
9114 checkIEEE754(buf, value, offset, 4, 3.4028234663852886e+38, -3.4028234663852886e+38)
9115 }
9116 ieee754.write(buf, value, offset, littleEndian, 23, 4)
9117 return offset + 4
9118}
9119
9120Buffer.prototype.writeFloatLE = function writeFloatLE (value, offset, noAssert) {
9121 return writeFloat(this, value, offset, true, noAssert)
9122}
9123
9124Buffer.prototype.writeFloatBE = function writeFloatBE (value, offset, noAssert) {
9125 return writeFloat(this, value, offset, false, noAssert)
9126}
9127
9128function writeDouble (buf, value, offset, littleEndian, noAssert) {
9129 value = +value
9130 offset = offset >>> 0
9131 if (!noAssert) {
9132 checkIEEE754(buf, value, offset, 8, 1.7976931348623157E+308, -1.7976931348623157E+308)
9133 }
9134 ieee754.write(buf, value, offset, littleEndian, 52, 8)
9135 return offset + 8
9136}
9137
9138Buffer.prototype.writeDoubleLE = function writeDoubleLE (value, offset, noAssert) {
9139 return writeDouble(this, value, offset, true, noAssert)
9140}
9141
9142Buffer.prototype.writeDoubleBE = function writeDoubleBE (value, offset, noAssert) {
9143 return writeDouble(this, value, offset, false, noAssert)
9144}
9145
9146// copy(targetBuffer, targetStart=0, sourceStart=0, sourceEnd=buffer.length)
9147Buffer.prototype.copy = function copy (target, targetStart, start, end) {
9148 if (!start) start = 0
9149 if (!end && end !== 0) end = this.length
9150 if (targetStart >= target.length) targetStart = target.length
9151 if (!targetStart) targetStart = 0
9152 if (end > 0 && end < start) end = start
9153
9154 // Copy 0 bytes; we're done
9155 if (end === start) return 0
9156 if (target.length === 0 || this.length === 0) return 0
9157
9158 // Fatal error conditions
9159 if (targetStart < 0) {
9160 throw new RangeError('targetStart out of bounds')
9161 }
9162 if (start < 0 || start >= this.length) throw new RangeError('sourceStart out of bounds')
9163 if (end < 0) throw new RangeError('sourceEnd out of bounds')
9164
9165 // Are we oob?
9166 if (end > this.length) end = this.length
9167 if (target.length - targetStart < end - start) {
9168 end = target.length - targetStart + start
9169 }
9170
9171 var len = end - start
9172 var i
9173
9174 if (this === target && start < targetStart && targetStart < end) {
9175 // descending copy from end
9176 for (i = len - 1; i >= 0; --i) {
9177 target[i + targetStart] = this[i + start]
9178 }
9179 } else if (len < 1000) {
9180 // ascending copy from start
9181 for (i = 0; i < len; ++i) {
9182 target[i + targetStart] = this[i + start]
9183 }
9184 } else {
9185 Uint8Array.prototype.set.call(
9186 target,
9187 this.subarray(start, start + len),
9188 targetStart
9189 )
9190 }
9191
9192 return len
9193}
9194
9195// Usage:
9196// buffer.fill(number[, offset[, end]])
9197// buffer.fill(buffer[, offset[, end]])
9198// buffer.fill(string[, offset[, end]][, encoding])
9199Buffer.prototype.fill = function fill (val, start, end, encoding) {
9200 // Handle string cases:
9201 if (typeof val === 'string') {
9202 if (typeof start === 'string') {
9203 encoding = start
9204 start = 0
9205 end = this.length
9206 } else if (typeof end === 'string') {
9207 encoding = end
9208 end = this.length
9209 }
9210 if (val.length === 1) {
9211 var code = val.charCodeAt(0)
9212 if (code < 256) {
9213 val = code
9214 }
9215 }
9216 if (encoding !== undefined && typeof encoding !== 'string') {
9217 throw new TypeError('encoding must be a string')
9218 }
9219 if (typeof encoding === 'string' && !Buffer.isEncoding(encoding)) {
9220 throw new TypeError('Unknown encoding: ' + encoding)
9221 }
9222 } else if (typeof val === 'number') {
9223 val = val & 255
9224 }
9225
9226 // Invalid ranges are not set to a default, so can range check early.
9227 if (start < 0 || this.length < start || this.length < end) {
9228 throw new RangeError('Out of range index')
9229 }
9230
9231 if (end <= start) {
9232 return this
9233 }
9234
9235 start = start >>> 0
9236 end = end === undefined ? this.length : end >>> 0
9237
9238 if (!val) val = 0
9239
9240 var i
9241 if (typeof val === 'number') {
9242 for (i = start; i < end; ++i) {
9243 this[i] = val
9244 }
9245 } else {
9246 var bytes = Buffer.isBuffer(val)
9247 ? val
9248 : new Buffer(val, encoding)
9249 var len = bytes.length
9250 for (i = 0; i < end - start; ++i) {
9251 this[i + start] = bytes[i % len]
9252 }
9253 }
9254
9255 return this
9256}
9257
9258// HELPER FUNCTIONS
9259// ================
9260
9261var INVALID_BASE64_RE = /[^+/0-9A-Za-z-_]/g
9262
9263function base64clean (str) {
9264 // Node strips out invalid characters like \n and \t from the string, base64-js does not
9265 str = str.trim().replace(INVALID_BASE64_RE, '')
9266 // Node converts strings with length < 2 to ''
9267 if (str.length < 2) return ''
9268 // Node allows for non-padded base64 strings (missing trailing ===), base64-js does not
9269 while (str.length % 4 !== 0) {
9270 str = str + '='
9271 }
9272 return str
9273}
9274
9275function toHex (n) {
9276 if (n < 16) return '0' + n.toString(16)
9277 return n.toString(16)
9278}
9279
9280function utf8ToBytes (string, units) {
9281 units = units || Infinity
9282 var codePoint
9283 var length = string.length
9284 var leadSurrogate = null
9285 var bytes = []
9286
9287 for (var i = 0; i < length; ++i) {
9288 codePoint = string.charCodeAt(i)
9289
9290 // is surrogate component
9291 if (codePoint > 0xD7FF && codePoint < 0xE000) {
9292 // last char was a lead
9293 if (!leadSurrogate) {
9294 // no lead yet
9295 if (codePoint > 0xDBFF) {
9296 // unexpected trail
9297 if ((units -= 3) > -1) bytes.push(0xEF, 0xBF, 0xBD)
9298 continue
9299 } else if (i + 1 === length) {
9300 // unpaired lead
9301 if ((units -= 3) > -1) bytes.push(0xEF, 0xBF, 0xBD)
9302 continue
9303 }
9304
9305 // valid lead
9306 leadSurrogate = codePoint
9307
9308 continue
9309 }
9310
9311 // 2 leads in a row
9312 if (codePoint < 0xDC00) {
9313 if ((units -= 3) > -1) bytes.push(0xEF, 0xBF, 0xBD)
9314 leadSurrogate = codePoint
9315 continue
9316 }
9317
9318 // valid surrogate pair
9319 codePoint = (leadSurrogate - 0xD800 << 10 | codePoint - 0xDC00) + 0x10000
9320 } else if (leadSurrogate) {
9321 // valid bmp char, but last char was a lead
9322 if ((units -= 3) > -1) bytes.push(0xEF, 0xBF, 0xBD)
9323 }
9324
9325 leadSurrogate = null
9326
9327 // encode utf8
9328 if (codePoint < 0x80) {
9329 if ((units -= 1) < 0) break
9330 bytes.push(codePoint)
9331 } else if (codePoint < 0x800) {
9332 if ((units -= 2) < 0) break
9333 bytes.push(
9334 codePoint >> 0x6 | 0xC0,
9335 codePoint & 0x3F | 0x80
9336 )
9337 } else if (codePoint < 0x10000) {
9338 if ((units -= 3) < 0) break
9339 bytes.push(
9340 codePoint >> 0xC | 0xE0,
9341 codePoint >> 0x6 & 0x3F | 0x80,
9342 codePoint & 0x3F | 0x80
9343 )
9344 } else if (codePoint < 0x110000) {
9345 if ((units -= 4) < 0) break
9346 bytes.push(
9347 codePoint >> 0x12 | 0xF0,
9348 codePoint >> 0xC & 0x3F | 0x80,
9349 codePoint >> 0x6 & 0x3F | 0x80,
9350 codePoint & 0x3F | 0x80
9351 )
9352 } else {
9353 throw new Error('Invalid code point')
9354 }
9355 }
9356
9357 return bytes
9358}
9359
9360function asciiToBytes (str) {
9361 var byteArray = []
9362 for (var i = 0; i < str.length; ++i) {
9363 // Node's code seems to be doing this and not & 0x7F..
9364 byteArray.push(str.charCodeAt(i) & 0xFF)
9365 }
9366 return byteArray
9367}
9368
9369function utf16leToBytes (str, units) {
9370 var c, hi, lo
9371 var byteArray = []
9372 for (var i = 0; i < str.length; ++i) {
9373 if ((units -= 2) < 0) break
9374
9375 c = str.charCodeAt(i)
9376 hi = c >> 8
9377 lo = c % 256
9378 byteArray.push(lo)
9379 byteArray.push(hi)
9380 }
9381
9382 return byteArray
9383}
9384
9385function base64ToBytes (str) {
9386 return base64.toByteArray(base64clean(str))
9387}
9388
9389function blitBuffer (src, dst, offset, length) {
9390 for (var i = 0; i < length; ++i) {
9391 if ((i + offset >= dst.length) || (i >= src.length)) break
9392 dst[i + offset] = src[i]
9393 }
9394 return i
9395}
9396
9397// Node 0.10 supports `ArrayBuffer` but lacks `ArrayBuffer.isView`
9398function isArrayBufferView (obj) {
9399 return (typeof ArrayBuffer.isView === 'function') && ArrayBuffer.isView(obj)
9400}
9401
9402function numberIsNaN (obj) {
9403 return obj !== obj // eslint-disable-line no-self-compare
9404}
9405
9406},{"base64-js":16,"ieee754":93}],48:[function(require,module,exports){
9407(function (Buffer){
9408var Transform = require('stream').Transform
9409var inherits = require('inherits')
9410var StringDecoder = require('string_decoder').StringDecoder
9411module.exports = CipherBase
9412inherits(CipherBase, Transform)
9413function CipherBase (hashMode) {
9414 Transform.call(this)
9415 this.hashMode = typeof hashMode === 'string'
9416 if (this.hashMode) {
9417 this[hashMode] = this._finalOrDigest
9418 } else {
9419 this.final = this._finalOrDigest
9420 }
9421 this._decoder = null
9422 this._encoding = null
9423}
9424CipherBase.prototype.update = function (data, inputEnc, outputEnc) {
9425 if (typeof data === 'string') {
9426 data = new Buffer(data, inputEnc)
9427 }
9428 var outData = this._update(data)
9429 if (this.hashMode) {
9430 return this
9431 }
9432 if (outputEnc) {
9433 outData = this._toString(outData, outputEnc)
9434 }
9435 return outData
9436}
9437
9438CipherBase.prototype.setAutoPadding = function () {}
9439
9440CipherBase.prototype.getAuthTag = function () {
9441 throw new Error('trying to get auth tag in unsupported state')
9442}
9443
9444CipherBase.prototype.setAuthTag = function () {
9445 throw new Error('trying to set auth tag in unsupported state')
9446}
9447
9448CipherBase.prototype.setAAD = function () {
9449 throw new Error('trying to set aad in unsupported state')
9450}
9451
9452CipherBase.prototype._transform = function (data, _, next) {
9453 var err
9454 try {
9455 if (this.hashMode) {
9456 this._update(data)
9457 } else {
9458 this.push(this._update(data))
9459 }
9460 } catch (e) {
9461 err = e
9462 } finally {
9463 next(err)
9464 }
9465}
9466CipherBase.prototype._flush = function (done) {
9467 var err
9468 try {
9469 this.push(this._final())
9470 } catch (e) {
9471 err = e
9472 } finally {
9473 done(err)
9474 }
9475}
9476CipherBase.prototype._finalOrDigest = function (outputEnc) {
9477 var outData = this._final() || new Buffer('')
9478 if (outputEnc) {
9479 outData = this._toString(outData, outputEnc, true)
9480 }
9481 return outData
9482}
9483
9484CipherBase.prototype._toString = function (value, enc, fin) {
9485 if (!this._decoder) {
9486 this._decoder = new StringDecoder(enc)
9487 this._encoding = enc
9488 }
9489 if (this._encoding !== enc) {
9490 throw new Error('can\'t switch encodings')
9491 }
9492 var out = this._decoder.write(value)
9493 if (fin) {
9494 out += this._decoder.end()
9495 }
9496 return out
9497}
9498
9499}).call(this,require("buffer").Buffer)
9500},{"buffer":47,"inherits":95,"stream":143,"string_decoder":144}],49:[function(require,module,exports){
9501(function (Buffer){
9502// Copyright Joyent, Inc. and other Node contributors.
9503//
9504// Permission is hereby granted, free of charge, to any person obtaining a
9505// copy of this software and associated documentation files (the
9506// "Software"), to deal in the Software without restriction, including
9507// without limitation the rights to use, copy, modify, merge, publish,
9508// distribute, sublicense, and/or sell copies of the Software, and to permit
9509// persons to whom the Software is furnished to do so, subject to the
9510// following conditions:
9511//
9512// The above copyright notice and this permission notice shall be included
9513// in all copies or substantial portions of the Software.
9514//
9515// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
9516// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
9517// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
9518// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
9519// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
9520// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
9521// USE OR OTHER DEALINGS IN THE SOFTWARE.
9522
9523// NOTE: These type checking functions intentionally don't use `instanceof`
9524// because it is fragile and can be easily faked with `Object.create()`.
9525
9526function isArray(arg) {
9527 if (Array.isArray) {
9528 return Array.isArray(arg);
9529 }
9530 return objectToString(arg) === '[object Array]';
9531}
9532exports.isArray = isArray;
9533
9534function isBoolean(arg) {
9535 return typeof arg === 'boolean';
9536}
9537exports.isBoolean = isBoolean;
9538
9539function isNull(arg) {
9540 return arg === null;
9541}
9542exports.isNull = isNull;
9543
9544function isNullOrUndefined(arg) {
9545 return arg == null;
9546}
9547exports.isNullOrUndefined = isNullOrUndefined;
9548
9549function isNumber(arg) {
9550 return typeof arg === 'number';
9551}
9552exports.isNumber = isNumber;
9553
9554function isString(arg) {
9555 return typeof arg === 'string';
9556}
9557exports.isString = isString;
9558
9559function isSymbol(arg) {
9560 return typeof arg === 'symbol';
9561}
9562exports.isSymbol = isSymbol;
9563
9564function isUndefined(arg) {
9565 return arg === void 0;
9566}
9567exports.isUndefined = isUndefined;
9568
9569function isRegExp(re) {
9570 return objectToString(re) === '[object RegExp]';
9571}
9572exports.isRegExp = isRegExp;
9573
9574function isObject(arg) {
9575 return typeof arg === 'object' && arg !== null;
9576}
9577exports.isObject = isObject;
9578
9579function isDate(d) {
9580 return objectToString(d) === '[object Date]';
9581}
9582exports.isDate = isDate;
9583
9584function isError(e) {
9585 return (objectToString(e) === '[object Error]' || e instanceof Error);
9586}
9587exports.isError = isError;
9588
9589function isFunction(arg) {
9590 return typeof arg === 'function';
9591}
9592exports.isFunction = isFunction;
9593
9594function isPrimitive(arg) {
9595 return arg === null ||
9596 typeof arg === 'boolean' ||
9597 typeof arg === 'number' ||
9598 typeof arg === 'string' ||
9599 typeof arg === 'symbol' || // ES6 symbol
9600 typeof arg === 'undefined';
9601}
9602exports.isPrimitive = isPrimitive;
9603
9604exports.isBuffer = Buffer.isBuffer;
9605
9606function objectToString(o) {
9607 return Object.prototype.toString.call(o);
9608}
9609
9610}).call(this,{"isBuffer":require("../../is-buffer/index.js")})
9611},{"../../is-buffer/index.js":96}],50:[function(require,module,exports){
9612(function (Buffer){
9613var elliptic = require('elliptic');
9614var BN = require('bn.js');
9615
9616module.exports = function createECDH(curve) {
9617 return new ECDH(curve);
9618};
9619
9620var aliases = {
9621 secp256k1: {
9622 name: 'secp256k1',
9623 byteLength: 32
9624 },
9625 secp224r1: {
9626 name: 'p224',
9627 byteLength: 28
9628 },
9629 prime256v1: {
9630 name: 'p256',
9631 byteLength: 32
9632 },
9633 prime192v1: {
9634 name: 'p192',
9635 byteLength: 24
9636 },
9637 ed25519: {
9638 name: 'ed25519',
9639 byteLength: 32
9640 },
9641 secp384r1: {
9642 name: 'p384',
9643 byteLength: 48
9644 },
9645 secp521r1: {
9646 name: 'p521',
9647 byteLength: 66
9648 }
9649};
9650
9651aliases.p224 = aliases.secp224r1;
9652aliases.p256 = aliases.secp256r1 = aliases.prime256v1;
9653aliases.p192 = aliases.secp192r1 = aliases.prime192v1;
9654aliases.p384 = aliases.secp384r1;
9655aliases.p521 = aliases.secp521r1;
9656
9657function ECDH(curve) {
9658 this.curveType = aliases[curve];
9659 if (!this.curveType ) {
9660 this.curveType = {
9661 name: curve
9662 };
9663 }
9664 this.curve = new elliptic.ec(this.curveType.name);
9665 this.keys = void 0;
9666}
9667
9668ECDH.prototype.generateKeys = function (enc, format) {
9669 this.keys = this.curve.genKeyPair();
9670 return this.getPublicKey(enc, format);
9671};
9672
9673ECDH.prototype.computeSecret = function (other, inenc, enc) {
9674 inenc = inenc || 'utf8';
9675 if (!Buffer.isBuffer(other)) {
9676 other = new Buffer(other, inenc);
9677 }
9678 var otherPub = this.curve.keyFromPublic(other).getPublic();
9679 var out = otherPub.mul(this.keys.getPrivate()).getX();
9680 return formatReturnValue(out, enc, this.curveType.byteLength);
9681};
9682
9683ECDH.prototype.getPublicKey = function (enc, format) {
9684 var key = this.keys.getPublic(format === 'compressed', true);
9685 if (format === 'hybrid') {
9686 if (key[key.length - 1] % 2) {
9687 key[0] = 7;
9688 } else {
9689 key [0] = 6;
9690 }
9691 }
9692 return formatReturnValue(key, enc);
9693};
9694
9695ECDH.prototype.getPrivateKey = function (enc) {
9696 return formatReturnValue(this.keys.getPrivate(), enc);
9697};
9698
9699ECDH.prototype.setPublicKey = function (pub, enc) {
9700 enc = enc || 'utf8';
9701 if (!Buffer.isBuffer(pub)) {
9702 pub = new Buffer(pub, enc);
9703 }
9704 this.keys._importPublic(pub);
9705 return this;
9706};
9707
9708ECDH.prototype.setPrivateKey = function (priv, enc) {
9709 enc = enc || 'utf8';
9710 if (!Buffer.isBuffer(priv)) {
9711 priv = new Buffer(priv, enc);
9712 }
9713 var _priv = new BN(priv);
9714 _priv = _priv.toString(16);
9715 this.keys._importPrivate(_priv);
9716 return this;
9717};
9718
9719function formatReturnValue(bn, enc, len) {
9720 if (!Array.isArray(bn)) {
9721 bn = bn.toArray();
9722 }
9723 var buf = new Buffer(bn);
9724 if (len && buf.length < len) {
9725 var zeros = new Buffer(len - buf.length);
9726 zeros.fill(0);
9727 buf = Buffer.concat([zeros, buf]);
9728 }
9729 if (!enc) {
9730 return buf;
9731 } else {
9732 return buf.toString(enc);
9733 }
9734}
9735
9736}).call(this,require("buffer").Buffer)
9737},{"bn.js":17,"buffer":47,"elliptic":67}],51:[function(require,module,exports){
9738(function (Buffer){
9739'use strict'
9740var inherits = require('inherits')
9741var md5 = require('./md5')
9742var RIPEMD160 = require('ripemd160')
9743var sha = require('sha.js')
9744
9745var Base = require('cipher-base')
9746
9747function HashNoConstructor (hash) {
9748 Base.call(this, 'digest')
9749
9750 this._hash = hash
9751 this.buffers = []
9752}
9753
9754inherits(HashNoConstructor, Base)
9755
9756HashNoConstructor.prototype._update = function (data) {
9757 this.buffers.push(data)
9758}
9759
9760HashNoConstructor.prototype._final = function () {
9761 var buf = Buffer.concat(this.buffers)
9762 var r = this._hash(buf)
9763 this.buffers = null
9764
9765 return r
9766}
9767
9768function Hash (hash) {
9769 Base.call(this, 'digest')
9770
9771 this._hash = hash
9772}
9773
9774inherits(Hash, Base)
9775
9776Hash.prototype._update = function (data) {
9777 this._hash.update(data)
9778}
9779
9780Hash.prototype._final = function () {
9781 return this._hash.digest()
9782}
9783
9784module.exports = function createHash (alg) {
9785 alg = alg.toLowerCase()
9786 if (alg === 'md5') return new HashNoConstructor(md5)
9787 if (alg === 'rmd160' || alg === 'ripemd160') return new Hash(new RIPEMD160())
9788
9789 return new Hash(sha(alg))
9790}
9791
9792}).call(this,require("buffer").Buffer)
9793},{"./md5":53,"buffer":47,"cipher-base":48,"inherits":95,"ripemd160":133,"sha.js":136}],52:[function(require,module,exports){
9794(function (Buffer){
9795'use strict'
9796var intSize = 4
9797var zeroBuffer = new Buffer(intSize)
9798zeroBuffer.fill(0)
9799
9800var charSize = 8
9801var hashSize = 16
9802
9803function toArray (buf) {
9804 if ((buf.length % intSize) !== 0) {
9805 var len = buf.length + (intSize - (buf.length % intSize))
9806 buf = Buffer.concat([buf, zeroBuffer], len)
9807 }
9808
9809 var arr = new Array(buf.length >>> 2)
9810 for (var i = 0, j = 0; i < buf.length; i += intSize, j++) {
9811 arr[j] = buf.readInt32LE(i)
9812 }
9813
9814 return arr
9815}
9816
9817module.exports = function hash (buf, fn) {
9818 var arr = fn(toArray(buf), buf.length * charSize)
9819 buf = new Buffer(hashSize)
9820 for (var i = 0; i < arr.length; i++) {
9821 buf.writeInt32LE(arr[i], i << 2, true)
9822 }
9823 return buf
9824}
9825
9826}).call(this,require("buffer").Buffer)
9827},{"buffer":47}],53:[function(require,module,exports){
9828'use strict'
9829/*
9830 * A JavaScript implementation of the RSA Data Security, Inc. MD5 Message
9831 * Digest Algorithm, as defined in RFC 1321.
9832 * Version 2.1 Copyright (C) Paul Johnston 1999 - 2002.
9833 * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
9834 * Distributed under the BSD License
9835 * See http://pajhome.org.uk/crypt/md5 for more info.
9836 */
9837
9838var makeHash = require('./make-hash')
9839
9840/*
9841 * Calculate the MD5 of an array of little-endian words, and a bit length
9842 */
9843function core_md5 (x, len) {
9844 /* append padding */
9845 x[len >> 5] |= 0x80 << ((len) % 32)
9846 x[(((len + 64) >>> 9) << 4) + 14] = len
9847
9848 var a = 1732584193
9849 var b = -271733879
9850 var c = -1732584194
9851 var d = 271733878
9852
9853 for (var i = 0; i < x.length; i += 16) {
9854 var olda = a
9855 var oldb = b
9856 var oldc = c
9857 var oldd = d
9858
9859 a = md5_ff(a, b, c, d, x[i + 0], 7, -680876936)
9860 d = md5_ff(d, a, b, c, x[i + 1], 12, -389564586)
9861 c = md5_ff(c, d, a, b, x[i + 2], 17, 606105819)
9862 b = md5_ff(b, c, d, a, x[i + 3], 22, -1044525330)
9863 a = md5_ff(a, b, c, d, x[i + 4], 7, -176418897)
9864 d = md5_ff(d, a, b, c, x[i + 5], 12, 1200080426)
9865 c = md5_ff(c, d, a, b, x[i + 6], 17, -1473231341)
9866 b = md5_ff(b, c, d, a, x[i + 7], 22, -45705983)
9867 a = md5_ff(a, b, c, d, x[i + 8], 7, 1770035416)
9868 d = md5_ff(d, a, b, c, x[i + 9], 12, -1958414417)
9869 c = md5_ff(c, d, a, b, x[i + 10], 17, -42063)
9870 b = md5_ff(b, c, d, a, x[i + 11], 22, -1990404162)
9871 a = md5_ff(a, b, c, d, x[i + 12], 7, 1804603682)
9872 d = md5_ff(d, a, b, c, x[i + 13], 12, -40341101)
9873 c = md5_ff(c, d, a, b, x[i + 14], 17, -1502002290)
9874 b = md5_ff(b, c, d, a, x[i + 15], 22, 1236535329)
9875
9876 a = md5_gg(a, b, c, d, x[i + 1], 5, -165796510)
9877 d = md5_gg(d, a, b, c, x[i + 6], 9, -1069501632)
9878 c = md5_gg(c, d, a, b, x[i + 11], 14, 643717713)
9879 b = md5_gg(b, c, d, a, x[i + 0], 20, -373897302)
9880 a = md5_gg(a, b, c, d, x[i + 5], 5, -701558691)
9881 d = md5_gg(d, a, b, c, x[i + 10], 9, 38016083)
9882 c = md5_gg(c, d, a, b, x[i + 15], 14, -660478335)
9883 b = md5_gg(b, c, d, a, x[i + 4], 20, -405537848)
9884 a = md5_gg(a, b, c, d, x[i + 9], 5, 568446438)
9885 d = md5_gg(d, a, b, c, x[i + 14], 9, -1019803690)
9886 c = md5_gg(c, d, a, b, x[i + 3], 14, -187363961)
9887 b = md5_gg(b, c, d, a, x[i + 8], 20, 1163531501)
9888 a = md5_gg(a, b, c, d, x[i + 13], 5, -1444681467)
9889 d = md5_gg(d, a, b, c, x[i + 2], 9, -51403784)
9890 c = md5_gg(c, d, a, b, x[i + 7], 14, 1735328473)
9891 b = md5_gg(b, c, d, a, x[i + 12], 20, -1926607734)
9892
9893 a = md5_hh(a, b, c, d, x[i + 5], 4, -378558)
9894 d = md5_hh(d, a, b, c, x[i + 8], 11, -2022574463)
9895 c = md5_hh(c, d, a, b, x[i + 11], 16, 1839030562)
9896 b = md5_hh(b, c, d, a, x[i + 14], 23, -35309556)
9897 a = md5_hh(a, b, c, d, x[i + 1], 4, -1530992060)
9898 d = md5_hh(d, a, b, c, x[i + 4], 11, 1272893353)
9899 c = md5_hh(c, d, a, b, x[i + 7], 16, -155497632)
9900 b = md5_hh(b, c, d, a, x[i + 10], 23, -1094730640)
9901 a = md5_hh(a, b, c, d, x[i + 13], 4, 681279174)
9902 d = md5_hh(d, a, b, c, x[i + 0], 11, -358537222)
9903 c = md5_hh(c, d, a, b, x[i + 3], 16, -722521979)
9904 b = md5_hh(b, c, d, a, x[i + 6], 23, 76029189)
9905 a = md5_hh(a, b, c, d, x[i + 9], 4, -640364487)
9906 d = md5_hh(d, a, b, c, x[i + 12], 11, -421815835)
9907 c = md5_hh(c, d, a, b, x[i + 15], 16, 530742520)
9908 b = md5_hh(b, c, d, a, x[i + 2], 23, -995338651)
9909
9910 a = md5_ii(a, b, c, d, x[i + 0], 6, -198630844)
9911 d = md5_ii(d, a, b, c, x[i + 7], 10, 1126891415)
9912 c = md5_ii(c, d, a, b, x[i + 14], 15, -1416354905)
9913 b = md5_ii(b, c, d, a, x[i + 5], 21, -57434055)
9914 a = md5_ii(a, b, c, d, x[i + 12], 6, 1700485571)
9915 d = md5_ii(d, a, b, c, x[i + 3], 10, -1894986606)
9916 c = md5_ii(c, d, a, b, x[i + 10], 15, -1051523)
9917 b = md5_ii(b, c, d, a, x[i + 1], 21, -2054922799)
9918 a = md5_ii(a, b, c, d, x[i + 8], 6, 1873313359)
9919 d = md5_ii(d, a, b, c, x[i + 15], 10, -30611744)
9920 c = md5_ii(c, d, a, b, x[i + 6], 15, -1560198380)
9921 b = md5_ii(b, c, d, a, x[i + 13], 21, 1309151649)
9922 a = md5_ii(a, b, c, d, x[i + 4], 6, -145523070)
9923 d = md5_ii(d, a, b, c, x[i + 11], 10, -1120210379)
9924 c = md5_ii(c, d, a, b, x[i + 2], 15, 718787259)
9925 b = md5_ii(b, c, d, a, x[i + 9], 21, -343485551)
9926
9927 a = safe_add(a, olda)
9928 b = safe_add(b, oldb)
9929 c = safe_add(c, oldc)
9930 d = safe_add(d, oldd)
9931 }
9932
9933 return [a, b, c, d]
9934}
9935
9936/*
9937 * These functions implement the four basic operations the algorithm uses.
9938 */
9939function md5_cmn (q, a, b, x, s, t) {
9940 return safe_add(bit_rol(safe_add(safe_add(a, q), safe_add(x, t)), s), b)
9941}
9942
9943function md5_ff (a, b, c, d, x, s, t) {
9944 return md5_cmn((b & c) | ((~b) & d), a, b, x, s, t)
9945}
9946
9947function md5_gg (a, b, c, d, x, s, t) {
9948 return md5_cmn((b & d) | (c & (~d)), a, b, x, s, t)
9949}
9950
9951function md5_hh (a, b, c, d, x, s, t) {
9952 return md5_cmn(b ^ c ^ d, a, b, x, s, t)
9953}
9954
9955function md5_ii (a, b, c, d, x, s, t) {
9956 return md5_cmn(c ^ (b | (~d)), a, b, x, s, t)
9957}
9958
9959/*
9960 * Add integers, wrapping at 2^32. This uses 16-bit operations internally
9961 * to work around bugs in some JS interpreters.
9962 */
9963function safe_add (x, y) {
9964 var lsw = (x & 0xFFFF) + (y & 0xFFFF)
9965 var msw = (x >> 16) + (y >> 16) + (lsw >> 16)
9966 return (msw << 16) | (lsw & 0xFFFF)
9967}
9968
9969/*
9970 * Bitwise rotate a 32-bit number to the left.
9971 */
9972function bit_rol (num, cnt) {
9973 return (num << cnt) | (num >>> (32 - cnt))
9974}
9975
9976module.exports = function md5 (buf) {
9977 return makeHash(buf, core_md5)
9978}
9979
9980},{"./make-hash":52}],54:[function(require,module,exports){
9981'use strict'
9982var inherits = require('inherits')
9983var Legacy = require('./legacy')
9984var Base = require('cipher-base')
9985var Buffer = require('safe-buffer').Buffer
9986var md5 = require('create-hash/md5')
9987var RIPEMD160 = require('ripemd160')
9988
9989var sha = require('sha.js')
9990
9991var ZEROS = Buffer.alloc(128)
9992
9993function Hmac (alg, key) {
9994 Base.call(this, 'digest')
9995 if (typeof key === 'string') {
9996 key = Buffer.from(key)
9997 }
9998
9999 var blocksize = (alg === 'sha512' || alg === 'sha384') ? 128 : 64
10000
10001 this._alg = alg
10002 this._key = key
10003 if (key.length > blocksize) {
10004 var hash = alg === 'rmd160' ? new RIPEMD160() : sha(alg)
10005 key = hash.update(key).digest()
10006 } else if (key.length < blocksize) {
10007 key = Buffer.concat([key, ZEROS], blocksize)
10008 }
10009
10010 var ipad = this._ipad = Buffer.allocUnsafe(blocksize)
10011 var opad = this._opad = Buffer.allocUnsafe(blocksize)
10012
10013 for (var i = 0; i < blocksize; i++) {
10014 ipad[i] = key[i] ^ 0x36
10015 opad[i] = key[i] ^ 0x5C
10016 }
10017 this._hash = alg === 'rmd160' ? new RIPEMD160() : sha(alg)
10018 this._hash.update(ipad)
10019}
10020
10021inherits(Hmac, Base)
10022
10023Hmac.prototype._update = function (data) {
10024 this._hash.update(data)
10025}
10026
10027Hmac.prototype._final = function () {
10028 var h = this._hash.digest()
10029 var hash = this._alg === 'rmd160' ? new RIPEMD160() : sha(this._alg)
10030 return hash.update(this._opad).update(h).digest()
10031}
10032
10033module.exports = function createHmac (alg, key) {
10034 alg = alg.toLowerCase()
10035 if (alg === 'rmd160' || alg === 'ripemd160') {
10036 return new Hmac('rmd160', key)
10037 }
10038 if (alg === 'md5') {
10039 return new Legacy(md5, key)
10040 }
10041 return new Hmac(alg, key)
10042}
10043
10044},{"./legacy":55,"cipher-base":48,"create-hash/md5":53,"inherits":95,"ripemd160":133,"safe-buffer":134,"sha.js":136}],55:[function(require,module,exports){
10045'use strict'
10046var inherits = require('inherits')
10047var Buffer = require('safe-buffer').Buffer
10048
10049var Base = require('cipher-base')
10050
10051var ZEROS = Buffer.alloc(128)
10052var blocksize = 64
10053
10054function Hmac (alg, key) {
10055 Base.call(this, 'digest')
10056 if (typeof key === 'string') {
10057 key = Buffer.from(key)
10058 }
10059
10060 this._alg = alg
10061 this._key = key
10062
10063 if (key.length > blocksize) {
10064 key = alg(key)
10065 } else if (key.length < blocksize) {
10066 key = Buffer.concat([key, ZEROS], blocksize)
10067 }
10068
10069 var ipad = this._ipad = Buffer.allocUnsafe(blocksize)
10070 var opad = this._opad = Buffer.allocUnsafe(blocksize)
10071
10072 for (var i = 0; i < blocksize; i++) {
10073 ipad[i] = key[i] ^ 0x36
10074 opad[i] = key[i] ^ 0x5C
10075 }
10076
10077 this._hash = [ipad]
10078}
10079
10080inherits(Hmac, Base)
10081
10082Hmac.prototype._update = function (data) {
10083 this._hash.push(data)
10084}
10085
10086Hmac.prototype._final = function () {
10087 var h = this._alg(Buffer.concat(this._hash))
10088 return this._alg(Buffer.concat([this._opad, h]))
10089}
10090module.exports = Hmac
10091
10092},{"cipher-base":48,"inherits":95,"safe-buffer":134}],56:[function(require,module,exports){
10093'use strict'
10094
10095exports.randomBytes = exports.rng = exports.pseudoRandomBytes = exports.prng = require('randombytes')
10096exports.createHash = exports.Hash = require('create-hash')
10097exports.createHmac = exports.Hmac = require('create-hmac')
10098
10099var hashes = ['sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'md5', 'rmd160'].concat(Object.keys(require('browserify-sign/algos')))
10100exports.getHashes = function () {
10101 return hashes
10102}
10103
10104var p = require('pbkdf2')
10105exports.pbkdf2 = p.pbkdf2
10106exports.pbkdf2Sync = p.pbkdf2Sync
10107
10108var aes = require('browserify-cipher')
10109;[
10110 'Cipher',
10111 'createCipher',
10112 'Cipheriv',
10113 'createCipheriv',
10114 'Decipher',
10115 'createDecipher',
10116 'Decipheriv',
10117 'createDecipheriv',
10118 'getCiphers',
10119 'listCiphers'
10120].forEach(function (key) {
10121 exports[key] = aes[key]
10122})
10123
10124var dh = require('diffie-hellman')
10125;[
10126 'DiffieHellmanGroup',
10127 'createDiffieHellmanGroup',
10128 'getDiffieHellman',
10129 'createDiffieHellman',
10130 'DiffieHellman'
10131].forEach(function (key) {
10132 exports[key] = dh[key]
10133})
10134
10135var sign = require('browserify-sign')
10136;[
10137 'createSign',
10138 'Sign',
10139 'createVerify',
10140 'Verify'
10141].forEach(function (key) {
10142 exports[key] = sign[key]
10143})
10144
10145exports.createECDH = require('create-ecdh')
10146
10147var publicEncrypt = require('public-encrypt')
10148
10149;[
10150 'publicEncrypt',
10151 'privateEncrypt',
10152 'publicDecrypt',
10153 'privateDecrypt'
10154].forEach(function (key) {
10155 exports[key] = publicEncrypt[key]
10156})
10157
10158// the least I can do is make error messages for the rest of the node.js/crypto api.
10159;[
10160 'createCredentials'
10161].forEach(function (name) {
10162 exports[name] = function () {
10163 throw new Error([
10164 'sorry, ' + name + ' is not implemented yet',
10165 'we accept pull requests',
10166 'https://github.com/crypto-browserify/crypto-browserify'
10167 ].join('\n'))
10168 }
10169})
10170
10171},{"browserify-cipher":35,"browserify-sign":42,"browserify-sign/algos":39,"create-ecdh":50,"create-hash":51,"create-hmac":54,"diffie-hellman":63,"pbkdf2":106,"public-encrypt":113,"randombytes":119}],57:[function(require,module,exports){
10172'use strict';
10173
10174exports.utils = require('./des/utils');
10175exports.Cipher = require('./des/cipher');
10176exports.DES = require('./des/des');
10177exports.CBC = require('./des/cbc');
10178exports.EDE = require('./des/ede');
10179
10180},{"./des/cbc":58,"./des/cipher":59,"./des/des":60,"./des/ede":61,"./des/utils":62}],58:[function(require,module,exports){
10181'use strict';
10182
10183var assert = require('minimalistic-assert');
10184var inherits = require('inherits');
10185
10186var proto = {};
10187
10188function CBCState(iv) {
10189 assert.equal(iv.length, 8, 'Invalid IV length');
10190
10191 this.iv = new Array(8);
10192 for (var i = 0; i < this.iv.length; i++)
10193 this.iv[i] = iv[i];
10194}
10195
10196function instantiate(Base) {
10197 function CBC(options) {
10198 Base.call(this, options);
10199 this._cbcInit();
10200 }
10201 inherits(CBC, Base);
10202
10203 var keys = Object.keys(proto);
10204 for (var i = 0; i < keys.length; i++) {
10205 var key = keys[i];
10206 CBC.prototype[key] = proto[key];
10207 }
10208
10209 CBC.create = function create(options) {
10210 return new CBC(options);
10211 };
10212
10213 return CBC;
10214}
10215
10216exports.instantiate = instantiate;
10217
10218proto._cbcInit = function _cbcInit() {
10219 var state = new CBCState(this.options.iv);
10220 this._cbcState = state;
10221};
10222
10223proto._update = function _update(inp, inOff, out, outOff) {
10224 var state = this._cbcState;
10225 var superProto = this.constructor.super_.prototype;
10226
10227 var iv = state.iv;
10228 if (this.type === 'encrypt') {
10229 for (var i = 0; i < this.blockSize; i++)
10230 iv[i] ^= inp[inOff + i];
10231
10232 superProto._update.call(this, iv, 0, out, outOff);
10233
10234 for (var i = 0; i < this.blockSize; i++)
10235 iv[i] = out[outOff + i];
10236 } else {
10237 superProto._update.call(this, inp, inOff, out, outOff);
10238
10239 for (var i = 0; i < this.blockSize; i++)
10240 out[outOff + i] ^= iv[i];
10241
10242 for (var i = 0; i < this.blockSize; i++)
10243 iv[i] = inp[inOff + i];
10244 }
10245};
10246
10247},{"inherits":95,"minimalistic-assert":99}],59:[function(require,module,exports){
10248'use strict';
10249
10250var assert = require('minimalistic-assert');
10251
10252function Cipher(options) {
10253 this.options = options;
10254
10255 this.type = this.options.type;
10256 this.blockSize = 8;
10257 this._init();
10258
10259 this.buffer = new Array(this.blockSize);
10260 this.bufferOff = 0;
10261}
10262module.exports = Cipher;
10263
10264Cipher.prototype._init = function _init() {
10265 // Might be overrided
10266};
10267
10268Cipher.prototype.update = function update(data) {
10269 if (data.length === 0)
10270 return [];
10271
10272 if (this.type === 'decrypt')
10273 return this._updateDecrypt(data);
10274 else
10275 return this._updateEncrypt(data);
10276};
10277
10278Cipher.prototype._buffer = function _buffer(data, off) {
10279 // Append data to buffer
10280 var min = Math.min(this.buffer.length - this.bufferOff, data.length - off);
10281 for (var i = 0; i < min; i++)
10282 this.buffer[this.bufferOff + i] = data[off + i];
10283 this.bufferOff += min;
10284
10285 // Shift next
10286 return min;
10287};
10288
10289Cipher.prototype._flushBuffer = function _flushBuffer(out, off) {
10290 this._update(this.buffer, 0, out, off);
10291 this.bufferOff = 0;
10292 return this.blockSize;
10293};
10294
10295Cipher.prototype._updateEncrypt = function _updateEncrypt(data) {
10296 var inputOff = 0;
10297 var outputOff = 0;
10298
10299 var count = ((this.bufferOff + data.length) / this.blockSize) | 0;
10300 var out = new Array(count * this.blockSize);
10301
10302 if (this.bufferOff !== 0) {
10303 inputOff += this._buffer(data, inputOff);
10304
10305 if (this.bufferOff === this.buffer.length)
10306 outputOff += this._flushBuffer(out, outputOff);
10307 }
10308
10309 // Write blocks
10310 var max = data.length - ((data.length - inputOff) % this.blockSize);
10311 for (; inputOff < max; inputOff += this.blockSize) {
10312 this._update(data, inputOff, out, outputOff);
10313 outputOff += this.blockSize;
10314 }
10315
10316 // Queue rest
10317 for (; inputOff < data.length; inputOff++, this.bufferOff++)
10318 this.buffer[this.bufferOff] = data[inputOff];
10319
10320 return out;
10321};
10322
10323Cipher.prototype._updateDecrypt = function _updateDecrypt(data) {
10324 var inputOff = 0;
10325 var outputOff = 0;
10326
10327 var count = Math.ceil((this.bufferOff + data.length) / this.blockSize) - 1;
10328 var out = new Array(count * this.blockSize);
10329
10330 // TODO(indutny): optimize it, this is far from optimal
10331 for (; count > 0; count--) {
10332 inputOff += this._buffer(data, inputOff);
10333 outputOff += this._flushBuffer(out, outputOff);
10334 }
10335
10336 // Buffer rest of the input
10337 inputOff += this._buffer(data, inputOff);
10338
10339 return out;
10340};
10341
10342Cipher.prototype.final = function final(buffer) {
10343 var first;
10344 if (buffer)
10345 first = this.update(buffer);
10346
10347 var last;
10348 if (this.type === 'encrypt')
10349 last = this._finalEncrypt();
10350 else
10351 last = this._finalDecrypt();
10352
10353 if (first)
10354 return first.concat(last);
10355 else
10356 return last;
10357};
10358
10359Cipher.prototype._pad = function _pad(buffer, off) {
10360 if (off === 0)
10361 return false;
10362
10363 while (off < buffer.length)
10364 buffer[off++] = 0;
10365
10366 return true;
10367};
10368
10369Cipher.prototype._finalEncrypt = function _finalEncrypt() {
10370 if (!this._pad(this.buffer, this.bufferOff))
10371 return [];
10372
10373 var out = new Array(this.blockSize);
10374 this._update(this.buffer, 0, out, 0);
10375 return out;
10376};
10377
10378Cipher.prototype._unpad = function _unpad(buffer) {
10379 return buffer;
10380};
10381
10382Cipher.prototype._finalDecrypt = function _finalDecrypt() {
10383 assert.equal(this.bufferOff, this.blockSize, 'Not enough data to decrypt');
10384 var out = new Array(this.blockSize);
10385 this._flushBuffer(out, 0);
10386
10387 return this._unpad(out);
10388};
10389
10390},{"minimalistic-assert":99}],60:[function(require,module,exports){
10391'use strict';
10392
10393var assert = require('minimalistic-assert');
10394var inherits = require('inherits');
10395
10396var des = require('../des');
10397var utils = des.utils;
10398var Cipher = des.Cipher;
10399
10400function DESState() {
10401 this.tmp = new Array(2);
10402 this.keys = null;
10403}
10404
10405function DES(options) {
10406 Cipher.call(this, options);
10407
10408 var state = new DESState();
10409 this._desState = state;
10410
10411 this.deriveKeys(state, options.key);
10412}
10413inherits(DES, Cipher);
10414module.exports = DES;
10415
10416DES.create = function create(options) {
10417 return new DES(options);
10418};
10419
10420var shiftTable = [
10421 1, 1, 2, 2, 2, 2, 2, 2,
10422 1, 2, 2, 2, 2, 2, 2, 1
10423];
10424
10425DES.prototype.deriveKeys = function deriveKeys(state, key) {
10426 state.keys = new Array(16 * 2);
10427
10428 assert.equal(key.length, this.blockSize, 'Invalid key length');
10429
10430 var kL = utils.readUInt32BE(key, 0);
10431 var kR = utils.readUInt32BE(key, 4);
10432
10433 utils.pc1(kL, kR, state.tmp, 0);
10434 kL = state.tmp[0];
10435 kR = state.tmp[1];
10436 for (var i = 0; i < state.keys.length; i += 2) {
10437 var shift = shiftTable[i >>> 1];
10438 kL = utils.r28shl(kL, shift);
10439 kR = utils.r28shl(kR, shift);
10440 utils.pc2(kL, kR, state.keys, i);
10441 }
10442};
10443
10444DES.prototype._update = function _update(inp, inOff, out, outOff) {
10445 var state = this._desState;
10446
10447 var l = utils.readUInt32BE(inp, inOff);
10448 var r = utils.readUInt32BE(inp, inOff + 4);
10449
10450 // Initial Permutation
10451 utils.ip(l, r, state.tmp, 0);
10452 l = state.tmp[0];
10453 r = state.tmp[1];
10454
10455 if (this.type === 'encrypt')
10456 this._encrypt(state, l, r, state.tmp, 0);
10457 else
10458 this._decrypt(state, l, r, state.tmp, 0);
10459
10460 l = state.tmp[0];
10461 r = state.tmp[1];
10462
10463 utils.writeUInt32BE(out, l, outOff);
10464 utils.writeUInt32BE(out, r, outOff + 4);
10465};
10466
10467DES.prototype._pad = function _pad(buffer, off) {
10468 var value = buffer.length - off;
10469 for (var i = off; i < buffer.length; i++)
10470 buffer[i] = value;
10471
10472 return true;
10473};
10474
10475DES.prototype._unpad = function _unpad(buffer) {
10476 var pad = buffer[buffer.length - 1];
10477 for (var i = buffer.length - pad; i < buffer.length; i++)
10478 assert.equal(buffer[i], pad);
10479
10480 return buffer.slice(0, buffer.length - pad);
10481};
10482
10483DES.prototype._encrypt = function _encrypt(state, lStart, rStart, out, off) {
10484 var l = lStart;
10485 var r = rStart;
10486
10487 // Apply f() x16 times
10488 for (var i = 0; i < state.keys.length; i += 2) {
10489 var keyL = state.keys[i];
10490 var keyR = state.keys[i + 1];
10491
10492 // f(r, k)
10493 utils.expand(r, state.tmp, 0);
10494
10495 keyL ^= state.tmp[0];
10496 keyR ^= state.tmp[1];
10497 var s = utils.substitute(keyL, keyR);
10498 var f = utils.permute(s);
10499
10500 var t = r;
10501 r = (l ^ f) >>> 0;
10502 l = t;
10503 }
10504
10505 // Reverse Initial Permutation
10506 utils.rip(r, l, out, off);
10507};
10508
10509DES.prototype._decrypt = function _decrypt(state, lStart, rStart, out, off) {
10510 var l = rStart;
10511 var r = lStart;
10512
10513 // Apply f() x16 times
10514 for (var i = state.keys.length - 2; i >= 0; i -= 2) {
10515 var keyL = state.keys[i];
10516 var keyR = state.keys[i + 1];
10517
10518 // f(r, k)
10519 utils.expand(l, state.tmp, 0);
10520
10521 keyL ^= state.tmp[0];
10522 keyR ^= state.tmp[1];
10523 var s = utils.substitute(keyL, keyR);
10524 var f = utils.permute(s);
10525
10526 var t = l;
10527 l = (r ^ f) >>> 0;
10528 r = t;
10529 }
10530
10531 // Reverse Initial Permutation
10532 utils.rip(l, r, out, off);
10533};
10534
10535},{"../des":57,"inherits":95,"minimalistic-assert":99}],61:[function(require,module,exports){
10536'use strict';
10537
10538var assert = require('minimalistic-assert');
10539var inherits = require('inherits');
10540
10541var des = require('../des');
10542var Cipher = des.Cipher;
10543var DES = des.DES;
10544
10545function EDEState(type, key) {
10546 assert.equal(key.length, 24, 'Invalid key length');
10547
10548 var k1 = key.slice(0, 8);
10549 var k2 = key.slice(8, 16);
10550 var k3 = key.slice(16, 24);
10551
10552 if (type === 'encrypt') {
10553 this.ciphers = [
10554 DES.create({ type: 'encrypt', key: k1 }),
10555 DES.create({ type: 'decrypt', key: k2 }),
10556 DES.create({ type: 'encrypt', key: k3 })
10557 ];
10558 } else {
10559 this.ciphers = [
10560 DES.create({ type: 'decrypt', key: k3 }),
10561 DES.create({ type: 'encrypt', key: k2 }),
10562 DES.create({ type: 'decrypt', key: k1 })
10563 ];
10564 }
10565}
10566
10567function EDE(options) {
10568 Cipher.call(this, options);
10569
10570 var state = new EDEState(this.type, this.options.key);
10571 this._edeState = state;
10572}
10573inherits(EDE, Cipher);
10574
10575module.exports = EDE;
10576
10577EDE.create = function create(options) {
10578 return new EDE(options);
10579};
10580
10581EDE.prototype._update = function _update(inp, inOff, out, outOff) {
10582 var state = this._edeState;
10583
10584 state.ciphers[0]._update(inp, inOff, out, outOff);
10585 state.ciphers[1]._update(out, outOff, out, outOff);
10586 state.ciphers[2]._update(out, outOff, out, outOff);
10587};
10588
10589EDE.prototype._pad = DES.prototype._pad;
10590EDE.prototype._unpad = DES.prototype._unpad;
10591
10592},{"../des":57,"inherits":95,"minimalistic-assert":99}],62:[function(require,module,exports){
10593'use strict';
10594
10595exports.readUInt32BE = function readUInt32BE(bytes, off) {
10596 var res = (bytes[0 + off] << 24) |
10597 (bytes[1 + off] << 16) |
10598 (bytes[2 + off] << 8) |
10599 bytes[3 + off];
10600 return res >>> 0;
10601};
10602
10603exports.writeUInt32BE = function writeUInt32BE(bytes, value, off) {
10604 bytes[0 + off] = value >>> 24;
10605 bytes[1 + off] = (value >>> 16) & 0xff;
10606 bytes[2 + off] = (value >>> 8) & 0xff;
10607 bytes[3 + off] = value & 0xff;
10608};
10609
10610exports.ip = function ip(inL, inR, out, off) {
10611 var outL = 0;
10612 var outR = 0;
10613
10614 for (var i = 6; i >= 0; i -= 2) {
10615 for (var j = 0; j <= 24; j += 8) {
10616 outL <<= 1;
10617 outL |= (inR >>> (j + i)) & 1;
10618 }
10619 for (var j = 0; j <= 24; j += 8) {
10620 outL <<= 1;
10621 outL |= (inL >>> (j + i)) & 1;
10622 }
10623 }
10624
10625 for (var i = 6; i >= 0; i -= 2) {
10626 for (var j = 1; j <= 25; j += 8) {
10627 outR <<= 1;
10628 outR |= (inR >>> (j + i)) & 1;
10629 }
10630 for (var j = 1; j <= 25; j += 8) {
10631 outR <<= 1;
10632 outR |= (inL >>> (j + i)) & 1;
10633 }
10634 }
10635
10636 out[off + 0] = outL >>> 0;
10637 out[off + 1] = outR >>> 0;
10638};
10639
10640exports.rip = function rip(inL, inR, out, off) {
10641 var outL = 0;
10642 var outR = 0;
10643
10644 for (var i = 0; i < 4; i++) {
10645 for (var j = 24; j >= 0; j -= 8) {
10646 outL <<= 1;
10647 outL |= (inR >>> (j + i)) & 1;
10648 outL <<= 1;
10649 outL |= (inL >>> (j + i)) & 1;
10650 }
10651 }
10652 for (var i = 4; i < 8; i++) {
10653 for (var j = 24; j >= 0; j -= 8) {
10654 outR <<= 1;
10655 outR |= (inR >>> (j + i)) & 1;
10656 outR <<= 1;
10657 outR |= (inL >>> (j + i)) & 1;
10658 }
10659 }
10660
10661 out[off + 0] = outL >>> 0;
10662 out[off + 1] = outR >>> 0;
10663};
10664
10665exports.pc1 = function pc1(inL, inR, out, off) {
10666 var outL = 0;
10667 var outR = 0;
10668
10669 // 7, 15, 23, 31, 39, 47, 55, 63
10670 // 6, 14, 22, 30, 39, 47, 55, 63
10671 // 5, 13, 21, 29, 39, 47, 55, 63
10672 // 4, 12, 20, 28
10673 for (var i = 7; i >= 5; i--) {
10674 for (var j = 0; j <= 24; j += 8) {
10675 outL <<= 1;
10676 outL |= (inR >> (j + i)) & 1;
10677 }
10678 for (var j = 0; j <= 24; j += 8) {
10679 outL <<= 1;
10680 outL |= (inL >> (j + i)) & 1;
10681 }
10682 }
10683 for (var j = 0; j <= 24; j += 8) {
10684 outL <<= 1;
10685 outL |= (inR >> (j + i)) & 1;
10686 }
10687
10688 // 1, 9, 17, 25, 33, 41, 49, 57
10689 // 2, 10, 18, 26, 34, 42, 50, 58
10690 // 3, 11, 19, 27, 35, 43, 51, 59
10691 // 36, 44, 52, 60
10692 for (var i = 1; i <= 3; i++) {
10693 for (var j = 0; j <= 24; j += 8) {
10694 outR <<= 1;
10695 outR |= (inR >> (j + i)) & 1;
10696 }
10697 for (var j = 0; j <= 24; j += 8) {
10698 outR <<= 1;
10699 outR |= (inL >> (j + i)) & 1;
10700 }
10701 }
10702 for (var j = 0; j <= 24; j += 8) {
10703 outR <<= 1;
10704 outR |= (inL >> (j + i)) & 1;
10705 }
10706
10707 out[off + 0] = outL >>> 0;
10708 out[off + 1] = outR >>> 0;
10709};
10710
10711exports.r28shl = function r28shl(num, shift) {
10712 return ((num << shift) & 0xfffffff) | (num >>> (28 - shift));
10713};
10714
10715var pc2table = [
10716 // inL => outL
10717 14, 11, 17, 4, 27, 23, 25, 0,
10718 13, 22, 7, 18, 5, 9, 16, 24,
10719 2, 20, 12, 21, 1, 8, 15, 26,
10720
10721 // inR => outR
10722 15, 4, 25, 19, 9, 1, 26, 16,
10723 5, 11, 23, 8, 12, 7, 17, 0,
10724 22, 3, 10, 14, 6, 20, 27, 24
10725];
10726
10727exports.pc2 = function pc2(inL, inR, out, off) {
10728 var outL = 0;
10729 var outR = 0;
10730
10731 var len = pc2table.length >>> 1;
10732 for (var i = 0; i < len; i++) {
10733 outL <<= 1;
10734 outL |= (inL >>> pc2table[i]) & 0x1;
10735 }
10736 for (var i = len; i < pc2table.length; i++) {
10737 outR <<= 1;
10738 outR |= (inR >>> pc2table[i]) & 0x1;
10739 }
10740
10741 out[off + 0] = outL >>> 0;
10742 out[off + 1] = outR >>> 0;
10743};
10744
10745exports.expand = function expand(r, out, off) {
10746 var outL = 0;
10747 var outR = 0;
10748
10749 outL = ((r & 1) << 5) | (r >>> 27);
10750 for (var i = 23; i >= 15; i -= 4) {
10751 outL <<= 6;
10752 outL |= (r >>> i) & 0x3f;
10753 }
10754 for (var i = 11; i >= 3; i -= 4) {
10755 outR |= (r >>> i) & 0x3f;
10756 outR <<= 6;
10757 }
10758 outR |= ((r & 0x1f) << 1) | (r >>> 31);
10759
10760 out[off + 0] = outL >>> 0;
10761 out[off + 1] = outR >>> 0;
10762};
10763
10764var sTable = [
10765 14, 0, 4, 15, 13, 7, 1, 4, 2, 14, 15, 2, 11, 13, 8, 1,
10766 3, 10, 10, 6, 6, 12, 12, 11, 5, 9, 9, 5, 0, 3, 7, 8,
10767 4, 15, 1, 12, 14, 8, 8, 2, 13, 4, 6, 9, 2, 1, 11, 7,
10768 15, 5, 12, 11, 9, 3, 7, 14, 3, 10, 10, 0, 5, 6, 0, 13,
10769
10770 15, 3, 1, 13, 8, 4, 14, 7, 6, 15, 11, 2, 3, 8, 4, 14,
10771 9, 12, 7, 0, 2, 1, 13, 10, 12, 6, 0, 9, 5, 11, 10, 5,
10772 0, 13, 14, 8, 7, 10, 11, 1, 10, 3, 4, 15, 13, 4, 1, 2,
10773 5, 11, 8, 6, 12, 7, 6, 12, 9, 0, 3, 5, 2, 14, 15, 9,
10774
10775 10, 13, 0, 7, 9, 0, 14, 9, 6, 3, 3, 4, 15, 6, 5, 10,
10776 1, 2, 13, 8, 12, 5, 7, 14, 11, 12, 4, 11, 2, 15, 8, 1,
10777 13, 1, 6, 10, 4, 13, 9, 0, 8, 6, 15, 9, 3, 8, 0, 7,
10778 11, 4, 1, 15, 2, 14, 12, 3, 5, 11, 10, 5, 14, 2, 7, 12,
10779
10780 7, 13, 13, 8, 14, 11, 3, 5, 0, 6, 6, 15, 9, 0, 10, 3,
10781 1, 4, 2, 7, 8, 2, 5, 12, 11, 1, 12, 10, 4, 14, 15, 9,
10782 10, 3, 6, 15, 9, 0, 0, 6, 12, 10, 11, 1, 7, 13, 13, 8,
10783 15, 9, 1, 4, 3, 5, 14, 11, 5, 12, 2, 7, 8, 2, 4, 14,
10784
10785 2, 14, 12, 11, 4, 2, 1, 12, 7, 4, 10, 7, 11, 13, 6, 1,
10786 8, 5, 5, 0, 3, 15, 15, 10, 13, 3, 0, 9, 14, 8, 9, 6,
10787 4, 11, 2, 8, 1, 12, 11, 7, 10, 1, 13, 14, 7, 2, 8, 13,
10788 15, 6, 9, 15, 12, 0, 5, 9, 6, 10, 3, 4, 0, 5, 14, 3,
10789
10790 12, 10, 1, 15, 10, 4, 15, 2, 9, 7, 2, 12, 6, 9, 8, 5,
10791 0, 6, 13, 1, 3, 13, 4, 14, 14, 0, 7, 11, 5, 3, 11, 8,
10792 9, 4, 14, 3, 15, 2, 5, 12, 2, 9, 8, 5, 12, 15, 3, 10,
10793 7, 11, 0, 14, 4, 1, 10, 7, 1, 6, 13, 0, 11, 8, 6, 13,
10794
10795 4, 13, 11, 0, 2, 11, 14, 7, 15, 4, 0, 9, 8, 1, 13, 10,
10796 3, 14, 12, 3, 9, 5, 7, 12, 5, 2, 10, 15, 6, 8, 1, 6,
10797 1, 6, 4, 11, 11, 13, 13, 8, 12, 1, 3, 4, 7, 10, 14, 7,
10798 10, 9, 15, 5, 6, 0, 8, 15, 0, 14, 5, 2, 9, 3, 2, 12,
10799
10800 13, 1, 2, 15, 8, 13, 4, 8, 6, 10, 15, 3, 11, 7, 1, 4,
10801 10, 12, 9, 5, 3, 6, 14, 11, 5, 0, 0, 14, 12, 9, 7, 2,
10802 7, 2, 11, 1, 4, 14, 1, 7, 9, 4, 12, 10, 14, 8, 2, 13,
10803 0, 15, 6, 12, 10, 9, 13, 0, 15, 3, 3, 5, 5, 6, 8, 11
10804];
10805
10806exports.substitute = function substitute(inL, inR) {
10807 var out = 0;
10808 for (var i = 0; i < 4; i++) {
10809 var b = (inL >>> (18 - i * 6)) & 0x3f;
10810 var sb = sTable[i * 0x40 + b];
10811
10812 out <<= 4;
10813 out |= sb;
10814 }
10815 for (var i = 0; i < 4; i++) {
10816 var b = (inR >>> (18 - i * 6)) & 0x3f;
10817 var sb = sTable[4 * 0x40 + i * 0x40 + b];
10818
10819 out <<= 4;
10820 out |= sb;
10821 }
10822 return out >>> 0;
10823};
10824
10825var permuteTable = [
10826 16, 25, 12, 11, 3, 20, 4, 15, 31, 17, 9, 6, 27, 14, 1, 22,
10827 30, 24, 8, 18, 0, 5, 29, 23, 13, 19, 2, 26, 10, 21, 28, 7
10828];
10829
10830exports.permute = function permute(num) {
10831 var out = 0;
10832 for (var i = 0; i < permuteTable.length; i++) {
10833 out <<= 1;
10834 out |= (num >>> permuteTable[i]) & 0x1;
10835 }
10836 return out >>> 0;
10837};
10838
10839exports.padSplit = function padSplit(num, size, group) {
10840 var str = num.toString(2);
10841 while (str.length < size)
10842 str = '0' + str;
10843
10844 var out = [];
10845 for (var i = 0; i < size; i += group)
10846 out.push(str.slice(i, i + group));
10847 return out.join(' ');
10848};
10849
10850},{}],63:[function(require,module,exports){
10851(function (Buffer){
10852var generatePrime = require('./lib/generatePrime')
10853var primes = require('./lib/primes.json')
10854
10855var DH = require('./lib/dh')
10856
10857function getDiffieHellman (mod) {
10858 var prime = new Buffer(primes[mod].prime, 'hex')
10859 var gen = new Buffer(primes[mod].gen, 'hex')
10860
10861 return new DH(prime, gen)
10862}
10863
10864var ENCODINGS = {
10865 'binary': true, 'hex': true, 'base64': true
10866}
10867
10868function createDiffieHellman (prime, enc, generator, genc) {
10869 if (Buffer.isBuffer(enc) || ENCODINGS[enc] === undefined) {
10870 return createDiffieHellman(prime, 'binary', enc, generator)
10871 }
10872
10873 enc = enc || 'binary'
10874 genc = genc || 'binary'
10875 generator = generator || new Buffer([2])
10876
10877 if (!Buffer.isBuffer(generator)) {
10878 generator = new Buffer(generator, genc)
10879 }
10880
10881 if (typeof prime === 'number') {
10882 return new DH(generatePrime(prime, generator), generator, true)
10883 }
10884
10885 if (!Buffer.isBuffer(prime)) {
10886 prime = new Buffer(prime, enc)
10887 }
10888
10889 return new DH(prime, generator, true)
10890}
10891
10892exports.DiffieHellmanGroup = exports.createDiffieHellmanGroup = exports.getDiffieHellman = getDiffieHellman
10893exports.createDiffieHellman = exports.DiffieHellman = createDiffieHellman
10894
10895}).call(this,require("buffer").Buffer)
10896},{"./lib/dh":64,"./lib/generatePrime":65,"./lib/primes.json":66,"buffer":47}],64:[function(require,module,exports){
10897(function (Buffer){
10898var BN = require('bn.js');
10899var MillerRabin = require('miller-rabin');
10900var millerRabin = new MillerRabin();
10901var TWENTYFOUR = new BN(24);
10902var ELEVEN = new BN(11);
10903var TEN = new BN(10);
10904var THREE = new BN(3);
10905var SEVEN = new BN(7);
10906var primes = require('./generatePrime');
10907var randomBytes = require('randombytes');
10908module.exports = DH;
10909
10910function setPublicKey(pub, enc) {
10911 enc = enc || 'utf8';
10912 if (!Buffer.isBuffer(pub)) {
10913 pub = new Buffer(pub, enc);
10914 }
10915 this._pub = new BN(pub);
10916 return this;
10917}
10918
10919function setPrivateKey(priv, enc) {
10920 enc = enc || 'utf8';
10921 if (!Buffer.isBuffer(priv)) {
10922 priv = new Buffer(priv, enc);
10923 }
10924 this._priv = new BN(priv);
10925 return this;
10926}
10927
10928var primeCache = {};
10929function checkPrime(prime, generator) {
10930 var gen = generator.toString('hex');
10931 var hex = [gen, prime.toString(16)].join('_');
10932 if (hex in primeCache) {
10933 return primeCache[hex];
10934 }
10935 var error = 0;
10936
10937 if (prime.isEven() ||
10938 !primes.simpleSieve ||
10939 !primes.fermatTest(prime) ||
10940 !millerRabin.test(prime)) {
10941 //not a prime so +1
10942 error += 1;
10943
10944 if (gen === '02' || gen === '05') {
10945 // we'd be able to check the generator
10946 // it would fail so +8
10947 error += 8;
10948 } else {
10949 //we wouldn't be able to test the generator
10950 // so +4
10951 error += 4;
10952 }
10953 primeCache[hex] = error;
10954 return error;
10955 }
10956 if (!millerRabin.test(prime.shrn(1))) {
10957 //not a safe prime
10958 error += 2;
10959 }
10960 var rem;
10961 switch (gen) {
10962 case '02':
10963 if (prime.mod(TWENTYFOUR).cmp(ELEVEN)) {
10964 // unsuidable generator
10965 error += 8;
10966 }
10967 break;
10968 case '05':
10969 rem = prime.mod(TEN);
10970 if (rem.cmp(THREE) && rem.cmp(SEVEN)) {
10971 // prime mod 10 needs to equal 3 or 7
10972 error += 8;
10973 }
10974 break;
10975 default:
10976 error += 4;
10977 }
10978 primeCache[hex] = error;
10979 return error;
10980}
10981
10982function DH(prime, generator, malleable) {
10983 this.setGenerator(generator);
10984 this.__prime = new BN(prime);
10985 this._prime = BN.mont(this.__prime);
10986 this._primeLen = prime.length;
10987 this._pub = undefined;
10988 this._priv = undefined;
10989 this._primeCode = undefined;
10990 if (malleable) {
10991 this.setPublicKey = setPublicKey;
10992 this.setPrivateKey = setPrivateKey;
10993 } else {
10994 this._primeCode = 8;
10995 }
10996}
10997Object.defineProperty(DH.prototype, 'verifyError', {
10998 enumerable: true,
10999 get: function () {
11000 if (typeof this._primeCode !== 'number') {
11001 this._primeCode = checkPrime(this.__prime, this.__gen);
11002 }
11003 return this._primeCode;
11004 }
11005});
11006DH.prototype.generateKeys = function () {
11007 if (!this._priv) {
11008 this._priv = new BN(randomBytes(this._primeLen));
11009 }
11010 this._pub = this._gen.toRed(this._prime).redPow(this._priv).fromRed();
11011 return this.getPublicKey();
11012};
11013
11014DH.prototype.computeSecret = function (other) {
11015 other = new BN(other);
11016 other = other.toRed(this._prime);
11017 var secret = other.redPow(this._priv).fromRed();
11018 var out = new Buffer(secret.toArray());
11019 var prime = this.getPrime();
11020 if (out.length < prime.length) {
11021 var front = new Buffer(prime.length - out.length);
11022 front.fill(0);
11023 out = Buffer.concat([front, out]);
11024 }
11025 return out;
11026};
11027
11028DH.prototype.getPublicKey = function getPublicKey(enc) {
11029 return formatReturnValue(this._pub, enc);
11030};
11031
11032DH.prototype.getPrivateKey = function getPrivateKey(enc) {
11033 return formatReturnValue(this._priv, enc);
11034};
11035
11036DH.prototype.getPrime = function (enc) {
11037 return formatReturnValue(this.__prime, enc);
11038};
11039
11040DH.prototype.getGenerator = function (enc) {
11041 return formatReturnValue(this._gen, enc);
11042};
11043
11044DH.prototype.setGenerator = function (gen, enc) {
11045 enc = enc || 'utf8';
11046 if (!Buffer.isBuffer(gen)) {
11047 gen = new Buffer(gen, enc);
11048 }
11049 this.__gen = gen;
11050 this._gen = new BN(gen);
11051 return this;
11052};
11053
11054function formatReturnValue(bn, enc) {
11055 var buf = new Buffer(bn.toArray());
11056 if (!enc) {
11057 return buf;
11058 } else {
11059 return buf.toString(enc);
11060 }
11061}
11062
11063}).call(this,require("buffer").Buffer)
11064},{"./generatePrime":65,"bn.js":17,"buffer":47,"miller-rabin":98,"randombytes":119}],65:[function(require,module,exports){
11065var randomBytes = require('randombytes');
11066module.exports = findPrime;
11067findPrime.simpleSieve = simpleSieve;
11068findPrime.fermatTest = fermatTest;
11069var BN = require('bn.js');
11070var TWENTYFOUR = new BN(24);
11071var MillerRabin = require('miller-rabin');
11072var millerRabin = new MillerRabin();
11073var ONE = new BN(1);
11074var TWO = new BN(2);
11075var FIVE = new BN(5);
11076var SIXTEEN = new BN(16);
11077var EIGHT = new BN(8);
11078var TEN = new BN(10);
11079var THREE = new BN(3);
11080var SEVEN = new BN(7);
11081var ELEVEN = new BN(11);
11082var FOUR = new BN(4);
11083var TWELVE = new BN(12);
11084var primes = null;
11085
11086function _getPrimes() {
11087 if (primes !== null)
11088 return primes;
11089
11090 var limit = 0x100000;
11091 var res = [];
11092 res[0] = 2;
11093 for (var i = 1, k = 3; k < limit; k += 2) {
11094 var sqrt = Math.ceil(Math.sqrt(k));
11095 for (var j = 0; j < i && res[j] <= sqrt; j++)
11096 if (k % res[j] === 0)
11097 break;
11098
11099 if (i !== j && res[j] <= sqrt)
11100 continue;
11101
11102 res[i++] = k;
11103 }
11104 primes = res;
11105 return res;
11106}
11107
11108function simpleSieve(p) {
11109 var primes = _getPrimes();
11110
11111 for (var i = 0; i < primes.length; i++)
11112 if (p.modn(primes[i]) === 0) {
11113 if (p.cmpn(primes[i]) === 0) {
11114 return true;
11115 } else {
11116 return false;
11117 }
11118 }
11119
11120 return true;
11121}
11122
11123function fermatTest(p) {
11124 var red = BN.mont(p);
11125 return TWO.toRed(red).redPow(p.subn(1)).fromRed().cmpn(1) === 0;
11126}
11127
11128function findPrime(bits, gen) {
11129 if (bits < 16) {
11130 // this is what openssl does
11131 if (gen === 2 || gen === 5) {
11132 return new BN([0x8c, 0x7b]);
11133 } else {
11134 return new BN([0x8c, 0x27]);
11135 }
11136 }
11137 gen = new BN(gen);
11138
11139 var num, n2;
11140
11141 while (true) {
11142 num = new BN(randomBytes(Math.ceil(bits / 8)));
11143 while (num.bitLength() > bits) {
11144 num.ishrn(1);
11145 }
11146 if (num.isEven()) {
11147 num.iadd(ONE);
11148 }
11149 if (!num.testn(1)) {
11150 num.iadd(TWO);
11151 }
11152 if (!gen.cmp(TWO)) {
11153 while (num.mod(TWENTYFOUR).cmp(ELEVEN)) {
11154 num.iadd(FOUR);
11155 }
11156 } else if (!gen.cmp(FIVE)) {
11157 while (num.mod(TEN).cmp(THREE)) {
11158 num.iadd(FOUR);
11159 }
11160 }
11161 n2 = num.shrn(1);
11162 if (simpleSieve(n2) && simpleSieve(num) &&
11163 fermatTest(n2) && fermatTest(num) &&
11164 millerRabin.test(n2) && millerRabin.test(num)) {
11165 return num;
11166 }
11167 }
11168
11169}
11170
11171},{"bn.js":17,"miller-rabin":98,"randombytes":119}],66:[function(require,module,exports){
11172module.exports={
11173 "modp1": {
11174 "gen": "02",
11175 "prime": "ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a63a3620ffffffffffffffff"
11176 },
11177 "modp2": {
11178 "gen": "02",
11179 "prime": "ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece65381ffffffffffffffff"
11180 },
11181 "modp5": {
11182 "gen": "02",
11183 "prime": "ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca237327ffffffffffffffff"
11184 },
11185 "modp14": {
11186 "gen": "02",
11187 "prime": "ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aacaa68ffffffffffffffff"
11188 },
11189 "modp15": {
11190 "gen": "02",
11191 "prime": "ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aaac42dad33170d04507a33a85521abdf1cba64ecfb850458dbef0a8aea71575d060c7db3970f85a6e1e4c7abf5ae8cdb0933d71e8c94e04a25619dcee3d2261ad2ee6bf12ffa06d98a0864d87602733ec86a64521f2b18177b200cbbe117577a615d6c770988c0bad946e208e24fa074e5ab3143db5bfce0fd108e4b82d120a93ad2caffffffffffffffff"
11192 },
11193 "modp16": {
11194 "gen": "02",
11195 "prime": "ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aaac42dad33170d04507a33a85521abdf1cba64ecfb850458dbef0a8aea71575d060c7db3970f85a6e1e4c7abf5ae8cdb0933d71e8c94e04a25619dcee3d2261ad2ee6bf12ffa06d98a0864d87602733ec86a64521f2b18177b200cbbe117577a615d6c770988c0bad946e208e24fa074e5ab3143db5bfce0fd108e4b82d120a92108011a723c12a787e6d788719a10bdba5b2699c327186af4e23c1a946834b6150bda2583e9ca2ad44ce8dbbbc2db04de8ef92e8efc141fbecaa6287c59474e6bc05d99b2964fa090c3a2233ba186515be7ed1f612970cee2d7afb81bdd762170481cd0069127d5b05aa993b4ea988d8fddc186ffb7dc90a6c08f4df435c934063199ffffffffffffffff"
11196 },
11197 "modp17": {
11198 "gen": "02",
11199 "prime": "ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aaac42dad33170d04507a33a85521abdf1cba64ecfb850458dbef0a8aea71575d060c7db3970f85a6e1e4c7abf5ae8cdb0933d71e8c94e04a25619dcee3d2261ad2ee6bf12ffa06d98a0864d87602733ec86a64521f2b18177b200cbbe117577a615d6c770988c0bad946e208e24fa074e5ab3143db5bfce0fd108e4b82d120a92108011a723c12a787e6d788719a10bdba5b2699c327186af4e23c1a946834b6150bda2583e9ca2ad44ce8dbbbc2db04de8ef92e8efc141fbecaa6287c59474e6bc05d99b2964fa090c3a2233ba186515be7ed1f612970cee2d7afb81bdd762170481cd0069127d5b05aa993b4ea988d8fddc186ffb7dc90a6c08f4df435c93402849236c3fab4d27c7026c1d4dcb2602646dec9751e763dba37bdf8ff9406ad9e530ee5db382f413001aeb06a53ed9027d831179727b0865a8918da3edbebcf9b14ed44ce6cbaced4bb1bdb7f1447e6cc254b332051512bd7af426fb8f401378cd2bf5983ca01c64b92ecf032ea15d1721d03f482d7ce6e74fef6d55e702f46980c82b5a84031900b1c9e59e7c97fbec7e8f323a97a7e36cc88be0f1d45b7ff585ac54bd407b22b4154aacc8f6d7ebf48e1d814cc5ed20f8037e0a79715eef29be32806a1d58bb7c5da76f550aa3d8a1fbff0eb19ccb1a313d55cda56c9ec2ef29632387fe8d76e3c0468043e8f663f4860ee12bf2d5b0b7474d6e694f91e6dcc4024ffffffffffffffff"
11200 },
11201 "modp18": {
11202 "gen": "02",
11203 "prime": "ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aaac42dad33170d04507a33a85521abdf1cba64ecfb850458dbef0a8aea71575d060c7db3970f85a6e1e4c7abf5ae8cdb0933d71e8c94e04a25619dcee3d2261ad2ee6bf12ffa06d98a0864d87602733ec86a64521f2b18177b200cbbe117577a615d6c770988c0bad946e208e24fa074e5ab3143db5bfce0fd108e4b82d120a92108011a723c12a787e6d788719a10bdba5b2699c327186af4e23c1a946834b6150bda2583e9ca2ad44ce8dbbbc2db04de8ef92e8efc141fbecaa6287c59474e6bc05d99b2964fa090c3a2233ba186515be7ed1f612970cee2d7afb81bdd762170481cd0069127d5b05aa993b4ea988d8fddc186ffb7dc90a6c08f4df435c93402849236c3fab4d27c7026c1d4dcb2602646dec9751e763dba37bdf8ff9406ad9e530ee5db382f413001aeb06a53ed9027d831179727b0865a8918da3edbebcf9b14ed44ce6cbaced4bb1bdb7f1447e6cc254b332051512bd7af426fb8f401378cd2bf5983ca01c64b92ecf032ea15d1721d03f482d7ce6e74fef6d55e702f46980c82b5a84031900b1c9e59e7c97fbec7e8f323a97a7e36cc88be0f1d45b7ff585ac54bd407b22b4154aacc8f6d7ebf48e1d814cc5ed20f8037e0a79715eef29be32806a1d58bb7c5da76f550aa3d8a1fbff0eb19ccb1a313d55cda56c9ec2ef29632387fe8d76e3c0468043e8f663f4860ee12bf2d5b0b7474d6e694f91e6dbe115974a3926f12fee5e438777cb6a932df8cd8bec4d073b931ba3bc832b68d9dd300741fa7bf8afc47ed2576f6936ba424663aab639c5ae4f5683423b4742bf1c978238f16cbe39d652de3fdb8befc848ad922222e04a4037c0713eb57a81a23f0c73473fc646cea306b4bcbc8862f8385ddfa9d4b7fa2c087e879683303ed5bdd3a062b3cf5b3a278a66d2a13f83f44f82ddf310ee074ab6a364597e899a0255dc164f31cc50846851df9ab48195ded7ea1b1d510bd7ee74d73faf36bc31ecfa268359046f4eb879f924009438b481c6cd7889a002ed5ee382bc9190da6fc026e479558e4475677e9aa9e3050e2765694dfc81f56e880b96e7160c980dd98edd3dfffffffffffffffff"
11204 }
11205}
11206},{}],67:[function(require,module,exports){
11207'use strict';
11208
11209var elliptic = exports;
11210
11211elliptic.version = require('../package.json').version;
11212elliptic.utils = require('./elliptic/utils');
11213elliptic.rand = require('brorand');
11214elliptic.curve = require('./elliptic/curve');
11215elliptic.curves = require('./elliptic/curves');
11216
11217// Protocols
11218elliptic.ec = require('./elliptic/ec');
11219elliptic.eddsa = require('./elliptic/eddsa');
11220
11221},{"../package.json":82,"./elliptic/curve":70,"./elliptic/curves":73,"./elliptic/ec":74,"./elliptic/eddsa":77,"./elliptic/utils":81,"brorand":18}],68:[function(require,module,exports){
11222'use strict';
11223
11224var BN = require('bn.js');
11225var elliptic = require('../../elliptic');
11226var utils = elliptic.utils;
11227var getNAF = utils.getNAF;
11228var getJSF = utils.getJSF;
11229var assert = utils.assert;
11230
11231function BaseCurve(type, conf) {
11232 this.type = type;
11233 this.p = new BN(conf.p, 16);
11234
11235 // Use Montgomery, when there is no fast reduction for the prime
11236 this.red = conf.prime ? BN.red(conf.prime) : BN.mont(this.p);
11237
11238 // Useful for many curves
11239 this.zero = new BN(0).toRed(this.red);
11240 this.one = new BN(1).toRed(this.red);
11241 this.two = new BN(2).toRed(this.red);
11242
11243 // Curve configuration, optional
11244 this.n = conf.n && new BN(conf.n, 16);
11245 this.g = conf.g && this.pointFromJSON(conf.g, conf.gRed);
11246
11247 // Temporary arrays
11248 this._wnafT1 = new Array(4);
11249 this._wnafT2 = new Array(4);
11250 this._wnafT3 = new Array(4);
11251 this._wnafT4 = new Array(4);
11252
11253 // Generalized Greg Maxwell's trick
11254 var adjustCount = this.n && this.p.div(this.n);
11255 if (!adjustCount || adjustCount.cmpn(100) > 0) {
11256 this.redN = null;
11257 } else {
11258 this._maxwellTrick = true;
11259 this.redN = this.n.toRed(this.red);
11260 }
11261}
11262module.exports = BaseCurve;
11263
11264BaseCurve.prototype.point = function point() {
11265 throw new Error('Not implemented');
11266};
11267
11268BaseCurve.prototype.validate = function validate() {
11269 throw new Error('Not implemented');
11270};
11271
11272BaseCurve.prototype._fixedNafMul = function _fixedNafMul(p, k) {
11273 assert(p.precomputed);
11274 var doubles = p._getDoubles();
11275
11276 var naf = getNAF(k, 1);
11277 var I = (1 << (doubles.step + 1)) - (doubles.step % 2 === 0 ? 2 : 1);
11278 I /= 3;
11279
11280 // Translate into more windowed form
11281 var repr = [];
11282 for (var j = 0; j < naf.length; j += doubles.step) {
11283 var nafW = 0;
11284 for (var k = j + doubles.step - 1; k >= j; k--)
11285 nafW = (nafW << 1) + naf[k];
11286 repr.push(nafW);
11287 }
11288
11289 var a = this.jpoint(null, null, null);
11290 var b = this.jpoint(null, null, null);
11291 for (var i = I; i > 0; i--) {
11292 for (var j = 0; j < repr.length; j++) {
11293 var nafW = repr[j];
11294 if (nafW === i)
11295 b = b.mixedAdd(doubles.points[j]);
11296 else if (nafW === -i)
11297 b = b.mixedAdd(doubles.points[j].neg());
11298 }
11299 a = a.add(b);
11300 }
11301 return a.toP();
11302};
11303
11304BaseCurve.prototype._wnafMul = function _wnafMul(p, k) {
11305 var w = 4;
11306
11307 // Precompute window
11308 var nafPoints = p._getNAFPoints(w);
11309 w = nafPoints.wnd;
11310 var wnd = nafPoints.points;
11311
11312 // Get NAF form
11313 var naf = getNAF(k, w);
11314
11315 // Add `this`*(N+1) for every w-NAF index
11316 var acc = this.jpoint(null, null, null);
11317 for (var i = naf.length - 1; i >= 0; i--) {
11318 // Count zeroes
11319 for (var k = 0; i >= 0 && naf[i] === 0; i--)
11320 k++;
11321 if (i >= 0)
11322 k++;
11323 acc = acc.dblp(k);
11324
11325 if (i < 0)
11326 break;
11327 var z = naf[i];
11328 assert(z !== 0);
11329 if (p.type === 'affine') {
11330 // J +- P
11331 if (z > 0)
11332 acc = acc.mixedAdd(wnd[(z - 1) >> 1]);
11333 else
11334 acc = acc.mixedAdd(wnd[(-z - 1) >> 1].neg());
11335 } else {
11336 // J +- J
11337 if (z > 0)
11338 acc = acc.add(wnd[(z - 1) >> 1]);
11339 else
11340 acc = acc.add(wnd[(-z - 1) >> 1].neg());
11341 }
11342 }
11343 return p.type === 'affine' ? acc.toP() : acc;
11344};
11345
11346BaseCurve.prototype._wnafMulAdd = function _wnafMulAdd(defW,
11347 points,
11348 coeffs,
11349 len,
11350 jacobianResult) {
11351 var wndWidth = this._wnafT1;
11352 var wnd = this._wnafT2;
11353 var naf = this._wnafT3;
11354
11355 // Fill all arrays
11356 var max = 0;
11357 for (var i = 0; i < len; i++) {
11358 var p = points[i];
11359 var nafPoints = p._getNAFPoints(defW);
11360 wndWidth[i] = nafPoints.wnd;
11361 wnd[i] = nafPoints.points;
11362 }
11363
11364 // Comb small window NAFs
11365 for (var i = len - 1; i >= 1; i -= 2) {
11366 var a = i - 1;
11367 var b = i;
11368 if (wndWidth[a] !== 1 || wndWidth[b] !== 1) {
11369 naf[a] = getNAF(coeffs[a], wndWidth[a]);
11370 naf[b] = getNAF(coeffs[b], wndWidth[b]);
11371 max = Math.max(naf[a].length, max);
11372 max = Math.max(naf[b].length, max);
11373 continue;
11374 }
11375
11376 var comb = [
11377 points[a], /* 1 */
11378 null, /* 3 */
11379 null, /* 5 */
11380 points[b] /* 7 */
11381 ];
11382
11383 // Try to avoid Projective points, if possible
11384 if (points[a].y.cmp(points[b].y) === 0) {
11385 comb[1] = points[a].add(points[b]);
11386 comb[2] = points[a].toJ().mixedAdd(points[b].neg());
11387 } else if (points[a].y.cmp(points[b].y.redNeg()) === 0) {
11388 comb[1] = points[a].toJ().mixedAdd(points[b]);
11389 comb[2] = points[a].add(points[b].neg());
11390 } else {
11391 comb[1] = points[a].toJ().mixedAdd(points[b]);
11392 comb[2] = points[a].toJ().mixedAdd(points[b].neg());
11393 }
11394
11395 var index = [
11396 -3, /* -1 -1 */
11397 -1, /* -1 0 */
11398 -5, /* -1 1 */
11399 -7, /* 0 -1 */
11400 0, /* 0 0 */
11401 7, /* 0 1 */
11402 5, /* 1 -1 */
11403 1, /* 1 0 */
11404 3 /* 1 1 */
11405 ];
11406
11407 var jsf = getJSF(coeffs[a], coeffs[b]);
11408 max = Math.max(jsf[0].length, max);
11409 naf[a] = new Array(max);
11410 naf[b] = new Array(max);
11411 for (var j = 0; j < max; j++) {
11412 var ja = jsf[0][j] | 0;
11413 var jb = jsf[1][j] | 0;
11414
11415 naf[a][j] = index[(ja + 1) * 3 + (jb + 1)];
11416 naf[b][j] = 0;
11417 wnd[a] = comb;
11418 }
11419 }
11420
11421 var acc = this.jpoint(null, null, null);
11422 var tmp = this._wnafT4;
11423 for (var i = max; i >= 0; i--) {
11424 var k = 0;
11425
11426 while (i >= 0) {
11427 var zero = true;
11428 for (var j = 0; j < len; j++) {
11429 tmp[j] = naf[j][i] | 0;
11430 if (tmp[j] !== 0)
11431 zero = false;
11432 }
11433 if (!zero)
11434 break;
11435 k++;
11436 i--;
11437 }
11438 if (i >= 0)
11439 k++;
11440 acc = acc.dblp(k);
11441 if (i < 0)
11442 break;
11443
11444 for (var j = 0; j < len; j++) {
11445 var z = tmp[j];
11446 var p;
11447 if (z === 0)
11448 continue;
11449 else if (z > 0)
11450 p = wnd[j][(z - 1) >> 1];
11451 else if (z < 0)
11452 p = wnd[j][(-z - 1) >> 1].neg();
11453
11454 if (p.type === 'affine')
11455 acc = acc.mixedAdd(p);
11456 else
11457 acc = acc.add(p);
11458 }
11459 }
11460 // Zeroify references
11461 for (var i = 0; i < len; i++)
11462 wnd[i] = null;
11463
11464 if (jacobianResult)
11465 return acc;
11466 else
11467 return acc.toP();
11468};
11469
11470function BasePoint(curve, type) {
11471 this.curve = curve;
11472 this.type = type;
11473 this.precomputed = null;
11474}
11475BaseCurve.BasePoint = BasePoint;
11476
11477BasePoint.prototype.eq = function eq(/*other*/) {
11478 throw new Error('Not implemented');
11479};
11480
11481BasePoint.prototype.validate = function validate() {
11482 return this.curve.validate(this);
11483};
11484
11485BaseCurve.prototype.decodePoint = function decodePoint(bytes, enc) {
11486 bytes = utils.toArray(bytes, enc);
11487
11488 var len = this.p.byteLength();
11489
11490 // uncompressed, hybrid-odd, hybrid-even
11491 if ((bytes[0] === 0x04 || bytes[0] === 0x06 || bytes[0] === 0x07) &&
11492 bytes.length - 1 === 2 * len) {
11493 if (bytes[0] === 0x06)
11494 assert(bytes[bytes.length - 1] % 2 === 0);
11495 else if (bytes[0] === 0x07)
11496 assert(bytes[bytes.length - 1] % 2 === 1);
