aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorIan Coleman <coleman.ian@gmail.com>2014-09-18 11:01:19 +1000
committerIan Coleman <coleman.ian@gmail.com>2014-09-18 11:01:19 +1000
commitebd8d4e8b526477edf6190ba1fb9d56a6dbcf2ae (patch)
treefb206546b829e151a1d6cc2516bd45919e47499b /src
downloadBIP39-ebd8d4e8b526477edf6190ba1fb9d56a6dbcf2ae.tar.gz
BIP39-ebd8d4e8b526477edf6190ba1fb9d56a6dbcf2ae.tar.zst
BIP39-ebd8d4e8b526477edf6190ba1fb9d56a6dbcf2ae.zip
Move from private repo
Diffstat (limited to 'src')
-rw-r--r--src/index.html257
-rw-r--r--src/js/asmcrypto.js7467
-rw-r--r--src/js/bitcoinjs-1-0-0.js14463
-rw-r--r--src/js/index.js337
-rw-r--r--src/js/jsbip39.js386
5 files changed, 22910 insertions, 0 deletions
diff --git a/src/index.html b/src/index.html
new file mode 100644
index 0000000..a6ac95b
--- /dev/null
+++ b/src/index.html
@@ -0,0 +1,257 @@
1<!DOCTYPE html>
2<html>
3 <head lang="en">
4 <meta charset="utf-8" />
5 <title>BIP39 - Mnemonic Code</title>
6 <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css">
7 <meta content="Mnemonic code for generating deterministic keys" name="description"/>
8 <meta content="width=device-width, initial-scale=1.0" name="viewport" />
9 <meta content="bitcoin mnemonic converter" name="description" />
10 <meta content="DC POS" name="author" />
11
12 <style>
13 .feedback-container {
14 position: fixed;
15 top: 0;
16 width: 100%;
17 text-align: center;
18 z-index: 4;
19 }
20 .feedback {
21 display: table;
22 padding: 0.5em 1em;
23 background-color: orange;
24 margin: 0 auto;
25 font-size: 2em;
26 color: #444;
27 border: 2px solid #555;
28 border-top: 0;
29 border-bottom-left-radius: 20px 20px;
30 border-bottom-right-radius: 20px 20px;
31 }
32 </style>
33 </head>
34 <body>
35 <div class="container">
36
37 <h1 class="text-center">Mnemonic Code Converter</h1>
38 <hr>
39 <div class="row">
40 <div class="col-md-12">
41 <h2>Phrase</h2>
42 <form class="form-horizontal" role="form">
43 <div class="col-sm-2"></div>
44 <div class="col-sm-10">
45 <p>For more info see the <a href="https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki" target="_blank">BIP39 spec</a></p>
46 </div>
47 <div class="form-group">
48 <label for="phrase" class="col-sm-2 control-label">BIP39 Phrase</label>
49 <div class="col-sm-10">
50 <textarea id="phrase" class="phrase form-control"></textarea>
51 </div>
52 </div>
53 <div class="form-group">
54 <label for="strength" class="col-sm-2 control-label">Number of words</label>
55 <div class="col-sm-10">
56 <div class="input-group">
57 <input type="number" class="strength form-control" id="strength" value="12">
58 <span class="input-group-btn">
59 <button class="btn generate">Generate Random Phrase</button>
60 </span>
61 </div>
62 </div>
63 </div>
64 <div class="form-group">
65 <label for="root-key" class="col-sm-2 control-label">BIP32 Root Key</label>
66 <div class="col-sm-10">
67 <textarea id="root-key" class="root-key form-control" disabled="disabled"></textarea>
68 </div>
69 </div>
70 </form>
71 </div>
72 </div>
73
74 <hr>
75
76 <div class="row">
77 <div class="col-md-12">
78 <h2>Derivation Path</h2>