11497
11498 var res = this.point(bytes.slice(1, 1 + len),
11499 bytes.slice(1 + len, 1 + 2 * len));
11500
11501 return res;
11502 } else if ((bytes[0] === 0x02 || bytes[0] === 0x03) &&
11503 bytes.length - 1 === len) {
11504 return this.pointFromX(bytes.slice(1, 1 + len), bytes[0] === 0x03);
11505 }
11506 throw new Error('Unknown point format');
11507};
11508
11509BasePoint.prototype.encodeCompressed = function encodeCompressed(enc) {
11510 return this.encode(enc, true);
11511};
11512
11513BasePoint.prototype._encode = function _encode(compact) {
11514 var len = this.curve.p.byteLength();
11515 var x = this.getX().toArray('be', len);
11516
11517 if (compact)
11518 return [ this.getY().isEven() ? 0x02 : 0x03 ].concat(x);
11519
11520 return [ 0x04 ].concat(x, this.getY().toArray('be', len)) ;
11521};
11522
11523BasePoint.prototype.encode = function encode(enc, compact) {
11524 return utils.encode(this._encode(compact), enc);
11525};
11526
11527BasePoint.prototype.precompute = function precompute(power) {
11528 if (this.precomputed)
11529 return this;
11530
11531 var precomputed = {
11532 doubles: null,
11533 naf: null,
11534 beta: null
11535 };
11536 precomputed.naf = this._getNAFPoints(8);
11537 precomputed.doubles = this._getDoubles(4, power);
11538 precomputed.beta = this._getBeta();
11539 this.precomputed = precomputed;
11540
11541 return this;
11542};
11543
11544BasePoint.prototype._hasDoubles = function _hasDoubles(k) {
11545 if (!this.precomputed)
11546 return false;
11547
11548 var doubles = this.precomputed.doubles;
11549 if (!doubles)
11550 return false;
11551
11552 return doubles.points.length >= Math.ceil((k.bitLength() + 1) / doubles.step);
11553};
11554
11555BasePoint.prototype._getDoubles = function _getDoubles(step, power) {
11556 if (this.precomputed && this.precomputed.doubles)
11557 return this.precomputed.doubles;
11558
11559 var doubles = [ this ];
11560 var acc = this;
11561 for (var i = 0; i < power; i += step) {
11562 for (var j = 0; j < step; j++)
11563 acc = acc.dbl();
11564 doubles.push(acc);
11565 }
11566 return {
11567 step: step,
11568 points: doubles
11569 };
11570};
11571
11572BasePoint.prototype._getNAFPoints = function _getNAFPoints(wnd) {
11573 if (this.precomputed && this.precomputed.naf)
11574 return this.precomputed.naf;
11575
11576 var res = [ this ];
11577 var max = (1 << wnd) - 1;
11578 var dbl = max === 1 ? null : this.dbl();
11579 for (var i = 1; i < max; i++)
11580 res[i] = res[i - 1].add(dbl);
11581 return {
11582 wnd: wnd,
11583 points: res
11584 };
11585};
11586
11587BasePoint.prototype._getBeta = function _getBeta() {
11588 return null;
11589};
11590
11591BasePoint.prototype.dblp = function dblp(k) {
11592 var r = this;
11593 for (var i = 0; i < k; i++)
11594 r = r.dbl();
11595 return r;
11596};
11597
11598},{"../../elliptic":67,"bn.js":17}],69:[function(require,module,exports){
11599'use strict';
11600
11601var curve = require('../curve');
11602var elliptic = require('../../elliptic');
11603var BN = require('bn.js');
11604var inherits = require('inherits');
11605var Base = curve.base;
11606
11607var assert = elliptic.utils.assert;
11608
11609function EdwardsCurve(conf) {
11610 // NOTE: Important as we are creating point in Base.call()
11611 this.twisted = (conf.a | 0) !== 1;
11612 this.mOneA = this.twisted && (conf.a | 0) === -1;
11613 this.extended = this.mOneA;
11614
11615 Base.call(this, 'edwards', conf);
11616
11617 this.a = new BN(conf.a, 16).umod(this.red.m);
11618 this.a = this.a.toRed(this.red);
11619 this.c = new BN(conf.c, 16).toRed(this.red);
11620 this.c2 = this.c.redSqr();
11621 this.d = new BN(conf.d, 16).toRed(this.red);
11622 this.dd = this.d.redAdd(this.d);
11623
11624 assert(!this.twisted || this.c.fromRed().cmpn(1) === 0);
11625 this.oneC = (conf.c | 0) === 1;
11626}
11627inherits(EdwardsCurve, Base);
11628module.exports = EdwardsCurve;
11629
11630EdwardsCurve.prototype._mulA = function _mulA(num) {
11631 if (this.mOneA)
11632 return num.redNeg();
11633 else
11634 return this.a.redMul(num);
11635};
11636
11637EdwardsCurve.prototype._mulC = function _mulC(num) {
11638 if (this.oneC)
11639 return num;
11640 else
11641 return this.c.redMul(num);
11642};
11643
11644// Just for compatibility with Short curve
11645EdwardsCurve.prototype.jpoint = function jpoint(x, y, z, t) {
11646 return this.point(x, y, z, t);
11647};
11648
11649EdwardsCurve.prototype.pointFromX = function pointFromX(x, odd) {
11650 x = new BN(x, 16);
11651 if (!x.red)
11652 x = x.toRed(this.red);
11653
11654 var x2 = x.redSqr();
11655 var rhs = this.c2.redSub(this.a.redMul(x2));
11656 var lhs = this.one.redSub(this.c2.redMul(this.d).redMul(x2));
11657
11658 var y2 = rhs.redMul(lhs.redInvm());
11659 var y = y2.redSqrt();
11660 if (y.redSqr().redSub(y2).cmp(this.zero) !== 0)
11661 throw new Error('invalid point');
11662
11663 var isOdd = y.fromRed().isOdd();
11664 if (odd && !isOdd || !odd && isOdd)
11665 y = y.redNeg();
11666
11667 return this.point(x, y);
11668};
11669
11670EdwardsCurve.prototype.pointFromY = function pointFromY(y, odd) {
11671 y = new BN(y, 16);
11672 if (!y.red)
11673 y = y.toRed(this.red);
11674
11675 // x^2 = (y^2 - 1) / (d y^2 + 1)
11676 var y2 = y.redSqr();
11677 var lhs = y2.redSub(this.one);
11678 var rhs = y2.redMul(this.d).redAdd(this.one);
11679 var x2 = lhs.redMul(rhs.redInvm());
11680
11681 if (x2.cmp(this.zero) === 0) {
11682 if (odd)
11683 throw new Error('invalid point');
11684 else
11685 return this.point(this.zero, y);
11686 }
11687
11688 var x = x2.redSqrt();
11689 if (x.redSqr().redSub(x2).cmp(this.zero) !== 0)
11690 throw new Error('invalid point');
11691
11692 if (x.isOdd() !== odd)
11693 x = x.redNeg();
11694
11695 return this.point(x, y);
11696};
11697
11698EdwardsCurve.prototype.validate = function validate(point) {
11699 if (point.isInfinity())
11700 return true;
11701
11702 // Curve: A * X^2 + Y^2 = C^2 * (1 + D * X^2 * Y^2)
11703 point.normalize();
11704
11705 var x2 = point.x.redSqr();
11706 var y2 = point.y.redSqr();
11707 var lhs = x2.redMul(this.a).redAdd(y2);
11708 var rhs = this.c2.redMul(this.one.redAdd(this.d.redMul(x2).redMul(y2)));
11709
11710 return lhs.cmp(rhs) === 0;
11711};
11712
11713function Point(curve, x, y, z, t) {
11714 Base.BasePoint.call(this, curve, 'projective');
11715 if (x === null && y === null && z === null) {
11716 this.x = this.curve.zero;
11717 this.y = this.curve.one;
11718 this.z = this.curve.one;
11719 this.t = this.curve.zero;
11720 this.zOne = true;
11721 } else {
11722 this.x = new BN(x, 16);
11723 this.y = new BN(y, 16);
11724 this.z = z ? new BN(z, 16) : this.curve.one;
11725 this.t = t && new BN(t, 16);
11726 if (!this.x.red)
11727 this.x = this.x.toRed(this.curve.red);
11728 if (!this.y.red)
11729 this.y = this.y.toRed(this.curve.red);
11730 if (!this.z.red)
11731 this.z = this.z.toRed(this.curve.red);
11732 if (this.t && !this.t.red)
11733 this.t = this.t.toRed(this.curve.red);
11734 this.zOne = this.z === this.curve.one;
11735
11736 // Use extended coordinates
11737 if (this.curve.extended && !this.t) {
11738 this.t = this.x.redMul(this.y);
11739 if (!this.zOne)
11740 this.t = this.t.redMul(this.z.redInvm());
11741 }
11742 }
11743}
11744inherits(Point, Base.BasePoint);
11745
11746EdwardsCurve.prototype.pointFromJSON = function pointFromJSON(obj) {
11747 return Point.fromJSON(this, obj);
11748};
11749
11750EdwardsCurve.prototype.point = function point(x, y, z, t) {
11751 return new Point(this, x, y, z, t);
11752};
11753
11754Point.fromJSON = function fromJSON(curve, obj) {
11755 return new Point(curve, obj[0], obj[1], obj[2]);
11756};
11757
11758Point.prototype.inspect = function inspect() {
11759 if (this.isInfinity())
11760 return '<EC Point Infinity>';
11761 return '<EC Point x: ' + this.x.fromRed().toString(16, 2) +
11762 ' y: ' + this.y.fromRed().toString(16, 2) +
11763 ' z: ' + this.z.fromRed().toString(16, 2) + '>';
11764};
11765
11766Point.prototype.isInfinity = function isInfinity() {
11767 // XXX This code assumes that zero is always zero in red
11768 return this.x.cmpn(0) === 0 &&
11769 this.y.cmp(this.z) === 0;
11770};
11771
11772Point.prototype._extDbl = function _extDbl() {
11773 // hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html
11774 // #doubling-dbl-2008-hwcd
11775 // 4M + 4S
11776
11777 // A = X1^2
11778 var a = this.x.redSqr();
11779 // B = Y1^2
11780 var b = this.y.redSqr();
11781 // C = 2 * Z1^2
11782 var c = this.z.redSqr();
11783 c = c.redIAdd(c);
11784 // D = a * A
11785 var d = this.curve._mulA(a);
11786 // E = (X1 + Y1)^2 - A - B
11787 var e = this.x.redAdd(this.y).redSqr().redISub(a).redISub(b);
11788 // G = D + B
11789 var g = d.redAdd(b);
11790 // F = G - C
11791 var f = g.redSub(c);
11792 // H = D - B
11793 var h = d.redSub(b);
11794 // X3 = E * F
11795 var nx = e.redMul(f);
11796 // Y3 = G * H
11797 var ny = g.redMul(h);
11798 // T3 = E * H
11799 var nt = e.redMul(h);
11800 // Z3 = F * G
11801 var nz = f.redMul(g);
11802 return this.curve.point(nx, ny, nz, nt);
11803};
11804
11805Point.prototype._projDbl = function _projDbl() {
11806 // hyperelliptic.org/EFD/g1p/auto-twisted-projective.html
11807 // #doubling-dbl-2008-bbjlp
11808 // #doubling-dbl-2007-bl
11809 // and others
11810 // Generally 3M + 4S or 2M + 4S
11811
11812 // B = (X1 + Y1)^2
11813 var b = this.x.redAdd(this.y).redSqr();
11814 // C = X1^2
11815 var c = this.x.redSqr();
11816 // D = Y1^2
11817 var d = this.y.redSqr();
11818
11819 var nx;
11820 var ny;
11821 var nz;
11822 if (this.curve.twisted) {
11823 // E = a * C
11824 var e = this.curve._mulA(c);
11825 // F = E + D
11826 var f = e.redAdd(d);
11827 if (this.zOne) {
11828 // X3 = (B - C - D) * (F - 2)
11829 nx = b.redSub(c).redSub(d).redMul(f.redSub(this.curve.two));
11830 // Y3 = F * (E - D)
11831 ny = f.redMul(e.redSub(d));
11832 // Z3 = F^2 - 2 * F
11833 nz = f.redSqr().redSub(f).redSub(f);
11834 } else {
11835 // H = Z1^2
11836 var h = this.z.redSqr();
11837 // J = F - 2 * H
11838 var j = f.redSub(h).redISub(h);
11839 // X3 = (B-C-D)*J
11840 nx = b.redSub(c).redISub(d).redMul(j);
11841 // Y3 = F * (E - D)
11842 ny = f.redMul(e.redSub(d));
11843 // Z3 = F * J
11844 nz = f.redMul(j);
11845 }
11846 } else {
11847 // E = C + D
11848 var e = c.redAdd(d);
11849 // H = (c * Z1)^2
11850 var h = this.curve._mulC(this.c.redMul(this.z)).redSqr();
11851 // J = E - 2 * H
11852 var j = e.redSub(h).redSub(h);
11853 // X3 = c * (B - E) * J
11854 nx = this.curve._mulC(b.redISub(e)).redMul(j);
11855 // Y3 = c * E * (C - D)
11856 ny = this.curve._mulC(e).redMul(c.redISub(d));
11857 // Z3 = E * J
11858 nz = e.redMul(j);
11859 }
11860 return this.curve.point(nx, ny, nz);
11861};
11862
11863Point.prototype.dbl = function dbl() {
11864 if (this.isInfinity())
11865 return this;
11866
11867 // Double in extended coordinates
11868 if (this.curve.extended)
11869 return this._extDbl();
11870 else
11871 return this._projDbl();
11872};
11873
11874Point.prototype._extAdd = function _extAdd(p) {
11875 // hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html
11876 // #addition-add-2008-hwcd-3
11877 // 8M
11878
11879 // A = (Y1 - X1) * (Y2 - X2)
11880 var a = this.y.redSub(this.x).redMul(p.y.redSub(p.x));
11881 // B = (Y1 + X1) * (Y2 + X2)
11882 var b = this.y.redAdd(this.x).redMul(p.y.redAdd(p.x));
11883 // C = T1 * k * T2
11884 var c = this.t.redMul(this.curve.dd).redMul(p.t);
11885 // D = Z1 * 2 * Z2
11886 var d = this.z.redMul(p.z.redAdd(p.z));
11887 // E = B - A
11888 var e = b.redSub(a);
11889 // F = D - C
11890 var f = d.redSub(c);
11891 // G = D + C
11892 var g = d.redAdd(c);
11893 // H = B + A
11894 var h = b.redAdd(a);
11895 // X3 = E * F
11896 var nx = e.redMul(f);
11897 // Y3 = G * H
11898 var ny = g.redMul(h);
11899 // T3 = E * H
11900 var nt = e.redMul(h);
11901 // Z3 = F * G
11902 var nz = f.redMul(g);
11903 return this.curve.point(nx, ny, nz, nt);
11904};
11905
11906Point.prototype._projAdd = function _projAdd(p) {
11907 // hyperelliptic.org/EFD/g1p/auto-twisted-projective.html
11908 // #addition-add-2008-bbjlp
11909 // #addition-add-2007-bl
11910 // 10M + 1S
11911
11912 // A = Z1 * Z2
11913 var a = this.z.redMul(p.z);
11914 // B = A^2
11915 var b = a.redSqr();
11916 // C = X1 * X2
11917 var c = this.x.redMul(p.x);
11918 // D = Y1 * Y2
11919 var d = this.y.redMul(p.y);
11920 // E = d * C * D
11921 var e = this.curve.d.redMul(c).redMul(d);
11922 // F = B - E
11923 var f = b.redSub(e);
11924 // G = B + E
11925 var g = b.redAdd(e);
11926 // X3 = A * F * ((X1 + Y1) * (X2 + Y2) - C - D)
11927 var tmp = this.x.redAdd(this.y).redMul(p.x.redAdd(p.y)).redISub(c).redISub(d);
11928 var nx = a.redMul(f).redMul(tmp);
11929 var ny;
11930 var nz;
11931 if (this.curve.twisted) {
11932 // Y3 = A * G * (D - a * C)
11933 ny = a.redMul(g).redMul(d.redSub(this.curve._mulA(c)));
11934 // Z3 = F * G
11935 nz = f.redMul(g);
11936 } else {
11937 // Y3 = A * G * (D - C)
11938 ny = a.redMul(g).redMul(d.redSub(c));
11939 // Z3 = c * F * G
11940 nz = this.curve._mulC(f).redMul(g);
11941 }
11942 return this.curve.point(nx, ny, nz);
11943};
11944
11945Point.prototype.add = function add(p) {
11946 if (this.isInfinity())
11947 return p;
11948 if (p.isInfinity())
11949 return this;
11950
11951 if (this.curve.extended)
11952 return this._extAdd(p);
11953 else
11954 return this._projAdd(p);
11955};
11956
11957Point.prototype.mul = function mul(k) {
11958 if (this._hasDoubles(k))
11959 return this.curve._fixedNafMul(this, k);
11960 else
11961 return this.curve._wnafMul(this, k);
11962};
11963
11964Point.prototype.mulAdd = function mulAdd(k1, p, k2) {
11965 return this.curve._wnafMulAdd(1, [ this, p ], [ k1, k2 ], 2, false);
11966};
11967
11968Point.prototype.jmulAdd = function jmulAdd(k1, p, k2) {
11969 return this.curve._wnafMulAdd(1, [ this, p ], [ k1, k2 ], 2, true);
11970};
11971
11972Point.prototype.normalize = function normalize() {
11973 if (this.zOne)
11974 return this;
11975
11976 // Normalize coordinates
11977 var zi = this.z.redInvm();
11978 this.x = this.x.redMul(zi);
11979 this.y = this.y.redMul(zi);
11980 if (this.t)
11981 this.t = this.t.redMul(zi);
11982 this.z = this.curve.one;
11983 this.zOne = true;
11984 return this;
11985};
11986
11987Point.prototype.neg = function neg() {
11988 return this.curve.point(this.x.redNeg(),
11989 this.y,
11990 this.z,
11991 this.t && this.t.redNeg());
11992};
11993
11994Point.prototype.getX = function getX() {
11995 this.normalize();
11996 return this.x.fromRed();
11997};
11998
11999Point.prototype.getY = function getY() {
12000 this.normalize();
12001 return this.y.fromRed();
12002};
12003
12004Point.prototype.eq = function eq(other) {
12005 return this === other ||
12006 this.getX().cmp(other.getX()) === 0 &&
12007 this.getY().cmp(other.getY()) === 0;
12008};
12009
12010Point.prototype.eqXToP = function eqXToP(x) {
12011 var rx = x.toRed(this.curve.red).redMul(this.z);
12012 if (this.x.cmp(rx) === 0)
12013 return true;
12014
12015 var xc = x.clone();
12016 var t = this.curve.redN.redMul(this.z);
12017 for (;;) {
12018 xc.iadd(this.curve.n);
12019 if (xc.cmp(this.curve.p) >= 0)
12020 return false;
12021
12022 rx.redIAdd(t);
12023 if (this.x.cmp(rx) === 0)
12024 return true;
12025 }
12026 return false;
12027};
12028
12029// Compatibility with BaseCurve
12030Point.prototype.toP = Point.prototype.normalize;
12031Point.prototype.mixedAdd = Point.prototype.add;
12032
12033},{"../../elliptic":67,"../curve":70,"bn.js":17,"inherits":95}],70:[function(require,module,exports){
12034'use strict';
12035
12036var curve = exports;
12037
12038curve.base = require('./base');
12039curve.short = require('./short');
12040curve.mont = require('./mont');
12041curve.edwards = require('./edwards');
12042
12043},{"./base":68,"./edwards":69,"./mont":71,"./short":72}],71:[function(require,module,exports){
12044'use strict';
12045
12046var curve = require('../curve');
12047var BN = require('bn.js');
12048var inherits = require('inherits');
12049var Base = curve.base;
12050
12051var elliptic = require('../../elliptic');
12052var utils = elliptic.utils;
12053
12054function MontCurve(conf) {
12055 Base.call(this, 'mont', conf);
12056
12057 this.a = new BN(conf.a, 16).toRed(this.red);
12058 this.b = new BN(conf.b, 16).toRed(this.red);
12059 this.i4 = new BN(4).toRed(this.red).redInvm();
12060 this.two = new BN(2).toRed(this.red);
12061 this.a24 = this.i4.redMul(this.a.redAdd(this.two));
12062}
12063inherits(MontCurve, Base);
12064module.exports = MontCurve;
12065
12066MontCurve.prototype.validate = function validate(point) {
12067 var x = point.normalize().x;
12068 var x2 = x.redSqr();
12069 var rhs = x2.redMul(x).redAdd(x2.redMul(this.a)).redAdd(x);
12070 var y = rhs.redSqrt();
12071
12072 return y.redSqr().cmp(rhs) === 0;
12073};
12074
12075function Point(curve, x, z) {
12076 Base.BasePoint.call(this, curve, 'projective');
12077 if (x === null && z === null) {
12078 this.x = this.curve.one;
12079 this.z = this.curve.zero;
12080 } else {
12081 this.x = new BN(x, 16);
12082 this.z = new BN(z, 16);
12083 if (!this.x.red)
12084 this.x = this.x.toRed(this.curve.red);
12085 if (!this.z.red)
12086 this.z = this.z.toRed(this.curve.red);
12087 }
12088}
12089inherits(Point, Base.BasePoint);
12090
12091MontCurve.prototype.decodePoint = function decodePoint(bytes, enc) {
12092 return this.point(utils.toArray(bytes, enc), 1);
12093};
12094
12095MontCurve.prototype.point = function point(x, z) {
12096 return new Point(this, x, z);
12097};
12098
12099MontCurve.prototype.pointFromJSON = function pointFromJSON(obj) {
12100 return Point.fromJSON(this, obj);
12101};
12102
12103Point.prototype.precompute = function precompute() {
12104 // No-op
12105};
12106
12107Point.prototype._encode = function _encode() {
12108 return this.getX().toArray('be', this.curve.p.byteLength());
12109};
12110
12111Point.fromJSON = function fromJSON(curve, obj) {
12112 return new Point(curve, obj[0], obj[1] || curve.one);
12113};
12114
12115Point.prototype.inspect = function inspect() {
12116 if (this.isInfinity())
12117 return '<EC Point Infinity>';
12118 return '<EC Point x: ' + this.x.fromRed().toString(16, 2) +
12119 ' z: ' + this.z.fromRed().toString(16, 2) + '>';
12120};
12121
12122Point.prototype.isInfinity = function isInfinity() {
12123 // XXX This code assumes that zero is always zero in red
12124 return this.z.cmpn(0) === 0;
12125};
12126
12127Point.prototype.dbl = function dbl() {
12128 // http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#doubling-dbl-1987-m-3
12129 // 2M + 2S + 4A
12130
12131 // A = X1 + Z1
12132 var a = this.x.redAdd(this.z);
12133 // AA = A^2
12134 var aa = a.redSqr();
12135 // B = X1 - Z1
12136 var b = this.x.redSub(this.z);
12137 // BB = B^2
12138 var bb = b.redSqr();
12139 // C = AA - BB
12140 var c = aa.redSub(bb);
12141 // X3 = AA * BB
12142 var nx = aa.redMul(bb);
12143 // Z3 = C * (BB + A24 * C)
12144 var nz = c.redMul(bb.redAdd(this.curve.a24.redMul(c)));
12145 return this.curve.point(nx, nz);
12146};
12147
12148Point.prototype.add = function add() {
12149 throw new Error('Not supported on Montgomery curve');
12150};
12151
12152Point.prototype.diffAdd = function diffAdd(p, diff) {
12153 // http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#diffadd-dadd-1987-m-3
12154 // 4M + 2S + 6A
12155
12156 // A = X2 + Z2
12157 var a = this.x.redAdd(this.z);
12158 // B = X2 - Z2
12159 var b = this.x.redSub(this.z);
12160 // C = X3 + Z3
12161 var c = p.x.redAdd(p.z);
12162 // D = X3 - Z3
12163 var d = p.x.redSub(p.z);
12164 // DA = D * A
12165 var da = d.redMul(a);
12166 // CB = C * B
12167 var cb = c.redMul(b);
12168 // X5 = Z1 * (DA + CB)^2
12169 var nx = diff.z.redMul(da.redAdd(cb).redSqr());
12170 // Z5 = X1 * (DA - CB)^2
12171 var nz = diff.x.redMul(da.redISub(cb).redSqr());
12172 return this.curve.point(nx, nz);
12173};
12174
12175Point.prototype.mul = function mul(k) {
12176 var t = k.clone();
12177 var a = this; // (N / 2) * Q + Q
12178 var b = this.curve.point(null, null); // (N / 2) * Q
12179 var c = this; // Q
12180
12181 for (var bits = []; t.cmpn(0) !== 0; t.iushrn(1))
12182 bits.push(t.andln(1));
12183
12184 for (var i = bits.length - 1; i >= 0; i--) {
12185 if (bits[i] === 0) {
12186 // N * Q + Q = ((N / 2) * Q + Q)) + (N / 2) * Q
12187 a = a.diffAdd(b, c);
12188 // N * Q = 2 * ((N / 2) * Q + Q))
12189 b = b.dbl();
12190 } else {
12191 // N * Q = ((N / 2) * Q + Q) + ((N / 2) * Q)
12192 b = a.diffAdd(b, c);
12193 // N * Q + Q = 2 * ((N / 2) * Q + Q)
12194 a = a.dbl();
12195 }
12196 }
12197 return b;
12198};
12199
12200Point.prototype.mulAdd = function mulAdd() {
12201 throw new Error('Not supported on Montgomery curve');
12202};
12203
12204Point.prototype.jumlAdd = function jumlAdd() {
12205 throw new Error('Not supported on Montgomery curve');
12206};
12207
12208Point.prototype.eq = function eq(other) {
12209 return this.getX().cmp(other.getX()) === 0;
12210};
12211
12212Point.prototype.normalize = function normalize() {
12213 this.x = this.x.redMul(this.z.redInvm());
12214 this.z = this.curve.one;
12215 return this;
12216};
12217
12218Point.prototype.getX = function getX() {
12219 // Normalize coordinates
12220 this.normalize();
12221
12222 return this.x.fromRed();
12223};
12224
12225},{"../../elliptic":67,"../curve":70,"bn.js":17,"inherits":95}],72:[function(require,module,exports){
12226'use strict';
12227
12228var curve = require('../curve');
12229var elliptic = require('../../elliptic');
12230var BN = require('bn.js');
12231var inherits = require('inherits');
12232var Base = curve.base;
12233
12234var assert = elliptic.utils.assert;
12235
12236function ShortCurve(conf) {
12237 Base.call(this, 'short', conf);
12238
12239 this.a = new BN(conf.a, 16).toRed(this.red);
12240 this.b = new BN(conf.b, 16).toRed(this.red);
12241 this.tinv = this.two.redInvm();
12242
12243 this.zeroA = this.a.fromRed().cmpn(0) === 0;
12244 this.threeA = this.a.fromRed().sub(this.p).cmpn(-3) === 0;
12245
12246 // If the curve is endomorphic, precalculate beta and lambda
12247 this.endo = this._getEndomorphism(conf);
12248 this._endoWnafT1 = new Array(4);
12249 this._endoWnafT2 = new Array(4);
12250}
12251inherits(ShortCurve, Base);
12252module.exports = ShortCurve;
12253
12254ShortCurve.prototype._getEndomorphism = function _getEndomorphism(conf) {
12255 // No efficient endomorphism
12256 if (!this.zeroA || !this.g || !this.n || this.p.modn(3) !== 1)
12257 return;
12258
12259 // Compute beta and lambda, that lambda * P = (beta * Px; Py)
12260 var beta;
12261 var lambda;
12262 if (conf.beta) {
12263 beta = new BN(conf.beta, 16).toRed(this.red);
12264 } else {
12265 var betas = this._getEndoRoots(this.p);
12266 // Choose the smallest beta
12267 beta = betas[0].cmp(betas[1]) < 0 ? betas[0] : betas[1];
12268 beta = beta.toRed(this.red);
12269 }
12270 if (conf.lambda) {
12271 lambda = new BN(conf.lambda, 16);
12272 } else {
12273 // Choose the lambda that is matching selected beta
12274 var lambdas = this._getEndoRoots(this.n);
12275 if (this.g.mul(lambdas[0]).x.cmp(this.g.x.redMul(beta)) === 0) {
12276 lambda = lambdas[0];
12277 } else {
12278 lambda = lambdas[1];
12279 assert(this.g.mul(lambda).x.cmp(this.g.x.redMul(beta)) === 0);
12280 }
12281 }
12282
12283 // Get basis vectors, used for balanced length-two representation
12284 var basis;
12285 if (conf.basis) {
12286 basis = conf.basis.map(function(vec) {
12287 return {
12288 a: new BN(vec.a, 16),
12289 b: new BN(vec.b, 16)
12290 };
12291 });
12292 } else {
12293 basis = this._getEndoBasis(lambda);
12294 }
12295
12296 return {
12297 beta: beta,
12298 lambda: lambda,
12299 basis: basis
12300 };
12301};
12302
12303ShortCurve.prototype._getEndoRoots = function _getEndoRoots(num) {
12304 // Find roots of for x^2 + x + 1 in F
12305 // Root = (-1 +- Sqrt(-3)) / 2
12306 //
12307 var red = num === this.p ? this.red : BN.mont(num);
12308 var tinv = new BN(2).toRed(red).redInvm();
12309 var ntinv = tinv.redNeg();
12310
12311 var s = new BN(3).toRed(red).redNeg().redSqrt().redMul(tinv);
12312
12313 var l1 = ntinv.redAdd(s).fromRed();
12314 var l2 = ntinv.redSub(s).fromRed();
12315 return [ l1, l2 ];
12316};
12317
12318ShortCurve.prototype._getEndoBasis = function _getEndoBasis(lambda) {
12319 // aprxSqrt >= sqrt(this.n)
12320 var aprxSqrt = this.n.ushrn(Math.floor(this.n.bitLength() / 2));
12321
12322 // 3.74
12323 // Run EGCD, until r(L + 1) < aprxSqrt
12324 var u = lambda;
12325 var v = this.n.clone();
12326 var x1 = new BN(1);
12327 var y1 = new BN(0);
12328 var x2 = new BN(0);
12329 var y2 = new BN(1);
12330
12331 // NOTE: all vectors are roots of: a + b * lambda = 0 (mod n)
12332 var a0;
12333 var b0;
12334 // First vector
12335 var a1;
12336 var b1;
12337 // Second vector
12338 var a2;
12339 var b2;
12340
12341 var prevR;
12342 var i = 0;
12343 var r;
12344 var x;
12345 while (u.cmpn(0) !== 0) {
12346 var q = v.div(u);
12347 r = v.sub(q.mul(u));
12348 x = x2.sub(q.mul(x1));
12349 var y = y2.sub(q.mul(y1));
12350
12351 if (!a1 && r.cmp(aprxSqrt) < 0) {
12352 a0 = prevR.neg();
12353 b0 = x1;
12354 a1 = r.neg();
12355 b1 = x;
12356 } else if (a1 && ++i === 2) {
12357 break;
12358 }
12359 prevR = r;
12360
12361 v = u;
12362 u = r;
12363 x2 = x1;
12364 x1 = x;
12365 y2 = y1;
12366 y1 = y;
12367 }
12368 a2 = r.neg();
12369 b2 = x;
12370
12371 var len1 = a1.sqr().add(b1.sqr());
12372 var len2 = a2.sqr().add(b2.sqr());
12373 if (len2.cmp(len1) >= 0) {
12374 a2 = a0;
12375 b2 = b0;
12376 }
12377
12378 // Normalize signs
12379 if (a1.negative) {
12380 a1 = a1.neg();
12381 b1 = b1.neg();
12382 }
12383 if (a2.negative) {
12384 a2 = a2.neg();
12385 b2 = b2.neg();
12386 }
12387
12388 return [
12389 { a: a1, b: b1 },
12390 { a: a2, b: b2 }
12391 ];
12392};
12393
12394ShortCurve.prototype._endoSplit = function _endoSplit(k) {
12395 var basis = this.endo.basis;
12396 var v1 = basis[0];
12397 var v2 = basis[1];
12398
12399 var c1 = v2.b.mul(k).divRound(this.n);
12400 var c2 = v1.b.neg().mul(k).divRound(this.n);
12401
12402 var p1 = c1.mul(v1.a);
12403 var p2 = c2.mul(v2.a);
12404 var q1 = c1.mul(v1.b);
12405 var q2 = c2.mul(v2.b);
12406
12407 // Calculate answer
12408 var k1 = k.sub(p1).sub(p2);
12409 var k2 = q1.add(q2).neg();
12410 return { k1: k1, k2: k2 };
12411};
12412
12413ShortCurve.prototype.pointFromX = function pointFromX(x, odd) {
12414 x = new BN(x, 16);
12415 if (!x.red)
12416 x = x.toRed(this.red);
12417
12418 var y2 = x.redSqr().redMul(x).redIAdd(x.redMul(this.a)).redIAdd(this.b);
12419 var y = y2.redSqrt();
12420 if (y.redSqr().redSub(y2).cmp(this.zero) !== 0)
12421 throw new Error('invalid point');
12422
12423 // XXX Is there any way to tell if the number is odd without converting it
12424 // to non-red form?
12425 var isOdd = y.fromRed().isOdd();
12426 if (odd && !isOdd || !odd && isOdd)
12427 y = y.redNeg();
12428
12429 return this.point(x, y);
12430};
12431
12432ShortCurve.prototype.validate = function validate(point) {
12433 if (point.inf)
12434 return true;
12435
12436 var x = point.x;
12437 var y = point.y;
12438
12439 var ax = this.a.redMul(x);
12440 var rhs = x.redSqr().redMul(x).redIAdd(ax).redIAdd(this.b);
12441 return y.redSqr().redISub(rhs).cmpn(0) === 0;
12442};
12443
12444ShortCurve.prototype._endoWnafMulAdd =
12445 function _endoWnafMulAdd(points, coeffs, jacobianResult) {
12446 var npoints = this._endoWnafT1;
12447 var ncoeffs = this._endoWnafT2;
12448 for (var i = 0; i < points.length; i++) {
12449 var split = this._endoSplit(coeffs[i]);
12450 var p = points[i];
12451 var beta = p._getBeta();
12452
12453 if (split.k1.negative) {
12454 split.k1.ineg();
12455 p = p.neg(true);
12456 }
12457 if (split.k2.negative) {
12458 split.k2.ineg();
12459 beta = beta.neg(true);
12460 }
12461
12462 npoints[i * 2] = p;
12463 npoints[i * 2 + 1] = beta;
12464 ncoeffs[i * 2] = split.k1;
12465 ncoeffs[i * 2 + 1] = split.k2;
12466 }
12467 var res = this._wnafMulAdd(1, npoints, ncoeffs, i * 2, jacobianResult);
12468
12469 // Clean-up references to points and coefficients
12470 for (var j = 0; j < i * 2; j++) {
12471 npoints[j] = null;
12472 ncoeffs[j] = null;
12473 }
12474 return res;
12475};
12476
12477function Point(curve, x, y, isRed) {
12478 Base.BasePoint.call(this, curve, 'affine');
12479 if (x === null && y === null) {
12480 this.x = null;
12481 this.y = null;
12482 this.inf = true;
12483 } else {
12484 this.x = new BN(x, 16);
12485 this.y = new BN(y, 16);
12486 // Force redgomery representation when loading from JSON
12487 if (isRed) {
12488 this.x.forceRed(this.curve.red);
12489 this.y.forceRed(this.curve.red);
12490 }
12491 if (!this.x.red)
12492 this.x = this.x.toRed(this.curve.red);
12493 if (!this.y.red)
12494 this.y = this.y.toRed(this.curve.red);
12495 this.inf = false;
12496 }
12497}
12498inherits(Point, Base.BasePoint);
12499
12500ShortCurve.prototype.point = function point(x, y, isRed) {
12501 return new Point(this, x, y, isRed);
12502};
12503
12504ShortCurve.prototype.pointFromJSON = function pointFromJSON(obj, red) {
12505 return Point.fromJSON(this, obj, red);
12506};
12507
12508Point.prototype._getBeta = function _getBeta() {
12509 if (!this.curve.endo)
12510 return;
12511
12512 var pre = this.precomputed;
12513 if (pre && pre.beta)
12514 return pre.beta;
12515
12516 var beta = this.curve.point(this.x.redMul(this.curve.endo.beta), this.y);
12517 if (pre) {
12518 var curve = this.curve;
12519 var endoMul = function(p) {
12520 return curve.point(p.x.redMul(curve.endo.beta), p.y);
12521 };
12522 pre.beta = beta;
12523 beta.precomputed = {
12524 beta: null,
12525 naf: pre.naf && {
12526 wnd: pre.naf.wnd,
12527 points: pre.naf.points.map(endoMul)
12528 },
12529 doubles: pre.doubles && {
12530 step: pre.doubles.step,
12531 points: pre.doubles.points.map(endoMul)
12532 }
12533 };
12534 }
12535 return beta;
12536};
12537
12538Point.prototype.toJSON = function toJSON() {
12539 if (!this.precomputed)
12540 return [ this.x, this.y ];
12541
12542 return [ this.x, this.y, this.precomputed && {
12543 doubles: this.precomputed.doubles && {
12544 step: this.precomputed.doubles.step,
12545 points: this.precomputed.doubles.points.slice(1)
12546 },
12547 naf: this.precomputed.naf && {
12548 wnd: this.precomputed.naf.wnd,
12549 points: this.precomputed.naf.points.slice(1)
12550 }
12551 } ];
12552};
12553
12554Point.fromJSON = function fromJSON(curve, obj, red) {
12555 if (typeof obj === 'string')
12556 obj = JSON.parse(obj);
12557 var res = curve.point(obj[0], obj[1], red);
12558 if (!obj[2])
12559 return res;
12560
12561 function obj2point(obj) {
12562 return curve.point(obj[0], obj[1], red);
12563 }
12564
12565 var pre = obj[2];
12566 res.precomputed = {
12567 beta: null,
12568 doubles: pre.doubles && {
12569 step: pre.doubles.step,
12570 points: [ res ].concat(pre.doubles.points.map(obj2point))
12571 },
12572 naf: pre.naf && {
12573 wnd: pre.naf.wnd,
12574 points: [ res ].concat(pre.naf.points.map(obj2point))
12575 }
12576 };
12577 return res;
12578};
12579
12580Point.prototype.inspect = function inspect() {
12581 if (this.isInfinity())
12582 return '<EC Point Infinity>';
12583 return '<EC Point x: ' + this.x.fromRed().toString(16, 2) +
12584 ' y: ' + this.y.fromRed().toString(16, 2) + '>';
12585};
12586
12587Point.prototype.isInfinity = function isInfinity() {
12588 return this.inf;
12589};
12590
12591Point.prototype.add = function add(p) {
12592 // O + P = P
12593 if (this.inf)
12594 return p;
12595
12596 // P + O = P
12597 if (p.inf)
12598 return this;
12599
12600 // P + P = 2P
12601 if (this.eq(p))
12602 return this.dbl();
12603
12604 // P + (-P) = O
12605 if (this.neg().eq(p))
12606 return this.curve.point(null, null);
12607
12608 // P + Q = O
12609 if (this.x.cmp(p.x) === 0)
12610 return this.curve.point(null, null);
12611
12612 var c = this.y.redSub(p.y);
12613 if (c.cmpn(0) !== 0)
12614 c = c.redMul(this.x.redSub(p.x).redInvm());
12615 var nx = c.redSqr().redISub(this.x).redISub(p.x);
12616 var ny = c.redMul(this.x.redSub(nx)).redISub(this.y);
12617 return this.curve.point(nx, ny);
12618};
12619
12620Point.prototype.dbl = function dbl() {
12621 if (this.inf)
12622 return this;
12623
12624 // 2P = O
12625 var ys1 = this.y.redAdd(this.y);
12626 if (ys1.cmpn(0) === 0)
12627 return this.curve.point(null, null);
12628
12629 var a = this.curve.a;
12630
12631 var x2 = this.x.redSqr();
12632 var dyinv = ys1.redInvm();
12633 var c = x2.redAdd(x2).redIAdd(x2).redIAdd(a).redMul(dyinv);
12634
12635 var nx = c.redSqr().redISub(this.x.redAdd(this.x));
12636 var ny = c.redMul(this.x.redSub(nx)).redISub(this.y);
12637 return this.curve.point(nx, ny);
12638};
12639
12640Point.prototype.getX = function getX() {
12641 return this.x.fromRed();
12642};
12643
12644Point.prototype.getY = function getY() {
12645 return this.y.fromRed();
12646};
12647
12648Point.prototype.mul = function mul(k) {
12649 k = new BN(k, 16);
12650
12651 if (this._hasDoubles(k))
12652 return this.curve._fixedNafMul(this, k);
12653 else if (this.curve.endo)
12654 return this.curve._endoWnafMulAdd([ this ], [ k ]);
12655 else
12656 return this.curve._wnafMul(this, k);
12657};
12658
12659Point.prototype.mulAdd = function mulAdd(k1, p2, k2) {
12660 var points = [ this, p2 ];
12661 var coeffs = [ k1, k2 ];
12662 if (this.curve.endo)
12663 return this.curve._endoWnafMulAdd(points, coeffs);
12664 else
12665 return this.curve._wnafMulAdd(1, points, coeffs, 2);
12666};
12667
12668Point.prototype.jmulAdd = function jmulAdd(k1, p2, k2) {
12669 var points = [ this, p2 ];
12670 var coeffs = [ k1, k2 ];
12671 if (this.curve.endo)
12672 return this.curve._endoWnafMulAdd(points, coeffs, true);
12673 else
12674 return this.curve._wnafMulAdd(1, points, coeffs, 2, true);
12675};
12676
12677Point.prototype.eq = function eq(p) {
12678 return this === p ||
12679 this.inf === p.inf &&
12680 (this.inf || this.x.cmp(p.x) === 0 && this.y.cmp(p.y) === 0);
12681};
12682
12683Point.prototype.neg = function neg(_precompute) {
12684 if (this.inf)
12685 return this;
12686
12687 var res = this.curve.point(this.x, this.y.redNeg());
12688 if (_precompute && this.precomputed) {
12689 var pre = this.precomputed;
12690 var negate = function(p) {
12691 return p.neg();
12692 };
12693 res.precomputed = {
12694 naf: pre.naf && {
12695 wnd: pre.naf.wnd,
12696 points: pre.naf.points.map(negate)
12697 },
12698 doubles: pre.doubles && {
12699 step: pre.doubles.step,
12700 points: pre.doubles.points.map(negate)
12701 }
12702 };
12703 }
12704 return res;
12705};
12706
12707Point.prototype.toJ = function toJ() {
12708 if (this.inf)
12709 return this.curve.jpoint(null, null, null);
12710
12711 var res = this.curve.jpoint(this.x, this.y, this.curve.one);
12712 return res;
12713};
12714
12715function JPoint(curve, x, y, z) {
12716 Base.BasePoint.call(this, curve, 'jacobian');
12717 if (x === null && y === null && z === null) {
12718 this.x = this.curve.one;
12719 this.y = this.curve.one;
12720 this.z = new BN(0);
12721 } else {
12722 this.x = new BN(x, 16);
12723 this.y = new BN(y, 16);
12724 this.z = new BN(z, 16);
12725 }
12726 if (!this.x.red)
12727 this.x = this.x.toRed(this.curve.red);
12728 if (!this.y.red)
12729 this.y = this.y.toRed(this.curve.red);
12730 if (!this.z.red)
12731 this.z = this.z.toRed(this.curve.red);
12732
12733 this.zOne = this.z === this.curve.one;
12734}
12735inherits(JPoint, Base.BasePoint);
12736
12737ShortCurve.prototype.jpoint = function jpoint(x, y, z) {
12738 return new JPoint(this, x, y, z);
12739};
12740
12741JPoint.prototype.toP = function toP() {
12742 if (this.isInfinity())
12743 return this.curve.point(null, null);
12744
12745 var zinv = this.z.redInvm();
12746 var zinv2 = zinv.redSqr();
12747 var ax = this.x.redMul(zinv2);
12748 var ay = this.y.redMul(zinv2).redMul(zinv);
12749
12750 return this.curve.point(ax, ay);
12751};
12752
12753JPoint.prototype.neg = function neg() {
12754 return this.curve.jpoint(this.x, this.y.redNeg(), this.z);
12755};
12756
12757JPoint.prototype.add = function add(p) {
12758 // O + P = P
12759 if (this.isInfinity())
12760 return p;
12761
12762 // P + O = P
12763 if (p.isInfinity())
12764 return this;
12765
12766 // 12M + 4S + 7A
12767 var pz2 = p.z.redSqr();
12768 var z2 = this.z.redSqr();
12769 var u1 = this.x.redMul(pz2);
12770 var u2 = p.x.redMul(z2);
12771 var s1 = this.y.redMul(pz2.redMul(p.z));
12772 var s2 = p.y.redMul(z2.redMul(this.z));
12773
12774 var h = u1.redSub(u2);
12775 var r = s1.redSub(s2);
12776 if (h.cmpn(0) === 0) {
12777 if (r.cmpn(0) !== 0)
12778 return this.curve.jpoint(null, null, null);
12779 else
12780 return this.dbl();
12781 }
12782
12783 var h2 = h.redSqr();
12784 var h3 = h2.redMul(h);
12785 var v = u1.redMul(h2);
12786
12787 var nx = r.redSqr().redIAdd(h3).redISub(v).redISub(v);
12788 var ny = r.redMul(v.redISub(nx)).redISub(s1.redMul(h3));
12789 var nz = this.z.redMul(p.z).redMul(h);
12790
12791 return this.curve.jpoint(nx, ny, nz);
12792};
12793
12794JPoint.prototype.mixedAdd = function mixedAdd(p) {
12795 // O + P = P
12796 if (this.isInfinity())
12797 return p.toJ();
12798
12799 // P + O = P
12800 if (p.isInfinity())
12801 return this;
12802
12803 // 8M + 3S + 7A
12804 var z2 = this.z.redSqr();
12805 var u1 = this.x;
12806 var u2 = p.x.redMul(z2);
12807 var s1 = this.y;
12808 var s2 = p.y.redMul(z2).redMul(this.z);
12809
12810 var h = u1.redSub(u2);
12811 var r = s1.redSub(s2);
12812 if (h.cmpn(0) === 0) {
12813 if (r.cmpn(0) !== 0)
12814 return this.curve.jpoint(null, null, null);
12815 else
12816 return this.dbl();
12817 }
12818
12819 var h2 = h.redSqr();
12820 var h3 = h2.redMul(h);
12821 var v = u1.redMul(h2);
12822
12823 var nx = r.redSqr().redIAdd(h3).redISub(v).redISub(v);
12824 var ny = r.redMul(v.redISub(nx)).redISub(s1.redMul(h3));
12825 var nz = this.z.redMul(h);
12826
12827 return this.curve.jpoint(nx, ny, nz);
12828};
12829
12830JPoint.prototype.dblp = function dblp(pow) {
12831 if (pow === 0)
12832 return this;
12833 if (this.isInfinity())
12834 return this;
12835 if (!pow)
12836 return this.dbl();
12837
12838 if (this.curve.zeroA || this.curve.threeA) {
12839 var r = this;
12840 for (var i = 0; i < pow; i++)
12841 r = r.dbl();
12842 return r;
12843 }
12844
12845 // 1M + 2S + 1A + N * (4S + 5M + 8A)
12846 // N = 1 => 6M + 6S + 9A
12847 var a = this.curve.a;
12848 var tinv = this.curve.tinv;
12849
12850 var jx = this.x;
12851 var jy = this.y;
12852 var jz = this.z;
12853 var jz4 = jz.redSqr().redSqr();
12854
12855 // Reuse results
12856 var jyd = jy.redAdd(jy);
12857 for (var i = 0; i < pow; i++) {
12858 var jx2 = jx.redSqr();
12859 var jyd2 = jyd.redSqr();
12860 var jyd4 = jyd2.redSqr();
12861 var c = jx2.redAdd(jx2).redIAdd(jx2).redIAdd(a.redMul(jz4));
12862
12863 var t1 = jx.redMul(jyd2);
12864 var nx = c.redSqr().redISub(t1.redAdd(t1));
12865 var t2 = t1.redISub(nx);
12866 var dny = c.redMul(t2);
12867 dny = dny.redIAdd(dny).redISub(jyd4);
12868 var nz = jyd.redMul(jz);
12869 if (i + 1 < pow)
12870 jz4 = jz4.redMul(jyd4);
12871
12872 jx = nx;
12873 jz = nz;
12874 jyd = dny;
12875 }
12876
12877 return this.curve.jpoint(jx, jyd.redMul(tinv), jz);
12878};
12879
12880JPoint.prototype.dbl = function dbl() {
12881 if (this.isInfinity())
12882 return this;
12883
12884 if (this.curve.zeroA)
12885 return this._zeroDbl();
12886 else if (this.curve.threeA)
12887 return this._threeDbl();
12888 else
12889 return this._dbl();
12890};
12891
12892JPoint.prototype._zeroDbl = function _zeroDbl() {
12893 var nx;
12894 var ny;
12895 var nz;
12896 // Z = 1
12897 if (this.zOne) {
12898 // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html
12899 // #doubling-mdbl-2007-bl
12900 // 1M + 5S + 14A
12901
12902 // XX = X1^2
12903 var xx = this.x.redSqr();
12904 // YY = Y1^2
12905 var yy = this.y.redSqr();
12906 // YYYY = YY^2
12907 var yyyy = yy.redSqr();
12908 // S = 2 * ((X1 + YY)^2 - XX - YYYY)
12909 var s = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy);
12910 s = s.redIAdd(s);
12911 // M = 3 * XX + a; a = 0
12912 var m = xx.redAdd(xx).redIAdd(xx);
12913 // T = M ^ 2 - 2*S
12914 var t = m.redSqr().redISub(s).redISub(s);
12915
12916 // 8 * YYYY
12917 var yyyy8 = yyyy.redIAdd(yyyy);
12918 yyyy8 = yyyy8.redIAdd(yyyy8);
12919 yyyy8 = yyyy8.redIAdd(yyyy8);
12920
12921 // X3 = T
12922 nx = t;
12923 // Y3 = M * (S - T) - 8 * YYYY
12924 ny = m.redMul(s.redISub(t)).redISub(yyyy8);
12925 // Z3 = 2*Y1
12926 nz = this.y.redAdd(this.y);
12927 } else {
12928 // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html
12929 // #doubling-dbl-2009-l
12930 // 2M + 5S + 13A
12931
12932 // A = X1^2
12933 var a = this.x.redSqr();
12934 // B = Y1^2
12935 var b = this.y.redSqr();
12936 // C = B^2
12937 var c = b.redSqr();
12938 // D = 2 * ((X1 + B)^2 - A - C)
12939 var d = this.x.redAdd(b).redSqr().redISub(a).redISub(c);
12940 d = d.redIAdd(d);
12941 // E = 3 * A
12942 var e = a.redAdd(a).redIAdd(a);
12943 // F = E^2
12944 var f = e.redSqr();
12945
12946 // 8 * C
12947 var c8 = c.redIAdd(c);
12948 c8 = c8.redIAdd(c8);
12949 c8 = c8.redIAdd(c8);
12950
12951 // X3 = F - 2 * D
12952 nx = f.redISub(d).redISub(d);
12953 // Y3 = E * (D - X3) - 8 * C
12954 ny = e.redMul(d.redISub(nx)).redISub(c8);
12955 // Z3 = 2 * Y1 * Z1
12956 nz = this.y.redMul(this.z);
12957 nz = nz.redIAdd(nz);
12958 }
12959
12960 return this.curve.jpoint(nx, ny, nz);
12961};
12962
12963JPoint.prototype._threeDbl = function _threeDbl() {
12964 var nx;
12965 var ny;
12966 var nz;
12967 // Z = 1
12968 if (this.zOne) {
12969 // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html
12970 // #doubling-mdbl-2007-bl
12971 // 1M + 5S + 15A
12972
12973 // XX = X1^2
12974 var xx = this.x.redSqr();
12975 // YY = Y1^2
12976 var yy = this.y.redSqr();
12977 // YYYY = YY^2
12978 var yyyy = yy.redSqr();
12979 // S = 2 * ((X1 + YY)^2 - XX - YYYY)
12980 var s = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy);
12981 s = s.redIAdd(s);
12982 // M = 3 * XX + a
12983 var m = xx.redAdd(xx).redIAdd(xx).redIAdd(this.curve.a);
12984 // T = M^2 - 2 * S
12985 var t = m.redSqr().redISub(s).redISub(s);
12986 // X3 = T
12987 nx = t;
12988 // Y3 = M * (S - T) - 8 * YYYY
12989 var yyyy8 = yyyy.redIAdd(yyyy);
12990 yyyy8 = yyyy8.redIAdd(yyyy8);
12991 yyyy8 = yyyy8.redIAdd(yyyy8);
12992 ny = m.redMul(s.redISub(t)).redISub(yyyy8);
12993 // Z3 = 2 * Y1
12994 nz = this.y.redAdd(this.y);
12995 } else {
12996 // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b
12997 // 3M + 5S
12998
12999 // delta = Z1^2
13000 var delta = this.z.redSqr();
13001 // gamma = Y1^2
13002 var gamma = this.y.redSqr();
13003 // beta = X1 * gamma
13004 var beta = this.x.redMul(gamma);
13005 // alpha = 3 * (X1 - delta) * (X1 + delta)
13006 var alpha = this.x.redSub(delta).redMul(this.x.redAdd(delta));
13007 alpha = alpha.redAdd(alpha).redIAdd(alpha);
13008 // X3 = alpha^2 - 8 * beta
13009 var beta4 = beta.redIAdd(beta);
13010 beta4 = beta4.redIAdd(beta4);
13011 var beta8 = beta4.redAdd(beta4);
13012 nx = alpha.redSqr().redISub(beta8);
13013 // Z3 = (Y1 + Z1)^2 - gamma - delta
13014 nz = this.y.redAdd(this.z).redSqr().redISub(gamma).redISub(delta);
13015 // Y3 = alpha * (4 * beta - X3) - 8 * gamma^2
13016 var ggamma8 = gamma.redSqr();
13017 ggamma8 = ggamma8.redIAdd(ggamma8);
13018 ggamma8 = ggamma8.redIAdd(ggamma8);
13019 ggamma8 = ggamma8.redIAdd(ggamma8);
13020 ny = alpha.redMul(beta4.redISub(nx)).redISub(ggamma8);
13021 }
13022
13023 return this.curve.jpoint(nx, ny, nz);
13024};
13025
13026JPoint.prototype._dbl = function _dbl() {
13027 var a = this.curve.a;
13028
13029 // 4M + 6S + 10A
13030 var jx = this.x;
13031 var jy = this.y;
13032 var jz = this.z;
13033 var jz4 = jz.redSqr().redSqr();
13034
13035 var jx2 = jx.redSqr();
13036 var jy2 = jy.redSqr();
13037
13038 var c = jx2.redAdd(jx2).redIAdd(jx2).redIAdd(a.redMul(jz4));
13039
13040 var jxd4 = jx.redAdd(jx);
13041 jxd4 = jxd4.redIAdd(jxd4);
13042 var t1 = jxd4.redMul(jy2);
13043 var nx = c.redSqr().redISub(t1.redAdd(t1));
13044 var t2 = t1.redISub(nx);
13045
13046 var jyd8 = jy2.redSqr();
13047 jyd8 = jyd8.redIAdd(jyd8);
13048 jyd8 = jyd8.redIAdd(jyd8);
13049 jyd8 = jyd8.redIAdd(jyd8);
13050 var ny = c.redMul(t2).redISub(jyd8);
13051 var nz = jy.redAdd(jy).redMul(jz);
13052
13053 return this.curve.jpoint(nx, ny, nz);
13054};
13055
13056JPoint.prototype.trpl = function trpl() {
13057 if (!this.curve.zeroA)
13058 return this.dbl().add(this);
13059
13060 // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#tripling-tpl-2007-bl
13061 // 5M + 10S + ...
13062
13063 // XX = X1^2
13064 var xx = this.x.redSqr();
13065 // YY = Y1^2
13066 var yy = this.y.redSqr();
13067 // ZZ = Z1^2
13068 var zz = this.z.redSqr();
13069 // YYYY = YY^2
13070 var yyyy = yy.redSqr();
13071 // M = 3 * XX + a * ZZ2; a = 0
13072 var m = xx.redAdd(xx).redIAdd(xx);
13073 // MM = M^2
13074 var mm = m.redSqr();
13075 // E = 6 * ((X1 + YY)^2 - XX - YYYY) - MM
13076 var e = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy);
13077 e = e.redIAdd(e);
13078 e = e.redAdd(e).redIAdd(e);
13079 e = e.redISub(mm);
13080 // EE = E^2
13081 var ee = e.redSqr();
13082 // T = 16*YYYY
13083 var t = yyyy.redIAdd(yyyy);
13084 t = t.redIAdd(t);
13085 t = t.redIAdd(t);
13086 t = t.redIAdd(t);
13087 // U = (M + E)^2 - MM - EE - T
13088 var u = m.redIAdd(e).redSqr().redISub(mm).redISub(ee).redISub(t);
13089 // X3 = 4 * (X1 * EE - 4 * YY * U)
13090 var yyu4 = yy.redMul(u);
13091 yyu4 = yyu4.redIAdd(yyu4);
13092 yyu4 = yyu4.redIAdd(yyu4);
13093 var nx = this.x.redMul(ee).redISub(yyu4);
13094 nx = nx.redIAdd(nx);
13095 nx = nx.redIAdd(nx);
13096 // Y3 = 8 * Y1 * (U * (T - U) - E * EE)
13097 var ny = this.y.redMul(u.redMul(t.redISub(u)).redISub(e.redMul(ee)));
13098 ny = ny.redIAdd(ny);
13099 ny = ny.redIAdd(ny);
13100 ny = ny.redIAdd(ny);
13101 // Z3 = (Z1 + E)^2 - ZZ - EE
13102 var nz = this.z.redAdd(e).redSqr().redISub(zz).redISub(ee);
13103
13104 return this.curve.jpoint(nx, ny, nz);
13105};
13106
13107JPoint.prototype.mul = function mul(k, kbase) {
13108 k = new BN(k, kbase);
13109
13110 return this.curve._wnafMul(this, k);
13111};
13112
13113JPoint.prototype.eq = function eq(p) {
13114 if (p.type === 'affine')
13115 return this.eq(p.toJ());
13116
13117 if (this === p)
13118 return true;
13119
13120 // x1 * z2^2 == x2 * z1^2
13121 var z2 = this.z.redSqr();
13122 var pz2 = p.z.redSqr();
13123 if (this.x.redMul(pz2).redISub(p.x.redMul(z2)).cmpn(0) !== 0)
13124 return false;
13125
13126 // y1 * z2^3 == y2 * z1^3
13127 var z3 = z2.redMul(this.z);
13128 var pz3 = pz2.redMul(p.z);
13129 return this.y.redMul(pz3).redISub(p.y.redMul(z3)).cmpn(0) === 0;
13130};
13131
13132JPoint.prototype.eqXToP = function eqXToP(x) {
13133 var zs = this.z.redSqr();
13134 var rx = x.toRed(this.curve.red).redMul(zs);
13135 if (this.x.cmp(rx) === 0)
13136 return true;
13137
13138 var xc = x.clone();
13139 var t = this.curve.redN.redMul(zs);
13140 for (;;) {
13141 xc.iadd(this.curve.n);
13142 if (xc.cmp(this.curve.p) >= 0)
13143 return false;
13144
13145 rx.redIAdd(t);
13146 if (this.x.cmp(rx) === 0)
13147 return true;
13148 }
13149 return false;
13150};
13151
13152JPoint.prototype.inspect = function inspect() {
13153 if (this.isInfinity())
13154 return '<EC JPoint Infinity>';
13155 return '<EC JPoint x: ' + this.x.toString(16, 2) +
13156 ' y: ' + this.y.toString(16, 2) +
13157 ' z: ' + this.z.toString(16, 2) + '>';
13158};
13159
13160JPoint.prototype.isInfinity = function isInfinity() {
13161 // XXX This code assumes that zero is always zero in red
13162 return this.z.cmpn(0) === 0;
13163};
13164
13165},{"../../elliptic":67,"../curve":70,"bn.js":17,"inherits":95}],73:[function(require,module,exports){
13166'use strict';
13167
13168var curves = exports;
13169
13170var hash = require('hash.js');
13171var elliptic = require('../elliptic');
13172
13173var assert = elliptic.utils.assert;
13174
13175function PresetCurve(options) {
13176 if (options.type === 'short')
13177 this.curve = new elliptic.curve.short(options);
13178 else if (options.type === 'edwards')
13179 this.curve = new elliptic.curve.edwards(options);
13180 else
13181 this.curve = new elliptic.curve.mont(options);
13182 this.g = this.curve.g;
13183 this.n = this.curve.n;
13184 this.hash = options.hash;
13185
13186 assert(this.g.validate(), 'Invalid curve');
13187 assert(this.g.mul(this.n).isInfinity(), 'Invalid curve, G*N != O');
13188}
13189curves.PresetCurve = PresetCurve;
13190
13191function defineCurve(name, options) {
13192 Object.defineProperty(curves, name, {
13193 configurable: true,
13194 enumerable: true,
13195 get: function() {
13196 var curve = new PresetCurve(options);
13197 Object.defineProperty(curves, name, {
13198 configurable: true,
13199 enumerable: true,
13200 value: curve
13201 });
13202 return curve;
13203 }
13204 });
13205}
13206
13207defineCurve('p192', {
13208 type: 'short',
13209 prime: 'p192',
13210 p: 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff',
13211 a: 'ffffffff ffffffff ffffffff fffffffe ffffffff fffffffc',
13212 b: '64210519 e59c80e7 0fa7e9ab 72243049 feb8deec c146b9b1',
13213 n: 'ffffffff ffffffff ffffffff 99def836 146bc9b1 b4d22831',
13214 hash: hash.sha256,
13215 gRed: false,
13216 g: [
13217 '188da80e b03090f6 7cbf20eb 43a18800 f4ff0afd 82ff1012',
13218 '07192b95 ffc8da78 631011ed 6b24cdd5 73f977a1 1e794811'
13219 ]
13220});
13221
13222defineCurve('p224', {
13223 type: 'short',
13224 prime: 'p224',
13225 p: 'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001',
13226 a: 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff fffffffe',
13227 b: 'b4050a85 0c04b3ab f5413256 5044b0b7 d7bfd8ba 270b3943 2355ffb4',
13228 n: 'ffffffff ffffffff ffffffff ffff16a2 e0b8f03e 13dd2945 5c5c2a3d',
13229 hash: hash.sha256,
13230 gRed: false,
13231 g: [
13232 'b70e0cbd 6bb4bf7f 321390b9 4a03c1d3 56c21122 343280d6 115c1d21',
13233 'bd376388 b5f723fb 4c22dfe6 cd4375a0 5a074764 44d58199 85007e34'
13234 ]
13235});
13236
13237defineCurve('p256', {
13238 type: 'short',
13239 prime: null,
13240 p: 'ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff ffffffff',
13241 a: 'ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff fffffffc',
13242 b: '5ac635d8 aa3a93e7 b3ebbd55 769886bc 651d06b0 cc53b0f6 3bce3c3e 27d2604b',
13243 n: 'ffffffff 00000000 ffffffff ffffffff bce6faad a7179e84 f3b9cac2 fc632551',
13244 hash: hash.sha256,
13245 gRed: false,
13246 g: [
13247 '6b17d1f2 e12c4247 f8bce6e5 63a440f2 77037d81 2deb33a0 f4a13945 d898c296',
13248 '4fe342e2 fe1a7f9b 8ee7eb4a 7c0f9e16 2bce3357 6b315ece cbb64068 37bf51f5'
13249 ]
13250});
13251
13252defineCurve('p384', {
13253 type: 'short',
13254 prime: null,
13255 p: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' +
13256 'fffffffe ffffffff 00000000 00000000 ffffffff',
13257 a: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' +
13258 'fffffffe ffffffff 00000000 00000000 fffffffc',
13259 b: 'b3312fa7 e23ee7e4 988e056b e3f82d19 181d9c6e fe814112 0314088f ' +
13260 '5013875a c656398d 8a2ed19d 2a85c8ed d3ec2aef',
13261 n: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff c7634d81 ' +
13262 'f4372ddf 581a0db2 48b0a77a ecec196a ccc52973',
13263 hash: hash.sha384,
13264 gRed: false,
13265 g: [
13266 'aa87ca22 be8b0537 8eb1c71e f320ad74 6e1d3b62 8ba79b98 59f741e0 82542a38 ' +
13267 '5502f25d bf55296c 3a545e38 72760ab7',
13268 '3617de4a 96262c6f 5d9e98bf 9292dc29 f8f41dbd 289a147c e9da3113 b5f0b8c0 ' +
13269 '0a60b1ce 1d7e819d 7a431d7c 90ea0e5f'
13270 ]
13271});
13272
13273defineCurve('p521', {
13274 type: 'short',
13275 prime: null,
13276 p: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' +
13277 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' +
13278 'ffffffff ffffffff ffffffff ffffffff ffffffff',
13279 a: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' +
13280 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' +
13281 'ffffffff ffffffff ffffffff ffffffff fffffffc',
13282 b: '00000051 953eb961 8e1c9a1f 929a21a0 b68540ee a2da725b ' +
13283 '99b315f3 b8b48991 8ef109e1 56193951 ec7e937b 1652c0bd ' +
13284 '3bb1bf07 3573df88 3d2c34f1 ef451fd4 6b503f00',
13285 n: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' +
13286 'ffffffff ffffffff fffffffa 51868783 bf2f966b 7fcc0148 ' +
13287 'f709a5d0 3bb5c9b8 899c47ae bb6fb71e 91386409',
13288 hash: hash.sha512,
13289 gRed: false,
13290 g: [
13291 '000000c6 858e06b7 0404e9cd 9e3ecb66 2395b442 9c648139 ' +
13292 '053fb521 f828af60 6b4d3dba a14b5e77 efe75928 fe1dc127 ' +
13293 'a2ffa8de 3348b3c1 856a429b f97e7e31 c2e5bd66',
13294 '00000118 39296a78 9a3bc004 5c8a5fb4 2c7d1bd9 98f54449 ' +
13295 '579b4468 17afbd17 273e662c 97ee7299 5ef42640 c550b901 ' +
13296 '3fad0761 353c7086 a272c240 88be9476 9fd16650'
13297 ]
13298});
13299
13300defineCurve('curve25519', {
13301 type: 'mont',
13302 prime: 'p25519',
13303 p: '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed',
13304 a: '76d06',
13305 b: '1',
13306 n: '1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed',
13307 hash: hash.sha256,
13308 gRed: false,
13309 g: [
13310 '9'
13311 ]
13312});
13313
13314defineCurve('ed25519', {
13315 type: 'edwards',
13316 prime: 'p25519',
13317 p: '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed',
13318 a: '-1',
13319 c: '1',
13320 // -121665 * (121666^(-1)) (mod P)
13321 d: '52036cee2b6ffe73 8cc740797779e898 00700a4d4141d8ab 75eb4dca135978a3',
13322 n: '1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed',
13323 hash: hash.sha256,
13324 gRed: false,
13325 g: [
13326 '216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51a',
13327
13328 // 4/5
13329 '6666666666666666666666666666666666666666666666666666666666666658'
13330 ]
13331});
13332
13333var pre;
13334try {
13335 pre = require('./precomputed/secp256k1');
13336} catch (e) {
13337 pre = undefined;
13338}
13339
13340defineCurve('secp256k1', {
13341 type: 'short',
13342 prime: 'k256',
13343 p: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f',
13344 a: '0',
13345 b: '7',
13346 n: 'ffffffff ffffffff ffffffff fffffffe baaedce6 af48a03b bfd25e8c d0364141',
13347 h: '1',
13348 hash: hash.sha256,
13349
13350 // Precomputed endomorphism
13351 beta: '7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee',
13352 lambda: '5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72',
13353 basis: [
13354 {
13355 a: '3086d221a7d46bcde86c90e49284eb15',
13356 b: '-e4437ed6010e88286f547fa90abfe4c3'
13357 },
13358 {
13359 a: '114ca50f7a8e2f3f657c1108d9d44cfd8',
13360 b: '3086d221a7d46bcde86c90e49284eb15'
13361 }
13362 ],
13363
13364 gRed: false,
13365 g: [
13366 '79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798',
13367 '483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8',
13368 pre
13369 ]
13370});
13371
13372},{"../elliptic":67,"./precomputed/secp256k1":80,"hash.js":86}],74:[function(require,module,exports){
13373'use strict';
13374
13375var BN = require('bn.js');
13376var HmacDRBG = require('hmac-drbg');
13377var elliptic = require('../../elliptic');
13378var utils = elliptic.utils;
13379var assert = utils.assert;
13380
13381var KeyPair = require('./key');
13382var Signature = require('./signature');
13383
13384function EC(options) {
13385 if (!(this instanceof EC))
13386 return new EC(options);
13387
13388 // Shortcut `elliptic.ec(curve-name)`
13389 if (typeof options === 'string') {
13390 assert(elliptic.curves.hasOwnProperty(options), 'Unknown curve ' + options);
13391
13392 options = elliptic.curves[options];
13393 }
13394
13395 // Shortcut for `elliptic.ec(elliptic.curves.curveName)`
13396 if (options instanceof elliptic.curves.PresetCurve)
13397 options = { curve: options };
13398
13399 this.curve = options.curve.curve;
13400 this.n = this.curve.n;
13401 this.nh = this.n.ushrn(1);
13402 this.g = this.curve.g;
13403
13404 // Point on curve
13405 this.g = options.curve.g;
13406 this.g.precompute(options.curve.n.bitLength() + 1);
13407
13408 // Hash for function for DRBG
13409 this.hash = options.hash || options.curve.hash;
13410}
13411module.exports = EC;
13412
13413EC.prototype.keyPair = function keyPair(options) {
13414 return new KeyPair(this, options);
13415};
13416
13417EC.prototype.keyFromPrivate = function keyFromPrivate(priv, enc) {
13418 return KeyPair.fromPrivate(this, priv, enc);
13419};
13420
13421EC.prototype.keyFromPublic = function keyFromPublic(pub, enc) {
13422 return KeyPair.fromPublic(this, pub, enc);
13423};
13424
13425EC.prototype.genKeyPair = function genKeyPair(options) {
13426 if (!options)
13427 options = {};
13428
13429 // Instantiate Hmac_DRBG
13430 var drbg = new HmacDRBG({
13431 hash: this.hash,
13432 pers: options.pers,
13433 persEnc: options.persEnc || 'utf8',
13434 entropy: options.entropy || elliptic.rand(this.hash.hmacStrength),
13435 entropyEnc: options.entropy && options.entropyEnc || 'utf8',
13436 nonce: this.n.toArray()
13437 });
13438
13439 var bytes = this.n.byteLength();
13440 var ns2 = this.n.sub(new BN(2));
13441 do {
13442 var priv = new BN(drbg.generate(bytes));
13443 if (priv.cmp(ns2) > 0)
13444 continue;
13445
13446 priv.iaddn(1);
13447 return this.keyFromPrivate(priv);
13448 } while (true);
13449};
13450
13451EC.prototype._truncateToN = function truncateToN(msg, truncOnly) {
13452 var delta = msg.byteLength() * 8 - this.n.bitLength();
13453 if (delta > 0)
13454 msg = msg.ushrn(delta);
13455 if (!truncOnly && msg.cmp(this.n) >= 0)
13456 return msg.sub(this.n);
13457 else
13458 return msg;
13459};
13460
13461EC.prototype.sign = function sign(msg, key, enc, options) {
13462 if (typeof enc === 'object') {
13463 options = enc;
13464 enc = null;
13465 }
13466 if (!options)
13467 options = {};
13468
13469 key = this.keyFromPrivate(key, enc);
13470 msg = this._truncateToN(new BN(msg, 16));
13471
13472 // Zero-extend key to provide enough entropy
13473 var bytes = this.n.byteLength();
13474 var bkey = key.getPrivate().toArray('be', bytes);
13475
13476 // Zero-extend nonce to have the same byte size as N
13477 var nonce = msg.toArray('be', bytes);
13478
13479 // Instantiate Hmac_DRBG
13480 var drbg = new HmacDRBG({
13481 hash: this.hash,
13482 entropy: bkey,
13483 nonce: nonce,
13484 pers: options.pers,
13485 persEnc: options.persEnc || 'utf8'
13486 });
13487
13488 // Number of bytes to generate
13489 var ns1 = this.n.sub(new BN(1));
13490
13491 for (var iter = 0; true; iter++) {
13492 var k = options.k ?
13493 options.k(iter) :
13494 new BN(drbg.generate(this.n.byteLength()));
13495 k = this._truncateToN(k, true);
13496 if (k.cmpn(1) <= 0 || k.cmp(ns1) >= 0)
13497 continue;
13498
13499 var kp = this.g.mul(k);
13500 if (kp.isInfinity())
13501 continue;
13502
13503 var kpX = kp.getX();
13504 var r = kpX.umod(this.n);
13505 if (r.cmpn(0) === 0)
13506 continue;
13507
13508 var s = k.invm(this.n).mul(r.mul(key.getPrivate()).iadd(msg));
13509 s = s.umod(this.n);
13510 if (s.cmpn(0) === 0)
13511 continue;
13512
13513 var recoveryParam = (kp.getY().isOdd() ? 1 : 0) |
13514 (kpX.cmp(r) !== 0 ? 2 : 0);
13515
13516 // Use complement of `s`, if it is > `n / 2`
13517 if (options.canonical && s.cmp(this.nh) > 0) {
13518 s = this.n.sub(s);
13519 recoveryParam ^= 1;
13520 }
13521
13522 return new Signature({ r: r, s: s, recoveryParam: recoveryParam });
13523 }
13524};
13525
13526EC.prototype.verify = function verify(msg, signature, key, enc) {
13527 msg = this._truncateToN(new BN(msg, 16));
13528 key = this.keyFromPublic(key, enc);
13529 signature = new Signature(signature, 'hex');
13530
13531 // Perform primitive values validation
13532 var r = signature.r;
13533 var s = signature.s;
13534 if (r.cmpn(1) < 0 || r.cmp(this.n) >= 0)
13535 return false;
13536 if (s.cmpn(1) < 0 || s.cmp(this.n) >= 0)
13537 return false;
13538
13539 // Validate signature
13540 var sinv = s.invm(this.n);
13541 var u1 = sinv.mul(msg).umod(this.n);
13542 var u2 = sinv.mul(r).umod(this.n);
13543
13544 if (!this.curve._maxwellTrick) {
13545 var p = this.g.mulAdd(u1, key.getPublic(), u2);
13546 if (p.isInfinity())
13547 return false;
13548
13549 return p.getX().umod(this.n).cmp(r) === 0;
13550 }
13551
13552 // NOTE: Greg Maxwell's trick, inspired by:
13553 // https://git.io/vad3K
13554
13555 var p = this.g.jmulAdd(u1, key.getPublic(), u2);
13556 if (p.isInfinity())
13557 return false;
13558
13559 // Compare `p.x` of Jacobian point with `r`,
13560 // this will do `p.x == r * p.z^2` instead of multiplying `p.x` by the
13561 // inverse of `p.z^2`
13562 return p.eqXToP(r);
13563};
13564
13565EC.prototype.recoverPubKey = function(msg, signature, j, enc) {
13566 assert((3 & j) === j, 'The recovery param is more than two bits');
13567 signature = new Signature(signature, enc);
13568
13569 var n = this.n;
13570 var e = new BN(msg);
13571 var r = signature.r;
13572 var s = signature.s;
13573
13574 // A set LSB signifies that the y-coordinate is odd
13575 var isYOdd = j & 1;
13576 var isSecondKey = j >> 1;
13577 if (r.cmp(this.curve.p.umod(this.curve.n)) >= 0 && isSecondKey)
13578 throw new Error('Unable to find sencond key candinate');
13579
13580 // 1.1. Let x = r + jn.
13581 if (isSecondKey)
13582 r = this.curve.pointFromX(r.add(this.curve.n), isYOdd);
13583 else
13584 r = this.curve.pointFromX(r, isYOdd);
13585
13586 var rInv = signature.r.invm(n);
13587 var s1 = n.sub(e).mul(rInv).umod(n);
13588 var s2 = s.mul(rInv).umod(n);
13589
13590 // 1.6.1 Compute Q = r^-1 (sR - eG)
13591 // Q = r^-1 (sR + -eG)
13592 return this.g.mulAdd(s1, r, s2);
13593};
13594
13595EC.prototype.getKeyRecoveryParam = function(e, signature, Q, enc) {
13596 signature = new Signature(signature, enc);
13597 if (signature.recoveryParam !== null)
13598 return signature.recoveryParam;
13599
13600 for (var i = 0; i < 4; i++) {
13601 var Qprime;
13602 try {
13603 Qprime = this.recoverPubKey(e, signature, i);
13604 } catch (e) {
13605 continue;
13606 }
13607
13608 if (Qprime.eq(Q))
13609 return i;
13610 }
13611 throw new Error('Unable to find valid recovery factor');
13612};
13613
13614},{"../../elliptic":67,"./key":75,"./signature":76,"bn.js":17,"hmac-drbg":92}],75:[function(require,module,exports){
13615'use strict';
13616
13617var BN = require('bn.js');
13618var elliptic = require('../../elliptic');
13619var utils = elliptic.utils;
13620var assert = utils.assert;
13621
13622function KeyPair(ec, options) {
13623 this.ec = ec;
13624 this.priv = null;
13625 this.pub = null;
13626
13627 // KeyPair(ec, { priv: ..., pub: ... })
13628 if (options.priv)
13629 this._importPrivate(options.priv, options.privEnc);
13630 if (options.pub)
13631 this._importPublic(options.pub, options.pubEnc);
13632}
13633module.exports = KeyPair;
13634
13635KeyPair.fromPublic = function fromPublic(ec, pub, enc) {
13636 if (pub instanceof KeyPair)
13637 return pub;
13638
13639 return new KeyPair(ec, {
13640 pub: pub,
13641 pubEnc: enc
13642 });
13643};
13644
13645KeyPair.fromPrivate = function fromPrivate(ec, priv, enc) {
13646 if (priv instanceof KeyPair)
13647 return priv;
13648
13649 return new KeyPair(ec, {
13650 priv: priv,
13651 privEnc: enc
13652 });
13653};
13654
13655KeyPair.prototype.validate = function validate() {
13656 var pub = this.getPublic();
13657
13658 if (pub.isInfinity())
13659 return { result: false, reason: 'Invalid public key' };
13660 if (!pub.validate())
13661 return { result: false, reason: 'Public key is not a point' };
13662 if (!pub.mul(this.ec.curve.n).isInfinity())
13663 return { result: false, reason: 'Public key * N != O' };
13664
13665 return { result: true, reason: null };
13666};
13667
13668KeyPair.prototype.getPublic = function getPublic(compact, enc) {
13669 // compact is optional argument
13670 if (typeof compact === 'string') {
13671 enc = compact;
13672 compact = null;
13673 }
13674
13675 if (!this.pub)
13676 this.pub = this.ec.g.mul(this.priv);
13677
13678 if (!enc)
13679 return this.pub;
13680
13681 return this.pub.encode(enc, compact);
13682};
13683
13684KeyPair.prototype.getPrivate = function getPrivate(enc) {
13685 if (enc === 'hex')
13686 return this.priv.toString(16, 2);
13687 else
13688 return this.priv;
13689};
13690
13691KeyPair.prototype._importPrivate = function _importPrivate(key, enc) {
13692 this.priv = new BN(key, enc || 16);
13693
13694 // Ensure that the priv won't be bigger than n, otherwise we may fail
13695 // in fixed multiplication method
13696 this.priv = this.priv.umod(this.ec.curve.n);
13697};
13698
13699KeyPair.prototype._importPublic = function _importPublic(key, enc) {
13700 if (key.x || key.y) {
13701 // Montgomery points only have an `x` coordinate.
13702 // Weierstrass/Edwards points on the other hand have both `x` and
13703 // `y` coordinates.
13704 if (this.ec.curve.type === 'mont') {
13705 assert(key.x, 'Need x coordinate');
13706 } else if (this.ec.curve.type === 'short' ||
13707 this.ec.curve.type === 'edwards') {
13708 assert(key.x && key.y, 'Need both x and y coordinate');
13709 }
13710 this.pub = this.ec.curve.point(key.x, key.y);
13711 return;
13712 }
13713 this.pub = this.ec.curve.decodePoint(key, enc);
13714};
13715
13716// ECDH
13717KeyPair.prototype.derive = function derive(pub) {
13718 return pub.mul(this.priv).getX();
13719};
13720
13721// ECDSA
13722KeyPair.prototype.sign = function sign(msg, enc, options) {
13723 return this.ec.sign(msg, this, enc, options);
13724};
13725
13726KeyPair.prototype.verify = function verify(msg, signature) {
13727 return this.ec.verify(msg, signature, this);
13728};
13729
13730KeyPair.prototype.inspect = function inspect() {
13731 return '<Key priv: ' + (this.priv && this.priv.toString(16, 2)) +
13732 ' pub: ' + (this.pub && this.pub.inspect()) + ' >';
13733};
13734
13735},{"../../elliptic":67,"bn.js":17}],76:[function(require,module,exports){
13736'use strict';
13737
13738var BN = require('bn.js');
13739
13740var elliptic = require('../../elliptic');
13741var utils = elliptic.utils;
13742var assert = utils.assert;
13743
13744function Signature(options, enc) {
13745 if (options instanceof Signature)
13746 return options;
13747
13748 if (this._importDER(options, enc))
13749 return;
13750
13751 assert(options.r && options.s, 'Signature without r or s');
13752 this.r = new BN(options.r, 16);
13753 this.s = new BN(options.s, 16);
13754 if (options.recoveryParam === undefined)
13755 this.recoveryParam = null;
13756 else
13757 this.recoveryParam = options.recoveryParam;
13758}
13759module.exports = Signature;
13760
13761function Position() {
13762 this.place = 0;
13763}
13764
13765function getLength(buf, p) {
13766 var initial = buf[p.place++];
13767 if (!(initial & 0x80)) {
13768 return initial;
13769 }
13770 var octetLen = initial & 0xf;
13771 var val = 0;
13772 for (var i = 0, off = p.place; i < octetLen; i++, off++) {
13773 val <<= 8;
13774 val |= buf[off];
13775 }
13776 p.place = off;
13777 return val;
13778}
13779
13780function rmPadding(buf) {
13781 var i = 0;
13782 var len = buf.length - 1;
13783 while (!buf[i] && !(buf[i + 1] & 0x80) && i < len) {
13784 i++;
13785 }
13786 if (i === 0) {
13787 return buf;
13788 }
13789 return buf.slice(i);
13790}
13791
13792Signature.prototype._importDER = function _importDER(data, enc) {
13793 data = utils.toArray(data, enc);
13794 var p = new Position();
13795 if (data[p.place++] !== 0x30) {
13796 return false;
13797 }
13798 var len = getLength(data, p);
13799 if ((len + p.place) !== data.length) {
13800 return false;
13801 }
13802 if (data[p.place++] !== 0x02) {
13803 return false;
13804 }
13805 var rlen = getLength(data, p);
13806 var r = data.slice(p.place, rlen + p.place);
13807 p.place += rlen;
13808 if (data[p.place++] !== 0x02) {
13809 return false;
13810 }
13811 var slen = getLength(data, p);
13812 if (data.length !== slen + p.place) {
13813 return false;
13814 }
13815 var s = data.slice(p.place, slen + p.place);
13816 if (r[0] === 0 && (r[1] & 0x80)) {
13817 r = r.slice(1);
13818 }
13819 if (s[0] === 0 && (s[1] & 0x80)) {
13820 s = s.slice(1);
13821 }
13822
13823 this.r = new BN(r);
13824 this.s = new BN(s);
13825 this.recoveryParam = null;
13826
13827 return true;
13828};
13829
13830function constructLength(arr, len) {
13831 if (len < 0x80) {
13832 arr.push(len);
13833 return;
13834 }
13835 var octets = 1 + (Math.log(len) / Math.LN2 >>> 3);
13836 arr.push(octets | 0x80);
13837 while (--octets) {
13838 arr.push((len >>> (octets << 3)) & 0xff);
13839 }
13840 arr.push(len);
13841}
13842
13843Signature.prototype.toDER = function toDER(enc) {
13844 var r = this.r.toArray();
13845 var s = this.s.toArray();
13846
13847 // Pad values
13848 if (r[0] & 0x80)
13849 r = [ 0 ].concat(r);
13850 // Pad values
13851 if (s[0] & 0x80)
13852 s = [ 0 ].concat(s);
13853
13854 r = rmPadding(r);
13855 s = rmPadding(s);
13856
13857 while (!s[0] && !(s[1] & 0x80)) {
13858 s = s.slice(1);
13859 }
13860 var arr = [ 0x02 ];
13861 constructLength(arr, r.length);
13862 arr = arr.concat(r);
13863 arr.push(0x02);
13864 constructLength(arr, s.length);
13865 var backHalf = arr.concat(s);
13866 var res = [ 0x30 ];
13867 constructLength(res, backHalf.length);
13868 res = res.concat(backHalf);
13869 return utils.encode(res, enc);
13870};
13871
13872},{"../../elliptic":67,"bn.js":17}],77:[function(require,module,exports){
13873'use strict';
13874
13875var hash = require('hash.js');
13876var elliptic = require('../../elliptic');
13877var utils = elliptic.utils;
13878var assert = utils.assert;
13879var parseBytes = utils.parseBytes;
13880var KeyPair = require('./key');
13881var Signature = require('./signature');
13882
13883function EDDSA(curve) {
13884 assert(curve === 'ed25519', 'only tested with ed25519 so far');
13885
13886 if (!(this instanceof EDDSA))
13887 return new EDDSA(curve);
13888
13889 var curve = elliptic.curves[curve].curve;
13890 this.curve = curve;
13891 this.g = curve.g;
13892 this.g.precompute(curve.n.bitLength() + 1);
13893
13894 this.pointClass = curve.point().constructor;
13895 this.encodingLength = Math.ceil(curve.n.bitLength() / 8);
13896 this.hash = hash.sha512;
13897}
13898
13899module.exports = EDDSA;
13900
13901/**
13902* @param {Array|String} message - message bytes
13903* @param {Array|String|KeyPair} secret - secret bytes or a keypair
13904* @returns {Signature} - signature
13905*/
13906EDDSA.prototype.sign = function sign(message, secret) {
13907 message = parseBytes(message);
13908 var key = this.keyFromSecret(secret);
13909 var r = this.hashInt(key.messagePrefix(), message);
13910 var R = this.g.mul(r);
13911 var Rencoded = this.encodePoint(R);
13912 var s_ = this.hashInt(Rencoded, key.pubBytes(), message)
13913 .mul(key.priv());
13914 var S = r.add(s_).umod(this.curve.n);
13915 return this.makeSignature({ R: R, S: S, Rencoded: Rencoded });
13916};
13917
13918/**
13919* @param {Array} message - message bytes
13920* @param {Array|String|Signature} sig - sig bytes
13921* @param {Array|String|Point|KeyPair} pub - public key
13922* @returns {Boolean} - true if public key matches sig of message
13923*/
13924EDDSA.prototype.verify = function verify(message, sig, pub) {
13925 message = parseBytes(message);
13926 sig = this.makeSignature(sig);
13927 var key = this.keyFromPublic(pub);
13928 var h = this.hashInt(sig.Rencoded(), key.pubBytes(), message);
13929 var SG = this.g.mul(sig.S());
13930 var RplusAh = sig.R().add(key.pub().mul(h));
13931 return RplusAh.eq(SG);
13932};
13933
13934EDDSA.prototype.hashInt = function hashInt() {
13935 var hash = this.hash();
13936 for (var i = 0; i < arguments.length; i++)
13937 hash.update(arguments[i]);
13938 return utils.intFromLE(hash.digest()).umod(this.curve.n);
13939};
13940
13941EDDSA.prototype.keyFromPublic = function keyFromPublic(pub) {
13942 return KeyPair.fromPublic(this, pub);
13943};
13944
13945EDDSA.prototype.keyFromSecret = function keyFromSecret(secret) {
13946 return KeyPair.fromSecret(this, secret);
13947};
13948
13949EDDSA.prototype.makeSignature = function makeSignature(sig) {
13950 if (sig instanceof Signature)
13951 return sig;
13952 return new Signature(this, sig);
13953};
13954
13955/**
13956* * https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03#section-5.2
13957*
13958* EDDSA defines methods for encoding and decoding points and integers. These are
13959* helper convenience methods, that pass along to utility functions implied
13960* parameters.
13961*
13962*/
13963EDDSA.prototype.encodePoint = function encodePoint(point) {
13964 var enc = point.getY().toArray('le', this.encodingLength);
13965 enc[this.encodingLength - 1] |= point.getX().isOdd() ? 0x80 : 0;
13966 return enc;
13967};
13968
13969EDDSA.prototype.decodePoint = function decodePoint(bytes) {
13970 bytes = utils.parseBytes(bytes);
13971
13972 var lastIx = bytes.length - 1;
13973 var normed = bytes.slice(0, lastIx).concat(bytes[lastIx] & ~0x80);
13974 var xIsOdd = (bytes[lastIx] & 0x80) !== 0;
13975
13976 var y = utils.intFromLE(normed);
13977 return this.curve.pointFromY(y, xIsOdd);
13978};
13979
13980EDDSA.prototype.encodeInt = function encodeInt(num) {
13981 return num.toArray('le', this.encodingLength);
13982};
13983
13984EDDSA.prototype.decodeInt = function decodeInt(bytes) {
13985 return utils.intFromLE(bytes);
13986};
13987
13988EDDSA.prototype.isPoint = function isPoint(val) {
13989 return val instanceof this.pointClass;
13990};
13991
13992},{"../../elliptic":67,"./key":78,"./signature":79,"hash.js":86}],78:[function(require,module,exports){
13993'use strict';
13994
13995var elliptic = require('../../elliptic');
13996var utils = elliptic.utils;
13997var assert = utils.assert;
13998var parseBytes = utils.parseBytes;
13999var cachedProperty = utils.cachedProperty;
14000
14001/**
14002* @param {EDDSA} eddsa - instance
14003* @param {Object} params - public/private key parameters
14004*
14005* @param {Array<Byte>} [params.secret] - secret seed bytes
14006* @param {Point} [params.pub] - public key point (aka `A` in eddsa terms)
14007* @param {Array<Byte>} [params.pub] - public key point encoded as bytes
14008*
14009*/
14010function KeyPair(eddsa, params) {
14011 this.eddsa = eddsa;
14012 this._secret = parseBytes(params.secret);
14013 if (eddsa.isPoint(params.pub))
14014 this._pub = params.pub;
14015 else
14016 this._pubBytes = parseBytes(params.pub);
14017}
14018
14019KeyPair.fromPublic = function fromPublic(eddsa, pub) {
14020 if (pub instanceof KeyPair)
14021 return pub;
14022 return new KeyPair(eddsa, { pub: pub });
14023};
14024
14025KeyPair.fromSecret = function fromSecret(eddsa, secret) {
14026 if (secret instanceof KeyPair)
14027 return secret;
14028 return new KeyPair(eddsa, { secret: secret });
14029};
14030
14031KeyPair.prototype.secret = function secret() {
14032 return this._secret;
14033};
14034
14035cachedProperty(KeyPair, 'pubBytes', function pubBytes() {
14036 return this.eddsa.encodePoint(this.pub());
14037});
14038
14039cachedProperty(KeyPair, 'pub', function pub() {
14040 if (this._pubBytes)
14041 return this.eddsa.decodePoint(this._pubBytes);
14042 return this.eddsa.g.mul(this.priv());
14043});
14044
14045cachedProperty(KeyPair, 'privBytes', function privBytes() {
14046 var eddsa = this.eddsa;
14047 var hash = this.hash();
14048 var lastIx = eddsa.encodingLength - 1;
14049
14050 var a = hash.slice(0, eddsa.encodingLength);
14051 a[0] &= 248;
14052 a[lastIx] &= 127;
14053 a[lastIx] |= 64;
14054
14055 return a;
14056});
14057
14058cachedProperty(KeyPair, 'priv', function priv() {
14059 return this.eddsa.decodeInt(this.privBytes());
14060});
14061
14062cachedProperty(KeyPair, 'hash', function hash() {
14063 return this.eddsa.hash().update(this.secret()).digest();
14064});
14065
14066cachedProperty(KeyPair, 'messagePrefix', function messagePrefix() {
14067 return this.hash().slice(this.eddsa.encodingLength);
14068});
14069
14070KeyPair.prototype.sign = function sign(message) {
14071 assert(this._secret, 'KeyPair can only verify');
14072 return this.eddsa.sign(message, this);
14073};
14074
14075KeyPair.prototype.verify = function verify(message, sig) {
14076 return this.eddsa.verify(message, sig, this);
14077};
14078
14079KeyPair.prototype.getSecret = function getSecret(enc) {
14080 assert(this._secret, 'KeyPair is public only');
14081 return utils.encode(this.secret(), enc);
14082};
14083
14084KeyPair.prototype.getPublic = function getPublic(enc) {
14085 return utils.encode(this.pubBytes(), enc);
14086};
14087
14088module.exports = KeyPair;
14089
14090},{"../../elliptic":67}],79:[function(require,module,exports){
14091'use strict';
14092
14093var BN = require('bn.js');
14094var elliptic = require('../../elliptic');
14095var utils = elliptic.utils;
14096var assert = utils.assert;
14097var cachedProperty = utils.cachedProperty;
14098var parseBytes = utils.parseBytes;
14099
14100/**
14101* @param {EDDSA} eddsa - eddsa instance
14102* @param {Array<Bytes>|Object} sig -
14103* @param {Array<Bytes>|Point} [sig.R] - R point as Point or bytes
14104* @param {Array<Bytes>|bn} [sig.S] - S scalar as bn or bytes
14105* @param {Array<Bytes>} [sig.Rencoded] - R point encoded
14106* @param {Array<Bytes>} [sig.Sencoded] - S scalar encoded
14107*/
14108function Signature(eddsa, sig) {
14109 this.eddsa = eddsa;
14110
14111 if (typeof sig !== 'object')
14112 sig = parseBytes(sig);
14113
14114 if (Array.isArray(sig)) {
14115 sig = {
14116 R: sig.slice(0, eddsa.encodingLength),
14117 S: sig.slice(eddsa.encodingLength)
14118 };
14119 }
14120
14121 assert(sig.R && sig.S, 'Signature without R or S');
14122
14123 if (eddsa.isPoint(sig.R))
14124 this._R = sig.R;
14125 if (sig.S instanceof BN)
14126 this._S = sig.S;
14127
14128 this._Rencoded = Array.isArray(sig.R) ? sig.R : sig.Rencoded;
14129 this._Sencoded = Array.isArray(sig.S) ? sig.S : sig.Sencoded;
14130}
14131
14132cachedProperty(Signature, 'S', function S() {
14133 return this.eddsa.decodeInt(this.Sencoded());
14134});
14135
14136cachedProperty(Signature, 'R', function R() {
14137 return this.eddsa.decodePoint(this.Rencoded());
14138});
14139
14140cachedProperty(Signature, 'Rencoded', function Rencoded() {
14141 return this.eddsa.encodePoint(this.R());
14142});
14143
14144cachedProperty(Signature, 'Sencoded', function Sencoded() {
14145 return this.eddsa.encodeInt(this.S());
14146});
14147
14148Signature.prototype.toBytes = function toBytes() {
14149 return this.Rencoded().concat(this.Sencoded());
14150};
14151
14152Signature.prototype.toHex = function toHex() {
14153 return utils.encode(this.toBytes(), 'hex').toUpperCase();
14154};
14155
14156module.exports = Signature;
14157
14158},{"../../elliptic":67,"bn.js":17}],80:[function(require,module,exports){
14159module.exports = {
14160 doubles: {
14161 step: 4,
14162 points: [
14163 [
14164 'e60fce93b59e9ec53011aabc21c23e97b2a31369b87a5ae9c44ee89e2a6dec0a',
14165 'f7e3507399e595929db99f34f57937101296891e44d23f0be1f32cce69616821'
14166 ],
14167 [
14168 '8282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508',
14169 '11f8a8098557dfe45e8256e830b60ace62d613ac2f7b17bed31b6eaff6e26caf'
14170 ],
14171 [
14172 '175e159f728b865a72f99cc6c6fc846de0b93833fd2222ed73fce5b551e5b739',
14173 'd3506e0d9e3c79eba4ef97a51ff71f5eacb5955add24345c6efa6ffee9fed695'
14174 ],
14175 [
14176 '363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640',
14177 '4e273adfc732221953b445397f3363145b9a89008199ecb62003c7f3bee9de9'
14178 ],
14179 [
14180 '8b4b5f165df3c2be8c6244b5b745638843e4a781a15bcd1b69f79a55dffdf80c',
14181 '4aad0a6f68d308b4b3fbd7813ab0da04f9e336546162ee56b3eff0c65fd4fd36'
14182 ],
14183 [
14184 '723cbaa6e5db996d6bf771c00bd548c7b700dbffa6c0e77bcb6115925232fcda',
14185 '96e867b5595cc498a921137488824d6e2660a0653779494801dc069d9eb39f5f'
14186 ],
14187 [
14188 'eebfa4d493bebf98ba5feec812c2d3b50947961237a919839a533eca0e7dd7fa',
14189 '5d9a8ca3970ef0f269ee7edaf178089d9ae4cdc3a711f712ddfd4fdae1de8999'
14190 ],
14191 [
14192 '100f44da696e71672791d0a09b7bde459f1215a29b3c03bfefd7835b39a48db0',
14193 'cdd9e13192a00b772ec8f3300c090666b7ff4a18ff5195ac0fbd5cd62bc65a09'
14194 ],
14195 [
14196 'e1031be262c7ed1b1dc9227a4a04c017a77f8d4464f3b3852c8acde6e534fd2d',
14197 '9d7061928940405e6bb6a4176597535af292dd419e1ced79a44f18f29456a00d'
14198 ],
14199 [
14200 'feea6cae46d55b530ac2839f143bd7ec5cf8b266a41d6af52d5e688d9094696d',
14201 'e57c6b6c97dce1bab06e4e12bf3ecd5c981c8957cc41442d3155debf18090088'
14202 ],
14203 [
14204 'da67a91d91049cdcb367be4be6ffca3cfeed657d808583de33fa978bc1ec6cb1',
14205 '9bacaa35481642bc41f463f7ec9780e5dec7adc508f740a17e9ea8e27a68be1d'
14206 ],
14207 [
14208 '53904faa0b334cdda6e000935ef22151ec08d0f7bb11069f57545ccc1a37b7c0',
14209 '5bc087d0bc80106d88c9eccac20d3c1c13999981e14434699dcb096b022771c8'
14210 ],
14211 [
14212 '8e7bcd0bd35983a7719cca7764ca906779b53a043a9b8bcaeff959f43ad86047',
14213 '10b7770b2a3da4b3940310420ca9514579e88e2e47fd68b3ea10047e8460372a'
14214 ],
14215 [
14216 '385eed34c1cdff21e6d0818689b81bde71a7f4f18397e6690a841e1599c43862',
14217 '283bebc3e8ea23f56701de19e9ebf4576b304eec2086dc8cc0458fe5542e5453'
14218 ],
14219 [
14220 '6f9d9b803ecf191637c73a4413dfa180fddf84a5947fbc9c606ed86c3fac3a7',
14221 '7c80c68e603059ba69b8e2a30e45c4d47ea4dd2f5c281002d86890603a842160'
14222 ],
14223 [
14224 '3322d401243c4e2582a2147c104d6ecbf774d163db0f5e5313b7e0e742d0e6bd',
14225 '56e70797e9664ef5bfb019bc4ddaf9b72805f63ea2873af624f3a2e96c28b2a0'
14226 ],
14227 [
14228 '85672c7d2de0b7da2bd1770d89665868741b3f9af7643397721d74d28134ab83',
14229 '7c481b9b5b43b2eb6374049bfa62c2e5e77f17fcc5298f44c8e3094f790313a6'
14230 ],
14231 [
14232 '948bf809b1988a46b06c9f1919413b10f9226c60f668832ffd959af60c82a0a',
14233 '53a562856dcb6646dc6b74c5d1c3418c6d4dff08c97cd2bed4cb7f88d8c8e589'
14234 ],
14235 [
14236 '6260ce7f461801c34f067ce0f02873a8f1b0e44dfc69752accecd819f38fd8e8',
14237 'bc2da82b6fa5b571a7f09049776a1ef7ecd292238051c198c1a84e95b2b4ae17'
14238 ],
14239 [
14240 'e5037de0afc1d8d43d8348414bbf4103043ec8f575bfdc432953cc8d2037fa2d',
14241 '4571534baa94d3b5f9f98d09fb990bddbd5f5b03ec481f10e0e5dc841d755bda'
14242 ],
14243 [
14244 'e06372b0f4a207adf5ea905e8f1771b4e7e8dbd1c6a6c5b725866a0ae4fce725',
14245 '7a908974bce18cfe12a27bb2ad5a488cd7484a7787104870b27034f94eee31dd'
14246 ],
14247 [
14248 '213c7a715cd5d45358d0bbf9dc0ce02204b10bdde2a3f58540ad6908d0559754',
14249 '4b6dad0b5ae462507013ad06245ba190bb4850f5f36a7eeddff2c27534b458f2'
14250 ],
14251 [
14252 '4e7c272a7af4b34e8dbb9352a5419a87e2838c70adc62cddf0cc3a3b08fbd53c',
14253 '17749c766c9d0b18e16fd09f6def681b530b9614bff7dd33e0b3941817dcaae6'
14254 ],
14255 [
14256 'fea74e3dbe778b1b10f238ad61686aa5c76e3db2be43057632427e2840fb27b6',
14257 '6e0568db9b0b13297cf674deccb6af93126b596b973f7b77701d3db7f23cb96f'
14258 ],
14259 [
14260 '76e64113f677cf0e10a2570d599968d31544e179b760432952c02a4417bdde39',
14261 'c90ddf8dee4e95cf577066d70681f0d35e2a33d2b56d2032b4b1752d1901ac01'
14262 ],
14263 [
14264 'c738c56b03b2abe1e8281baa743f8f9a8f7cc643df26cbee3ab150242bcbb891',
14265 '893fb578951ad2537f718f2eacbfbbbb82314eef7880cfe917e735d9699a84c3'
14266 ],
14267 [
14268 'd895626548b65b81e264c7637c972877d1d72e5f3a925014372e9f6588f6c14b',
14269 'febfaa38f2bc7eae728ec60818c340eb03428d632bb067e179363ed75d7d991f'
14270 ],
14271 [
14272 'b8da94032a957518eb0f6433571e8761ceffc73693e84edd49150a564f676e03',
14273 '2804dfa44805a1e4d7c99cc9762808b092cc584d95ff3b511488e4e74efdf6e7'
14274 ],
14275 [
14276 'e80fea14441fb33a7d8adab9475d7fab2019effb5156a792f1a11778e3c0df5d',
14277 'eed1de7f638e00771e89768ca3ca94472d155e80af322ea9fcb4291b6ac9ec78'
14278 ],
14279 [
14280 'a301697bdfcd704313ba48e51d567543f2a182031efd6915ddc07bbcc4e16070',
14281 '7370f91cfb67e4f5081809fa25d40f9b1735dbf7c0a11a130c0d1a041e177ea1'
14282 ],
14283 [
14284 '90ad85b389d6b936463f9d0512678de208cc330b11307fffab7ac63e3fb04ed4',
14285 'e507a3620a38261affdcbd9427222b839aefabe1582894d991d4d48cb6ef150'
14286 ],
14287 [
14288 '8f68b9d2f63b5f339239c1ad981f162ee88c5678723ea3351b7b444c9ec4c0da',
14289 '662a9f2dba063986de1d90c2b6be215dbbea2cfe95510bfdf23cbf79501fff82'
14290 ],
14291 [
14292 'e4f3fb0176af85d65ff99ff9198c36091f48e86503681e3e6686fd5053231e11',
14293 '1e63633ad0ef4f1c1661a6d0ea02b7286cc7e74ec951d1c9822c38576feb73bc'
14294 ],
14295 [
14296 '8c00fa9b18ebf331eb961537a45a4266c7034f2f0d4e1d0716fb6eae20eae29e',
14297 'efa47267fea521a1a9dc343a3736c974c2fadafa81e36c54e7d2a4c66702414b'
14298 ],
14299 [
14300 'e7a26ce69dd4829f3e10cec0a9e98ed3143d084f308b92c0997fddfc60cb3e41',
14301 '2a758e300fa7984b471b006a1aafbb18d0a6b2c0420e83e20e8a9421cf2cfd51'
14302 ],
14303 [
14304 'b6459e0ee3662ec8d23540c223bcbdc571cbcb967d79424f3cf29eb3de6b80ef',
14305 '67c876d06f3e06de1dadf16e5661db3c4b3ae6d48e35b2ff30bf0b61a71ba45'
14306 ],
14307 [
14308 'd68a80c8280bb840793234aa118f06231d6f1fc67e73c5a5deda0f5b496943e8',
14309 'db8ba9fff4b586d00c4b1f9177b0e28b5b0e7b8f7845295a294c84266b133120'
14310 ],
14311 [
14312 '324aed7df65c804252dc0270907a30b09612aeb973449cea4095980fc28d3d5d',
14313 '648a365774b61f2ff130c0c35aec1f4f19213b0c7e332843967224af96ab7c84'
14314 ],
14315 [
14316 '4df9c14919cde61f6d51dfdbe5fee5dceec4143ba8d1ca888e8bd373fd054c96',
14317 '35ec51092d8728050974c23a1d85d4b5d506cdc288490192ebac06cad10d5d'
14318 ],
14319 [
14320 '9c3919a84a474870faed8a9c1cc66021523489054d7f0308cbfc99c8ac1f98cd',
14321 'ddb84f0f4a4ddd57584f044bf260e641905326f76c64c8e6be7e5e03d4fc599d'
14322 ],
14323 [
14324 '6057170b1dd12fdf8de05f281d8e06bb91e1493a8b91d4cc5a21382120a959e5',
14325 '9a1af0b26a6a4807add9a2daf71df262465152bc3ee24c65e899be932385a2a8'
14326 ],
14327 [
14328 'a576df8e23a08411421439a4518da31880cef0fba7d4df12b1a6973eecb94266',
14329 '40a6bf20e76640b2c92b97afe58cd82c432e10a7f514d9f3ee8be11ae1b28ec8'
14330 ],
14331 [
14332 '7778a78c28dec3e30a05fe9629de8c38bb30d1f5cf9a3a208f763889be58ad71',
14333 '34626d9ab5a5b22ff7098e12f2ff580087b38411ff24ac563b513fc1fd9f43ac'
14334 ],
14335 [
14336 '928955ee637a84463729fd30e7afd2ed5f96274e5ad7e5cb09eda9c06d903ac',
14337 'c25621003d3f42a827b78a13093a95eeac3d26efa8a8d83fc5180e935bcd091f'
14338 ],
14339 [
14340 '85d0fef3ec6db109399064f3a0e3b2855645b4a907ad354527aae75163d82751',
14341 '1f03648413a38c0be29d496e582cf5663e8751e96877331582c237a24eb1f962'
14342 ],
14343 [
14344 'ff2b0dce97eece97c1c9b6041798b85dfdfb6d8882da20308f5404824526087e',
14345 '493d13fef524ba188af4c4dc54d07936c7b7ed6fb90e2ceb2c951e01f0c29907'
14346 ],
14347 [
14348 '827fbbe4b1e880ea9ed2b2e6301b212b57f1ee148cd6dd28780e5e2cf856e241',
14349 'c60f9c923c727b0b71bef2c67d1d12687ff7a63186903166d605b68baec293ec'
14350 ],
14351 [
14352 'eaa649f21f51bdbae7be4ae34ce6e5217a58fdce7f47f9aa7f3b58fa2120e2b3',
14353 'be3279ed5bbbb03ac69a80f89879aa5a01a6b965f13f7e59d47a5305ba5ad93d'
14354 ],
14355 [
14356 'e4a42d43c5cf169d9391df6decf42ee541b6d8f0c9a137401e23632dda34d24f',
14357 '4d9f92e716d1c73526fc99ccfb8ad34ce886eedfa8d8e4f13a7f7131deba9414'
14358 ],
14359 [
14360 '1ec80fef360cbdd954160fadab352b6b92b53576a88fea4947173b9d4300bf19',
14361 'aeefe93756b5340d2f3a4958a7abbf5e0146e77f6295a07b671cdc1cc107cefd'
14362 ],
14363 [
14364 '146a778c04670c2f91b00af4680dfa8bce3490717d58ba889ddb5928366642be',
14365 'b318e0ec3354028add669827f9d4b2870aaa971d2f7e5ed1d0b297483d83efd0'
14366 ],
14367 [
14368 'fa50c0f61d22e5f07e3acebb1aa07b128d0012209a28b9776d76a8793180eef9',
14369 '6b84c6922397eba9b72cd2872281a68a5e683293a57a213b38cd8d7d3f4f2811'
14370 ],
14371 [
14372 'da1d61d0ca721a11b1a5bf6b7d88e8421a288ab5d5bba5220e53d32b5f067ec2',
14373 '8157f55a7c99306c79c0766161c91e2966a73899d279b48a655fba0f1ad836f1'
14374 ],
14375 [
14376 'a8e282ff0c9706907215ff98e8fd416615311de0446f1e062a73b0610d064e13',
14377 '7f97355b8db81c09abfb7f3c5b2515888b679a3e50dd6bd6cef7c73111f4cc0c'
14378 ],
14379 [
14380 '174a53b9c9a285872d39e56e6913cab15d59b1fa512508c022f382de8319497c',
14381 'ccc9dc37abfc9c1657b4155f2c47f9e6646b3a1d8cb9854383da13ac079afa73'
14382 ],
14383 [
14384 '959396981943785c3d3e57edf5018cdbe039e730e4918b3d884fdff09475b7ba',
14385 '2e7e552888c331dd8ba0386a4b9cd6849c653f64c8709385e9b8abf87524f2fd'
14386 ],
14387 [
14388 'd2a63a50ae401e56d645a1153b109a8fcca0a43d561fba2dbb51340c9d82b151',
14389 'e82d86fb6443fcb7565aee58b2948220a70f750af484ca52d4142174dcf89405'
14390 ],
14391 [
14392 '64587e2335471eb890ee7896d7cfdc866bacbdbd3839317b3436f9b45617e073',
14393 'd99fcdd5bf6902e2ae96dd6447c299a185b90a39133aeab358299e5e9faf6589'
14394 ],
14395 [
14396 '8481bde0e4e4d885b3a546d3e549de042f0aa6cea250e7fd358d6c86dd45e458',
14397 '38ee7b8cba5404dd84a25bf39cecb2ca900a79c42b262e556d64b1b59779057e'
14398 ],
14399 [
14400 '13464a57a78102aa62b6979ae817f4637ffcfed3c4b1ce30bcd6303f6caf666b',
14401 '69be159004614580ef7e433453ccb0ca48f300a81d0942e13f495a907f6ecc27'
14402 ],
14403 [
14404 'bc4a9df5b713fe2e9aef430bcc1dc97a0cd9ccede2f28588cada3a0d2d83f366',
14405 'd3a81ca6e785c06383937adf4b798caa6e8a9fbfa547b16d758d666581f33c1'
14406 ],
14407 [
14408 '8c28a97bf8298bc0d23d8c749452a32e694b65e30a9472a3954ab30fe5324caa',
14409 '40a30463a3305193378fedf31f7cc0eb7ae784f0451cb9459e71dc73cbef9482'
14410 ],
14411 [
14412 '8ea9666139527a8c1dd94ce4f071fd23c8b350c5a4bb33748c4ba111faccae0',
14413 '620efabbc8ee2782e24e7c0cfb95c5d735b783be9cf0f8e955af34a30e62b945'
14414 ],
14415 [
14416 'dd3625faef5ba06074669716bbd3788d89bdde815959968092f76cc4eb9a9787',
14417 '7a188fa3520e30d461da2501045731ca941461982883395937f68d00c644a573'
14418 ],
14419 [
14420 'f710d79d9eb962297e4f6232b40e8f7feb2bc63814614d692c12de752408221e',
14421 'ea98e67232d3b3295d3b535532115ccac8612c721851617526ae47a9c77bfc82'
14422 ]
14423 ]
14424 },
14425 naf: {
14426 wnd: 7,
14427 points: [
14428 [
14429 'f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9',
14430 '388f7b0f632de8140fe337e62a37f3566500a99934c2231b6cb9fd7584b8e672'
14431 ],
14432 [
14433 '2f8bde4d1a07209355b4a7250a5c5128e88b84bddc619ab7cba8d569b240efe4',
14434 'd8ac222636e5e3d6d4dba9dda6c9c426f788271bab0d6840dca87d3aa6ac62d6'
14435 ],
14436 [
14437 '5cbdf0646e5db4eaa398f365f2ea7a0e3d419b7e0330e39ce92bddedcac4f9bc',
14438 '6aebca40ba255960a3178d6d861a54dba813d0b813fde7b5a5082628087264da'
14439 ],
14440 [
14441 'acd484e2f0c7f65309ad178a9f559abde09796974c57e714c35f110dfc27ccbe',
14442 'cc338921b0a7d9fd64380971763b61e9add888a4375f8e0f05cc262ac64f9c37'
14443 ],
14444 [
14445 '774ae7f858a9411e5ef4246b70c65aac5649980be5c17891bbec17895da008cb',
14446 'd984a032eb6b5e190243dd56d7b7b365372db1e2dff9d6a8301d74c9c953c61b'
14447 ],
14448 [
14449 'f28773c2d975288bc7d1d205c3748651b075fbc6610e58cddeeddf8f19405aa8',
14450 'ab0902e8d880a89758212eb65cdaf473a1a06da521fa91f29b5cb52db03ed81'
14451 ],
14452 [
14453 'd7924d4f7d43ea965a465ae3095ff41131e5946f3c85f79e44adbcf8e27e080e',
14454 '581e2872a86c72a683842ec228cc6defea40af2bd896d3a5c504dc9ff6a26b58'
14455 ],
14456 [
14457 'defdea4cdb677750a420fee807eacf21eb9898ae79b9768766e4faa04a2d4a34',
14458 '4211ab0694635168e997b0ead2a93daeced1f4a04a95c0f6cfb199f69e56eb77'
14459 ],
14460 [
14461 '2b4ea0a797a443d293ef5cff444f4979f06acfebd7e86d277475656138385b6c',
14462 '85e89bc037945d93b343083b5a1c86131a01f60c50269763b570c854e5c09b7a'
14463 ],
14464 [
14465 '352bbf4a4cdd12564f93fa332ce333301d9ad40271f8107181340aef25be59d5',
14466 '321eb4075348f534d59c18259dda3e1f4a1b3b2e71b1039c67bd3d8bcf81998c'
14467 ],
14468 [
14469 '2fa2104d6b38d11b0230010559879124e42ab8dfeff5ff29dc9cdadd4ecacc3f',
14470 '2de1068295dd865b64569335bd5dd80181d70ecfc882648423ba76b532b7d67'
14471 ],
14472 [
14473 '9248279b09b4d68dab21a9b066edda83263c3d84e09572e269ca0cd7f5453714',
14474 '73016f7bf234aade5d1aa71bdea2b1ff3fc0de2a887912ffe54a32ce97cb3402'
14475 ],
14476 [
14477 'daed4f2be3a8bf278e70132fb0beb7522f570e144bf615c07e996d443dee8729',
14478 'a69dce4a7d6c98e8d4a1aca87ef8d7003f83c230f3afa726ab40e52290be1c55'
14479 ],
14480 [
14481 'c44d12c7065d812e8acf28d7cbb19f9011ecd9e9fdf281b0e6a3b5e87d22e7db',
14482 '2119a460ce326cdc76c45926c982fdac0e106e861edf61c5a039063f0e0e6482'
14483 ],
14484 [
14485 '6a245bf6dc698504c89a20cfded60853152b695336c28063b61c65cbd269e6b4',
14486 'e022cf42c2bd4a708b3f5126f16a24ad8b33ba48d0423b6efd5e6348100d8a82'
14487 ],
14488 [
14489 '1697ffa6fd9de627c077e3d2fe541084ce13300b0bec1146f95ae57f0d0bd6a5',
14490 'b9c398f186806f5d27561506e4557433a2cf15009e498ae7adee9d63d01b2396'
14491 ],
14492 [
14493 '605bdb019981718b986d0f07e834cb0d9deb8360ffb7f61df982345ef27a7479',
14494 '2972d2de4f8d20681a78d93ec96fe23c26bfae84fb14db43b01e1e9056b8c49'
14495 ],
14496 [
14497 '62d14dab4150bf497402fdc45a215e10dcb01c354959b10cfe31c7e9d87ff33d',
14498 '80fc06bd8cc5b01098088a1950eed0db01aa132967ab472235f5642483b25eaf'
14499 ],
14500 [
14501 '80c60ad0040f27dade5b4b06c408e56b2c50e9f56b9b8b425e555c2f86308b6f',
14502 '1c38303f1cc5c30f26e66bad7fe72f70a65eed4cbe7024eb1aa01f56430bd57a'
14503 ],
14504 [
14505 '7a9375ad6167ad54aa74c6348cc54d344cc5dc9487d847049d5eabb0fa03c8fb',
14506 'd0e3fa9eca8726909559e0d79269046bdc59ea10c70ce2b02d499ec224dc7f7'
14507 ],
14508 [
14509 'd528ecd9b696b54c907a9ed045447a79bb408ec39b68df504bb51f459bc3ffc9',
14510 'eecf41253136e5f99966f21881fd656ebc4345405c520dbc063465b521409933'
14511 ],
14512 [
14513 '49370a4b5f43412ea25f514e8ecdad05266115e4a7ecb1387231808f8b45963',
14514 '758f3f41afd6ed428b3081b0512fd62a54c3f3afbb5b6764b653052a12949c9a'
14515 ],
14516 [
14517 '77f230936ee88cbbd73df930d64702ef881d811e0e1498e2f1c13eb1fc345d74',
14518 '958ef42a7886b6400a08266e9ba1b37896c95330d97077cbbe8eb3c7671c60d6'
14519 ],
14520 [
14521 'f2dac991cc4ce4b9ea44887e5c7c0bce58c80074ab9d4dbaeb28531b7739f530',
14522 'e0dedc9b3b2f8dad4da1f32dec2531df9eb5fbeb0598e4fd1a117dba703a3c37'
14523 ],
14524 [
14525 '463b3d9f662621fb1b4be8fbbe2520125a216cdfc9dae3debcba4850c690d45b',
14526 '5ed430d78c296c3543114306dd8622d7c622e27c970a1de31cb377b01af7307e'
14527 ],
14528 [
14529 'f16f804244e46e2a09232d4aff3b59976b98fac14328a2d1a32496b49998f247',
14530 'cedabd9b82203f7e13d206fcdf4e33d92a6c53c26e5cce26d6579962c4e31df6'
14531 ],
14532 [
14533 'caf754272dc84563b0352b7a14311af55d245315ace27c65369e15f7151d41d1',
14534 'cb474660ef35f5f2a41b643fa5e460575f4fa9b7962232a5c32f908318a04476'
14535 ],
14536 [
14537 '2600ca4b282cb986f85d0f1709979d8b44a09c07cb86d7c124497bc86f082120',
14538 '4119b88753c15bd6a693b03fcddbb45d5ac6be74ab5f0ef44b0be9475a7e4b40'
14539 ],
14540 [
14541 '7635ca72d7e8432c338ec53cd12220bc01c48685e24f7dc8c602a7746998e435',
14542 '91b649609489d613d1d5e590f78e6d74ecfc061d57048bad9e76f302c5b9c61'
14543 ],
14544 [
14545 '754e3239f325570cdbbf4a87deee8a66b7f2b33479d468fbc1a50743bf56cc18',
14546 '673fb86e5bda30fb3cd0ed304ea49a023ee33d0197a695d0c5d98093c536683'
14547 ],
14548 [
14549 'e3e6bd1071a1e96aff57859c82d570f0330800661d1c952f9fe2694691d9b9e8',
14550 '59c9e0bba394e76f40c0aa58379a3cb6a5a2283993e90c4167002af4920e37f5'
14551 ],
14552 [
14553 '186b483d056a033826ae73d88f732985c4ccb1f32ba35f4b4cc47fdcf04aa6eb',
14554 '3b952d32c67cf77e2e17446e204180ab21fb8090895138b4a4a797f86e80888b'
14555 ],
14556 [
14557 'df9d70a6b9876ce544c98561f4be4f725442e6d2b737d9c91a8321724ce0963f',
14558 '55eb2dafd84d6ccd5f862b785dc39d4ab157222720ef9da217b8c45cf2ba2417'
14559 ],
14560 [
14561 '5edd5cc23c51e87a497ca815d5dce0f8ab52554f849ed8995de64c5f34ce7143',
14562 'efae9c8dbc14130661e8cec030c89ad0c13c66c0d17a2905cdc706ab7399a868'
14563 ],
14564 [
14565 '290798c2b6476830da12fe02287e9e777aa3fba1c355b17a722d362f84614fba',
14566 'e38da76dcd440621988d00bcf79af25d5b29c094db2a23146d003afd41943e7a'
14567 ],
14568 [
14569 'af3c423a95d9f5b3054754efa150ac39cd29552fe360257362dfdecef4053b45',
14570 'f98a3fd831eb2b749a93b0e6f35cfb40c8cd5aa667a15581bc2feded498fd9c6'
14571 ],
14572 [
14573 '766dbb24d134e745cccaa28c99bf274906bb66b26dcf98df8d2fed50d884249a',
14574 '744b1152eacbe5e38dcc887980da38b897584a65fa06cedd2c924f97cbac5996'
14575 ],
14576 [
14577 '59dbf46f8c94759ba21277c33784f41645f7b44f6c596a58ce92e666191abe3e',
14578 'c534ad44175fbc300f4ea6ce648309a042ce739a7919798cd85e216c4a307f6e'
14579 ],
14580 [
14581 'f13ada95103c4537305e691e74e9a4a8dd647e711a95e73cb62dc6018cfd87b8',
14582 'e13817b44ee14de663bf4bc808341f326949e21a6a75c2570778419bdaf5733d'
14583 ],
14584 [
14585 '7754b4fa0e8aced06d4167a2c59cca4cda1869c06ebadfb6488550015a88522c',
14586 '30e93e864e669d82224b967c3020b8fa8d1e4e350b6cbcc537a48b57841163a2'
14587 ],
14588 [
14589 '948dcadf5990e048aa3874d46abef9d701858f95de8041d2a6828c99e2262519',
14590 'e491a42537f6e597d5d28a3224b1bc25df9154efbd2ef1d2cbba2cae5347d57e'
14591 ],
14592 [
14593 '7962414450c76c1689c7b48f8202ec37fb224cf5ac0bfa1570328a8a3d7c77ab',
14594 '100b610ec4ffb4760d5c1fc133ef6f6b12507a051f04ac5760afa5b29db83437'
14595 ],
14596 [
14597 '3514087834964b54b15b160644d915485a16977225b8847bb0dd085137ec47ca',
14598 'ef0afbb2056205448e1652c48e8127fc6039e77c15c2378b7e7d15a0de293311'
14599 ],
14600 [
14601 'd3cc30ad6b483e4bc79ce2c9dd8bc54993e947eb8df787b442943d3f7b527eaf',
14602 '8b378a22d827278d89c5e9be8f9508ae3c2ad46290358630afb34db04eede0a4'
14603 ],
14604 [
14605 '1624d84780732860ce1c78fcbfefe08b2b29823db913f6493975ba0ff4847610',
14606 '68651cf9b6da903e0914448c6cd9d4ca896878f5282be4c8cc06e2a404078575'
14607 ],
14608 [
14609 '733ce80da955a8a26902c95633e62a985192474b5af207da6df7b4fd5fc61cd4',
14610 'f5435a2bd2badf7d485a4d8b8db9fcce3e1ef8e0201e4578c54673bc1dc5ea1d'
14611 ],
14612 [
14613 '15d9441254945064cf1a1c33bbd3b49f8966c5092171e699ef258dfab81c045c',
14614 'd56eb30b69463e7234f5137b73b84177434800bacebfc685fc37bbe9efe4070d'
14615 ],
14616 [
14617 'a1d0fcf2ec9de675b612136e5ce70d271c21417c9d2b8aaaac138599d0717940',
14618 'edd77f50bcb5a3cab2e90737309667f2641462a54070f3d519212d39c197a629'
14619 ],
14620 [
14621 'e22fbe15c0af8ccc5780c0735f84dbe9a790badee8245c06c7ca37331cb36980',
14622 'a855babad5cd60c88b430a69f53a1a7a38289154964799be43d06d77d31da06'
14623 ],
14624 [
14625 '311091dd9860e8e20ee13473c1155f5f69635e394704eaa74009452246cfa9b3',
14626 '66db656f87d1f04fffd1f04788c06830871ec5a64feee685bd80f0b1286d8374'
14627 ],
14628 [
14629 '34c1fd04d301be89b31c0442d3e6ac24883928b45a9340781867d4232ec2dbdf',
14630 '9414685e97b1b5954bd46f730174136d57f1ceeb487443dc5321857ba73abee'
14631 ],
14632 [
14633 'f219ea5d6b54701c1c14de5b557eb42a8d13f3abbcd08affcc2a5e6b049b8d63',
14634 '4cb95957e83d40b0f73af4544cccf6b1f4b08d3c07b27fb8d8c2962a400766d1'
14635 ],
14636 [
14637 'd7b8740f74a8fbaab1f683db8f45de26543a5490bca627087236912469a0b448',
14638 'fa77968128d9c92ee1010f337ad4717eff15db5ed3c049b3411e0315eaa4593b'
14639 ],
14640 [
14641 '32d31c222f8f6f0ef86f7c98d3a3335ead5bcd32abdd94289fe4d3091aa824bf',
14642 '5f3032f5892156e39ccd3d7915b9e1da2e6dac9e6f26e961118d14b8462e1661'
14643 ],
14644 [
14645 '7461f371914ab32671045a155d9831ea8793d77cd59592c4340f86cbc18347b5',
14646 '8ec0ba238b96bec0cbdddcae0aa442542eee1ff50c986ea6b39847b3cc092ff6'
14647 ],
14648 [
14649 'ee079adb1df1860074356a25aa38206a6d716b2c3e67453d287698bad7b2b2d6',
14650 '8dc2412aafe3be5c4c5f37e0ecc5f9f6a446989af04c4e25ebaac479ec1c8c1e'
14651 ],
14652 [
14653 '16ec93e447ec83f0467b18302ee620f7e65de331874c9dc72bfd8616ba9da6b5',
14654 '5e4631150e62fb40d0e8c2a7ca5804a39d58186a50e497139626778e25b0674d'
14655 ],
14656 [
14657 'eaa5f980c245f6f038978290afa70b6bd8855897f98b6aa485b96065d537bd99',
14658 'f65f5d3e292c2e0819a528391c994624d784869d7e6ea67fb18041024edc07dc'
14659 ],
14660 [
14661 '78c9407544ac132692ee1910a02439958ae04877151342ea96c4b6b35a49f51',
14662 'f3e0319169eb9b85d5404795539a5e68fa1fbd583c064d2462b675f194a3ddb4'
14663 ],
14664 [
14665 '494f4be219a1a77016dcd838431aea0001cdc8ae7a6fc688726578d9702857a5',
14666 '42242a969283a5f339ba7f075e36ba2af925ce30d767ed6e55f4b031880d562c'
14667 ],
14668 [
14669 'a598a8030da6d86c6bc7f2f5144ea549d28211ea58faa70ebf4c1e665c1fe9b5',
14670 '204b5d6f84822c307e4b4a7140737aec23fc63b65b35f86a10026dbd2d864e6b'
14671 ],
14672 [
14673 'c41916365abb2b5d09192f5f2dbeafec208f020f12570a184dbadc3e58595997',
14674 '4f14351d0087efa49d245b328984989d5caf9450f34bfc0ed16e96b58fa9913'
14675 ],
14676 [
14677 '841d6063a586fa475a724604da03bc5b92a2e0d2e0a36acfe4c73a5514742881',
14678 '73867f59c0659e81904f9a1c7543698e62562d6744c169ce7a36de01a8d6154'
14679 ],
14680 [
14681 '5e95bb399a6971d376026947f89bde2f282b33810928be4ded112ac4d70e20d5',
14682 '39f23f366809085beebfc71181313775a99c9aed7d8ba38b161384c746012865'
14683 ],
14684 [
14685 '36e4641a53948fd476c39f8a99fd974e5ec07564b5315d8bf99471bca0ef2f66',
14686 'd2424b1b1abe4eb8164227b085c9aa9456ea13493fd563e06fd51cf5694c78fc'
14687 ],
14688 [
14689 '336581ea7bfbbb290c191a2f507a41cf5643842170e914faeab27c2c579f726',
14690 'ead12168595fe1be99252129b6e56b3391f7ab1410cd1e0ef3dcdcabd2fda224'
14691 ],
14692 [
14693 '8ab89816dadfd6b6a1f2634fcf00ec8403781025ed6890c4849742706bd43ede',
14694 '6fdcef09f2f6d0a044e654aef624136f503d459c3e89845858a47a9129cdd24e'
14695 ],
14696 [
14697 '1e33f1a746c9c5778133344d9299fcaa20b0938e8acff2544bb40284b8c5fb94',
14698 '60660257dd11b3aa9c8ed618d24edff2306d320f1d03010e33a7d2057f3b3b6'
14699 ],
14700 [
14701 '85b7c1dcb3cec1b7ee7f30ded79dd20a0ed1f4cc18cbcfcfa410361fd8f08f31',
14702 '3d98a9cdd026dd43f39048f25a8847f4fcafad1895d7a633c6fed3c35e999511'
14703 ],
14704 [
14705 '29df9fbd8d9e46509275f4b125d6d45d7fbe9a3b878a7af872a2800661ac5f51',
14706 'b4c4fe99c775a606e2d8862179139ffda61dc861c019e55cd2876eb2a27d84b'
14707 ],
14708 [
14709 'a0b1cae06b0a847a3fea6e671aaf8adfdfe58ca2f768105c8082b2e449fce252',
14710 'ae434102edde0958ec4b19d917a6a28e6b72da1834aff0e650f049503a296cf2'
14711 ],
14712 [
14713 '4e8ceafb9b3e9a136dc7ff67e840295b499dfb3b2133e4ba113f2e4c0e121e5',
14714 'cf2174118c8b6d7a4b48f6d534ce5c79422c086a63460502b827ce62a326683c'
14715 ],
14716 [
14717 'd24a44e047e19b6f5afb81c7ca2f69080a5076689a010919f42725c2b789a33b',
14718 '6fb8d5591b466f8fc63db50f1c0f1c69013f996887b8244d2cdec417afea8fa3'
14719 ],
14720 [
14721 'ea01606a7a6c9cdd249fdfcfacb99584001edd28abbab77b5104e98e8e3b35d4',
14722 '322af4908c7312b0cfbfe369f7a7b3cdb7d4494bc2823700cfd652188a3ea98d'
14723 ],
14724 [
14725 'af8addbf2b661c8a6c6328655eb96651252007d8c5ea31be4ad196de8ce2131f',
14726 '6749e67c029b85f52a034eafd096836b2520818680e26ac8f3dfbcdb71749700'
14727 ],
14728 [
14729 'e3ae1974566ca06cc516d47e0fb165a674a3dabcfca15e722f0e3450f45889',
14730 '2aeabe7e4531510116217f07bf4d07300de97e4874f81f533420a72eeb0bd6a4'
14731 ],
14732 [
14733 '591ee355313d99721cf6993ffed1e3e301993ff3ed258802075ea8ced397e246',
14734 'b0ea558a113c30bea60fc4775460c7901ff0b053d25ca2bdeee98f1a4be5d196'
14735 ],
14736 [
14737 '11396d55fda54c49f19aa97318d8da61fa8584e47b084945077cf03255b52984',
14738 '998c74a8cd45ac01289d5833a7beb4744ff536b01b257be4c5767bea93ea57a4'
14739 ],
14740 [
14741 '3c5d2a1ba39c5a1790000738c9e0c40b8dcdfd5468754b6405540157e017aa7a',
14742 'b2284279995a34e2f9d4de7396fc18b80f9b8b9fdd270f6661f79ca4c81bd257'
14743 ],
14744 [
14745 'cc8704b8a60a0defa3a99a7299f2e9c3fbc395afb04ac078425ef8a1793cc030',
14746 'bdd46039feed17881d1e0862db347f8cf395b74fc4bcdc4e940b74e3ac1f1b13'
14747 ],
14748 [
14749 'c533e4f7ea8555aacd9777ac5cad29b97dd4defccc53ee7ea204119b2889b197',
14750 '6f0a256bc5efdf429a2fb6242f1a43a2d9b925bb4a4b3a26bb8e0f45eb596096'
14751 ],
14752 [
14753 'c14f8f2ccb27d6f109f6d08d03cc96a69ba8c34eec07bbcf566d48e33da6593',
14754 'c359d6923bb398f7fd4473e16fe1c28475b740dd098075e6c0e8649113dc3a38'
14755 ],
14756 [
14757 'a6cbc3046bc6a450bac24789fa17115a4c9739ed75f8f21ce441f72e0b90e6ef',
14758 '21ae7f4680e889bb130619e2c0f95a360ceb573c70603139862afd617fa9b9f'
14759 ],
14760 [
14761 '347d6d9a02c48927ebfb86c1359b1caf130a3c0267d11ce6344b39f99d43cc38',
14762 '60ea7f61a353524d1c987f6ecec92f086d565ab687870cb12689ff1e31c74448'
14763 ],
14764 [
14765 'da6545d2181db8d983f7dcb375ef5866d47c67b1bf31c8cf855ef7437b72656a',
14766 '49b96715ab6878a79e78f07ce5680c5d6673051b4935bd897fea824b77dc208a'
14767 ],
14768 [
14769 'c40747cc9d012cb1a13b8148309c6de7ec25d6945d657146b9d5994b8feb1111',
14770 '5ca560753be2a12fc6de6caf2cb489565db936156b9514e1bb5e83037e0fa2d4'
14771 ],
14772 [
14773 '4e42c8ec82c99798ccf3a610be870e78338c7f713348bd34c8203ef4037f3502',
14774 '7571d74ee5e0fb92a7a8b33a07783341a5492144cc54bcc40a94473693606437'
14775 ],
14776 [
14777 '3775ab7089bc6af823aba2e1af70b236d251cadb0c86743287522a1b3b0dedea',
14778 'be52d107bcfa09d8bcb9736a828cfa7fac8db17bf7a76a2c42ad961409018cf7'
14779 ],
14780 [
14781 'cee31cbf7e34ec379d94fb814d3d775ad954595d1314ba8846959e3e82f74e26',
14782 '8fd64a14c06b589c26b947ae2bcf6bfa0149ef0be14ed4d80f448a01c43b1c6d'
14783 ],
14784 [
14785 'b4f9eaea09b6917619f6ea6a4eb5464efddb58fd45b1ebefcdc1a01d08b47986',
14786 '39e5c9925b5a54b07433a4f18c61726f8bb131c012ca542eb24a8ac07200682a'
14787 ],
14788 [
14789 'd4263dfc3d2df923a0179a48966d30ce84e2515afc3dccc1b77907792ebcc60e',
14790 '62dfaf07a0f78feb30e30d6295853ce189e127760ad6cf7fae164e122a208d54'
14791 ],
14792 [
14793 '48457524820fa65a4f8d35eb6930857c0032acc0a4a2de422233eeda897612c4',
14794 '25a748ab367979d98733c38a1fa1c2e7dc6cc07db2d60a9ae7a76aaa49bd0f77'
14795 ],
14796 [
14797 'dfeeef1881101f2cb11644f3a2afdfc2045e19919152923f367a1767c11cceda',
14798 'ecfb7056cf1de042f9420bab396793c0c390bde74b4bbdff16a83ae09a9a7517'
14799 ],
14800 [
14801 '6d7ef6b17543f8373c573f44e1f389835d89bcbc6062ced36c82df83b8fae859',
14802 'cd450ec335438986dfefa10c57fea9bcc521a0959b2d80bbf74b190dca712d10'
14803 ],
14804 [
14805 'e75605d59102a5a2684500d3b991f2e3f3c88b93225547035af25af66e04541f',
14806 'f5c54754a8f71ee540b9b48728473e314f729ac5308b06938360990e2bfad125'
14807 ],
14808 [
14809 'eb98660f4c4dfaa06a2be453d5020bc99a0c2e60abe388457dd43fefb1ed620c',
14810 '6cb9a8876d9cb8520609af3add26cd20a0a7cd8a9411131ce85f44100099223e'
14811 ],
14812 [
14813 '13e87b027d8514d35939f2e6892b19922154596941888336dc3563e3b8dba942',
14814 'fef5a3c68059a6dec5d624114bf1e91aac2b9da568d6abeb2570d55646b8adf1'
14815 ],
14816 [
14817 'ee163026e9fd6fe017c38f06a5be6fc125424b371ce2708e7bf4491691e5764a',
14818 '1acb250f255dd61c43d94ccc670d0f58f49ae3fa15b96623e5430da0ad6c62b2'
14819 ],
14820 [
14821 'b268f5ef9ad51e4d78de3a750c2dc89b1e626d43505867999932e5db33af3d80',
14822 '5f310d4b3c99b9ebb19f77d41c1dee018cf0d34fd4191614003e945a1216e423'
14823 ],
14824 [
14825 'ff07f3118a9df035e9fad85eb6c7bfe42b02f01ca99ceea3bf7ffdba93c4750d',
14826 '438136d603e858a3a5c440c38eccbaddc1d2942114e2eddd4740d098ced1f0d8'
14827 ],
14828 [
14829 '8d8b9855c7c052a34146fd20ffb658bea4b9f69e0d825ebec16e8c3ce2b526a1',
14830 'cdb559eedc2d79f926baf44fb84ea4d44bcf50fee51d7ceb30e2e7f463036758'
14831 ],
14832 [
14833 '52db0b5384dfbf05bfa9d472d7ae26dfe4b851ceca91b1eba54263180da32b63',
14834 'c3b997d050ee5d423ebaf66a6db9f57b3180c902875679de924b69d84a7b375'
14835 ],
14836 [
14837 'e62f9490d3d51da6395efd24e80919cc7d0f29c3f3fa48c6fff543becbd43352',
14838 '6d89ad7ba4876b0b22c2ca280c682862f342c8591f1daf5170e07bfd9ccafa7d'
14839 ],
14840 [
14841 '7f30ea2476b399b4957509c88f77d0191afa2ff5cb7b14fd6d8e7d65aaab1193',
14842 'ca5ef7d4b231c94c3b15389a5f6311e9daff7bb67b103e9880ef4bff637acaec'
14843 ],
14844 [
14845 '5098ff1e1d9f14fb46a210fada6c903fef0fb7b4a1dd1d9ac60a0361800b7a00',
14846 '9731141d81fc8f8084d37c6e7542006b3ee1b40d60dfe5362a5b132fd17ddc0'
14847 ],
14848 [
14849 '32b78c7de9ee512a72895be6b9cbefa6e2f3c4ccce445c96b9f2c81e2778ad58',
14850 'ee1849f513df71e32efc3896ee28260c73bb80547ae2275ba497237794c8753c'
14851 ],
14852 [
14853 'e2cb74fddc8e9fbcd076eef2a7c72b0ce37d50f08269dfc074b581550547a4f7',
14854 'd3aa2ed71c9dd2247a62df062736eb0baddea9e36122d2be8641abcb005cc4a4'
14855 ],
14856 [
14857 '8438447566d4d7bedadc299496ab357426009a35f235cb141be0d99cd10ae3a8',
14858 'c4e1020916980a4da5d01ac5e6ad330734ef0d7906631c4f2390426b2edd791f'
14859 ],
14860 [
14861 '4162d488b89402039b584c6fc6c308870587d9c46f660b878ab65c82c711d67e',
14862 '67163e903236289f776f22c25fb8a3afc1732f2b84b4e95dbda47ae5a0852649'
14863 ],
14864 [
14865 '3fad3fa84caf0f34f0f89bfd2dcf54fc175d767aec3e50684f3ba4a4bf5f683d',
14866 'cd1bc7cb6cc407bb2f0ca647c718a730cf71872e7d0d2a53fa20efcdfe61826'
14867 ],
14868 [
14869 '674f2600a3007a00568c1a7ce05d0816c1fb84bf1370798f1c69532faeb1a86b',
14870 '299d21f9413f33b3edf43b257004580b70db57da0b182259e09eecc69e0d38a5'
14871 ],
14872 [
14873 'd32f4da54ade74abb81b815ad1fb3b263d82d6c692714bcff87d29bd5ee9f08f',
14874 'f9429e738b8e53b968e99016c059707782e14f4535359d582fc416910b3eea87'
14875 ],
14876 [
14877 '30e4e670435385556e593657135845d36fbb6931f72b08cb1ed954f1e3ce3ff6',
14878 '462f9bce619898638499350113bbc9b10a878d35da70740dc695a559eb88db7b'
14879 ],
14880 [
14881 'be2062003c51cc3004682904330e4dee7f3dcd10b01e580bf1971b04d4cad297',
14882 '62188bc49d61e5428573d48a74e1c655b1c61090905682a0d5558ed72dccb9bc'
14883 ],
14884 [
14885 '93144423ace3451ed29e0fb9ac2af211cb6e84a601df5993c419859fff5df04a',
14886 '7c10dfb164c3425f5c71a3f9d7992038f1065224f72bb9d1d902a6d13037b47c'
14887 ],
14888 [
14889 'b015f8044f5fcbdcf21ca26d6c34fb8197829205c7b7d2a7cb66418c157b112c',
14890 'ab8c1e086d04e813744a655b2df8d5f83b3cdc6faa3088c1d3aea1454e3a1d5f'
14891 ],
14892 [
14893 'd5e9e1da649d97d89e4868117a465a3a4f8a18de57a140d36b3f2af341a21b52',
14894 '4cb04437f391ed73111a13cc1d4dd0db1693465c2240480d8955e8592f27447a'
14895 ],
14896 [
14897 'd3ae41047dd7ca065dbf8ed77b992439983005cd72e16d6f996a5316d36966bb',
14898 'bd1aeb21ad22ebb22a10f0303417c6d964f8cdd7df0aca614b10dc14d125ac46'
14899 ],
14900 [
14901 '463e2763d885f958fc66cdd22800f0a487197d0a82e377b49f80af87c897b065',
14902 'bfefacdb0e5d0fd7df3a311a94de062b26b80c61fbc97508b79992671ef7ca7f'
14903 ],
14904 [
14905 '7985fdfd127c0567c6f53ec1bb63ec3158e597c40bfe747c83cddfc910641917',
14906 '603c12daf3d9862ef2b25fe1de289aed24ed291e0ec6708703a5bd567f32ed03'
14907 ],
14908 [
14909 '74a1ad6b5f76e39db2dd249410eac7f99e74c59cb83d2d0ed5ff1543da7703e9',
14910 'cc6157ef18c9c63cd6193d83631bbea0093e0968942e8c33d5737fd790e0db08'
14911 ],
14912 [
14913 '30682a50703375f602d416664ba19b7fc9bab42c72747463a71d0896b22f6da3',
14914 '553e04f6b018b4fa6c8f39e7f311d3176290d0e0f19ca73f17714d9977a22ff8'
14915 ],
14916 [
14917 '9e2158f0d7c0d5f26c3791efefa79597654e7a2b2464f52b1ee6c1347769ef57',
14918 '712fcdd1b9053f09003a3481fa7762e9ffd7c8ef35a38509e2fbf2629008373'
14919 ],
14920 [
14921 '176e26989a43c9cfeba4029c202538c28172e566e3c4fce7322857f3be327d66',
14922 'ed8cc9d04b29eb877d270b4878dc43c19aefd31f4eee09ee7b47834c1fa4b1c3'
14923 ],
14924 [
14925 '75d46efea3771e6e68abb89a13ad747ecf1892393dfc4f1b7004788c50374da8',
14926 '9852390a99507679fd0b86fd2b39a868d7efc22151346e1a3ca4726586a6bed8'
14927 ],
14928 [
14929 '809a20c67d64900ffb698c4c825f6d5f2310fb0451c869345b7319f645605721',
14930 '9e994980d9917e22b76b061927fa04143d096ccc54963e6a5ebfa5f3f8e286c1'
14931 ],
14932 [
14933 '1b38903a43f7f114ed4500b4eac7083fdefece1cf29c63528d563446f972c180',
14934 '4036edc931a60ae889353f77fd53de4a2708b26b6f5da72ad3394119daf408f9'
14935 ]
14936 ]
14937 }
14938};
14939
14940},{}],81:[function(require,module,exports){
14941'use strict';
14942
14943var utils = exports;
14944var BN = require('bn.js');
14945var minAssert = require('minimalistic-assert');
14946var minUtils = require('minimalistic-crypto-utils');
14947
14948utils.assert = minAssert;
14949utils.toArray = minUtils.toArray;
14950utils.zero2 = minUtils.zero2;
14951utils.toHex = minUtils.toHex;
14952utils.encode = minUtils.encode;
14953
14954// Represent num in a w-NAF form
14955function getNAF(num, w) {
14956 var naf = [];
14957 var ws = 1 << (w + 1);
14958 var k = num.clone();
14959 while (k.cmpn(1) >= 0) {
14960 var z;
14961 if (k.isOdd()) {
14962 var mod = k.andln(ws - 1);
14963 if (mod > (ws >> 1) - 1)
14964 z = (ws >> 1) - mod;
14965 else
14966 z = mod;
14967 k.isubn(z);
14968 } else {
14969 z = 0;
14970 }
14971 naf.push(z);
14972
14973 // Optimization, shift by word if possible
14974 var shift = (k.cmpn(0) !== 0 && k.andln(ws - 1) === 0) ? (w + 1) : 1;
14975 for (var i = 1; i < shift; i++)
14976 naf.push(0);
14977 k.iushrn(shift);
14978 }
14979
14980 return naf;
14981}
14982utils.getNAF = getNAF;
14983
14984// Represent k1, k2 in a Joint Sparse Form
14985function getJSF(k1, k2) {
14986 var jsf = [
14987 [],
14988 []
14989 ];
14990
14991 k1 = k1.clone();
14992 k2 = k2.clone();
14993 var d1 = 0;
14994 var d2 = 0;
14995 while (k1.cmpn(-d1) > 0 || k2.cmpn(-d2) > 0) {
14996
14997 // First phase
14998 var m14 = (k1.andln(3) + d1) & 3;
14999 var m24 = (k2.andln(3) + d2) & 3;
15000 if (m14 === 3)
15001 m14 = -1;
15002 if (m24 === 3)
15003 m24 = -1;
15004 var u1;
15005 if ((m14 & 1) === 0) {
15006 u1 = 0;
15007 } else {
15008 var m8 = (k1.andln(7) + d1) & 7;
15009 if ((m8 === 3 || m8 === 5) && m24 === 2)
15010 u1 = -m14;
15011 else
15012 u1 = m14;
15013 }
15014 jsf[0].push(u1);
15015
15016 var u2;
15017 if ((m24 & 1) === 0) {
15018 u2 = 0;
15019 } else {
15020 var m8 = (k2.andln(7) + d2) & 7;
15021 if ((m8 === 3 || m8 === 5) && m14 === 2)
15022 u2 = -m24;
15023 else
15024 u2 = m24;
15025 }
15026 jsf[1].push(u2);
15027
15028 // Second phase
15029 if (2 * d1 === u1 + 1)
15030 d1 = 1 - d1;
15031 if (2 * d2 === u2 + 1)
15032 d2 = 1 - d2;
15033 k1.iushrn(1);
15034 k2.iushrn(1);
15035 }
15036
15037 return jsf;
15038}
15039utils.getJSF = getJSF;
15040
15041function cachedProperty(obj, name, computer) {
15042 var key = '_' + name;
15043 obj.prototype[name] = function cachedProperty() {
15044 return this[key] !== undefined ? this[key] :
15045 this[key] = computer.call(this);
15046 };
15047}
15048utils.cachedProperty = cachedProperty;
15049
15050function parseBytes(bytes) {
15051 return typeof bytes === 'string' ? utils.toArray(bytes, 'hex') :
15052 bytes;
15053}
15054utils.parseBytes = parseBytes;
15055
15056function intFromLE(bytes) {
15057 return new BN(bytes, 'hex', 'le');
15058}
15059utils.intFromLE = intFromLE;
15060
15061
15062},{"bn.js":17,"minimalistic-assert":99,"minimalistic-crypto-utils":100}],82:[function(require,module,exports){
15063module.exports={
15064 "_args": [
15065 [
15066 "elliptic@^6.0.0",
15067 "/home/ian/.nvm/versions/node/v6.0.0/lib/node_modules/browserify/node_modules/browserify-sign"
15068 ]
15069 ],
15070 "_from": "elliptic@>=6.0.0 <7.0.0",
15071 "_id": "elliptic@6.4.0",
15072 "_inCache": true,
15073 "_installable": true,
15074 "_location": "/browserify/elliptic",
15075 "_nodeVersion": "7.0.0",
15076 "_npmOperationalInternal": {
15077 "host": "packages-18-east.internal.npmjs.com",
15078 "tmp": "tmp/elliptic-6.4.0.tgz_1487798866428_0.30510620190761983"
15079 },
15080 "_npmUser": {
15081 "email": "fedor@indutny.com",
15082 "name": "indutny"
15083 },
15084 "_npmVersion": "3.10.8",
15085 "_phantomChildren": {},
15086 "_requested": {
15087 "name": "elliptic",
15088 "raw": "elliptic@^6.0.0",
15089 "rawSpec": "^6.0.0",
15090 "scope": null,
15091 "spec": ">=6.0.0 <7.0.0",
15092 "type": "range"
15093 },
15094 "_requiredBy": [
15095 "/browserify/browserify-sign",
15096 "/browserify/create-ecdh"
15097 ],
15098 "_resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.4.0.tgz",
15099 "_shasum": "cac9af8762c85836187003c8dfe193e5e2eae5df",
15100 "_shrinkwrap": null,
15101 "_spec": "elliptic@^6.0.0",
15102 "_where": "/home/ian/.nvm/versions/node/v6.0.0/lib/node_modules/browserify/node_modules/browserify-sign",
15103 "author": {
15104 "email": "fedor@indutny.com",
15105 "name": "Fedor Indutny"
15106 },
15107 "bugs": {
15108 "url": "https://github.com/indutny/elliptic/issues"
15109 },
15110 "dependencies": {
15111 "bn.js": "^4.4.0",
15112 "brorand": "^1.0.1",
15113 "hash.js": "^1.0.0",
15114 "hmac-drbg": "^1.0.0",
15115 "inherits": "^2.0.1",
15116 "minimalistic-assert": "^1.0.0",
15117 "minimalistic-crypto-utils": "^1.0.0"
15118 },
15119 "description": "EC cryptography",
15120 "devDependencies": {
15121 "brfs": "^1.4.3",
15122 "coveralls": "^2.11.3",
15123 "grunt": "^0.4.5",
15124 "grunt-browserify": "^5.0.0",
15125 "grunt-cli": "^1.2.0",
15126 "grunt-contrib-connect": "^1.0.0",
15127 "grunt-contrib-copy": "^1.0.0",
15128 "grunt-contrib-uglify": "^1.0.1",
15129 "grunt-mocha-istanbul": "^3.0.1",
15130 "grunt-saucelabs": "^8.6.2",
15131 "istanbul": "^0.4.2",
15132 "jscs": "^2.9.0",
15133 "jshint": "^2.6.0",
15134 "mocha": "^2.1.0"
15135 },
15136 "directories": {},
15137 "dist": {
15138 "shasum": "cac9af8762c85836187003c8dfe193e5e2eae5df",
15139 "tarball": "https://registry.npmjs.org/elliptic/-/elliptic-6.4.0.tgz"
15140 },
15141 "files": [
15142 "lib"
15143 ],
15144 "gitHead": "6b0d2b76caae91471649c8e21f0b1d3ba0f96090",
15145 "homepage": "https://github.com/indutny/elliptic",
15146 "keywords": [
15147 "EC",
15148 "Elliptic",
15149 "curve",
15150 "Cryptography"
15151 ],
15152 "license": "MIT",
15153 "main": "lib/elliptic.js",
15154 "maintainers": [
15155 {
15156 "email": "fedor@indutny.com",
15157 "name": "indutny"
15158 }
15159 ],
15160 "name": "elliptic",
15161 "optionalDependencies": {},
15162 "readme": "ERROR: No README data found!",
15163 "repository": {
15164 "type": "git",
15165 "url": "git+ssh://git@github.com/indutny/elliptic.git"
15166 },
15167 "scripts": {
15168 "jscs": "jscs benchmarks/*.js lib/*.js lib/**/*.js lib/**/**/*.js test/index.js",
15169 "jshint": "jscs benchmarks/*.js lib/*.js lib/**/*.js lib/**/**/*.js test/index.js",
15170 "lint": "npm run jscs && npm run jshint",
15171 "test": "npm run lint && npm run unit",
15172 "unit": "istanbul test _mocha --reporter=spec test/index.js",
15173 "version": "grunt dist && git add dist/"
15174 },
15175 "version": "6.4.0"
15176}
15177
15178},{}],83:[function(require,module,exports){
15179// Copyright Joyent, Inc. and other Node contributors.
15180//
15181// Permission is hereby granted, free of charge, to any person obtaining a
15182// copy of this software and associated documentation files (the
15183// "Software"), to deal in the Software without restriction, including
15184// without limitation the rights to use, copy, modify, merge, publish,
15185// distribute, sublicense, and/or sell copies of the Software, and to permit
15186// persons to whom the Software is furnished to do so, subject to the
15187// following conditions:
15188//
15189// The above copyright notice and this permission notice shall be included
15190// in all copies or substantial portions of the Software.
15191//
15192// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15193// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
15194// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
15195// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
15196// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
15197// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
15198// USE OR OTHER DEALINGS IN THE SOFTWARE.
15199
15200function EventEmitter() {
15201 this._events = this._events || {};
15202 this._maxListeners = this._maxListeners || undefined;
15203}
15204module.exports = EventEmitter;
15205
15206// Backwards-compat with node 0.10.x
15207EventEmitter.EventEmitter = EventEmitter;
15208
15209EventEmitter.prototype._events = undefined;
15210EventEmitter.prototype._maxListeners = undefined;
15211
15212// By default EventEmitters will print a warning if more than 10 listeners are
15213// added to it. This is a useful default which helps finding memory leaks.
15214EventEmitter.defaultMaxListeners = 10;
15215
15216// Obviously not all Emitters should be limited to 10. This function allows
15217// that to be increased. Set to zero for unlimited.
15218EventEmitter.prototype.setMaxListeners = function(n) {
15219 if (!isNumber(n) || n < 0 || isNaN(n))
15220 throw TypeError('n must be a positive number');
15221 this._maxListeners = n;
15222 return this;
15223};
15224
15225EventEmitter.prototype.emit = function(type) {
15226 var er, handler, len, args, i, listeners;
15227
15228 if (!this._events)
15229 this._events = {};
15230
15231 // If there is no 'error' event listener then throw.
15232 if (type === 'error') {
15233 if (!this._events.error ||
15234 (isObject(this._events.error) && !this._events.error.length)) {
15235 er = arguments[1];
15236 if (er instanceof Error) {
15237 throw er; // Unhandled 'error' event
15238 } else {
15239 // At least give some kind of context to the user
15240 var err = new Error('Uncaught, unspecified "error" event. (' + er + ')');
15241 err.context = er;
15242 throw err;
15243 }
15244 }
15245 }
15246
15247 handler = this._events[type];
15248
15249 if (isUndefined(handler))
15250 return false;
15251
15252 if (isFunction(handler)) {
15253 switch (arguments.length) {
15254 // fast cases
15255 case 1:
15256 handler.call(this);
15257 break;
15258 case 2:
15259 handler.call(this, arguments[1]);
15260 break;
15261 case 3:
15262 handler.call(this, arguments[1], arguments[2]);
15263 break;
15264 // slower
15265 default:
15266 args = Array.prototype.slice.call(arguments, 1);
15267 handler.apply(this, args);
15268 }
15269 } else if (isObject(handler)) {
15270 args = Array.prototype.slice.call(arguments, 1);
15271 listeners = handler.slice();
15272 len = listeners.length;
15273 for (i = 0; i < len; i++)
15274 listeners[i].apply(this, args);
15275 }
15276
15277 return true;
15278};
15279
15280EventEmitter.prototype.addListener = function(type, listener) {
15281 var m;
15282
15283 if (!isFunction(listener))
15284 throw TypeError('listener must be a function');
15285
15286 if (!this._events)
15287 this._events = {};
15288
15289 // To avoid recursion in the case that type === "newListener"! Before
15290 // adding it to the listeners, first emit "newListener".
15291 if (this._events.newListener)
15292 this.emit('newListener', type,
15293 isFunction(listener.listener) ?
15294 listener.listener : listener);
15295
15296 if (!this._events[type])
15297 // Optimize the case of one listener. Don't need the extra array object.
15298 this._events[type] = listener;
15299 else if (isObject(this._events[type]))
15300 // If we've already got an array, just append.
15301 this._events[type].push(listener);
15302 else
15303 // Adding the second element, need to change to array.