79 <ul class="derivation-type nav nav-tabs" role="tablist">
80 <li class="active">
81 <a href="#bip44" role="tab" data-toggle="tab">BIP44</a></li>
82 <li><a href="#bip32" role="tab" data-toggle="tab">BIP32</a></li>
83 </ul>
84 <div class="derivation-type tab-content">
85 <div id="bip44" class="tab-pane active">
86 <form class="form-horizontal" role="form">
87 <br>
88 <div class="col-sm-2"></div>
89 <div class="col-sm-10">
90 <p>For more info see the <a href="https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki" target="_blank">BIP44 spec</a></p>
91 </div>
92 <div class="form-group">
93 <label for="purpose" class="col-sm-2 control-label">
94 <a href="https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki#purpose" target="_blank">Purpose</a>
95 </label>
96 <div class="col-sm-10">
97 <input id="purpose" type="text" class="purpose form-control" value="44">
98 </div>
99 </div>
100 <div class="form-group">
101 <label for="coin" class="col-sm-2 control-label">
102 <a href="https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki#registered-coin-types" target="_blank">Coin</a>
103 </label>
104 <div class="col-sm-10">
105 <input id="coin" type="text" class="coin form-control" value="0">
106 </div>
107 </div>
108 <div class="form-group">
109 <label for="account" class="col-sm-2 control-label">
110 <a href="https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki#account" target="_blank">Account</a>
111 </label>
112 <div class="col-sm-10">
113 <input id="account" type="text" class="account form-control" value="0">
114 </div>
115 </div>
116 <div class="form-group">
117 <label for="change" class="col-sm-2 control-label">
118 <a href="https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki#change" target="_blank">External / Internal</a>
119 </label>
120 <div class="col-sm-10">
121 <input id="change" type="text" class="change form-control" value="0">
122 </div>
123 </div>
124 <div class="form-group">
125 <label for="bip44-path" class="col-sm-2 control-label">BIP32 Derivation Path</label>
126 <div class="col-sm-10">
127 <input id="bip44-path" type="text" class="path form-control" value="m/44'/0'/0'/0" disabled="disabled">
128 </div>
129 </div>
130 </form>
131 </div>
132 <div id="bip32" class="tab-pane">
133 <form class="form-horizontal" role="form">
134 <br>
135 <div class="col-sm-2"></div>
136 <div class="col-sm-10">
137 <p>For more info see the <a href="https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki" target="_blank">BIP32 spec</a></p>
138 </div>
139 <div class="form-group">
140 <label for="bip32-path" class="col-sm-2 control-label">BIP32 Derivation Path</label>
141 <div class="col-sm-10">
142 <input id="bip32-path" type="text" class="path form-control" value="m/0">
143 </div>
144 </div>
145 </form>
146 </div>
147 </div>
148 <form class="form-horizontal" role="form">
149 <div class="form-group">
150 <label for="extended-priv-key" class="col-sm-2 control-label">BIP32 Extended Key</label>
151 <div class="col-sm-10">
152 <textarea id="extended-priv-key" class="extended-priv-key form-control" disabled="disabled"></textarea>
153 </div>
154 </div>
155 <div class="form-group">