15304 this._events[type] = [this._events[type], listener];
15305
15306 // Check for listener leak
15307 if (isObject(this._events[type]) && !this._events[type].warned) {
15308 if (!isUndefined(this._maxListeners)) {
15309 m = this._maxListeners;
15310 } else {
15311 m = EventEmitter.defaultMaxListeners;
15312 }
15313
15314 if (m && m > 0 && this._events[type].length > m) {
15315 this._events[type].warned = true;
15316 console.error('(node) warning: possible EventEmitter memory ' +
15317 'leak detected. %d listeners added. ' +
15318 'Use emitter.setMaxListeners() to increase limit.',
15319 this._events[type].length);
15320 if (typeof console.trace === 'function') {
15321 // not supported in IE 10
15322 console.trace();
15323 }
15324 }
15325 }
15326
15327 return this;
15328};
15329
15330EventEmitter.prototype.on = EventEmitter.prototype.addListener;
15331
15332EventEmitter.prototype.once = function(type, listener) {
15333 if (!isFunction(listener))
15334 throw TypeError('listener must be a function');
15335
15336 var fired = false;
15337
15338 function g() {
15339 this.removeListener(type, g);
15340
15341 if (!fired) {
15342 fired = true;
15343 listener.apply(this, arguments);
15344 }
15345 }
15346
15347 g.listener = listener;
15348 this.on(type, g);
15349
15350 return this;
15351};
15352
15353// emits a 'removeListener' event iff the listener was removed
15354EventEmitter.prototype.removeListener = function(type, listener) {
15355 var list, position, length, i;
15356
15357 if (!isFunction(listener))
15358 throw TypeError('listener must be a function');
15359
15360 if (!this._events || !this._events[type])
15361 return this;
15362
15363 list = this._events[type];
15364 length = list.length;
15365 position = -1;
15366
15367 if (list === listener ||
15368 (isFunction(list.listener) && list.listener === listener)) {
15369 delete this._events[type];
15370 if (this._events.removeListener)
15371 this.emit('removeListener', type, listener);
15372
15373 } else if (isObject(list)) {
15374 for (i = length; i-- > 0;) {
15375 if (list[i] === listener ||
15376 (list[i].listener && list[i].listener === listener)) {
15377 position = i;
15378 break;
15379 }
15380 }
15381
15382 if (position < 0)
15383 return this;
15384
15385 if (list.length === 1) {
15386 list.length = 0;
15387 delete this._events[type];
15388 } else {
15389 list.splice(position, 1);
15390 }
15391
15392 if (this._events.removeListener)
15393 this.emit('removeListener', type, listener);
15394 }
15395
15396 return this;
15397};
15398
15399EventEmitter.prototype.removeAllListeners = function(type) {
15400 var key, listeners;
15401
15402 if (!this._events)
15403 return this;
15404
15405 // not listening for removeListener, no need to emit
15406 if (!this._events.removeListener) {
15407 if (arguments.length === 0)
15408 this._events = {};
15409 else if (this._events[type])
15410 delete this._events[type];
15411 return this;
15412 }
15413
15414 // emit removeListener for all listeners on all events
15415 if (arguments.length === 0) {
15416 for (key in this._events) {
15417 if (key === 'removeListener') continue;
15418 this.removeAllListeners(key);
15419 }
15420 this.removeAllListeners('removeListener');
15421 this._events = {};
15422 return this;
15423 }
15424
15425 listeners = this._events[type];
15426
15427 if (isFunction(listeners)) {
15428 this.removeListener(type, listeners);
15429 } else if (listeners) {
15430 // LIFO order
15431 while (listeners.length)
15432 this.removeListener(type, listeners[listeners.length - 1]);
15433 }
15434 delete this._events[type];
15435
15436 return this;
15437};
15438
15439EventEmitter.prototype.listeners = function(type) {
15440 var ret;
15441 if (!this._events || !this._events[type])
15442 ret = [];
15443 else if (isFunction(this._events[type]))
15444 ret = [this._events[type]];
15445 else
15446 ret = this._events[type].slice();
15447 return ret;
15448};
15449
15450EventEmitter.prototype.listenerCount = function(type) {
15451 if (this._events) {
15452 var evlistener = this._events[type];
15453
15454 if (isFunction(evlistener))
15455 return 1;
15456 else if (evlistener)
15457 return evlistener.length;
15458 }
15459 return 0;
15460};
15461
15462EventEmitter.listenerCount = function(emitter, type) {
15463 return emitter.listenerCount(type);
15464};
15465
15466function isFunction(arg) {
15467 return typeof arg === 'function';
15468}
15469
15470function isNumber(arg) {
15471 return typeof arg === 'number';
15472}
15473
15474function isObject(arg) {
15475 return typeof arg === 'object' && arg !== null;
15476}
15477
15478function isUndefined(arg) {
15479 return arg === void 0;
15480}
15481
15482},{}],84:[function(require,module,exports){
15483(function (Buffer){
15484var md5 = require('create-hash/md5')
15485module.exports = EVP_BytesToKey
15486function EVP_BytesToKey (password, salt, keyLen, ivLen) {
15487 if (!Buffer.isBuffer(password)) {
15488 password = new Buffer(password, 'binary')
15489 }
15490 if (salt && !Buffer.isBuffer(salt)) {
15491 salt = new Buffer(salt, 'binary')
15492 }
15493 keyLen = keyLen / 8
15494 ivLen = ivLen || 0
15495 var ki = 0
15496 var ii = 0
15497 var key = new Buffer(keyLen)
15498 var iv = new Buffer(ivLen)
15499 var addmd = 0
15500 var md_buf
15501 var i
15502 var bufs = []
15503 while (true) {
15504 if (addmd++ > 0) {
15505 bufs.push(md_buf)
15506 }
15507 bufs.push(password)
15508 if (salt) {
15509 bufs.push(salt)
15510 }
15511 md_buf = md5(Buffer.concat(bufs))
15512 bufs = []
15513 i = 0
15514 if (keyLen > 0) {
15515 while (true) {
15516 if (keyLen === 0) {
15517 break
15518 }
15519 if (i === md_buf.length) {
15520 break
15521 }
15522 key[ki++] = md_buf[i]
15523 keyLen--
15524 i++
15525 }
15526 }
15527 if (ivLen > 0 && i !== md_buf.length) {
15528 while (true) {
15529 if (ivLen === 0) {
15530 break
15531 }
15532 if (i === md_buf.length) {
15533 break
15534 }
15535 iv[ii++] = md_buf[i]
15536 ivLen--
15537 i++
15538 }
15539 }
15540 if (keyLen === 0 && ivLen === 0) {
15541 break
15542 }
15543 }
15544 for (i = 0; i < md_buf.length; i++) {
15545 md_buf[i] = 0
15546 }
15547 return {
15548 key: key,
15549 iv: iv
15550 }
15551}
15552
15553}).call(this,require("buffer").Buffer)
15554},{"buffer":47,"create-hash/md5":53}],85:[function(require,module,exports){
15555(function (Buffer){
15556'use strict'
15557var Transform = require('stream').Transform
15558var inherits = require('inherits')
15559
15560function HashBase (blockSize) {
15561 Transform.call(this)
15562
15563 this._block = new Buffer(blockSize)
15564 this._blockSize = blockSize
15565 this._blockOffset = 0
15566 this._length = [0, 0, 0, 0]
15567
15568 this._finalized = false
15569}
15570
15571inherits(HashBase, Transform)
15572
15573HashBase.prototype._transform = function (chunk, encoding, callback) {
15574 var error = null
15575 try {
15576 if (encoding !== 'buffer') chunk = new Buffer(chunk, encoding)
15577 this.update(chunk)
15578 } catch (err) {
15579 error = err
15580 }
15581
15582 callback(error)
15583}
15584
15585HashBase.prototype._flush = function (callback) {
15586 var error = null
15587 try {
15588 this.push(this._digest())
15589 } catch (err) {
15590 error = err
15591 }
15592
15593 callback(error)
15594}
15595
15596HashBase.prototype.update = function (data, encoding) {
15597 if (!Buffer.isBuffer(data) && typeof data !== 'string') throw new TypeError('Data must be a string or a buffer')
15598 if (this._finalized) throw new Error('Digest already called')
15599 if (!Buffer.isBuffer(data)) data = new Buffer(data, encoding || 'binary')
15600
15601 // consume data
15602 var block = this._block
15603 var offset = 0
15604 while (this._blockOffset + data.length - offset >= this._blockSize) {
15605 for (var i = this._blockOffset; i < this._blockSize;) block[i++] = data[offset++]
15606 this._update()
15607 this._blockOffset = 0
15608 }
15609 while (offset < data.length) block[this._blockOffset++] = data[offset++]
15610
15611 // update length
15612 for (var j = 0, carry = data.length * 8; carry > 0; ++j) {
15613 this._length[j] += carry
15614 carry = (this._length[j] / 0x0100000000) | 0
15615 if (carry > 0) this._length[j] -= 0x0100000000 * carry
15616 }
15617
15618 return this
15619}
15620
15621HashBase.prototype._update = function (data) {
15622 throw new Error('_update is not implemented')
15623}
15624
15625HashBase.prototype.digest = function (encoding) {
15626 if (this._finalized) throw new Error('Digest already called')
15627 this._finalized = true
15628
15629 var digest = this._digest()
15630 if (encoding !== undefined) digest = digest.toString(encoding)
15631 return digest
15632}
15633
15634HashBase.prototype._digest = function () {
15635 throw new Error('_digest is not implemented')
15636}
15637
15638module.exports = HashBase
15639
15640}).call(this,require("buffer").Buffer)
15641},{"buffer":47,"inherits":95,"stream":143}],86:[function(require,module,exports){
15642var hash = exports;
15643
15644hash.utils = require('./hash/utils');
15645hash.common = require('./hash/common');
15646hash.sha = require('./hash/sha');
15647hash.ripemd = require('./hash/ripemd');
15648hash.hmac = require('./hash/hmac');
15649
15650// Proxy hash functions to the main object
15651hash.sha1 = hash.sha.sha1;
15652hash.sha256 = hash.sha.sha256;
15653hash.sha224 = hash.sha.sha224;
15654hash.sha384 = hash.sha.sha384;
15655hash.sha512 = hash.sha.sha512;
15656hash.ripemd160 = hash.ripemd.ripemd160;
15657
15658},{"./hash/common":87,"./hash/hmac":88,"./hash/ripemd":89,"./hash/sha":90,"./hash/utils":91}],87:[function(require,module,exports){
15659var hash = require('../hash');
15660var utils = hash.utils;
15661var assert = utils.assert;
15662
15663function BlockHash() {
15664 this.pending = null;
15665 this.pendingTotal = 0;
15666 this.blockSize = this.constructor.blockSize;
15667 this.outSize = this.constructor.outSize;
15668 this.hmacStrength = this.constructor.hmacStrength;
15669 this.padLength = this.constructor.padLength / 8;
15670 this.endian = 'big';
15671
15672 this._delta8 = this.blockSize / 8;
15673 this._delta32 = this.blockSize / 32;
15674}
15675exports.BlockHash = BlockHash;
15676
15677BlockHash.prototype.update = function update(msg, enc) {
15678 // Convert message to array, pad it, and join into 32bit blocks
15679 msg = utils.toArray(msg, enc);
15680 if (!this.pending)
15681 this.pending = msg;
15682 else
15683 this.pending = this.pending.concat(msg);
15684 this.pendingTotal += msg.length;
15685
15686 // Enough data, try updating
15687 if (this.pending.length >= this._delta8) {
15688 msg = this.pending;
15689
15690 // Process pending data in blocks
15691 var r = msg.length % this._delta8;
15692 this.pending = msg.slice(msg.length - r, msg.length);
15693 if (this.pending.length === 0)
15694 this.pending = null;
15695
15696 msg = utils.join32(msg, 0, msg.length - r, this.endian);
15697 for (var i = 0; i < msg.length; i += this._delta32)
15698 this._update(msg, i, i + this._delta32);
15699 }
15700
15701 return this;
15702};
15703
15704BlockHash.prototype.digest = function digest(enc) {
15705 this.update(this._pad());
15706 assert(this.pending === null);
15707
15708 return this._digest(enc);
15709};
15710
15711BlockHash.prototype._pad = function pad() {
15712 var len = this.pendingTotal;
15713 var bytes = this._delta8;
15714 var k = bytes - ((len + this.padLength) % bytes);
15715 var res = new Array(k + this.padLength);
15716 res[0] = 0x80;
15717 for (var i = 1; i < k; i++)
15718 res[i] = 0;
15719
15720 // Append length
15721 len <<= 3;
15722 if (this.endian === 'big') {
15723 for (var t = 8; t < this.padLength; t++)
15724 res[i++] = 0;
15725
15726 res[i++] = 0;
15727 res[i++] = 0;
15728 res[i++] = 0;
15729 res[i++] = 0;
15730 res[i++] = (len >>> 24) & 0xff;
15731 res[i++] = (len >>> 16) & 0xff;
15732 res[i++] = (len >>> 8) & 0xff;
15733 res[i++] = len & 0xff;
15734 } else {
15735 res[i++] = len & 0xff;
15736 res[i++] = (len >>> 8) & 0xff;
15737 res[i++] = (len >>> 16) & 0xff;
15738 res[i++] = (len >>> 24) & 0xff;
15739 res[i++] = 0;
15740 res[i++] = 0;
15741 res[i++] = 0;
15742 res[i++] = 0;
15743
15744 for (var t = 8; t < this.padLength; t++)
15745 res[i++] = 0;
15746 }
15747
15748 return res;
15749};
15750
15751},{"../hash":86}],88:[function(require,module,exports){
15752var hmac = exports;
15753
15754var hash = require('../hash');
15755var utils = hash.utils;
15756var assert = utils.assert;
15757
15758function Hmac(hash, key, enc) {
15759 if (!(this instanceof Hmac))
15760 return new Hmac(hash, key, enc);
15761 this.Hash = hash;
15762 this.blockSize = hash.blockSize / 8;
15763 this.outSize = hash.outSize / 8;
15764 this.inner = null;
15765 this.outer = null;
15766
15767 this._init(utils.toArray(key, enc));
15768}
15769module.exports = Hmac;
15770
15771Hmac.prototype._init = function init(key) {
15772 // Shorten key, if needed
15773 if (key.length > this.blockSize)
15774 key = new this.Hash().update(key).digest();
15775 assert(key.length <= this.blockSize);
15776
15777 // Add padding to key
15778 for (var i = key.length; i < this.blockSize; i++)
15779 key.push(0);
15780
15781 for (var i = 0; i < key.length; i++)
15782 key[i] ^= 0x36;
15783 this.inner = new this.Hash().update(key);
15784
15785 // 0x36 ^ 0x5c = 0x6a
15786 for (var i = 0; i < key.length; i++)
15787 key[i] ^= 0x6a;
15788 this.outer = new this.Hash().update(key);
15789};
15790
15791Hmac.prototype.update = function update(msg, enc) {
15792 this.inner.update(msg, enc);
15793 return this;
15794};
15795
15796Hmac.prototype.digest = function digest(enc) {
15797 this.outer.update(this.inner.digest());
15798 return this.outer.digest(enc);
15799};
15800
15801},{"../hash":86}],89:[function(require,module,exports){
15802var hash = require('../hash');
15803var utils = hash.utils;
15804
15805var rotl32 = utils.rotl32;
15806var sum32 = utils.sum32;
15807var sum32_3 = utils.sum32_3;
15808var sum32_4 = utils.sum32_4;
15809var BlockHash = hash.common.BlockHash;
15810
15811function RIPEMD160() {
15812 if (!(this instanceof RIPEMD160))
15813 return new RIPEMD160();
15814
15815 BlockHash.call(this);
15816
15817 this.h = [ 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0 ];
15818 this.endian = 'little';
15819}
15820utils.inherits(RIPEMD160, BlockHash);
15821exports.ripemd160 = RIPEMD160;
15822
15823RIPEMD160.blockSize = 512;
15824RIPEMD160.outSize = 160;
15825RIPEMD160.hmacStrength = 192;
15826RIPEMD160.padLength = 64;
15827
15828RIPEMD160.prototype._update = function update(msg, start) {
15829 var A = this.h[0];
15830 var B = this.h[1];
15831 var C = this.h[2];
15832 var D = this.h[3];
15833 var E = this.h[4];
15834 var Ah = A;
15835 var Bh = B;
15836 var Ch = C;
15837 var Dh = D;
15838 var Eh = E;
15839 for (var j = 0; j < 80; j++) {
15840 var T = sum32(
15841 rotl32(
15842 sum32_4(A, f(j, B, C, D), msg[r[j] + start], K(j)),
15843 s[j]),
15844 E);
15845 A = E;
15846 E = D;
15847 D = rotl32(C, 10);
15848 C = B;
15849 B = T;
15850 T = sum32(
15851 rotl32(
15852 sum32_4(Ah, f(79 - j, Bh, Ch, Dh), msg[rh[j] + start], Kh(j)),
15853 sh[j]),
15854 Eh);
15855 Ah = Eh;
15856 Eh = Dh;
15857 Dh = rotl32(Ch, 10);
15858 Ch = Bh;
15859 Bh = T;
15860 }
15861 T = sum32_3(this.h[1], C, Dh);
15862 this.h[1] = sum32_3(this.h[2], D, Eh);
15863 this.h[2] = sum32_3(this.h[3], E, Ah);
15864 this.h[3] = sum32_3(this.h[4], A, Bh);
15865 this.h[4] = sum32_3(this.h[0], B, Ch);
15866 this.h[0] = T;
15867};
15868
15869RIPEMD160.prototype._digest = function digest(enc) {
15870 if (enc === 'hex')
15871 return utils.toHex32(this.h, 'little');
15872 else
15873 return utils.split32(this.h, 'little');
15874};
15875
15876function f(j, x, y, z) {
15877 if (j <= 15)
15878 return x ^ y ^ z;
15879 else if (j <= 31)
15880 return (x & y) | ((~x) & z);
15881 else if (j <= 47)
15882 return (x | (~y)) ^ z;
15883 else if (j <= 63)
15884 return (x & z) | (y & (~z));
15885 else
15886 return x ^ (y | (~z));
15887}
15888
15889function K(j) {
15890 if (j <= 15)
15891 return 0x00000000;
15892 else if (j <= 31)
15893 return 0x5a827999;
15894 else if (j <= 47)
15895 return 0x6ed9eba1;
15896 else if (j <= 63)
15897 return 0x8f1bbcdc;
15898 else
15899 return 0xa953fd4e;
15900}
15901
15902function Kh(j) {
15903 if (j <= 15)
15904 return 0x50a28be6;
15905 else if (j <= 31)
15906 return 0x5c4dd124;
15907 else if (j <= 47)
15908 return 0x6d703ef3;
15909 else if (j <= 63)
15910 return 0x7a6d76e9;
15911 else
15912 return 0x00000000;
15913}
15914
15915var r = [
15916 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
15917 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8,
15918 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12,
15919 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2,
15920 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13
15921];
15922
15923var rh = [
15924 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12,
15925 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2,
15926 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13,
15927 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14,
15928 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11
15929];
15930
15931var s = [
15932 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8,
15933 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12,
15934 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5,
15935 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12,
15936 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6
15937];
15938
15939var sh = [
15940 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6,
15941 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11,
15942 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5,
15943 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8,
15944 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11
15945];
15946
15947},{"../hash":86}],90:[function(require,module,exports){
15948var hash = require('../hash');
15949var utils = hash.utils;
15950var assert = utils.assert;
15951
15952var rotr32 = utils.rotr32;
15953var rotl32 = utils.rotl32;
15954var sum32 = utils.sum32;
15955var sum32_4 = utils.sum32_4;
15956var sum32_5 = utils.sum32_5;
15957var rotr64_hi = utils.rotr64_hi;
15958var rotr64_lo = utils.rotr64_lo;
15959var shr64_hi = utils.shr64_hi;
15960var shr64_lo = utils.shr64_lo;
15961var sum64 = utils.sum64;
15962var sum64_hi = utils.sum64_hi;
15963var sum64_lo = utils.sum64_lo;
15964var sum64_4_hi = utils.sum64_4_hi;
15965var sum64_4_lo = utils.sum64_4_lo;
15966var sum64_5_hi = utils.sum64_5_hi;
15967var sum64_5_lo = utils.sum64_5_lo;
15968var BlockHash = hash.common.BlockHash;
15969
15970var sha256_K = [
15971 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
15972 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
15973 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
15974 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
15975 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
15976 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
15977 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
15978 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
15979 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
15980 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
15981 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
15982 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
15983 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
15984 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
15985 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
15986 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
15987];
15988
15989var sha512_K = [
15990 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd,
15991 0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc,
15992 0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019,
15993 0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118,
15994 0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe,
15995 0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2,
15996 0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1,
15997 0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694,
15998 0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3,
15999 0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65,
16000 0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483,
16001 0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5,
16002 0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210,
16003 0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4,
16004 0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725,
16005 0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70,
16006 0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926,
16007 0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df,
16008 0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8,
16009 0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b,
16010 0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001,
16011 0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30,
16012 0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910,
16013 0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8,
16014 0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53,
16015 0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8,
16016 0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb,
16017 0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3,
16018 0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60,
16019 0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec,
16020 0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9,
16021 0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b,
16022 0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207,
16023 0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178,
16024 0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6,
16025 0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b,
16026 0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493,
16027 0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c,
16028 0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a,
16029 0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817
16030];
16031
16032var sha1_K = [
16033 0x5A827999, 0x6ED9EBA1,
16034 0x8F1BBCDC, 0xCA62C1D6
16035];
16036
16037function SHA256() {
16038 if (!(this instanceof SHA256))
16039 return new SHA256();
16040
16041 BlockHash.call(this);
16042 this.h = [ 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
16043 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 ];
16044 this.k = sha256_K;
16045 this.W = new Array(64);
16046}
16047utils.inherits(SHA256, BlockHash);
16048exports.sha256 = SHA256;
16049
16050SHA256.blockSize = 512;
16051SHA256.outSize = 256;
16052SHA256.hmacStrength = 192;
16053SHA256.padLength = 64;
16054
16055SHA256.prototype._update = function _update(msg, start) {
16056 var W = this.W;
16057
16058 for (var i = 0; i < 16; i++)
16059 W[i] = msg[start + i];
16060 for (; i < W.length; i++)
16061 W[i] = sum32_4(g1_256(W[i - 2]), W[i - 7], g0_256(W[i - 15]), W[i - 16]);
16062
16063 var a = this.h[0];
16064 var b = this.h[1];
16065 var c = this.h[2];
16066 var d = this.h[3];
16067 var e = this.h[4];
16068 var f = this.h[5];
16069 var g = this.h[6];
16070 var h = this.h[7];
16071
16072 assert(this.k.length === W.length);
16073 for (var i = 0; i < W.length; i++) {
16074 var T1 = sum32_5(h, s1_256(e), ch32(e, f, g), this.k[i], W[i]);
16075 var T2 = sum32(s0_256(a), maj32(a, b, c));
16076 h = g;
16077 g = f;
16078 f = e;
16079 e = sum32(d, T1);
16080 d = c;
16081 c = b;
16082 b = a;
16083 a = sum32(T1, T2);
16084 }
16085
16086 this.h[0] = sum32(this.h[0], a);
16087 this.h[1] = sum32(this.h[1], b);
16088 this.h[2] = sum32(this.h[2], c);
16089 this.h[3] = sum32(this.h[3], d);
16090 this.h[4] = sum32(this.h[4], e);
16091 this.h[5] = sum32(this.h[5], f);
16092 this.h[6] = sum32(this.h[6], g);
16093 this.h[7] = sum32(this.h[7], h);
16094};
16095
16096SHA256.prototype._digest = function digest(enc) {
16097 if (enc === 'hex')
16098 return utils.toHex32(this.h, 'big');
16099 else
16100 return utils.split32(this.h, 'big');
16101};
16102
16103function SHA224() {
16104 if (!(this instanceof SHA224))
16105 return new SHA224();
16106
16107 SHA256.call(this);
16108 this.h = [ 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,
16109 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4 ];
16110}
16111utils.inherits(SHA224, SHA256);
16112exports.sha224 = SHA224;
16113
16114SHA224.blockSize = 512;
16115SHA224.outSize = 224;
16116SHA224.hmacStrength = 192;
16117SHA224.padLength = 64;
16118
16119SHA224.prototype._digest = function digest(enc) {
16120 // Just truncate output
16121 if (enc === 'hex')
16122 return utils.toHex32(this.h.slice(0, 7), 'big');
16123 else
16124 return utils.split32(this.h.slice(0, 7), 'big');
16125};
16126
16127function SHA512() {
16128 if (!(this instanceof SHA512))
16129 return new SHA512();
16130
16131 BlockHash.call(this);
16132 this.h = [ 0x6a09e667, 0xf3bcc908,
16133 0xbb67ae85, 0x84caa73b,
16134 0x3c6ef372, 0xfe94f82b,
16135 0xa54ff53a, 0x5f1d36f1,
16136 0x510e527f, 0xade682d1,
16137 0x9b05688c, 0x2b3e6c1f,
16138 0x1f83d9ab, 0xfb41bd6b,
16139 0x5be0cd19, 0x137e2179 ];
16140 this.k = sha512_K;
16141 this.W = new Array(160);
16142}
16143utils.inherits(SHA512, BlockHash);
16144exports.sha512 = SHA512;
16145
16146SHA512.blockSize = 1024;
16147SHA512.outSize = 512;
16148SHA512.hmacStrength = 192;
16149SHA512.padLength = 128;
16150
16151SHA512.prototype._prepareBlock = function _prepareBlock(msg, start) {
16152 var W = this.W;
16153
16154 // 32 x 32bit words
16155 for (var i = 0; i < 32; i++)
16156 W[i] = msg[start + i];
16157 for (; i < W.length; i += 2) {
16158 var c0_hi = g1_512_hi(W[i - 4], W[i - 3]); // i - 2
16159 var c0_lo = g1_512_lo(W[i - 4], W[i - 3]);
16160 var c1_hi = W[i - 14]; // i - 7
16161 var c1_lo = W[i - 13];
16162 var c2_hi = g0_512_hi(W[i - 30], W[i - 29]); // i - 15
16163 var c2_lo = g0_512_lo(W[i - 30], W[i - 29]);
16164 var c3_hi = W[i - 32]; // i - 16
16165 var c3_lo = W[i - 31];
16166
16167 W[i] = sum64_4_hi(c0_hi, c0_lo,
16168 c1_hi, c1_lo,
16169 c2_hi, c2_lo,
16170 c3_hi, c3_lo);
16171 W[i + 1] = sum64_4_lo(c0_hi, c0_lo,
16172 c1_hi, c1_lo,
16173 c2_hi, c2_lo,
16174 c3_hi, c3_lo);
16175 }
16176};
16177
16178SHA512.prototype._update = function _update(msg, start) {
16179 this._prepareBlock(msg, start);
16180
16181 var W = this.W;
16182
16183 var ah = this.h[0];
16184 var al = this.h[1];
16185 var bh = this.h[2];
16186 var bl = this.h[3];
16187 var ch = this.h[4];
16188 var cl = this.h[5];
16189 var dh = this.h[6];
16190 var dl = this.h[7];
16191 var eh = this.h[8];
16192 var el = this.h[9];
16193 var fh = this.h[10];
16194 var fl = this.h[11];
16195 var gh = this.h[12];
16196 var gl = this.h[13];
16197 var hh = this.h[14];
16198 var hl = this.h[15];
16199
16200 assert(this.k.length === W.length);
16201 for (var i = 0; i < W.length; i += 2) {
16202 var c0_hi = hh;
16203 var c0_lo = hl;
16204 var c1_hi = s1_512_hi(eh, el);
16205 var c1_lo = s1_512_lo(eh, el);
16206 var c2_hi = ch64_hi(eh, el, fh, fl, gh, gl);
16207 var c2_lo = ch64_lo(eh, el, fh, fl, gh, gl);
16208 var c3_hi = this.k[i];
16209 var c3_lo = this.k[i + 1];
16210 var c4_hi = W[i];
16211 var c4_lo = W[i + 1];
16212
16213 var T1_hi = sum64_5_hi(c0_hi, c0_lo,
16214 c1_hi, c1_lo,
16215 c2_hi, c2_lo,
16216 c3_hi, c3_lo,
16217 c4_hi, c4_lo);
16218 var T1_lo = sum64_5_lo(c0_hi, c0_lo,
16219 c1_hi, c1_lo,
16220 c2_hi, c2_lo,
16221 c3_hi, c3_lo,
16222 c4_hi, c4_lo);
16223
16224 var c0_hi = s0_512_hi(ah, al);
16225 var c0_lo = s0_512_lo(ah, al);
16226 var c1_hi = maj64_hi(ah, al, bh, bl, ch, cl);
16227 var c1_lo = maj64_lo(ah, al, bh, bl, ch, cl);
16228
16229 var T2_hi = sum64_hi(c0_hi, c0_lo, c1_hi, c1_lo);
16230 var T2_lo = sum64_lo(c0_hi, c0_lo, c1_hi, c1_lo);
16231
16232 hh = gh;
16233 hl = gl;
16234
16235 gh = fh;
16236 gl = fl;
16237
16238 fh = eh;
16239 fl = el;
16240
16241 eh = sum64_hi(dh, dl, T1_hi, T1_lo);
16242 el = sum64_lo(dl, dl, T1_hi, T1_lo);
16243
16244 dh = ch;
16245 dl = cl;
16246
16247 ch = bh;
16248 cl = bl;
16249
16250 bh = ah;
16251 bl = al;
16252
16253 ah = sum64_hi(T1_hi, T1_lo, T2_hi, T2_lo);
16254 al = sum64_lo(T1_hi, T1_lo, T2_hi, T2_lo);
16255 }
16256
16257 sum64(this.h, 0, ah, al);
16258 sum64(this.h, 2, bh, bl);
16259 sum64(this.h, 4, ch, cl);
16260 sum64(this.h, 6, dh, dl);
16261 sum64(this.h, 8, eh, el);
16262 sum64(this.h, 10, fh, fl);
16263 sum64(this.h, 12, gh, gl);
16264 sum64(this.h, 14, hh, hl);
16265};
16266
16267SHA512.prototype._digest = function digest(enc) {
16268 if (enc === 'hex')
16269 return utils.toHex32(this.h, 'big');
16270 else
16271 return utils.split32(this.h, 'big');
16272};
16273
16274function SHA384() {
16275 if (!(this instanceof SHA384))
16276 return new SHA384();
16277
16278 SHA512.call(this);
16279 this.h = [ 0xcbbb9d5d, 0xc1059ed8,
16280 0x629a292a, 0x367cd507,
16281 0x9159015a, 0x3070dd17,
16282 0x152fecd8, 0xf70e5939,
16283 0x67332667, 0xffc00b31,
16284 0x8eb44a87, 0x68581511,
16285 0xdb0c2e0d, 0x64f98fa7,
16286 0x47b5481d, 0xbefa4fa4 ];
16287}
16288utils.inherits(SHA384, SHA512);
16289exports.sha384 = SHA384;
16290
16291SHA384.blockSize = 1024;
16292SHA384.outSize = 384;
16293SHA384.hmacStrength = 192;
16294SHA384.padLength = 128;
16295
16296SHA384.prototype._digest = function digest(enc) {
16297 if (enc === 'hex')
16298 return utils.toHex32(this.h.slice(0, 12), 'big');
16299 else
16300 return utils.split32(this.h.slice(0, 12), 'big');
16301};
16302
16303function SHA1() {
16304 if (!(this instanceof SHA1))
16305 return new SHA1();
16306
16307 BlockHash.call(this);
16308 this.h = [ 0x67452301, 0xefcdab89, 0x98badcfe,
16309 0x10325476, 0xc3d2e1f0 ];
16310 this.W = new Array(80);
16311}
16312
16313utils.inherits(SHA1, BlockHash);
16314exports.sha1 = SHA1;
16315
16316SHA1.blockSize = 512;
16317SHA1.outSize = 160;
16318SHA1.hmacStrength = 80;
16319SHA1.padLength = 64;
16320
16321SHA1.prototype._update = function _update(msg, start) {
16322 var W = this.W;
16323
16324 for (var i = 0; i < 16; i++)
16325 W[i] = msg[start + i];
16326
16327 for(; i < W.length; i++)
16328 W[i] = rotl32(W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16], 1);
16329
16330 var a = this.h[0];
16331 var b = this.h[1];
16332 var c = this.h[2];
16333 var d = this.h[3];
16334 var e = this.h[4];
16335
16336 for (var i = 0; i < W.length; i++) {
16337 var s = ~~(i / 20);
16338 var t = sum32_5(rotl32(a, 5), ft_1(s, b, c, d), e, W[i], sha1_K[s]);
16339 e = d;
16340 d = c;
16341 c = rotl32(b, 30);
16342 b = a;
16343 a = t;
16344 }
16345
16346 this.h[0] = sum32(this.h[0], a);
16347 this.h[1] = sum32(this.h[1], b);
16348 this.h[2] = sum32(this.h[2], c);
16349 this.h[3] = sum32(this.h[3], d);
16350 this.h[4] = sum32(this.h[4], e);
16351};
16352
16353SHA1.prototype._digest = function digest(enc) {
16354 if (enc === 'hex')
16355 return utils.toHex32(this.h, 'big');
16356 else
16357 return utils.split32(this.h, 'big');
16358};
16359
16360function ch32(x, y, z) {
16361 return (x & y) ^ ((~x) & z);
16362}
16363
16364function maj32(x, y, z) {
16365 return (x & y) ^ (x & z) ^ (y & z);
16366}
16367
16368function p32(x, y, z) {
16369 return x ^ y ^ z;
16370}
16371
16372function s0_256(x) {
16373 return rotr32(x, 2) ^ rotr32(x, 13) ^ rotr32(x, 22);
16374}
16375
16376function s1_256(x) {
16377 return rotr32(x, 6) ^ rotr32(x, 11) ^ rotr32(x, 25);
16378}
16379
16380function g0_256(x) {
16381 return rotr32(x, 7) ^ rotr32(x, 18) ^ (x >>> 3);
16382}
16383
16384function g1_256(x) {
16385 return rotr32(x, 17) ^ rotr32(x, 19) ^ (x >>> 10);
16386}
16387
16388function ft_1(s, x, y, z) {
16389 if (s === 0)
16390 return ch32(x, y, z);
16391 if (s === 1 || s === 3)
16392 return p32(x, y, z);
16393 if (s === 2)
16394 return maj32(x, y, z);
16395}
16396
16397function ch64_hi(xh, xl, yh, yl, zh, zl) {
16398 var r = (xh & yh) ^ ((~xh) & zh);
16399 if (r < 0)
16400 r += 0x100000000;
16401 return r;
16402}
16403
16404function ch64_lo(xh, xl, yh, yl, zh, zl) {
16405 var r = (xl & yl) ^ ((~xl) & zl);
16406 if (r < 0)
16407 r += 0x100000000;
16408 return r;
16409}
16410
16411function maj64_hi(xh, xl, yh, yl, zh, zl) {
16412 var r = (xh & yh) ^ (xh & zh) ^ (yh & zh);
16413 if (r < 0)
16414 r += 0x100000000;
16415 return r;
16416}
16417
16418function maj64_lo(xh, xl, yh, yl, zh, zl) {
16419 var r = (xl & yl) ^ (xl & zl) ^ (yl & zl);
16420 if (r < 0)
16421 r += 0x100000000;
16422 return r;
16423}
16424
16425function s0_512_hi(xh, xl) {
16426 var c0_hi = rotr64_hi(xh, xl, 28);
16427 var c1_hi = rotr64_hi(xl, xh, 2); // 34
16428 var c2_hi = rotr64_hi(xl, xh, 7); // 39
16429
16430 var r = c0_hi ^ c1_hi ^ c2_hi;
16431 if (r < 0)
16432 r += 0x100000000;
16433 return r;
16434}
16435
16436function s0_512_lo(xh, xl) {
16437 var c0_lo = rotr64_lo(xh, xl, 28);
16438 var c1_lo = rotr64_lo(xl, xh, 2); // 34
16439 var c2_lo = rotr64_lo(xl, xh, 7); // 39
16440
16441 var r = c0_lo ^ c1_lo ^ c2_lo;
16442 if (r < 0)
16443 r += 0x100000000;
16444 return r;
16445}
16446
16447function s1_512_hi(xh, xl) {
16448 var c0_hi = rotr64_hi(xh, xl, 14);
16449 var c1_hi = rotr64_hi(xh, xl, 18);
16450 var c2_hi = rotr64_hi(xl, xh, 9); // 41
16451
16452 var r = c0_hi ^ c1_hi ^ c2_hi;
16453 if (r < 0)
16454 r += 0x100000000;
16455 return r;
16456}
16457
16458function s1_512_lo(xh, xl) {
16459 var c0_lo = rotr64_lo(xh, xl, 14);
16460 var c1_lo = rotr64_lo(xh, xl, 18);
16461 var c2_lo = rotr64_lo(xl, xh, 9); // 41
16462
16463 var r = c0_lo ^ c1_lo ^ c2_lo;
16464 if (r < 0)
16465 r += 0x100000000;
16466 return r;
16467}
16468
16469function g0_512_hi(xh, xl) {
16470 var c0_hi = rotr64_hi(xh, xl, 1);
16471 var c1_hi = rotr64_hi(xh, xl, 8);
16472 var c2_hi = shr64_hi(xh, xl, 7);
16473
16474 var r = c0_hi ^ c1_hi ^ c2_hi;
16475 if (r < 0)
16476 r += 0x100000000;
16477 return r;
16478}
16479
16480function g0_512_lo(xh, xl) {
16481 var c0_lo = rotr64_lo(xh, xl, 1);
16482 var c1_lo = rotr64_lo(xh, xl, 8);
16483 var c2_lo = shr64_lo(xh, xl, 7);
16484
16485 var r = c0_lo ^ c1_lo ^ c2_lo;
16486 if (r < 0)
16487 r += 0x100000000;
16488 return r;
16489}
16490
16491function g1_512_hi(xh, xl) {
16492 var c0_hi = rotr64_hi(xh, xl, 19);
16493 var c1_hi = rotr64_hi(xl, xh, 29); // 61
16494 var c2_hi = shr64_hi(xh, xl, 6);
16495
16496 var r = c0_hi ^ c1_hi ^ c2_hi;
16497 if (r < 0)
16498 r += 0x100000000;
16499 return r;
16500}
16501
16502function g1_512_lo(xh, xl) {
16503 var c0_lo = rotr64_lo(xh, xl, 19);
16504 var c1_lo = rotr64_lo(xl, xh, 29); // 61
16505 var c2_lo = shr64_lo(xh, xl, 6);
16506
16507 var r = c0_lo ^ c1_lo ^ c2_lo;
16508 if (r < 0)
16509 r += 0x100000000;
16510 return r;
16511}
16512
16513},{"../hash":86}],91:[function(require,module,exports){
16514var utils = exports;
16515var inherits = require('inherits');
16516
16517function toArray(msg, enc) {
16518 if (Array.isArray(msg))
16519 return msg.slice();
16520 if (!msg)
16521 return [];
16522 var res = [];
16523 if (typeof msg === 'string') {
16524 if (!enc) {
16525 for (var i = 0; i < msg.length; i++) {
16526 var c = msg.charCodeAt(i);
16527 var hi = c >> 8;
16528 var lo = c & 0xff;
16529 if (hi)
16530 res.push(hi, lo);
16531 else
16532 res.push(lo);
16533 }
16534 } else if (enc === 'hex') {
16535 msg = msg.replace(/[^a-z0-9]+/ig, '');
16536 if (msg.length % 2 !== 0)
16537 msg = '0' + msg;
16538 for (var i = 0; i < msg.length; i += 2)
16539 res.push(parseInt(msg[i] + msg[i + 1], 16));
16540 }
16541 } else {
16542 for (var i = 0; i < msg.length; i++)
16543 res[i] = msg[i] | 0;
16544 }
16545 return res;
16546}
16547utils.toArray = toArray;
16548
16549function toHex(msg) {
16550 var res = '';
16551 for (var i = 0; i < msg.length; i++)
16552 res += zero2(msg[i].toString(16));
16553 return res;
16554}
16555utils.toHex = toHex;
16556
16557function htonl(w) {
16558 var res = (w >>> 24) |
16559 ((w >>> 8) & 0xff00) |
16560 ((w << 8) & 0xff0000) |
16561 ((w & 0xff) << 24);
16562 return res >>> 0;
16563}
16564utils.htonl = htonl;
16565
16566function toHex32(msg, endian) {
16567 var res = '';
16568 for (var i = 0; i < msg.length; i++) {
16569 var w = msg[i];
16570 if (endian === 'little')
16571 w = htonl(w);
16572 res += zero8(w.toString(16));
16573 }
16574 return res;
16575}
16576utils.toHex32 = toHex32;
16577
16578function zero2(word) {
16579 if (word.length === 1)
16580 return '0' + word;
16581 else
16582 return word;
16583}
16584utils.zero2 = zero2;
16585
16586function zero8(word) {
16587 if (word.length === 7)
16588 return '0' + word;
16589 else if (word.length === 6)
16590 return '00' + word;
16591 else if (word.length === 5)
16592 return '000' + word;
16593 else if (word.length === 4)
16594 return '0000' + word;
16595 else if (word.length === 3)
16596 return '00000' + word;
16597 else if (word.length === 2)
16598 return '000000' + word;
16599 else if (word.length === 1)
16600 return '0000000' + word;
16601 else
16602 return word;
16603}
16604utils.zero8 = zero8;
16605
16606function join32(msg, start, end, endian) {
16607 var len = end - start;
16608 assert(len % 4 === 0);
16609 var res = new Array(len / 4);
16610 for (var i = 0, k = start; i < res.length; i++, k += 4) {
16611 var w;
16612 if (endian === 'big')
16613 w = (msg[k] << 24) | (msg[k + 1] << 16) | (msg[k + 2] << 8) | msg[k + 3];
16614 else
16615 w = (msg[k + 3] << 24) | (msg[k + 2] << 16) | (msg[k + 1] << 8) | msg[k];
16616 res[i] = w >>> 0;
16617 }
16618 return res;
16619}
16620utils.join32 = join32;
16621
16622function split32(msg, endian) {
16623 var res = new Array(msg.length * 4);
16624 for (var i = 0, k = 0; i < msg.length; i++, k += 4) {
16625 var m = msg[i];
16626 if (endian === 'big') {
16627 res[k] = m >>> 24;
16628 res[k + 1] = (m >>> 16) & 0xff;
16629 res[k + 2] = (m >>> 8) & 0xff;
16630 res[k + 3] = m & 0xff;
16631 } else {
16632 res[k + 3] = m >>> 24;
16633 res[k + 2] = (m >>> 16) & 0xff;
16634 res[k + 1] = (m >>> 8) & 0xff;
16635 res[k] = m & 0xff;
16636 }
16637 }
16638 return res;
16639}
16640utils.split32 = split32;
16641
16642function rotr32(w, b) {
16643 return (w >>> b) | (w << (32 - b));
16644}
16645utils.rotr32 = rotr32;
16646
16647function rotl32(w, b) {
16648 return (w << b) | (w >>> (32 - b));
16649}
16650utils.rotl32 = rotl32;
16651
16652function sum32(a, b) {
16653 return (a + b) >>> 0;
16654}
16655utils.sum32 = sum32;
16656
16657function sum32_3(a, b, c) {
16658 return (a + b + c) >>> 0;
16659}
16660utils.sum32_3 = sum32_3;
16661
16662function sum32_4(a, b, c, d) {
16663 return (a + b + c + d) >>> 0;
16664}
16665utils.sum32_4 = sum32_4;
16666
16667function sum32_5(a, b, c, d, e) {
16668 return (a + b + c + d + e) >>> 0;
16669}
16670utils.sum32_5 = sum32_5;
16671
16672function assert(cond, msg) {
16673 if (!cond)
16674 throw new Error(msg || 'Assertion failed');
16675}
16676utils.assert = assert;
16677
16678utils.inherits = inherits;
16679
16680function sum64(buf, pos, ah, al) {
16681 var bh = buf[pos];
16682 var bl = buf[pos + 1];
16683
16684 var lo = (al + bl) >>> 0;
16685 var hi = (lo < al ? 1 : 0) + ah + bh;
16686 buf[pos] = hi >>> 0;
16687 buf[pos + 1] = lo;
16688}
16689exports.sum64 = sum64;
16690
16691function sum64_hi(ah, al, bh, bl) {
16692 var lo = (al + bl) >>> 0;
16693 var hi = (lo < al ? 1 : 0) + ah + bh;
16694 return hi >>> 0;
16695};
16696exports.sum64_hi = sum64_hi;
16697
16698function sum64_lo(ah, al, bh, bl) {
16699 var lo = al + bl;
16700 return lo >>> 0;
16701};
16702exports.sum64_lo = sum64_lo;
16703
16704function sum64_4_hi(ah, al, bh, bl, ch, cl, dh, dl) {
16705 var carry = 0;
16706 var lo = al;
16707 lo = (lo + bl) >>> 0;
16708 carry += lo < al ? 1 : 0;
16709 lo = (lo + cl) >>> 0;
16710 carry += lo < cl ? 1 : 0;
16711 lo = (lo + dl) >>> 0;
16712 carry += lo < dl ? 1 : 0;
16713
16714 var hi = ah + bh + ch + dh + carry;
16715 return hi >>> 0;
16716};
16717exports.sum64_4_hi = sum64_4_hi;
16718
16719function sum64_4_lo(ah, al, bh, bl, ch, cl, dh, dl) {
16720 var lo = al + bl + cl + dl;
16721 return lo >>> 0;
16722};
16723exports.sum64_4_lo = sum64_4_lo;
16724
16725function sum64_5_hi(ah, al, bh, bl, ch, cl, dh, dl, eh, el) {
16726 var carry = 0;
16727 var lo = al;
16728 lo = (lo + bl) >>> 0;
16729 carry += lo < al ? 1 : 0;
16730 lo = (lo + cl) >>> 0;
16731 carry += lo < cl ? 1 : 0;
16732 lo = (lo + dl) >>> 0;
16733 carry += lo < dl ? 1 : 0;
16734 lo = (lo + el) >>> 0;
16735 carry += lo < el ? 1 : 0;
16736
16737 var hi = ah + bh + ch + dh + eh + carry;
16738 return hi >>> 0;
16739};
16740exports.sum64_5_hi = sum64_5_hi;
16741
16742function sum64_5_lo(ah, al, bh, bl, ch, cl, dh, dl, eh, el) {
16743 var lo = al + bl + cl + dl + el;
16744
16745 return lo >>> 0;
16746};
16747exports.sum64_5_lo = sum64_5_lo;
16748
16749function rotr64_hi(ah, al, num) {
16750 var r = (al << (32 - num)) | (ah >>> num);
16751 return r >>> 0;
16752};
16753exports.rotr64_hi = rotr64_hi;
16754
16755function rotr64_lo(ah, al, num) {
16756 var r = (ah << (32 - num)) | (al >>> num);
16757 return r >>> 0;
16758};
16759exports.rotr64_lo = rotr64_lo;
16760
16761function shr64_hi(ah, al, num) {
16762 return ah >>> num;
16763};
16764exports.shr64_hi = shr64_hi;
16765
16766function shr64_lo(ah, al, num) {
16767 var r = (ah << (32 - num)) | (al >>> num);
16768 return r >>> 0;
16769};
16770exports.shr64_lo = shr64_lo;
16771
16772},{"inherits":95}],92:[function(require,module,exports){
16773'use strict';
16774
16775var hash = require('hash.js');
16776var utils = require('minimalistic-crypto-utils');
16777var assert = require('minimalistic-assert');
16778
16779function HmacDRBG(options) {
16780 if (!(this instanceof HmacDRBG))
16781 return new HmacDRBG(options);
16782 this.hash = options.hash;
16783 this.predResist = !!options.predResist;
16784
16785 this.outLen = this.hash.outSize;
16786 this.minEntropy = options.minEntropy || this.hash.hmacStrength;
16787
16788 this._reseed = null;
16789 this.reseedInterval = null;
16790 this.K = null;
16791 this.V = null;
16792
16793 var entropy = utils.toArray(options.entropy, options.entropyEnc || 'hex');
16794 var nonce = utils.toArray(options.nonce, options.nonceEnc || 'hex');
16795 var pers = utils.toArray(options.pers, options.persEnc || 'hex');
16796 assert(entropy.length >= (this.minEntropy / 8),
16797 'Not enough entropy. Minimum is: ' + this.minEntropy + ' bits');
16798 this._init(entropy, nonce, pers);
16799}
16800module.exports = HmacDRBG;
16801
16802HmacDRBG.prototype._init = function init(entropy, nonce, pers) {
16803 var seed = entropy.concat(nonce).concat(pers);
16804
16805 this.K = new Array(this.outLen / 8);
16806 this.V = new Array(this.outLen / 8);
16807 for (var i = 0; i < this.V.length; i++) {
16808 this.K[i] = 0x00;
16809 this.V[i] = 0x01;
16810 }
16811
16812 this._update(seed);
16813 this._reseed = 1;
16814 this.reseedInterval = 0x1000000000000; // 2^48
16815};
16816
16817HmacDRBG.prototype._hmac = function hmac() {
16818 return new hash.hmac(this.hash, this.K);
16819};
16820
16821HmacDRBG.prototype._update = function update(seed) {
16822 var kmac = this._hmac()
16823 .update(this.V)
16824 .update([ 0x00 ]);
16825 if (seed)
16826 kmac = kmac.update(seed);
16827 this.K = kmac.digest();
16828 this.V = this._hmac().update(this.V).digest();
16829 if (!seed)
16830 return;
16831
16832 this.K = this._hmac()
16833 .update(this.V)
16834 .update([ 0x01 ])
16835 .update(seed)
16836 .digest();
16837 this.V = this._hmac().update(this.V).digest();
16838};
16839
16840HmacDRBG.prototype.reseed = function reseed(entropy, entropyEnc, add, addEnc) {
16841 // Optional entropy enc
16842 if (typeof entropyEnc !== 'string') {
16843 addEnc = add;
16844 add = entropyEnc;
16845 entropyEnc = null;
16846 }
16847
16848 entropy = utils.toArray(entropy, entropyEnc);
16849 add = utils.toArray(add, addEnc);
16850
16851 assert(entropy.length >= (this.minEntropy / 8),
16852 'Not enough entropy. Minimum is: ' + this.minEntropy + ' bits');
16853
16854 this._update(entropy.concat(add || []));
16855 this._reseed = 1;
16856};
16857
16858HmacDRBG.prototype.generate = function generate(len, enc, add, addEnc) {
16859 if (this._reseed > this.reseedInterval)
16860 throw new Error('Reseed is required');
16861
16862 // Optional encoding
16863 if (typeof enc !== 'string') {
16864 addEnc = add;
16865 add = enc;
16866 enc = null;
16867 }
16868
16869 // Optional additional data
16870 if (add) {
16871 add = utils.toArray(add, addEnc || 'hex');
16872 this._update(add);
16873 }
16874
16875 var temp = [];
16876 while (temp.length < len) {
16877 this.V = this._hmac().update(this.V).digest();
16878 temp = temp.concat(this.V);
16879 }
16880
16881 var res = temp.slice(0, len);
16882 this._update(add);
16883 this._reseed++;
16884 return utils.encode(res, enc);
16885};
16886
16887},{"hash.js":86,"minimalistic-assert":99,"minimalistic-crypto-utils":100}],93:[function(require,module,exports){
16888exports.read = function (buffer, offset, isLE, mLen, nBytes) {
16889 var e, m
16890 var eLen = nBytes * 8 - mLen - 1
16891 var eMax = (1 << eLen) - 1
16892 var eBias = eMax >> 1
16893 var nBits = -7
16894 var i = isLE ? (nBytes - 1) : 0
16895 var d = isLE ? -1 : 1
16896 var s = buffer[offset + i]
16897
16898 i += d
16899
16900 e = s & ((1 << (-nBits)) - 1)
16901 s >>= (-nBits)
16902 nBits += eLen
16903 for (; nBits > 0; e = e * 256 + buffer[offset + i], i += d, nBits -= 8) {}
16904
16905 m = e & ((1 << (-nBits)) - 1)
16906 e >>= (-nBits)
16907 nBits += mLen
16908 for (; nBits > 0; m = m * 256 + buffer[offset + i], i += d, nBits -= 8) {}
16909
16910 if (e === 0) {
16911 e = 1 - eBias
16912 } else if (e === eMax) {
16913 return m ? NaN : ((s ? -1 : 1) * Infinity)
16914 } else {
16915 m = m + Math.pow(2, mLen)
16916 e = e - eBias
16917 }
16918 return (s ? -1 : 1) * m * Math.pow(2, e - mLen)
16919}
16920
16921exports.write = function (buffer, value, offset, isLE, mLen, nBytes) {
16922 var e, m, c
16923 var eLen = nBytes * 8 - mLen - 1
16924 var eMax = (1 << eLen) - 1
16925 var eBias = eMax >> 1
16926 var rt = (mLen === 23 ? Math.pow(2, -24) - Math.pow(2, -77) : 0)
16927 var i = isLE ? 0 : (nBytes - 1)
16928 var d = isLE ? 1 : -1
16929 var s = value < 0 || (value === 0 && 1 / value < 0) ? 1 : 0
16930
16931 value = Math.abs(value)
16932
16933 if (isNaN(value) || value === Infinity) {
16934 m = isNaN(value) ? 1 : 0
16935 e = eMax
16936 } else {
16937 e = Math.floor(Math.log(value) / Math.LN2)
16938 if (value * (c = Math.pow(2, -e)) < 1) {
16939 e--
16940 c *= 2
16941 }
16942 if (e + eBias >= 1) {
16943 value += rt / c
16944 } else {
16945 value += rt * Math.pow(2, 1 - eBias)
16946 }
16947 if (value * c >= 2) {
16948 e++
16949 c /= 2
16950 }
16951
16952 if (e + eBias >= eMax) {
16953 m = 0
16954 e = eMax
16955 } else if (e + eBias >= 1) {
16956 m = (value * c - 1) * Math.pow(2, mLen)
16957 e = e + eBias
16958 } else {
16959 m = value * Math.pow(2, eBias - 1) * Math.pow(2, mLen)
16960 e = 0
16961 }
16962 }
16963
16964 for (; mLen >= 8; buffer[offset + i] = m & 0xff, i += d, m /= 256, mLen -= 8) {}
16965
16966 e = (e << mLen) | m
16967 eLen += mLen
16968 for (; eLen > 0; buffer[offset + i] = e & 0xff, i += d, e /= 256, eLen -= 8) {}
16969
16970 buffer[offset + i - d] |= s * 128
16971}
16972
16973},{}],94:[function(require,module,exports){
16974
16975var indexOf = [].indexOf;
16976
16977module.exports = function(arr, obj){
16978 if (indexOf) return arr.indexOf(obj);
16979 for (var i = 0; i < arr.length; ++i) {
16980 if (arr[i] === obj) return i;
16981 }
16982 return -1;
16983};
16984},{}],95:[function(require,module,exports){
16985if (typeof Object.create === 'function') {
16986 // implementation from standard node.js 'util' module
16987 module.exports = function inherits(ctor, superCtor) {
16988 ctor.super_ = superCtor
16989 ctor.prototype = Object.create(superCtor.prototype, {
16990 constructor: {
16991 value: ctor,
16992 enumerable: false,
16993 writable: true,
16994 configurable: true
16995 }
16996 });
16997 };
16998} else {
16999 // old school shim for old browsers
17000 module.exports = function inherits(ctor, superCtor) {
17001 ctor.super_ = superCtor
17002 var TempCtor = function () {}
17003 TempCtor.prototype = superCtor.prototype
17004 ctor.prototype = new TempCtor()
17005 ctor.prototype.constructor = ctor
17006 }
17007}
17008
17009},{}],96:[function(require,module,exports){
17010/*!
17011 * Determine if an object is a Buffer
17012 *
17013 * @author Feross Aboukhadijeh <feross@feross.org> <http://feross.org>
17014 * @license MIT
17015 */
17016
17017// The _isBuffer check is for Safari 5-7 support, because it's missing
17018// Object.prototype.constructor. Remove this eventually
17019module.exports = function (obj) {
17020 return obj != null && (isBuffer(obj) || isSlowBuffer(obj) || !!obj._isBuffer)
17021}
17022
17023function isBuffer (obj) {
17024 return !!obj.constructor && typeof obj.constructor.isBuffer === 'function' && obj.constructor.isBuffer(obj)
17025}
17026
17027// For Node v0.10 support. Remove this eventually.
17028function isSlowBuffer (obj) {
17029 return typeof obj.readFloatLE === 'function' && typeof obj.slice === 'function' && isBuffer(obj.slice(0, 0))
17030}
17031
17032},{}],97:[function(require,module,exports){
17033var toString = {}.toString;
17034
17035module.exports = Array.isArray || function (arr) {
17036 return toString.call(arr) == '[object Array]';
17037};
17038
17039},{}],98:[function(require,module,exports){
17040var bn = require('bn.js');
17041var brorand = require('brorand');
17042
17043function MillerRabin(rand) {
17044 this.rand = rand || new brorand.Rand();
17045}
17046module.exports = MillerRabin;
17047
17048MillerRabin.create = function create(rand) {
17049 return new MillerRabin(rand);
17050};
17051
17052MillerRabin.prototype._rand = function _rand(n) {
17053 var len = n.bitLength();
17054 var buf = this.rand.generate(Math.ceil(len / 8));
17055
17056 // Set low bits
17057 buf[0] |= 3;
17058
17059 // Mask high bits
17060 var mask = len & 0x7;
17061 if (mask !== 0)
17062 buf[buf.length - 1] >>= 7 - mask;
17063
17064 return new bn(buf);
17065}
17066
17067MillerRabin.prototype.test = function test(n, k, cb) {
17068 var len = n.bitLength();
17069 var red = bn.mont(n);
17070 var rone = new bn(1).toRed(red);
17071
17072 if (!k)
17073 k = Math.max(1, (len / 48) | 0);
17074
17075 // Find d and s, (n - 1) = (2 ^ s) * d;
17076 var n1 = n.subn(1);
17077 var n2 = n1.subn(1);
17078 for (var s = 0; !n1.testn(s); s++) {}
17079 var d = n.shrn(s);
17080
17081 var rn1 = n1.toRed(red);
17082
17083 var prime = true;
17084 for (; k > 0; k--) {
17085 var a = this._rand(n2);
17086 if (cb)
17087 cb(a);
17088
17089 var x = a.toRed(red).redPow(d);
17090 if (x.cmp(rone) === 0 || x.cmp(rn1) === 0)
17091 continue;
17092
17093 for (var i = 1; i < s; i++) {
17094 x = x.redSqr();
17095
17096 if (x.cmp(rone) === 0)
17097 return false;
17098 if (x.cmp(rn1) === 0)
17099 break;
17100 }
17101
17102 if (i === s)
17103 return false;
17104 }
17105
17106 return prime;
17107};
17108
17109MillerRabin.prototype.getDivisor = function getDivisor(n, k) {
17110 var len = n.bitLength();
17111 var red = bn.mont(n);
17112 var rone = new bn(1).toRed(red);
17113
17114 if (!k)
17115 k = Math.max(1, (len / 48) | 0);
17116
17117 // Find d and s, (n - 1) = (2 ^ s) * d;
17118 var n1 = n.subn(1);
17119 var n2 = n1.subn(1);
17120 for (var s = 0; !n1.testn(s); s++) {}
17121 var d = n.shrn(s);
17122
17123 var rn1 = n1.toRed(red);
17124
17125 for (; k > 0; k--) {
17126 var a = this._rand(n2);
17127
17128 var g = n.gcd(a);
17129 if (g.cmpn(1) !== 0)
17130 return g;
17131
17132 var x = a.toRed(red).redPow(d);
17133 if (x.cmp(rone) === 0 || x.cmp(rn1) === 0)
17134 continue;
17135
17136 for (var i = 1; i < s; i++) {
17137 x = x.redSqr();
17138
17139 if (x.cmp(rone) === 0)
17140 return x.fromRed().subn(1).gcd(n);
17141 if (x.cmp(rn1) === 0)
17142 break;
17143 }
17144
17145 if (i === s) {
17146 x = x.redSqr();
17147 return x.fromRed().subn(1).gcd(n);
17148 }
17149 }
17150
17151 return false;
17152};
17153
17154},{"bn.js":17,"brorand":18}],99:[function(require,module,exports){
17155module.exports = assert;
17156
17157function assert(val, msg) {
17158 if (!val)
17159 throw new Error(msg || 'Assertion failed');
17160}
17161
17162assert.equal = function assertEqual(l, r, msg) {
17163 if (l != r)
17164 throw new Error(msg || ('Assertion failed: ' + l + ' != ' + r));
17165};
17166
17167},{}],100:[function(require,module,exports){
17168'use strict';
17169
17170var utils = exports;
17171
17172function toArray(msg, enc) {
17173 if (Array.isArray(msg))
17174 return msg.slice();
17175 if (!msg)
17176 return [];
17177 var res = [];
17178 if (typeof msg !== 'string') {
17179 for (var i = 0; i < msg.length; i++)
17180 res[i] = msg[i] | 0;
17181 return res;
17182 }
17183 if (enc === 'hex') {
17184 msg = msg.replace(/[^a-z0-9]+/ig, '');
17185 if (msg.length % 2 !== 0)
17186 msg = '0' + msg;
17187 for (var i = 0; i < msg.length; i += 2)
17188 res.push(parseInt(msg[i] + msg[i + 1], 16));
17189 } else {
17190 for (var i = 0; i < msg.length; i++) {
17191 var c = msg.charCodeAt(i);
17192 var hi = c >> 8;
17193 var lo = c & 0xff;
17194 if (hi)
17195 res.push(hi, lo);
17196 else
17197 res.push(lo);
17198 }
17199 }
17200 return res;
17201}
17202utils.toArray = toArray;
17203
17204function zero2(word) {
17205 if (word.length === 1)
17206 return '0' + word;
17207 else
17208 return word;
17209}
17210utils.zero2 = zero2;
17211
17212function toHex(msg) {
17213 var res = '';
17214 for (var i = 0; i < msg.length; i++)
17215 res += zero2(msg[i].toString(16));
17216 return res;
17217}
17218utils.toHex = toHex;
17219
17220utils.encode = function encode(arr, enc) {
17221 if (enc === 'hex')
17222 return toHex(arr);
17223 else
17224 return arr;
17225};
17226
17227},{}],101:[function(require,module,exports){
17228module.exports={"2.16.840.1.101.3.4.1.1": "aes-128-ecb",
17229"2.16.840.1.101.3.4.1.2": "aes-128-cbc",
17230"2.16.840.1.101.3.4.1.3": "aes-128-ofb",
17231"2.16.840.1.101.3.4.1.4": "aes-128-cfb",
17232"2.16.840.1.101.3.4.1.21": "aes-192-ecb",
17233"2.16.840.1.101.3.4.1.22": "aes-192-cbc",
17234"2.16.840.1.101.3.4.1.23": "aes-192-ofb",
17235"2.16.840.1.101.3.4.1.24": "aes-192-cfb",
17236"2.16.840.1.101.3.4.1.41": "aes-256-ecb",
17237"2.16.840.1.101.3.4.1.42": "aes-256-cbc",
17238"2.16.840.1.101.3.4.1.43": "aes-256-ofb",
17239"2.16.840.1.101.3.4.1.44": "aes-256-cfb"
17240}
17241},{}],102:[function(require,module,exports){
17242// from https://github.com/indutny/self-signed/blob/gh-pages/lib/asn1.js
17243// Fedor, you are amazing.
17244'use strict'
17245
17246var asn1 = require('asn1.js')
17247
17248exports.certificate = require('./certificate')
17249
17250var RSAPrivateKey = asn1.define('RSAPrivateKey', function () {
17251 this.seq().obj(
17252 this.key('version').int(),
17253 this.key('modulus').int(),
17254 this.key('publicExponent').int(),
17255 this.key('privateExponent').int(),
17256 this.key('prime1').int(),
17257 this.key('prime2').int(),
17258 this.key('exponent1').int(),
17259 this.key('exponent2').int(),
17260 this.key('coefficient').int()
17261 )
17262})
17263exports.RSAPrivateKey = RSAPrivateKey
17264
17265var RSAPublicKey = asn1.define('RSAPublicKey', function () {
17266 this.seq().obj(
17267 this.key('modulus').int(),
17268 this.key('publicExponent').int()
17269 )
17270})
17271exports.RSAPublicKey = RSAPublicKey
17272
17273var PublicKey = asn1.define('SubjectPublicKeyInfo', function () {
17274 this.seq().obj(
17275 this.key('algorithm').use(AlgorithmIdentifier),
17276 this.key('subjectPublicKey').bitstr()
17277 )
17278})
17279exports.PublicKey = PublicKey
17280
17281var AlgorithmIdentifier = asn1.define('AlgorithmIdentifier', function () {
17282 this.seq().obj(
17283 this.key('algorithm').objid(),
17284 this.key('none').null_().optional(),
17285 this.key('curve').objid().optional(),
17286 this.key('params').seq().obj(
17287 this.key('p').int(),
17288 this.key('q').int(),
17289 this.key('g').int()
17290 ).optional()
17291 )
17292})
17293
17294var PrivateKeyInfo = asn1.define('PrivateKeyInfo', function () {
17295 this.seq().obj(
17296 this.key('version').int(),
17297 this.key('algorithm').use(AlgorithmIdentifier),
17298 this.key('subjectPrivateKey').octstr()
17299 )
17300})
17301exports.PrivateKey = PrivateKeyInfo
17302var EncryptedPrivateKeyInfo = asn1.define('EncryptedPrivateKeyInfo', function () {
17303 this.seq().obj(
17304 this.key('algorithm').seq().obj(
17305 this.key('id').objid(),
17306 this.key('decrypt').seq().obj(
17307 this.key('kde').seq().obj(
17308 this.key('id').objid(),
17309 this.key('kdeparams').seq().obj(
17310 this.key('salt').octstr(),
17311 this.key('iters').int()
17312 )
17313 ),
17314 this.key('cipher').seq().obj(
17315 this.key('algo').objid(),
17316 this.key('iv').octstr()
17317 )
17318 )
17319 ),
17320 this.key('subjectPrivateKey').octstr()
17321 )
17322})
17323
17324exports.EncryptedPrivateKey = EncryptedPrivateKeyInfo
17325
17326var DSAPrivateKey = asn1.define('DSAPrivateKey', function () {
17327 this.seq().obj(
17328 this.key('version').int(),
17329 this.key('p').int(),
17330 this.key('q').int(),
17331 this.key('g').int(),
17332 this.key('pub_key').int(),
17333 this.key('priv_key').int()
17334 )
17335})
17336exports.DSAPrivateKey = DSAPrivateKey
17337
17338exports.DSAparam = asn1.define('DSAparam', function () {
17339 this.int()
17340})
17341
17342var ECPrivateKey = asn1.define('ECPrivateKey', function () {
17343 this.seq().obj(
17344 this.key('version').int(),
17345 this.key('privateKey').octstr(),
17346 this.key('parameters').optional().explicit(0).use(ECParameters),
17347 this.key('publicKey').optional().explicit(1).bitstr()
17348 )
17349})
17350exports.ECPrivateKey = ECPrivateKey
17351
17352var ECParameters = asn1.define('ECParameters', function () {
17353 this.choice({
17354 namedCurve: this.objid()
17355 })
17356})
17357
17358exports.signature = asn1.define('signature', function () {
17359 this.seq().obj(
17360 this.key('r').int(),
17361 this.key('s').int()
17362 )
17363})
17364
17365},{"./certificate":103,"asn1.js":1}],103:[function(require,module,exports){
17366// from https://github.com/Rantanen/node-dtls/blob/25a7dc861bda38cfeac93a723500eea4f0ac2e86/Certificate.js
17367// thanks to @Rantanen
17368
17369'use strict'
17370
17371var asn = require('asn1.js')
17372
17373var Time = asn.define('Time', function () {
17374 this.choice({
17375 utcTime: this.utctime(),
17376 generalTime: this.gentime()
17377 })
17378})
17379
17380var AttributeTypeValue = asn.define('AttributeTypeValue', function () {
17381 this.seq().obj(
17382 this.key('type').objid(),
17383 this.key('value').any()
17384 )
17385})
17386
17387var AlgorithmIdentifier = asn.define('AlgorithmIdentifier', function () {
17388 this.seq().obj(
17389 this.key('algorithm').objid(),
17390 this.key('parameters').optional()
17391 )
17392})
17393
17394var SubjectPublicKeyInfo = asn.define('SubjectPublicKeyInfo', function () {
17395 this.seq().obj(
17396 this.key('algorithm').use(AlgorithmIdentifier),
17397 this.key('subjectPublicKey').bitstr()
17398 )
17399})
17400
17401var RelativeDistinguishedName = asn.define('RelativeDistinguishedName', function () {
17402 this.setof(AttributeTypeValue)
17403})
17404
17405var RDNSequence = asn.define('RDNSequence', function () {
17406 this.seqof(RelativeDistinguishedName)
17407})
17408
17409var Name = asn.define('Name', function () {
17410 this.choice({
17411 rdnSequence: this.use(RDNSequence)
17412 })
17413})
17414
17415var Validity = asn.define('Validity', function () {
17416 this.seq().obj(
17417 this.key('notBefore').use(Time),
17418 this.key('notAfter').use(Time)
17419 )
17420})
17421
17422var Extension = asn.define('Extension', function () {
17423 this.seq().obj(
17424 this.key('extnID').objid(),
17425 this.key('critical').bool().def(false),
17426 this.key('extnValue').octstr()
17427 )
17428})
17429
17430var TBSCertificate = asn.define('TBSCertificate', function () {
17431 this.seq().obj(
17432 this.key('version').explicit(0).int(),
17433 this.key('serialNumber').int(),
17434 this.key('signature').use(AlgorithmIdentifier),
17435 this.key('issuer').use(Name),
17436 this.key('validity').use(Validity),
17437 this.key('subject').use(Name),
17438 this.key('subjectPublicKeyInfo').use(SubjectPublicKeyInfo),
17439 this.key('issuerUniqueID').implicit(1).bitstr().optional(),
17440 this.key('subjectUniqueID').implicit(2).bitstr().optional(),
17441 this.key('extensions').explicit(3).seqof(Extension).optional()
17442 )
17443})
17444
17445var X509Certificate = asn.define('X509Certificate', function () {
17446 this.seq().obj(
17447 this.key('tbsCertificate').use(TBSCertificate),
17448 this.key('signatureAlgorithm').use(AlgorithmIdentifier),
17449 this.key('signatureValue').bitstr()
17450 )
17451})
17452
17453module.exports = X509Certificate
17454
17455},{"asn1.js":1}],104:[function(require,module,exports){
17456(function (Buffer){
17457// adapted from https://github.com/apatil/pemstrip
17458var findProc = /Proc-Type: 4,ENCRYPTED\n\r?DEK-Info: AES-((?:128)|(?:192)|(?:256))-CBC,([0-9A-H]+)\n\r?\n\r?([0-9A-z\n\r\+\/\=]+)\n\r?/m
17459var startRegex = /^-----BEGIN ((?:.* KEY)|CERTIFICATE)-----\n/m
17460var fullRegex = /^-----BEGIN ((?:.* KEY)|CERTIFICATE)-----\n\r?([0-9A-z\n\r\+\/\=]+)\n\r?-----END \1-----$/m
17461var evp = require('evp_bytestokey')
17462var ciphers = require('browserify-aes')
17463module.exports = function (okey, password) {
17464 var key = okey.toString()
17465 var match = key.match(findProc)
17466 var decrypted
17467 if (!match) {
17468 var match2 = key.match(fullRegex)
17469 decrypted = new Buffer(match2[2].replace(/\r?\n/g, ''), 'base64')
17470 } else {
17471 var suite = 'aes' + match[1]
17472 var iv = new Buffer(match[2], 'hex')
17473 var cipherText = new Buffer(match[3].replace(/\r?\n/g, ''), 'base64')
17474 var cipherKey = evp(password, iv.slice(0, 8), parseInt(match[1], 10)).key
17475 var out = []
17476 var cipher = ciphers.createDecipheriv(suite, cipherKey, iv)
17477 out.push(cipher.update(cipherText))
17478 out.push(cipher.final())
17479 decrypted = Buffer.concat(out)
17480 }
17481 var tag = key.match(startRegex)[1]
17482 return {
17483 tag: tag,
17484 data: decrypted
17485 }
17486}
17487
17488}).call(this,require("buffer").Buffer)
17489},{"browserify-aes":22,"buffer":47,"evp_bytestokey":84}],105:[function(require,module,exports){
17490(function (Buffer){
17491var asn1 = require('./asn1')
17492var aesid = require('./aesid.json')
17493var fixProc = require('./fixProc')
17494var ciphers = require('browserify-aes')
17495var compat = require('pbkdf2')
17496module.exports = parseKeys
17497
17498function parseKeys (buffer) {
17499 var password
17500 if (typeof buffer === 'object' && !Buffer.isBuffer(buffer)) {
17501 password = buffer.passphrase
17502 buffer = buffer.key
17503 }
17504 if (typeof buffer === 'string') {
17505 buffer = new Buffer(buffer)
17506 }
17507
17508 var stripped = fixProc(buffer, password)
17509
17510 var type = stripped.tag
17511 var data = stripped.data
17512 var subtype, ndata
17513 switch (type) {
17514 case 'CERTIFICATE':
17515 ndata = asn1.certificate.decode(data, 'der').tbsCertificate.subjectPublicKeyInfo
17516 // falls through
17517 case 'PUBLIC KEY':
17518 if (!ndata) {
17519 ndata = asn1.PublicKey.decode(data, 'der')
17520 }
17521 subtype = ndata.algorithm.algorithm.join('.')
17522 switch (subtype) {
17523 case '1.2.840.113549.1.1.1':
17524 return asn1.RSAPublicKey.decode(ndata.subjectPublicKey.data, 'der')
17525 case '1.2.840.10045.2.1':
17526 ndata.subjectPrivateKey = ndata.subjectPublicKey
17527 return {
17528 type: 'ec',
17529 data: ndata
17530 }
17531 case '1.2.840.10040.4.1':
17532 ndata.algorithm.params.pub_key = asn1.DSAparam.decode(ndata.subjectPublicKey.data, 'der')
17533 return {
17534 type: 'dsa',
17535 data: ndata.algorithm.params
17536 }
17537 default: throw new Error('unknown key id ' + subtype)
17538 }
17539 throw new Error('unknown key type ' + type)
17540 case 'ENCRYPTED PRIVATE KEY':
17541 data = asn1.EncryptedPrivateKey.decode(data, 'der')
17542 data = decrypt(data, password)
17543 // falls through
17544 case 'PRIVATE KEY':
17545 ndata = asn1.PrivateKey.decode(data, 'der')
17546 subtype = ndata.algorithm.algorithm.join('.')
17547 switch (subtype) {
17548 case '1.2.840.113549.1.1.1':
17549 return asn1.RSAPrivateKey.decode(ndata.subjectPrivateKey, 'der')
17550 case '1.2.840.10045.2.1':
17551 return {
17552 curve: ndata.algorithm.curve,
17553 privateKey: asn1.ECPrivateKey.decode(ndata.subjectPrivateKey, 'der').privateKey
17554 }
17555 case '1.2.840.10040.4.1':
17556 ndata.algorithm.params.priv_key = asn1.DSAparam.decode(ndata.subjectPrivateKey, 'der')
17557 return {
17558 type: 'dsa',
17559 params: ndata.algorithm.params
17560 }
17561 default: throw new Error('unknown key id ' + subtype)
17562 }
17563 throw new Error('unknown key type ' + type)
17564 case 'RSA PUBLIC KEY':
17565 return asn1.RSAPublicKey.decode(data, 'der')
17566 case 'RSA PRIVATE KEY':
17567 return asn1.RSAPrivateKey.decode(data, 'der')
17568 case 'DSA PRIVATE KEY':
17569 return {
17570 type: 'dsa',
17571 params: asn1.DSAPrivateKey.decode(data, 'der')
17572 }
17573 case 'EC PRIVATE KEY':
17574 data = asn1.ECPrivateKey.decode(data, 'der')
17575 return {
17576 curve: data.parameters.value,
17577 privateKey: data.privateKey
17578 }
17579 default: throw new Error('unknown key type ' + type)
17580 }
17581}
17582parseKeys.signature = asn1.signature
17583function decrypt (data, password) {
17584 var salt = data.algorithm.decrypt.kde.kdeparams.salt
17585 var iters = parseInt(data.algorithm.decrypt.kde.kdeparams.iters.toString(), 10)
17586 var algo = aesid[data.algorithm.decrypt.cipher.algo.join('.')]
17587 var iv = data.algorithm.decrypt.cipher.iv
17588 var cipherText = data.subjectPrivateKey
17589 var keylen = parseInt(algo.split('-')[1], 10) / 8
17590 var key = compat.pbkdf2Sync(password, salt, iters, keylen)
17591 var cipher = ciphers.createDecipheriv(algo, key, iv)
17592 var out = []
17593 out.push(cipher.update(cipherText))
17594 out.push(cipher.final())
17595 return Buffer.concat(out)
17596}
17597
17598}).call(this,require("buffer").Buffer)
17599},{"./aesid.json":101,"./asn1":102,"./fixProc":104,"browserify-aes":22,"buffer":47,"pbkdf2":106}],106:[function(require,module,exports){
17600
17601exports.pbkdf2 = require('./lib/async')
17602
17603exports.pbkdf2Sync = require('./lib/sync')
17604
17605},{"./lib/async":107,"./lib/sync":110}],107:[function(require,module,exports){
17606(function (process,global){
17607var checkParameters = require('./precondition')
17608var defaultEncoding = require('./default-encoding')
17609var sync = require('./sync')
17610var Buffer = require('safe-buffer').Buffer
17611
17612var ZERO_BUF
17613var subtle = global.crypto && global.crypto.subtle
17614var toBrowser = {
17615 'sha': 'SHA-1',
17616 'sha-1': 'SHA-1',
17617 'sha1': 'SHA-1',
17618 'sha256': 'SHA-256',
17619 'sha-256': 'SHA-256',
17620 'sha384': 'SHA-384',
17621 'sha-384': 'SHA-384',
17622 'sha-512': 'SHA-512',
17623 'sha512': 'SHA-512'
17624}
17625var checks = []
17626function checkNative (algo) {
17627 if (global.process && !global.process.browser) {
17628 return Promise.resolve(false)
17629 }
17630 if (!subtle || !subtle.importKey || !subtle.deriveBits) {
17631 return Promise.resolve(false)
17632 }
17633 if (checks[algo] !== undefined) {
17634 return checks[algo]
17635 }
17636 ZERO_BUF = ZERO_BUF || Buffer.alloc(8)
17637 var prom = browserPbkdf2(ZERO_BUF, ZERO_BUF, 10, 128, algo)
17638 .then(function () {
17639 return true
17640 }).catch(function () {
17641 return false
17642 })
17643 checks[algo] = prom
17644 return prom
17645}
17646function browserPbkdf2 (password, salt, iterations, length, algo) {
17647 return subtle.importKey(
17648 'raw', password, {name: 'PBKDF2'}, false, ['deriveBits']
17649 ).then(function (key) {
17650 return subtle.deriveBits({
17651 name: 'PBKDF2',
17652 salt: salt,
17653 iterations: iterations,
17654 hash: {
17655 name: algo
17656 }
17657 }, key, length << 3)
17658 }).then(function (res) {
17659 return Buffer.from(res)
17660 })
17661}
17662function resolvePromise (promise, callback) {
17663 promise.then(function (out) {
17664 process.nextTick(function () {
17665 callback(null, out)
17666 })
17667 }, function (e) {
17668 process.nextTick(function () {
17669 callback(e)
17670 })
17671 })
17672}
17673module.exports = function (password, salt, iterations, keylen, digest, callback) {
17674 if (!Buffer.isBuffer(password)) password = Buffer.from(password, defaultEncoding)
17675 if (!Buffer.isBuffer(salt)) salt = Buffer.from(salt, defaultEncoding)
17676
17677 checkParameters(iterations, keylen)
17678 if (typeof digest === 'function') {
17679 callback = digest
17680 digest = undefined
17681 }
17682 if (typeof callback !== 'function') throw new Error('No callback provided to pbkdf2')
17683
17684 digest = digest || 'sha1'
17685 var algo = toBrowser[digest.toLowerCase()]
17686 if (!algo || typeof global.Promise !== 'function') {
17687 return process.nextTick(function () {
17688 var out
17689 try {
17690 out = sync(password, salt, iterations, keylen, digest)
17691 } catch (e) {
17692 return callback(e)
17693 }
17694 callback(null, out)
17695 })
17696 }
17697 resolvePromise(checkNative(algo).then(function (resp) {
17698 if (resp) {
17699 return browserPbkdf2(password, salt, iterations, keylen, algo)
17700 } else {
17701 return sync(password, salt, iterations, keylen, digest)
17702 }
17703 }), callback)
17704}
17705
17706}).call(this,require('_process'),typeof global !== "undefined" ? global : typeof self !== "undefined" ? self : typeof window !== "undefined" ? window : {})
17707},{"./default-encoding":108,"./precondition":109,"./sync":110,"_process":112,"safe-buffer":134}],108:[function(require,module,exports){
17708(function (process){
17709var defaultEncoding
17710/* istanbul ignore next */
17711if (process.browser) {
17712 defaultEncoding = 'utf-8'
17713} else {
17714 var pVersionMajor = parseInt(process.version.split('.')[0].slice(1), 10)
17715
17716 defaultEncoding = pVersionMajor >= 6 ? 'utf-8' : 'binary'
17717}
17718module.exports = defaultEncoding
17719
17720}).call(this,require('_process'))
17721},{"_process":112}],109:[function(require,module,exports){
17722var MAX_ALLOC = Math.pow(2, 30) - 1 // default in iojs
17723module.exports = function (iterations, keylen) {
17724 if (typeof iterations !== 'number') {
17725 throw new TypeError('Iterations not a number')
17726 }
17727
17728 if (iterations < 0) {
17729 throw new TypeError('Bad iterations')
17730 }
17731
17732 if (typeof keylen !== 'number') {
17733 throw new TypeError('Key length not a number')
17734 }
17735
17736 if (keylen < 0 || keylen > MAX_ALLOC || keylen !== keylen) { /* eslint no-self-compare: 0 */
17737 throw new TypeError('Bad key length')
17738 }
17739}
17740
17741},{}],110:[function(require,module,exports){
17742var md5 = require('create-hash/md5')
17743var rmd160 = require('ripemd160')
17744var sha = require('sha.js')
17745
17746var checkParameters = require('./precondition')
17747var defaultEncoding = require('./default-encoding')
17748var Buffer = require('safe-buffer').Buffer
17749var ZEROS = Buffer.alloc(128)
17750var sizes = {
17751 md5: 16,
17752 sha1: 20,
17753 sha224: 28,
17754 sha256: 32,
17755 sha384: 48,
17756 sha512: 64,
17757 rmd160: 20,
17758 ripemd160: 20
17759}
17760function Hmac (alg, key, saltLen) {
17761 var hash = getDigest(alg)
17762 var blocksize = (alg === 'sha512' || alg === 'sha384') ? 128 : 64
17763
17764 if (key.length > blocksize) {
17765 key = hash(key)
17766 } else if (key.length < blocksize) {
17767 key = Buffer.concat([key, ZEROS], blocksize)
17768 }
17769
17770 var ipad = Buffer.allocUnsafe(blocksize + sizes[alg])
17771 var opad = Buffer.allocUnsafe(blocksize + sizes[alg])
17772 for (var i = 0; i < blocksize; i++) {
17773 ipad[i] = key[i] ^ 0x36
17774 opad[i] = key[i] ^ 0x5C
17775 }
17776
17777 var ipad1 = Buffer.allocUnsafe(blocksize + saltLen + 4)
17778 ipad.copy(ipad1, 0, 0, blocksize)
17779 this.ipad1 = ipad1
17780 this.ipad2 = ipad
17781 this.opad = opad
17782 this.alg = alg
17783 this.blocksize = blocksize
17784 this.hash = hash
17785 this.size = sizes[alg]
17786}
17787
17788Hmac.prototype.run = function (data, ipad) {
17789 data.copy(ipad, this.blocksize)
17790 var h = this.hash(ipad)
17791 h.copy(this.opad, this.blocksize)
17792 return this.hash(this.opad)
17793}
17794
17795function getDigest (alg) {
17796 if (alg === 'rmd160' || alg === 'ripemd160') return rmd160
17797 if (alg === 'md5') return md5
17798 return shaFunc
17799
17800 function shaFunc (data) {
17801 return sha(alg).update(data).digest()
17802 }
17803}
17804
17805module.exports = function (password, salt, iterations, keylen, digest) {
17806 if (!Buffer.isBuffer(password)) password = Buffer.from(password, defaultEncoding)
17807 if (!Buffer.isBuffer(salt)) salt = Buffer.from(salt, defaultEncoding)
17808
17809 checkParameters(iterations, keylen)
17810
17811 digest = digest || 'sha1'
17812
17813 var hmac = new Hmac(digest, password, salt.length)
17814
17815 var DK = Buffer.allocUnsafe(keylen)
17816 var block1 = Buffer.allocUnsafe(salt.length + 4)
17817 salt.copy(block1, 0, 0, salt.length)
17818
17819 var U, j, destPos, len
17820
17821 var hLen = hmac.size
17822 var T = Buffer.allocUnsafe(hLen)
17823 var l = Math.ceil(keylen / hLen)
17824 var r = keylen - (l - 1) * hLen
17825
17826 for (var i = 1; i <= l; i++) {
17827 block1.writeUInt32BE(i, salt.length)
17828 U = hmac.run(block1, hmac.ipad1)
17829
17830 U.copy(T, 0, 0, hLen)
17831
17832 for (j = 1; j < iterations; j++) {
17833 U = hmac.run(U, hmac.ipad2)
17834 for (var k = 0; k < hLen; k++) T[k] ^= U[k]
17835 }
17836
17837 destPos = (i - 1) * hLen
17838 len = (i === l ? r : hLen)
17839 T.copy(DK, destPos, 0, len)
17840 }
17841
17842 return DK
17843}
17844
17845},{"./default-encoding":108,"./precondition":109,"create-hash/md5":53,"ripemd160":133,"safe-buffer":134,"sha.js":136}],111:[function(require,module,exports){
17846(function (process){
17847'use strict';
17848
17849if (!process.version ||
17850 process.version.indexOf('v0.') === 0 ||
17851 process.version.indexOf('v1.') === 0 && process.version.indexOf('v1.8.') !== 0) {
17852 module.exports = nextTick;
17853} else {
17854 module.exports = process.nextTick;
17855}
17856
17857function nextTick(fn, arg1, arg2, arg3) {
17858 if (typeof fn !== 'function') {
17859 throw new TypeError('"callback" argument must be a function');
17860 }
17861 var len = arguments.length;
17862 var args, i;
17863 switch (len) {
17864 case 0:
17865 case 1:
17866 return process.nextTick(fn);
17867 case 2:
17868 return process.nextTick(function afterTickOne() {
17869 fn.call(null, arg1);
17870 });
17871 case 3:
17872 return process.nextTick(function afterTickTwo() {
17873 fn.call(null, arg1, arg2);
17874 });
17875 case 4:
17876 return process.nextTick(function afterTickThree() {
17877 fn.call(null, arg1, arg2, arg3);
17878 });
17879 default:
17880 args = new Array(len - 1);
17881 i = 0;
17882 while (i < args.length) {
17883 args[i++] = arguments[i];
17884 }
17885 return process.nextTick(function afterTick() {
17886 fn.apply(null, args);
17887 });
17888 }
17889}
17890
17891}).call(this,require('_process'))
17892},{"_process":112}],112:[function(require,module,exports){
17893// shim for using process in browser
17894var process = module.exports = {};
17895
17896// cached from whatever global is present so that test runners that stub it
17897// don't break things. But we need to wrap it in a try catch in case it is
17898// wrapped in strict mode code which doesn't define any globals. It's inside a
17899// function because try/catches deoptimize in certain engines.
17900
17901var cachedSetTimeout;
17902var cachedClearTimeout;
17903
17904function defaultSetTimout() {
17905 throw new Error('setTimeout has not been defined');
17906}
17907function defaultClearTimeout () {
17908 throw new Error('clearTimeout has not been defined');
17909}
17910(function () {
17911 try {
17912 if (typeof setTimeout === 'function') {
17913 cachedSetTimeout = setTimeout;
17914 } else {
17915 cachedSetTimeout = defaultSetTimout;
17916 }
17917 } catch (e) {
17918 cachedSetTimeout = defaultSetTimout;
17919 }
17920 try {
17921 if (typeof clearTimeout === 'function') {
17922 cachedClearTimeout = clearTimeout;
17923 } else {
17924 cachedClearTimeout = defaultClearTimeout;
17925 }
17926 } catch (e) {
17927 cachedClearTimeout = defaultClearTimeout;
17928 }
17929} ())
17930function runTimeout(fun) {
17931 if (cachedSetTimeout === setTimeout) {
17932 //normal enviroments in sane situations
17933 return setTimeout(fun, 0);
17934 }
17935 // if setTimeout wasn't available but was latter defined
17936 if ((cachedSetTimeout === defaultSetTimout || !cachedSetTimeout) && setTimeout) {
17937 cachedSetTimeout = setTimeout;
17938 return setTimeout(fun, 0);
17939 }
17940 try {
17941 // when when somebody has screwed with setTimeout but no I.E. maddness
17942 return cachedSetTimeout(fun, 0);
17943 } catch(e){
17944 try {
17945 // When we are in I.E. but the script has been evaled so I.E. doesn't trust the global object when called normally
17946 return cachedSetTimeout.call(null, fun, 0);
17947 } catch(e){
17948 // same as above but when it's a version of I.E. that must have the global object for 'this', hopfully our context correct otherwise it will throw a global error
17949 return cachedSetTimeout.call(this, fun, 0);
17950 }
17951 }
17952
17953
17954}
17955function runClearTimeout(marker) {
17956 if (cachedClearTimeout === clearTimeout) {
17957 //normal enviroments in sane situations
17958 return clearTimeout(marker);
17959 }
17960 // if clearTimeout wasn't available but was latter defined
17961 if ((cachedClearTimeout === defaultClearTimeout || !cachedClearTimeout) && clearTimeout) {
17962 cachedClearTimeout = clearTimeout;
17963 return clearTimeout(marker);
17964 }
17965 try {
17966 // when when somebody has screwed with setTimeout but no I.E. maddness
17967 return cachedClearTimeout(marker);
17968 } catch (e){
17969 try {
17970 // When we are in I.E. but the script has been evaled so I.E. doesn't trust the global object when called normally
17971 return cachedClearTimeout.call(null, marker);
17972 } catch (e){
17973 // same as above but when it's a version of I.E. that must have the global object for 'this', hopfully our context correct otherwise it will throw a global error.
17974 // Some versions of I.E. have different rules for clearTimeout vs setTimeout
17975 return cachedClearTimeout.call(this, marker);
17976 }
17977 }
17978
17979
17980
17981}
17982var queue = [];
17983var draining = false;
17984var currentQueue;
17985var queueIndex = -1;
17986
17987function cleanUpNextTick() {
17988 if (!draining || !currentQueue) {
17989 return;
17990 }
17991 draining = false;
17992 if (currentQueue.length) {
17993 queue = currentQueue.concat(queue);
17994 } else {
17995 queueIndex = -1;
17996 }
17997 if (queue.length) {
17998 drainQueue();
17999 }
18000}
18001
18002function drainQueue() {
18003 if (draining) {
18004 return;
18005 }
18006 var timeout = runTimeout(cleanUpNextTick);
18007 draining = true;
18008
18009 var len = queue.length;
18010 while(len) {
18011 currentQueue = queue;
18012 queue = [];
18013 while (++queueIndex < len) {
18014 if (currentQueue) {
18015 currentQueue[queueIndex].run();
18016 }
18017 }
18018 queueIndex = -1;
18019 len = queue.length;
18020 }
18021 currentQueue = null;
18022 draining = false;
18023 runClearTimeout(timeout);
18024}
18025
18026process.nextTick = function (fun) {
18027 var args = new Array(arguments.length - 1);
18028 if (arguments.length > 1) {
18029 for (var i = 1; i < arguments.length; i++) {
18030 args[i - 1] = arguments[i];
18031 }
18032 }
18033 queue.push(new Item(fun, args));
18034 if (queue.length === 1 && !draining) {
18035 runTimeout(drainQueue);
18036 }
18037};
18038
18039// v8 likes predictible objects
18040function Item(fun, array) {
18041 this.fun = fun;
18042 this.array = array;
18043}
18044Item.prototype.run = function () {
18045 this.fun.apply(null, this.array);
18046};
18047process.title = 'browser';
18048process.browser = true;
18049process.env = {};
18050process.argv = [];
18051process.version = ''; // empty string to avoid regexp issues
18052process.versions = {};
18053
18054function noop() {}
18055
18056process.on = noop;
18057process.addListener = noop;
18058process.once = noop;
18059process.off = noop;
18060process.removeListener = noop;
18061process.removeAllListeners = noop;
18062process.emit = noop;
18063process.prependListener = noop;
18064process.prependOnceListener = noop;
18065
18066process.listeners = function (name) { return [] }
18067
18068process.binding = function (name) {
18069 throw new Error('process.binding is not supported');
18070};
18071
18072process.cwd = function () { return '/' };
18073process.chdir = function (dir) {
18074 throw new Error('process.chdir is not supported');
18075};
18076process.umask = function() { return 0; };
18077
18078},{}],113:[function(require,module,exports){
18079exports.publicEncrypt = require('./publicEncrypt');
18080exports.privateDecrypt = require('./privateDecrypt');
18081
18082exports.privateEncrypt = function privateEncrypt(key, buf) {
18083 return exports.publicEncrypt(key, buf, true);
18084};
18085
18086exports.publicDecrypt = function publicDecrypt(key, buf) {
18087 return exports.privateDecrypt(key, buf, true);
18088};
18089},{"./privateDecrypt":115,"./publicEncrypt":116}],114:[function(require,module,exports){
18090(function (Buffer){
18091var createHash = require('create-hash');
18092module.exports = function (seed, len) {
18093 var t = new Buffer('');
18094 var i = 0, c;
18095 while (t.length < len) {
18096 c = i2ops(i++);
18097 t = Buffer.concat([t, createHash('sha1').update(seed).update(c).digest()]);
18098 }
18099 return t.slice(0, len);
18100};
18101
18102function i2ops(c) {
18103 var out = new Buffer(4);
18104 out.writeUInt32BE(c,0);
18105 return out;
18106}
18107}).call(this,require("buffer").Buffer)
18108},{"buffer":47,"create-hash":51}],115:[function(require,module,exports){
18109(function (Buffer){
18110var parseKeys = require('parse-asn1');
18111var mgf = require('./mgf');
18112var xor = require('./xor');
18113var bn = require('bn.js');
18114var crt = require('browserify-rsa');
18115var createHash = require('create-hash');
18116var withPublic = require('./withPublic');
18117module.exports = function privateDecrypt(private_key, enc, reverse) {
18118 var padding;
18119 if (private_key.padding) {
18120 padding = private_key.padding;
18121 } else if (reverse) {
18122 padding = 1;
18123 } else {
18124 padding = 4;
18125 }
5b689bd6 18126
0f0a888e
IC		 18127 var key = parseKeys(private_key);
18128 var k = key.modulus.byteLength();
18129 if (enc.length > k || new bn(enc).cmp(key.modulus) >= 0) {
18130 throw new Error('decryption error');
18131 }
18132 var msg;
18133 if (reverse) {
18134 msg = withPublic(new bn(enc), key);
18135 } else {
18136 msg = crt(enc, key);
18137 }
18138 var zBuffer = new Buffer(k - msg.length);
18139 zBuffer.fill(0);
18140 msg = Buffer.concat([zBuffer, msg], k);
18141 if (padding === 4) {
18142 return oaep(key, msg);
18143 } else if (padding === 1) {
18144 return pkcs1(key, msg, reverse);
18145 } else if (padding === 3) {
18146 return msg;
18147 } else {
18148 throw new Error('unknown padding');
18149 }
18150};
18151
18152function oaep(key, msg){
18153 var n = key.modulus;
18154 var k = key.modulus.byteLength();
18155 var mLen = msg.length;
18156 var iHash = createHash('sha1').update(new Buffer('')).digest();
18157 var hLen = iHash.length;
18158 var hLen2 = 2 * hLen;
18159 if (msg[0] !== 0) {
18160 throw new Error('decryption error');
18161 }
18162 var maskedSeed = msg.slice(1, hLen + 1);
18163 var maskedDb = msg.slice(hLen + 1);
18164 var seed = xor(maskedSeed, mgf(maskedDb, hLen));
18165 var db = xor(maskedDb, mgf(seed, k - hLen - 1));
18166 if (compare(iHash, db.slice(0, hLen))) {
18167 throw new Error('decryption error');
18168 }
18169 var i = hLen;
18170 while (db[i] === 0) {
18171 i++;
18172 }
18173 if (db[i++] !== 1) {
18174 throw new Error('decryption error');
18175 }
18176 return db.slice(i);
18177}
18178
18179function pkcs1(key, msg, reverse){
18180 var p1 = msg.slice(0, 2);
18181 var i = 2;
18182 var status = 0;
18183 while (msg[i++] !== 0) {
18184 if (i >= msg.length) {
18185 status++;
18186 break;
18187 }
18188 }
18189 var ps = msg.slice(2, i - 1);
18190 var p2 = msg.slice(i - 1, i);
18191
18192 if ((p1.toString('hex') !== '0002' && !reverse) || (p1.toString('hex') !== '0001' && reverse)){
18193 status++;
18194 }
18195 if (ps.length < 8) {
18196 status++;
18197 }
18198 if (status) {
18199 throw new Error('decryption error');
18200 }
18201 return msg.slice(i);
18202}
18203function compare(a, b){
18204 a = new Buffer(a);
18205 b = new Buffer(b);
18206 var dif = 0;
18207 var len = a.length;
18208 if (a.length !== b.length) {
18209 dif++;
18210 len = Math.min(a.length, b.length);
18211 }
18212 var i = -1;
18213 while (++i < len) {
18214 dif += (a[i] ^ b[i]);
18215 }
18216 return dif;
18217}
18218}).call(this,require("buffer").Buffer)
18219},{"./mgf":114,"./withPublic":117,"./xor":118,"bn.js":17,"browserify-rsa":38,"buffer":47,"create-hash":51,"parse-asn1":105}],116:[function(require,module,exports){
18220(function (Buffer){
18221var parseKeys = require('parse-asn1');
18222var randomBytes = require('randombytes');
18223var createHash = require('create-hash');
18224var mgf = require('./mgf');
18225var xor = require('./xor');
18226var bn = require('bn.js');
18227var withPublic = require('./withPublic');
18228var crt = require('browserify-rsa');
18229
18230var constants = {
18231 RSA_PKCS1_OAEP_PADDING: 4,
18232 RSA_PKCS1_PADDIN: 1,
18233 RSA_NO_PADDING: 3
18234};
18235
18236module.exports = function publicEncrypt(public_key, msg, reverse) {
18237 var padding;
18238 if (public_key.padding) {
18239 padding = public_key.padding;
18240 } else if (reverse) {
18241 padding = 1;
18242 } else {
18243 padding = 4;
18244 }
18245 var key = parseKeys(public_key);
18246 var paddedMsg;
18247 if (padding === 4) {
18248 paddedMsg = oaep(key, msg);
18249 } else if (padding === 1) {
18250 paddedMsg = pkcs1(key, msg, reverse);
18251 } else if (padding === 3) {
18252 paddedMsg = new bn(msg);
18253 if (paddedMsg.cmp(key.modulus) >= 0) {
18254 throw new Error('data too long for modulus');
18255 }
18256 } else {
18257 throw new Error('unknown padding');
18258 }
18259 if (reverse) {
18260 return crt(paddedMsg, key);
18261 } else {
18262 return withPublic(paddedMsg, key);
18263 }
18264};
18265
18266function oaep(key, msg){
18267 var k = key.modulus.byteLength();
18268 var mLen = msg.length;
18269 var iHash = createHash('sha1').update(new Buffer('')).digest();
18270 var hLen = iHash.length;
18271 var hLen2 = 2 * hLen;
18272 if (mLen > k - hLen2 - 2) {
18273 throw new Error('message too long');
18274 }
18275 var ps = new Buffer(k - mLen - hLen2 - 2);
18276 ps.fill(0);
18277 var dblen = k - hLen - 1;
18278 var seed = randomBytes(hLen);
18279 var maskedDb = xor(Buffer.concat([iHash, ps, new Buffer([1]), msg], dblen), mgf(seed, dblen));
18280 var maskedSeed = xor(seed, mgf(maskedDb, hLen));
18281 return new bn(Buffer.concat([new Buffer([0]), maskedSeed, maskedDb], k));
18282}
18283function pkcs1(key, msg, reverse){
18284 var mLen = msg.length;
18285 var k = key.modulus.byteLength();
18286 if (mLen > k - 11) {
18287 throw new Error('message too long');
18288 }
18289 var ps;
18290 if (reverse) {
18291 ps = new Buffer(k - mLen - 3);
18292 ps.fill(0xff);
18293 } else {
18294 ps = nonZero(k - mLen - 3);
18295 }
18296 return new bn(Buffer.concat([new Buffer([0, reverse?1:2]), ps, new Buffer([0]), msg], k));
18297}
18298function nonZero(len, crypto) {
18299 var out = new Buffer(len);
18300 var i = 0;
18301 var cache = randomBytes(len*2);
18302 var cur = 0;
18303 var num;
18304 while (i < len) {
18305 if (cur === cache.length) {
18306 cache = randomBytes(len*2);
18307 cur = 0;
18308 }
18309 num = cache[cur++];
18310 if (num) {
18311 out[i++] = num;
18312 }
18313 }
18314 return out;
18315}
18316}).call(this,require("buffer").Buffer)
18317},{"./mgf":114,"./withPublic":117,"./xor":118,"bn.js":17,"browserify-rsa":38,"buffer":47,"create-hash":51,"parse-asn1":105,"randombytes":119}],117:[function(require,module,exports){
18318(function (Buffer){
18319var bn = require('bn.js');
18320function withPublic(paddedMsg, key) {
18321 return new Buffer(paddedMsg
18322 .toRed(bn.mont(key.modulus))
18323 .redPow(new bn(key.publicExponent))
18324 .fromRed()
18325 .toArray());
18326}
18327
18328module.exports = withPublic;
18329}).call(this,require("buffer").Buffer)
18330},{"bn.js":17,"buffer":47}],118:[function(require,module,exports){
18331module.exports = function xor(a, b) {
18332 var len = a.length;
18333 var i = -1;
18334 while (++i < len) {
18335 a[i] ^= b[i];
18336 }
18337 return a
18338};
18339},{}],119:[function(require,module,exports){
18340(function (process,global,Buffer){
18341'use strict'
18342
18343function oldBrowser () {
18344 throw new Error('secure random number generation not supported by this browser\nuse chrome, FireFox or Internet Explorer 11')
18345}
18346
18347var crypto = global.crypto || global.msCrypto
18348
18349if (crypto && crypto.getRandomValues) {
18350 module.exports = randomBytes
18351} else {
18352 module.exports = oldBrowser
18353}
18354
18355function randomBytes (size, cb) {
18356 // phantomjs needs to throw
18357 if (size > 65536) throw new Error('requested too many random bytes')
18358 // in case browserify isn't using the Uint8Array version
18359 var rawBytes = new global.Uint8Array(size)
18360
18361 // This will not work in older browsers.
18362 // See https://developer.mozilla.org/en-US/docs/Web/API/window.crypto.getRandomValues
18363 if (size > 0) { // getRandomValues fails on IE if size == 0
18364 crypto.getRandomValues(rawBytes)
18365 }
18366 // phantomjs doesn't like a buffer being passed here
18367 var bytes = new Buffer(rawBytes.buffer)
18368
18369 if (typeof cb === 'function') {
18370 return process.nextTick(function () {
18371 cb(null, bytes)
18372 })
18373 }
18374
18375 return bytes
18376}
18377
18378}).call(this,require('_process'),typeof global !== "undefined" ? global : typeof self !== "undefined" ? self : typeof window !== "undefined" ? window : {},require("buffer").Buffer)
18379},{"_process":112,"buffer":47}],120:[function(require,module,exports){
18380module.exports = require('./lib/_stream_duplex.js');
18381
18382},{"./lib/_stream_duplex.js":121}],121:[function(require,module,exports){
18383// a duplex stream is just a stream that is both readable and writable.
18384// Since JS doesn't have multiple prototypal inheritance, this class
18385// prototypally inherits from Readable, and then parasitically from
18386// Writable.
18387
18388'use strict';
18389
18390/*<replacement>*/
18391
18392var objectKeys = Object.keys || function (obj) {
18393 var keys = [];
18394 for (var key in obj) {
18395 keys.push(key);
18396 }return keys;
18397};
18398/*</replacement>*/
18399
18400module.exports = Duplex;
18401
18402/*<replacement>*/
18403var processNextTick = require('process-nextick-args');
18404/*</replacement>*/
18405
18406/*<replacement>*/
18407var util = require('core-util-is');
18408util.inherits = require('inherits');
18409/*</replacement>*/
18410
18411var Readable = require('./_stream_readable');
18412var Writable = require('./_stream_writable');
18413
18414util.inherits(Duplex, Readable);
18415
18416var keys = objectKeys(Writable.prototype);
18417for (var v = 0; v < keys.length; v++) {
18418 var method = keys[v];
18419 if (!Duplex.prototype[method]) Duplex.prototype[method] = Writable.prototype[method];
18420}
18421
18422function Duplex(options) {
18423 if (!(this instanceof Duplex)) return new Duplex(options);
18424
18425 Readable.call(this, options);
18426 Writable.call(this, options);
18427
18428 if (options && options.readable === false) this.readable = false;
18429
18430 if (options && options.writable === false) this.writable = false;
18431
18432 this.allowHalfOpen = true;
18433 if (options && options.allowHalfOpen === false) this.allowHalfOpen = false;
18434
18435 this.once('end', onend);
18436}
18437
18438// the no-half-open enforcer
18439function onend() {
18440 // if we allow half-open state, or if the writable side ended,
18441 // then we're ok.
18442 if (this.allowHalfOpen || this._writableState.ended) return;
18443
18444 // no more data can be written.
18445 // But allow more writes to happen in this tick.
18446 processNextTick(onEndNT, this);
18447}
18448
18449function onEndNT(self) {
18450 self.end();
18451}
18452
18453function forEach(xs, f) {
18454 for (var i = 0, l = xs.length; i < l; i++) {
18455 f(xs[i], i);
18456 }
18457}
18458},{"./_stream_readable":123,"./_stream_writable":125,"core-util-is":49,"inherits":95,"process-nextick-args":111}],122:[function(require,module,exports){
18459// a passthrough stream.
18460// basically just the most minimal sort of Transform stream.
18461// Every written chunk gets output as-is.
18462
18463'use strict';
18464
18465module.exports = PassThrough;
18466
18467var Transform = require('./_stream_transform');
18468
18469/*<replacement>*/
18470var util = require('core-util-is');
18471util.inherits = require('inherits');
18472/*</replacement>*/
18473
18474util.inherits(PassThrough, Transform);
18475
18476function PassThrough(options) {
18477 if (!(this instanceof PassThrough)) return new PassThrough(options);
18478
18479 Transform.call(this, options);
18480}
18481
18482PassThrough.prototype._transform = function (chunk, encoding, cb) {
18483 cb(null, chunk);
18484};
18485},{"./_stream_transform":124,"core-util-is":49,"inherits":95}],123:[function(require,module,exports){
18486(function (process){
18487'use strict';
18488
18489module.exports = Readable;
18490
18491/*<replacement>*/
18492var processNextTick = require('process-nextick-args');
18493/*</replacement>*/
18494
18495/*<replacement>*/
18496var isArray = require('isarray');
18497/*</replacement>*/
18498
18499/*<replacement>*/
18500var Duplex;
18501/*</replacement>*/
18502
18503Readable.ReadableState = ReadableState;
18504
18505/*<replacement>*/
18506var EE = require('events').EventEmitter;
18507
18508var EElistenerCount = function (emitter, type) {
18509 return emitter.listeners(type).length;
18510};
18511/*</replacement>*/
18512
18513/*<replacement>*/
18514var Stream = require('./internal/streams/stream');
18515/*</replacement>*/
18516
18517var Buffer = require('buffer').Buffer;
18518/*<replacement>*/
18519var bufferShim = require('buffer-shims');
18520/*</replacement>*/
18521
18522/*<replacement>*/
18523var util = require('core-util-is');
18524util.inherits = require('inherits');
18525/*</replacement>*/
18526
18527/*<replacement>*/
18528var debugUtil = require('util');
18529var debug = void 0;
18530if (debugUtil && debugUtil.debuglog) {
18531 debug = debugUtil.debuglog('stream');
18532} else {
18533 debug = function () {};
18534}
18535/*</replacement>*/
18536
18537var BufferList = require('./internal/streams/BufferList');
18538var StringDecoder;
18539
18540util.inherits(Readable, Stream);
18541
18542var kProxyEvents = ['error', 'close', 'destroy', 'pause', 'resume'];
18543
18544function prependListener(emitter, event, fn) {
18545 // Sadly this is not cacheable as some libraries bundle their own
18546 // event emitter implementation with them.
18547 if (typeof emitter.prependListener === 'function') {
18548 return emitter.prependListener(event, fn);
18549 } else {
18550 // This is a hack to make sure that our error handler is attached before any
18551 // userland ones. NEVER DO THIS. This is here only because this code needs
18552 // to continue to work with older versions of Node.js that do not include
18553 // the prependListener() method. The goal is to eventually remove this hack.
18554 if (!emitter._events || !emitter._events[event]) emitter.on(event, fn);else if (isArray(emitter._events[event])) emitter._events[event].unshift(fn);else emitter._events[event] = [fn, emitter._events[event]];
18555 }
18556}
18557
18558function ReadableState(options, stream) {
18559 Duplex = Duplex || require('./_stream_duplex');
18560
18561 options = options || {};
18562
18563 // object stream flag. Used to make read(n) ignore n and to
18564 // make all the buffer merging and length checks go away
18565 this.objectMode = !!options.objectMode;
18566
18567 if (stream instanceof Duplex) this.objectMode = this.objectMode || !!options.readableObjectMode;
18568
18569 // the point at which it stops calling _read() to fill the buffer
18570 // Note: 0 is a valid value, means "don't call _read preemptively ever"
18571 var hwm = options.highWaterMark;
18572 var defaultHwm = this.objectMode ? 16 : 16 * 1024;
18573 this.highWaterMark = hwm || hwm === 0 ? hwm : defaultHwm;
18574
18575 // cast to ints.
18576 this.highWaterMark = ~~this.highWaterMark;
18577
18578 // A linked list is used to store data chunks instead of an array because the
18579 // linked list can remove elements from the beginning faster than
18580 // array.shift()
18581 this.buffer = new BufferList();
18582 this.length = 0;
18583 this.pipes = null;
18584 this.pipesCount = 0;
18585 this.flowing = null;
18586 this.ended = false;
18587 this.endEmitted = false;
18588 this.reading = false;
18589
18590 // a flag to be able to tell if the onwrite cb is called immediately,
18591 // or on a later tick. We set this to true at first, because any
18592 // actions that shouldn't happen until "later" should generally also
18593 // not happen before the first write call.
18594 this.sync = true;
18595
18596 // whenever we return null, then we set a flag to say
18597 // that we're awaiting a 'readable' event emission.
18598 this.needReadable = false;
18599 this.emittedReadable = false;
18600 this.readableListening = false;
18601 this.resumeScheduled = false;
18602
18603 // Crypto is kind of old and crusty. Historically, its default string
18604 // encoding is 'binary' so we have to make this configurable.
18605 // Everything else in the universe uses 'utf8', though.
18606 this.defaultEncoding = options.defaultEncoding || 'utf8';
18607
18608 // when piping, we only care about 'readable' events that happen
18609 // after read()ing all the bytes and not getting any pushback.
18610 this.ranOut = false;
18611
18612 // the number of writers that are awaiting a drain event in .pipe()s
18613 this.awaitDrain = 0;
18614
18615 // if true, a maybeReadMore has been scheduled
18616 this.readingMore = false;
18617
18618 this.decoder = null;
18619 this.encoding = null;
18620 if (options.encoding) {
18621 if (!StringDecoder) StringDecoder = require('string_decoder/').StringDecoder;
18622 this.decoder = new StringDecoder(options.encoding);
18623 this.encoding = options.encoding;
18624 }
18625}
18626
18627function Readable(options) {
18628 Duplex = Duplex || require('./_stream_duplex');
18629
18630 if (!(this instanceof Readable)) return new Readable(options);
18631
18632 this._readableState = new ReadableState(options, this);
18633
18634 // legacy
18635 this.readable = true;
18636
18637 if (options && typeof options.read === 'function') this._read = options.read;
18638
18639 Stream.call(this);
18640}
18641
18642// Manually shove something into the read() buffer.
18643// This returns true if the highWaterMark has not been hit yet,
18644// similar to how Writable.write() returns true if you should
18645// write() some more.
18646Readable.prototype.push = function (chunk, encoding) {
18647 var state = this._readableState;
18648
18649 if (!state.objectMode && typeof chunk === 'string') {
18650 encoding = encoding || state.defaultEncoding;
18651 if (encoding !== state.encoding) {
18652 chunk = bufferShim.from(chunk, encoding);
18653 encoding = '';
18654 }
18655 }
18656
18657 return readableAddChunk(this, state, chunk, encoding, false);
18658};
18659
18660// Unshift should *always* be something directly out of read()
18661Readable.prototype.unshift = function (chunk) {
18662 var state = this._readableState;
18663 return readableAddChunk(this, state, chunk, '', true);
18664};
18665
18666Readable.prototype.isPaused = function () {
18667 return this._readableState.flowing === false;
18668};
18669
18670function readableAddChunk(stream, state, chunk, encoding, addToFront) {
18671 var er = chunkInvalid(state, chunk);
18672 if (er) {
18673 stream.emit('error', er);
18674 } else if (chunk === null) {
18675 state.reading = false;
18676 onEofChunk(stream, state);
18677 } else if (state.objectMode || chunk && chunk.length > 0) {
18678 if (state.ended && !addToFront) {
18679 var e = new Error('stream.push() after EOF');
18680 stream.emit('error', e);
18681 } else if (state.endEmitted && addToFront) {
18682 var _e = new Error('stream.unshift() after end event');
18683 stream.emit('error', _e);
18684 } else {
18685 var skipAdd;
18686 if (state.decoder && !addToFront && !encoding) {
18687 chunk = state.decoder.write(chunk);
18688 skipAdd = !state.objectMode && chunk.length === 0;
18689 }
18690
18691 if (!addToFront) state.reading = false;
18692
18693 // Don't add to the buffer if we've decoded to an empty string chunk and
18694 // we're not in object mode
18695 if (!skipAdd) {
18696 // if we want the data now, just emit it.
18697 if (state.flowing && state.length === 0 && !state.sync) {
18698 stream.emit('data', chunk);
18699 stream.read(0);
18700 } else {
18701 // update the buffer info.
18702 state.length += state.objectMode ? 1 : chunk.length;
18703 if (addToFront) state.buffer.unshift(chunk);else state.buffer.push(chunk);
18704
18705 if (state.needReadable) emitReadable(stream);
18706 }
18707 }
18708
18709 maybeReadMore(stream, state);
18710 }
18711 } else if (!addToFront) {
18712 state.reading = false;
18713 }
18714
18715 return needMoreData(state);
18716}
18717
18718// if it's past the high water mark, we can push in some more.
18719// Also, if we have no data yet, we can stand some
18720// more bytes. This is to work around cases where hwm=0,
18721// such as the repl. Also, if the push() triggered a
18722// readable event, and the user called read(largeNumber) such that
18723// needReadable was set, then we ought to push more, so that another
18724// 'readable' event will be triggered.
18725function needMoreData(state) {
18726 return !state.ended && (state.needReadable || state.length < state.highWaterMark || state.length === 0);
18727}
18728
18729// backwards compatibility.
18730Readable.prototype.setEncoding = function (enc) {
18731 if (!StringDecoder) StringDecoder = require('string_decoder/').StringDecoder;
18732 this._readableState.decoder = new StringDecoder(enc);
18733 this._readableState.encoding = enc;
18734 return this;
18735};
18736
18737// Don't raise the hwm > 8MB
18738var MAX_HWM = 0x800000;
18739function computeNewHighWaterMark(n) {
18740 if (n >= MAX_HWM) {
18741 n = MAX_HWM;
18742 } else {
18743 // Get the next highest power of 2 to prevent increasing hwm excessively in
18744 // tiny amounts
18745 n--;
18746 n |= n >>> 1;
18747 n |= n >>> 2;
18748 n |= n >>> 4;
18749 n |= n >>> 8;
18750 n |= n >>> 16;
18751 n++;
18752 }
18753 return n;
18754}
18755
18756// This function is designed to be inlinable, so please take care when making
18757// changes to the function body.
18758function howMuchToRead(n, state) {
18759 if (n <= 0 || state.length === 0 && state.ended) return 0;
18760 if (state.objectMode) return 1;
18761 if (n !== n) {
18762 // Only flow one buffer at a time
18763 if (state.flowing && state.length) return state.buffer.head.data.length;else return state.length;
18764 }
18765 // If we're asking for more than the current hwm, then raise the hwm.
18766 if (n > state.highWaterMark) state.highWaterMark = computeNewHighWaterMark(n);
18767 if (n <= state.length) return n;
18768 // Don't have enough
18769 if (!state.ended) {
18770 state.needReadable = true;
18771 return 0;
18772 }
18773 return state.length;
18774}
18775
18776// you can override either this method, or the async _read(n) below.
18777Readable.prototype.read = function (n) {
18778 debug('read', n);
18779 n = parseInt(n, 10);
18780 var state = this._readableState;
18781 var nOrig = n;
18782
18783 if (n !== 0) state.emittedReadable = false;
18784
18785 // if we're doing read(0) to trigger a readable event, but we
18786 // already have a bunch of data in the buffer, then just trigger
18787 // the 'readable' event and move on.
18788 if (n === 0 && state.needReadable && (state.length >= state.highWaterMark || state.ended)) {
18789 debug('read: emitReadable', state.length, state.ended);
18790 if (state.length === 0 && state.ended) endReadable(this);else emitReadable(this);
18791 return null;
18792 }
18793
18794 n = howMuchToRead(n, state);
18795
18796 // if we've ended, and we're now clear, then finish it up.
18797 if (n === 0 && state.ended) {
18798 if (state.length === 0) endReadable(this);
18799 return null;
18800 }
18801
18802 // All the actual chunk generation logic needs to be
18803 // *below* the call to _read. The reason is that in certain
18804 // synthetic stream cases, such as passthrough streams, _read
18805 // may be a completely synchronous operation which may change
18806 // the state of the read buffer, providing enough data when
18807 // before there was *not* enough.
18808 //
18809 // So, the steps are:
18810 // 1. Figure out what the state of things will be after we do
18811 // a read from the buffer.
18812 //
18813 // 2. If that resulting state will trigger a _read, then call _read.
18814 // Note that this may be asynchronous, or synchronous. Yes, it is
18815 // deeply ugly to write APIs this way, but that still doesn't mean
18816 // that the Readable class should behave improperly, as streams are
18817 // designed to be sync/async agnostic.
18818 // Take note if the _read call is sync or async (ie, if the read call
18819 // has returned yet), so that we know whether or not it's safe to emit
18820 // 'readable' etc.
18821 //
18822 // 3. Actually pull the requested chunks out of the buffer and return.
18823
18824 // if we need a readable event, then we need to do some reading.
18825 var doRead = state.needReadable;
18826 debug('need readable', doRead);
18827
18828 // if we currently have less than the highWaterMark, then also read some
18829 if (state.length === 0 || state.length - n < state.highWaterMark) {
18830 doRead = true;
18831 debug('length less than watermark', doRead);
18832 }
18833
18834 // however, if we've ended, then there's no point, and if we're already
18835 // reading, then it's unnecessary.
18836 if (state.ended || state.reading) {
18837 doRead = false;
18838 debug('reading or ended', doRead);
18839 } else if (doRead) {
18840 debug('do read');
18841 state.reading = true;
18842 state.sync = true;
18843 // if the length is currently zero, then we *need* a readable event.
18844 if (state.length === 0) state.needReadable = true;
18845 // call internal read method
18846 this._read(state.highWaterMark);
18847 state.sync = false;
18848 // If _read pushed data synchronously, then `reading` will be false,
18849 // and we need to re-evaluate how much data we can return to the user.
18850 if (!state.reading) n = howMuchToRead(nOrig, state);
18851 }
18852
18853 var ret;
18854 if (n > 0) ret = fromList(n, state);else ret = null;
18855
18856 if (ret === null) {
18857 state.needReadable = true;
18858 n = 0;
18859 } else {
18860 state.length -= n;
18861 }
18862
18863 if (state.length === 0) {
18864 // If we have nothing in the buffer, then we want to know
18865 // as soon as we *do* get something into the buffer.
18866 if (!state.ended) state.needReadable = true;
18867
18868 // If we tried to read() past the EOF, then emit end on the next tick.
18869 if (nOrig !== n && state.ended) endReadable(this);
18870 }
18871
18872 if (ret !== null) this.emit('data', ret);
18873
18874 return ret;
18875};
18876
18877function chunkInvalid(state, chunk) {
18878 var er = null;
18879 if (!Buffer.isBuffer(chunk) && typeof chunk !== 'string' && chunk !== null && chunk !== undefined && !state.objectMode) {
18880 er = new TypeError('Invalid non-string/buffer chunk');
18881 }
18882 return er;
18883}
18884
18885function onEofChunk(stream, state) {
18886 if (state.ended) return;
18887 if (state.decoder) {
18888 var chunk = state.decoder.end();
18889 if (chunk && chunk.length) {
18890 state.buffer.push(chunk);
18891 state.length += state.objectMode ? 1 : chunk.length;
18892 }
18893 }
18894 state.ended = true;
18895
18896 // emit 'readable' now to make sure it gets picked up.
18897 emitReadable(stream);
18898}
18899
18900// Don't emit readable right away in sync mode, because this can trigger
18901// another read() call => stack overflow. This way, it might trigger
18902// a nextTick recursion warning, but that's not so bad.
18903function emitReadable(stream) {
18904 var state = stream._readableState;
18905 state.needReadable = false;
18906 if (!state.emittedReadable) {
18907 debug('emitReadable', state.flowing);
18908 state.emittedReadable = true;
18909 if (state.sync) processNextTick(emitReadable_, stream);else emitReadable_(stream);
18910 }
18911}
18912
18913function emitReadable_(stream) {
18914 debug('emit readable');
18915 stream.emit('readable');
18916 flow(stream);
18917}
18918
18919// at this point, the user has presumably seen the 'readable' event,
18920// and called read() to consume some data. that may have triggered
18921// in turn another _read(n) call, in which case reading = true if
18922// it's in progress.
18923// However, if we're not ended, or reading, and the length < hwm,
18924// then go ahead and try to read some more preemptively.
18925function maybeReadMore(stream, state) {
18926 if (!state.readingMore) {
18927 state.readingMore = true;
18928 processNextTick(maybeReadMore_, stream, state);
18929 }
18930}
18931
18932function maybeReadMore_(stream, state) {
18933 var len = state.length;
18934 while (!state.reading && !state.flowing && !state.ended && state.length < state.highWaterMark) {
18935 debug('maybeReadMore read 0');
18936 stream.read(0);
18937 if (len === state.length)
18938 // didn't get any data, stop spinning.
18939 break;else len = state.length;
18940 }
18941 state.readingMore = false;
18942}
18943
18944// abstract method. to be overridden in specific implementation classes.
18945// call cb(er, data) where data is <= n in length.
18946// for virtual (non-string, non-buffer) streams, "length" is somewhat
18947// arbitrary, and perhaps not very meaningful.
18948Readable.prototype._read = function (n) {
18949 this.emit('error', new Error('_read() is not implemented'));
18950};
18951
18952Readable.prototype.pipe = function (dest, pipeOpts) {
18953 var src = this;
18954 var state = this._readableState;
18955
18956 switch (state.pipesCount) {
18957 case 0:
18958 state.pipes = dest;
18959 break;
18960 case 1:
18961 state.pipes = [state.pipes, dest];
18962 break;
18963 default:
18964 state.pipes.push(dest);
18965 break;
18966 }
18967 state.pipesCount += 1;
18968 debug('pipe count=%d opts=%j', state.pipesCount, pipeOpts);
18969
18970 var doEnd = (!pipeOpts || pipeOpts.end !== false) && dest !== process.stdout && dest !== process.stderr;
18971
18972 var endFn = doEnd ? onend : cleanup;
18973 if (state.endEmitted) processNextTick(endFn);else src.once('end', endFn);
18974
18975 dest.on('unpipe', onunpipe);
18976 function onunpipe(readable) {
18977 debug('onunpipe');
18978 if (readable === src) {
18979 cleanup();
18980 }
18981 }
18982
18983 function onend() {
18984 debug('onend');
18985 dest.end();
18986 }
18987
18988 // when the dest drains, it reduces the awaitDrain counter
18989 // on the source. This would be more elegant with a .once()
18990 // handler in flow(), but adding and removing repeatedly is
18991 // too slow.
18992 var ondrain = pipeOnDrain(src);
18993 dest.on('drain', ondrain);
18994
18995 var cleanedUp = false;
18996 function cleanup() {
18997 debug('cleanup');
18998 // cleanup event handlers once the pipe is broken
18999 dest.removeListener('close', onclose);
19000 dest.removeListener('finish', onfinish);
19001 dest.removeListener('drain', ondrain);
19002 dest.removeListener('error', onerror);
19003 dest.removeListener('unpipe', onunpipe);
19004 src.removeListener('end', onend);
19005 src.removeListener('end', cleanup);
19006 src.removeListener('data', ondata);
19007
19008 cleanedUp = true;
19009
19010 // if the reader is waiting for a drain event from this
19011 // specific writer, then it would cause it to never start
19012 // flowing again.
19013 // So, if this is awaiting a drain, then we just call it now.
19014 // If we don't know, then assume that we are waiting for one.
19015 if (state.awaitDrain && (!dest._writableState || dest._writableState.needDrain)) ondrain();
19016 }
19017
19018 // If the user pushes more data while we're writing to dest then we'll end up
19019 // in ondata again. However, we only want to increase awaitDrain once because
19020 // dest will only emit one 'drain' event for the multiple writes.
19021 // => Introduce a guard on increasing awaitDrain.
19022 var increasedAwaitDrain = false;
19023 src.on('data', ondata);
19024 function ondata(chunk) {
19025 debug('ondata');
19026 increasedAwaitDrain = false;
19027 var ret = dest.write(chunk);
19028 if (false === ret && !increasedAwaitDrain) {
19029 // If the user unpiped during `dest.write()`, it is possible
19030 // to get stuck in a permanently paused state if that write
19031 // also returned false.
19032 // => Check whether `dest` is still a piping destination.
19033 if ((state.pipesCount === 1 && state.pipes === dest || state.pipesCount > 1 && indexOf(state.pipes, dest) !== -1) && !cleanedUp) {
19034 debug('false write response, pause', src._readableState.awaitDrain);
19035 src._readableState.awaitDrain++;
19036 increasedAwaitDrain = true;
19037 }
19038 src.pause();
19039 }
19040 }
19041
19042 // if the dest has an error, then stop piping into it.
19043 // however, don't suppress the throwing behavior for this.
19044 function onerror(er) {
19045 debug('onerror', er);
19046 unpipe();
19047 dest.removeListener('error', onerror);
19048 if (EElistenerCount(dest, 'error') === 0) dest.emit('error', er);
19049 }
19050
19051 // Make sure our error handler is attached before userland ones.
19052 prependListener(dest, 'error', onerror);
19053
19054 // Both close and finish should trigger unpipe, but only once.
19055 function onclose() {
19056 dest.removeListener('finish', onfinish);
19057 unpipe();
19058 }
19059 dest.once('close', onclose);
19060 function onfinish() {
19061 debug('onfinish');
19062 dest.removeListener('close', onclose);
19063 unpipe();
19064 }
19065 dest.once('finish', onfinish);
19066
19067 function unpipe() {
19068 debug('unpipe');
19069 src.unpipe(dest);
19070 }
19071
19072 // tell the dest that it's being piped to
19073 dest.emit('pipe', src);
19074
19075 // start the flow if it hasn't been started already.
19076 if (!state.flowing) {
19077 debug('pipe resume');
19078 src.resume();
19079 }
19080
19081 return dest;
19082};
19083
19084function pipeOnDrain(src) {
19085 return function () {
19086 var state = src._readableState;
19087 debug('pipeOnDrain', state.awaitDrain);
19088 if (state.awaitDrain) state.awaitDrain--;
19089 if (state.awaitDrain === 0 && EElistenerCount(src, 'data')) {
19090 state.flowing = true;
19091 flow(src);
19092 }
19093 };
19094}
19095
19096Readable.prototype.unpipe = function (dest) {
19097 var state = this._readableState;
19098
19099 // if we're not piping anywhere, then do nothing.
19100 if (state.pipesCount === 0) return this;
19101
19102 // just one destination. most common case.
19103 if (state.pipesCount === 1) {
19104 // passed in one, but it's not the right one.
19105 if (dest && dest !== state.pipes) return this;
19106
19107 if (!dest) dest = state.pipes;
19108
19109 // got a match.
19110 state.pipes = null;
19111 state.pipesCount = 0;
19112 state.flowing = false;
19113 if (dest) dest.emit('unpipe', this);
19114 return this;
19115 }
19116
19117 // slow case. multiple pipe destinations.
19118
19119 if (!dest) {
19120 // remove all.
19121 var dests = state.pipes;
19122 var len = state.pipesCount;
19123 state.pipes = null;
19124 state.pipesCount = 0;
19125 state.flowing = false;
19126
19127 for (var i = 0; i < len; i++) {
19128 dests[i].emit('unpipe', this);
19129 }return this;
19130 }
19131
19132 // try to find the right one.
19133 var index = indexOf(state.pipes, dest);
19134 if (index === -1) return this;
19135
19136 state.pipes.splice(index, 1);
19137 state.pipesCount -= 1;
19138 if (state.pipesCount === 1) state.pipes = state.pipes[0];
19139
19140 dest.emit('unpipe', this);
19141
19142 return this;
19143};
19144
19145// set up data events if they are asked for
19146// Ensure readable listeners eventually get something
19147Readable.prototype.on = function (ev, fn) {
19148 var res = Stream.prototype.on.call(this, ev, fn);
19149
19150 if (ev === 'data') {
19151 // Start flowing on next tick if stream isn't explicitly paused
19152 if (this._readableState.flowing !== false) this.resume();
19153 } else if (ev === 'readable') {
19154 var state = this._readableState;
19155 if (!state.endEmitted && !state.readableListening) {
19156 state.readableListening = state.needReadable = true;
19157 state.emittedReadable = false;
19158 if (!state.reading) {
19159 processNextTick(nReadingNextTick, this);
19160 } else if (state.length) {
19161 emitReadable(this, state);
19162 }
19163 }
19164 }
19165
19166 return res;
19167};
19168Readable.prototype.addListener = Readable.prototype.on;
19169
19170function nReadingNextTick(self) {
19171 debug('readable nexttick read 0');
19172 self.read(0);
19173}
19174
19175// pause() and resume() are remnants of the legacy readable stream API
19176// If the user uses them, then switch into old mode.
19177Readable.prototype.resume = function () {
19178 var state = this._readableState;
19179 if (!state.flowing) {
19180 debug('resume');
19181 state.flowing = true;
19182 resume(this, state);
19183 }
19184 return this;
19185};
19186
19187function resume(stream, state) {
19188 if (!state.resumeScheduled) {
19189 state.resumeScheduled = true;
19190 processNextTick(resume_, stream, state);
19191 }
19192}
19193
19194function resume_(stream, state) {
19195 if (!state.reading) {
19196 debug('resume read 0');
19197 stream.read(0);
19198 }
19199
19200 state.resumeScheduled = false;
19201 state.awaitDrain = 0;
19202 stream.emit('resume');
19203 flow(stream);
19204 if (state.flowing && !state.reading) stream.read(0);
19205}
19206
19207Readable.prototype.pause = function () {
19208 debug('call pause flowing=%j', this._readableState.flowing);
19209 if (false !== this._readableState.flowing) {
19210 debug('pause');
19211 this._readableState.flowing = false;
19212 this.emit('pause');
19213 }
19214 return this;
19215};
19216
19217function flow(stream) {
19218 var state = stream._readableState;
19219 debug('flow', state.flowing);
19220 while (state.flowing && stream.read() !== null) {}
19221}
19222
19223// wrap an old-style stream as the async data source.
19224// This is *not* part of the readable stream interface.
19225// It is an ugly unfortunate mess of history.
19226Readable.prototype.wrap = function (stream) {
19227 var state = this._readableState;
19228 var paused = false;
19229
19230 var self = this;
19231 stream.on('end', function () {
19232 debug('wrapped end');
19233 if (state.decoder && !state.ended) {
19234 var chunk = state.decoder.end();
19235 if (chunk && chunk.length) self.push(chunk);
19236 }
19237
19238 self.push(null);
19239 });
19240
19241 stream.on('data', function (chunk) {
19242 debug('wrapped data');
19243 if (state.decoder) chunk = state.decoder.write(chunk);
19244
19245 // don't skip over falsy values in objectMode
19246 if (state.objectMode && (chunk === null || chunk === undefined)) return;else if (!state.objectMode && (!chunk || !chunk.length)) return;
19247
19248 var ret = self.push(chunk);
19249 if (!ret) {
19250 paused = true;
19251 stream.pause();
19252 }
19253 });
19254
19255 // proxy all the other methods.
19256 // important when wrapping filters and duplexes.
19257 for (var i in stream) {
19258 if (this[i] === undefined && typeof stream[i] === 'function') {
19259 this[i] = function (method) {
19260 return function () {
19261 return stream[method].apply(stream, arguments);
19262 };
19263 }(i);
19264 }
19265 }
19266
19267 // proxy certain important events.
19268 for (var n = 0; n < kProxyEvents.length; n++) {
19269 stream.on(kProxyEvents[n], self.emit.bind(self, kProxyEvents[n]));
19270 }
19271
19272 // when we try to consume some more bytes, simply unpause the
19273 // underlying stream.
19274 self._read = function (n) {
19275 debug('wrapped _read', n);
19276 if (paused) {
19277 paused = false;
19278 stream.resume();
19279 }
19280 };
19281
19282 return self;
19283};
19284
19285// exposed for testing purposes only.
19286Readable._fromList = fromList;
19287
19288// Pluck off n bytes from an array of buffers.
19289// Length is the combined lengths of all the buffers in the list.
19290// This function is designed to be inlinable, so please take care when making
19291// changes to the function body.
19292function fromList(n, state) {
19293 // nothing buffered
19294 if (state.length === 0) return null;
19295
19296 var ret;
19297 if (state.objectMode) ret = state.buffer.shift();else if (!n || n >= state.length) {
19298 // read it all, truncate the list
19299 if (state.decoder) ret = state.buffer.join('');else if (state.buffer.length === 1) ret = state.buffer.head.data;else ret = state.buffer.concat(state.length);
19300 state.buffer.clear();
19301 } else {
19302 // read part of list
19303 ret = fromListPartial(n, state.buffer, state.decoder);
19304 }
19305
19306 return ret;
19307}
19308
19309// Extracts only enough buffered data to satisfy the amount requested.
19310// This function is designed to be inlinable, so please take care when making
19311// changes to the function body.
19312function fromListPartial(n, list, hasStrings) {
19313 var ret;
19314 if (n < list.head.data.length) {
19315 // slice is the same for buffers and strings
19316 ret = list.head.data.slice(0, n);
19317 list.head.data = list.head.data.slice(n);
19318 } else if (n === list.head.data.length) {
19319 // first chunk is a perfect match
19320 ret = list.shift();
19321 } else {
19322 // result spans more than one buffer
19323 ret = hasStrings ? copyFromBufferString(n, list) : copyFromBuffer(n, list);
19324 }
19325 return ret;
19326}
19327
19328// Copies a specified amount of characters from the list of buffered data
19329// chunks.
19330// This function is designed to be inlinable, so please take care when making
19331// changes to the function body.
19332function copyFromBufferString(n, list) {
19333 var p = list.head;
19334 var c = 1;
19335 var ret = p.data;
19336 n -= ret.length;
19337 while (p = p.next) {
19338 var str = p.data;
19339 var nb = n > str.length ? str.length : n;
19340 if (nb === str.length) ret += str;else ret += str.slice(0, n);
19341 n -= nb;
19342 if (n === 0) {
19343 if (nb === str.length) {
19344 ++c;
19345 if (p.next) list.head = p.next;else list.head = list.tail = null;
19346 } else {
19347 list.head = p;
19348 p.data = str.slice(nb);
19349 }
19350 break;
19351 }
19352 ++c;
19353 }
19354 list.length -= c;
19355 return ret;
19356}
19357
19358// Copies a specified amount of bytes from the list of buffered data chunks.
19359// This function is designed to be inlinable, so please take care when making
19360// changes to the function body.
19361function copyFromBuffer(n, list) {
19362 var ret = bufferShim.allocUnsafe(n);
19363 var p = list.head;
19364 var c = 1;
19365 p.data.copy(ret);
19366 n -= p.data.length;
19367 while (p = p.next) {
19368 var buf = p.data;
19369 var nb = n > buf.length ? buf.length : n;
19370 buf.copy(ret, ret.length - n, 0, nb);
19371 n -= nb;
19372 if (n === 0) {
19373 if (nb === buf.length) {
19374 ++c;
19375 if (p.next) list.head = p.next;else list.head = list.tail = null;
19376 } else {
19377 list.head = p;
19378 p.data = buf.slice(nb);
19379 }
19380 break;
19381 }
19382 ++c;
19383 }
19384 list.length -= c;
19385 return ret;
19386}
19387
19388function endReadable(stream) {
19389 var state = stream._readableState;
19390
19391 // If we get here before consuming all the bytes, then that is a
19392 // bug in node. Should never happen.
19393 if (state.length > 0) throw new Error('"endReadable()" called on non-empty stream');
19394
19395 if (!state.endEmitted) {
19396 state.ended = true;
19397 processNextTick(endReadableNT, state, stream);
19398 }
19399}
19400
19401function endReadableNT(state, stream) {
19402 // Check that we didn't get one last unshift.
19403 if (!state.endEmitted && state.length === 0) {
19404 state.endEmitted = true;
19405 stream.readable = false;
19406 stream.emit('end');
19407 }
19408}
19409
19410function forEach(xs, f) {
19411 for (var i = 0, l = xs.length; i < l; i++) {
19412 f(xs[i], i);
19413 }
19414}
19415
19416function indexOf(xs, x) {
19417 for (var i = 0, l = xs.length; i < l; i++) {
19418 if (xs[i] === x) return i;
19419 }
19420 return -1;
19421}
19422}).call(this,require('_process'))
19423},{"./_stream_duplex":121,"./internal/streams/BufferList":126,"./internal/streams/stream":127,"_process":112,"buffer":47,"buffer-shims":45,"core-util-is":49,"events":83,"inherits":95,"isarray":97,"process-nextick-args":111,"string_decoder/":128,"util":19}],124:[function(require,module,exports){
19424// a transform stream is a readable/writable stream where you do
19425// something with the data. Sometimes it's called a "filter",
19426// but that's not a great name for it, since that implies a thing where
19427// some bits pass through, and others are simply ignored. (That would
19428// be a valid example of a transform, of course.)
19429//
19430// While the output is causally related to the input, it's not a
19431// necessarily symmetric or synchronous transformation. For example,
19432// a zlib stream might take multiple plain-text writes(), and then
19433// emit a single compressed chunk some time in the future.
19434//
19435// Here's how this works:
19436//
19437// The Transform stream has all the aspects of the readable and writable
19438// stream classes. When you write(chunk), that calls _write(chunk,cb)
19439// internally, and returns false if there's a lot of pending writes
19440// buffered up. When you call read(), that calls _read(n) until
19441// there's enough pending readable data buffered up.
19442//
19443// In a transform stream, the written data is placed in a buffer. When
19444// _read(n) is called, it transforms the queued up data, calling the
19445// buffered _write cb's as it consumes chunks. If consuming a single
19446// written chunk would result in multiple output chunks, then the first
19447// outputted bit calls the readcb, and subsequent chunks just go into
19448// the read buffer, and will cause it to emit 'readable' if necessary.
19449//
19450// This way, back-pressure is actually determined by the reading side,
19451// since _read has to be called to start processing a new chunk. However,
19452// a pathological inflate type of transform can cause excessive buffering
19453// here. For example, imagine a stream where every byte of input is
19454// interpreted as an integer from 0-255, and then results in that many
19455// bytes of output. Writing the 4 bytes {ff,ff,ff,ff} would result in
19456// 1kb of data being output. In this case, you could write a very small
19457// amount of input, and end up with a very large amount of output. In
19458// such a pathological inflating mechanism, there'd be no way to tell
19459// the system to stop doing the transform. A single 4MB write could
19460// cause the system to run out of memory.
19461//
19462// However, even in such a pathological case, only a single written chunk
19463// would be consumed, and then the rest would wait (un-transformed) until
19464// the results of the previous transformed chunk were consumed.
19465
19466'use strict';
19467
19468module.exports = Transform;
19469
19470var Duplex = require('./_stream_duplex');
19471
19472/*<replacement>*/
19473var util = require('core-util-is');
19474util.inherits = require('inherits');
19475/*</replacement>*/
19476
19477util.inherits(Transform, Duplex);
19478
19479function TransformState(stream) {
19480 this.afterTransform = function (er, data) {
19481 return afterTransform(stream, er, data);
19482 };
19483
19484 this.needTransform = false;
19485 this.transforming = false;
19486 this.writecb = null;
19487 this.writechunk = null;
19488 this.writeencoding = null;
19489}
19490
19491function afterTransform(stream, er, data) {
19492 var ts = stream._transformState;
19493 ts.transforming = false;
19494
19495 var cb = ts.writecb;
19496
19497 if (!cb) return stream.emit('error', new Error('no writecb in Transform class'));
19498
19499 ts.writechunk = null;
19500 ts.writecb = null;
19501
19502 if (data !== null && data !== undefined) stream.push(data);
19503
19504 cb(er);
19505
19506 var rs = stream._readableState;
19507 rs.reading = false;
19508 if (rs.needReadable || rs.length < rs.highWaterMark) {
19509 stream._read(rs.highWaterMark);
19510 }
19511}
19512
19513function Transform(options) {
19514 if (!(this instanceof Transform)) return new Transform(options);
19515
19516 Duplex.call(this, options);
19517
19518 this._transformState = new TransformState(this);
19519
19520 var stream = this;
19521
19522 // start out asking for a readable event once data is transformed.
19523 this._readableState.needReadable = true;
19524
19525 // we have implemented the _read method, and done the other things
19526 // that Readable wants before the first _read call, so unset the
19527 // sync guard flag.
19528 this._readableState.sync = false;
19529
19530 if (options) {
19531 if (typeof options.transform === 'function') this._transform = options.transform;
19532
19533 if (typeof options.flush === 'function') this._flush = options.flush;
19534 }
19535
19536 // When the writable side finishes, then flush out anything remaining.
19537 this.once('prefinish', function () {
19538 if (typeof this._flush === 'function') this._flush(function (er, data) {
19539 done(stream, er, data);
19540 });else done(stream);
19541 });
19542}
19543
19544Transform.prototype.push = function (chunk, encoding) {
19545 this._transformState.needTransform = false;
19546 return Duplex.prototype.push.call(this, chunk, encoding);
19547};
19548
19549// This is the part where you do stuff!
19550// override this function in implementation classes.
19551// 'chunk' is an input chunk.
19552//
19553// Call `push(newChunk)` to pass along transformed output
19554// to the readable side. You may call 'push' zero or more times.
19555//
19556// Call `cb(err)` when you are done with this chunk. If you pass
19557// an error, then that'll put the hurt on the whole operation. If you
19558// never call cb(), then you'll never get another chunk.
19559Transform.prototype._transform = function (chunk, encoding, cb) {
19560 throw new Error('_transform() is not implemented');
19561};
19562
19563Transform.prototype._write = function (chunk, encoding, cb) {
19564 var ts = this._transformState;
19565 ts.writecb = cb;
19566 ts.writechunk = chunk;
19567 ts.writeencoding = encoding;
19568 if (!ts.transforming) {
19569 var rs = this._readableState;
19570 if (ts.needTransform || rs.needReadable || rs.length < rs.highWaterMark) this._read(rs.highWaterMark);
19571 }
19572};
19573
19574// Doesn't matter what the args are here.
19575// _transform does all the work.
19576// That we got here means that the readable side wants more data.
19577Transform.prototype._read = function (n) {
19578 var ts = this._transformState;
19579
19580 if (ts.writechunk !== null && ts.writecb && !ts.transforming) {
19581 ts.transforming = true;
19582 this._transform(ts.writechunk, ts.writeencoding, ts.afterTransform);
19583 } else {
19584 // mark that we need a transform, so that any data that comes in
19585 // will get processed, now that we've asked for it.
19586 ts.needTransform = true;
19587 }
19588};
19589
19590function done(stream, er, data) {
19591 if (er) return stream.emit('error', er);
19592
19593 if (data !== null && data !== undefined) stream.push(data);
19594
19595 // if there's nothing in the write buffer, then that means
19596 // that nothing more will ever be provided
19597 var ws = stream._writableState;
19598 var ts = stream._transformState;
19599
19600 if (ws.length) throw new Error('Calling transform done when ws.length != 0');
19601
19602 if (ts.transforming) throw new Error('Calling transform done when still transforming');
19603
19604 return stream.push(null);
19605}
19606},{"./_stream_duplex":121,"core-util-is":49,"inherits":95}],125:[function(require,module,exports){
19607(function (process){
19608// A bit simpler than readable streams.
19609// Implement an async ._write(chunk, encoding, cb), and it'll handle all
19610// the drain event emission and buffering.
19611
19612'use strict';
19613
19614module.exports = Writable;
19615
19616/*<replacement>*/
19617var processNextTick = require('process-nextick-args');
19618/*</replacement>*/
19619
19620/*<replacement>*/
19621var asyncWrite = !process.browser && ['v0.10', 'v0.9.'].indexOf(process.version.slice(0, 5)) > -1 ? setImmediate : processNextTick;
19622/*</replacement>*/
19623
19624/*<replacement>*/
19625var Duplex;
19626/*</replacement>*/
19627
19628Writable.WritableState = WritableState;
19629
19630/*<replacement>*/
19631var util = require('core-util-is');
19632util.inherits = require('inherits');
19633/*</replacement>*/
19634
19635/*<replacement>*/
19636var internalUtil = {
19637 deprecate: require('util-deprecate')
19638};
19639/*</replacement>*/
19640
19641/*<replacement>*/
19642var Stream = require('./internal/streams/stream');
19643/*</replacement>*/
19644
19645var Buffer = require('buffer').Buffer;
19646/*<replacement>*/
19647var bufferShim = require('buffer-shims');
19648/*</replacement>*/
19649
19650util.inherits(Writable, Stream);
19651
19652function nop() {}
19653
19654function WriteReq(chunk, encoding, cb) {
19655 this.chunk = chunk;
19656 this.encoding = encoding;
19657 this.callback = cb;
19658 this.next = null;
19659}
19660
19661function WritableState(options, stream) {
19662 Duplex = Duplex || require('./_stream_duplex');
19663
19664 options = options || {};
19665
19666 // object stream flag to indicate whether or not this stream
19667 // contains buffers or objects.
19668 this.objectMode = !!options.objectMode;
19669
19670 if (stream instanceof Duplex) this.objectMode = this.objectMode || !!options.writableObjectMode;
19671
19672 // the point at which write() starts returning false
19673 // Note: 0 is a valid value, means that we always return false if
19674 // the entire buffer is not flushed immediately on write()
19675 var hwm = options.highWaterMark;
19676 var defaultHwm = this.objectMode ? 16 : 16 * 1024;
19677 this.highWaterMark = hwm || hwm === 0 ? hwm : defaultHwm;
19678
19679 // cast to ints.
19680 this.highWaterMark = ~~this.highWaterMark;
19681
19682 // drain event flag.
19683 this.needDrain = false;
19684 // at the start of calling end()
19685 this.ending = false;
19686 // when end() has been called, and returned
19687 this.ended = false;
19688 // when 'finish' is emitted
19689 this.finished = false;
19690
19691 // should we decode strings into buffers before passing to _write?
19692 // this is here so that some node-core streams can optimize string
19693 // handling at a lower level.
19694 var noDecode = options.decodeStrings === false;
19695 this.decodeStrings = !noDecode;
19696
19697 // Crypto is kind of old and crusty. Historically, its default string
19698 // encoding is 'binary' so we have to make this configurable.
19699 // Everything else in the universe uses 'utf8', though.
19700 this.defaultEncoding = options.defaultEncoding || 'utf8';
19701
19702 // not an actual buffer we keep track of, but a measurement
19703 // of how much we're waiting to get pushed to some underlying
19704 // socket or file.
19705 this.length = 0;
19706
19707 // a flag to see when we're in the middle of a write.
19708 this.writing = false;
19709
19710 // when true all writes will be buffered until .uncork() call
19711 this.corked = 0;
19712
19713 // a flag to be able to tell if the onwrite cb is called immediately,
19714 // or on a later tick. We set this to true at first, because any
19715 // actions that shouldn't happen until "later" should generally also
19716 // not happen before the first write call.
19717 this.sync = true;
19718
19719 // a flag to know if we're processing previously buffered items, which
19720 // may call the _write() callback in the same tick, so that we don't
19721 // end up in an overlapped onwrite situation.
19722 this.bufferProcessing = false;
19723
19724 // the callback that's passed to _write(chunk,cb)
19725 this.onwrite = function (er) {
19726 onwrite(stream, er);
19727 };
19728
19729 // the callback that the user supplies to write(chunk,encoding,cb)
19730 this.writecb = null;
19731
19732 // the amount that is being written when _write is called.
19733 this.writelen = 0;
19734
19735 this.bufferedRequest = null;
19736 this.lastBufferedRequest = null;
19737
19738 // number of pending user-supplied write callbacks
19739 // this must be 0 before 'finish' can be emitted
19740 this.pendingcb = 0;
19741
19742 // emit prefinish if the only thing we're waiting for is _write cbs
19743 // This is relevant for synchronous Transform streams
19744 this.prefinished = false;
19745
19746 // True if the error was already emitted and should not be thrown again
19747 this.errorEmitted = false;
19748
19749 // count buffered requests
19750 this.bufferedRequestCount = 0;
19751
19752 // allocate the first CorkedRequest, there is always
19753 // one allocated and free to use, and we maintain at most two
19754 this.corkedRequestsFree = new CorkedRequest(this);
19755}
19756
19757WritableState.prototype.getBuffer = function getBuffer() {
19758 var current = this.bufferedRequest;
19759 var out = [];
19760 while (current) {
19761 out.push(current);
19762 current = current.next;
19763 }
19764 return out;
19765};
19766
19767(function () {
19768 try {
19769 Object.defineProperty(WritableState.prototype, 'buffer', {
19770 get: internalUtil.deprecate(function () {
19771 return this.getBuffer();
19772 }, '_writableState.buffer is deprecated. Use _writableState.getBuffer ' + 'instead.')
19773 });
19774 } catch (_) {}
19775})();
19776
19777// Test _writableState for inheritance to account for Duplex streams,
19778// whose prototype chain only points to Readable.
19779var realHasInstance;
19780if (typeof Symbol === 'function' && Symbol.hasInstance && typeof Function.prototype[Symbol.hasInstance] === 'function') {
19781 realHasInstance = Function.prototype[Symbol.hasInstance];
19782 Object.defineProperty(Writable, Symbol.hasInstance, {
19783 value: function (object) {
19784 if (realHasInstance.call(this, object)) return true;
19785
19786 return object && object._writableState instanceof WritableState;
19787 }
19788 });
19789} else {
19790 realHasInstance = function (object) {
19791 return object instanceof this;
19792 };
19793}
19794
19795function Writable(options) {
19796 Duplex = Duplex || require('./_stream_duplex');
19797
19798 // Writable ctor is applied to Duplexes, too.
19799 // `realHasInstance` is necessary because using plain `instanceof`
19800 // would return false, as no `_writableState` property is attached.
19801
19802 // Trying to use the custom `instanceof` for Writable here will also break the
19803 // Node.js LazyTransform implementation, which has a non-trivial getter for
19804 // `_writableState` that would lead to infinite recursion.
19805 if (!realHasInstance.call(Writable, this) && !(this instanceof Duplex)) {
19806 return new Writable(options);
19807 }
19808
19809 this._writableState = new WritableState(options, this);
19810
19811 // legacy.
19812 this.writable = true;
19813
19814 if (options) {
19815 if (typeof options.write === 'function') this._write = options.write;
19816
19817 if (typeof options.writev === 'function') this._writev = options.writev;
19818 }
19819
19820 Stream.call(this);
19821}
19822
19823// Otherwise people can pipe Writable streams, which is just wrong.
19824Writable.prototype.pipe = function () {
19825 this.emit('error', new Error('Cannot pipe, not readable'));
19826};
19827
19828function writeAfterEnd(stream, cb) {
19829 var er = new Error('write after end');
19830 // TODO: defer error events consistently everywhere, not just the cb
19831 stream.emit('error', er);
19832 processNextTick(cb, er);
19833}
19834
19835// Checks that a user-supplied chunk is valid, especially for the particular
19836// mode the stream is in. Currently this means that `null` is never accepted
19837// and undefined/non-string values are only allowed in object mode.
19838function validChunk(stream, state, chunk, cb) {
19839 var valid = true;
19840 var er = false;
19841
19842 if (chunk === null) {
19843 er = new TypeError('May not write null values to stream');
19844 } else if (typeof chunk !== 'string' && chunk !== undefined && !state.objectMode) {
19845 er = new TypeError('Invalid non-string/buffer chunk');
19846 }
19847 if (er) {
19848 stream.emit('error', er);
19849 processNextTick(cb, er);
19850 valid = false;
19851 }
19852 return valid;
19853}
19854
19855Writable.prototype.write = function (chunk, encoding, cb) {
19856 var state = this._writableState;
19857 var ret = false;
19858 var isBuf = Buffer.isBuffer(chunk);
19859
19860 if (typeof encoding === 'function') {
19861 cb = encoding;
19862 encoding = null;
19863 }
19864
19865 if (isBuf) encoding = 'buffer';else if (!encoding) encoding = state.defaultEncoding;
19866
19867 if (typeof cb !== 'function') cb = nop;
19868
19869 if (state.ended) writeAfterEnd(this, cb);else if (isBuf || validChunk(this, state, chunk, cb)) {
19870 state.pendingcb++;
19871 ret = writeOrBuffer(this, state, isBuf, chunk, encoding, cb);
19872 }
19873
19874 return ret;
19875};
19876
19877Writable.prototype.cork = function () {
19878 var state = this._writableState;
19879
19880 state.corked++;
19881};
19882
19883Writable.prototype.uncork = function () {
19884 var state = this._writableState;
19885
19886 if (state.corked) {
19887 state.corked--;
19888
19889 if (!state.writing && !state.corked && !state.finished && !state.bufferProcessing && state.bufferedRequest) clearBuffer(this, state);
19890 }
19891};
19892
19893Writable.prototype.setDefaultEncoding = function setDefaultEncoding(encoding) {
19894 // node::ParseEncoding() requires lower case.
19895 if (typeof encoding === 'string') encoding = encoding.toLowerCase();
19896 if (!(['hex', 'utf8', 'utf-8', 'ascii', 'binary', 'base64', 'ucs2', 'ucs-2', 'utf16le', 'utf-16le', 'raw'].indexOf((encoding + '').toLowerCase()) > -1)) throw new TypeError('Unknown encoding: ' + encoding);
19897 this._writableState.defaultEncoding = encoding;
19898 return this;
19899};
19900
19901function decodeChunk(state, chunk, encoding) {
19902 if (!state.objectMode && state.decodeStrings !== false && typeof chunk === 'string') {
19903 chunk = bufferShim.from(chunk, encoding);
19904 }
19905 return chunk;
19906}
19907
19908// if we're already writing something, then just put this
19909// in the queue, and wait our turn. Otherwise, call _write
19910// If we return false, then we need a drain event, so set that flag.
19911function writeOrBuffer(stream, state, isBuf, chunk, encoding, cb) {
19912 if (!isBuf) {
19913 chunk = decodeChunk(state, chunk, encoding);
19914 if (Buffer.isBuffer(chunk)) encoding = 'buffer';
19915 }
19916 var len = state.objectMode ? 1 : chunk.length;
19917
19918 state.length += len;
19919
19920 var ret = state.length < state.highWaterMark;
19921 // we must ensure that previous needDrain will not be reset to false.
19922 if (!ret) state.needDrain = true;
19923
19924 if (state.writing || state.corked) {
19925 var last = state.lastBufferedRequest;
19926 state.lastBufferedRequest = new WriteReq(chunk, encoding, cb);
19927 if (last) {
19928 last.next = state.lastBufferedRequest;
19929 } else {
19930 state.bufferedRequest = state.lastBufferedRequest;
19931 }
19932 state.bufferedRequestCount += 1;
19933 } else {
19934 doWrite(stream, state, false, len, chunk, encoding, cb);
19935 }
19936
19937 return ret;
19938}
19939
19940function doWrite(stream, state, writev, len, chunk, encoding, cb) {
19941 state.writelen = len;
19942 state.writecb = cb;
19943 state.writing = true;
19944 state.sync = true;
19945 if (writev) stream._writev(chunk, state.onwrite);else stream._write(chunk, encoding, state.onwrite);
19946 state.sync = false;
19947}
19948
19949function onwriteError(stream, state, sync, er, cb) {
19950 --state.pendingcb;
19951 if (sync) processNextTick(cb, er);else cb(er);
19952
19953 stream._writableState.errorEmitted = true;
19954 stream.emit('error', er);
19955}
19956
19957function onwriteStateUpdate(state) {
19958 state.writing = false;
19959 state.writecb = null;
19960 state.length -= state.writelen;
19961 state.writelen = 0;
19962}
19963
19964function onwrite(stream, er) {
19965 var state = stream._writableState;
19966 var sync = state.sync;
19967 var cb = state.writecb;
19968
19969 onwriteStateUpdate(state);
19970
19971 if (er) onwriteError(stream, state, sync, er, cb);else {
19972 // Check if we're actually ready to finish, but don't emit yet
19973 var finished = needFinish(state);
19974
19975 if (!finished && !state.corked && !state.bufferProcessing && state.bufferedRequest) {
19976 clearBuffer(stream, state);
19977 }
19978
19979 if (sync) {
19980 /*<replacement>*/
19981 asyncWrite(afterWrite, stream, state, finished, cb);
19982 /*</replacement>*/
19983 } else {
19984 afterWrite(stream, state, finished, cb);
19985 }
19986 }
19987}
19988
19989function afterWrite(stream, state, finished, cb) {
19990 if (!finished) onwriteDrain(stream, state);
19991 state.pendingcb--;
19992 cb();
19993 finishMaybe(stream, state);
19994}
19995
19996// Must force callback to be called on nextTick, so that we don't
19997// emit 'drain' before the write() consumer gets the 'false' return
19998// value, and has a chance to attach a 'drain' listener.
19999function onwriteDrain(stream, state) {
20000 if (state.length === 0 && state.needDrain) {
20001 state.needDrain = false;
20002 stream.emit('drain');
20003 }
20004}
20005
20006// if there's something in the buffer waiting, then process it
20007function clearBuffer(stream, state) {
20008 state.bufferProcessing = true;
20009 var entry = state.bufferedRequest;
20010
20011 if (stream._writev && entry && entry.next) {
20012 // Fast case, write everything using _writev()
20013 var l = state.bufferedRequestCount;
20014 var buffer = new Array(l);
20015 var holder = state.corkedRequestsFree;
20016 holder.entry = entry;
20017
20018 var count = 0;
20019 while (entry) {
20020 buffer[count] = entry;
20021 entry = entry.next;
20022 count += 1;
20023 }
20024
20025 doWrite(stream, state, true, state.length, buffer, '', holder.finish);
20026
20027 // doWrite is almost always async, defer these to save a bit of time
20028 // as the hot path ends with doWrite
20029 state.pendingcb++;
20030 state.lastBufferedRequest = null;
20031 if (holder.next) {
20032 state.corkedRequestsFree = holder.next;
20033 holder.next = null;
20034 } else {
20035 state.corkedRequestsFree = new CorkedRequest(state);
20036 }
20037 } else {
20038 // Slow case, write chunks one-by-one
20039 while (entry) {
20040 var chunk = entry.chunk;
20041 var encoding = entry.encoding;
20042 var cb = entry.callback;
20043 var len = state.objectMode ? 1 : chunk.length;
20044
20045 doWrite(stream, state, false, len, chunk, encoding, cb);
20046 entry = entry.next;
20047 // if we didn't call the onwrite immediately, then
20048 // it means that we need to wait until it does.
20049 // also, that means that the chunk and cb are currently
20050 // being processed, so move the buffer counter past them.
20051 if (state.writing) {
20052 break;
20053 }
20054 }
20055
20056 if (entry === null) state.lastBufferedRequest = null;
20057 }
20058
20059 state.bufferedRequestCount = 0;
20060 state.bufferedRequest = entry;
20061 state.bufferProcessing = false;
20062}
20063
20064Writable.prototype._write = function (chunk, encoding, cb) {
20065 cb(new Error('_write() is not implemented'));
20066};
20067
20068Writable.prototype._writev = null;
20069
20070Writable.prototype.end = function (chunk, encoding, cb) {
20071 var state = this._writableState;
20072
20073 if (typeof chunk === 'function') {
20074 cb = chunk;
20075 chunk = null;
20076 encoding = null;
20077 } else if (typeof encoding === 'function') {
20078 cb = encoding;
20079 encoding = null;
20080 }
20081
20082 if (chunk !== null && chunk !== undefined) this.write(chunk, encoding);
20083
20084 // .end() fully uncorks
20085 if (state.corked) {
20086 state.corked = 1;
20087 this.uncork();
20088 }
20089
20090 // ignore unnecessary end() calls.
20091 if (!state.ending && !state.finished) endWritable(this, state, cb);
20092};
20093
20094function needFinish(state) {
20095 return state.ending && state.length === 0 && state.bufferedRequest === null && !state.finished && !state.writing;
20096}
20097
20098function prefinish(stream, state) {
20099 if (!state.prefinished) {
20100 state.prefinished = true;
20101 stream.emit('prefinish');
20102 }
20103}
20104
20105function finishMaybe(stream, state) {
20106 var need = needFinish(state);
20107 if (need) {
20108 if (state.pendingcb === 0) {
20109 prefinish(stream, state);
20110 state.finished = true;
20111 stream.emit('finish');
20112 } else {
20113 prefinish(stream, state);
20114 }
20115 }
20116 return need;
20117}
20118
20119function endWritable(stream, state, cb) {
20120 state.ending = true;
20121 finishMaybe(stream, state);
20122 if (cb) {
20123 if (state.finished) processNextTick(cb);else stream.once('finish', cb);
20124 }
20125 state.ended = true;
20126 stream.writable = false;
20127}
20128
20129// It seems a linked list but it is not
20130// there will be only 2 of these for each stream
20131function CorkedRequest(state) {
20132 var _this = this;
20133
20134 this.next = null;
20135 this.entry = null;
20136 this.finish = function (err) {
20137 var entry = _this.entry;
20138 _this.entry = null;
20139 while (entry) {
20140 var cb = entry.callback;
20141 state.pendingcb--;
20142 cb(err);
20143 entry = entry.next;
20144 }
20145 if (state.corkedRequestsFree) {
20146 state.corkedRequestsFree.next = _this;
20147 } else {
20148 state.corkedRequestsFree = _this;
20149 }
20150 };
20151}
20152}).call(this,require('_process'))
20153},{"./_stream_duplex":121,"./internal/streams/stream":127,"_process":112,"buffer":47,"buffer-shims":45,"core-util-is":49,"inherits":95,"process-nextick-args":111,"util-deprecate":145}],126:[function(require,module,exports){
20154'use strict';
20155
20156var Buffer = require('buffer').Buffer;
20157/*<replacement>*/
20158var bufferShim = require('buffer-shims');
20159/*</replacement>*/
20160
20161module.exports = BufferList;
20162
20163function BufferList() {
20164 this.head = null;
20165 this.tail = null;
20166 this.length = 0;
20167}
20168
20169BufferList.prototype.push = function (v) {
20170 var entry = { data: v, next: null };
20171 if (this.length > 0) this.tail.next = entry;else this.head = entry;
20172 this.tail = entry;
20173 ++this.length;
20174};
20175
20176BufferList.prototype.unshift = function (v) {
20177 var entry = { data: v, next: this.head };
20178 if (this.length === 0) this.tail = entry;
20179 this.head = entry;
20180 ++this.length;
20181};
20182
20183BufferList.prototype.shift = function () {
20184 if (this.length === 0) return;
20185 var ret = this.head.data;
20186 if (this.length === 1) this.head = this.tail = null;else this.head = this.head.next;
20187 --this.length;
20188 return ret;
20189};
20190
20191BufferList.prototype.clear = function () {
20192 this.head = this.tail = null;
20193 this.length = 0;
20194};
20195
20196BufferList.prototype.join = function (s) {
20197 if (this.length === 0) return '';
20198 var p = this.head;
20199 var ret = '' + p.data;
20200 while (p = p.next) {
20201 ret += s + p.data;
20202 }return ret;
20203};
20204
20205BufferList.prototype.concat = function (n) {
20206 if (this.length === 0) return bufferShim.alloc(0);
20207 if (this.length === 1) return this.head.data;
20208 var ret = bufferShim.allocUnsafe(n >>> 0);
20209 var p = this.head;
20210 var i = 0;
20211 while (p) {
20212 p.data.copy(ret, i);
20213 i += p.data.length;
20214 p = p.next;
20215 }
20216 return ret;
20217};
20218},{"buffer":47,"buffer-shims":45}],127:[function(require,module,exports){
20219module.exports = require('events').EventEmitter;
20220
20221},{"events":83}],128:[function(require,module,exports){
20222'use strict';
20223
20224var Buffer = require('safe-buffer').Buffer;
20225
20226var isEncoding = Buffer.isEncoding || function (encoding) {
20227 encoding = '' + encoding;
20228 switch (encoding && encoding.toLowerCase()) {
20229 case 'hex':case 'utf8':case 'utf-8':case 'ascii':case 'binary':case 'base64':case 'ucs2':case 'ucs-2':case 'utf16le':case 'utf-16le':case 'raw':
20230 return true;
20231 default:
20232 return false;
20233 }
20234};
20235
20236function _normalizeEncoding(enc) {
20237 if (!enc) return 'utf8';
20238 var retried;
20239 while (true) {
20240 switch (enc) {
20241 case 'utf8':
20242 case 'utf-8':
20243 return 'utf8';
20244 case 'ucs2':
20245 case 'ucs-2':
20246 case 'utf16le':
20247 case 'utf-16le':
20248 return 'utf16le';
20249 case 'latin1':
20250 case 'binary':
20251 return 'latin1';
20252 case 'base64':
20253 case 'ascii':
20254 case 'hex':
20255 return enc;
20256 default:
20257 if (retried) return; // undefined
20258 enc = ('' + enc).toLowerCase();
20259 retried = true;
20260 }
20261 }
20262};
20263
20264// Do not cache `Buffer.isEncoding` when checking encoding names as some
20265// modules monkey-patch it to support additional encodings
20266function normalizeEncoding(enc) {
20267 var nenc = _normalizeEncoding(enc);
20268 if (typeof nenc !== 'string' && (Buffer.isEncoding === isEncoding || !isEncoding(enc))) throw new Error('Unknown encoding: ' + enc);
20269 return nenc || enc;
20270}
20271
20272// StringDecoder provides an interface for efficiently splitting a series of
20273// buffers into a series of JS strings without breaking apart multi-byte
20274// characters.
20275exports.StringDecoder = StringDecoder;
20276function StringDecoder(encoding) {
20277 this.encoding = normalizeEncoding(encoding);
20278 var nb;
20279 switch (this.encoding) {
20280 case 'utf16le':
20281 this.text = utf16Text;
20282 this.end = utf16End;
20283 nb = 4;
20284 break;
20285 case 'utf8':
20286 this.fillLast = utf8FillLast;
20287 nb = 4;
20288 break;
20289 case 'base64':
20290 this.text = base64Text;
20291 this.end = base64End;
20292 nb = 3;
20293 break;
20294 default:
20295 this.write = simpleWrite;
20296 this.end = simpleEnd;
20297 return;
20298 }
20299 this.lastNeed = 0;
20300 this.lastTotal = 0;
20301 this.lastChar = Buffer.allocUnsafe(nb);
20302}
20303
20304StringDecoder.prototype.write = function (buf) {
20305 if (buf.length === 0) return '';
20306 var r;
20307 var i;
20308 if (this.lastNeed) {
20309 r = this.fillLast(buf);
20310 if (r === undefined) return '';
20311 i = this.lastNeed;
20312 this.lastNeed = 0;
20313 } else {
20314 i = 0;
20315 }
20316 if (i < buf.length) return r ? r + this.text(buf, i) : this.text(buf, i);
20317 return r || '';
20318};
20319
20320StringDecoder.prototype.end = utf8End;
20321
20322// Returns only complete characters in a Buffer
20323StringDecoder.prototype.text = utf8Text;
20324
20325// Attempts to complete a partial non-UTF-8 character using bytes from a Buffer
20326StringDecoder.prototype.fillLast = function (buf) {
20327 if (this.lastNeed <= buf.length) {
20328 buf.copy(this.lastChar, this.lastTotal - this.lastNeed, 0, this.lastNeed);
20329 return this.lastChar.toString(this.encoding, 0, this.lastTotal);
20330 }
20331 buf.copy(this.lastChar, this.lastTotal - this.lastNeed, 0, buf.length);
20332 this.lastNeed -= buf.length;
20333};
20334
20335// Checks the type of a UTF-8 byte, whether it's ASCII, a leading byte, or a
20336// continuation byte.
20337function utf8CheckByte(byte) {
20338 if (byte <= 0x7F) return 0;else if (byte >> 5 === 0x06) return 2;else if (byte >> 4 === 0x0E) return 3;else if (byte >> 3 === 0x1E) return 4;
20339 return -1;
20340}
20341
20342// Checks at most 3 bytes at the end of a Buffer in order to detect an
20343// incomplete multi-byte UTF-8 character. The total number of bytes (2, 3, or 4)
20344// needed to complete the UTF-8 character (if applicable) are returned.
20345function utf8CheckIncomplete(self, buf, i) {
20346 var j = buf.length - 1;
20347 if (j < i) return 0;
20348 var nb = utf8CheckByte(buf[j]);
20349 if (nb >= 0) {
20350 if (nb > 0) self.lastNeed = nb - 1;
20351 return nb;
20352 }
20353 if (--j < i) return 0;
20354 nb = utf8CheckByte(buf[j]);
20355 if (nb >= 0) {
20356 if (nb > 0) self.lastNeed = nb - 2;
20357 return nb;
20358 }
20359 if (--j < i) return 0;
20360 nb = utf8CheckByte(buf[j]);
20361 if (nb >= 0) {
20362 if (nb > 0) {
20363 if (nb === 2) nb = 0;else self.lastNeed = nb - 3;
20364 }
20365 return nb;
20366 }
20367 return 0;
20368}
20369
20370// Validates as many continuation bytes for a multi-byte UTF-8 character as
20371// needed or are available. If we see a non-continuation byte where we expect
20372// one, we "replace" the validated continuation bytes we've seen so far with
20373// UTF-8 replacement characters ('\ufffd'), to match v8's UTF-8 decoding
20374// behavior. The continuation byte check is included three times in the case
20375// where all of the continuation bytes for a character exist in the same buffer.
20376// It is also done this way as a slight performance increase instead of using a
20377// loop.
20378function utf8CheckExtraBytes(self, buf, p) {
20379 if ((buf[0] & 0xC0) !== 0x80) {
20380 self.lastNeed = 0;
20381 return '\ufffd'.repeat(p);
20382 }
20383 if (self.lastNeed > 1 && buf.length > 1) {
20384 if ((buf[1] & 0xC0) !== 0x80) {
20385 self.lastNeed = 1;
20386 return '\ufffd'.repeat(p + 1);
20387 }
20388 if (self.lastNeed > 2 && buf.length > 2) {
20389 if ((buf[2] & 0xC0) !== 0x80) {
20390 self.lastNeed = 2;
20391 return '\ufffd'.repeat(p + 2);
20392 }
20393 }
20394 }
20395}
20396
20397// Attempts to complete a multi-byte UTF-8 character using bytes from a Buffer.
20398function utf8FillLast(buf) {
20399 var p = this.lastTotal - this.lastNeed;
20400 var r = utf8CheckExtraBytes(this, buf, p);
20401 if (r !== undefined) return r;
20402 if (this.lastNeed <= buf.length) {
20403 buf.copy(this.lastChar, p, 0, this.lastNeed);
20404 return this.lastChar.toString(this.encoding, 0, this.lastTotal);
20405 }
20406 buf.copy(this.lastChar, p, 0, buf.length);
20407 this.lastNeed -= buf.length;
20408}
20409
20410// Returns all complete UTF-8 characters in a Buffer. If the Buffer ended on a
20411// partial character, the character's bytes are buffered until the required
20412// number of bytes are available.
20413function utf8Text(buf, i) {
20414 var total = utf8CheckIncomplete(this, buf, i);
20415 if (!this.lastNeed) return buf.toString('utf8', i);
20416 this.lastTotal = total;
20417 var end = buf.length - (total - this.lastNeed);
20418 buf.copy(this.lastChar, 0, end);
20419 return buf.toString('utf8', i, end);
20420}
20421
20422// For UTF-8, a replacement character for each buffered byte of a (partial)
20423// character needs to be added to the output.
20424function utf8End(buf) {
20425 var r = buf && buf.length ? this.write(buf) : '';
20426 if (this.lastNeed) return r + '\ufffd'.repeat(this.lastTotal - this.lastNeed);
20427 return r;
20428}
20429
20430// UTF-16LE typically needs two bytes per character, but even if we have an even
20431// number of bytes available, we need to check if we end on a leading/high
20432// surrogate. In that case, we need to wait for the next two bytes in order to
20433// decode the last character properly.
20434function utf16Text(buf, i) {
20435 if ((buf.length - i) % 2 === 0) {
20436 var r = buf.toString('utf16le', i);
20437 if (r) {
20438 var c = r.charCodeAt(r.length - 1);
20439 if (c >= 0xD800 && c <= 0xDBFF) {
20440 this.lastNeed = 2;
20441 this.lastTotal = 4;
20442 this.lastChar[0] = buf[buf.length - 2];
20443 this.lastChar[1] = buf[buf.length - 1];
20444 return r.slice(0, -1);
20445 }
20446 }
20447 return r;
20448 }
20449 this.lastNeed = 1;
20450 this.lastTotal = 2;
20451 this.lastChar[0] = buf[buf.length - 1];
20452 return buf.toString('utf16le', i, buf.length - 1);
20453}
20454
20455// For UTF-16LE we do not explicitly append special replacement characters if we
20456// end on a partial character, we simply let v8 handle that.