156 <label for="extended-pub-key" class="col-sm-2 control-label">BIP32 Extended Key (addresses only)</label>
157 <div class="col-sm-10">
158 <textarea id="extended-pub-key" class="extended-pub-key form-control" disabled="disabled"></textarea>
159 </div>
160 </div>
161 </form>
162 </div>
163 </div>
164
165 <hr>
166
167 <div class="row">
168 <div class="col-md-12">
169 <h2>Derived Addresses</h2>
170 <p>Note these addreses are derived from the <strong>BIP32 Extended Key</strong></p>
171 <table class="table table-striped">
172 <thead>
173 <th>
174 <div class="input-group">
175 Index&nbsp;&nbsp;
176 <button class="index-toggle">Toggle</button>
177 </div>
178 </th>
179 <th>
180 <div class="input-group">
181 Address&nbsp;&nbsp;
182 <button class="address-toggle">Toggle</button>
183 </div>
184 </th>
185 <th>
186 <div class="input-group">
187 Private Key&nbsp;&nbsp;
188 <button class="private-key-toggle">Toggle</button>
189 </div>
190 </th>
191 </thead>
192 <tbody class="addresses">
193 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
194 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
195 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
196 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
197 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
198 </tbody>
199 </table>
200 </div>
201 </div>
202 <span>Show next </button>
203 <input type="number" class="rows-to-add" value="20">
204 <button class="more">Show</button>
205
206 <hr>
207
208 <div class="row">
209 <div class="col-md-12">
210 <h2>More info</h2>
211 <h3>BIP39 <span class="small">Mnemonic code for generating deterministic keys</span></h3>
212 <p>
213 Read more at the
214 <a href="https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki">official BIP39 spec</a>
215 </p>
216 <h3>BIP32 <span class="small">Hierarchical Deterministic Wallets</span></h3>
217 <p>
218 Read more at the
219 <a href="https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki" target="_blank">official BIP32 spec</a>
220 and see the demo at
221 <a href="http://bip32.org/" target="_blank">bip32.org</a>
222 </p>
223 <h3>BIP44 <span class="small">Multi-Account Hierarchy for Deterministic Wallets</span></h3>
224 <p>
225 Read more at the
226 <a href="https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki" target="_blank">official BIP44 spec</a>
227 </p>
228 <h3>Private Keys</h3>
229 <p>
230 Use private keys at
231 <a href="https://brainwallet.github.io/" target="_blank">brainwallet.org</a>,
232 but be careful - it can be easy to make mistakes if you
233 don't know what you're doing
234 </p>
235 </div>
236 </div>
237 </div>
238
239 <div class="feedback-container">
240 <div class="feedback"></div>
241 </div>
242
243 <script type="text/template" id="address-row-template">
244 <tr>
245 <td class="index"><span></span></td>
246 <td class="address"><span></span></td>
247 <td class="privkey"><span></span></td>
248 </tr>
249 </script>
250 <script src="//ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
251 <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js"></script>
252 <script src="/js/bitcoinjs-1-0-0.js"></script>
253 <script src="/js/asmcrypto.js"></script>
254 <script src="/js/jsbip39.js"></script>
255 <script src="/js/index.js"></script>
256 </body>
257</html>
diff --git a/src/js/asmcrypto.js b/src/js/asmcrypto.js
new file mode 100644
index 0000000..6e5cd5f
--- /dev/null
+++ b/src/js/asmcrypto.js
@@ -0,0 +1,7467 @@
1// INCLUDE ASMCRYPTO
2// https://rawgit.com/tresorit/asmcrypto.js/598a1098504f1b2d0e615bc51dd8404afd2d338b/asmcrypto.js
3// Provides PBKDF2 functionality
4// It's faster than CryptoJS
5// Couldn't get SJCL working as desired
6
7
8(function(exports, global) {
9 "use strict";
10 global["asmCrypto"] = exports;
11 function string_to_bytes(str) {
12 var i, len = str.length, arr = new Uint8Array(len);
13 for (i = 0; i < len; i += 1) {
14 arr[i] = str.charCodeAt(i);
15 }
16 return arr;
17 }
18 function hex_to_bytes(str) {
19 var arr = [], len = str.length, i;
20 if (len & 1) {
21 str = "0" + str;
22 len++;
23 }
24 for (i = 0; i < len; i += 2) {
25 arr.push(parseInt(str.substr(i, 2), 16));
26 }
27 return new Uint8Array(arr);
28 }
29 function base64_to_bytes(str) {
30 return string_to_bytes(atob(str));
31 }
32 function bytes_to_string(arr) {
33 var str = "";
34 for (var i = 0; i < arr.length; i++) str += String.fromCharCode(arr[i]);
35 return str;
36 }
37 function bytes_to_hex(arr) {
38 var sz = (arr.byteLength || arr.length) / arr.length, str = "";
39 for (var i = 0; i < arr.length; i++) {
40 var h = arr[i].toString(16);
41 if (h.length < 2 * sz) str += "00000000000000".substr(0, 2 * sz - h.length);
42 str += h;
43 }
44 return str;
45 }
46 function bytes_to_base64(arr) {
47 return btoa(bytes_to_string(arr));
48 }
49 function pow2_ceil(a) {
50 a -= 1;
51 a |= a >>> 1;
52 a |= a >>> 2;
53 a |= a >>> 4;
54 a |= a >>> 8;
55 a |= a >>> 16;
56 a += 1;
57 return a;
58 }
59 function is_number(a) {
60 return typeof a === "number";
61 }
62 function is_string(a) {
63 return typeof a === "string";
64 }
65 function is_buffer(a) {
66 return a instanceof ArrayBuffer;
67 }
68 function is_bytes(a) {
69 return a instanceof Uint8Array;
70 }
71 function is_typed_array(a) {
72 return a instanceof Int8Array || a instanceof Uint8Array || a instanceof Int16Array || a instanceof Uint16Array || a instanceof Int32Array || a instanceof Uint32Array || a instanceof Float32Array || a instanceof Float64Array;
73 }
74 function IllegalStateError() {
75 Error.apply(this, arguments);
76 }
77 IllegalStateError.prototype = new Error();
78 function IllegalArgumentError() {
79 Error.apply(this, arguments);
80 }
81 IllegalArgumentError.prototype = new Error();
82 function SecurityError() {
83 Error.apply(this, arguments);
84 }
85 IllegalArgumentError.prototype = new Error();
86 var _aes_tables = [ 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118, 202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192, 183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21, 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117, 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132, 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207, 208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168, 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210, 