20457function utf16End(buf) {
20458 var r = buf && buf.length ? this.write(buf) : '';
20459 if (this.lastNeed) {
20460 var end = this.lastTotal - this.lastNeed;
20461 return r + this.lastChar.toString('utf16le', 0, end);
20462 }
20463 return r;
20464}
20465
20466function base64Text(buf, i) {
20467 var n = (buf.length - i) % 3;
20468 if (n === 0) return buf.toString('base64', i);
20469 this.lastNeed = 3 - n;
20470 this.lastTotal = 3;
20471 if (n === 1) {
20472 this.lastChar[0] = buf[buf.length - 1];
20473 } else {
20474 this.lastChar[0] = buf[buf.length - 2];
20475 this.lastChar[1] = buf[buf.length - 1];
20476 }
20477 return buf.toString('base64', i, buf.length - n);
20478}
20479
20480function base64End(buf) {
20481 var r = buf && buf.length ? this.write(buf) : '';
20482 if (this.lastNeed) return r + this.lastChar.toString('base64', 0, 3 - this.lastNeed);
20483 return r;
20484}
20485
20486// Pass bytes on through for single-byte encodings (e.g. ascii, latin1, hex)
20487function simpleWrite(buf) {
20488 return buf.toString(this.encoding);
20489}
20490
20491function simpleEnd(buf) {
20492 return buf && buf.length ? this.write(buf) : '';
20493}
20494},{"safe-buffer":134}],129:[function(require,module,exports){
20495module.exports = require('./readable').PassThrough
20496
20497},{"./readable":130}],130:[function(require,module,exports){
20498exports = module.exports = require('./lib/_stream_readable.js');
20499exports.Stream = exports;
20500exports.Readable = exports;
20501exports.Writable = require('./lib/_stream_writable.js');
20502exports.Duplex = require('./lib/_stream_duplex.js');
20503exports.Transform = require('./lib/_stream_transform.js');
20504exports.PassThrough = require('./lib/_stream_passthrough.js');
20505
20506},{"./lib/_stream_duplex.js":121,"./lib/_stream_passthrough.js":122,"./lib/_stream_readable.js":123,"./lib/_stream_transform.js":124,"./lib/_stream_writable.js":125}],131:[function(require,module,exports){
20507module.exports = require('./readable').Transform
20508
20509},{"./readable":130}],132:[function(require,module,exports){
20510module.exports = require('./lib/_stream_writable.js');
20511
20512},{"./lib/_stream_writable.js":125}],133:[function(require,module,exports){
20513(function (Buffer){
20514'use strict'
20515var inherits = require('inherits')
20516var HashBase = require('hash-base')
20517
20518function RIPEMD160 () {
20519 HashBase.call(this, 64)
20520
20521 // state
20522 this._a = 0x67452301
20523 this._b = 0xefcdab89
20524 this._c = 0x98badcfe
20525 this._d = 0x10325476
20526 this._e = 0xc3d2e1f0
20527}
20528
20529inherits(RIPEMD160, HashBase)
20530
20531RIPEMD160.prototype._update = function () {
20532 var m = new Array(16)
20533 for (var i = 0; i < 16; ++i) m[i] = this._block.readInt32LE(i * 4)
20534
20535 var al = this._a
20536 var bl = this._b
20537 var cl = this._c
20538 var dl = this._d
20539 var el = this._e
20540
20541 // Mj = 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
20542 // K = 0x00000000
20543 // Sj = 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8
20544 al = fn1(al, bl, cl, dl, el, m[0], 0x00000000, 11); cl = rotl(cl, 10)
20545 el = fn1(el, al, bl, cl, dl, m[1], 0x00000000, 14); bl = rotl(bl, 10)
20546 dl = fn1(dl, el, al, bl, cl, m[2], 0x00000000, 15); al = rotl(al, 10)
20547 cl = fn1(cl, dl, el, al, bl, m[3], 0x00000000, 12); el = rotl(el, 10)
20548 bl = fn1(bl, cl, dl, el, al, m[4], 0x00000000, 5); dl = rotl(dl, 10)
20549 al = fn1(al, bl, cl, dl, el, m[5], 0x00000000, 8); cl = rotl(cl, 10)
20550 el = fn1(el, al, bl, cl, dl, m[6], 0x00000000, 7); bl = rotl(bl, 10)
20551 dl = fn1(dl, el, al, bl, cl, m[7], 0x00000000, 9); al = rotl(al, 10)
20552 cl = fn1(cl, dl, el, al, bl, m[8], 0x00000000, 11); el = rotl(el, 10)
20553 bl = fn1(bl, cl, dl, el, al, m[9], 0x00000000, 13); dl = rotl(dl, 10)
20554 al = fn1(al, bl, cl, dl, el, m[10], 0x00000000, 14); cl = rotl(cl, 10)
20555 el = fn1(el, al, bl, cl, dl, m[11], 0x00000000, 15); bl = rotl(bl, 10)
20556 dl = fn1(dl, el, al, bl, cl, m[12], 0x00000000, 6); al = rotl(al, 10)
20557 cl = fn1(cl, dl, el, al, bl, m[13], 0x00000000, 7); el = rotl(el, 10)
20558 bl = fn1(bl, cl, dl, el, al, m[14], 0x00000000, 9); dl = rotl(dl, 10)
20559 al = fn1(al, bl, cl, dl, el, m[15], 0x00000000, 8); cl = rotl(cl, 10)
20560
20561 // Mj = 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8
20562 // K = 0x5a827999
20563 // Sj = 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12
20564 el = fn2(el, al, bl, cl, dl, m[7], 0x5a827999, 7); bl = rotl(bl, 10)
20565 dl = fn2(dl, el, al, bl, cl, m[4], 0x5a827999, 6); al = rotl(al, 10)
20566 cl = fn2(cl, dl, el, al, bl, m[13], 0x5a827999, 8); el = rotl(el, 10)
20567 bl = fn2(bl, cl, dl, el, al, m[1], 0x5a827999, 13); dl = rotl(dl, 10)
20568 al = fn2(al, bl, cl, dl, el, m[10], 0x5a827999, 11); cl = rotl(cl, 10)
20569 el = fn2(el, al, bl, cl, dl, m[6], 0x5a827999, 9); bl = rotl(bl, 10)
20570 dl = fn2(dl, el, al, bl, cl, m[15], 0x5a827999, 7); al = rotl(al, 10)
20571 cl = fn2(cl, dl, el, al, bl, m[3], 0x5a827999, 15); el = rotl(el, 10)
20572 bl = fn2(bl, cl, dl, el, al, m[12], 0x5a827999, 7); dl = rotl(dl, 10)
20573 al = fn2(al, bl, cl, dl, el, m[0], 0x5a827999, 12); cl = rotl(cl, 10)
20574 el = fn2(el, al, bl, cl, dl, m[9], 0x5a827999, 15); bl = rotl(bl, 10)
20575 dl = fn2(dl, el, al, bl, cl, m[5], 0x5a827999, 9); al = rotl(al, 10)
20576 cl = fn2(cl, dl, el, al, bl, m[2], 0x5a827999, 11); el = rotl(el, 10)
20577 bl = fn2(bl, cl, dl, el, al, m[14], 0x5a827999, 7); dl = rotl(dl, 10)
20578 al = fn2(al, bl, cl, dl, el, m[11], 0x5a827999, 13); cl = rotl(cl, 10)
20579 el = fn2(el, al, bl, cl, dl, m[8], 0x5a827999, 12); bl = rotl(bl, 10)
20580
20581 // Mj = 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12
20582 // K = 0x6ed9eba1
20583 // Sj = 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5
20584 dl = fn3(dl, el, al, bl, cl, m[3], 0x6ed9eba1, 11); al = rotl(al, 10)
20585 cl = fn3(cl, dl, el, al, bl, m[10], 0x6ed9eba1, 13); el = rotl(el, 10)
20586 bl = fn3(bl, cl, dl, el, al, m[14], 0x6ed9eba1, 6); dl = rotl(dl, 10)
20587 al = fn3(al, bl, cl, dl, el, m[4], 0x6ed9eba1, 7); cl = rotl(cl, 10)
20588 el = fn3(el, al, bl, cl, dl, m[9], 0x6ed9eba1, 14); bl = rotl(bl, 10)
20589 dl = fn3(dl, el, al, bl, cl, m[15], 0x6ed9eba1, 9); al = rotl(al, 10)
20590 cl = fn3(cl, dl, el, al, bl, m[8], 0x6ed9eba1, 13); el = rotl(el, 10)
20591 bl = fn3(bl, cl, dl, el, al, m[1], 0x6ed9eba1, 15); dl = rotl(dl, 10)
20592 al = fn3(al, bl, cl, dl, el, m[2], 0x6ed9eba1, 14); cl = rotl(cl, 10)
20593 el = fn3(el, al, bl, cl, dl, m[7], 0x6ed9eba1, 8); bl = rotl(bl, 10)
20594 dl = fn3(dl, el, al, bl, cl, m[0], 0x6ed9eba1, 13); al = rotl(al, 10)
20595 cl = fn3(cl, dl, el, al, bl, m[6], 0x6ed9eba1, 6); el = rotl(el, 10)
20596 bl = fn3(bl, cl, dl, el, al, m[13], 0x6ed9eba1, 5); dl = rotl(dl, 10)
20597 al = fn3(al, bl, cl, dl, el, m[11], 0x6ed9eba1, 12); cl = rotl(cl, 10)
20598 el = fn3(el, al, bl, cl, dl, m[5], 0x6ed9eba1, 7); bl = rotl(bl, 10)
20599 dl = fn3(dl, el, al, bl, cl, m[12], 0x6ed9eba1, 5); al = rotl(al, 10)
20600
20601 // Mj = 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2
20602 // K = 0x8f1bbcdc
20603 // Sj = 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12
20604 cl = fn4(cl, dl, el, al, bl, m[1], 0x8f1bbcdc, 11); el = rotl(el, 10)
20605 bl = fn4(bl, cl, dl, el, al, m[9], 0x8f1bbcdc, 12); dl = rotl(dl, 10)
20606 al = fn4(al, bl, cl, dl, el, m[11], 0x8f1bbcdc, 14); cl = rotl(cl, 10)
20607 el = fn4(el, al, bl, cl, dl, m[10], 0x8f1bbcdc, 15); bl = rotl(bl, 10)
20608 dl = fn4(dl, el, al, bl, cl, m[0], 0x8f1bbcdc, 14); al = rotl(al, 10)
20609 cl = fn4(cl, dl, el, al, bl, m[8], 0x8f1bbcdc, 15); el = rotl(el, 10)
20610 bl = fn4(bl, cl, dl, el, al, m[12], 0x8f1bbcdc, 9); dl = rotl(dl, 10)
20611 al = fn4(al, bl, cl, dl, el, m[4], 0x8f1bbcdc, 8); cl = rotl(cl, 10)
20612 el = fn4(el, al, bl, cl, dl, m[13], 0x8f1bbcdc, 9); bl = rotl(bl, 10)
20613 dl = fn4(dl, el, al, bl, cl, m[3], 0x8f1bbcdc, 14); al = rotl(al, 10)
20614 cl = fn4(cl, dl, el, al, bl, m[7], 0x8f1bbcdc, 5); el = rotl(el, 10)
20615 bl = fn4(bl, cl, dl, el, al, m[15], 0x8f1bbcdc, 6); dl = rotl(dl, 10)
20616 al = fn4(al, bl, cl, dl, el, m[14], 0x8f1bbcdc, 8); cl = rotl(cl, 10)
20617 el = fn4(el, al, bl, cl, dl, m[5], 0x8f1bbcdc, 6); bl = rotl(bl, 10)
20618 dl = fn4(dl, el, al, bl, cl, m[6], 0x8f1bbcdc, 5); al = rotl(al, 10)
20619 cl = fn4(cl, dl, el, al, bl, m[2], 0x8f1bbcdc, 12); el = rotl(el, 10)
20620
20621 // Mj = 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13
20622 // K = 0xa953fd4e
20623 // Sj = 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6
20624 bl = fn5(bl, cl, dl, el, al, m[4], 0xa953fd4e, 9); dl = rotl(dl, 10)
20625 al = fn5(al, bl, cl, dl, el, m[0], 0xa953fd4e, 15); cl = rotl(cl, 10)
20626 el = fn5(el, al, bl, cl, dl, m[5], 0xa953fd4e, 5); bl = rotl(bl, 10)
20627 dl = fn5(dl, el, al, bl, cl, m[9], 0xa953fd4e, 11); al = rotl(al, 10)
20628 cl = fn5(cl, dl, el, al, bl, m[7], 0xa953fd4e, 6); el = rotl(el, 10)
20629 bl = fn5(bl, cl, dl, el, al, m[12], 0xa953fd4e, 8); dl = rotl(dl, 10)
20630 al = fn5(al, bl, cl, dl, el, m[2], 0xa953fd4e, 13); cl = rotl(cl, 10)
20631 el = fn5(el, al, bl, cl, dl, m[10], 0xa953fd4e, 12); bl = rotl(bl, 10)
20632 dl = fn5(dl, el, al, bl, cl, m[14], 0xa953fd4e, 5); al = rotl(al, 10)
20633 cl = fn5(cl, dl, el, al, bl, m[1], 0xa953fd4e, 12); el = rotl(el, 10)
20634 bl = fn5(bl, cl, dl, el, al, m[3], 0xa953fd4e, 13); dl = rotl(dl, 10)
20635 al = fn5(al, bl, cl, dl, el, m[8], 0xa953fd4e, 14); cl = rotl(cl, 10)
20636 el = fn5(el, al, bl, cl, dl, m[11], 0xa953fd4e, 11); bl = rotl(bl, 10)
20637 dl = fn5(dl, el, al, bl, cl, m[6], 0xa953fd4e, 8); al = rotl(al, 10)
20638 cl = fn5(cl, dl, el, al, bl, m[15], 0xa953fd4e, 5); el = rotl(el, 10)
20639 bl = fn5(bl, cl, dl, el, al, m[13], 0xa953fd4e, 6); dl = rotl(dl, 10)
20640
20641 var ar = this._a
20642 var br = this._b
20643 var cr = this._c
20644 var dr = this._d
20645 var er = this._e
20646
20647 // M'j = 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12
20648 // K' = 0x50a28be6
20649 // S'j = 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6
20650 ar = fn5(ar, br, cr, dr, er, m[5], 0x50a28be6, 8); cr = rotl(cr, 10)
20651 er = fn5(er, ar, br, cr, dr, m[14], 0x50a28be6, 9); br = rotl(br, 10)
20652 dr = fn5(dr, er, ar, br, cr, m[7], 0x50a28be6, 9); ar = rotl(ar, 10)
20653 cr = fn5(cr, dr, er, ar, br, m[0], 0x50a28be6, 11); er = rotl(er, 10)
20654 br = fn5(br, cr, dr, er, ar, m[9], 0x50a28be6, 13); dr = rotl(dr, 10)
20655 ar = fn5(ar, br, cr, dr, er, m[2], 0x50a28be6, 15); cr = rotl(cr, 10)
20656 er = fn5(er, ar, br, cr, dr, m[11], 0x50a28be6, 15); br = rotl(br, 10)
20657 dr = fn5(dr, er, ar, br, cr, m[4], 0x50a28be6, 5); ar = rotl(ar, 10)
20658 cr = fn5(cr, dr, er, ar, br, m[13], 0x50a28be6, 7); er = rotl(er, 10)
20659 br = fn5(br, cr, dr, er, ar, m[6], 0x50a28be6, 7); dr = rotl(dr, 10)
20660 ar = fn5(ar, br, cr, dr, er, m[15], 0x50a28be6, 8); cr = rotl(cr, 10)
20661 er = fn5(er, ar, br, cr, dr, m[8], 0x50a28be6, 11); br = rotl(br, 10)
20662 dr = fn5(dr, er, ar, br, cr, m[1], 0x50a28be6, 14); ar = rotl(ar, 10)
20663 cr = fn5(cr, dr, er, ar, br, m[10], 0x50a28be6, 14); er = rotl(er, 10)
20664 br = fn5(br, cr, dr, er, ar, m[3], 0x50a28be6, 12); dr = rotl(dr, 10)
20665 ar = fn5(ar, br, cr, dr, er, m[12], 0x50a28be6, 6); cr = rotl(cr, 10)
20666
20667 // M'j = 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2
20668 // K' = 0x5c4dd124
20669 // S'j = 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11
20670 er = fn4(er, ar, br, cr, dr, m[6], 0x5c4dd124, 9); br = rotl(br, 10)
20671 dr = fn4(dr, er, ar, br, cr, m[11], 0x5c4dd124, 13); ar = rotl(ar, 10)
20672 cr = fn4(cr, dr, er, ar, br, m[3], 0x5c4dd124, 15); er = rotl(er, 10)
20673 br = fn4(br, cr, dr, er, ar, m[7], 0x5c4dd124, 7); dr = rotl(dr, 10)
20674 ar = fn4(ar, br, cr, dr, er, m[0], 0x5c4dd124, 12); cr = rotl(cr, 10)
20675 er = fn4(er, ar, br, cr, dr, m[13], 0x5c4dd124, 8); br = rotl(br, 10)
20676 dr = fn4(dr, er, ar, br, cr, m[5], 0x5c4dd124, 9); ar = rotl(ar, 10)
20677 cr = fn4(cr, dr, er, ar, br, m[10], 0x5c4dd124, 11); er = rotl(er, 10)
20678 br = fn4(br, cr, dr, er, ar, m[14], 0x5c4dd124, 7); dr = rotl(dr, 10)
20679 ar = fn4(ar, br, cr, dr, er, m[15], 0x5c4dd124, 7); cr = rotl(cr, 10)
20680 er = fn4(er, ar, br, cr, dr, m[8], 0x5c4dd124, 12); br = rotl(br, 10)
20681 dr = fn4(dr, er, ar, br, cr, m[12], 0x5c4dd124, 7); ar = rotl(ar, 10)
20682 cr = fn4(cr, dr, er, ar, br, m[4], 0x5c4dd124, 6); er = rotl(er, 10)
20683 br = fn4(br, cr, dr, er, ar, m[9], 0x5c4dd124, 15); dr = rotl(dr, 10)
20684 ar = fn4(ar, br, cr, dr, er, m[1], 0x5c4dd124, 13); cr = rotl(cr, 10)
20685 er = fn4(er, ar, br, cr, dr, m[2], 0x5c4dd124, 11); br = rotl(br, 10)
20686
20687 // M'j = 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13
20688 // K' = 0x6d703ef3
20689 // S'j = 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5
20690 dr = fn3(dr, er, ar, br, cr, m[15], 0x6d703ef3, 9); ar = rotl(ar, 10)
20691 cr = fn3(cr, dr, er, ar, br, m[5], 0x6d703ef3, 7); er = rotl(er, 10)
20692 br = fn3(br, cr, dr, er, ar, m[1], 0x6d703ef3, 15); dr = rotl(dr, 10)
20693 ar = fn3(ar, br, cr, dr, er, m[3], 0x6d703ef3, 11); cr = rotl(cr, 10)
20694 er = fn3(er, ar, br, cr, dr, m[7], 0x6d703ef3, 8); br = rotl(br, 10)
20695 dr = fn3(dr, er, ar, br, cr, m[14], 0x6d703ef3, 6); ar = rotl(ar, 10)
20696 cr = fn3(cr, dr, er, ar, br, m[6], 0x6d703ef3, 6); er = rotl(er, 10)
20697 br = fn3(br, cr, dr, er, ar, m[9], 0x6d703ef3, 14); dr = rotl(dr, 10)
20698 ar = fn3(ar, br, cr, dr, er, m[11], 0x6d703ef3, 12); cr = rotl(cr, 10)
20699 er = fn3(er, ar, br, cr, dr, m[8], 0x6d703ef3, 13); br = rotl(br, 10)
20700 dr = fn3(dr, er, ar, br, cr, m[12], 0x6d703ef3, 5); ar = rotl(ar, 10)
20701 cr = fn3(cr, dr, er, ar, br, m[2], 0x6d703ef3, 14); er = rotl(er, 10)
20702 br = fn3(br, cr, dr, er, ar, m[10], 0x6d703ef3, 13); dr = rotl(dr, 10)
20703 ar = fn3(ar, br, cr, dr, er, m[0], 0x6d703ef3, 13); cr = rotl(cr, 10)
20704 er = fn3(er, ar, br, cr, dr, m[4], 0x6d703ef3, 7); br = rotl(br, 10)
20705 dr = fn3(dr, er, ar, br, cr, m[13], 0x6d703ef3, 5); ar = rotl(ar, 10)
20706
20707 // M'j = 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14
20708 // K' = 0x7a6d76e9
20709 // S'j = 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8
20710 cr = fn2(cr, dr, er, ar, br, m[8], 0x7a6d76e9, 15); er = rotl(er, 10)
20711 br = fn2(br, cr, dr, er, ar, m[6], 0x7a6d76e9, 5); dr = rotl(dr, 10)
20712 ar = fn2(ar, br, cr, dr, er, m[4], 0x7a6d76e9, 8); cr = rotl(cr, 10)
20713 er = fn2(er, ar, br, cr, dr, m[1], 0x7a6d76e9, 11); br = rotl(br, 10)
20714 dr = fn2(dr, er, ar, br, cr, m[3], 0x7a6d76e9, 14); ar = rotl(ar, 10)
20715 cr = fn2(cr, dr, er, ar, br, m[11], 0x7a6d76e9, 14); er = rotl(er, 10)
20716 br = fn2(br, cr, dr, er, ar, m[15], 0x7a6d76e9, 6); dr = rotl(dr, 10)
20717 ar = fn2(ar, br, cr, dr, er, m[0], 0x7a6d76e9, 14); cr = rotl(cr, 10)
20718 er = fn2(er, ar, br, cr, dr, m[5], 0x7a6d76e9, 6); br = rotl(br, 10)
20719 dr = fn2(dr, er, ar, br, cr, m[12], 0x7a6d76e9, 9); ar = rotl(ar, 10)
20720 cr = fn2(cr, dr, er, ar, br, m[2], 0x7a6d76e9, 12); er = rotl(er, 10)
20721 br = fn2(br, cr, dr, er, ar, m[13], 0x7a6d76e9, 9); dr = rotl(dr, 10)
20722 ar = fn2(ar, br, cr, dr, er, m[9], 0x7a6d76e9, 12); cr = rotl(cr, 10)
20723 er = fn2(er, ar, br, cr, dr, m[7], 0x7a6d76e9, 5); br = rotl(br, 10)
20724 dr = fn2(dr, er, ar, br, cr, m[10], 0x7a6d76e9, 15); ar = rotl(ar, 10)
20725 cr = fn2(cr, dr, er, ar, br, m[14], 0x7a6d76e9, 8); er = rotl(er, 10)
20726
20727 // M'j = 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11
20728 // K' = 0x00000000
20729 // S'j = 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11
20730 br = fn1(br, cr, dr, er, ar, m[12], 0x00000000, 8); dr = rotl(dr, 10)
20731 ar = fn1(ar, br, cr, dr, er, m[15], 0x00000000, 5); cr = rotl(cr, 10)
20732 er = fn1(er, ar, br, cr, dr, m[10], 0x00000000, 12); br = rotl(br, 10)
20733 dr = fn1(dr, er, ar, br, cr, m[4], 0x00000000, 9); ar = rotl(ar, 10)
20734 cr = fn1(cr, dr, er, ar, br, m[1], 0x00000000, 12); er = rotl(er, 10)
20735 br = fn1(br, cr, dr, er, ar, m[5], 0x00000000, 5); dr = rotl(dr, 10)
20736 ar = fn1(ar, br, cr, dr, er, m[8], 0x00000000, 14); cr = rotl(cr, 10)
20737 er = fn1(er, ar, br, cr, dr, m[7], 0x00000000, 6); br = rotl(br, 10)
20738 dr = fn1(dr, er, ar, br, cr, m[6], 0x00000000, 8); ar = rotl(ar, 10)
20739 cr = fn1(cr, dr, er, ar, br, m[2], 0x00000000, 13); er = rotl(er, 10)
20740 br = fn1(br, cr, dr, er, ar, m[13], 0x00000000, 6); dr = rotl(dr, 10)
20741 ar = fn1(ar, br, cr, dr, er, m[14], 0x00000000, 5); cr = rotl(cr, 10)
20742 er = fn1(er, ar, br, cr, dr, m[0], 0x00000000, 15); br = rotl(br, 10)
20743 dr = fn1(dr, er, ar, br, cr, m[3], 0x00000000, 13); ar = rotl(ar, 10)
20744 cr = fn1(cr, dr, er, ar, br, m[9], 0x00000000, 11); er = rotl(er, 10)
20745 br = fn1(br, cr, dr, er, ar, m[11], 0x00000000, 11); dr = rotl(dr, 10)
20746
20747 // change state
20748 var t = (this._b + cl + dr) | 0
20749 this._b = (this._c + dl + er) | 0
20750 this._c = (this._d + el + ar) | 0
20751 this._d = (this._e + al + br) | 0
20752 this._e = (this._a + bl + cr) | 0
20753 this._a = t
20754}
20755
20756RIPEMD160.prototype._digest = function () {
20757 // create padding and handle blocks
20758 this._block[this._blockOffset++] = 0x80
20759 if (this._blockOffset > 56) {
20760 this._block.fill(0, this._blockOffset, 64)
20761 this._update()
20762 this._blockOffset = 0
20763 }
20764
20765 this._block.fill(0, this._blockOffset, 56)
20766 this._block.writeUInt32LE(this._length[0], 56)
20767 this._block.writeUInt32LE(this._length[1], 60)
20768 this._update()
20769
20770 // produce result
20771 var buffer = new Buffer(20)
20772 buffer.writeInt32LE(this._a, 0)
20773 buffer.writeInt32LE(this._b, 4)
20774 buffer.writeInt32LE(this._c, 8)
20775 buffer.writeInt32LE(this._d, 12)
20776 buffer.writeInt32LE(this._e, 16)
20777 return buffer
20778}
20779
20780function rotl (x, n) {
20781 return (x << n) | (x >>> (32 - n))
20782}
20783
20784function fn1 (a, b, c, d, e, m, k, s) {
20785 return (rotl((a + (b ^ c ^ d) + m + k) | 0, s) + e) | 0
20786}
20787
20788function fn2 (a, b, c, d, e, m, k, s) {
20789 return (rotl((a + ((b & c) | ((~b) & d)) + m + k) | 0, s) + e) | 0
20790}
20791
20792function fn3 (a, b, c, d, e, m, k, s) {
20793 return (rotl((a + ((b | (~c)) ^ d) + m + k) | 0, s) + e) | 0
20794}
20795
20796function fn4 (a, b, c, d, e, m, k, s) {
20797 return (rotl((a + ((b & d) | (c & (~d))) + m + k) | 0, s) + e) | 0
20798}
20799
20800function fn5 (a, b, c, d, e, m, k, s) {
20801 return (rotl((a + (b ^ (c | (~d))) + m + k) | 0, s) + e) | 0
20802}
20803
20804module.exports = RIPEMD160
20805
20806}).call(this,require("buffer").Buffer)
20807},{"buffer":47,"hash-base":85,"inherits":95}],134:[function(require,module,exports){
20808module.exports = require('buffer')
20809
20810},{"buffer":47}],135:[function(require,module,exports){
20811(function (Buffer){
20812// prototype class for hash functions
20813function Hash (blockSize, finalSize) {
20814 this._block = new Buffer(blockSize)
20815 this._finalSize = finalSize
20816 this._blockSize = blockSize
20817 this._len = 0
20818 this._s = 0
20819}
20820
20821Hash.prototype.update = function (data, enc) {
20822 if (typeof data === 'string') {
20823 enc = enc || 'utf8'
20824 data = new Buffer(data, enc)
20825 }
20826
20827 var l = this._len += data.length
20828 var s = this._s || 0
20829 var f = 0
20830 var buffer = this._block
20831
20832 while (s < l) {
20833 var t = Math.min(data.length, f + this._blockSize - (s % this._blockSize))
20834 var ch = (t - f)
20835
20836 for (var i = 0; i < ch; i++) {
20837 buffer[(s % this._blockSize) + i] = data[i + f]
20838 }
20839
20840 s += ch
20841 f += ch
20842
20843 if ((s % this._blockSize) === 0) {
20844 this._update(buffer)
20845 }
20846 }
20847 this._s = s
20848
20849 return this
20850}
20851
20852Hash.prototype.digest = function (enc) {
20853 // Suppose the length of the message M, in bits, is l
20854 var l = this._len * 8
20855
20856 // Append the bit 1 to the end of the message
20857 this._block[this._len % this._blockSize] = 0x80
20858
20859 // and then k zero bits, where k is the smallest non-negative solution to the equation (l + 1 + k) === finalSize mod blockSize
20860 this._block.fill(0, this._len % this._blockSize + 1)
20861
20862 if (l % (this._blockSize * 8) >= this._finalSize * 8) {
20863 this._update(this._block)
20864 this._block.fill(0)
20865 }
20866
20867 // to this append the block which is equal to the number l written in binary
20868 // TODO: handle case where l is > Math.pow(2, 29)
20869 this._block.writeInt32BE(l, this._blockSize - 4)
20870
20871 var hash = this._update(this._block) || this._hash()
20872
20873 return enc ? hash.toString(enc) : hash
20874}
20875
20876Hash.prototype._update = function () {
20877 throw new Error('_update must be implemented by subclass')
20878}
20879
20880module.exports = Hash
20881
20882}).call(this,require("buffer").Buffer)
20883},{"buffer":47}],136:[function(require,module,exports){
20884var exports = module.exports = function SHA (algorithm) {
20885 algorithm = algorithm.toLowerCase()
20886
20887 var Algorithm = exports[algorithm]
20888 if (!Algorithm) throw new Error(algorithm + ' is not supported (we accept pull requests)')
20889
20890 return new Algorithm()
20891}
20892
20893exports.sha = require('./sha')
20894exports.sha1 = require('./sha1')
20895exports.sha224 = require('./sha224')
20896exports.sha256 = require('./sha256')
20897exports.sha384 = require('./sha384')
20898exports.sha512 = require('./sha512')
20899
20900},{"./sha":137,"./sha1":138,"./sha224":139,"./sha256":140,"./sha384":141,"./sha512":142}],137:[function(require,module,exports){
20901(function (Buffer){
20902/*
20903 * A JavaScript implementation of the Secure Hash Algorithm, SHA-0, as defined
20904 * in FIPS PUB 180-1
20905 * This source code is derived from sha1.js of the same repository.
20906 * The difference between SHA-0 and SHA-1 is just a bitwise rotate left
20907 * operation was added.
20908 */
20909
20910var inherits = require('inherits')
20911var Hash = require('./hash')
20912
20913var K = [
20914 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc | 0, 0xca62c1d6 | 0
20915]
20916
20917var W = new Array(80)
20918
20919function Sha () {
20920 this.init()
20921 this._w = W
20922
20923 Hash.call(this, 64, 56)
20924}
20925
20926inherits(Sha, Hash)
20927
20928Sha.prototype.init = function () {
20929 this._a = 0x67452301
20930 this._b = 0xefcdab89
20931 this._c = 0x98badcfe
20932 this._d = 0x10325476
20933 this._e = 0xc3d2e1f0
20934
20935 return this
20936}
20937
20938function rotl5 (num) {
20939 return (num << 5) | (num >>> 27)
20940}
20941
20942function rotl30 (num) {
20943 return (num << 30) | (num >>> 2)
20944}
20945
20946function ft (s, b, c, d) {
20947 if (s === 0) return (b & c) | ((~b) & d)
20948 if (s === 2) return (b & c) | (b & d) | (c & d)
20949 return b ^ c ^ d
20950}
20951
20952Sha.prototype._update = function (M) {
20953 var W = this._w
20954
20955 var a = this._a | 0
20956 var b = this._b | 0
20957 var c = this._c | 0
20958 var d = this._d | 0
20959 var e = this._e | 0
20960
20961 for (var i = 0; i < 16; ++i) W[i] = M.readInt32BE(i * 4)
20962 for (; i < 80; ++i) W[i] = W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16]
20963
20964 for (var j = 0; j < 80; ++j) {
20965 var s = ~~(j / 20)
20966 var t = (rotl5(a) + ft(s, b, c, d) + e + W[j] + K[s]) | 0
20967
20968 e = d
20969 d = c
20970 c = rotl30(b)
20971 b = a
20972 a = t
20973 }
20974
20975 this._a = (a + this._a) | 0
20976 this._b = (b + this._b) | 0
20977 this._c = (c + this._c) | 0
20978 this._d = (d + this._d) | 0
20979 this._e = (e + this._e) | 0
20980}
20981
20982Sha.prototype._hash = function () {
20983 var H = new Buffer(20)
20984
20985 H.writeInt32BE(this._a | 0, 0)
20986 H.writeInt32BE(this._b | 0, 4)
20987 H.writeInt32BE(this._c | 0, 8)
20988 H.writeInt32BE(this._d | 0, 12)
20989 H.writeInt32BE(this._e | 0, 16)
20990
20991 return H
20992}
20993
20994module.exports = Sha
20995
20996}).call(this,require("buffer").Buffer)
20997},{"./hash":135,"buffer":47,"inherits":95}],138:[function(require,module,exports){
20998(function (Buffer){
20999/*
21000 * A JavaScript implementation of the Secure Hash Algorithm, SHA-1, as defined
21001 * in FIPS PUB 180-1
21002 * Version 2.1a Copyright Paul Johnston 2000 - 2002.
21003 * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
21004 * Distributed under the BSD License
21005 * See http://pajhome.org.uk/crypt/md5 for details.
21006 */
21007
21008var inherits = require('inherits')
21009var Hash = require('./hash')
21010
21011var K = [
21012 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc | 0, 0xca62c1d6 | 0
21013]
21014
21015var W = new Array(80)
21016
21017function Sha1 () {
21018 this.init()
21019 this._w = W
21020
21021 Hash.call(this, 64, 56)
21022}
21023
21024inherits(Sha1, Hash)
21025
21026Sha1.prototype.init = function () {
21027 this._a = 0x67452301
21028 this._b = 0xefcdab89
21029 this._c = 0x98badcfe
21030 this._d = 0x10325476
21031 this._e = 0xc3d2e1f0
21032
21033 return this
21034}
21035
21036function rotl1 (num) {
21037 return (num << 1) | (num >>> 31)
21038}
21039
21040function rotl5 (num) {
21041 return (num << 5) | (num >>> 27)
21042}
21043
21044function rotl30 (num) {
21045 return (num << 30) | (num >>> 2)
21046}
21047
21048function ft (s, b, c, d) {
21049 if (s === 0) return (b & c) | ((~b) & d)
21050 if (s === 2) return (b & c) | (b & d) | (c & d)
21051 return b ^ c ^ d
21052}
21053
21054Sha1.prototype._update = function (M) {
21055 var W = this._w
21056
21057 var a = this._a | 0
21058 var b = this._b | 0
21059 var c = this._c | 0
21060 var d = this._d | 0
21061 var e = this._e | 0
21062
21063 for (var i = 0; i < 16; ++i) W[i] = M.readInt32BE(i * 4)
21064 for (; i < 80; ++i) W[i] = rotl1(W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16])
21065
21066 for (var j = 0; j < 80; ++j) {
21067 var s = ~~(j / 20)
21068 var t = (rotl5(a) + ft(s, b, c, d) + e + W[j] + K[s]) | 0
21069
21070 e = d
21071 d = c
21072 c = rotl30(b)
21073 b = a
21074 a = t
21075 }
21076
21077 this._a = (a + this._a) | 0
21078 this._b = (b + this._b) | 0
21079 this._c = (c + this._c) | 0
21080 this._d = (d + this._d) | 0
21081 this._e = (e + this._e) | 0
21082}
21083
21084Sha1.prototype._hash = function () {
21085 var H = new Buffer(20)
21086
21087 H.writeInt32BE(this._a | 0, 0)
21088 H.writeInt32BE(this._b | 0, 4)
21089 H.writeInt32BE(this._c | 0, 8)
21090 H.writeInt32BE(this._d | 0, 12)
21091 H.writeInt32BE(this._e | 0, 16)
21092
21093 return H
21094}
21095
21096module.exports = Sha1
21097
21098}).call(this,require("buffer").Buffer)
21099},{"./hash":135,"buffer":47,"inherits":95}],139:[function(require,module,exports){
21100(function (Buffer){
21101/**
21102 * A JavaScript implementation of the Secure Hash Algorithm, SHA-256, as defined
21103 * in FIPS 180-2
21104 * Version 2.2-beta Copyright Angel Marin, Paul Johnston 2000 - 2009.
21105 * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
21106 *
21107 */
21108
21109var inherits = require('inherits')
21110var Sha256 = require('./sha256')
21111var Hash = require('./hash')
21112
21113var W = new Array(64)
21114
21115function Sha224 () {
21116 this.init()
21117
21118 this._w = W // new Array(64)
21119
21120 Hash.call(this, 64, 56)
21121}
21122
21123inherits(Sha224, Sha256)
21124
21125Sha224.prototype.init = function () {
21126 this._a = 0xc1059ed8
21127 this._b = 0x367cd507
21128 this._c = 0x3070dd17
21129 this._d = 0xf70e5939
21130 this._e = 0xffc00b31
21131 this._f = 0x68581511
21132 this._g = 0x64f98fa7
21133 this._h = 0xbefa4fa4
21134
21135 return this
21136}
21137
21138Sha224.prototype._hash = function () {
21139 var H = new Buffer(28)
21140
21141 H.writeInt32BE(this._a, 0)
21142 H.writeInt32BE(this._b, 4)
21143 H.writeInt32BE(this._c, 8)
21144 H.writeInt32BE(this._d, 12)
21145 H.writeInt32BE(this._e, 16)
21146 H.writeInt32BE(this._f, 20)
21147 H.writeInt32BE(this._g, 24)
21148
21149 return H
21150}
21151
21152module.exports = Sha224
21153
21154}).call(this,require("buffer").Buffer)
21155},{"./hash":135,"./sha256":140,"buffer":47,"inherits":95}],140:[function(require,module,exports){
21156(function (Buffer){
21157/**
21158 * A JavaScript implementation of the Secure Hash Algorithm, SHA-256, as defined
21159 * in FIPS 180-2
21160 * Version 2.2-beta Copyright Angel Marin, Paul Johnston 2000 - 2009.
21161 * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
21162 *
21163 */
21164
21165var inherits = require('inherits')
21166var Hash = require('./hash')
21167
21168var K = [
21169 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
21170 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
21171 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
21172 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
21173 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
21174 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
21175 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
21176 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
21177 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
21178 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
21179 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
21180 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
21181 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
21182 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
21183 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
21184 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2
21185]
21186
21187var W = new Array(64)
21188
21189function Sha256 () {
21190 this.init()
21191
21192 this._w = W // new Array(64)
21193
21194 Hash.call(this, 64, 56)
21195}
21196
21197inherits(Sha256, Hash)
21198
21199Sha256.prototype.init = function () {
21200 this._a = 0x6a09e667
21201 this._b = 0xbb67ae85
21202 this._c = 0x3c6ef372
21203 this._d = 0xa54ff53a
21204 this._e = 0x510e527f
21205 this._f = 0x9b05688c
21206 this._g = 0x1f83d9ab
21207 this._h = 0x5be0cd19
21208
21209 return this
21210}
21211
21212function ch (x, y, z) {
21213 return z ^ (x & (y ^ z))
21214}
21215
21216function maj (x, y, z) {
21217 return (x & y) | (z & (x | y))
21218}
21219
21220function sigma0 (x) {
21221 return (x >>> 2 | x << 30) ^ (x >>> 13 | x << 19) ^ (x >>> 22 | x << 10)
21222}
21223
21224function sigma1 (x) {
21225 return (x >>> 6 | x << 26) ^ (x >>> 11 | x << 21) ^ (x >>> 25 | x << 7)
21226}
21227
21228function gamma0 (x) {
21229 return (x >>> 7 | x << 25) ^ (x >>> 18 | x << 14) ^ (x >>> 3)
21230}
21231
21232function gamma1 (x) {
21233 return (x >>> 17 | x << 15) ^ (x >>> 19 | x << 13) ^ (x >>> 10)
21234}
21235
21236Sha256.prototype._update = function (M) {
21237 var W = this._w
21238
21239 var a = this._a | 0
21240 var b = this._b | 0
21241 var c = this._c | 0
21242 var d = this._d | 0
21243 var e = this._e | 0
21244 var f = this._f | 0
21245 var g = this._g | 0
21246 var h = this._h | 0
21247
21248 for (var i = 0; i < 16; ++i) W[i] = M.readInt32BE(i * 4)
21249 for (; i < 64; ++i) W[i] = (gamma1(W[i - 2]) + W[i - 7] + gamma0(W[i - 15]) + W[i - 16]) | 0
21250
21251 for (var j = 0; j < 64; ++j) {
21252 var T1 = (h + sigma1(e) + ch(e, f, g) + K[j] + W[j]) | 0
21253 var T2 = (sigma0(a) + maj(a, b, c)) | 0
21254
21255 h = g
21256 g = f
21257 f = e
21258 e = (d + T1) | 0
21259 d = c
21260 c = b
21261 b = a
21262 a = (T1 + T2) | 0
21263 }
21264
21265 this._a = (a + this._a) | 0
21266 this._b = (b + this._b) | 0
21267 this._c = (c + this._c) | 0
21268 this._d = (d + this._d) | 0
21269 this._e = (e + this._e) | 0
21270 this._f = (f + this._f) | 0
21271 this._g = (g + this._g) | 0
21272 this._h = (h + this._h) | 0
21273}
21274
21275Sha256.prototype._hash = function () {
21276 var H = new Buffer(32)
21277
21278 H.writeInt32BE(this._a, 0)
21279 H.writeInt32BE(this._b, 4)
21280 H.writeInt32BE(this._c, 8)
21281 H.writeInt32BE(this._d, 12)
21282 H.writeInt32BE(this._e, 16)
21283 H.writeInt32BE(this._f, 20)
21284 H.writeInt32BE(this._g, 24)
21285 H.writeInt32BE(this._h, 28)
21286
21287 return H
21288}
21289
21290module.exports = Sha256
21291
21292}).call(this,require("buffer").Buffer)
21293},{"./hash":135,"buffer":47,"inherits":95}],141:[function(require,module,exports){
21294(function (Buffer){
21295var inherits = require('inherits')
21296var SHA512 = require('./sha512')
21297var Hash = require('./hash')
21298
21299var W = new Array(160)
21300
21301function Sha384 () {
21302 this.init()
21303 this._w = W
21304
21305 Hash.call(this, 128, 112)
21306}
21307
21308inherits(Sha384, SHA512)
21309
21310Sha384.prototype.init = function () {
21311 this._ah = 0xcbbb9d5d
21312 this._bh = 0x629a292a
21313 this._ch = 0x9159015a
21314 this._dh = 0x152fecd8
21315 this._eh = 0x67332667
21316 this._fh = 0x8eb44a87
21317 this._gh = 0xdb0c2e0d
21318 this._hh = 0x47b5481d
21319
21320 this._al = 0xc1059ed8
21321 this._bl = 0x367cd507
21322 this._cl = 0x3070dd17
21323 this._dl = 0xf70e5939
21324 this._el = 0xffc00b31
21325 this._fl = 0x68581511
21326 this._gl = 0x64f98fa7
21327 this._hl = 0xbefa4fa4
21328
21329 return this
21330}
21331
21332Sha384.prototype._hash = function () {
21333 var H = new Buffer(48)
21334
21335 function writeInt64BE (h, l, offset) {
21336 H.writeInt32BE(h, offset)
21337 H.writeInt32BE(l, offset + 4)
21338 }
21339
21340 writeInt64BE(this._ah, this._al, 0)
21341 writeInt64BE(this._bh, this._bl, 8)
21342 writeInt64BE(this._ch, this._cl, 16)
21343 writeInt64BE(this._dh, this._dl, 24)
21344 writeInt64BE(this._eh, this._el, 32)
21345 writeInt64BE(this._fh, this._fl, 40)
21346
21347 return H
21348}
21349
21350module.exports = Sha384
21351
21352}).call(this,require("buffer").Buffer)
21353},{"./hash":135,"./sha512":142,"buffer":47,"inherits":95}],142:[function(require,module,exports){
21354(function (Buffer){
21355var inherits = require('inherits')
21356var Hash = require('./hash')
21357
21358var K = [
21359 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd,
21360 0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc,
21361 0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019,
21362 0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118,
21363 0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe,
21364 0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2,
21365 0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1,
21366 0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694,
21367 0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3,
21368 0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65,
21369 0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483,
21370 0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5,
21371 0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210,
21372 0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4,
21373 0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725,
21374 0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70,
21375 0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926,
21376 0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df,
21377 0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8,
21378 0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b,
21379 0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001,
21380 0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30,
21381 0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910,
21382 0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8,
21383 0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53,
21384 0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8,
21385 0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb,
21386 0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3,
21387 0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60,
21388 0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec,
21389 0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9,
21390 0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b,
21391 0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207,
21392 0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178,
21393 0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6,
21394 0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b,
21395 0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493,
21396 0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c,
21397 0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a,
21398 0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817
21399]
21400
21401var W = new Array(160)
21402
21403function Sha512 () {
21404 this.init()
21405 this._w = W
21406
21407 Hash.call(this, 128, 112)
21408}
21409
21410inherits(Sha512, Hash)
21411
21412Sha512.prototype.init = function () {
21413 this._ah = 0x6a09e667
21414 this._bh = 0xbb67ae85
21415 this._ch = 0x3c6ef372
21416 this._dh = 0xa54ff53a
21417 this._eh = 0x510e527f
21418 this._fh = 0x9b05688c
21419 this._gh = 0x1f83d9ab
21420 this._hh = 0x5be0cd19
21421
21422 this._al = 0xf3bcc908
21423 this._bl = 0x84caa73b
21424 this._cl = 0xfe94f82b
21425 this._dl = 0x5f1d36f1
21426 this._el = 0xade682d1
21427 this._fl = 0x2b3e6c1f
21428 this._gl = 0xfb41bd6b
21429 this._hl = 0x137e2179
21430
21431 return this
21432}
21433
21434function Ch (x, y, z) {
21435 return z ^ (x & (y ^ z))
21436}
21437
21438function maj (x, y, z) {
21439 return (x & y) | (z & (x | y))
21440}
21441
21442function sigma0 (x, xl) {
21443 return (x >>> 28 | xl << 4) ^ (xl >>> 2 | x << 30) ^ (xl >>> 7 | x << 25)
21444}
21445
21446function sigma1 (x, xl) {
21447 return (x >>> 14 | xl << 18) ^ (x >>> 18 | xl << 14) ^ (xl >>> 9 | x << 23)
21448}
21449
21450function Gamma0 (x, xl) {
21451 return (x >>> 1 | xl << 31) ^ (x >>> 8 | xl << 24) ^ (x >>> 7)
21452}
21453
21454function Gamma0l (x, xl) {
21455 return (x >>> 1 | xl << 31) ^ (x >>> 8 | xl << 24) ^ (x >>> 7 | xl << 25)
21456}
21457
21458function Gamma1 (x, xl) {
21459 return (x >>> 19 | xl << 13) ^ (xl >>> 29 | x << 3) ^ (x >>> 6)
21460}
21461
21462function Gamma1l (x, xl) {
21463 return (x >>> 19 | xl << 13) ^ (xl >>> 29 | x << 3) ^ (x >>> 6 | xl << 26)
21464}
21465
21466function getCarry (a, b) {
21467 return (a >>> 0) < (b >>> 0) ? 1 : 0
21468}
21469
21470Sha512.prototype._update = function (M) {
21471 var W = this._w
21472
21473 var ah = this._ah | 0
21474 var bh = this._bh | 0
21475 var ch = this._ch | 0
21476 var dh = this._dh | 0
21477 var eh = this._eh | 0
21478 var fh = this._fh | 0
21479 var gh = this._gh | 0
21480 var hh = this._hh | 0
21481
21482 var al = this._al | 0
21483 var bl = this._bl | 0
21484 var cl = this._cl | 0
21485 var dl = this._dl | 0
21486 var el = this._el | 0
21487 var fl = this._fl | 0
21488 var gl = this._gl | 0
21489 var hl = this._hl | 0
21490
21491 for (var i = 0; i < 32; i += 2) {
21492 W[i] = M.readInt32BE(i * 4)
21493 W[i + 1] = M.readInt32BE(i * 4 + 4)
21494 }
21495 for (; i < 160; i += 2) {
21496 var xh = W[i - 15 * 2]
21497 var xl = W[i - 15 * 2 + 1]
21498 var gamma0 = Gamma0(xh, xl)
21499 var gamma0l = Gamma0l(xl, xh)
21500
21501 xh = W[i - 2 * 2]
21502 xl = W[i - 2 * 2 + 1]
21503 var gamma1 = Gamma1(xh, xl)
21504 var gamma1l = Gamma1l(xl, xh)
21505
21506 // W[i] = gamma0 + W[i - 7] + gamma1 + W[i - 16]
21507 var Wi7h = W[i - 7 * 2]
21508 var Wi7l = W[i - 7 * 2 + 1]
21509
21510 var Wi16h = W[i - 16 * 2]
21511 var Wi16l = W[i - 16 * 2 + 1]
21512
21513 var Wil = (gamma0l + Wi7l) | 0
21514 var Wih = (gamma0 + Wi7h + getCarry(Wil, gamma0l)) | 0
21515 Wil = (Wil + gamma1l) | 0
21516 Wih = (Wih + gamma1 + getCarry(Wil, gamma1l)) | 0
21517 Wil = (Wil + Wi16l) | 0
21518 Wih = (Wih + Wi16h + getCarry(Wil, Wi16l)) | 0
21519
21520 W[i] = Wih
21521 W[i + 1] = Wil
21522 }
21523
21524 for (var j = 0; j < 160; j += 2) {
21525 Wih = W[j]
21526 Wil = W[j + 1]
21527
21528 var majh = maj(ah, bh, ch)
21529 var majl = maj(al, bl, cl)
21530
21531 var sigma0h = sigma0(ah, al)
21532 var sigma0l = sigma0(al, ah)
21533 var sigma1h = sigma1(eh, el)
21534 var sigma1l = sigma1(el, eh)
21535
21536 // t1 = h + sigma1 + ch + K[j] + W[j]
21537 var Kih = K[j]
21538 var Kil = K[j + 1]
21539
21540 var chh = Ch(eh, fh, gh)
21541 var chl = Ch(el, fl, gl)
21542
21543 var t1l = (hl + sigma1l) | 0
21544 var t1h = (hh + sigma1h + getCarry(t1l, hl)) | 0
21545 t1l = (t1l + chl) | 0
21546 t1h = (t1h + chh + getCarry(t1l, chl)) | 0
21547 t1l = (t1l + Kil) | 0
21548 t1h = (t1h + Kih + getCarry(t1l, Kil)) | 0
21549 t1l = (t1l + Wil) | 0
21550 t1h = (t1h + Wih + getCarry(t1l, Wil)) | 0
21551
21552 // t2 = sigma0 + maj
21553 var t2l = (sigma0l + majl) | 0
21554 var t2h = (sigma0h + majh + getCarry(t2l, sigma0l)) | 0
21555
21556 hh = gh
21557 hl = gl
21558 gh = fh
21559 gl = fl
21560 fh = eh
21561 fl = el
21562 el = (dl + t1l) | 0
21563 eh = (dh + t1h + getCarry(el, dl)) | 0
21564 dh = ch
21565 dl = cl
21566 ch = bh
21567 cl = bl
21568 bh = ah
21569 bl = al
21570 al = (t1l + t2l) | 0
21571 ah = (t1h + t2h + getCarry(al, t1l)) | 0
21572 }
21573
21574 this._al = (this._al + al) | 0
21575 this._bl = (this._bl + bl) | 0
21576 this._cl = (this._cl + cl) | 0
21577 this._dl = (this._dl + dl) | 0
21578 this._el = (this._el + el) | 0
21579 this._fl = (this._fl + fl) | 0
21580 this._gl = (this._gl + gl) | 0
21581 this._hl = (this._hl + hl) | 0
21582
21583 this._ah = (this._ah + ah + getCarry(this._al, al)) | 0
21584 this._bh = (this._bh + bh + getCarry(this._bl, bl)) | 0
21585 this._ch = (this._ch + ch + getCarry(this._cl, cl)) | 0
21586 this._dh = (this._dh + dh + getCarry(this._dl, dl)) | 0
21587 this._eh = (this._eh + eh + getCarry(this._el, el)) | 0
21588 this._fh = (this._fh + fh + getCarry(this._fl, fl)) | 0
21589 this._gh = (this._gh + gh + getCarry(this._gl, gl)) | 0
21590 this._hh = (this._hh + hh + getCarry(this._hl, hl)) | 0
21591}
21592
21593Sha512.prototype._hash = function () {
21594 var H = new Buffer(64)
21595
21596 function writeInt64BE (h, l, offset) {
21597 H.writeInt32BE(h, offset)
21598 H.writeInt32BE(l, offset + 4)
21599 }
21600
21601 writeInt64BE(this._ah, this._al, 0)
21602 writeInt64BE(this._bh, this._bl, 8)
21603 writeInt64BE(this._ch, this._cl, 16)
21604 writeInt64BE(this._dh, this._dl, 24)
21605 writeInt64BE(this._eh, this._el, 32)
21606 writeInt64BE(this._fh, this._fl, 40)
21607 writeInt64BE(this._gh, this._gl, 48)
21608 writeInt64BE(this._hh, this._hl, 56)
21609
21610 return H
21611}
21612
21613module.exports = Sha512
21614
21615}).call(this,require("buffer").Buffer)
21616},{"./hash":135,"buffer":47,"inherits":95}],143:[function(require,module,exports){
21617// Copyright Joyent, Inc. and other Node contributors.
21618//
21619// Permission is hereby granted, free of charge, to any person obtaining a
21620// copy of this software and associated documentation files (the
21621// "Software"), to deal in the Software without restriction, including
21622// without limitation the rights to use, copy, modify, merge, publish,
21623// distribute, sublicense, and/or sell copies of the Software, and to permit
21624// persons to whom the Software is furnished to do so, subject to the
21625// following conditions:
21626//
21627// The above copyright notice and this permission notice shall be included
21628// in all copies or substantial portions of the Software.
21629//
21630// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
21631// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
21632// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
21633// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
21634// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
21635// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
21636// USE OR OTHER DEALINGS IN THE SOFTWARE.
21637
21638module.exports = Stream;
21639
21640var EE = require('events').EventEmitter;
21641var inherits = require('inherits');
21642
21643inherits(Stream, EE);
21644Stream.Readable = require('readable-stream/readable.js');
21645Stream.Writable = require('readable-stream/writable.js');
21646Stream.Duplex = require('readable-stream/duplex.js');
21647Stream.Transform = require('readable-stream/transform.js');
21648Stream.PassThrough = require('readable-stream/passthrough.js');
21649
21650// Backwards-compat with node 0.4.x
21651Stream.Stream = Stream;
21652
21653
21654
21655// old-style streams. Note that the pipe method (the only relevant
21656// part of this class) is overridden in the Readable class.
21657
21658function Stream() {
21659 EE.call(this);
21660}
21661
21662Stream.prototype.pipe = function(dest, options) {
21663 var source = this;
21664
21665 function ondata(chunk) {
21666 if (dest.writable) {
21667 if (false === dest.write(chunk) && source.pause) {
21668 source.pause();
21669 }
21670 }
21671 }
21672
21673 source.on('data', ondata);
21674
21675 function ondrain() {
21676 if (source.readable && source.resume) {
21677 source.resume();
21678 }
21679 }
21680
21681 dest.on('drain', ondrain);
21682
21683 // If the 'end' option is not supplied, dest.end() will be called when
21684 // source gets the 'end' or 'close' events. Only dest.end() once.
21685 if (!dest._isStdio && (!options || options.end !== false)) {
21686 source.on('end', onend);
21687 source.on('close', onclose);
21688 }
21689
21690 var didOnEnd = false;
21691 function onend() {
21692 if (didOnEnd) return;
21693 didOnEnd = true;
21694
21695 dest.end();
21696 }
21697
21698
21699 function onclose() {
21700 if (didOnEnd) return;
21701 didOnEnd = true;
21702
21703 if (typeof dest.destroy === 'function') dest.destroy();
21704 }
21705
21706 // don't leave dangling pipes when there are errors.
21707 function onerror(er) {
21708 cleanup();
21709 if (EE.listenerCount(this, 'error') === 0) {
21710 throw er; // Unhandled stream error in pipe.
21711 }
21712 }
21713
21714 source.on('error', onerror);
21715 dest.on('error', onerror);
21716
21717 // remove all the event listeners that were added.
21718 function cleanup() {
21719 source.removeListener('data', ondata);
21720 dest.removeListener('drain', ondrain);
21721
21722 source.removeListener('end', onend);
21723 source.removeListener('close', onclose);
21724
21725 source.removeListener('error', onerror);
21726 dest.removeListener('error', onerror);
21727
21728 source.removeListener('end', cleanup);
21729 source.removeListener('close', cleanup);
21730
21731 dest.removeListener('close', cleanup);
21732 }
21733
21734 source.on('end', cleanup);
21735 source.on('close', cleanup);
21736
21737 dest.on('close', cleanup);
21738
21739 dest.emit('pipe', source);
21740
21741 // Allow for unix-like usage: A.pipe(B).pipe(C)
21742 return dest;
21743};
21744
21745},{"events":83,"inherits":95,"readable-stream/duplex.js":120,"readable-stream/passthrough.js":129,"readable-stream/readable.js":130,"readable-stream/transform.js":131,"readable-stream/writable.js":132}],144:[function(require,module,exports){
21746// Copyright Joyent, Inc. and other Node contributors.
21747//
21748// Permission is hereby granted, free of charge, to any person obtaining a
21749// copy of this software and associated documentation files (the
21750// "Software"), to deal in the Software without restriction, including
21751// without limitation the rights to use, copy, modify, merge, publish,
21752// distribute, sublicense, and/or sell copies of the Software, and to permit
21753// persons to whom the Software is furnished to do so, subject to the
21754// following conditions:
21755//
21756// The above copyright notice and this permission notice shall be included
21757// in all copies or substantial portions of the Software.
21758//
21759// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
21760// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
21761// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
21762// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
21763// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
21764// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
21765// USE OR OTHER DEALINGS IN THE SOFTWARE.
21766
21767var Buffer = require('buffer').Buffer;
21768
21769var isBufferEncoding = Buffer.isEncoding
21770 || function(encoding) {
21771 switch (encoding && encoding.toLowerCase()) {
21772 case 'hex': case 'utf8': case 'utf-8': case 'ascii': case 'binary': case 'base64': case 'ucs2': case 'ucs-2': case 'utf16le': case 'utf-16le': case 'raw': return true;
21773 default: return false;
21774 }
21775 }
21776
21777
21778function assertEncoding(encoding) {
21779 if (encoding && !isBufferEncoding(encoding)) {
21780 throw new Error('Unknown encoding: ' + encoding);
21781 }
21782}
21783
21784// StringDecoder provides an interface for efficiently splitting a series of
21785// buffers into a series of JS strings without breaking apart multi-byte
21786// characters. CESU-8 is handled as part of the UTF-8 encoding.
21787//
21788// @TODO Handling all encodings inside a single object makes it very difficult
21789// to reason about this code, so it should be split up in the future.
21790// @TODO There should be a utf8-strict encoding that rejects invalid UTF-8 code
21791// points as used by CESU-8.
21792var StringDecoder = exports.StringDecoder = function(encoding) {
21793 this.encoding = (encoding || 'utf8').toLowerCase().replace(/[-_]/, '');
21794 assertEncoding(encoding);
21795 switch (this.encoding) {
21796 case 'utf8':
21797 // CESU-8 represents each of Surrogate Pair by 3-bytes
21798 this.surrogateSize = 3;
21799 break;
21800 case 'ucs2':
21801 case 'utf16le':
21802 // UTF-16 represents each of Surrogate Pair by 2-bytes
21803 this.surrogateSize = 2;
21804 this.detectIncompleteChar = utf16DetectIncompleteChar;
21805 break;
21806 case 'base64':
21807 // Base-64 stores 3 bytes in 4 chars, and pads the remainder.
21808 this.surrogateSize = 3;
21809 this.detectIncompleteChar = base64DetectIncompleteChar;
21810 break;
21811 default:
21812 this.write = passThroughWrite;
21813 return;
21814 }
21815
21816 // Enough space to store all bytes of a single character. UTF-8 needs 4
21817 // bytes, but CESU-8 may require up to 6 (3 bytes per surrogate).
21818 this.charBuffer = new Buffer(6);
21819 // Number of bytes received for the current incomplete multi-byte character.
21820 this.charReceived = 0;
21821 // Number of bytes expected for the current incomplete multi-byte character.
21822 this.charLength = 0;
21823};
21824
21825
21826// write decodes the given buffer and returns it as JS string that is
21827// guaranteed to not contain any partial multi-byte characters. Any partial
21828// character found at the end of the buffer is buffered up, and will be
21829// returned when calling write again with the remaining bytes.
21830//
21831// Note: Converting a Buffer containing an orphan surrogate to a String
21832// currently works, but converting a String to a Buffer (via `new Buffer`, or
21833// Buffer#write) will replace incomplete surrogates with the unicode
21834// replacement character. See https://codereview.chromium.org/121173009/ .
21835StringDecoder.prototype.write = function(buffer) {
21836 var charStr = '';
21837 // if our last write ended with an incomplete multibyte character
21838 while (this.charLength) {
21839 // determine how many remaining bytes this buffer has to offer for this char
21840 var available = (buffer.length >= this.charLength - this.charReceived) ?
21841 this.charLength - this.charReceived :
21842 buffer.length;
21843
21844 // add the new bytes to the char buffer
21845 buffer.copy(this.charBuffer, this.charReceived, 0, available);
21846 this.charReceived += available;
21847
21848 if (this.charReceived < this.charLength) {
21849 // still not enough chars in this buffer? wait for more ...
21850 return '';
21851 }
21852
21853 // remove bytes belonging to the current character from the buffer
21854 buffer = buffer.slice(available, buffer.length);
21855
21856 // get the character that was split
21857 charStr = this.charBuffer.slice(0, this.charLength).toString(this.encoding);
21858
21859 // CESU-8: lead surrogate (D800-DBFF) is also the incomplete character
21860 var charCode = charStr.charCodeAt(charStr.length - 1);
21861 if (charCode >= 0xD800 && charCode <= 0xDBFF) {
21862 this.charLength += this.surrogateSize;
21863 charStr = '';
21864 continue;
21865 }
21866 this.charReceived = this.charLength = 0;
21867
21868 // if there are no more bytes in this buffer, just emit our char
21869 if (buffer.length === 0) {
21870 return charStr;
21871 }
21872 break;
21873 }
21874
21875 // determine and set charLength / charReceived
21876 this.detectIncompleteChar(buffer);
21877
21878 var end = buffer.length;
21879 if (this.charLength) {
21880 // buffer the incomplete character bytes we got
21881 buffer.copy(this.charBuffer, 0, buffer.length - this.charReceived, end);
21882 end -= this.charReceived;
21883 }
21884
21885 charStr += buffer.toString(this.encoding, 0, end);
21886
21887 var end = charStr.length - 1;
21888 var charCode = charStr.charCodeAt(end);
21889 // CESU-8: lead surrogate (D800-DBFF) is also the incomplete character
21890 if (charCode >= 0xD800 && charCode <= 0xDBFF) {
21891 var size = this.surrogateSize;
21892 this.charLength += size;
21893 this.charReceived += size;
21894 this.charBuffer.copy(this.charBuffer, size, 0, size);
21895 buffer.copy(this.charBuffer, 0, 0, size);
21896 return charStr.substring(0, end);
21897 }
21898
21899 // or just emit the charStr
21900 return charStr;
21901};
21902
21903// detectIncompleteChar determines if there is an incomplete UTF-8 character at
21904// the end of the given buffer. If so, it sets this.charLength to the byte
21905// length that character, and sets this.charReceived to the number of bytes
21906// that are available for this character.
21907StringDecoder.prototype.detectIncompleteChar = function(buffer) {
21908 // determine how many bytes we have to check at the end of this buffer
21909 var i = (buffer.length >= 3) ? 3 : buffer.length;
21910
21911 // Figure out if one of the last i bytes of our buffer announces an
21912 // incomplete char.
21913 for (; i > 0; i--) {
21914 var c = buffer[buffer.length - i];
21915
21916 // See http://en.wikipedia.org/wiki/UTF-8#Description
21917
21918 // 110XXXXX
21919 if (i == 1 && c >> 5 == 0x06) {
21920 this.charLength = 2;
21921 break;
21922 }
21923
21924 // 1110XXXX
21925 if (i <= 2 && c >> 4 == 0x0E) {
21926 this.charLength = 3;
21927 break;
21928 }
21929
21930 // 11110XXX
21931 if (i <= 3 && c >> 3 == 0x1E) {
21932 this.charLength = 4;
21933 break;
21934 }
21935 }
21936 this.charReceived = i;
21937};
21938
21939StringDecoder.prototype.end = function(buffer) {
21940 var res = '';
21941 if (buffer && buffer.length)
21942 res = this.write(buffer);
21943
21944 if (this.charReceived) {
21945 var cr = this.charReceived;
21946 var buf = this.charBuffer;
21947 var enc = this.encoding;
21948 res += buf.slice(0, cr).toString(enc);
21949 }
21950
21951 return res;
21952};
21953
21954function passThroughWrite(buffer) {
21955 return buffer.toString(this.encoding);
21956}
21957
21958function utf16DetectIncompleteChar(buffer) {
21959 this.charReceived = buffer.length % 2;
21960 this.charLength = this.charReceived ? 2 : 0;
21961}
21962
21963function base64DetectIncompleteChar(buffer) {
21964 this.charReceived = buffer.length % 3;
21965 this.charLength = this.charReceived ? 3 : 0;
21966}
21967
21968},{"buffer":47}],145:[function(require,module,exports){
21969(function (global){
21970
21971/**
21972 * Module exports.
21973 */
21974
21975module.exports = deprecate;
21976
21977/**
21978 * Mark that a method should not be used.
21979 * Returns a modified function which warns once by default.
21980 *
21981 * If `localStorage.noDeprecation = true` is set, then it is a no-op.
21982 *
21983 * If `localStorage.throwDeprecation = true` is set, then deprecated functions
21984 * will throw an Error when invoked.
21985 *
21986 * If `localStorage.traceDeprecation = true` is set, then deprecated functions
21987 * will invoke `console.trace()` instead of `console.error()`.
21988 *
21989 * @param {Function} fn - the function to deprecate
21990 * @param {String} msg - the string to print to the console when `fn` is invoked
21991 * @returns {Function} a new "deprecated" version of `fn`
21992 * @api public
21993 */
21994
21995function deprecate (fn, msg) {
21996 if (config('noDeprecation')) {
21997 return fn;
21998 }
21999
22000 var warned = false;
22001 function deprecated() {
22002 if (!warned) {
22003 if (config('throwDeprecation')) {
22004 throw new Error(msg);
22005 } else if (config('traceDeprecation')) {
22006 console.trace(msg);
22007 } else {
22008 console.warn(msg);
22009 }
22010 warned = true;
22011 }
22012 return fn.apply(this, arguments);
22013 }
22014
22015 return deprecated;
22016}
22017
22018/**
22019 * Checks `localStorage` for boolean values for the given `name`.
22020 *
22021 * @param {String} name
22022 * @returns {Boolean}
22023 * @api private
22024 */
22025
22026function config (name) {
22027 // accessing global.localStorage can trigger a DOMException in sandboxed iframes
22028 try {
22029 if (!global.localStorage) return false;
22030 } catch (_) {
22031 return false;
22032 }
22033 var val = global.localStorage[name];
22034 if (null == val) return false;
22035 return String(val).toLowerCase() === 'true';
22036}
22037
22038}).call(this,typeof global !== "undefined" ? global : typeof self !== "undefined" ? self : typeof window !== "undefined" ? window : {})
22039},{}],146:[function(require,module,exports){
22040arguments[4][95][0].apply(exports,arguments)
22041},{"dup":95}],147:[function(require,module,exports){
22042module.exports = function isBuffer(arg) {
22043 return arg && typeof arg === 'object'
22044 && typeof arg.copy === 'function'
22045 && typeof arg.fill === 'function'
22046 && typeof arg.readUInt8 === 'function';
22047}
22048},{}],148:[function(require,module,exports){
22049(function (process,global){
22050// Copyright Joyent, Inc. and other Node contributors.
22051//
22052// Permission is hereby granted, free of charge, to any person obtaining a
22053// copy of this software and associated documentation files (the
22054// "Software"), to deal in the Software without restriction, including
22055// without limitation the rights to use, copy, modify, merge, publish,
22056// distribute, sublicense, and/or sell copies of the Software, and to permit
22057// persons to whom the Software is furnished to do so, subject to the
22058// following conditions:
22059//
22060// The above copyright notice and this permission notice shall be included
22061// in all copies or substantial portions of the Software.
22062//
22063// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
22064// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22065// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
22066// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
22067// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
22068// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
22069// USE OR OTHER DEALINGS IN THE SOFTWARE.
22070
22071var formatRegExp = /%[sdj%]/g;
22072exports.format = function(f) {
22073 if (!isString(f)) {
22074 var objects = [];
22075 for (var i = 0; i < arguments.length; i++) {
22076 objects.push(inspect(arguments[i]));
22077 }
22078 return objects.join(' ');
22079 }
22080
22081 var i = 1;
22082 var args = arguments;
22083 var len = args.length;
22084 var str = String(f).replace(formatRegExp, function(x) {
22085 if (x === '%%') return '%';
22086 if (i >= len) return x;
22087 switch (x) {
22088 case '%s': return String(args[i++]);
22089 case '%d': return Number(args[i++]);
22090 case '%j':
22091 try {
22092 return JSON.stringify(args[i++]);
22093 } catch (_) {
22094 return '[Circular]';
22095 }
22096 default:
22097 return x;
22098 }
22099 });
22100 for (var x = args[i]; i < len; x = args[++i]) {
22101 if (isNull(x) || !isObject(x)) {
22102 str += ' ' + x;
22103 } else {
22104 str += ' ' + inspect(x);
22105 }
22106 }
22107 return str;
22108};
22109
22110
22111// Mark that a method should not be used.
22112// Returns a modified function which warns once by default.
22113// If --no-deprecation is set, then it is a no-op.
22114exports.deprecate = function(fn, msg) {
22115 // Allow for deprecating things in the process of starting up.
22116 if (isUndefined(global.process)) {
22117 return function() {
22118 return exports.deprecate(fn, msg).apply(this, arguments);
22119 };
22120 }
22121
22122 if (process.noDeprecation === true) {
22123 return fn;
22124 }
22125
22126 var warned = false;
22127 function deprecated() {
22128 if (!warned) {
22129 if (process.throwDeprecation) {
22130 throw new Error(msg);
22131 } else if (process.traceDeprecation) {
22132 console.trace(msg);
22133 } else {
22134 console.error(msg);
22135 }
22136 warned = true;
22137 }
22138 return fn.apply(this, arguments);
22139 }
22140
22141 return deprecated;
22142};
22143
22144
22145var debugs = {};
22146var debugEnviron;
22147exports.debuglog = function(set) {
22148 if (isUndefined(debugEnviron))
22149 debugEnviron = process.env.NODE_DEBUG || '';
22150 set = set.toUpperCase();
22151 if (!debugs[set]) {
22152 if (new RegExp('\\b' + set + '\\b', 'i').test(debugEnviron)) {
22153 var pid = process.pid;
22154 debugs[set] = function() {
22155 var msg = exports.format.apply(exports, arguments);
22156 console.error('%s %d: %s', set, pid, msg);
22157 };
22158 } else {
22159 debugs[set] = function() {};
22160 }
22161 }
22162 return debugs[set];
22163};
22164
22165
22166/**
22167 * Echos the value of a value. Trys to print the value out
22168 * in the best way possible given the different types.
22169 *
22170 * @param {Object} obj The object to print out.
22171 * @param {Object} opts Optional options object that alters the output.
22172 */
22173/* legacy: obj, showHidden, depth, colors*/
22174function inspect(obj, opts) {
22175 // default options
22176 var ctx = {
22177 seen: [],
22178 stylize: stylizeNoColor
22179 };
22180 // legacy...
22181 if (arguments.length >= 3) ctx.depth = arguments[2];
22182 if (arguments.length >= 4) ctx.colors = arguments[3];
22183 if (isBoolean(opts)) {
22184 // legacy...
22185 ctx.showHidden = opts;
22186 } else if (opts) {
22187 // got an "options" object
22188 exports._extend(ctx, opts);
22189 }
22190 // set default options
22191 if (isUndefined(ctx.showHidden)) ctx.showHidden = false;
22192 if (isUndefined(ctx.depth)) ctx.depth = 2;
22193 if (isUndefined(ctx.colors)) ctx.colors = false;
22194 if (isUndefined(ctx.customInspect)) ctx.customInspect = true;
22195 if (ctx.colors) ctx.stylize = stylizeWithColor;
22196 return formatValue(ctx, obj, ctx.depth);
22197}
22198exports.inspect = inspect;
22199
22200
22201// http://en.wikipedia.org/wiki/ANSI_escape_code#graphics
22202inspect.colors = {
22203 'bold' : [1, 22],
22204 'italic' : [3, 23],
22205 'underline' : [4, 24],
22206 'inverse' : [7, 27],
22207 'white' : [37, 39],
22208 'grey' : [90, 39],
22209 'black' : [30, 39],
22210 'blue' : [34, 39],
22211 'cyan' : [36, 39],
22212 'green' : [32, 39],
22213 'magenta' : [35, 39],
22214 'red' : [31, 39],
22215 'yellow' : [33, 39]
22216};
22217
22218// Don't use 'blue' not visible on cmd.exe
22219inspect.styles = {
22220 'special': 'cyan',
22221 'number': 'yellow',
22222 'boolean': 'yellow',
22223 'undefined': 'grey',
22224 'null': 'bold',
22225 'string': 'green',
22226 'date': 'magenta',
22227 // "name": intentionally not styling
22228 'regexp': 'red'
22229};
22230
22231
22232function stylizeWithColor(str, styleType) {
22233 var style = inspect.styles[styleType];
22234
22235 if (style) {
22236 return '\u001b[' + inspect.colors[style][0] + 'm' + str +
22237 '\u001b[' + inspect.colors[style][1] + 'm';
22238 } else {
22239 return str;
22240 }
22241}
22242
22243
22244function stylizeNoColor(str, styleType) {
22245 return str;
22246}
22247
22248
22249function arrayToHash(array) {
22250 var hash = {};
22251
22252 array.forEach(function(val, idx) {
22253 hash[val] = true;
22254 });
22255
22256 return hash;
22257}
22258
22259
22260function formatValue(ctx, value, recurseTimes) {
22261 // Provide a hook for user-specified inspect functions.
22262 // Check that value is an object with an inspect function on it
22263 if (ctx.customInspect &&
22264 value &&
22265 isFunction(value.inspect) &&
22266 // Filter out the util module, it's inspect function is special
22267 value.inspect !== exports.inspect &&
22268 // Also filter out any prototype objects using the circular check.
22269 !(value.constructor && value.constructor.prototype === value)) {
22270 var ret = value.inspect(recurseTimes, ctx);
22271 if (!isString(ret)) {
22272 ret = formatValue(ctx, ret, recurseTimes);
22273 }
22274 return ret;
22275 }
22276
22277 // Primitive types cannot have properties
22278 var primitive = formatPrimitive(ctx, value);
22279 if (primitive) {
22280 return primitive;
22281 }
22282
22283 // Look up the keys of the object.
22284 var keys = Object.keys(value);
22285 var visibleKeys = arrayToHash(keys);
22286
22287 if (ctx.showHidden) {
22288 keys = Object.getOwnPropertyNames(value);
22289 }
22290
22291 // IE doesn't make error fields non-enumerable
22292 // http://msdn.microsoft.com/en-us/library/ie/dww52sbt(v=vs.94).aspx
22293 if (isError(value)
22294 && (keys.indexOf('message') >= 0 || keys.indexOf('description') >= 0)) {
22295 return formatError(value);
22296 }
22297
22298 // Some type of object without properties can be shortcutted.
22299 if (keys.length === 0) {
22300 if (isFunction(value)) {
22301 var name = value.name ? ': ' + value.name : '';
22302 return ctx.stylize('[Function' + name + ']', 'special');
22303 }
22304 if (isRegExp(value)) {
22305 return ctx.stylize(RegExp.prototype.toString.call(value), 'regexp');
22306 }
22307 if (isDate(value)) {
22308 return ctx.stylize(Date.prototype.toString.call(value), 'date');
22309 }
22310 if (isError(value)) {
22311 return formatError(value);
22312 }
22313 }
22314
22315 var base = '', array = false, braces = ['{', '}'];
22316
22317 // Make Array say that they are Array
22318 if (isArray(value)) {
22319 array = true;
22320 braces = ['[', ']'];
22321 }
22322
22323 // Make functions say that they are functions
22324 if (isFunction(value)) {
22325 var n = value.name ? ': ' + value.name : '';
22326 base = ' [Function' + n + ']';
22327 }
22328
22329 // Make RegExps say that they are RegExps
22330 if (isRegExp(value)) {
22331 base = ' ' + RegExp.prototype.toString.call(value);
22332 }
22333
22334 // Make dates with properties first say the date
22335 if (isDate(value)) {
22336 base = ' ' + Date.prototype.toUTCString.call(value);
22337 }
22338
22339 // Make error with message first say the error
22340 if (isError(value)) {
22341 base = ' ' + formatError(value);
22342 }
22343
22344 if (keys.length === 0 && (!array || value.length == 0)) {
22345 return braces[0] + base + braces[1];
22346 }
22347
22348 if (recurseTimes < 0) {
22349 if (isRegExp(value)) {
22350 return ctx.stylize(RegExp.prototype.toString.call(value), 'regexp');
22351 } else {
22352 return ctx.stylize('[Object]', 'special');
22353 }
22354 }
22355
22356 ctx.seen.push(value);
22357
22358 var output;
22359 if (array) {
22360 output = formatArray(ctx, value, recurseTimes, visibleKeys, keys);
22361 } else {
22362 output = keys.map(function(key) {
22363 return formatProperty(ctx, value, recurseTimes, visibleKeys, key, array);
22364 });
22365 }
22366
22367 ctx.seen.pop();
22368
22369 return reduceToSingleString(output, base, braces);
22370}
22371
22372
22373function formatPrimitive(ctx, value) {
22374 if (isUndefined(value))
22375 return ctx.stylize('undefined', 'undefined');
22376 if (isString(value)) {
22377 var simple = '\'' + JSON.stringify(value).replace(/^"|"$/g, '')
22378 .replace(/'/g, "\\'")
22379 .replace(/\\"/g, '"') + '\'';
22380 return ctx.stylize(simple, 'string');
22381 }
22382 if (isNumber(value))
22383 return ctx.stylize('' + value, 'number');
22384 if (isBoolean(value))
22385 return ctx.stylize('' + value, 'boolean');
22386 // For some reason typeof null is "object", so special case here.
22387 if (isNull(value))
22388 return ctx.stylize('null', 'null');
22389}
22390
22391
22392function formatError(value) {
22393 return '[' + Error.prototype.toString.call(value) + ']';
22394}
22395
22396
22397function formatArray(ctx, value, recurseTimes, visibleKeys, keys) {
22398 var output = [];
22399 for (var i = 0, l = value.length; i < l; ++i) {
22400 if (hasOwnProperty(value, String(i))) {
22401 output.push(formatProperty(ctx, value, recurseTimes, visibleKeys,
22402 String(i), true));
22403 } else {
22404 output.push('');
22405 }
22406 }
22407 keys.forEach(function(key) {
22408 if (!key.match(/^\d+$/)) {
22409 output.push(formatProperty(ctx, value, recurseTimes, visibleKeys,
22410 key, true));
22411 }
22412 });
22413 return output;
22414}
22415
22416
22417function formatProperty(ctx, value, recurseTimes, visibleKeys, key, array) {
22418 var name, str, desc;
22419 desc = Object.getOwnPropertyDescriptor(value, key) || { value: value[key] };
22420 if (desc.get) {
22421 if (desc.set) {
22422 str = ctx.stylize('[Getter/Setter]', 'special');
22423 } else {
22424 str = ctx.stylize('[Getter]', 'special');
22425 }
22426 } else {
22427 if (desc.set) {
22428 str = ctx.stylize('[Setter]', 'special');
22429 }
22430 }
22431 if (!hasOwnProperty(visibleKeys, key)) {
22432 name = '[' + key + ']';
22433 }
22434 if (!str) {
22435 if (ctx.seen.indexOf(desc.value) < 0) {
22436 if (isNull(recurseTimes)) {
22437 str = formatValue(ctx, desc.value, null);
22438 } else {
22439 str = formatValue(ctx, desc.value, recurseTimes - 1);
22440 }
22441 if (str.indexOf('\n') > -1) {
22442 if (array) {
22443 str = str.split('\n').map(function(line) {
22444 return ' ' + line;
22445 }).join('\n').substr(2);
22446 } else {
22447 str = '\n' + str.split('\n').map(function(line) {
22448 return ' ' + line;
22449 }).join('\n');
22450 }
22451 }
22452 } else {
22453 str = ctx.stylize('[Circular]', 'special');
22454 }
22455 }
22456 if (isUndefined(name)) {
22457 if (array && key.match(/^\d+$/)) {
22458 return str;
22459 }
22460 name = JSON.stringify('' + key);
22461 if (name.match(/^"([a-zA-Z_][a-zA-Z_0-9]*)"$/)) {
22462 name = name.substr(1, name.length - 2);
22463 name = ctx.stylize(name, 'name');
22464 } else {
22465 name = name.replace(/'/g, "\\'")
22466 .replace(/\\"/g, '"')
22467 .replace(/(^"|"$)/g, "'");
22468 name = ctx.stylize(name, 'string');
22469 }
22470 }
22471
22472 return name + ': ' + str;
22473}
22474
22475
22476function reduceToSingleString(output, base, braces) {
22477 var numLinesEst = 0;
22478 var length = output.reduce(function(prev, cur) {
22479 numLinesEst++;
22480 if (cur.indexOf('\n') >= 0) numLinesEst++;
22481 return prev + cur.replace(/\u001b\[\d\d?m/g, '').length + 1;
22482 }, 0);
22483
22484 if (length > 60) {
22485 return braces[0] +
22486 (base === '' ? '' : base + '\n ') +
22487 ' ' +
22488 output.join(',\n ') +
22489 ' ' +
22490 braces[1];
22491 }
22492
22493 return braces[0] + base + ' ' + output.join(', ') + ' ' + braces[1];
22494}
22495
22496
22497// NOTE: These type checking functions intentionally don't use `instanceof`
22498// because it is fragile and can be easily faked with `Object.create()`.
22499function isArray(ar) {
22500 return Array.isArray(ar);
22501}
22502exports.isArray = isArray;
22503
22504function isBoolean(arg) {
22505 return typeof arg === 'boolean';
22506}
22507exports.isBoolean = isBoolean;
22508
22509function isNull(arg) {
22510 return arg === null;
22511}
22512exports.isNull = isNull;
22513
22514function isNullOrUndefined(arg) {
22515 return arg == null;
22516}
22517exports.isNullOrUndefined = isNullOrUndefined;
22518
22519function isNumber(arg) {
22520 return typeof arg === 'number';
22521}
22522exports.isNumber = isNumber;
22523
22524function isString(arg) {
22525 return typeof arg === 'string';
22526}
22527exports.isString = isString;
22528
22529function isSymbol(arg) {
22530 return typeof arg === 'symbol';
22531}
22532exports.isSymbol = isSymbol;
22533
22534function isUndefined(arg) {
22535 return arg === void 0;
22536}
22537exports.isUndefined = isUndefined;
22538
22539function isRegExp(re) {
22540 return isObject(re) && objectToString(re) === '[object RegExp]';
22541}
22542exports.isRegExp = isRegExp;
22543
22544function isObject(arg) {
22545 return typeof arg === 'object' && arg !== null;
22546}
22547exports.isObject = isObject;
22548
22549function isDate(d) {
22550 return isObject(d) && objectToString(d) === '[object Date]';
22551}
22552exports.isDate = isDate;
22553
22554function isError(e) {
22555 return isObject(e) &&
22556 (objectToString(e) === '[object Error]' || e instanceof Error);
22557}
22558exports.isError = isError;
22559
22560function isFunction(arg) {
22561 return typeof arg === 'function';
22562}
22563exports.isFunction = isFunction;
22564
22565function isPrimitive(arg) {
22566 return arg === null ||
22567 typeof arg === 'boolean' ||
22568 typeof arg === 'number' ||
22569 typeof arg === 'string' ||
22570 typeof arg === 'symbol' || // ES6 symbol
22571 typeof arg === 'undefined';
22572}
22573exports.isPrimitive = isPrimitive;
22574
22575exports.isBuffer = require('./support/isBuffer');
22576
22577function objectToString(o) {
22578 return Object.prototype.toString.call(o);
22579}
22580
22581
22582function pad(n) {
22583 return n < 10 ? '0' + n.toString(10) : n.toString(10);
22584}
22585
22586
22587var months = ['Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep',
22588 'Oct', 'Nov', 'Dec'];
22589
22590// 26 Feb 16:19:34
22591function timestamp() {
22592 var d = new Date();
22593 var time = [pad(d.getHours()),
22594 pad(d.getMinutes()),
22595 pad(d.getSeconds())].join(':');
22596 return [d.getDate(), months[d.getMonth()], time].join(' ');
22597}
22598
22599
22600// log is just a thin wrapper to console.log that prepends a timestamp
22601exports.log = function() {
22602 console.log('%s - %s', timestamp(), exports.format.apply(exports, arguments));
22603};
22604
22605
22606/**
22607 * Inherit the prototype methods from one constructor into another.
22608 *
22609 * The Function.prototype.inherits from lang.js rewritten as a standalone
22610 * function (not on Function.prototype). NOTE: If this file is to be loaded
22611 * during bootstrapping this function needs to be rewritten using some native
22612 * functions as prototype setup using normal JavaScript does not work as
22613 * expected during bootstrapping (see mirror.js in r114903).
22614 *
22615 * @param {function} ctor Constructor function which needs to inherit the
22616 * prototype.
22617 * @param {function} superCtor Constructor function to inherit prototype from.
22618 */
22619exports.inherits = require('inherits');
22620
22621exports._extend = function(origin, add) {
22622 // Don't do anything if add isn't an object
22623 if (!add || !isObject(add)) return origin;
22624
22625 var keys = Object.keys(add);
22626 var i = keys.length;
22627 while (i--) {
22628 origin[keys[i]] = add[keys[i]];
22629 }
22630 return origin;
22631};
22632
22633function hasOwnProperty(obj, prop) {
22634 return Object.prototype.hasOwnProperty.call(obj, prop);
22635}
22636
22637}).call(this,require('_process'),typeof global !== "undefined" ? global : typeof self !== "undefined" ? self : typeof window !== "undefined" ? window : {})
22638},{"./support/isBuffer":147,"_process":112,"inherits":146}],149:[function(require,module,exports){
22639var indexOf = require('indexof');
22640
22641var Object_keys = function (obj) {
22642 if (Object.keys) return Object.keys(obj)
22643 else {
22644 var res = [];
22645 for (var key in obj) res.push(key)
22646 return res;
22647 }
22648};
22649
22650var forEach = function (xs, fn) {
22651 if (xs.forEach) return xs.forEach(fn)
22652 else for (var i = 0; i < xs.length; i++) {
22653 fn(xs[i], i, xs);
22654 }
22655};
22656
22657var defineProp = (function() {
22658 try {
22659 Object.defineProperty({}, '_', {});
22660 return function(obj, name, value) {
22661 Object.defineProperty(obj, name, {
22662 writable: true,
22663 enumerable: false,
22664 configurable: true,
22665 value: value
22666 })
22667 };
22668 } catch(e) {
22669 return function(obj, name, value) {
22670 obj[name] = value;
22671 };
22672 }
22673}());
22674
22675var globals = ['Array', 'Boolean', 'Date', 'Error', 'EvalError', 'Function',
22676'Infinity', 'JSON', 'Math', 'NaN', 'Number', 'Object', 'RangeError',
22677'ReferenceError', 'RegExp', 'String', 'SyntaxError', 'TypeError', 'URIError',
22678'decodeURI', 'decodeURIComponent', 'encodeURI', 'encodeURIComponent', 'escape',
22679'eval', 'isFinite', 'isNaN', 'parseFloat', 'parseInt', 'undefined', 'unescape'];
22680
22681function Context() {}
22682Context.prototype = {};
22683
22684var Script = exports.Script = function NodeScript (code) {
22685 if (!(this instanceof Script)) return new Script(code);
22686 this.code = code;
22687};
22688
22689Script.prototype.runInContext = function (context) {
22690 if (!(context instanceof Context)) {
22691 throw new TypeError("needs a 'context' argument.");
22692 }
5b689bd6 22693
0f0a888e
IC		 22694 var iframe = document.createElement('iframe');
22695 if (!iframe.style) iframe.style = {};
22696 iframe.style.display = 'none';
5b689bd6 22697
0f0a888e 22698 document.body.appendChild(iframe);
5b689bd6 22699
0f0a888e
IC		 22700 var win = iframe.contentWindow;
22701 var wEval = win.eval, wExecScript = win.execScript;
22702
22703 if (!wEval && wExecScript) {
22704 // win.eval() magically appears when this is called in IE:
22705 wExecScript.call(win, 'null');
22706 wEval = win.eval;
22707 }
5b689bd6 22708
0f0a888e
IC		 22709 forEach(Object_keys(context), function (key) {
22710 win[key] = context[key];
22711 });
22712 forEach(globals, function (key) {
22713 if (context[key]) {
22714 win[key] = context[key];
22715 }
22716 });
5b689bd6 22717
0f0a888e
IC		 22718 var winKeys = Object_keys(win);
22719
22720 var res = wEval.call(win, this.code);
5b689bd6 22721
0f0a888e
IC		 22722 forEach(Object_keys(win), function (key) {
22723 // Avoid copying circular objects like `top` and `window` by only
22724 // updating existing context properties or new properties in the `win`
22725 // that was only introduced after the eval.
22726 if (key in context || indexOf(winKeys, key) === -1) {
22727 context[key] = win[key];
22728 }
22729 });
22730
22731 forEach(globals, function (key) {
22732 if (!(key in context)) {
22733 defineProp(context, key, win[key]);
22734 }
22735 });
5b689bd6 22736
0f0a888e 22737 document.body.removeChild(iframe);
5b689bd6 22738
0f0a888e
IC		 22739 return res;
22740};
22741
22742Script.prototype.runInThisContext = function () {
22743 return eval(this.code); // maybe...
22744};
22745
22746Script.prototype.runInNewContext = function (context) {
22747 var ctx = Script.createContext(context);
22748 var res = this.runInContext(ctx);
22749
22750 forEach(Object_keys(ctx), function (key) {
22751 context[key] = ctx[key];
22752 });
22753
22754 return res;
22755};
22756
22757forEach(Object_keys(Script.prototype), function (name) {
22758 exports[name] = Script[name] = function (code) {
22759 var s = Script(code);
22760 return s[name].apply(s, [].slice.call(arguments, 1));
22761 };
22762});
22763
22764exports.createScript = function (code) {
22765 return exports.Script(code);
22766};
22767
22768exports.createContext = Script.createContext = function (context) {
22769 var copy = new Context();
22770 if(typeof context === 'object') {
22771 forEach(Object_keys(context), function (key) {
22772 copy[key] = context[key];
22773 });
22774 }
22775 return copy;
22776};
22777
22778},{"indexof":94}],150:[function(require,module,exports){
22779var aes = require('browserify-aes')
22780var assert = require('assert')
22781var Buffer = require('safe-buffer').Buffer
22782var bs58check = require('bs58check')
22783var createHash = require('create-hash')
22784var scrypt = require('scryptsy')
22785var xor = require('buffer-xor/inplace')
22786
22787var ecurve = require('ecurve')
22788var curve = ecurve.getCurveByName('secp256k1')
22789
22790var BigInteger = require('bigi')
22791
22792// constants
22793var SCRYPT_PARAMS = {
22794 N: 16384, // specified by BIP38
22795 r: 8,
22796 p: 8
22797}
22798var NULL = Buffer.alloc(0)
22799
22800function hash160 (buffer) {
22801 return createHash('rmd160').update(
22802 createHash('sha256').update(buffer).digest()
22803 ).digest()
22804}
22805
22806function hash256 (buffer) {
22807 return createHash('sha256').update(
22808 createHash('sha256').update(buffer).digest()
22809 ).digest()
22810}
22811
22812function getAddress (d, compressed) {
22813 var Q = curve.G.multiply(d).getEncoded(compressed)
22814 var hash = hash160(Q)
22815 var payload = Buffer.allocUnsafe(21)
22816 payload.writeUInt8(0x00, 0) // XXX TODO FIXME bitcoin only??? damn you BIP38
22817 hash.copy(payload, 1)
22818
22819 return bs58check.encode(payload)
22820}
22821
22822function encryptRaw (buffer, compressed, passphrase, progressCallback, scryptParams) {
22823 if (buffer.length !== 32) throw new Error('Invalid private key length')
22824 scryptParams = scryptParams || SCRYPT_PARAMS
22825
22826 var d = BigInteger.fromBuffer(buffer)
22827 var address = getAddress(d, compressed)
22828 var secret = Buffer.from(passphrase, 'utf8')
22829 var salt = hash256(address).slice(0, 4)
22830
22831 var N = scryptParams.N
22832 var r = scryptParams.r
22833 var p = scryptParams.p
22834
22835 var scryptBuf = scrypt(secret, salt, N, r, p, 64, progressCallback)
22836 var derivedHalf1 = scryptBuf.slice(0, 32)
22837 var derivedHalf2 = scryptBuf.slice(32, 64)
22838
22839 var xorBuf = xor(derivedHalf1, buffer)
22840 var cipher = aes.createCipheriv('aes-256-ecb', derivedHalf2, NULL)
22841 cipher.setAutoPadding(false)
22842 cipher.end(xorBuf)
22843
22844 var cipherText = cipher.read()
22845
22846 // 0x01 | 0x42 | flagByte | salt (4) | cipherText (32)
22847 var result = Buffer.allocUnsafe(7 + 32)
22848 result.writeUInt8(0x01, 0)
22849 result.writeUInt8(0x42, 1)
22850 result.writeUInt8(compressed ? 0xe0 : 0xc0, 2)
22851 salt.copy(result, 3)
22852 cipherText.copy(result, 7)
22853
22854 return result
22855}
22856
22857function encrypt (buffer, compressed, passphrase, progressCallback, scryptParams) {
22858 return bs58check.encode(encryptRaw(buffer, compressed, passphrase, progressCallback, scryptParams))
22859}
22860
22861// some of the techniques borrowed from: https://github.com/pointbiz/bitaddress.org
22862function decryptRaw (buffer, passphrase, progressCallback, scryptParams) {
22863 // 39 bytes: 2 bytes prefix, 37 bytes payload
22864 if (buffer.length !== 39) throw new Error('Invalid BIP38 data length')
22865 if (buffer.readUInt8(0) !== 0x01) throw new Error('Invalid BIP38 prefix')
22866 scryptParams = scryptParams || SCRYPT_PARAMS
22867
22868 // check if BIP38 EC multiply
22869 var type = buffer.readUInt8(1)
22870 if (type === 0x43) return decryptECMult(buffer, passphrase, progressCallback, scryptParams)
22871 if (type !== 0x42) throw new Error('Invalid BIP38 type')
22872
22873 passphrase = Buffer.from(passphrase, 'utf8')
22874
22875 var flagByte = buffer.readUInt8(2)
22876 var compressed = flagByte === 0xe0
22877 if (!compressed && flagByte !== 0xc0) throw new Error('Invalid BIP38 compression flag')
22878
22879 var N = scryptParams.N
22880 var r = scryptParams.r
22881 var p = scryptParams.p
22882
22883 var salt = buffer.slice(3, 7)
22884 var scryptBuf = scrypt(passphrase, salt, N, r, p, 64, progressCallback)
22885 var derivedHalf1 = scryptBuf.slice(0, 32)
22886 var derivedHalf2 = scryptBuf.slice(32, 64)
22887
22888 var privKeyBuf = buffer.slice(7, 7 + 32)
22889 var decipher = aes.createDecipheriv('aes-256-ecb', derivedHalf2, NULL)
22890 decipher.setAutoPadding(false)
22891 decipher.end(privKeyBuf)
22892
22893 var plainText = decipher.read()
22894 var privateKey = xor(derivedHalf1, plainText)
22895
22896 // verify salt matches address
22897 var d = BigInteger.fromBuffer(privateKey)
22898 var address = getAddress(d, compressed)
22899 var checksum = hash256(address).slice(0, 4)
22900 assert.deepEqual(salt, checksum)
22901
22902 return {
22903 privateKey: privateKey,
22904 compressed: compressed
22905 }
22906}
22907
22908function decrypt (string, passphrase, progressCallback, scryptParams) {
22909 return decryptRaw(bs58check.decode(string), passphrase, progressCallback, scryptParams)
22910}
22911
22912function decryptECMult (buffer, passphrase, progressCallback, scryptParams) {
22913 passphrase = Buffer.from(passphrase, 'utf8')
22914 buffer = buffer.slice(1) // FIXME: we can avoid this
22915 scryptParams = scryptParams || SCRYPT_PARAMS
22916
22917 var flag = buffer.readUInt8(1)
22918 var compressed = (flag & 0x20) !== 0
22919 var hasLotSeq = (flag & 0x04) !== 0
22920
22921 assert.equal((flag & 0x24), flag, 'Invalid private key.')