205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115, 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219, 224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121, 231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8, 186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138, 112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158, 225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223, 140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22, 82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215, 251, 124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222, 233, 203, 84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66, 250, 195, 78, 8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73, 109, 139, 209, 37, 114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92, 204, 93, 101, 182, 146, 108, 112, 72, 80, 253, 237, 185, 218, 94, 21, 70, 87, 167, 141, 157, 132, 144, 216, 171, 0, 140, 188, 211, 10, 247, 228, 88, 5, 184, 179, 69, 6, 208, 44, 30, 143, 202, 63, 15, 2, 193, 175, 189, 3, 1, 19, 138, 107, 58, 145, 17, 65, 79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115, 150, 172, 116, 34, 231, 173, 53, 133, 226, 249, 55, 232, 28, 117, 223, 110, 71, 241, 26, 113, 29, 41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27, 252, 86, 62, 75, 198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244, 31, 221, 168, 51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95, 96, 81, 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239, 160, 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97, 23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, 125, 198, 248, 238, 246, 255, 214, 222, 145, 96, 2, 206, 86, 231, 181, 77, 236, 143, 31, 137, 250, 239, 178, 142, 251, 65, 179, 95, 69, 35, 83, 228, 155, 117, 225, 61, 76, 108, 126, 245, 131, 104, 81, 209, 249, 226, 171, 98, 42, 8, 149, 70, 157, 48, 55, 10, 47, 14, 36, 27, 223, 205, 78, 127, 234, 18, 29, 88, 52, 54, 220, 180, 91, 164, 118, 183, 125, 82, 221, 94, 19, 166, 185, 0, 193, 64, 227, 121, 182, 212, 141, 103, 114, 148, 152, 176, 133, 187, 197, 79, 237, 134, 154, 102, 17, 138, 233, 4, 254, 160, 120, 37, 75, 162, 93, 128, 5, 63, 33, 112, 241, 99, 119, 175, 66, 32, 229, 253, 191, 129, 24, 38, 195, 190, 53, 136, 46, 147, 85, 252, 122, 200, 186, 50, 230, 192, 25, 158, 163, 68, 84, 59, 11, 140, 199, 107, 40, 167, 188, 22, 173, 219, 100, 116, 20, 146, 12, 72, 184, 159, 189, 67, 196, 57, 49, 211, 242, 213, 139, 110, 218, 1, 177, 156, 73, 216, 172, 243, 207, 202, 244, 71, 16, 111, 240, 74, 92, 56, 87, 115, 151, 203, 161, 232, 62, 150, 97, 13, 15, 224, 124, 113, 204, 144, 6, 247, 28, 194, 106, 174, 105, 23, 153, 58, 39, 217, 235, 43, 34, 210, 169, 7, 51, 45, 60, 21, 201, 135, 170, 80, 165, 3, 89, 9, 26, 101, 215, 132, 208, 130, 41, 90, 30, 123, 168, 109, 44, 165, 132, 153, 141, 13, 189, 177, 84, 80, 3, 169, 125, 25, 98, 230, 154, 69, 157, 64, 135, 21, 235, 201, 11, 236, 103, 253, 234, 191, 247, 150, 91, 194, 28, 174, 106, 90, 65, 2, 79, 92, 244, 52, 8, 147, 115, 83, 63, 12, 82, 101, 94, 40, 161, 15, 181, 9, 54, 155, 61, 38, 105, 205, 159, 27, 158, 116, 46, 45, 178, 238, 251, 246, 77, 97, 206, 