22922
22923 var addressHash = buffer.slice(2, 6)
22924 var ownerEntropy = buffer.slice(6, 14)
22925 var ownerSalt
22926
22927 // 4 bytes ownerSalt if 4 bytes lot/sequence
22928 if (hasLotSeq) {
22929 ownerSalt = ownerEntropy.slice(0, 4)
22930
22931 // else, 8 bytes ownerSalt
22932 } else {
22933 ownerSalt = ownerEntropy
22934 }
22935
22936 var encryptedPart1 = buffer.slice(14, 22) // First 8 bytes
22937 var encryptedPart2 = buffer.slice(22, 38) // 16 bytes
22938
22939 var N = scryptParams.N
22940 var r = scryptParams.r
22941 var p = scryptParams.p
22942 var preFactor = scrypt(passphrase, ownerSalt, N, r, p, 32, progressCallback)
22943
22944 var passFactor
22945 if (hasLotSeq) {
22946 var hashTarget = Buffer.concat([preFactor, ownerEntropy])
22947 passFactor = hash256(hashTarget)
22948 } else {
22949 passFactor = preFactor
22950 }
22951
22952 var passInt = BigInteger.fromBuffer(passFactor)
22953 var passPoint = curve.G.multiply(passInt).getEncoded(true)
22954
22955 var seedBPass = scrypt(passPoint, Buffer.concat([addressHash, ownerEntropy]), 1024, 1, 1, 64)
22956 var derivedHalf1 = seedBPass.slice(0, 32)
22957 var derivedHalf2 = seedBPass.slice(32, 64)
22958
22959 var decipher = aes.createDecipheriv('aes-256-ecb', derivedHalf2, Buffer.alloc(0))
22960 decipher.setAutoPadding(false)
22961 decipher.end(encryptedPart2)
22962
22963 var decryptedPart2 = decipher.read()
22964 var tmp = xor(decryptedPart2, derivedHalf1.slice(16, 32))
22965 var seedBPart2 = tmp.slice(8, 16)
22966
22967 var decipher2 = aes.createDecipheriv('aes-256-ecb', derivedHalf2, Buffer.alloc(0))
22968 decipher2.setAutoPadding(false)
22969 decipher2.write(encryptedPart1) // first 8 bytes
22970 decipher2.end(tmp.slice(0, 8)) // last 8 bytes
22971
22972 var seedBPart1 = xor(decipher2.read(), derivedHalf1.slice(0, 16))
22973 var seedB = Buffer.concat([seedBPart1, seedBPart2], 24)
22974 var factorB = BigInteger.fromBuffer(hash256(seedB))
22975
22976 // d = passFactor * factorB (mod n)
22977 var d = passInt.multiply(factorB).mod(curve.n)
22978
22979 return {
22980 privateKey: d.toBuffer(32),
22981 compressed: compressed
22982 }
22983}
22984
22985function verify (string) {
22986 var decoded = bs58check.decodeUnsafe(string)
22987 if (!decoded) return false
22988
22989 if (decoded.length !== 39) return false
22990 if (decoded.readUInt8(0) !== 0x01) return false
22991
22992 var type = decoded.readUInt8(1)
22993 var flag = decoded.readUInt8(2)
22994
22995 // encrypted WIF
22996 if (type === 0x42) {
22997 if (flag !== 0xc0 && flag !== 0xe0) return false
22998
22999 // EC mult
23000 } else if (type === 0x43) {
23001 if ((flag & ~0x24)) return false
23002 } else {
23003 return false
23004 }
23005
23006 return true
23007}
23008
23009module.exports = {
23010 decrypt: decrypt,
23011 decryptECMult: decryptECMult,
23012 decryptRaw: decryptRaw,
23013 encrypt: encrypt,
23014 encryptRaw: encryptRaw,
23015 verify: verify
23016}
23017
23018},{"assert":15,"bigi":154,"browserify-aes":158,"bs58check":175,"buffer-xor/inplace":177,"create-hash":179,"ecurve":184,"safe-buffer":193,"scryptsy":194}],151:[function(require,module,exports){
23019// base-x encoding
23020// Forked from https://github.com/cryptocoinjs/bs58
23021// Originally written by Mike Hearn for BitcoinJ
23022// Copyright (c) 2011 Google Inc
23023// Ported to JavaScript by Stefan Thomas
23024// Merged Buffer refactorings from base58-native by Stephen Pair
23025// Copyright (c) 2013 BitPay Inc
23026
23027var Buffer = require('safe-buffer').Buffer
23028
23029module.exports = function base (ALPHABET) {
23030 var ALPHABET_MAP = {}
23031 var BASE = ALPHABET.length
23032 var LEADER = ALPHABET.charAt(0)
23033
23034 // pre-compute lookup table
23035 for (var z = 0; z < ALPHABET.length; z++) {
23036 var x = ALPHABET.charAt(z)
23037
23038 if (ALPHABET_MAP[x] !== undefined) throw new TypeError(x + ' is ambiguous')
23039 ALPHABET_MAP[x] = z
23040 }
23041
23042 function encode (source) {
23043 if (source.length === 0) return ''
23044
23045 var digits = [0]
23046 for (var i = 0; i < source.length; ++i) {
23047 for (var j = 0, carry = source[i]; j < digits.length; ++j) {
23048 carry += digits[j] << 8
23049 digits[j] = carry % BASE
23050 carry = (carry / BASE) | 0
23051 }
23052
23053 while (carry > 0) {
23054 digits.push(carry % BASE)
23055 carry = (carry / BASE) | 0
23056 }
23057 }
23058
23059 var string = ''
23060
23061 // deal with leading zeros
23062 for (var k = 0; source[k] === 0 && k < source.length - 1; ++k) string += LEADER
23063 // convert digits to a string
23064 for (var q = digits.length - 1; q >= 0; --q) string += ALPHABET[digits[q]]
23065
23066 return string
23067 }
23068
23069 function decodeUnsafe (string) {
23070 if (typeof string !== 'string') throw new TypeError('Expected String')
23071 if (string.length === 0) return Buffer.allocUnsafe(0)
23072
23073 var bytes = [0]
23074 for (var i = 0; i < string.length; i++) {
23075 var value = ALPHABET_MAP[string[i]]
23076 if (value === undefined) return
23077
23078 for (var j = 0, carry = value; j < bytes.length; ++j) {
23079 carry += bytes[j] * BASE
23080 bytes[j] = carry & 0xff
23081 carry >>= 8
23082 }
23083
23084 while (carry > 0) {
23085 bytes.push(carry & 0xff)
23086 carry >>= 8
23087 }
23088 }
23089
23090 // deal with leading zeros
23091 for (var k = 0; string[k] === LEADER && k < string.length - 1; ++k) {
23092 bytes.push(0)
23093 }
23094
23095 return Buffer.from(bytes.reverse())
23096 }
23097
23098 function decode (string) {
23099 var buffer = decodeUnsafe(string)
23100 if (buffer) return buffer
23101
23102 throw new Error('Non-base' + BASE + ' character')
23103 }
23104
23105 return {
23106 encode: encode,
23107 decodeUnsafe: decodeUnsafe,
23108 decode: decode
23109 }
23110}
23111
23112},{"safe-buffer":193}],152:[function(require,module,exports){
23113// (public) Constructor
23114function BigInteger(a, b, c) {
23115 if (!(this instanceof BigInteger))
23116 return new BigInteger(a, b, c)
23117
23118 if (a != null) {
23119 if ("number" == typeof a) this.fromNumber(a, b, c)
23120 else if (b == null && "string" != typeof a) this.fromString(a, 256)
23121 else this.fromString(a, b)
23122 }
23123}
23124
23125var proto = BigInteger.prototype
23126
23127// duck-typed isBigInteger
23128proto.__bigi = require('../package.json').version
23129BigInteger.isBigInteger = function (obj, check_ver) {
23130 return obj && obj.__bigi && (!check_ver || obj.__bigi === proto.__bigi)
23131}
23132
23133// Bits per digit
23134var dbits
23135
23136// am: Compute w_j += (x*this_i), propagate carries,
23137// c is initial carry, returns final carry.
23138// c < 3*dvalue, x < 2*dvalue, this_i < dvalue
23139// We need to select the fastest one that works in this environment.
23140
23141// am1: use a single mult and divide to get the high bits,
23142// max digit bits should be 26 because
23143// max internal value = 2*dvalue^2-2*dvalue (< 2^53)
23144function am1(i, x, w, j, c, n) {
23145 while (--n >= 0) {
23146 var v = x * this[i++] + w[j] + c
23147 c = Math.floor(v / 0x4000000)
23148 w[j++] = v & 0x3ffffff
23149 }
23150 return c
23151}
23152// am2 avoids a big mult-and-extract completely.
23153// Max digit bits should be <= 30 because we do bitwise ops
23154// on values up to 2*hdvalue^2-hdvalue-1 (< 2^31)
23155function am2(i, x, w, j, c, n) {
23156 var xl = x & 0x7fff,
23157 xh = x >> 15
23158 while (--n >= 0) {
23159 var l = this[i] & 0x7fff
23160 var h = this[i++] >> 15
23161 var m = xh * l + h * xl
23162 l = xl * l + ((m & 0x7fff) << 15) + w[j] + (c & 0x3fffffff)
23163 c = (l >>> 30) + (m >>> 15) + xh * h + (c >>> 30)
23164 w[j++] = l & 0x3fffffff
23165 }
23166 return c
23167}
23168// Alternately, set max digit bits to 28 since some
23169// browsers slow down when dealing with 32-bit numbers.
23170function am3(i, x, w, j, c, n) {
23171 var xl = x & 0x3fff,
23172 xh = x >> 14
23173 while (--n >= 0) {
23174 var l = this[i] & 0x3fff
23175 var h = this[i++] >> 14
23176 var m = xh * l + h * xl
23177 l = xl * l + ((m & 0x3fff) << 14) + w[j] + c
23178 c = (l >> 28) + (m >> 14) + xh * h
23179 w[j++] = l & 0xfffffff
23180 }
23181 return c
23182}
23183
23184// wtf?
23185BigInteger.prototype.am = am1
23186dbits = 26
23187
23188BigInteger.prototype.DB = dbits
23189BigInteger.prototype.DM = ((1 << dbits) - 1)
23190var DV = BigInteger.prototype.DV = (1 << dbits)
23191
23192var BI_FP = 52
23193BigInteger.prototype.FV = Math.pow(2, BI_FP)
23194BigInteger.prototype.F1 = BI_FP - dbits
23195BigInteger.prototype.F2 = 2 * dbits - BI_FP
23196
23197// Digit conversions
23198var BI_RM = "0123456789abcdefghijklmnopqrstuvwxyz"
23199var BI_RC = new Array()
23200var rr, vv
23201rr = "0".charCodeAt(0)
23202for (vv = 0; vv <= 9; ++vv) BI_RC[rr++] = vv
23203rr = "a".charCodeAt(0)
23204for (vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv
23205rr = "A".charCodeAt(0)
23206for (vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv
23207
23208function int2char(n) {
23209 return BI_RM.charAt(n)
23210}
23211
23212function intAt(s, i) {
23213 var c = BI_RC[s.charCodeAt(i)]
23214 return (c == null) ? -1 : c
23215}
23216
23217// (protected) copy this to r
23218function bnpCopyTo(r) {
23219 for (var i = this.t - 1; i >= 0; --i) r[i] = this[i]
23220 r.t = this.t
23221 r.s = this.s
23222}
23223
23224// (protected) set from integer value x, -DV <= x < DV
23225function bnpFromInt(x) {
23226 this.t = 1
23227 this.s = (x < 0) ? -1 : 0
23228 if (x > 0) this[0] = x
23229 else if (x < -1) this[0] = x + DV
23230 else this.t = 0
23231}
23232
23233// return bigint initialized to value
23234function nbv(i) {
23235 var r = new BigInteger()
23236 r.fromInt(i)
23237 return r
23238}
23239
23240// (protected) set from string and radix
23241function bnpFromString(s, b) {
23242 var self = this
23243
23244 var k
23245 if (b == 16) k = 4
23246 else if (b == 8) k = 3
23247 else if (b == 256) k = 8; // byte array
23248 else if (b == 2) k = 1
23249 else if (b == 32) k = 5
23250 else if (b == 4) k = 2
23251 else {
23252 self.fromRadix(s, b)
23253 return
23254 }
23255 self.t = 0
23256 self.s = 0
23257 var i = s.length,
23258 mi = false,
23259 sh = 0
23260 while (--i >= 0) {
23261 var x = (k == 8) ? s[i] & 0xff : intAt(s, i)
23262 if (x < 0) {
23263 if (s.charAt(i) == "-") mi = true
23264 continue
23265 }
23266 mi = false
23267 if (sh == 0)
23268 self[self.t++] = x
23269 else if (sh + k > self.DB) {
23270 self[self.t - 1] |= (x & ((1 << (self.DB - sh)) - 1)) << sh
23271 self[self.t++] = (x >> (self.DB - sh))
23272 } else
23273 self[self.t - 1] |= x << sh
23274 sh += k
23275 if (sh >= self.DB) sh -= self.DB
23276 }
23277 if (k == 8 && (s[0] & 0x80) != 0) {
23278 self.s = -1
23279 if (sh > 0) self[self.t - 1] |= ((1 << (self.DB - sh)) - 1) << sh
23280 }
23281 self.clamp()
23282 if (mi) BigInteger.ZERO.subTo(self, self)
23283}
23284
23285// (protected) clamp off excess high words
23286function bnpClamp() {
23287 var c = this.s & this.DM
23288 while (this.t > 0 && this[this.t - 1] == c)--this.t
23289}
23290
23291// (public) return string representation in given radix
23292function bnToString(b) {
23293 var self = this
23294 if (self.s < 0) return "-" + self.negate()
23295 .toString(b)
23296 var k
23297 if (b == 16) k = 4
23298 else if (b == 8) k = 3
23299 else if (b == 2) k = 1
23300 else if (b == 32) k = 5
23301 else if (b == 4) k = 2
23302 else return self.toRadix(b)
23303 var km = (1 << k) - 1,
23304 d, m = false,
23305 r = "",
23306 i = self.t
23307 var p = self.DB - (i * self.DB) % k
23308 if (i-- > 0) {
23309 if (p < self.DB && (d = self[i] >> p) > 0) {
23310 m = true
23311 r = int2char(d)
23312 }
23313 while (i >= 0) {
23314 if (p < k) {
23315 d = (self[i] & ((1 << p) - 1)) << (k - p)
23316 d |= self[--i] >> (p += self.DB - k)
23317 } else {
23318 d = (self[i] >> (p -= k)) & km
23319 if (p <= 0) {
23320 p += self.DB
23321 --i
23322 }
23323 }
23324 if (d > 0) m = true
23325 if (m) r += int2char(d)
23326 }
23327 }
23328 return m ? r : "0"
23329}
23330
23331// (public) -this
23332function bnNegate() {
23333 var r = new BigInteger()
23334 BigInteger.ZERO.subTo(this, r)
23335 return r
23336}
23337
23338// (public) |this|
23339function bnAbs() {
23340 return (this.s < 0) ? this.negate() : this
23341}
23342
23343// (public) return + if this > a, - if this < a, 0 if equal
23344function bnCompareTo(a) {
23345 var r = this.s - a.s
23346 if (r != 0) return r
23347 var i = this.t
23348 r = i - a.t
23349 if (r != 0) return (this.s < 0) ? -r : r
23350 while (--i >= 0)
23351 if ((r = this[i] - a[i]) != 0) return r
23352 return 0
23353}
23354
23355// returns bit length of the integer x
23356function nbits(x) {
23357 var r = 1,
23358 t
23359 if ((t = x >>> 16) != 0) {
23360 x = t
23361 r += 16
23362 }
23363 if ((t = x >> 8) != 0) {
23364 x = t
23365 r += 8
23366 }
23367 if ((t = x >> 4) != 0) {
23368 x = t
23369 r += 4
23370 }
23371 if ((t = x >> 2) != 0) {
23372 x = t
23373 r += 2
23374 }
23375 if ((t = x >> 1) != 0) {
23376 x = t
23377 r += 1
23378 }
23379 return r
23380}
23381
23382// (public) return the number of bits in "this"
23383function bnBitLength() {
23384 if (this.t <= 0) return 0
23385 return this.DB * (this.t - 1) + nbits(this[this.t - 1] ^ (this.s & this.DM))
23386}
23387
23388// (public) return the number of bytes in "this"
23389function bnByteLength() {
23390 return this.bitLength() >> 3
23391}
23392
23393// (protected) r = this << n*DB
23394function bnpDLShiftTo(n, r) {
23395 var i
23396 for (i = this.t - 1; i >= 0; --i) r[i + n] = this[i]
23397 for (i = n - 1; i >= 0; --i) r[i] = 0
23398 r.t = this.t + n
23399 r.s = this.s
23400}
23401
23402// (protected) r = this >> n*DB
23403function bnpDRShiftTo(n, r) {
23404 for (var i = n; i < this.t; ++i) r[i - n] = this[i]
23405 r.t = Math.max(this.t - n, 0)
23406 r.s = this.s
23407}
23408
23409// (protected) r = this << n
23410function bnpLShiftTo(n, r) {
23411 var self = this
23412 var bs = n % self.DB
23413 var cbs = self.DB - bs
23414 var bm = (1 << cbs) - 1
23415 var ds = Math.floor(n / self.DB),
23416 c = (self.s << bs) & self.DM,
23417 i
23418 for (i = self.t - 1; i >= 0; --i) {
23419 r[i + ds + 1] = (self[i] >> cbs) | c
23420 c = (self[i] & bm) << bs
23421 }
23422 for (i = ds - 1; i >= 0; --i) r[i] = 0
23423 r[ds] = c
23424 r.t = self.t + ds + 1
23425 r.s = self.s
23426 r.clamp()
23427}
23428
23429// (protected) r = this >> n
23430function bnpRShiftTo(n, r) {
23431 var self = this
23432 r.s = self.s
23433 var ds = Math.floor(n / self.DB)
23434 if (ds >= self.t) {
23435 r.t = 0
23436 return
23437 }
23438 var bs = n % self.DB
23439 var cbs = self.DB - bs
23440 var bm = (1 << bs) - 1
23441 r[0] = self[ds] >> bs
23442 for (var i = ds + 1; i < self.t; ++i) {
23443 r[i - ds - 1] |= (self[i] & bm) << cbs
23444 r[i - ds] = self[i] >> bs
23445 }
23446 if (bs > 0) r[self.t - ds - 1] |= (self.s & bm) << cbs
23447 r.t = self.t - ds
23448 r.clamp()
23449}
23450
23451// (protected) r = this - a
23452function bnpSubTo(a, r) {
23453 var self = this
23454 var i = 0,
23455 c = 0,
23456 m = Math.min(a.t, self.t)
23457 while (i < m) {
23458 c += self[i] - a[i]
23459 r[i++] = c & self.DM
23460 c >>= self.DB
23461 }
23462 if (a.t < self.t) {
23463 c -= a.s
23464 while (i < self.t) {
23465 c += self[i]
23466 r[i++] = c & self.DM
23467 c >>= self.DB
23468 }
23469 c += self.s
23470 } else {
23471 c += self.s
23472 while (i < a.t) {
23473 c -= a[i]
23474 r[i++] = c & self.DM
23475 c >>= self.DB
23476 }
23477 c -= a.s
23478 }
23479 r.s = (c < 0) ? -1 : 0
23480 if (c < -1) r[i++] = self.DV + c
23481 else if (c > 0) r[i++] = c
23482 r.t = i
23483 r.clamp()
23484}
23485
23486// (protected) r = this * a, r != this,a (HAC 14.12)
23487// "this" should be the larger one if appropriate.
23488function bnpMultiplyTo(a, r) {
23489 var x = this.abs(),
23490 y = a.abs()
23491 var i = x.t
23492 r.t = i + y.t
23493 while (--i >= 0) r[i] = 0
23494 for (i = 0; i < y.t; ++i) r[i + x.t] = x.am(0, y[i], r, i, 0, x.t)
23495 r.s = 0
23496 r.clamp()
23497 if (this.s != a.s) BigInteger.ZERO.subTo(r, r)
23498}
23499
23500// (protected) r = this^2, r != this (HAC 14.16)
23501function bnpSquareTo(r) {
23502 var x = this.abs()
23503 var i = r.t = 2 * x.t
23504 while (--i >= 0) r[i] = 0
23505 for (i = 0; i < x.t - 1; ++i) {
23506 var c = x.am(i, x[i], r, 2 * i, 0, 1)
23507 if ((r[i + x.t] += x.am(i + 1, 2 * x[i], r, 2 * i + 1, c, x.t - i - 1)) >= x.DV) {
23508 r[i + x.t] -= x.DV
23509 r[i + x.t + 1] = 1
23510 }
23511 }
23512 if (r.t > 0) r[r.t - 1] += x.am(i, x[i], r, 2 * i, 0, 1)
23513 r.s = 0
23514 r.clamp()
23515}
23516
23517// (protected) divide this by m, quotient and remainder to q, r (HAC 14.20)
23518// r != q, this != m. q or r may be null.
23519function bnpDivRemTo(m, q, r) {
23520 var self = this
23521 var pm = m.abs()
23522 if (pm.t <= 0) return
23523 var pt = self.abs()
23524 if (pt.t < pm.t) {
23525 if (q != null) q.fromInt(0)
23526 if (r != null) self.copyTo(r)
23527 return
23528 }
23529 if (r == null) r = new BigInteger()
23530 var y = new BigInteger(),
23531 ts = self.s,
23532 ms = m.s
23533 var nsh = self.DB - nbits(pm[pm.t - 1]); // normalize modulus
23534 if (nsh > 0) {
23535 pm.lShiftTo(nsh, y)
23536 pt.lShiftTo(nsh, r)
23537 } else {
23538 pm.copyTo(y)
23539 pt.copyTo(r)
23540 }
23541 var ys = y.t
23542 var y0 = y[ys - 1]
23543 if (y0 == 0) return
23544 var yt = y0 * (1 << self.F1) + ((ys > 1) ? y[ys - 2] >> self.F2 : 0)
23545 var d1 = self.FV / yt,
23546 d2 = (1 << self.F1) / yt,
23547 e = 1 << self.F2
23548 var i = r.t,
23549 j = i - ys,
23550 t = (q == null) ? new BigInteger() : q
23551 y.dlShiftTo(j, t)
23552 if (r.compareTo(t) >= 0) {
23553 r[r.t++] = 1
23554 r.subTo(t, r)
23555 }
23556 BigInteger.ONE.dlShiftTo(ys, t)
23557 t.subTo(y, y); // "negative" y so we can replace sub with am later
23558 while (y.t < ys) y[y.t++] = 0
23559 while (--j >= 0) {
23560 // Estimate quotient digit
23561 var qd = (r[--i] == y0) ? self.DM : Math.floor(r[i] * d1 + (r[i - 1] + e) * d2)
23562 if ((r[i] += y.am(0, qd, r, j, 0, ys)) < qd) { // Try it out
23563 y.dlShiftTo(j, t)
23564 r.subTo(t, r)
23565 while (r[i] < --qd) r.subTo(t, r)
23566 }
23567 }
23568 if (q != null) {
23569 r.drShiftTo(ys, q)
23570 if (ts != ms) BigInteger.ZERO.subTo(q, q)
23571 }
23572 r.t = ys
23573 r.clamp()
23574 if (nsh > 0) r.rShiftTo(nsh, r); // Denormalize remainder
23575 if (ts < 0) BigInteger.ZERO.subTo(r, r)
23576}
23577
23578// (public) this mod a
23579function bnMod(a) {
23580 var r = new BigInteger()
23581 this.abs()
23582 .divRemTo(a, null, r)
23583 if (this.s < 0 && r.compareTo(BigInteger.ZERO) > 0) a.subTo(r, r)
23584 return r
23585}
23586
23587// Modular reduction using "classic" algorithm
23588function Classic(m) {
23589 this.m = m
23590}
23591
23592function cConvert(x) {
23593 if (x.s < 0 || x.compareTo(this.m) >= 0) return x.mod(this.m)
23594 else return x
23595}
23596
23597function cRevert(x) {
23598 return x
23599}
23600
23601function cReduce(x) {
23602 x.divRemTo(this.m, null, x)
23603}
23604
23605function cMulTo(x, y, r) {
23606 x.multiplyTo(y, r)
23607 this.reduce(r)
23608}
23609
23610function cSqrTo(x, r) {
23611 x.squareTo(r)
23612 this.reduce(r)
23613}
23614
23615Classic.prototype.convert = cConvert
23616Classic.prototype.revert = cRevert
23617Classic.prototype.reduce = cReduce
23618Classic.prototype.mulTo = cMulTo
23619Classic.prototype.sqrTo = cSqrTo
23620
23621// (protected) return "-1/this % 2^DB"; useful for Mont. reduction
23622// justification:
23623// xy == 1 (mod m)
23624// xy = 1+km
23625// xy(2-xy) = (1+km)(1-km)
23626// x[y(2-xy)] = 1-k^2m^2
23627// x[y(2-xy)] == 1 (mod m^2)
23628// if y is 1/x mod m, then y(2-xy) is 1/x mod m^2
23629// should reduce x and y(2-xy) by m^2 at each step to keep size bounded.
23630// JS multiply "overflows" differently from C/C++, so care is needed here.
23631function bnpInvDigit() {
23632 if (this.t < 1) return 0
23633 var x = this[0]
23634 if ((x & 1) == 0) return 0
23635 var y = x & 3; // y == 1/x mod 2^2
23636 y = (y * (2 - (x & 0xf) * y)) & 0xf; // y == 1/x mod 2^4
23637 y = (y * (2 - (x & 0xff) * y)) & 0xff; // y == 1/x mod 2^8
23638 y = (y * (2 - (((x & 0xffff) * y) & 0xffff))) & 0xffff; // y == 1/x mod 2^16
23639 // last step - calculate inverse mod DV directly
23640 // assumes 16 < DB <= 32 and assumes ability to handle 48-bit ints
23641 y = (y * (2 - x * y % this.DV)) % this.DV; // y == 1/x mod 2^dbits
23642 // we really want the negative inverse, and -DV < y < DV
23643 return (y > 0) ? this.DV - y : -y
23644}
23645
23646// Montgomery reduction
23647function Montgomery(m) {
23648 this.m = m
23649 this.mp = m.invDigit()
23650 this.mpl = this.mp & 0x7fff
23651 this.mph = this.mp >> 15
23652 this.um = (1 << (m.DB - 15)) - 1
23653 this.mt2 = 2 * m.t
23654}
23655
23656// xR mod m
23657function montConvert(x) {
23658 var r = new BigInteger()
23659 x.abs()
23660 .dlShiftTo(this.m.t, r)
23661 r.divRemTo(this.m, null, r)
23662 if (x.s < 0 && r.compareTo(BigInteger.ZERO) > 0) this.m.subTo(r, r)
23663 return r
23664}
23665
23666// x/R mod m
23667function montRevert(x) {
23668 var r = new BigInteger()
23669 x.copyTo(r)
23670 this.reduce(r)
23671 return r
23672}
23673
23674// x = x/R mod m (HAC 14.32)
23675function montReduce(x) {
23676 while (x.t <= this.mt2) // pad x so am has enough room later
23677 x[x.t++] = 0
23678 for (var i = 0; i < this.m.t; ++i) {
23679 // faster way of calculating u0 = x[i]*mp mod DV
23680 var j = x[i] & 0x7fff
23681 var u0 = (j * this.mpl + (((j * this.mph + (x[i] >> 15) * this.mpl) & this.um) << 15)) & x.DM
23682 // use am to combine the multiply-shift-add into one call
23683 j = i + this.m.t
23684 x[j] += this.m.am(0, u0, x, i, 0, this.m.t)
23685 // propagate carry
23686 while (x[j] >= x.DV) {
23687 x[j] -= x.DV
23688 x[++j]++
23689 }
23690 }
23691 x.clamp()
23692 x.drShiftTo(this.m.t, x)
23693 if (x.compareTo(this.m) >= 0) x.subTo(this.m, x)
23694}
23695
23696// r = "x^2/R mod m"; x != r
23697function montSqrTo(x, r) {
23698 x.squareTo(r)
23699 this.reduce(r)
23700}
23701
23702// r = "xy/R mod m"; x,y != r
23703function montMulTo(x, y, r) {
23704 x.multiplyTo(y, r)
23705 this.reduce(r)
23706}
23707
23708Montgomery.prototype.convert = montConvert
23709Montgomery.prototype.revert = montRevert
23710Montgomery.prototype.reduce = montReduce
23711Montgomery.prototype.mulTo = montMulTo
23712Montgomery.prototype.sqrTo = montSqrTo
23713
23714// (protected) true iff this is even
23715function bnpIsEven() {
23716 return ((this.t > 0) ? (this[0] & 1) : this.s) == 0
23717}
23718
23719// (protected) this^e, e < 2^32, doing sqr and mul with "r" (HAC 14.79)
23720function bnpExp(e, z) {
23721 if (e > 0xffffffff || e < 1) return BigInteger.ONE
23722 var r = new BigInteger(),
23723 r2 = new BigInteger(),
23724 g = z.convert(this),
23725 i = nbits(e) - 1
23726 g.copyTo(r)
23727 while (--i >= 0) {
23728 z.sqrTo(r, r2)
23729 if ((e & (1 << i)) > 0) z.mulTo(r2, g, r)
23730 else {
23731 var t = r
23732 r = r2
23733 r2 = t
23734 }
23735 }
23736 return z.revert(r)
23737}
23738
23739// (public) this^e % m, 0 <= e < 2^32
23740function bnModPowInt(e, m) {
23741 var z
23742 if (e < 256 || m.isEven()) z = new Classic(m)
23743 else z = new Montgomery(m)
23744 return this.exp(e, z)
23745}
23746
23747// protected
23748proto.copyTo = bnpCopyTo
23749proto.fromInt = bnpFromInt
23750proto.fromString = bnpFromString
23751proto.clamp = bnpClamp
23752proto.dlShiftTo = bnpDLShiftTo
23753proto.drShiftTo = bnpDRShiftTo
23754proto.lShiftTo = bnpLShiftTo
23755proto.rShiftTo = bnpRShiftTo
23756proto.subTo = bnpSubTo
23757proto.multiplyTo = bnpMultiplyTo
23758proto.squareTo = bnpSquareTo
23759proto.divRemTo = bnpDivRemTo
23760proto.invDigit = bnpInvDigit
23761proto.isEven = bnpIsEven
23762proto.exp = bnpExp
23763
23764// public
23765proto.toString = bnToString
23766proto.negate = bnNegate
23767proto.abs = bnAbs
23768proto.compareTo = bnCompareTo
23769proto.bitLength = bnBitLength
23770proto.byteLength = bnByteLength
23771proto.mod = bnMod
23772proto.modPowInt = bnModPowInt
23773
23774// (public)
23775function bnClone() {
23776 var r = new BigInteger()
23777 this.copyTo(r)
23778 return r
23779}
23780
23781// (public) return value as integer
23782function bnIntValue() {
23783 if (this.s < 0) {
23784 if (this.t == 1) return this[0] - this.DV
23785 else if (this.t == 0) return -1
23786 } else if (this.t == 1) return this[0]
23787 else if (this.t == 0) return 0
23788 // assumes 16 < DB < 32
23789 return ((this[1] & ((1 << (32 - this.DB)) - 1)) << this.DB) | this[0]
23790}
23791
23792// (public) return value as byte
23793function bnByteValue() {
23794 return (this.t == 0) ? this.s : (this[0] << 24) >> 24
23795}
23796
23797// (public) return value as short (assumes DB>=16)
23798function bnShortValue() {
23799 return (this.t == 0) ? this.s : (this[0] << 16) >> 16
23800}
23801
23802// (protected) return x s.t. r^x < DV
23803function bnpChunkSize(r) {
23804 return Math.floor(Math.LN2 * this.DB / Math.log(r))
23805}
23806
23807// (public) 0 if this == 0, 1 if this > 0
23808function bnSigNum() {
23809 if (this.s < 0) return -1
23810 else if (this.t <= 0 || (this.t == 1 && this[0] <= 0)) return 0
23811 else return 1
23812}
23813
23814// (protected) convert to radix string
23815function bnpToRadix(b) {
23816 if (b == null) b = 10
23817 if (this.signum() == 0 || b < 2 || b > 36) return "0"
23818 var cs = this.chunkSize(b)
23819 var a = Math.pow(b, cs)
23820 var d = nbv(a),
23821 y = new BigInteger(),
23822 z = new BigInteger(),
23823 r = ""
23824 this.divRemTo(d, y, z)
23825 while (y.signum() > 0) {
23826 r = (a + z.intValue())
23827 .toString(b)
23828 .substr(1) + r
23829 y.divRemTo(d, y, z)
23830 }
23831 return z.intValue()
23832 .toString(b) + r
23833}
23834
23835// (protected) convert from radix string
23836function bnpFromRadix(s, b) {
23837 var self = this
23838 self.fromInt(0)
23839 if (b == null) b = 10
23840 var cs = self.chunkSize(b)
23841 var d = Math.pow(b, cs),
23842 mi = false,
23843 j = 0,
23844 w = 0
23845 for (var i = 0; i < s.length; ++i) {
23846 var x = intAt(s, i)
23847 if (x < 0) {
23848 if (s.charAt(i) == "-" && self.signum() == 0) mi = true
23849 continue
23850 }
23851 w = b * w + x
23852 if (++j >= cs) {
23853 self.dMultiply(d)
23854 self.dAddOffset(w, 0)
23855 j = 0
23856 w = 0
23857 }
23858 }
23859 if (j > 0) {
23860 self.dMultiply(Math.pow(b, j))
23861 self.dAddOffset(w, 0)
23862 }
23863 if (mi) BigInteger.ZERO.subTo(self, self)
23864}
23865
23866// (protected) alternate constructor
23867function bnpFromNumber(a, b, c) {
23868 var self = this
23869 if ("number" == typeof b) {
23870 // new BigInteger(int,int,RNG)
23871 if (a < 2) self.fromInt(1)
23872 else {
23873 self.fromNumber(a, c)
23874 if (!self.testBit(a - 1)) // force MSB set
23875 self.bitwiseTo(BigInteger.ONE.shiftLeft(a - 1), op_or, self)
23876 if (self.isEven()) self.dAddOffset(1, 0); // force odd
23877 while (!self.isProbablePrime(b)) {
23878 self.dAddOffset(2, 0)
23879 if (self.bitLength() > a) self.subTo(BigInteger.ONE.shiftLeft(a - 1), self)
23880 }
23881 }
23882 } else {
23883 // new BigInteger(int,RNG)
23884 var x = new Array(),
23885 t = a & 7
23886 x.length = (a >> 3) + 1
23887 b.nextBytes(x)
23888 if (t > 0) x[0] &= ((1 << t) - 1)
23889 else x[0] = 0
23890 self.fromString(x, 256)
23891 }
23892}
23893
23894// (public) convert to bigendian byte array
23895function bnToByteArray() {
23896 var self = this
23897 var i = self.t,
23898 r = new Array()
23899 r[0] = self.s
23900 var p = self.DB - (i * self.DB) % 8,
23901 d, k = 0
23902 if (i-- > 0) {
23903 if (p < self.DB && (d = self[i] >> p) != (self.s & self.DM) >> p)
23904 r[k++] = d | (self.s << (self.DB - p))
23905 while (i >= 0) {
23906 if (p < 8) {
23907 d = (self[i] & ((1 << p) - 1)) << (8 - p)
23908 d |= self[--i] >> (p += self.DB - 8)
23909 } else {
23910 d = (self[i] >> (p -= 8)) & 0xff
23911 if (p <= 0) {
23912 p += self.DB
23913 --i
23914 }
23915 }
23916 if ((d & 0x80) != 0) d |= -256
23917 if (k === 0 && (self.s & 0x80) != (d & 0x80))++k
23918 if (k > 0 || d != self.s) r[k++] = d
23919 }
23920 }
23921 return r
23922}
23923
23924function bnEquals(a) {
23925 return (this.compareTo(a) == 0)
23926}
23927
23928function bnMin(a) {
23929 return (this.compareTo(a) < 0) ? this : a
23930}
23931
23932function bnMax(a) {
23933 return (this.compareTo(a) > 0) ? this : a
23934}
23935
23936// (protected) r = this op a (bitwise)
23937function bnpBitwiseTo(a, op, r) {
23938 var self = this
23939 var i, f, m = Math.min(a.t, self.t)
23940 for (i = 0; i < m; ++i) r[i] = op(self[i], a[i])
23941 if (a.t < self.t) {
23942 f = a.s & self.DM
23943 for (i = m; i < self.t; ++i) r[i] = op(self[i], f)
23944 r.t = self.t
23945 } else {
23946 f = self.s & self.DM
23947 for (i = m; i < a.t; ++i) r[i] = op(f, a[i])
23948 r.t = a.t
23949 }
23950 r.s = op(self.s, a.s)
23951 r.clamp()
23952}
23953
23954// (public) this & a
23955function op_and(x, y) {
23956 return x & y
23957}
23958
23959function bnAnd(a) {
23960 var r = new BigInteger()
23961 this.bitwiseTo(a, op_and, r)
23962 return r
23963}
23964
23965// (public) this | a
23966function op_or(x, y) {
23967 return x | y
23968}
23969
23970function bnOr(a) {
23971 var r = new BigInteger()
23972 this.bitwiseTo(a, op_or, r)
23973 return r
23974}
23975
23976// (public) this ^ a
23977function op_xor(x, y) {
23978 return x ^ y
23979}
23980
23981function bnXor(a) {
23982 var r = new BigInteger()
23983 this.bitwiseTo(a, op_xor, r)
23984 return r
23985}
23986
23987// (public) this & ~a
23988function op_andnot(x, y) {
23989 return x & ~y
23990}
23991
23992function bnAndNot(a) {
23993 var r = new BigInteger()
23994 this.bitwiseTo(a, op_andnot, r)
23995 return r
23996}
23997
23998// (public) ~this
23999function bnNot() {
24000 var r = new BigInteger()
24001 for (var i = 0; i < this.t; ++i) r[i] = this.DM & ~this[i]
24002 r.t = this.t
24003 r.s = ~this.s
24004 return r
24005}
24006
24007// (public) this << n
24008function bnShiftLeft(n) {
24009 var r = new BigInteger()
24010 if (n < 0) this.rShiftTo(-n, r)
24011 else this.lShiftTo(n, r)
24012 return r
24013}
24014
24015// (public) this >> n
24016function bnShiftRight(n) {
24017 var r = new BigInteger()
24018 if (n < 0) this.lShiftTo(-n, r)
24019 else this.rShiftTo(n, r)
24020 return r
24021}
24022
24023// return index of lowest 1-bit in x, x < 2^31
24024function lbit(x) {
24025 if (x == 0) return -1
24026 var r = 0
24027 if ((x & 0xffff) == 0) {
24028 x >>= 16
24029 r += 16
24030 }
24031 if ((x & 0xff) == 0) {
24032 x >>= 8
24033 r += 8
24034 }
24035 if ((x & 0xf) == 0) {
24036 x >>= 4
24037 r += 4
24038 }
24039 if ((x & 3) == 0) {
24040 x >>= 2
24041 r += 2
24042 }
24043 if ((x & 1) == 0)++r
24044 return r
24045}
24046
24047// (public) returns index of lowest 1-bit (or -1 if none)
24048function bnGetLowestSetBit() {
24049 for (var i = 0; i < this.t; ++i)
24050 if (this[i] != 0) return i * this.DB + lbit(this[i])
24051 if (this.s < 0) return this.t * this.DB
24052 return -1
24053}
24054
24055// return number of 1 bits in x
24056function cbit(x) {
24057 var r = 0
24058 while (x != 0) {
24059 x &= x - 1
24060 ++r
24061 }
24062 return r
24063}
24064
24065// (public) return number of set bits
24066function bnBitCount() {
24067 var r = 0,
24068 x = this.s & this.DM
24069 for (var i = 0; i < this.t; ++i) r += cbit(this[i] ^ x)
24070 return r
24071}
24072
24073// (public) true iff nth bit is set
24074function bnTestBit(n) {
24075 var j = Math.floor(n / this.DB)
24076 if (j >= this.t) return (this.s != 0)
24077 return ((this[j] & (1 << (n % this.DB))) != 0)
24078}
24079
24080// (protected) this op (1<<n)
24081function bnpChangeBit(n, op) {
24082 var r = BigInteger.ONE.shiftLeft(n)
24083 this.bitwiseTo(r, op, r)
24084 return r
24085}
24086
24087// (public) this | (1<<n)
24088function bnSetBit(n) {
24089 return this.changeBit(n, op_or)
24090}
24091
24092// (public) this & ~(1<<n)
24093function bnClearBit(n) {
24094 return this.changeBit(n, op_andnot)
24095}
24096
24097// (public) this ^ (1<<n)
24098function bnFlipBit(n) {
24099 return this.changeBit(n, op_xor)
24100}
24101
24102// (protected) r = this + a
24103function bnpAddTo(a, r) {
24104 var self = this
24105
24106 var i = 0,
24107 c = 0,
24108 m = Math.min(a.t, self.t)
24109 while (i < m) {
24110 c += self[i] + a[i]
24111 r[i++] = c & self.DM
24112 c >>= self.DB
24113 }
24114 if (a.t < self.t) {
24115 c += a.s
24116 while (i < self.t) {
24117 c += self[i]
24118 r[i++] = c & self.DM
24119 c >>= self.DB
24120 }
24121 c += self.s
24122 } else {
24123 c += self.s
24124 while (i < a.t) {
24125 c += a[i]
24126 r[i++] = c & self.DM
24127 c >>= self.DB
24128 }
24129 c += a.s
24130 }
24131 r.s = (c < 0) ? -1 : 0
24132 if (c > 0) r[i++] = c
24133 else if (c < -1) r[i++] = self.DV + c
24134 r.t = i
24135 r.clamp()
24136}
24137
24138// (public) this + a
24139function bnAdd(a) {
24140 var r = new BigInteger()
24141 this.addTo(a, r)
24142 return r
24143}
24144
24145// (public) this - a
24146function bnSubtract(a) {
24147 var r = new BigInteger()
24148 this.subTo(a, r)
24149 return r
24150}
24151
24152// (public) this * a
24153function bnMultiply(a) {
24154 var r = new BigInteger()
24155 this.multiplyTo(a, r)
24156 return r
24157}
24158
24159// (public) this^2
24160function bnSquare() {
24161 var r = new BigInteger()
24162 this.squareTo(r)
24163 return r
24164}
24165
24166// (public) this / a
24167function bnDivide(a) {
24168 var r = new BigInteger()
24169 this.divRemTo(a, r, null)
24170 return r
24171}
24172
24173// (public) this % a
24174function bnRemainder(a) {
24175 var r = new BigInteger()
24176 this.divRemTo(a, null, r)
24177 return r
24178}
24179
24180// (public) [this/a,this%a]
24181function bnDivideAndRemainder(a) {
24182 var q = new BigInteger(),
24183 r = new BigInteger()
24184 this.divRemTo(a, q, r)
24185 return new Array(q, r)
24186}
24187
24188// (protected) this *= n, this >= 0, 1 < n < DV
24189function bnpDMultiply(n) {
24190 this[this.t] = this.am(0, n - 1, this, 0, 0, this.t)
24191 ++this.t
24192 this.clamp()
24193}
24194
24195// (protected) this += n << w words, this >= 0
24196function bnpDAddOffset(n, w) {
24197 if (n == 0) return
24198 while (this.t <= w) this[this.t++] = 0
24199 this[w] += n
24200 while (this[w] >= this.DV) {
24201 this[w] -= this.DV
24202 if (++w >= this.t) this[this.t++] = 0
24203 ++this[w]
24204 }
24205}
24206
24207// A "null" reducer
24208function NullExp() {}
24209
24210function nNop(x) {
24211 return x
24212}
24213
24214function nMulTo(x, y, r) {
24215 x.multiplyTo(y, r)
24216}
24217
24218function nSqrTo(x, r) {
24219 x.squareTo(r)
24220}
24221
24222NullExp.prototype.convert = nNop
24223NullExp.prototype.revert = nNop
24224NullExp.prototype.mulTo = nMulTo
24225NullExp.prototype.sqrTo = nSqrTo
24226
24227// (public) this^e
24228function bnPow(e) {
24229 return this.exp(e, new NullExp())
24230}
24231
24232// (protected) r = lower n words of "this * a", a.t <= n
24233// "this" should be the larger one if appropriate.
24234function bnpMultiplyLowerTo(a, n, r) {
24235 var i = Math.min(this.t + a.t, n)
24236 r.s = 0; // assumes a,this >= 0
24237 r.t = i
24238 while (i > 0) r[--i] = 0
24239 var j
24240 for (j = r.t - this.t; i < j; ++i) r[i + this.t] = this.am(0, a[i], r, i, 0, this.t)
24241 for (j = Math.min(a.t, n); i < j; ++i) this.am(0, a[i], r, i, 0, n - i)
24242 r.clamp()
24243}
24244
24245// (protected) r = "this * a" without lower n words, n > 0
24246// "this" should be the larger one if appropriate.
24247function bnpMultiplyUpperTo(a, n, r) {
24248 --n
24249 var i = r.t = this.t + a.t - n
24250 r.s = 0; // assumes a,this >= 0
24251 while (--i >= 0) r[i] = 0
24252 for (i = Math.max(n - this.t, 0); i < a.t; ++i)
24253 r[this.t + i - n] = this.am(n - i, a[i], r, 0, 0, this.t + i - n)
24254 r.clamp()
24255 r.drShiftTo(1, r)
24256}
24257
24258// Barrett modular reduction
24259function Barrett(m) {
24260 // setup Barrett
24261 this.r2 = new BigInteger()
24262 this.q3 = new BigInteger()
24263 BigInteger.ONE.dlShiftTo(2 * m.t, this.r2)
24264 this.mu = this.r2.divide(m)
24265 this.m = m
24266}
24267
24268function barrettConvert(x) {
24269 if (x.s < 0 || x.t > 2 * this.m.t) return x.mod(this.m)
24270 else if (x.compareTo(this.m) < 0) return x
24271 else {
24272 var r = new BigInteger()
24273 x.copyTo(r)
24274 this.reduce(r)
24275 return r
24276 }
24277}
24278
24279function barrettRevert(x) {
24280 return x
24281}
24282
24283// x = x mod m (HAC 14.42)
24284function barrettReduce(x) {
24285 var self = this
24286 x.drShiftTo(self.m.t - 1, self.r2)
24287 if (x.t > self.m.t + 1) {
24288 x.t = self.m.t + 1
24289 x.clamp()
24290 }
24291 self.mu.multiplyUpperTo(self.r2, self.m.t + 1, self.q3)
24292 self.m.multiplyLowerTo(self.q3, self.m.t + 1, self.r2)
24293 while (x.compareTo(self.r2) < 0) x.dAddOffset(1, self.m.t + 1)
24294 x.subTo(self.r2, x)
24295 while (x.compareTo(self.m) >= 0) x.subTo(self.m, x)
24296}
24297
24298// r = x^2 mod m; x != r
24299function barrettSqrTo(x, r) {
24300 x.squareTo(r)
24301 this.reduce(r)
24302}
24303
24304// r = x*y mod m; x,y != r
24305function barrettMulTo(x, y, r) {
24306 x.multiplyTo(y, r)
24307 this.reduce(r)
24308}
24309
24310Barrett.prototype.convert = barrettConvert
24311Barrett.prototype.revert = barrettRevert
24312Barrett.prototype.reduce = barrettReduce
24313Barrett.prototype.mulTo = barrettMulTo
24314Barrett.prototype.sqrTo = barrettSqrTo
24315
24316// (public) this^e % m (HAC 14.85)
24317function bnModPow(e, m) {
24318 var i = e.bitLength(),
24319 k, r = nbv(1),
24320 z
24321 if (i <= 0) return r
24322 else if (i < 18) k = 1
24323 else if (i < 48) k = 3
24324 else if (i < 144) k = 4
24325 else if (i < 768) k = 5
24326 else k = 6
24327 if (i < 8)
24328 z = new Classic(m)
24329 else if (m.isEven())
24330 z = new Barrett(m)
24331 else
24332 z = new Montgomery(m)
24333
24334 // precomputation
24335 var g = new Array(),
24336 n = 3,
24337 k1 = k - 1,
24338 km = (1 << k) - 1
24339 g[1] = z.convert(this)
24340 if (k > 1) {
24341 var g2 = new BigInteger()
24342 z.sqrTo(g[1], g2)
24343 while (n <= km) {
24344 g[n] = new BigInteger()
24345 z.mulTo(g2, g[n - 2], g[n])
24346 n += 2
24347 }
24348 }
24349
24350 var j = e.t - 1,
24351 w, is1 = true,
24352 r2 = new BigInteger(),
24353 t
24354 i = nbits(e[j]) - 1
24355 while (j >= 0) {
24356 if (i >= k1) w = (e[j] >> (i - k1)) & km
24357 else {
24358 w = (e[j] & ((1 << (i + 1)) - 1)) << (k1 - i)
24359 if (j > 0) w |= e[j - 1] >> (this.DB + i - k1)
24360 }
24361
24362 n = k
24363 while ((w & 1) == 0) {
24364 w >>= 1
24365 --n
24366 }
24367 if ((i -= n) < 0) {
24368 i += this.DB
24369 --j
24370 }
24371 if (is1) { // ret == 1, don't bother squaring or multiplying it
24372 g[w].copyTo(r)
24373 is1 = false
24374 } else {
24375 while (n > 1) {
24376 z.sqrTo(r, r2)
24377 z.sqrTo(r2, r)
24378 n -= 2
24379 }
24380 if (n > 0) z.sqrTo(r, r2)
24381 else {
24382 t = r
24383 r = r2
24384 r2 = t
24385 }
24386 z.mulTo(r2, g[w], r)
24387 }
24388
24389 while (j >= 0 && (e[j] & (1 << i)) == 0) {
24390 z.sqrTo(r, r2)
24391 t = r
24392 r = r2
24393 r2 = t
24394 if (--i < 0) {
24395 i = this.DB - 1
24396 --j
24397 }
24398 }
24399 }
24400 return z.revert(r)
24401}
24402
24403// (public) gcd(this,a) (HAC 14.54)
24404function bnGCD(a) {
24405 var x = (this.s < 0) ? this.negate() : this.clone()
24406 var y = (a.s < 0) ? a.negate() : a.clone()
24407 if (x.compareTo(y) < 0) {
24408 var t = x
24409 x = y
24410 y = t
24411 }
24412 var i = x.getLowestSetBit(),
24413 g = y.getLowestSetBit()
24414 if (g < 0) return x
24415 if (i < g) g = i
24416 if (g > 0) {
24417 x.rShiftTo(g, x)
24418 y.rShiftTo(g, y)
24419 }
24420 while (x.signum() > 0) {
24421 if ((i = x.getLowestSetBit()) > 0) x.rShiftTo(i, x)
24422 if ((i = y.getLowestSetBit()) > 0) y.rShiftTo(i, y)
24423 if (x.compareTo(y) >= 0) {
24424 x.subTo(y, x)
24425 x.rShiftTo(1, x)
24426 } else {
24427 y.subTo(x, y)
24428 y.rShiftTo(1, y)
24429 }
24430 }
24431 if (g > 0) y.lShiftTo(g, y)
24432 return y
24433}
24434
24435// (protected) this % n, n < 2^26
24436function bnpModInt(n) {
24437 if (n <= 0) return 0
24438 var d = this.DV % n,
24439 r = (this.s < 0) ? n - 1 : 0
24440 if (this.t > 0)
24441 if (d == 0) r = this[0] % n
24442 else
24443 for (var i = this.t - 1; i >= 0; --i) r = (d * r + this[i]) % n
24444 return r
24445}
24446
24447// (public) 1/this % m (HAC 14.61)
24448function bnModInverse(m) {
24449 var ac = m.isEven()
24450 if (this.signum() === 0) throw new Error('division by zero')
24451 if ((this.isEven() && ac) || m.signum() == 0) return BigInteger.ZERO
24452 var u = m.clone(),
24453 v = this.clone()
24454 var a = nbv(1),
24455 b = nbv(0),
24456 c = nbv(0),
24457 d = nbv(1)
24458 while (u.signum() != 0) {
24459 while (u.isEven()) {
24460 u.rShiftTo(1, u)
24461 if (ac) {
24462 if (!a.isEven() || !b.isEven()) {
24463 a.addTo(this, a)
24464 b.subTo(m, b)
24465 }
24466 a.rShiftTo(1, a)
24467 } else if (!b.isEven()) b.subTo(m, b)
24468 b.rShiftTo(1, b)
24469 }
24470 while (v.isEven()) {
24471 v.rShiftTo(1, v)
24472 if (ac) {
24473 if (!c.isEven() || !d.isEven()) {
24474 c.addTo(this, c)
24475 d.subTo(m, d)
24476 }
24477 c.rShiftTo(1, c)
24478 } else if (!d.isEven()) d.subTo(m, d)
24479 d.rShiftTo(1, d)
24480 }
24481 if (u.compareTo(v) >= 0) {
24482 u.subTo(v, u)
24483 if (ac) a.subTo(c, a)
24484 b.subTo(d, b)
24485 } else {
24486 v.subTo(u, v)
24487 if (ac) c.subTo(a, c)
24488 d.subTo(b, d)
24489 }
24490 }
24491 if (v.compareTo(BigInteger.ONE) != 0) return BigInteger.ZERO
24492 while (d.compareTo(m) >= 0) d.subTo(m, d)
24493 while (d.signum() < 0) d.addTo(m, d)
24494 return d
24495}
24496
24497var lowprimes = [
24498 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
24499 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151,
24500 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, 229, 233,
24501 239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307, 311, 313, 317,
24502 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, 389, 397, 401, 409, 419,
24503 421, 431, 433, 439, 443, 449, 457, 461, 463, 467, 479, 487, 491, 499, 503,
24504 509, 521, 523, 541, 547, 557, 563, 569, 571, 577, 587, 593, 599, 601, 607,
24505 613, 617, 619, 631, 641, 643, 647, 653, 659, 661, 673, 677, 683, 691, 701,
24506 709, 719, 727, 733, 739, 743, 751, 757, 761, 769, 773, 787, 797, 809, 811,
24507 821, 823, 827, 829, 839, 853, 857, 859, 863, 877, 881, 883, 887, 907, 911,
24508 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, 991, 997
24509]
24510
24511var lplim = (1 << 26) / lowprimes[lowprimes.length - 1]
24512
24513// (public) test primality with certainty >= 1-.5^t
24514function bnIsProbablePrime(t) {
24515 var i, x = this.abs()
24516 if (x.t == 1 && x[0] <= lowprimes[lowprimes.length - 1]) {
24517 for (i = 0; i < lowprimes.length; ++i)
24518 if (x[0] == lowprimes[i]) return true
24519 return false
24520 }
24521 if (x.isEven()) return false
24522 i = 1
24523 while (i < lowprimes.length) {
24524 var m = lowprimes[i],
24525 j = i + 1
24526 while (j < lowprimes.length && m < lplim) m *= lowprimes[j++]
24527 m = x.modInt(m)
24528 while (i < j) if (m % lowprimes[i++] == 0) return false
24529 }
24530 return x.millerRabin(t)
24531}
24532
24533// (protected) true if probably prime (HAC 4.24, Miller-Rabin)
24534function bnpMillerRabin(t) {
24535 var n1 = this.subtract(BigInteger.ONE)
24536 var k = n1.getLowestSetBit()
24537 if (k <= 0) return false
24538 var r = n1.shiftRight(k)
24539 t = (t + 1) >> 1
24540 if (t > lowprimes.length) t = lowprimes.length
24541 var a = new BigInteger(null)
24542 var j, bases = []
24543 for (var i = 0; i < t; ++i) {
24544 for (;;) {
24545 j = lowprimes[Math.floor(Math.random() * lowprimes.length)]
24546 if (bases.indexOf(j) == -1) break
24547 }
24548 bases.push(j)
24549 a.fromInt(j)
24550 var y = a.modPow(r, this)
24551 if (y.compareTo(BigInteger.ONE) != 0 && y.compareTo(n1) != 0) {
24552 var j = 1
24553 while (j++ < k && y.compareTo(n1) != 0) {
24554 y = y.modPowInt(2, this)
24555 if (y.compareTo(BigInteger.ONE) == 0) return false
24556 }
24557 if (y.compareTo(n1) != 0) return false
24558 }
24559 }
24560 return true
24561}
24562
24563// protected
24564proto.chunkSize = bnpChunkSize
24565proto.toRadix = bnpToRadix
24566proto.fromRadix = bnpFromRadix
24567proto.fromNumber = bnpFromNumber
24568proto.bitwiseTo = bnpBitwiseTo
24569proto.changeBit = bnpChangeBit
24570proto.addTo = bnpAddTo
24571proto.dMultiply = bnpDMultiply
24572proto.dAddOffset = bnpDAddOffset
24573proto.multiplyLowerTo = bnpMultiplyLowerTo
24574proto.multiplyUpperTo = bnpMultiplyUpperTo
24575proto.modInt = bnpModInt
24576proto.millerRabin = bnpMillerRabin
24577
24578// public
24579proto.clone = bnClone
24580proto.intValue = bnIntValue
24581proto.byteValue = bnByteValue
24582proto.shortValue = bnShortValue
24583proto.signum = bnSigNum
24584proto.toByteArray = bnToByteArray
24585proto.equals = bnEquals
24586proto.min = bnMin
24587proto.max = bnMax
24588proto.and = bnAnd
24589proto.or = bnOr
24590proto.xor = bnXor
24591proto.andNot = bnAndNot
24592proto.not = bnNot
24593proto.shiftLeft = bnShiftLeft
24594proto.shiftRight = bnShiftRight
24595proto.getLowestSetBit = bnGetLowestSetBit
24596proto.bitCount = bnBitCount
24597proto.testBit = bnTestBit
24598proto.setBit = bnSetBit
24599proto.clearBit = bnClearBit
24600proto.flipBit = bnFlipBit
24601proto.add = bnAdd
24602proto.subtract = bnSubtract
24603proto.multiply = bnMultiply
24604proto.divide = bnDivide
24605proto.remainder = bnRemainder
24606proto.divideAndRemainder = bnDivideAndRemainder
24607proto.modPow = bnModPow
24608proto.modInverse = bnModInverse
24609proto.pow = bnPow
24610proto.gcd = bnGCD
24611proto.isProbablePrime = bnIsProbablePrime
24612
24613// JSBN-specific extension
24614proto.square = bnSquare
24615
24616// constants
24617BigInteger.ZERO = nbv(0)
24618BigInteger.ONE = nbv(1)
24619BigInteger.valueOf = nbv
24620
24621module.exports = BigInteger
24622
24623},{"../package.json":155}],153:[function(require,module,exports){
24624(function (Buffer){
24625// FIXME: Kind of a weird way to throw exceptions, consider removing
24626var assert = require('assert')
24627var BigInteger = require('./bigi')
24628
24629/**
24630 * Turns a byte array into a big integer.
24631 *
24632 * This function will interpret a byte array as a big integer in big
24633 * endian notation.
24634 */
24635BigInteger.fromByteArrayUnsigned = function(byteArray) {
24636 // BigInteger expects a DER integer conformant byte array
24637 if (byteArray[0] & 0x80) {
24638 return new BigInteger([0].concat(byteArray))
24639 }
24640
24641 return new BigInteger(byteArray)
24642}
24643
24644/**
24645 * Returns a byte array representation of the big integer.
24646 *
24647 * This returns the absolute of the contained value in big endian
24648 * form. A value of zero results in an empty array.
24649 */
24650BigInteger.prototype.toByteArrayUnsigned = function() {
24651 var byteArray = this.toByteArray()
24652 return byteArray[0] === 0 ? byteArray.slice(1) : byteArray
24653}
24654
24655BigInteger.fromDERInteger = function(byteArray) {
24656 return new BigInteger(byteArray)
24657}
24658
24659/*
24660 * Converts BigInteger to a DER integer representation.
24661 *
24662 * The format for this value uses the most significant bit as a sign
24663 * bit. If the most significant bit is already set and the integer is
24664 * positive, a 0x00 is prepended.
24665 *
24666 * Examples:
24667 *
24668 * 0 => 0x00
24669 * 1 => 0x01
24670 * -1 => 0xff
24671 * 127 => 0x7f
24672 * -127 => 0x81
24673 * 128 => 0x0080
24674 * -128 => 0x80
24675 * 255 => 0x00ff
24676 * -255 => 0xff01
24677 * 16300 => 0x3fac
24678 * -16300 => 0xc054
24679 * 62300 => 0x00f35c
24680 * -62300 => 0xff0ca4
24681*/
24682BigInteger.prototype.toDERInteger = BigInteger.prototype.toByteArray
24683
24684BigInteger.fromBuffer = function(buffer) {
24685 // BigInteger expects a DER integer conformant byte array
24686 if (buffer[0] & 0x80) {
24687 var byteArray = Array.prototype.slice.call(buffer)
24688
24689 return new BigInteger([0].concat(byteArray))
24690 }
24691
24692 return new BigInteger(buffer)
24693}
24694
24695BigInteger.fromHex = function(hex) {
24696 if (hex === '') return BigInteger.ZERO
24697
24698 assert.equal(hex, hex.match(/^[A-Fa-f0-9]+/), 'Invalid hex string')
24699 assert.equal(hex.length % 2, 0, 'Incomplete hex')
24700 return new BigInteger(hex, 16)
24701}
24702
24703BigInteger.prototype.toBuffer = function(size) {
24704 var byteArray = this.toByteArrayUnsigned()
24705 var zeros = []
24706
24707 var padding = size - byteArray.length
24708 while (zeros.length < padding) zeros.push(0)
24709
24710 return new Buffer(zeros.concat(byteArray))
24711}
24712
24713BigInteger.prototype.toHex = function(size) {
24714 return this.toBuffer(size).toString('hex')
24715}
24716
24717}).call(this,require("buffer").Buffer)
24718},{"./bigi":152,"assert":15,"buffer":47}],154:[function(require,module,exports){
24719var BigInteger = require('./bigi')
24720
24721//addons
24722require('./convert')
24723
24724module.exports = BigInteger
24725},{"./bigi":152,"./convert":153}],155:[function(require,module,exports){
24726module.exports={
24727 "_args": [
24728 [
24729 "bigi@^1.2.0",
24730 "/home/ian/git/bitcoin/bitcoinjs-bip38"
24731 ]
24732 ],
24733 "_from": "bigi@>=1.2.0 <2.0.0",
24734 "_id": "bigi@1.4.2",
24735 "_inCache": true,
24736 "_installable": true,
24737 "_location": "/bigi",
24738 "_nodeVersion": "6.1.0",
24739 "_npmOperationalInternal": {
24740 "host": "packages-12-west.internal.npmjs.com",
24741 "tmp": "tmp/bigi-1.4.2.tgz_1469584192413_0.6801238611806184"
24742 },
24743 "_npmUser": {
24744 "email": "jprichardson@gmail.com",
24745 "name": "jprichardson"
24746 },
24747 "_npmVersion": "3.8.6",
24748 "_phantomChildren": {},
24749 "_requested": {
24750 "name": "bigi",
24751 "raw": "bigi@^1.2.0",
24752 "rawSpec": "^1.2.0",
24753 "scope": null,
24754 "spec": ">=1.2.0 <2.0.0",
24755 "type": "range"
24756 },
24757 "_requiredBy": [
24758 "/",
24759 "/ecurve"
24760 ],
24761 "_resolved": "https://registry.npmjs.org/bigi/-/bigi-1.4.2.tgz",
24762 "_shasum": "9c665a95f88b8b08fc05cfd731f561859d725825",
24763 "_shrinkwrap": null,
24764 "_spec": "bigi@^1.2.0",
24765 "_where": "/home/ian/git/bitcoin/bitcoinjs-bip38",
24766 "bugs": {
24767 "url": "https://github.com/cryptocoinjs/bigi/issues"
24768 },
24769 "dependencies": {},
24770 "description": "Big integers.",
24771 "devDependencies": {
24772 "coveralls": "^2.11.2",
24773 "istanbul": "^0.3.5",
24774 "jshint": "^2.5.1",
24775 "mocha": "^2.1.0",
24776 "mochify": "^2.1.0"
24777 },
24778 "directories": {},
24779 "dist": {
24780 "shasum": "9c665a95f88b8b08fc05cfd731f561859d725825",
24781 "tarball": "https://registry.npmjs.org/bigi/-/bigi-1.4.2.tgz"
24782 },
24783 "gitHead": "c25308081c896ff84702303722bf5ecd8b3f78e3",
24784 "homepage": "https://github.com/cryptocoinjs/bigi#readme",
24785 "keywords": [
24786 "cryptography",
24787 "math",
24788 "bitcoin",
24789 "arbitrary",
24790 "precision",
24791 "arithmetic",
24792 "big",
24793 "integer",
24794 "int",
24795 "number",
24796 "biginteger",
24797 "bigint",
24798 "bignumber",
24799 "decimal",
24800 "float"
24801 ],
24802 "main": "./lib/index.js",
24803 "maintainers": [
24804 {
24805 "email": "boydb@midnightdesign.ws",
24806 "name": "midnightlightning"
24807 },
24808 {
24809 "email": "sidazhang89@gmail.com",
24810 "name": "sidazhang"
24811 },
24812 {
24813 "email": "npm@shesek.info",
24814 "name": "nadav"
24815 },
24816 {
24817 "email": "jprichardson@gmail.com",
24818 "name": "jprichardson"
24819 }
24820 ],
24821 "name": "bigi",
24822 "optionalDependencies": {},
24823 "readme": "ERROR: No README data found!",
24824 "repository": {
24825 "type": "git",
24826 "url": "git+https://github.com/cryptocoinjs/bigi.git"
24827 },
24828 "scripts": {
24829 "browser-test": "mochify --wd -R spec",
24830 "coverage": "istanbul cover ./node_modules/.bin/_mocha -- --reporter list test/*.js",
24831 "coveralls": "npm run-script coverage && node ./node_modules/.bin/coveralls < coverage/lcov.info",
24832 "jshint": "jshint --config jshint.json lib/*.js ; true",
24833 "test": "_mocha -- test/*.js",
24834 "unit": "mocha"
24835 },
24836 "testling": {
24837 "browsers": [
24838 "ie/9..latest",
24839 "firefox/latest",
24840 "chrome/latest",
24841 "safari/6.0..latest",
24842 "iphone/6.0..latest",
24843 "android-browser/4.2..latest"
24844 ],
24845 "files": "test/*.js",
24846 "harness": "mocha"
24847 },
24848 "version": "1.4.2"
24849}
24850
24851},{}],156:[function(require,module,exports){
24852// based on the aes implimentation in triple sec
24853// https://github.com/keybase/triplesec
24854// which is in turn based on the one from crypto-js
24855// https://code.google.com/p/crypto-js/
24856
24857var Buffer = require('safe-buffer').Buffer
24858
24859function asUInt32Array (buf) {
24860 if (!Buffer.isBuffer(buf)) buf = Buffer.from(buf)
24861
24862 var len = (buf.length / 4) | 0
24863 var out = new Array(len)
24864
24865 for (var i = 0; i < len; i++) {
24866 out[i] = buf.readUInt32BE(i * 4)
24867 }
24868
24869 return out
24870}
24871
24872function scrubVec (v) {
24873 for (var i = 0; i < v.length; v++) {
24874 v[i] = 0
24875 }
24876}
24877
24878function cryptBlock (M, keySchedule, SUB_MIX, SBOX, nRounds) {
24879 var SUB_MIX0 = SUB_MIX[0]
24880 var SUB_MIX1 = SUB_MIX[1]
24881 var SUB_MIX2 = SUB_MIX[2]
24882 var SUB_MIX3 = SUB_MIX[3]
24883
24884 var s0 = M[0] ^ keySchedule[0]
24885 var s1 = M[1] ^ keySchedule[1]
24886 var s2 = M[2] ^ keySchedule[2]
24887 var s3 = M[3] ^ keySchedule[3]
24888 var t0, t1, t2, t3
24889 var ksRow = 4
24890
24891 for (var round = 1; round < nRounds; round++) {
24892 t0 = SUB_MIX0[s0 >>> 24] ^ SUB_MIX1[(s1 >>> 16) & 0xff] ^ SUB_MIX2[(s2 >>> 8) & 0xff] ^ SUB_MIX3[s3 & 0xff] ^ keySchedule[ksRow++]
24893 t1 = SUB_MIX0[s1 >>> 24] ^ SUB_MIX1[(s2 >>> 16) & 0xff] ^ SUB_MIX2[(s3 >>> 8) & 0xff] ^ SUB_MIX3[s0 & 0xff] ^ keySchedule[ksRow++]
24894 t2 = SUB_MIX0[s2 >>> 24] ^ SUB_MIX1[(s3 >>> 16) & 0xff] ^ SUB_MIX2[(s0 >>> 8) & 0xff] ^ SUB_MIX3[s1 & 0xff] ^ keySchedule[ksRow++]
24895 t3 = SUB_MIX0[s3 >>> 24] ^ SUB_MIX1[(s0 >>> 16) & 0xff] ^ SUB_MIX2[(s1 >>> 8) & 0xff] ^ SUB_MIX3[s2 & 0xff] ^ keySchedule[ksRow++]
24896 s0 = t0
24897 s1 = t1
24898 s2 = t2
24899 s3 = t3
24900 }
24901
24902 t0 = ((SBOX[s0 >>> 24] << 24) | (SBOX[(s1 >>> 16) & 0xff] << 16) | (SBOX[(s2 >>> 8) & 0xff] << 8) | SBOX[s3 & 0xff]) ^ keySchedule[ksRow++]
24903 t1 = ((SBOX[s1 >>> 24] << 24) | (SBOX[(s2 >>> 16) & 0xff] << 16) | (SBOX[(s3 >>> 8) & 0xff] << 8) | SBOX[s0 & 0xff]) ^ keySchedule[ksRow++]
24904 t2 = ((SBOX[s2 >>> 24] << 24) | (SBOX[(s3 >>> 16) & 0xff] << 16) | (SBOX[(s0 >>> 8) & 0xff] << 8) | SBOX[s1 & 0xff]) ^ keySchedule[ksRow++]
24905 t3 = ((SBOX[s3 >>> 24] << 24) | (SBOX[(s0 >>> 16) & 0xff] << 16) | (SBOX[(s1 >>> 8) & 0xff] << 8) | SBOX[s2 & 0xff]) ^ keySchedule[ksRow++]
24906 t0 = t0 >>> 0
24907 t1 = t1 >>> 0
24908 t2 = t2 >>> 0
24909 t3 = t3 >>> 0
24910
24911 return [t0, t1, t2, t3]
24912}
24913
24914// AES constants
24915var RCON = [0x00, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36]
24916var G = (function () {
24917 // Compute double table
24918 var d = new Array(256)
24919 for (var j = 0; j < 256; j++) {
24920 if (j < 128) {
24921 d[j] = j << 1
24922 } else {
24923 d[j] = (j << 1) ^ 0x11b
24924 }
24925 }
24926
24927 var SBOX = []
24928 var INV_SBOX = []
24929 var SUB_MIX = [[], [], [], []]
24930 var INV_SUB_MIX = [[], [], [], []]
24931
24932 // Walk GF(2^8)
24933 var x = 0
24934 var xi = 0
24935 for (var i = 0; i < 256; ++i) {
24936 // Compute sbox
24937 var sx = xi ^ (xi << 1) ^ (xi << 2) ^ (xi << 3) ^ (xi << 4)
24938 sx = (sx >>> 8) ^ (sx & 0xff) ^ 0x63
24939 SBOX[x] = sx
24940 INV_SBOX[sx] = x
24941
24942 // Compute multiplication
24943 var x2 = d[x]
24944 var x4 = d[x2]
24945 var x8 = d[x4]
24946
24947 // Compute sub bytes, mix columns tables
24948 var t = (d[sx] * 0x101) ^ (sx * 0x1010100)
24949 SUB_MIX[0][x] = (t << 24) | (t >>> 8)
24950 SUB_MIX[1][x] = (t << 16) | (t >>> 16)
24951 SUB_MIX[2][x] = (t << 8) | (t >>> 24)
24952 SUB_MIX[3][x] = t
24953
24954 // Compute inv sub bytes, inv mix columns tables
24955 t = (x8 * 0x1010101) ^ (x4 * 0x10001) ^ (x2 * 0x101) ^ (x * 0x1010100)
24956 INV_SUB_MIX[0][sx] = (t << 24) | (t >>> 8)
24957 INV_SUB_MIX[1][sx] = (t << 16) | (t >>> 16)
24958 INV_SUB_MIX[2][sx] = (t << 8) | (t >>> 24)
24959 INV_SUB_MIX[3][sx] = t
24960
24961 if (x === 0) {
24962 x = xi = 1
24963 } else {
24964 x = x2 ^ d[d[d[x8 ^ x2]]]
24965 xi ^= d[d[xi]]
24966 }
24967 }
24968
24969 return {
24970 SBOX: SBOX,
24971 INV_SBOX: INV_SBOX,
24972 SUB_MIX: SUB_MIX,
24973 INV_SUB_MIX: INV_SUB_MIX
24974 }
24975})()
24976
24977function AES (key) {
24978 this._key = asUInt32Array(key)
24979 this._reset()
24980}
24981
24982AES.blockSize = 4 * 4
24983AES.keySize = 256 / 8
24984AES.prototype.blockSize = AES.blockSize
24985AES.prototype.keySize = AES.keySize
24986AES.prototype._reset = function () {
24987 var keyWords = this._key
24988 var keySize = keyWords.length
24989 var nRounds = keySize + 6
24990 var ksRows = (nRounds + 1) * 4
24991
24992 var keySchedule = []
24993 for (var k = 0; k < keySize; k++) {
24994 keySchedule[k] = keyWords[k]
24995 }
24996
24997 for (k = keySize; k < ksRows; k++) {
24998 var t = keySchedule[k - 1]
24999
25000 if (k % keySize === 0) {
25001 t = (t << 8) | (t >>> 24)
25002 t =
25003 (G.SBOX[t >>> 24] << 24) |
25004 (G.SBOX[(t >>> 16) & 0xff] << 16) |
25005 (G.SBOX[(t >>> 8) & 0xff] << 8) |
25006 (G.SBOX[t & 0xff])
25007
25008 t ^= RCON[(k / keySize) | 0] << 24
25009 } else if (keySize > 6 && k % keySize === 4) {
25010 t =
25011 (G.SBOX[t >>> 24] << 24) |
25012 (G.SBOX[(t >>> 16) & 0xff] << 16) |
25013 (G.SBOX[(t >>> 8) & 0xff] << 8) |
25014 (G.SBOX[t & 0xff])
25015 }
25016
25017 keySchedule[k] = keySchedule[k - keySize] ^ t
25018 }
25019
25020 var invKeySchedule = []
25021 for (var ik = 0; ik < ksRows; ik++) {
25022 var ksR = ksRows - ik
25023 var tt = keySchedule[ksR - (ik % 4 ? 0 : 4)]
25024
25025 if (ik < 4 || ksR <= 4) {
25026 invKeySchedule[ik] = tt
25027 } else {
25028 invKeySchedule[ik] =
25029 G.INV_SUB_MIX[0][G.SBOX[tt >>> 24]] ^
25030 G.INV_SUB_MIX[1][G.SBOX[(tt >>> 16) & 0xff]] ^
25031 G.INV_SUB_MIX[2][G.SBOX[(tt >>> 8) & 0xff]] ^
25032 G.INV_SUB_MIX[3][G.SBOX[tt & 0xff]]
25033 }
25034 }
25035
25036 this._nRounds = nRounds
25037 this._keySchedule = keySchedule
25038 this._invKeySchedule = invKeySchedule
25039}
25040
25041AES.prototype.encryptBlockRaw = function (M) {
25042 M = asUInt32Array(M)
25043 return cryptBlock(M, this._keySchedule, G.SUB_MIX, G.SBOX, this._nRounds)
25044}
25045
25046AES.prototype.encryptBlock = function (M) {
25047 var out = this.encryptBlockRaw(M)
25048 var buf = Buffer.allocUnsafe(16)
25049 buf.writeUInt32BE(out[0], 0)
25050 buf.writeUInt32BE(out[1], 4)
25051 buf.writeUInt32BE(out[2], 8)
25052 buf.writeUInt32BE(out[3], 12)
25053 return buf
25054}
25055
25056AES.prototype.decryptBlock = function (M) {
25057 M = asUInt32Array(M)
25058
25059 // swap
25060 var m1 = M[1]
25061 M[1] = M[3]
25062 M[3] = m1
25063
25064 var out = cryptBlock(M, this._invKeySchedule, G.INV_SUB_MIX, G.INV_SBOX, this._nRounds)
25065 var buf = Buffer.allocUnsafe(16)
25066 buf.writeUInt32BE(out[0], 0)
25067 buf.writeUInt32BE(out[3], 4)
25068 buf.writeUInt32BE(out[2], 8)
25069 buf.writeUInt32BE(out[1], 12)
25070 return buf
25071}
25072
25073AES.prototype.scrub = function () {
25074 scrubVec(this._keySchedule)
25075 scrubVec(this._invKeySchedule)
25076 scrubVec(this._key)
25077}
25078
25079module.exports.AES = AES
25080
25081},{"safe-buffer":193}],157:[function(require,module,exports){
25082var aes = require('./aes')
25083var Buffer = require('safe-buffer').Buffer
25084var Transform = require('cipher-base')
25085var inherits = require('inherits')
25086var GHASH = require('./ghash')
25087var xor = require('buffer-xor')
25088var incr32 = require('./incr32')
25089
25090function xorTest (a, b) {
25091 var out = 0
25092 if (a.length !== b.length) out++
25093
25094 var len = Math.min(a.length, b.length)
25095 for (var i = 0; i < len; ++i) {
25096 out += (a[i] ^ b[i])
25097 }
25098
25099 return out
25100}
25101
25102function calcIv (self, iv, ck) {
25103 if (iv.length === 12) {
25104 self._finID = Buffer.concat([iv, Buffer.from([0, 0, 0, 1])])
25105 return Buffer.concat([iv, Buffer.from([0, 0, 0, 2])])
25106 }
25107 var ghash = new GHASH(ck)
25108 var len = iv.length
25109 var toPad = len % 16
25110 ghash.update(iv)
25111 if (toPad) {
25112 toPad = 16 - toPad
25113 ghash.update(Buffer.alloc(toPad, 0))
25114 }
25115 ghash.update(Buffer.alloc(8, 0))
25116 var ivBits = len * 8
25117 var tail = Buffer.alloc(8)
25118 tail.writeUIntBE(ivBits, 0, 8)
25119 ghash.update(tail)
25120 self._finID = ghash.state
25121 var out = Buffer.from(self._finID)
25122 incr32(out)
25123 return out
25124}
25125function StreamCipher (mode, key, iv, decrypt) {
25126 Transform.call(this)
25127
25128 var h = Buffer.alloc(4, 0)
25129
25130 this._cipher = new aes.AES(key)
25131 var ck = this._cipher.encryptBlock(h)
25132 this._ghash = new GHASH(ck)
25133 iv = calcIv(this, iv, ck)
25134
25135 this._prev = Buffer.from(iv)
25136 this._cache = Buffer.allocUnsafe(0)
25137 this._secCache = Buffer.allocUnsafe(0)
25138 this._decrypt = decrypt
25139 this._alen = 0
25140 this._len = 0
25141 this._mode = mode
25142
25143 this._authTag = null
25144 this._called = false
25145}
25146
25147inherits(StreamCipher, Transform)
25148
25149StreamCipher.prototype._update = function (chunk) {
25150 if (!this._called && this._alen) {
25151 var rump = 16 - (this._alen % 16)
25152 if (rump < 16) {
25153 rump = Buffer.alloc(rump, 0)
25154 this._ghash.update(rump)
25155 }
25156 }
25157
25158 this._called = true
25159 var out = this._mode.encrypt(this, chunk)
25160 if (this._decrypt) {
25161 this._ghash.update(chunk)
25162 } else {
25163 this._ghash.update(out)
25164 }
25165 this._len += chunk.length
25166 return out
25167}
25168
25169StreamCipher.prototype._final = function () {
25170 if (this._decrypt && !this._authTag) throw new Error('Unsupported state or unable to authenticate data')
25171
25172 var tag = xor(this._ghash.final(this._alen * 8, this._len * 8), this._cipher.encryptBlock(this._finID))
25173 if (this._decrypt && xorTest(tag, this._authTag)) throw new Error('Unsupported state or unable to authenticate data')
25174
25175 this._authTag = tag
25176 this._cipher.scrub()
25177}
25178
25179StreamCipher.prototype.getAuthTag = function getAuthTag () {
25180 if (this._decrypt || !Buffer.isBuffer(this._authTag)) throw new Error('Attempting to get auth tag in unsupported state')
25181
25182 return this._authTag
25183}
25184
25185StreamCipher.prototype.setAuthTag = function setAuthTag (tag) {
25186 if (!this._decrypt) throw new Error('Attempting to set auth tag in unsupported state')
25187
25188 this._authTag = tag
25189}
25190
25191StreamCipher.prototype.setAAD = function setAAD (buf) {
25192 if (this._called) throw new Error('Attempting to set AAD in unsupported state')
25193
25194 this._ghash.update(buf)
25195 this._alen += buf.length
25196}
25197
25198module.exports = StreamCipher
25199
25200},{"./aes":156,"./ghash":161,"./incr32":162,"buffer-xor":176,"cipher-base":178,"inherits":189,"safe-buffer":193}],158:[function(require,module,exports){
25201var ciphers = require('./encrypter')
25202var deciphers = require('./decrypter')
25203var modes = require('./modes/list.json')
25204
25205function getCiphers () {
25206 return Object.keys(modes)
25207}
25208
25209exports.createCipher = exports.Cipher = ciphers.createCipher
25210exports.createCipheriv = exports.Cipheriv = ciphers.createCipheriv
25211exports.createDecipher = exports.Decipher = deciphers.createDecipher
25212exports.createDecipheriv = exports.Decipheriv = deciphers.createDecipheriv
25213exports.listCiphers = exports.getCiphers = getCiphers
25214
25215},{"./decrypter":159,"./encrypter":160,"./modes/list.json":170}],159:[function(require,module,exports){
25216var AuthCipher = require('./authCipher')
25217var Buffer = require('safe-buffer').Buffer
25218var MODES = require('./modes')
25219var StreamCipher = require('./streamCipher')
25220var Transform = require('cipher-base')
25221var aes = require('./aes')
25222var ebtk = require('evp_bytestokey')
25223var inherits = require('inherits')
25224
25225function Decipher (mode, key, iv) {
25226 Transform.call(this)
25227
25228 this._cache = new Splitter()
25229 this._last = void 0
25230 this._cipher = new aes.AES(key)
25231 this._prev = Buffer.from(iv)
25232 this._mode = mode
25233 this._autopadding = true
25234}
25235
25236inherits(Decipher, Transform)
25237
25238Decipher.prototype._update = function (data) {
25239 this._cache.add(data)
25240 var chunk
25241 var thing
25242 var out = []
25243 while ((chunk = this._cache.get(this._autopadding))) {
25244 thing = this._mode.decrypt(this, chunk)
25245 out.push(thing)
25246 }
25247 return Buffer.concat(out)
25248}
25249
25250Decipher.prototype._final = function () {
25251 var chunk = this._cache.flush()
25252 if (this._autopadding) {
25253 return unpad(this._mode.decrypt(this, chunk))
25254 } else if (chunk) {
25255 throw new Error('data not multiple of block length')
25256 }
25257}
25258
25259Decipher.prototype.setAutoPadding = function (setTo) {
25260 this._autopadding = !!setTo
25261 return this
25262}
25263
25264function Splitter () {
25265 this.cache = Buffer.allocUnsafe(0)
25266}
25267
25268Splitter.prototype.add = function (data) {
25269 this.cache = Buffer.concat([this.cache, data])
25270}
25271
25272Splitter.prototype.get = function (autoPadding) {
25273 var out
25274 if (autoPadding) {
25275 if (this.cache.length > 16) {
25276 out = this.cache.slice(0, 16)
25277 this.cache = this.cache.slice(16)
25278 return out
25279 }
25280 } else {
25281 if (this.cache.length >= 16) {
25282 out = this.cache.slice(0, 16)
25283 this.cache = this.cache.slice(16)
25284 return out
25285 }
25286 }
25287
25288 return null
25289}
25290
25291Splitter.prototype.flush = function () {
25292 if (this.cache.length) return this.cache
25293}
25294
25295function unpad (last) {
25296 var padded = last[15]
25297 var i = -1
25298 while (++i < padded) {
25299 if (last[(i + (16 - padded))] !== padded) {
25300 throw new Error('unable to decrypt data')
25301 }
25302 }
25303 if (padded === 16) return
25304
25305 return last.slice(0, 16 - padded)
25306}
25307
25308function createDecipheriv (suite, password, iv) {
25309 var config = MODES[suite.toLowerCase()]
25310 if (!config) throw new TypeError('invalid suite type')
25311
25312 if (typeof iv === 'string') iv = Buffer.from(iv)
25313 if (config.mode !== 'GCM' && iv.length !== config.iv) throw new TypeError('invalid iv length ' + iv.length)
25314
25315 if (typeof password === 'string') password = Buffer.from(password)
25316 if (password.length !== config.key / 8) throw new TypeError('invalid key length ' + password.length)
25317
25318 if (config.type === 'stream') {
25319 return new StreamCipher(config.module, password, iv, true)
25320 } else if (config.type === 'auth') {
25321 return new AuthCipher(config.module, password, iv, true)
25322 }
25323
25324 return new Decipher(config.module, password, iv)
25325}
25326
25327function createDecipher (suite, password) {
25328 var config = MODES[suite.toLowerCase()]
25329 if (!config) throw new TypeError('invalid suite type')
25330
25331 var keys = ebtk(password, false, config.key, config.iv)
25332 return createDecipheriv(suite, keys.key, keys.iv)
25333}
25334
25335exports.createDecipher = createDecipher
25336exports.createDecipheriv = createDecipheriv
25337
25338},{"./aes":156,"./authCipher":157,"./modes":169,"./streamCipher":172,"cipher-base":178,"evp_bytestokey":187,"inherits":189,"safe-buffer":193}],160:[function(require,module,exports){
25339var MODES = require('./modes')
25340var AuthCipher = require('./authCipher')
25341var Buffer = require('safe-buffer').Buffer
25342var StreamCipher = require('./streamCipher')
25343var Transform = require('cipher-base')
25344var aes = require('./aes')
25345var ebtk = require('evp_bytestokey')
25346var inherits = require('inherits')
25347
25348function Cipher (mode, key, iv) {
25349 Transform.call(this)
25350
25351 this._cache = new Splitter()
25352 this._cipher = new aes.AES(key)
25353 this._prev = Buffer.from(iv)
25354 this._mode = mode
25355 this._autopadding = true
25356}
25357
25358inherits(Cipher, Transform)
25359
25360Cipher.prototype._update = function (data) {
25361 this._cache.add(data)
25362 var chunk
25363 var thing
25364 var out = []
25365
25366 while ((chunk = this._cache.get())) {
25367 thing = this._mode.encrypt(this, chunk)
25368 out.push(thing)
25369 }
25370
25371 return Buffer.concat(out)
25372}
25373
25374var PADDING = Buffer.alloc(16, 0x10)
25375
25376Cipher.prototype._final = function () {
25377 var chunk = this._cache.flush()
25378 if (this._autopadding) {
25379 chunk = this._mode.encrypt(this, chunk)
25380 this._cipher.scrub()
25381 return chunk
25382 }
25383
25384 if (!chunk.equals(PADDING)) {
25385 this._cipher.scrub()
25386 throw new Error('data not multiple of block length')
25387 }
25388}
25389
25390Cipher.prototype.setAutoPadding = function (setTo) {
25391 this._autopadding = !!setTo
25392 return this
25393}
25394
25395function Splitter () {
25396 this.cache = Buffer.allocUnsafe(0)
25397}
25398
25399Splitter.prototype.add = function (data) {
25400 this.cache = Buffer.concat([this.cache, data])
25401}
25402
25403Splitter.prototype.get = function () {
25404 if (this.cache.length > 15) {
25405 var out = this.cache.slice(0, 16)
25406 this.cache = this.cache.slice(16)
25407 return out
25408 }
25409 return null
25410}
25411
25412Splitter.prototype.flush = function () {
25413 var len = 16 - this.cache.length
25414 var padBuff = Buffer.allocUnsafe(len)
25415
25416 var i = -1
25417 while (++i < len) {
25418 padBuff.writeUInt8(len, i)
25419 }
25420
25421 return Buffer.concat([this.cache, padBuff])
25422}
25423
25424function createCipheriv (suite, password, iv) {
25425 var config = MODES[suite.toLowerCase()]
25426 if (!config) throw new TypeError('invalid suite type')
25427
25428 if (typeof password === 'string') password = Buffer.from(password)
25429 if (password.length !== config.key / 8) throw new TypeError('invalid key length ' + password.length)
25430
25431 if (typeof iv === 'string') iv = Buffer.from(iv)
25432 if (config.mode !== 'GCM' && iv.length !== config.iv) throw new TypeError('invalid iv length ' + iv.length)
25433
25434 if (config.type === 'stream') {
25435 return new StreamCipher(config.module, password, iv)
25436 } else if (config.type === 'auth') {
25437 return new AuthCipher(config.module, password, iv)
25438 }
25439
25440 return new Cipher(config.module, password, iv)
25441}
25442
25443function createCipher (suite, password) {
25444 var config = MODES[suite.toLowerCase()]
25445 if (!config) throw new TypeError('invalid suite type')
25446
25447 var keys = ebtk(password, false, config.key, config.iv)
25448 return createCipheriv(suite, keys.key, keys.iv)
25449}
25450
25451exports.createCipheriv = createCipheriv
25452exports.createCipher = createCipher
25453
25454},{"./aes":156,"./authCipher":157,"./modes":169,"./streamCipher":172,"cipher-base":178,"evp_bytestokey":187,"inherits":189,"safe-buffer":193}],161:[function(require,module,exports){
25455var Buffer = require('safe-buffer').Buffer
25456var ZEROES = Buffer.alloc(16, 0)
25457
25458function toArray (buf) {
25459 return [
25460 buf.readUInt32BE(0),
25461 buf.readUInt32BE(4),
25462 buf.readUInt32BE(8),
25463 buf.readUInt32BE(12)
25464 ]
25465}
25466
25467function fromArray (out) {
25468 var buf = Buffer.allocUnsafe(16)
25469 buf.writeUInt32BE(out[0] >>> 0, 0)
25470 buf.writeUInt32BE(out[1] >>> 0, 4)
25471 buf.writeUInt32BE(out[2] >>> 0, 8)
25472 buf.writeUInt32BE(out[3] >>> 0, 12)
25473 return buf
25474}
25475
25476function GHASH (key) {
25477 this.h = key
25478 this.state = Buffer.alloc(16, 0)
25479 this.cache = Buffer.allocUnsafe(0)
25480}
25481
25482// from http://bitwiseshiftleft.github.io/sjcl/doc/symbols/src/core_gcm.js.html
25483// by Juho Vähä-Herttua
25484GHASH.prototype.ghash = function (block) {
25485 var i = -1
25486 while (++i < block.length) {
25487 this.state[i] ^= block[i]
25488 }
25489 this._multiply()
25490}
25491
25492GHASH.prototype._multiply = function () {
25493 var Vi = toArray(this.h)
25494 var Zi = [0, 0, 0, 0]
25495 var j, xi, lsbVi
25496 var i = -1
25497 while (++i < 128) {
25498 xi = (this.state[~~(i / 8)] & (1 << (7 - (i % 8)))) !== 0
25499 if (xi) {
25500 // Z_i+1 = Z_i ^ V_i
25501 Zi[0] ^= Vi[0]
25502 Zi[1] ^= Vi[1]
25503 Zi[2] ^= Vi[2]
25504 Zi[3] ^= Vi[3]
25505 }
25506
25507 // Store the value of LSB(V_i)
25508 lsbVi = (Vi[3] & 1) !== 0
25509
25510 // V_i+1 = V_i >> 1
25511 for (j = 3; j > 0; j--) {
25512 Vi[j] = (Vi[j] >>> 1) | ((Vi[j - 1] & 1) << 31)
25513 }
25514 Vi[0] = Vi[0] >>> 1
25515
25516 // If LSB(V_i) is 1, V_i+1 = (V_i >> 1) ^ R
25517 if (lsbVi) {
25518 Vi[0] = Vi[0] ^ (0xe1 << 24)
25519 }
25520 }
25521 this.state = fromArray(Zi)
25522}
25523
25524GHASH.prototype.update = function (buf) {
25525 this.cache = Buffer.concat([this.cache, buf])
25526 var chunk
25527 while (this.cache.length >= 16) {
25528 chunk = this.cache.slice(0, 16)
25529 this.cache = this.cache.slice(16)
25530 this.ghash(chunk)
25531 }
25532}
25533
25534GHASH.prototype.final = function (abl, bl) {
25535 if (this.cache.length) {
25536 this.ghash(Buffer.concat([this.cache, ZEROES], 16))
25537 }
25538
25539 this.ghash(fromArray([0, abl, 0, bl]))
25540 return this.state
25541}
25542
25543module.exports = GHASH
25544
25545},{"safe-buffer":193}],162:[function(require,module,exports){
25546function incr32 (iv) {
25547 var len = iv.length
25548 var item
25549 while (len--) {
25550 item = iv.readUInt8(len)
25551 if (item === 255) {
25552 iv.writeUInt8(0, len)
25553 } else {
25554 item++
25555 iv.writeUInt8(item, len)
25556 break
25557 }
25558 }
25559}
25560module.exports = incr32
25561
25562},{}],163:[function(require,module,exports){
25563arguments[4][27][0].apply(exports,arguments)
25564},{"buffer-xor":176,"dup":27}],164:[function(require,module,exports){
25565var Buffer = require('safe-buffer').Buffer
25566var xor = require('buffer-xor')
25567
25568function encryptStart (self, data, decrypt) {
25569 var len = data.length
25570 var out = xor(data, self._cache)
25571 self._cache = self._cache.slice(len)
25572 self._prev = Buffer.concat([self._prev, decrypt ? data : out])
25573 return out
25574}
25575
25576exports.encrypt = function (self, data, decrypt) {
25577 var out = Buffer.allocUnsafe(0)
25578 var len
25579
25580 while (data.length) {
25581 if (self._cache.length === 0) {
25582 self._cache = self._cipher.encryptBlock(self._prev)
25583 self._prev = Buffer.allocUnsafe(0)
25584 }
25585
25586 if (self._cache.length <= data.length) {
25587 len = self._cache.length
25588 out = Buffer.concat([out, encryptStart(self, data.slice(0, len), decrypt)])
25589 data = data.slice(len)
25590 } else {
25591 out = Buffer.concat([out, encryptStart(self, data, decrypt)])
25592 break
25593 }
25594 }
25595
25596 return out
25597}
25598
25599},{"buffer-xor":176,"safe-buffer":193}],165:[function(require,module,exports){
25600var Buffer = require('safe-buffer').Buffer
25601
25602function encryptByte (self, byteParam, decrypt) {
25603 var pad
25604 var i = -1
25605 var len = 8
25606 var out = 0
25607 var bit, value
25608 while (++i < len) {
25609 pad = self._cipher.encryptBlock(self._prev)
25610 bit = (byteParam & (1 << (7 - i))) ? 0x80 : 0
25611 value = pad[0] ^ bit
25612 out += ((value & 0x80) >> (i % 8))
25613 self._prev = shiftIn(self._prev, decrypt ? bit : value)
25614 }
25615 return out
25616}
25617
25618function shiftIn (buffer, value) {
25619 var len = buffer.length
25620 var i = -1
25621 var out = Buffer.allocUnsafe(buffer.length)
25622 buffer = Buffer.concat([buffer, Buffer.from([value])])
25623
25624 while (++i < len) {
25625 out[i] = buffer[i] << 1 | buffer[i + 1] >> (7)
25626 }
25627
25628 return out
25629}
25630
25631exports.encrypt = function (self, chunk, decrypt) {
25632 var len = chunk.length
25633 var out = Buffer.allocUnsafe(len)
25634 var i = -1
25635
25636 while (++i < len) {
25637 out[i] = encryptByte(self, chunk[i], decrypt)
25638 }
25639
25640 return out
25641}
25642
25643},{"safe-buffer":193}],166:[function(require,module,exports){
25644var Buffer = require('safe-buffer').Buffer
25645
25646function encryptByte (self, byteParam, decrypt) {
25647 var pad = self._cipher.encryptBlock(self._prev)
25648 var out = pad[0] ^ byteParam
25649
25650 self._prev = Buffer.concat([
25651 self._prev.slice(1),
25652 Buffer.from([decrypt ? byteParam : out])
25653 ])
25654
25655 return out
25656}
25657
25658exports.encrypt = function (self, chunk, decrypt) {
25659 var len = chunk.length
25660 var out = Buffer.allocUnsafe(len)
25661 var i = -1
25662
25663 while (++i < len) {
25664 out[i] = encryptByte(self, chunk[i], decrypt)
25665 }
25666
25667 return out
25668}
25669
25670},{"safe-buffer":193}],167:[function(require,module,exports){
25671var xor = require('buffer-xor')
25672var Buffer = require('safe-buffer').Buffer
25673var incr32 = require('../incr32')
25674
25675function getBlock (self) {
25676 var out = self._cipher.encryptBlockRaw(self._prev)
25677 incr32(self._prev)
25678 return out
25679}
25680
25681var blockSize = 16
25682exports.encrypt = function (self, chunk) {
25683 var chunkNum = Math.ceil(chunk.length / blockSize)
25684 var start = self._cache.length
25685 self._cache = Buffer.concat([
25686 self._cache,
25687 Buffer.allocUnsafe(chunkNum * blockSize)
25688 ])
25689 for (var i = 0; i < chunkNum; i++) {
25690 var out = getBlock(self)
25691 var offset = start + i * blockSize
25692 self._cache.writeUInt32BE(out[0], offset + 0)
25693 self._cache.writeUInt32BE(out[1], offset + 4)
25694 self._cache.writeUInt32BE(out[2], offset + 8)
25695 self._cache.writeUInt32BE(out[3], offset + 12)
25696 }
25697 var pad = self._cache.slice(0, chunk.length)
25698 self._cache = self._cache.slice(chunk.length)
25699 return xor(chunk, pad)
25700}
25701
25702},{"../incr32":162,"buffer-xor":176,"safe-buffer":193}],168:[function(require,module,exports){
25703exports.encrypt = function (self, block) {
25704 return self._cipher.encryptBlock(block)
25705}
25706
25707exports.decrypt = function (self, block) {
25708 return self._cipher.decryptBlock(block)
25709}
25710
25711},{}],169:[function(require,module,exports){
25712var modeModules = {
25713 ECB: require('./ecb'),
25714 CBC: require('./cbc'),
25715 CFB: require('./cfb'),
25716 CFB8: require('./cfb8'),
25717 CFB1: require('./cfb1'),
25718 OFB: require('./ofb'),
25719 CTR: require('./ctr'),
25720 GCM: require('./ctr')
25721}
25722
25723var modes = require('./list.json')
25724
25725for (var key in modes) {
25726 modes[key].module = modeModules[modes[key].mode]
25727}
25728
25729module.exports = modes
25730
25731},{"./cbc":163,"./cfb":164,"./cfb1":165,"./cfb8":166,"./ctr":167,"./ecb":168,"./list.json":170,"./ofb":171}],170:[function(require,module,exports){
25732module.exports={
25733 "aes-128-ecb": {
25734 "cipher": "AES",
25735 "key": 128,
25736 "iv": 0,
25737 "mode": "ECB",
25738 "type": "block"
25739 },
25740 "aes-192-ecb": {
25741 "cipher": "AES",
25742 "key": 192,
25743 "iv": 0,
25744 "mode": "ECB",
25745 "type": "block"
25746 },
25747 "aes-256-ecb": {
25748 "cipher": "AES",
25749 "key": 256,
25750 "iv": 0,
25751 "mode": "ECB",
25752 "type": "block"
25753 },
25754 "aes-128-cbc": {
25755 "cipher": "AES",
25756 "key": 128,
25757 "iv": 16,
25758 "mode": "CBC",
25759 "type": "block"
25760 },
25761 "aes-192-cbc": {
25762 "cipher": "AES",
25763 "key": 192,
25764 "iv": 16,
25765 "mode": "CBC",
25766 "type": "block"
25767 },
25768 "aes-256-cbc": {
25769 "cipher": "AES",
25770 "key": 256,
25771 "iv": 16,
25772 "mode": "CBC",
25773 "type": "block"
25774 },
25775 "aes128": {
25776 "cipher": "AES",
25777 "key": 128,
25778 "iv": 16,
25779 "mode": "CBC",
25780 "type": "block"
25781 },
25782 "aes192": {
25783 "cipher": "AES",
25784 "key": 192,
25785 "iv": 16,
25786 "mode": "CBC",
25787 "type": "block"
25788 },
25789 "aes256": {
25790 "cipher": "AES",
25791 "key": 256,
25792 "iv": 16,
25793 "mode": "CBC",
25794 "type": "block"
25795 },
25796 "aes-128-cfb": {
25797 "cipher": "AES",
25798 "key": 128,
25799 "iv": 16,
25800 "mode": "CFB",
25801 "type": "stream"
25802 },
25803 "aes-192-cfb": {
25804 "cipher": "AES",
25805 "key": 192,
25806 "iv": 16,
25807 "mode": "CFB",
25808 "type": "stream"
25809 },
25810 "aes-256-cfb": {
25811 "cipher": "AES",
25812 "key": 256,
25813 "iv": 16,
25814 "mode": "CFB",
25815 "type": "stream"
25816 },
25817 "aes-128-cfb8": {
25818 "cipher": "AES",
25819 "key": 128,
25820 "iv": 16,
25821 "mode": "CFB8",
25822 "type": "stream"
25823 },
25824 "aes-192-cfb8": {
25825 "cipher": "AES",
25826 "key": 192,
25827 "iv": 16,
25828 "mode": "CFB8",
25829 "type": "stream"
25830 },
25831 "aes-256-cfb8": {
25832 "cipher": "AES",
25833 "key": 256,
25834 "iv": 16,
25835 "mode": "CFB8",
25836 "type": "stream"
25837 },
25838 "aes-128-cfb1": {
25839 "cipher": "AES",
25840 "key": 128,
25841 "iv": 16,
25842 "mode": "CFB1",
25843 "type": "stream"
25844 },
25845 "aes-192-cfb1": {
25846 "cipher": "AES",
25847 "key": 192,
25848 "iv": 16,
25849 "mode": "CFB1",
25850 "type": "stream"
25851 },
25852 "aes-256-cfb1": {
25853 "cipher": "AES",
25854 "key": 256,
25855 "iv": 16,
25856 "mode": "CFB1",
25857 "type": "stream"
25858 },
25859 "aes-128-ofb": {
25860 "cipher": "AES",
25861 "key": 128,
25862 "iv": 16,
25863 "mode": "OFB",
25864 "type": "stream"
25865 },
25866 "aes-192-ofb": {
25867 "cipher": "AES",
25868 "key": 192,
25869 "iv": 16,
25870 "mode": "OFB",
25871 "type": "stream"
25872 },
25873 "aes-256-ofb": {
25874 "cipher": "AES",
25875 "key": 256,
25876 "iv": 16,
25877 "mode": "OFB",
25878 "type": "stream"
25879 },
25880 "aes-128-ctr": {
25881 "cipher": "AES",
25882 "key": 128,
25883 "iv": 16,
25884 "mode": "CTR",
25885 "type": "stream"
25886 },
25887 "aes-192-ctr": {
25888 "cipher": "AES",
25889 "key": 192,
25890 "iv": 16,
25891 "mode": "CTR",
25892 "type": "stream"
25893 },
25894 "aes-256-ctr": {
25895 "cipher": "AES",
25896 "key": 256,
25897 "iv": 16,
25898 "mode": "CTR",
25899 "type": "stream"
25900 },
25901 "aes-128-gcm": {
25902 "cipher": "AES",
25903 "key": 128,
25904 "iv": 12,
25905 "mode": "GCM",
25906 "type": "auth"
25907 },
25908 "aes-192-gcm": {
25909 "cipher": "AES",
25910 "key": 192,
25911 "iv": 12,
25912 "mode": "GCM",
25913 "type": "auth"
25914 },
25915 "aes-256-gcm": {
25916 "cipher": "AES",
25917 "key": 256,
25918 "iv": 12,
25919 "mode": "GCM",
25920 "type": "auth"
25921 }
25922}
25923
25924},{}],171:[function(require,module,exports){
25925arguments[4][33][0].apply(exports,arguments)
25926},{"buffer":47,"buffer-xor":176,"dup":33}],172:[function(require,module,exports){
25927var aes = require('./aes')
25928var Buffer = require('safe-buffer').Buffer
25929var Transform = require('cipher-base')
25930var inherits = require('inherits')
25931
25932function StreamCipher (mode, key, iv, decrypt) {
25933 Transform.call(this)
25934
25935 this._cipher = new aes.AES(key)
25936 this._prev = Buffer.from(iv)
25937 this._cache = Buffer.allocUnsafe(0)
25938 this._secCache = Buffer.allocUnsafe(0)
25939 this._decrypt = decrypt
25940 this._mode = mode
25941}
25942
25943inherits(StreamCipher, Transform)
25944
25945StreamCipher.prototype._update = function (chunk) {
25946 return this._mode.encrypt(this, chunk, this._decrypt)
25947}
25948
25949StreamCipher.prototype._final = function () {
25950 this._cipher.scrub()
25951}
25952
25953module.exports = StreamCipher
25954
25955},{"./aes":156,"cipher-base":178,"inherits":189,"safe-buffer":193}],173:[function(require,module,exports){
25956var basex = require('base-x')
25957var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'
25958
25959module.exports = basex(ALPHABET)
25960
25961},{"base-x":151}],174:[function(require,module,exports){
25962'use strict'
25963
25964var base58 = require('bs58')
25965var Buffer = require('safe-buffer').Buffer
25966
25967module.exports = function (checksumFn) {
25968 // Encode a buffer as a base58-check encoded string
25969 function encode (payload) {
25970 var checksum = checksumFn(payload)
25971
25972 return base58.encode(Buffer.concat([
25973 payload,
25974 checksum
25975 ], payload.length + 4))
25976 }
25977
25978 function decodeRaw (buffer) {
25979 var payload = buffer.slice(0, -4)
25980 var checksum = buffer.slice(-4)
25981 var newChecksum = checksumFn(payload)
25982
25983 if (checksum[0] ^ newChecksum[0] |
25984 checksum[1] ^ newChecksum[1] |
25985 checksum[2] ^ newChecksum[2] |
25986 checksum[3] ^ newChecksum[3]) return
25987
25988 return payload
25989 }
25990
25991 // Decode a base58-check encoded string to a buffer, no result if checksum is wrong
25992 function decodeUnsafe (string) {
25993 var buffer = base58.decodeUnsafe(string)
25994 if (!buffer) return
25995
25996 return decodeRaw(buffer)
25997 }
25998
25999 function decode (string) {
26000 var buffer = base58.decode(string)
26001 var payload = decodeRaw(buffer, checksumFn)
26002 if (!payload) throw new Error('Invalid checksum')
26003 return payload
26004 }
26005
26006 return {
26007 encode: encode,
26008 decode: decode,
26009 decodeUnsafe: decodeUnsafe
26010 }
26011}
26012
26013},{"bs58":173,"safe-buffer":193}],175:[function(require,module,exports){
26014'use strict'
26015
26016var createHash = require('create-hash')
26017var bs58checkBase = require('./base')
26018
26019// SHA256(SHA256(buffer))
26020function sha256x2 (buffer) {
26021 var tmp = createHash('sha256').update(buffer).digest()
26022 return createHash('sha256').update(tmp).digest()
26023}
26024
26025module.exports = bs58checkBase(sha256x2)
26026
26027},{"./base":174,"create-hash":179}],176:[function(require,module,exports){
26028arguments[4][46][0].apply(exports,arguments)
26029},{"buffer":47,"dup":46}],177:[function(require,module,exports){
26030module.exports = function xorInplace (a, b) {
26031 var length = Math.min(a.length, b.length)
26032
26033 for (var i = 0; i < length; ++i) {
26034 a[i] = a[i] ^ b[i]
26035 }
26036
26037 return a.slice(0, length)
26038}
26039
26040},{}],178:[function(require,module,exports){
26041var Buffer = require('safe-buffer').Buffer
26042var Transform = require('stream').Transform
26043var StringDecoder = require('string_decoder').StringDecoder
26044var inherits = require('inherits')
26045
26046function CipherBase (hashMode) {
26047 Transform.call(this)
26048 this.hashMode = typeof hashMode === 'string'
26049 if (this.hashMode) {
26050 this[hashMode] = this._finalOrDigest
26051 } else {
26052 this.final = this._finalOrDigest
26053 }
26054 if (this._final) {
26055 this.__final = this._final
26056 this._final = null
26057 }
26058 this._decoder = null
26059 this._encoding = null
26060}
26061inherits(CipherBase, Transform)
26062
26063CipherBase.prototype.update = function (data, inputEnc, outputEnc) {
26064 if (typeof data === 'string') {
26065 data = Buffer.from(data, inputEnc)
26066 }
26067
26068 var outData = this._update(data)
26069 if (this.hashMode) return this
26070
26071 if (outputEnc) {
26072 outData = this._toString(outData, outputEnc)
26073 }
26074
26075 return outData
26076}
26077
26078CipherBase.prototype.setAutoPadding = function () {}
26079CipherBase.prototype.getAuthTag = function () {
26080 throw new Error('trying to get auth tag in unsupported state')
26081}
26082
26083CipherBase.prototype.setAuthTag = function () {
26084 throw new Error('trying to set auth tag in unsupported state')
26085}
26086
26087CipherBase.prototype.setAAD = function () {
26088 throw new Error('trying to set aad in unsupported state')
26089}
26090
26091CipherBase.prototype._transform = function (data, _, next) {
26092 var err
26093 try {
26094 if (this.hashMode) {
26095 this._update(data)
26096 } else {
26097 this.push(this._update(data))
26098 }
26099 } catch (e) {
26100 err = e
26101 } finally {
26102 next(err)
26103 }
26104}
26105CipherBase.prototype._flush = function (done) {
26106 var err
26107 try {
26108 this.push(this.__final())
26109 } catch (e) {
26110 err = e
26111 }
26112
26113 done(err)
26114}
26115CipherBase.prototype._finalOrDigest = function (outputEnc) {
26116 var outData = this.__final() || Buffer.alloc(0)
26117 if (outputEnc) {
26118 outData = this._toString(outData, outputEnc, true)
26119 }
26120 return outData
26121}
26122
26123CipherBase.prototype._toString = function (value, enc, fin) {
26124 if (!this._decoder) {
26125 this._decoder = new StringDecoder(enc)
26126 this._encoding = enc
26127 }
26128
26129 if (this._encoding !== enc) throw new Error('can\'t switch encodings')
26130
26131 var out = this._decoder.write(value)
26132 if (fin) {
26133 out += this._decoder.end()
26134 }
26135
26136 return out
26137}
26138
26139module.exports = CipherBase
26140
26141},{"inherits":189,"safe-buffer":193,"stream":143,"string_decoder":144}],179:[function(require,module,exports){
26142arguments[4][51][0].apply(exports,arguments)
26143},{"./md5":181,"buffer":47,"cipher-base":178,"dup":51,"inherits":189,"ripemd160":192,"sha.js":196}],180:[function(require,module,exports){
26144arguments[4][52][0].apply(exports,arguments)
26145},{"buffer":47,"dup":52}],181:[function(require,module,exports){
26146arguments[4][53][0].apply(exports,arguments)
26147},{"./make-hash":180,"dup":53}],182:[function(require,module,exports){
26148var assert = require('assert')
26149var BigInteger = require('bigi')
26150
26151var Point = require('./point')
26152
26153function Curve (p, a, b, Gx, Gy, n, h) {
26154 this.p = p
26155 this.a = a
26156 this.b = b
26157 this.G = Point.fromAffine(this, Gx, Gy)
26158 this.n = n
26159 this.h = h
26160
26161 this.infinity = new Point(this, null, null, BigInteger.ZERO)
26162
26163 // result caching
26164 this.pOverFour = p.add(BigInteger.ONE).shiftRight(2)
26165
26166 // determine size of p in bytes
26167 this.pLength = Math.floor((this.p.bitLength() + 7) / 8)
26168}
26169
26170Curve.prototype.pointFromX = function (isOdd, x) {
26171 var alpha = x.pow(3).add(this.a.multiply(x)).add(this.b).mod(this.p)
26172 var beta = alpha.modPow(this.pOverFour, this.p) // XXX: not compatible with all curves
26173
26174 var y = beta
26175 if (beta.isEven() ^ !isOdd) {
26176 y = this.p.subtract(y) // -y % p
26177 }
26178
26179 return Point.fromAffine(this, x, y)
26180}
26181
26182Curve.prototype.isInfinity = function (Q) {
26183 if (Q === this.infinity) return true
26184
26185 return Q.z.signum() === 0 && Q.y.signum() !== 0
26186}
26187
26188Curve.prototype.isOnCurve = function (Q) {
26189 if (this.isInfinity(Q)) return true
26190
26191 var x = Q.affineX
26192 var y = Q.affineY
26193 var a = this.a
26194 var b = this.b
26195 var p = this.p
26196
26197 // Check that xQ and yQ are integers in the interval [0, p - 1]
26198 if (x.signum() < 0 || x.compareTo(p) >= 0) return false
26199 if (y.signum() < 0 || y.compareTo(p) >= 0) return false
26200
26201 // and check that y^2 = x^3 + ax + b (mod p)
26202 var lhs = y.square().mod(p)
26203 var rhs = x.pow(3).add(a.multiply(x)).add(b).mod(p)
26204 return lhs.equals(rhs)
26205}
26206
26207/**
26208 * Validate an elliptic curve point.