123, 62, 113, 151, 245, 104, 0, 44, 96, 31, 200, 237, 190, 70, 217, 75, 222, 212, 232, 74, 107, 42, 229, 22, 197, 215, 85, 148, 207, 16, 6, 129, 240, 68, 186, 227, 243, 254, 192, 138, 173, 188, 72, 4, 223, 193, 117, 99, 48, 26, 14, 109, 76, 20, 53, 47, 225, 162, 204, 57, 87, 242, 130, 71, 172, 231, 43, 149, 160, 152, 209, 127, 102, 126, 171, 131, 202, 41, 211, 60, 121, 226, 29, 118, 59, 86, 78, 30, 219, 10, 108, 228, 93, 110, 239, 166, 168, 164, 55, 139, 50, 67, 89, 183, 140, 100, 210, 224, 180, 250, 7, 37, 175, 142, 233, 24, 213, 136, 111, 114, 36, 241, 199, 81, 35, 124, 156, 33, 221, 220, 134, 133, 144, 66, 196, 170, 216, 5, 1, 18, 163, 95, 249, 208, 145, 88, 39, 185, 56, 19, 179, 51, 187, 112, 137, 167, 182, 34, 146, 32, 73, 255, 120, 122, 143, 248, 128, 23, 218, 49, 198, 184, 195, 176, 119, 17, 203, 252, 214, 58, 0, 9, 18, 27, 36, 45, 54, 63, 72, 65, 90, 83, 108, 101, 126, 119, 144, 153, 130, 139, 180, 189, 166, 175, 216, 209, 202, 195, 252, 245, 238, 231, 59, 50, 41, 32, 31, 22, 13, 4, 115, 122, 97, 104, 87, 94, 69, 76, 171, 162, 185, 176, 143, 134, 157, 148, 227, 234, 241, 248, 199, 206, 213, 220, 118, 127, 100, 109, 82, 91, 64, 73, 62, 55, 44, 37, 26, 19, 8, 1, 230, 239, 244, 253, 194, 203, 208, 217, 174, 167, 188, 181, 138, 131, 152, 145, 77, 68, 95, 86, 105, 96, 123, 114, 5, 12, 23, 30, 33, 40, 51, 58, 221, 212, 207, 198, 249, 240, 235, 226, 149, 156, 135, 142, 177, 184, 163, 170, 236, 229, 254, 247, 200, 193, 218, 211, 164, 173, 182, 191, 128, 137, 146, 155, 124, 117, 110, 103, 88, 81, 74, 67, 52, 61, 38, 47, 16, 25, 2, 11, 215, 222, 197, 204, 243, 250, 225, 232, 159, 150, 141, 132, 187, 178, 169, 160, 71, 78, 85, 92, 99, 106, 113, 120, 15, 6, 29, 20, 43, 34, 57, 48, 154, 147, 136, 129, 190, 183, 172, 165, 210, 219, 192, 201, 246, 255, 228, 237, 10, 3, 24, 17, 46, 39, 60, 53, 66, 75, 80, 89, 102, 111, 116, 125, 161, 168, 179, 186, 133, 140, 151, 158, 233, 224, 251, 242, 205, 196, 223, 214, 49, 56, 35, 42, 21, 28, 7, 14, 121, 112, 107, 98, 93, 84, 79, 70, 0, 11, 22, 29, 44, 39, 58, 49, 88, 83, 78, 69, 116, 127, 98, 105, 176, 187, 166, 173, 156, 151, 138, 129, 232, 227, 254, 245, 196, 207, 210, 217, 123, 112, 109, 102, 87, 92, 65, 74, 35, 40, 53, 62, 15, 4, 25, 18, 203, 192, 221, 214, 231, 236, 241, 250, 147, 152, 133, 142, 191, 180, 169, 162, 246, 253, 224, 235, 218, 209, 204, 199, 174, 165, 184, 179, 130, 137, 148, 159, 70, 77, 80, 91, 106, 97, 124, 119, 30, 21, 8, 3, 50, 57, 36, 47, 141, 134, 155, 144, 161, 170, 183, 188, 213, 222, 195, 200, 249, 242, 239, 228, 61, 54, 43, 32, 17, 26, 7, 12, 101, 110, 115, 120, 73, 66, 95, 84, 247, 252, 225, 234, 219, 208, 205, 198, 175, 164, 185, 178, 131, 136, 149, 158, 71, 76, 81, 90, 107, 96, 125, 118, 31, 20, 9, 2, 51, 56, 37, 46, 140, 135, 154, 145, 160, 171, 182, 189, 212, 223, 194, 201, 248, 243, 238, 229, 60, 55, 42, 33, 16, 27, 6, 13, 100, 111, 114, 121, 72, 67, 94, 85, 1, 10, 23, 28, 45, 38, 59, 48, 89, 82, 79, 68, 117, 126, 99, 104, 177, 186, 167, 172, 157, 150, 139, 128, 233, 226, 255, 244, 197, 206, 211, 216, 122, 113, 108, 103, 86, 93, 64, 75, 34, 41, 52, 63, 14, 5, 24, 19, 202, 193, 220, 215, 230, 237, 240, 251, 146, 153, 132, 