26209 *
26210 * See SEC 1, section 3.2.2.1: Elliptic Curve Public Key Validation Primitive
26211 */
26212Curve.prototype.validate = function (Q) {
26213 // Check Q != O
26214 assert(!this.isInfinity(Q), 'Point is at infinity')
26215 assert(this.isOnCurve(Q), 'Point is not on the curve')
26216
26217 // Check nQ = O (where Q is a scalar multiple of G)
26218 var nQ = Q.multiply(this.n)
26219 assert(this.isInfinity(nQ), 'Point is not a scalar multiple of G')
26220
26221 return true
26222}
26223
26224module.exports = Curve
26225
26226},{"./point":186,"assert":15,"bigi":154}],183:[function(require,module,exports){
26227module.exports={
26228 "secp128r1": {
26229 "p": "fffffffdffffffffffffffffffffffff",
26230 "a": "fffffffdfffffffffffffffffffffffc",
26231 "b": "e87579c11079f43dd824993c2cee5ed3",
26232 "n": "fffffffe0000000075a30d1b9038a115",
26233 "h": "01",
26234 "Gx": "161ff7528b899b2d0c28607ca52c5b86",
26235 "Gy": "cf5ac8395bafeb13c02da292dded7a83"
26236 },
26237 "secp160k1": {
26238 "p": "fffffffffffffffffffffffffffffffeffffac73",
26239 "a": "00",
26240 "b": "07",
26241 "n": "0100000000000000000001b8fa16dfab9aca16b6b3",
26242 "h": "01",
26243 "Gx": "3b4c382ce37aa192a4019e763036f4f5dd4d7ebb",
26244 "Gy": "938cf935318fdced6bc28286531733c3f03c4fee"
26245 },
26246 "secp160r1": {
26247 "p": "ffffffffffffffffffffffffffffffff7fffffff",
26248 "a": "ffffffffffffffffffffffffffffffff7ffffffc",
26249 "b": "1c97befc54bd7a8b65acf89f81d4d4adc565fa45",
26250 "n": "0100000000000000000001f4c8f927aed3ca752257",
26251 "h": "01",
26252 "Gx": "4a96b5688ef573284664698968c38bb913cbfc82",
26253 "Gy": "23a628553168947d59dcc912042351377ac5fb32"
26254 },
26255 "secp192k1": {
26256 "p": "fffffffffffffffffffffffffffffffffffffffeffffee37",
26257 "a": "00",
26258 "b": "03",
26259 "n": "fffffffffffffffffffffffe26f2fc170f69466a74defd8d",
26260 "h": "01",
26261 "Gx": "db4ff10ec057e9ae26b07d0280b7f4341da5d1b1eae06c7d",
26262 "Gy": "9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d"
26263 },
26264 "secp192r1": {
26265 "p": "fffffffffffffffffffffffffffffffeffffffffffffffff",
26266 "a": "fffffffffffffffffffffffffffffffefffffffffffffffc",
26267 "b": "64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1",
26268 "n": "ffffffffffffffffffffffff99def836146bc9b1b4d22831",
26269 "h": "01",
26270 "Gx": "188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012",
26271 "Gy": "07192b95ffc8da78631011ed6b24cdd573f977a11e794811"
26272 },
26273 "secp256k1": {
26274 "p": "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f",
26275 "a": "00",
26276 "b": "07",
26277 "n": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141",
26278 "h": "01",
26279 "Gx": "79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798",
26280 "Gy": "483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8"
26281 },
26282 "secp256r1": {
26283 "p": "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
26284 "a": "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc",
26285 "b": "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b",
26286 "n": "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
26287 "h": "01",
26288 "Gx": "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
26289 "Gy": "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5"
26290 }
26291}
26292
26293},{}],184:[function(require,module,exports){
26294var Point = require('./point')
26295var Curve = require('./curve')
26296
26297var getCurveByName = require('./names')
26298
26299module.exports = {
26300 Curve: Curve,
26301 Point: Point,
26302 getCurveByName: getCurveByName
26303}
26304
26305},{"./curve":182,"./names":185,"./point":186}],185:[function(require,module,exports){
26306var BigInteger = require('bigi')
26307
26308var curves = require('./curves.json')
26309var Curve = require('./curve')
26310
26311function getCurveByName (name) {
26312 var curve = curves[name]
26313 if (!curve) return null
26314
26315 var p = new BigInteger(curve.p, 16)
26316 var a = new BigInteger(curve.a, 16)
26317 var b = new BigInteger(curve.b, 16)
26318 var n = new BigInteger(curve.n, 16)
26319 var h = new BigInteger(curve.h, 16)
26320 var Gx = new BigInteger(curve.Gx, 16)
26321 var Gy = new BigInteger(curve.Gy, 16)
26322
26323 return new Curve(p, a, b, Gx, Gy, n, h)
26324}
26325
26326module.exports = getCurveByName
26327
26328},{"./curve":182,"./curves.json":183,"bigi":154}],186:[function(require,module,exports){
26329var assert = require('assert')
26330var Buffer = require('safe-buffer').Buffer
26331var BigInteger = require('bigi')
26332
26333var THREE = BigInteger.valueOf(3)
26334
26335function Point (curve, x, y, z) {
26336 assert.notStrictEqual(z, undefined, 'Missing Z coordinate')
26337
26338 this.curve = curve
26339 this.x = x
26340 this.y = y
26341 this.z = z
26342 this._zInv = null
26343
26344 this.compressed = true
26345}
26346
26347Object.defineProperty(Point.prototype, 'zInv', {
26348 get: function () {
26349 if (this._zInv === null) {
26350 this._zInv = this.z.modInverse(this.curve.p)
26351 }
26352
26353 return this._zInv
26354 }
26355})
26356
26357Object.defineProperty(Point.prototype, 'affineX', {
26358 get: function () {
26359 return this.x.multiply(this.zInv).mod(this.curve.p)
26360 }
26361})
26362
26363Object.defineProperty(Point.prototype, 'affineY', {
26364 get: function () {
26365 return this.y.multiply(this.zInv).mod(this.curve.p)
26366 }
26367})
26368
26369Point.fromAffine = function (curve, x, y) {
26370 return new Point(curve, x, y, BigInteger.ONE)
26371}
26372
26373Point.prototype.equals = function (other) {
26374 if (other === this) return true
26375 if (this.curve.isInfinity(this)) return this.curve.isInfinity(other)
26376 if (this.curve.isInfinity(other)) return this.curve.isInfinity(this)
26377
26378 // u = Y2 * Z1 - Y1 * Z2
26379 var u = other.y.multiply(this.z).subtract(this.y.multiply(other.z)).mod(this.curve.p)
26380
26381 if (u.signum() !== 0) return false
26382
26383 // v = X2 * Z1 - X1 * Z2
26384 var v = other.x.multiply(this.z).subtract(this.x.multiply(other.z)).mod(this.curve.p)
26385
26386 return v.signum() === 0
26387}
26388
26389Point.prototype.negate = function () {
26390 var y = this.curve.p.subtract(this.y)
26391
26392 return new Point(this.curve, this.x, y, this.z)
26393}
26394
26395Point.prototype.add = function (b) {
26396 if (this.curve.isInfinity(this)) return b
26397 if (this.curve.isInfinity(b)) return this
26398
26399 var x1 = this.x
26400 var y1 = this.y
26401 var x2 = b.x
26402 var y2 = b.y
26403
26404 // u = Y2 * Z1 - Y1 * Z2
26405 var u = y2.multiply(this.z).subtract(y1.multiply(b.z)).mod(this.curve.p)
26406 // v = X2 * Z1 - X1 * Z2
26407 var v = x2.multiply(this.z).subtract(x1.multiply(b.z)).mod(this.curve.p)
26408
26409 if (v.signum() === 0) {
26410 if (u.signum() === 0) {
26411 return this.twice() // this == b, so double
26412 }
26413
26414 return this.curve.infinity // this = -b, so infinity
26415 }
26416
26417 var v2 = v.square()
26418 var v3 = v2.multiply(v)
26419 var x1v2 = x1.multiply(v2)
26420 var zu2 = u.square().multiply(this.z)
26421
26422 // x3 = v * (z2 * (z1 * u^2 - 2 * x1 * v^2) - v^3)
26423 var x3 = zu2.subtract(x1v2.shiftLeft(1)).multiply(b.z).subtract(v3).multiply(v).mod(this.curve.p)
26424 // y3 = z2 * (3 * x1 * u * v^2 - y1 * v^3 - z1 * u^3) + u * v^3
26425 var y3 = x1v2.multiply(THREE).multiply(u).subtract(y1.multiply(v3)).subtract(zu2.multiply(u)).multiply(b.z).add(u.multiply(v3)).mod(this.curve.p)
26426 // z3 = v^3 * z1 * z2
26427 var z3 = v3.multiply(this.z).multiply(b.z).mod(this.curve.p)
26428
26429 return new Point(this.curve, x3, y3, z3)
26430}
26431
26432Point.prototype.twice = function () {
26433 if (this.curve.isInfinity(this)) return this
26434 if (this.y.signum() === 0) return this.curve.infinity
26435
26436 var x1 = this.x
26437 var y1 = this.y
26438
26439 var y1z1 = y1.multiply(this.z).mod(this.curve.p)
26440 var y1sqz1 = y1z1.multiply(y1).mod(this.curve.p)
26441 var a = this.curve.a
26442
26443 // w = 3 * x1^2 + a * z1^2
26444 var w = x1.square().multiply(THREE)
26445
26446 if (a.signum() !== 0) {
26447 w = w.add(this.z.square().multiply(a))
26448 }
26449
26450 w = w.mod(this.curve.p)
26451 // x3 = 2 * y1 * z1 * (w^2 - 8 * x1 * y1^2 * z1)
26452 var x3 = w.square().subtract(x1.shiftLeft(3).multiply(y1sqz1)).shiftLeft(1).multiply(y1z1).mod(this.curve.p)
26453 // y3 = 4 * y1^2 * z1 * (3 * w * x1 - 2 * y1^2 * z1) - w^3
26454 var y3 = w.multiply(THREE).multiply(x1).subtract(y1sqz1.shiftLeft(1)).shiftLeft(2).multiply(y1sqz1).subtract(w.pow(3)).mod(this.curve.p)
26455 // z3 = 8 * (y1 * z1)^3
26456 var z3 = y1z1.pow(3).shiftLeft(3).mod(this.curve.p)
26457
26458 return new Point(this.curve, x3, y3, z3)
26459}
26460
26461// Simple NAF (Non-Adjacent Form) multiplication algorithm
26462// TODO: modularize the multiplication algorithm
26463Point.prototype.multiply = function (k) {
26464 if (this.curve.isInfinity(this)) return this
26465 if (k.signum() === 0) return this.curve.infinity
26466
26467 var e = k
26468 var h = e.multiply(THREE)
26469
26470 var neg = this.negate()
26471 var R = this
26472
26473 for (var i = h.bitLength() - 2; i > 0; --i) {
26474 var hBit = h.testBit(i)
26475 var eBit = e.testBit(i)
26476
26477 R = R.twice()
26478
26479 if (hBit !== eBit) {
26480 R = R.add(hBit ? this : neg)
26481 }
26482 }
26483
26484 return R
26485}
26486
26487// Compute this*j + x*k (simultaneous multiplication)
26488Point.prototype.multiplyTwo = function (j, x, k) {
26489 var i = Math.max(j.bitLength(), k.bitLength()) - 1
26490 var R = this.curve.infinity
26491 var both = this.add(x)
26492
26493 while (i >= 0) {
26494 var jBit = j.testBit(i)
26495 var kBit = k.testBit(i)
26496
26497 R = R.twice()
26498
26499 if (jBit) {
26500 if (kBit) {
26501 R = R.add(both)
26502 } else {
26503 R = R.add(this)
26504 }
26505 } else if (kBit) {
26506 R = R.add(x)
26507 }
26508 --i
26509 }
26510
26511 return R
26512}
26513
26514Point.prototype.getEncoded = function (compressed) {
26515 if (compressed == null) compressed = this.compressed
26516 if (this.curve.isInfinity(this)) return Buffer.alloc(1, 0) // Infinity point encoded is simply '00'
26517
26518 var x = this.affineX
26519 var y = this.affineY
26520 var byteLength = this.curve.pLength
26521 var buffer
26522
26523 // 0x02/0x03 | X
26524 if (compressed) {
26525 buffer = Buffer.allocUnsafe(1 + byteLength)
26526 buffer.writeUInt8(y.isEven() ? 0x02 : 0x03, 0)
26527
26528 // 0x04 | X | Y
26529 } else {
26530 buffer = Buffer.allocUnsafe(1 + byteLength + byteLength)
26531 buffer.writeUInt8(0x04, 0)
26532
26533 y.toBuffer(byteLength).copy(buffer, 1 + byteLength)
26534 }
26535
26536 x.toBuffer(byteLength).copy(buffer, 1)
26537
26538 return buffer
26539}
26540
26541Point.decodeFrom = function (curve, buffer) {
26542 var type = buffer.readUInt8(0)
26543 var compressed = (type !== 4)
26544
26545 var byteLength = Math.floor((curve.p.bitLength() + 7) / 8)
26546 var x = BigInteger.fromBuffer(buffer.slice(1, 1 + byteLength))
26547
26548 var Q
26549 if (compressed) {
26550 assert.equal(buffer.length, byteLength + 1, 'Invalid sequence length')
26551 assert(type === 0x02 || type === 0x03, 'Invalid sequence tag')
26552
26553 var isOdd = (type === 0x03)
26554 Q = curve.pointFromX(isOdd, x)
26555 } else {
26556 assert.equal(buffer.length, 1 + byteLength + byteLength, 'Invalid sequence length')
26557
26558 var y = BigInteger.fromBuffer(buffer.slice(1 + byteLength))
26559 Q = Point.fromAffine(curve, x, y)
26560 }
26561
26562 Q.compressed = compressed
26563 return Q
26564}
26565
26566Point.prototype.toString = function () {
26567 if (this.curve.isInfinity(this)) return '(INFINITY)'
26568
26569 return '(' + this.affineX.toString() + ',' + this.affineY.toString() + ')'
26570}
26571
26572module.exports = Point
26573
26574},{"assert":15,"bigi":154,"safe-buffer":193}],187:[function(require,module,exports){
26575var Buffer = require('safe-buffer').Buffer
26576var MD5 = require('md5.js')
26577
26578/* eslint-disable camelcase */
26579function EVP_BytesToKey (password, salt, keyBits, ivLen) {
26580 if (!Buffer.isBuffer(password)) password = Buffer.from(password, 'binary')
26581 if (salt) {
26582 if (!Buffer.isBuffer(salt)) salt = Buffer.from(salt, 'binary')
26583 if (salt.length !== 8) throw new RangeError('salt should be Buffer with 8 byte length')
26584 }
26585
26586 var keyLen = keyBits / 8
26587 var key = Buffer.alloc(keyLen)
26588 var iv = Buffer.alloc(ivLen || 0)
26589 var tmp = Buffer.alloc(0)
26590
26591 while (keyLen > 0 || ivLen > 0) {
26592 var hash = new MD5()
26593 hash.update(tmp)
26594 hash.update(password)
26595 if (salt) hash.update(salt)
26596 tmp = hash.digest()
26597
26598 var used = 0
26599
26600 if (keyLen > 0) {
26601 var keyStart = key.length - keyLen
26602 used = Math.min(keyLen, tmp.length)
26603 tmp.copy(key, keyStart, 0, used)
26604 keyLen -= used
26605 }
26606
26607 if (used < tmp.length && ivLen > 0) {
26608 var ivStart = iv.length - ivLen
26609 var length = Math.min(ivLen, tmp.length - used)
26610 tmp.copy(iv, ivStart, used, used + length)
26611 ivLen -= length
26612 }
26613 }
26614
26615 tmp.fill(0)
26616 return { key: key, iv: iv }
26617}
26618
26619module.exports = EVP_BytesToKey
26620
26621},{"md5.js":190,"safe-buffer":193}],188:[function(require,module,exports){
26622arguments[4][85][0].apply(exports,arguments)
26623},{"buffer":47,"dup":85,"inherits":189,"stream":143}],189:[function(require,module,exports){
26624arguments[4][95][0].apply(exports,arguments)
26625},{"dup":95}],190:[function(require,module,exports){
26626(function (Buffer){
26627'use strict'
26628var inherits = require('inherits')
26629var HashBase = require('hash-base')
26630
26631var ARRAY16 = new Array(16)
26632
26633function MD5 () {
26634 HashBase.call(this, 64)
26635
26636 // state
26637 this._a = 0x67452301
26638 this._b = 0xefcdab89
26639 this._c = 0x98badcfe
26640 this._d = 0x10325476
26641}
26642
26643inherits(MD5, HashBase)
26644
26645MD5.prototype._update = function () {
26646 var M = ARRAY16
26647 for (var i = 0; i < 16; ++i) M[i] = this._block.readInt32LE(i * 4)
26648
26649 var a = this._a
26650 var b = this._b
26651 var c = this._c
26652 var d = this._d
26653
26654 a = fnF(a, b, c, d, M[0], 0xd76aa478, 7)
26655 d = fnF(d, a, b, c, M[1], 0xe8c7b756, 12)
26656 c = fnF(c, d, a, b, M[2], 0x242070db, 17)
26657 b = fnF(b, c, d, a, M[3], 0xc1bdceee, 22)
26658 a = fnF(a, b, c, d, M[4], 0xf57c0faf, 7)
26659 d = fnF(d, a, b, c, M[5], 0x4787c62a, 12)
26660 c = fnF(c, d, a, b, M[6], 0xa8304613, 17)
26661 b = fnF(b, c, d, a, M[7], 0xfd469501, 22)
26662 a = fnF(a, b, c, d, M[8], 0x698098d8, 7)
26663 d = fnF(d, a, b, c, M[9], 0x8b44f7af, 12)
26664 c = fnF(c, d, a, b, M[10], 0xffff5bb1, 17)
26665 b = fnF(b, c, d, a, M[11], 0x895cd7be, 22)
26666 a = fnF(a, b, c, d, M[12], 0x6b901122, 7)
26667 d = fnF(d, a, b, c, M[13], 0xfd987193, 12)
26668 c = fnF(c, d, a, b, M[14], 0xa679438e, 17)
26669 b = fnF(b, c, d, a, M[15], 0x49b40821, 22)
26670
26671 a = fnG(a, b, c, d, M[1], 0xf61e2562, 5)
26672 d = fnG(d, a, b, c, M[6], 0xc040b340, 9)
26673 c = fnG(c, d, a, b, M[11], 0x265e5a51, 14)
26674 b = fnG(b, c, d, a, M[0], 0xe9b6c7aa, 20)
26675 a = fnG(a, b, c, d, M[5], 0xd62f105d, 5)
26676 d = fnG(d, a, b, c, M[10], 0x02441453, 9)
26677 c = fnG(c, d, a, b, M[15], 0xd8a1e681, 14)
26678 b = fnG(b, c, d, a, M[4], 0xe7d3fbc8, 20)
26679 a = fnG(a, b, c, d, M[9], 0x21e1cde6, 5)
26680 d = fnG(d, a, b, c, M[14], 0xc33707d6, 9)
26681 c = fnG(c, d, a, b, M[3], 0xf4d50d87, 14)
26682 b = fnG(b, c, d, a, M[8], 0x455a14ed, 20)
26683 a = fnG(a, b, c, d, M[13], 0xa9e3e905, 5)
26684 d = fnG(d, a, b, c, M[2], 0xfcefa3f8, 9)
26685 c = fnG(c, d, a, b, M[7], 0x676f02d9, 14)
26686 b = fnG(b, c, d, a, M[12], 0x8d2a4c8a, 20)
26687
26688 a = fnH(a, b, c, d, M[5], 0xfffa3942, 4)
26689 d = fnH(d, a, b, c, M[8], 0x8771f681, 11)
26690 c = fnH(c, d, a, b, M[11], 0x6d9d6122, 16)
26691 b = fnH(b, c, d, a, M[14], 0xfde5380c, 23)
26692 a = fnH(a, b, c, d, M[1], 0xa4beea44, 4)
26693 d = fnH(d, a, b, c, M[4], 0x4bdecfa9, 11)
26694 c = fnH(c, d, a, b, M[7], 0xf6bb4b60, 16)
26695 b = fnH(b, c, d, a, M[10], 0xbebfbc70, 23)
26696 a = fnH(a, b, c, d, M[13], 0x289b7ec6, 4)
26697 d = fnH(d, a, b, c, M[0], 0xeaa127fa, 11)
26698 c = fnH(c, d, a, b, M[3], 0xd4ef3085, 16)
26699 b = fnH(b, c, d, a, M[6], 0x04881d05, 23)
26700 a = fnH(a, b, c, d, M[9], 0xd9d4d039, 4)
26701 d = fnH(d, a, b, c, M[12], 0xe6db99e5, 11)
26702 c = fnH(c, d, a, b, M[15], 0x1fa27cf8, 16)
26703 b = fnH(b, c, d, a, M[2], 0xc4ac5665, 23)
26704
26705 a = fnI(a, b, c, d, M[0], 0xf4292244, 6)
26706 d = fnI(d, a, b, c, M[7], 0x432aff97, 10)
26707 c = fnI(c, d, a, b, M[14], 0xab9423a7, 15)
26708 b = fnI(b, c, d, a, M[5], 0xfc93a039, 21)
26709 a = fnI(a, b, c, d, M[12], 0x655b59c3, 6)
26710 d = fnI(d, a, b, c, M[3], 0x8f0ccc92, 10)
26711 c = fnI(c, d, a, b, M[10], 0xffeff47d, 15)
26712 b = fnI(b, c, d, a, M[1], 0x85845dd1, 21)
26713 a = fnI(a, b, c, d, M[8], 0x6fa87e4f, 6)
26714 d = fnI(d, a, b, c, M[15], 0xfe2ce6e0, 10)
26715 c = fnI(c, d, a, b, M[6], 0xa3014314, 15)
26716 b = fnI(b, c, d, a, M[13], 0x4e0811a1, 21)
26717 a = fnI(a, b, c, d, M[4], 0xf7537e82, 6)
26718 d = fnI(d, a, b, c, M[11], 0xbd3af235, 10)
26719 c = fnI(c, d, a, b, M[2], 0x2ad7d2bb, 15)
26720 b = fnI(b, c, d, a, M[9], 0xeb86d391, 21)
26721
26722 this._a = (this._a + a) | 0
26723 this._b = (this._b + b) | 0
26724 this._c = (this._c + c) | 0
26725 this._d = (this._d + d) | 0
26726}
26727
26728MD5.prototype._digest = function () {
26729 // create padding and handle blocks
26730 this._block[this._blockOffset++] = 0x80
26731 if (this._blockOffset > 56) {
26732 this._block.fill(0, this._blockOffset, 64)
26733 this._update()
26734 this._blockOffset = 0
26735 }
26736
26737 this._block.fill(0, this._blockOffset, 56)
26738 this._block.writeUInt32LE(this._length[0], 56)
26739 this._block.writeUInt32LE(this._length[1], 60)
26740 this._update()
26741
26742 // produce result
26743 var buffer = new Buffer(16)
26744 buffer.writeInt32LE(this._a, 0)
26745 buffer.writeInt32LE(this._b, 4)
26746 buffer.writeInt32LE(this._c, 8)
26747 buffer.writeInt32LE(this._d, 12)
26748 return buffer
26749}
26750
26751function rotl (x, n) {
26752 return (x << n) | (x >>> (32 - n))
26753}
26754
26755function fnF (a, b, c, d, m, k, s) {
26756 return (rotl((a + ((b & c) | ((~b) & d)) + m + k) | 0, s) + b) | 0
26757}
26758
26759function fnG (a, b, c, d, m, k, s) {
26760 return (rotl((a + ((b & d) | (c & (~d))) + m + k) | 0, s) + b) | 0
26761}
26762
26763function fnH (a, b, c, d, m, k, s) {
26764 return (rotl((a + (b ^ c ^ d) + m + k) | 0, s) + b) | 0
26765}
26766
26767function fnI (a, b, c, d, m, k, s) {
26768 return (rotl((a + ((c ^ (b | (~d)))) + m + k) | 0, s) + b) | 0
26769}
26770
26771module.exports = MD5
26772
26773}).call(this,require("buffer").Buffer)
26774},{"buffer":47,"hash-base":191,"inherits":189}],191:[function(require,module,exports){
26775'use strict'
26776var Buffer = require('safe-buffer').Buffer
26777var Transform = require('stream').Transform
26778var inherits = require('inherits')
26779
26780function throwIfNotStringOrBuffer (val, prefix) {
26781 if (!Buffer.isBuffer(val) && typeof val !== 'string') {
26782 throw new TypeError(prefix + ' must be a string or a buffer')
26783 }
26784}
26785
26786function HashBase (blockSize) {
26787 Transform.call(this)
26788
26789 this._block = Buffer.allocUnsafe(blockSize)
26790 this._blockSize = blockSize
26791 this._blockOffset = 0
26792 this._length = [0, 0, 0, 0]
26793
26794 this._finalized = false
26795}
26796
26797inherits(HashBase, Transform)
26798
26799HashBase.prototype._transform = function (chunk, encoding, callback) {
26800 var error = null
26801 try {
26802 this.update(chunk, encoding)
26803 } catch (err) {
26804 error = err
26805 }
26806
26807 callback(error)
26808}
26809
26810HashBase.prototype._flush = function (callback) {
26811 var error = null
26812 try {
26813 this.push(this.digest())
26814 } catch (err) {
26815 error = err
26816 }
26817
26818 callback(error)
26819}
26820
26821HashBase.prototype.update = function (data, encoding) {
26822 throwIfNotStringOrBuffer(data, 'Data')
26823 if (this._finalized) throw new Error('Digest already called')
26824 if (!Buffer.isBuffer(data)) data = Buffer.from(data, encoding)
26825
26826 // consume data
26827 var block = this._block
26828 var offset = 0
26829 while (this._blockOffset + data.length - offset >= this._blockSize) {
26830 for (var i = this._blockOffset; i < this._blockSize;) block[i++] = data[offset++]
26831 this._update()
26832 this._blockOffset = 0
26833 }
26834 while (offset < data.length) block[this._blockOffset++] = data[offset++]
26835
26836 // update length
26837 for (var j = 0, carry = data.length * 8; carry > 0; ++j) {
26838 this._length[j] += carry
26839 carry = (this._length[j] / 0x0100000000) | 0
26840 if (carry > 0) this._length[j] -= 0x0100000000 * carry
26841 }
26842
26843 return this
26844}
26845
26846HashBase.prototype._update = function () {
26847 throw new Error('_update is not implemented')
26848}
26849
26850HashBase.prototype.digest = function (encoding) {
26851 if (this._finalized) throw new Error('Digest already called')
26852 this._finalized = true
26853
26854 var digest = this._digest()
26855 if (encoding !== undefined) digest = digest.toString(encoding)
26856
26857 // reset state
26858 this._block.fill(0)
26859 this._blockOffset = 0
26860 for (var i = 0; i < 4; ++i) this._length[i] = 0
26861
26862 return digest
26863}
26864
26865HashBase.prototype._digest = function () {
26866 throw new Error('_digest is not implemented')
26867}
26868
26869module.exports = HashBase
26870
26871},{"inherits":189,"safe-buffer":193,"stream":143}],192:[function(require,module,exports){
26872arguments[4][133][0].apply(exports,arguments)
26873},{"buffer":47,"dup":133,"hash-base":188,"inherits":189}],193:[function(require,module,exports){
26874/* eslint-disable node/no-deprecated-api */
26875var buffer = require('buffer')
26876var Buffer = buffer.Buffer
26877
26878// alternative to using Object.keys for old browsers
26879function copyProps (src, dst) {
26880 for (var key in src) {
26881 dst[key] = src[key]
26882 }
26883}
26884if (Buffer.from && Buffer.alloc && Buffer.allocUnsafe && Buffer.allocUnsafeSlow) {
26885 module.exports = buffer
26886} else {
26887 // Copy properties from require('buffer')
26888 copyProps(buffer, exports)
26889 exports.Buffer = SafeBuffer
26890}
26891
26892function SafeBuffer (arg, encodingOrOffset, length) {
26893 return Buffer(arg, encodingOrOffset, length)
26894}
26895
26896// Copy static methods from Buffer
26897copyProps(Buffer, SafeBuffer)
26898
26899SafeBuffer.from = function (arg, encodingOrOffset, length) {
26900 if (typeof arg === 'number') {
26901 throw new TypeError('Argument must not be a number')
26902 }
26903 return Buffer(arg, encodingOrOffset, length)
26904}
26905
26906SafeBuffer.alloc = function (size, fill, encoding) {
26907 if (typeof size !== 'number') {
26908 throw new TypeError('Argument must be a number')
26909 }
26910 var buf = Buffer(size)
26911 if (fill !== undefined) {
26912 if (typeof encoding === 'string') {
26913 buf.fill(fill, encoding)
26914 } else {
26915 buf.fill(fill)
26916 }
26917 } else {
26918 buf.fill(0)
26919 }
26920 return buf
26921}
26922
26923SafeBuffer.allocUnsafe = function (size) {
26924 if (typeof size !== 'number') {
26925 throw new TypeError('Argument must be a number')
26926 }
26927 return Buffer(size)
26928}
26929
26930SafeBuffer.allocUnsafeSlow = function (size) {
26931 if (typeof size !== 'number') {
26932 throw new TypeError('Argument must be a number')
26933 }
26934 return buffer.SlowBuffer(size)
26935}
26936
26937},{"buffer":47}],194:[function(require,module,exports){
26938(function (Buffer){
26939var crypto = require('crypto')
26940/* eslint-disable camelcase */
26941
26942var MAX_VALUE = 0x7fffffff
26943
26944// N = Cpu cost, r = Memory cost, p = parallelization cost
26945function scrypt (key, salt, N, r, p, dkLen, progressCallback) {
26946 if (N === 0 || (N & (N - 1)) !== 0) throw Error('N must be > 0 and a power of 2')
26947
26948 if (N > MAX_VALUE / 128 / r) throw Error('Parameter N is too large')
26949 if (r > MAX_VALUE / 128 / p) throw Error('Parameter r is too large')
26950
26951 var XY = new Buffer(256 * r)
26952 var V = new Buffer(128 * r * N)
26953
26954 // pseudo global
26955 var B32 = new Int32Array(16) // salsa20_8
26956 var x = new Int32Array(16) // salsa20_8
26957 var _X = new Buffer(64) // blockmix_salsa8
26958
26959 // pseudo global
26960 var B = crypto.pbkdf2Sync(key, salt, 1, p * 128 * r, 'sha256')
26961
26962 var tickCallback
26963 if (progressCallback) {
26964 var totalOps = p * N * 2
26965 var currentOp = 0
26966
26967 tickCallback = function () {
26968 ++currentOp
26969
26970 // send progress notifications once every 1,000 ops
26971 if (currentOp % 1000 === 0) {
26972 progressCallback({
26973 current: currentOp,
26974 total: totalOps,
26975 percent: (currentOp / totalOps) * 100.0
26976 })
26977 }
26978 }
26979 }
26980
26981 for (var i = 0; i < p; i++) {
26982 smix(B, i * 128 * r, r, N, V, XY)
26983 }
26984
26985 return crypto.pbkdf2Sync(key, B, 1, dkLen, 'sha256')
26986
26987 // all of these functions are actually moved to the top
26988 // due to function hoisting
26989
26990 function smix (B, Bi, r, N, V, XY) {
26991 var Xi = 0
26992 var Yi = 128 * r
26993 var i
26994
26995 B.copy(XY, Xi, Bi, Bi + Yi)
26996
26997 for (i = 0; i < N; i++) {
26998 XY.copy(V, i * Yi, Xi, Xi + Yi)
26999 blockmix_salsa8(XY, Xi, Yi, r)
27000
27001 if (tickCallback) tickCallback()
27002 }
27003
27004 for (i = 0; i < N; i++) {
27005 var offset = Xi + (2 * r - 1) * 64
27006 var j = XY.readUInt32LE(offset) & (N - 1)
27007 blockxor(V, j * Yi, XY, Xi, Yi)
27008 blockmix_salsa8(XY, Xi, Yi, r)
27009
27010 if (tickCallback) tickCallback()
27011 }
27012
27013 XY.copy(B, Bi, Xi, Xi + Yi)
27014 }
27015
27016 function blockmix_salsa8 (BY, Bi, Yi, r) {
27017 var i
27018
27019 arraycopy(BY, Bi + (2 * r - 1) * 64, _X, 0, 64)
27020
27021 for (i = 0; i < 2 * r; i++) {
27022 blockxor(BY, i * 64, _X, 0, 64)
27023 salsa20_8(_X)
27024 arraycopy(_X, 0, BY, Yi + (i * 64), 64)
27025 }
27026
27027 for (i = 0; i < r; i++) {
27028 arraycopy(BY, Yi + (i * 2) * 64, BY, Bi + (i * 64), 64)
27029 }
27030
27031 for (i = 0; i < r; i++) {
27032 arraycopy(BY, Yi + (i * 2 + 1) * 64, BY, Bi + (i + r) * 64, 64)
27033 }
27034 }
27035
27036 function R (a, b) {
27037 return (a << b) | (a >>> (32 - b))
27038 }
27039
27040 function salsa20_8 (B) {
27041 var i
27042
27043 for (i = 0; i < 16; i++) {
27044 B32[i] = (B[i * 4 + 0] & 0xff) << 0
27045 B32[i] |= (B[i * 4 + 1] & 0xff) << 8
27046 B32[i] |= (B[i * 4 + 2] & 0xff) << 16
27047 B32[i] |= (B[i * 4 + 3] & 0xff) << 24
27048 // B32[i] = B.readUInt32LE(i*4) <--- this is signficantly slower even in Node.js
27049 }
27050
27051 arraycopy(B32, 0, x, 0, 16)
27052
27053 for (i = 8; i > 0; i -= 2) {
27054 x[4] ^= R(x[0] + x[12], 7)
27055 x[8] ^= R(x[4] + x[0], 9)
27056 x[12] ^= R(x[8] + x[4], 13)
27057 x[0] ^= R(x[12] + x[8], 18)
27058 x[9] ^= R(x[5] + x[1], 7)
27059 x[13] ^= R(x[9] + x[5], 9)
27060 x[1] ^= R(x[13] + x[9], 13)
27061 x[5] ^= R(x[1] + x[13], 18)
27062 x[14] ^= R(x[10] + x[6], 7)
27063 x[2] ^= R(x[14] + x[10], 9)
27064 x[6] ^= R(x[2] + x[14], 13)
27065 x[10] ^= R(x[6] + x[2], 18)
27066 x[3] ^= R(x[15] + x[11], 7)
27067 x[7] ^= R(x[3] + x[15], 9)
27068 x[11] ^= R(x[7] + x[3], 13)
27069 x[15] ^= R(x[11] + x[7], 18)
27070 x[1] ^= R(x[0] + x[3], 7)
27071 x[2] ^= R(x[1] + x[0], 9)
27072 x[3] ^= R(x[2] + x[1], 13)
27073 x[0] ^= R(x[3] + x[2], 18)
27074 x[6] ^= R(x[5] + x[4], 7)
27075 x[7] ^= R(x[6] + x[5], 9)
27076 x[4] ^= R(x[7] + x[6], 13)
27077 x[5] ^= R(x[4] + x[7], 18)
27078 x[11] ^= R(x[10] + x[9], 7)
27079 x[8] ^= R(x[11] + x[10], 9)
27080 x[9] ^= R(x[8] + x[11], 13)
27081 x[10] ^= R(x[9] + x[8], 18)
27082 x[12] ^= R(x[15] + x[14], 7)
27083 x[13] ^= R(x[12] + x[15], 9)
27084 x[14] ^= R(x[13] + x[12], 13)
27085 x[15] ^= R(x[14] + x[13], 18)
27086 }
27087
27088 for (i = 0; i < 16; ++i) B32[i] = x[i] + B32[i]
27089
27090 for (i = 0; i < 16; i++) {
27091 var bi = i * 4
27092 B[bi + 0] = (B32[i] >> 0 & 0xff)
27093 B[bi + 1] = (B32[i] >> 8 & 0xff)
27094 B[bi + 2] = (B32[i] >> 16 & 0xff)
27095 B[bi + 3] = (B32[i] >> 24 & 0xff)
27096 // B.writeInt32LE(B32[i], i*4) //<--- this is signficantly slower even in Node.js
27097 }
27098 }
27099
27100 // naive approach... going back to loop unrolling may yield additional performance
27101 function blockxor (S, Si, D, Di, len) {
27102 for (var i = 0; i < len; i++) {
27103 D[Di + i] ^= S[Si + i]
27104 }
27105 }
27106}
27107
27108function arraycopy (src, srcPos, dest, destPos, length) {
27109 if (Buffer.isBuffer(src) && Buffer.isBuffer(dest)) {
27110 src.copy(dest, destPos, srcPos, srcPos + length)
27111 } else {
27112 while (length--) {
27113 dest[destPos++] = src[srcPos++]
27114 }
27115 }
27116}
27117
27118module.exports = scrypt
27119
27120}).call(this,require("buffer").Buffer)
27121},{"buffer":47,"crypto":56}],195:[function(require,module,exports){
27122var Buffer = require('safe-buffer').Buffer
27123
27124// prototype class for hash functions
27125function Hash (blockSize, finalSize) {
27126 this._block = Buffer.alloc(blockSize)
27127 this._finalSize = finalSize
27128 this._blockSize = blockSize
27129 this._len = 0
27130}
27131
27132Hash.prototype.update = function (data, enc) {
27133 if (typeof data === 'string') {
27134 enc = enc || 'utf8'
27135 data = Buffer.from(data, enc)
27136 }
27137
27138 var block = this._block
27139 var blockSize = this._blockSize
27140 var length = data.length
27141 var accum = this._len
27142
27143 for (var offset = 0; offset < length;) {
27144 var assigned = accum % blockSize
27145 var remainder = Math.min(length - offset, blockSize - assigned)
27146
27147 for (var i = 0; i < remainder; i++) {
27148 block[assigned + i] = data[offset + i]
27149 }
27150
27151 accum += remainder
27152 offset += remainder
27153
27154 if ((accum % blockSize) === 0) {
27155 this._update(block)
27156 }
27157 }
27158
27159 this._len += length
27160 return this
27161}
27162
27163Hash.prototype.digest = function (enc) {
27164 var rem = this._len % this._blockSize
27165
27166 this._block[rem] = 0x80
27167
27168 // zero (rem + 1) trailing bits, where (rem + 1) is the smallest
27169 // non-negative solution to the equation (length + 1 + (rem + 1)) === finalSize mod blockSize
27170 this._block.fill(0, rem + 1)
27171
27172 if (rem >= this._finalSize) {
27173 this._update(this._block)
27174 this._block.fill(0)
27175 }
27176
27177 var bits = this._len * 8
27178
27179 // uint32
27180 if (bits <= 0xffffffff) {
27181 this._block.writeUInt32BE(bits, this._blockSize - 4)
27182
27183 // uint64
27184 } else {
27185 var lowBits = (bits & 0xffffffff) >>> 0
27186 var highBits = (bits - lowBits) / 0x100000000
27187
27188 this._block.writeUInt32BE(highBits, this._blockSize - 8)
27189 this._block.writeUInt32BE(lowBits, this._blockSize - 4)
27190 }
27191
27192 this._update(this._block)
27193 var hash = this._hash()
27194
27195 return enc ? hash.toString(enc) : hash
27196}
27197
27198Hash.prototype._update = function () {
27199 throw new Error('_update must be implemented by subclass')
27200}
27201
27202module.exports = Hash
27203
27204},{"safe-buffer":193}],196:[function(require,module,exports){
27205arguments[4][136][0].apply(exports,arguments)
27206},{"./sha":197,"./sha1":198,"./sha224":199,"./sha256":200,"./sha384":201,"./sha512":202,"dup":136}],197:[function(require,module,exports){
27207/*
27208 * A JavaScript implementation of the Secure Hash Algorithm, SHA-0, as defined
27209 * in FIPS PUB 180-1
27210 * This source code is derived from sha1.js of the same repository.
27211 * The difference between SHA-0 and SHA-1 is just a bitwise rotate left
27212 * operation was added.
27213 */
27214
27215var inherits = require('inherits')
27216var Hash = require('./hash')
27217var Buffer = require('safe-buffer').Buffer
27218
27219var K = [
27220 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc | 0, 0xca62c1d6 | 0
27221]
27222
27223var W = new Array(80)
27224
27225function Sha () {
27226 this.init()
27227 this._w = W
27228
27229 Hash.call(this, 64, 56)
27230}
27231
27232inherits(Sha, Hash)
27233
27234Sha.prototype.init = function () {
27235 this._a = 0x67452301
27236 this._b = 0xefcdab89
27237 this._c = 0x98badcfe
27238 this._d = 0x10325476
27239 this._e = 0xc3d2e1f0
27240
27241 return this
27242}
27243
27244function rotl5 (num) {
27245 return (num << 5) | (num >>> 27)
27246}
27247
27248function rotl30 (num) {
27249 return (num << 30) | (num >>> 2)
27250}
27251
27252function ft (s, b, c, d) {
27253 if (s === 0) return (b & c) | ((~b) & d)
27254 if (s === 2) return (b & c) | (b & d) | (c & d)
27255 return b ^ c ^ d
27256}
27257
27258Sha.prototype._update = function (M) {
27259 var W = this._w
27260
27261 var a = this._a | 0
27262 var b = this._b | 0
27263 var c = this._c | 0
27264 var d = this._d | 0
27265 var e = this._e | 0
27266
27267 for (var i = 0; i < 16; ++i) W[i] = M.readInt32BE(i * 4)
27268 for (; i < 80; ++i) W[i] = W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16]
27269
27270 for (var j = 0; j < 80; ++j) {
27271 var s = ~~(j / 20)
27272 var t = (rotl5(a) + ft(s, b, c, d) + e + W[j] + K[s]) | 0
27273
27274 e = d
27275 d = c
27276 c = rotl30(b)
27277 b = a
27278 a = t
27279 }
27280
27281 this._a = (a + this._a) | 0
27282 this._b = (b + this._b) | 0
27283 this._c = (c + this._c) | 0
27284 this._d = (d + this._d) | 0
27285 this._e = (e + this._e) | 0
27286}
27287
27288Sha.prototype._hash = function () {
27289 var H = Buffer.allocUnsafe(20)
27290
27291 H.writeInt32BE(this._a | 0, 0)
27292 H.writeInt32BE(this._b | 0, 4)
27293 H.writeInt32BE(this._c | 0, 8)
27294 H.writeInt32BE(this._d | 0, 12)
27295 H.writeInt32BE(this._e | 0, 16)
27296
27297 return H
27298}
27299
27300module.exports = Sha
27301
27302},{"./hash":195,"inherits":189,"safe-buffer":193}],198:[function(require,module,exports){
27303/*
27304 * A JavaScript implementation of the Secure Hash Algorithm, SHA-1, as defined
27305 * in FIPS PUB 180-1
27306 * Version 2.1a Copyright Paul Johnston 2000 - 2002.
27307 * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
27308 * Distributed under the BSD License
27309 * See http://pajhome.org.uk/crypt/md5 for details.
27310 */
27311
27312var inherits = require('inherits')
27313var Hash = require('./hash')
27314var Buffer = require('safe-buffer').Buffer
27315
27316var K = [
27317 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc | 0, 0xca62c1d6 | 0
27318]
27319
27320var W = new Array(80)
27321
27322function Sha1 () {
27323 this.init()
27324 this._w = W
27325
27326 Hash.call(this, 64, 56)
27327}
27328
27329inherits(Sha1, Hash)
27330
27331Sha1.prototype.init = function () {
27332 this._a = 0x67452301
27333 this._b = 0xefcdab89
27334 this._c = 0x98badcfe
27335 this._d = 0x10325476
27336 this._e = 0xc3d2e1f0
27337
27338 return this
27339}
27340
27341function rotl1 (num) {
27342 return (num << 1) | (num >>> 31)
27343}
27344
27345function rotl5 (num) {
27346 return (num << 5) | (num >>> 27)
27347}
27348
27349function rotl30 (num) {
27350 return (num << 30) | (num >>> 2)
27351}
27352
27353function ft (s, b, c, d) {
27354 if (s === 0) return (b & c) | ((~b) & d)
27355 if (s === 2) return (b & c) | (b & d) | (c & d)
27356 return b ^ c ^ d
27357}
27358
27359Sha1.prototype._update = function (M) {
27360 var W = this._w
27361
27362 var a = this._a | 0
27363 var b = this._b | 0
27364 var c = this._c | 0
27365 var d = this._d | 0
27366 var e = this._e | 0
27367
27368 for (var i = 0; i < 16; ++i) W[i] = M.readInt32BE(i * 4)
27369 for (; i < 80; ++i) W[i] = rotl1(W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16])
27370
27371 for (var j = 0; j < 80; ++j) {
27372 var s = ~~(j / 20)
27373 var t = (rotl5(a) + ft(s, b, c, d) + e + W[j] + K[s]) | 0
27374
27375 e = d
27376 d = c
27377 c = rotl30(b)
27378 b = a
27379 a = t
27380 }
27381
27382 this._a = (a + this._a) | 0
27383 this._b = (b + this._b) | 0
27384 this._c = (c + this._c) | 0
27385 this._d = (d + this._d) | 0
27386 this._e = (e + this._e) | 0
27387}
27388
27389Sha1.prototype._hash = function () {
27390 var H = Buffer.allocUnsafe(20)
27391
27392 H.writeInt32BE(this._a | 0, 0)
27393 H.writeInt32BE(this._b | 0, 4)
27394 H.writeInt32BE(this._c | 0, 8)
27395 H.writeInt32BE(this._d | 0, 12)
27396 H.writeInt32BE(this._e | 0, 16)
27397
27398 return H
27399}
27400
27401module.exports = Sha1
27402
27403},{"./hash":195,"inherits":189,"safe-buffer":193}],199:[function(require,module,exports){
27404/**
27405 * A JavaScript implementation of the Secure Hash Algorithm, SHA-256, as defined
27406 * in FIPS 180-2
27407 * Version 2.2-beta Copyright Angel Marin, Paul Johnston 2000 - 2009.
27408 * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
27409 *
27410 */
27411
27412var inherits = require('inherits')
27413var Sha256 = require('./sha256')
27414var Hash = require('./hash')
27415var Buffer = require('safe-buffer').Buffer
27416
27417var W = new Array(64)
27418
27419function Sha224 () {
27420 this.init()
27421
27422 this._w = W // new Array(64)
27423
27424 Hash.call(this, 64, 56)
27425}
27426
27427inherits(Sha224, Sha256)
27428
27429Sha224.prototype.init = function () {
27430 this._a = 0xc1059ed8
27431 this._b = 0x367cd507
27432 this._c = 0x3070dd17
27433 this._d = 0xf70e5939
27434 this._e = 0xffc00b31
27435 this._f = 0x68581511
27436 this._g = 0x64f98fa7
27437 this._h = 0xbefa4fa4
27438
27439 return this
27440}
27441
27442Sha224.prototype._hash = function () {
27443 var H = Buffer.allocUnsafe(28)
27444
27445 H.writeInt32BE(this._a, 0)
27446 H.writeInt32BE(this._b, 4)
27447 H.writeInt32BE(this._c, 8)
27448 H.writeInt32BE(this._d, 12)
27449 H.writeInt32BE(this._e, 16)
27450 H.writeInt32BE(this._f, 20)
27451 H.writeInt32BE(this._g, 24)
27452
27453 return H
27454}
27455
27456module.exports = Sha224
27457
27458},{"./hash":195,"./sha256":200,"inherits":189,"safe-buffer":193}],200:[function(require,module,exports){
27459/**
27460 * A JavaScript implementation of the Secure Hash Algorithm, SHA-256, as defined
27461 * in FIPS 180-2
27462 * Version 2.2-beta Copyright Angel Marin, Paul Johnston 2000 - 2009.
27463 * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
27464 *
27465 */
27466
27467var inherits = require('inherits')
27468var Hash = require('./hash')
27469var Buffer = require('safe-buffer').Buffer
27470
27471var K = [
27472 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
27473 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
27474 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
27475 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
27476 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
27477 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
27478 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
27479 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
27480 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
27481 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
27482 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
27483 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
27484 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
27485 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
27486 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
27487 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2
27488]
27489
27490var W = new Array(64)
27491
27492function Sha256 () {
27493 this.init()
27494
27495 this._w = W // new Array(64)
27496
27497 Hash.call(this, 64, 56)
27498}
27499
27500inherits(Sha256, Hash)
27501
27502Sha256.prototype.init = function () {
27503 this._a = 0x6a09e667
27504 this._b = 0xbb67ae85
27505 this._c = 0x3c6ef372
27506 this._d = 0xa54ff53a
27507 this._e = 0x510e527f
27508 this._f = 0x9b05688c
27509 this._g = 0x1f83d9ab
27510 this._h = 0x5be0cd19
27511
27512 return this
27513}
27514
27515function ch (x, y, z) {
27516 return z ^ (x & (y ^ z))
27517}
27518
27519function maj (x, y, z) {
27520 return (x & y) | (z & (x | y))
27521}
27522
27523function sigma0 (x) {
27524 return (x >>> 2 | x << 30) ^ (x >>> 13 | x << 19) ^ (x >>> 22 | x << 10)
27525}
27526
27527function sigma1 (x) {
27528 return (x >>> 6 | x << 26) ^ (x >>> 11 | x << 21) ^ (x >>> 25 | x << 7)
27529}
27530
27531function gamma0 (x) {
27532 return (x >>> 7 | x << 25) ^ (x >>> 18 | x << 14) ^ (x >>> 3)
27533}
27534
27535function gamma1 (x) {
27536 return (x >>> 17 | x << 15) ^ (x >>> 19 | x << 13) ^ (x >>> 10)
27537}
27538
27539Sha256.prototype._update = function (M) {
27540 var W = this._w
27541
27542 var a = this._a | 0
27543 var b = this._b | 0
27544 var c = this._c | 0
27545 var d = this._d | 0
27546 var e = this._e | 0
27547 var f = this._f | 0
27548 var g = this._g | 0
27549 var h = this._h | 0
27550
27551 for (var i = 0; i < 16; ++i) W[i] = M.readInt32BE(i * 4)
27552 for (; i < 64; ++i) W[i] = (gamma1(W[i - 2]) + W[i - 7] + gamma0(W[i - 15]) + W[i - 16]) | 0
27553
27554 for (var j = 0; j < 64; ++j) {
27555 var T1 = (h + sigma1(e) + ch(e, f, g) + K[j] + W[j]) | 0
27556 var T2 = (sigma0(a) + maj(a, b, c)) | 0
27557
27558 h = g
27559 g = f
27560 f = e
27561 e = (d + T1) | 0
27562 d = c
27563 c = b
27564 b = a
27565 a = (T1 + T2) | 0
27566 }
27567
27568 this._a = (a + this._a) | 0
27569 this._b = (b + this._b) | 0
27570 this._c = (c + this._c) | 0
27571 this._d = (d + this._d) | 0
27572 this._e = (e + this._e) | 0
27573 this._f = (f + this._f) | 0
27574 this._g = (g + this._g) | 0
27575 this._h = (h + this._h) | 0
27576}
27577
27578Sha256.prototype._hash = function () {
27579 var H = Buffer.allocUnsafe(32)
27580
27581 H.writeInt32BE(this._a, 0)
27582 H.writeInt32BE(this._b, 4)
27583 H.writeInt32BE(this._c, 8)
27584 H.writeInt32BE(this._d, 12)
27585 H.writeInt32BE(this._e, 16)
27586 H.writeInt32BE(this._f, 20)
27587 H.writeInt32BE(this._g, 24)
27588 H.writeInt32BE(this._h, 28)
27589
27590 return H
27591}
27592
27593module.exports = Sha256
27594
27595},{"./hash":195,"inherits":189,"safe-buffer":193}],201:[function(require,module,exports){
27596var inherits = require('inherits')
27597var SHA512 = require('./sha512')
27598var Hash = require('./hash')
27599var Buffer = require('safe-buffer').Buffer
27600
27601var W = new Array(160)
27602
27603function Sha384 () {
27604 this.init()
27605 this._w = W
27606
27607 Hash.call(this, 128, 112)
27608}
27609
27610inherits(Sha384, SHA512)
27611
27612Sha384.prototype.init = function () {
27613 this._ah = 0xcbbb9d5d
27614 this._bh = 0x629a292a
27615 this._ch = 0x9159015a
27616 this._dh = 0x152fecd8
27617 this._eh = 0x67332667
27618 this._fh = 0x8eb44a87
27619 this._gh = 0xdb0c2e0d
27620 this._hh = 0x47b5481d
27621
27622 this._al = 0xc1059ed8
27623 this._bl = 0x367cd507
27624 this._cl = 0x3070dd17
27625 this._dl = 0xf70e5939
27626 this._el = 0xffc00b31
27627 this._fl = 0x68581511
27628 this._gl = 0x64f98fa7
27629 this._hl = 0xbefa4fa4
27630
27631 return this
27632}
27633
27634Sha384.prototype._hash = function () {
27635 var H = Buffer.allocUnsafe(48)
27636
27637 function writeInt64BE (h, l, offset) {
27638 H.writeInt32BE(h, offset)
27639 H.writeInt32BE(l, offset + 4)
27640 }
27641
27642 writeInt64BE(this._ah, this._al, 0)
27643 writeInt64BE(this._bh, this._bl, 8)
27644 writeInt64BE(this._ch, this._cl, 16)
27645 writeInt64BE(this._dh, this._dl, 24)
27646 writeInt64BE(this._eh, this._el, 32)
27647 writeInt64BE(this._fh, this._fl, 40)
27648
27649 return H
27650}
27651
27652module.exports = Sha384
27653
27654},{"./hash":195,"./sha512":202,"inherits":189,"safe-buffer":193}],202:[function(require,module,exports){
27655var inherits = require('inherits')
27656var Hash = require('./hash')
27657var Buffer = require('safe-buffer').Buffer
27658
27659var K = [
27660 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd,
27661 0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc,
27662 0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019,
27663 0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118,
27664 0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe,
27665 0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2,
27666 0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1,
27667 0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694,
27668 0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3,
27669 0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65,
27670 0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483,
27671 0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5,
27672 0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210,
27673 0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4,
27674 0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725,
27675 0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70,
27676 0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926,
27677 0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df,
27678 0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8,
27679 0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b,
27680 0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001,
27681 0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30,
27682 0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910,
27683 0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8,
27684 0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53,
27685 0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8,
27686 0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb,
27687 0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3,
27688 0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60,
27689 0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec,
27690 0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9,
27691 0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b,
27692 0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207,
27693 0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178,
27694 0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6,
27695 0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b,
27696 0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493,
27697 0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c,
27698 0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a,
27699 0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817
27700]
27701
27702var W = new Array(160)
27703
27704function Sha512 () {
27705 this.init()
27706 this._w = W
27707
27708 Hash.call(this, 128, 112)
27709}
27710
27711inherits(Sha512, Hash)
27712
27713Sha512.prototype.init = function () {
27714 this._ah = 0x6a09e667
27715 this._bh = 0xbb67ae85
27716 this._ch = 0x3c6ef372
27717 this._dh = 0xa54ff53a
27718 this._eh = 0x510e527f
27719 this._fh = 0x9b05688c
27720 this._gh = 0x1f83d9ab
27721 this._hh = 0x5be0cd19
27722
27723 this._al = 0xf3bcc908
27724 this._bl = 0x84caa73b
27725 this._cl = 0xfe94f82b
27726 this._dl = 0x5f1d36f1
27727 this._el = 0xade682d1
27728 this._fl = 0x2b3e6c1f
27729 this._gl = 0xfb41bd6b
27730 this._hl = 0x137e2179
27731
27732 return this
27733}
27734
27735function Ch (x, y, z) {
27736 return z ^ (x & (y ^ z))
27737}
27738
27739function maj (x, y, z) {
27740 return (x & y) | (z & (x | y))
27741}
27742
27743function sigma0 (x, xl) {
27744 return (x >>> 28 | xl << 4) ^ (xl >>> 2 | x << 30) ^ (xl >>> 7 | x << 25)
27745}
27746
27747function sigma1 (x, xl) {
27748 return (x >>> 14 | xl << 18) ^ (x >>> 18 | xl << 14) ^ (xl >>> 9 | x << 23)
27749}
27750
27751function Gamma0 (x, xl) {
27752 return (x >>> 1 | xl << 31) ^ (x >>> 8 | xl << 24) ^ (x >>> 7)
27753}
27754
27755function Gamma0l (x, xl) {
27756 return (x >>> 1 | xl << 31) ^ (x >>> 8 | xl << 24) ^ (x >>> 7 | xl << 25)
27757}
27758
27759function Gamma1 (x, xl) {
27760 return (x >>> 19 | xl << 13) ^ (xl >>> 29 | x << 3) ^ (x >>> 6)
27761}
27762
27763function Gamma1l (x, xl) {
27764 return (x >>> 19 | xl << 13) ^ (xl >>> 29 | x << 3) ^ (x >>> 6 | xl << 26)
27765}
27766
27767function getCarry (a, b) {
27768 return (a >>> 0) < (b >>> 0) ? 1 : 0
27769}
27770
27771Sha512.prototype._update = function (M) {
27772 var W = this._w
27773
27774 var ah = this._ah | 0
27775 var bh = this._bh | 0
27776 var ch = this._ch | 0
27777 var dh = this._dh | 0
27778 var eh = this._eh | 0
27779 var fh = this._fh | 0
27780 var gh = this._gh | 0
27781 var hh = this._hh | 0
27782
27783 var al = this._al | 0
27784 var bl = this._bl | 0
27785 var cl = this._cl | 0
27786 var dl = this._dl | 0
27787 var el = this._el | 0
27788 var fl = this._fl | 0
27789 var gl = this._gl | 0
27790 var hl = this._hl | 0
27791
27792 for (var i = 0; i < 32; i += 2) {
27793 W[i] = M.readInt32BE(i * 4)
27794 W[i + 1] = M.readInt32BE(i * 4 + 4)
27795 }
27796 for (; i < 160; i += 2) {
27797 var xh = W[i - 15 * 2]
27798 var xl = W[i - 15 * 2 + 1]
27799 var gamma0 = Gamma0(xh, xl)
27800 var gamma0l = Gamma0l(xl, xh)
27801
27802 xh = W[i - 2 * 2]
27803 xl = W[i - 2 * 2 + 1]
27804 var gamma1 = Gamma1(xh, xl)
27805 var gamma1l = Gamma1l(xl, xh)
27806
27807 // W[i] = gamma0 + W[i - 7] + gamma1 + W[i - 16]
27808 var Wi7h = W[i - 7 * 2]
27809 var Wi7l = W[i - 7 * 2 + 1]
27810
27811 var Wi16h = W[i - 16 * 2]
27812 var Wi16l = W[i - 16 * 2 + 1]
27813
27814 var Wil = (gamma0l + Wi7l) | 0
27815 var Wih = (gamma0 + Wi7h + getCarry(Wil, gamma0l)) | 0
27816 Wil = (Wil + gamma1l) | 0
27817 Wih = (Wih + gamma1 + getCarry(Wil, gamma1l)) | 0
27818 Wil = (Wil + Wi16l) | 0
27819 Wih = (Wih + Wi16h + getCarry(Wil, Wi16l)) | 0
27820
27821 W[i] = Wih
27822 W[i + 1] = Wil
27823 }
27824
27825 for (var j = 0; j < 160; j += 2) {
27826 Wih = W[j]
27827 Wil = W[j + 1]
27828
27829 var majh = maj(ah, bh, ch)
27830 var majl = maj(al, bl, cl)
27831
27832 var sigma0h = sigma0(ah, al)
27833 var sigma0l = sigma0(al, ah)
27834 var sigma1h = sigma1(eh, el)
27835 var sigma1l = sigma1(el, eh)
27836
27837 // t1 = h + sigma1 + ch + K[j] + W[j]
27838 var Kih = K[j]
27839 var Kil = K[j + 1]
27840
27841 var chh = Ch(eh, fh, gh)
27842 var chl = Ch(el, fl, gl)
27843
27844 var t1l = (hl + sigma1l) | 0
27845 var t1h = (hh + sigma1h + getCarry(t1l, hl)) | 0
27846 t1l = (t1l + chl) | 0
27847 t1h = (t1h + chh + getCarry(t1l, chl)) | 0
27848 t1l = (t1l + Kil) | 0
27849 t1h = (t1h + Kih + getCarry(t1l, Kil)) | 0
27850 t1l = (t1l + Wil) | 0
27851 t1h = (t1h + Wih + getCarry(t1l, Wil)) | 0
27852
27853 // t2 = sigma0 + maj
27854 var t2l = (sigma0l + majl) | 0
27855 var t2h = (sigma0h + majh + getCarry(t2l, sigma0l)) | 0
27856
27857 hh = gh
27858 hl = gl
27859 gh = fh
27860 gl = fl
27861 fh = eh
27862 fl = el
27863 el = (dl + t1l) | 0
27864 eh = (dh + t1h + getCarry(el, dl)) | 0
27865 dh = ch
27866 dl = cl
27867 ch = bh
27868 cl = bl
27869 bh = ah
27870 bl = al
27871 al = (t1l + t2l) | 0
27872 ah = (t1h + t2h + getCarry(al, t1l)) | 0
27873 }
27874
27875 this._al = (this._al + al) | 0
27876 this._bl = (this._bl + bl) | 0
27877 this._cl = (this._cl + cl) | 0
27878 this._dl = (this._dl + dl) | 0
27879 this._el = (this._el + el) | 0
27880 this._fl = (this._fl + fl) | 0
27881 this._gl = (this._gl + gl) | 0
27882 this._hl = (this._hl + hl) | 0
27883
27884 this._ah = (this._ah + ah + getCarry(this._al, al)) | 0
27885 this._bh = (this._bh + bh + getCarry(this._bl, bl)) | 0
27886 this._ch = (this._ch + ch + getCarry(this._cl, cl)) | 0
27887 this._dh = (this._dh + dh + getCarry(this._dl, dl)) | 0
27888 this._eh = (this._eh + eh + getCarry(this._el, el)) | 0
27889 this._fh = (this._fh + fh + getCarry(this._fl, fl)) | 0
27890 this._gh = (this._gh + gh + getCarry(this._gl, gl)) | 0
27891 this._hh = (this._hh + hh + getCarry(this._hl, hl)) | 0
27892}
27893
27894Sha512.prototype._hash = function () {
27895 var H = Buffer.allocUnsafe(64)
27896
27897 function writeInt64BE (h, l, offset) {
27898 H.writeInt32BE(h, offset)
27899 H.writeInt32BE(l, offset + 4)
27900 }
27901
27902 writeInt64BE(this._ah, this._al, 0)
27903 writeInt64BE(this._bh, this._bl, 8)
27904 writeInt64BE(this._ch, this._cl, 16)
27905 writeInt64BE(this._dh, this._dl, 24)
27906 writeInt64BE(this._eh, this._el, 32)
27907 writeInt64BE(this._fh, this._fl, 40)
27908 writeInt64BE(this._gh, this._gl, 48)
27909 writeInt64BE(this._hh, this._hl, 56)
27910
27911 return H
27912}
27913
27914module.exports = Sha512
27915
27916},{"./hash":195,"inherits":189,"safe-buffer":193}]},{},[150])(150)
5b689bd6 27917});
A web tool for converting BIP39 mnemonic codes