143, 190, 181, 168, 163, 0, 13, 26, 23, 52, 57, 46, 35, 104, 101, 114, 127, 92, 81, 70, 75, 208, 221, 202, 199, 228, 233, 254, 243, 184, 181, 162, 175, 140, 129, 150, 155, 187, 182, 161, 172, 143, 130, 149, 152, 211, 222, 201, 196, 231, 234, 253, 240, 107, 102, 113, 124, 95, 82, 69, 72, 3, 14, 25, 20, 55, 58, 45, 32, 109, 96, 119, 122, 89, 84, 67, 78, 5, 8, 31, 18, 49, 60, 43, 38, 189, 176, 167, 170, 137, 132, 147, 158, 213, 216, 207, 194, 225, 236, 251, 246, 214, 219, 204, 193, 226, 239, 248, 245, 190, 179, 164, 169, 138, 135, 144, 157, 6, 11, 28, 17, 50, 63, 40, 37, 110, 99, 116, 121, 90, 87, 64, 77, 218, 215, 192, 205, 238, 227, 244, 249, 178, 191, 168, 165, 134, 139, 156, 145, 10, 7, 16, 29, 62, 51, 36, 41, 98, 111, 120, 117, 86, 91, 76, 65, 97, 108, 123, 118, 85, 88, 79, 66, 9, 4, 19, 30, 61, 48, 39, 42, 177, 188, 171, 166, 133, 136, 159, 146, 217, 212, 195, 206, 237, 224, 247, 250, 183, 186, 173, 160, 131, 142, 153, 148, 223, 210, 197, 200, 235, 230, 241, 252, 103, 106, 125, 112, 83, 94, 73, 68, 15, 2, 21, 24, 59, 54, 33, 44, 12, 1, 22, 27, 56, 53, 34, 47, 100, 105, 126, 115, 80, 93, 74, 71, 220, 209, 198, 203, 232, 229, 242, 255, 180, 185, 174, 163, 128, 141, 154, 151, 0, 14, 28, 18, 56, 54, 36, 42, 112, 126, 108, 98, 72, 70, 84, 90, 224, 238, 252, 242, 216, 214, 196, 202, 144, 158, 140, 130, 168, 166, 180, 186, 219, 213, 199, 201, 227, 237, 255, 241, 171, 165, 183, 185, 147, 157, 143, 129, 59, 53, 39, 41, 3, 13, 31, 17, 75, 69, 87, 89, 115, 125, 111, 97, 173, 163, 177, 191, 149, 155, 137, 135, 221, 211, 193, 207, 229, 235, 249, 247, 77, 67, 81, 95, 117, 123, 105, 103, 61, 51, 33, 47, 5, 11, 25, 23, 118, 120, 106, 100, 78, 64, 82, 92, 6, 8, 26, 20, 62, 48, 34, 44, 150, 152, 138, 132, 174, 160, 178, 188, 230, 232, 250, 244, 222, 208, 194, 204, 65, 79, 93, 83, 121, 119, 101, 107, 49, 63, 45, 35, 9, 7, 21, 27, 161, 175, 189, 179, 153, 151, 133, 139, 209, 223, 205, 195, 233, 231, 245, 251, 154, 148, 134, 136, 162, 172, 190, 176, 234, 228, 246, 248, 210, 220, 206, 192, 122, 116, 102, 104, 66, 76, 94, 80, 10, 4, 22, 24, 50, 60, 46, 32, 236, 226, 240, 254, 212, 218, 200, 198, 156, 146, 128, 142, 164, 170, 184, 182, 12, 2, 16, 30, 52, 58, 40, 38, 124, 114, 96, 110, 68, 74, 88, 86, 55, 57, 43, 37, 15, 1, 19, 29, 71, 73, 91, 85, 127, 113, 99, 109, 215, 217, 203, 197, 239, 225, 243, 253, 167, 169, 187, 181, 159, 145, 131, 141 ];
87 var _aes_heap_start = 2048;
88 function _aes_asm(stdlib, foreign, buffer) {
89 // Closure Compiler warning - commented out
90 //"use asm";
91 var S0 = 0, S1 = 0, S2 = 0, S3 = 0, S4 = 0, S5 = 0, S6 = 0, S7 = 0, S8 = 0, S9 = 0, SA = 0, SB = 0, SC = 0, SD = 0, SE = 0, SF = 0;
92 var keySize = 0;
93 var R00 = 0, R01 = 0, R02 = 0, R03 = 0, R04 = 0, R05 = 0, R06 = 0, R07 = 0, R08 = 0, R09 = 0, R0A = 0, R0B = 0, R0C = 0, R0D = 0, R0E = 0, R0F = 0, R10 = 0, R11 = 0, R12 = 0, R13 = 0, R14 = 0, R15 = 0, R16 = 0, R17 = 0, R18 = 0, R19 = 0, R1A = 0, R1B = 0, R1C = 0, R1D = 0, R1E = 0, R1F = 0, R20 = 0, R21 = 0, R22 = 0, R23 = 0, R24 = 0, R25 = 0, R26 = 0, R27 = 0, R28 = 0, R29 = 0, R2A = 0, R2B = 0, R2C = 0, R2D = 0, R2E = 0, R2F = 0, R30 = 0, R31 = 0, R32 = 0, R33 = 0, R34 = 0, R35 = 0, R36 = 0, R37 = 0, R38 = 0, R39 = 0, R3A = 0, R3B = 0, R3C = 0, R3D = 0, R3E = 0, R3F = 0, R40 = 0, R41 = 0, R42 = 0, R43 = 0, R44 = 0, R45 = 0, R46 = 0, R47 = 0, R48 = 0, R49 = 0, R4A = 0, R4B = 0, R4C = 0, R4D = 0, R4E = 0, R4F = 0, R50 = 0, R51 = 0, R52 = 0, R53 = 0, R54 = 0, R55 = 0, R56 = 0, R57 = 0, R58 = 0, R59 = 0, R5A = 0, R5B = 0, R5C = 0, R5D = 0, R5E = 0, R5F = 0, R60 = 0, R61 = 0, R62 = 0, R63 = 0, R64 = 0, R65 = 0, R66 = 0, R67 = 0, R68 = 0, R69 = 0, R6A = 0, R6B = 0, R6C = 0, R6D = 0, R6E = 0, R6F = 0, R70 = 0, R71 = 0, R72 = 0, R73 = 0, R74 = 0, R75 = 0, R76 = 0, R77 = 0, R78 = 0, R79 = 0, R7A = 0, R7B = 0, R7C = 0, R7D = 0, R7E = 0, R7F = 0, R80 = 0, R81 = 0, R82 = 0, R83 = 0, R84 = 0, R85 = 0, R86 = 0, R87 = 0, R88 = 0, R89 = 0, R8A = 0, R8B = 0, R8C = 0, R8D = 0, R8E = 0, R8F = 0, R90 = 0, R91 = 0, R92 = 0, R93 = 0, R94 = 0, R95 = 0, R96 = 0, R97 = 0, R98 = 0, R99 = 0, R9A = 0, R9B = 0, R9C = 0, R9D = 0, R9E = 0, R9F = 0, RA0 = 0, RA1 = 0, RA2 = 0, RA3 = 0, RA4 = 0, RA5 = 0, RA6 = 0, RA7 = 0, RA8 = 0, RA9 = 0, RAA = 0, RAB = 0, RAC = 0, RAD = 0, RAE = 0, RAF = 0, RB0 = 0, RB1 = 0, RB2 = 0, RB3 = 0, RB4 = 0, RB5 = 0, RB6 = 0, RB7 = 0, RB8 = 0, RB9 = 0, RBA = 0, RBB = 0, RBC = 0, RBD = 0, RBE = 0, RBF = 0, RC0 = 0, RC1 = 0, RC2 = 0, RC3 = 0, RC4 = 0, RC5 = 0, RC6 = 0, RC7 = 0, RC8 = 0, RC9 = 0, RCA = 0, RCB = 0, RCC = 0, RCD = 0, RCE = 0, RCF = 0, RD0 = 0, RD1 = 0, RD2 = 0, RD3 = 0, RD4 = 0, RD5 = 0, RD6 = 0, RD7 = 0, RD8 = 0, RD9 = 0, RDA = 0, RDB = 0, RDC = 0, RDD = 0, RDE = 0, RDF = 0, RE0 = 0, RE1 = 0, RE2 = 0, RE3 = 0, RE4 = 0, RE5 = 0, RE6 = 0, RE7 = 0, RE8 = 0, RE9 = 0, REA = 0, REB = 0, REC = 0, RED = 0, REE = 0, REF = 0;
94 var HEAP = new stdlib.Uint8Array(buffer);
95 function _expand_key_128() {
96 var sbox = 0;
97 R10 = R00 ^ HEAP[sbox | R0D] ^ 1;
98 R11 = R01 ^ HEAP[sbox | R0E];
99 R12 = R02 ^ HEAP[sbox | R0F];
100 R13 = R03 ^ HEAP[sbox | R0C];
101 R14 = R04 ^ R10;
102 R15 = R05 ^ R11;
103 R16 = R06 ^ R12;
104 R17 = R07 ^ R13;
105 R18 = R08 ^ R14;
106 R19 = R09 ^ R15;
107 R1A = R0A ^ R16;
108 R1B = R0B ^ R17;
109 R1C = R0C ^ R18;
110 R1D = R0D ^ R19;
111 R1E = R0E ^ R1A;
112 R1F = R0F ^ R1B;
113 R20 = R10 ^ HEAP[sbox | R1D] ^ 2;
114 R21 = R11 ^ HEAP[sbox | R1E];
115 R22 = R12 ^ HEAP[sbox | R1F];
116 R23 = R13 ^ HEAP[sbox | R1C];
117 R24 = R14 ^ R20;
118 R25 = R15 ^ R21;
119 R26 = R16 ^ R22;
120 R27 = R17 ^ R23;
121 R28 = R18 ^ R24;
122 R29 = R19 ^ R25;
123 R2A = R1A ^ R26;
124 R2B = R1B ^ R27;
125 R2C = R1C ^ R28;
126 R2D = R1D ^ R29;
127 R2E = R1E ^ R2A;
128 R2F = R1F ^ R2B;
129 R30 = R20 ^ HEAP[sbox | R2D] ^ 4;
130 R31 = R21 ^ HEAP[sbox | R2E];
131 R32 = R22 ^ HEAP[sbox | R2F];
132 R33 = R23 ^ HEAP[sbox | R2C];
133 R34 = R24 ^ R30;
134 R35 = R25 ^ R31;
135 R36 = R26 ^ R32;
136 R37 = R27 ^ R33;
137 R38 = R28 ^ R34;
138 R39 = R29 ^ R35;
139 R3A = R2A ^ R36;
140 R3B = R2B ^ R37;
141 R3C = R2C ^ R38;
142 R3D = R2D ^ R39;
143 R3E = R2E ^ R3A;
144 R3F = R2F ^ R3B;
145 R40 = R30 ^ HEAP[sbox | R3D] ^ 8;
146 R41 = R31 ^ HEAP[sbox | R3E];
147 R42 = R32 ^ HEAP[sbox | R3F];
148 R43 = R33 ^ HEAP[sbox | R3C];
149 R44 = R34 ^ R40;
150 R45 = R35 ^ R41;
151 R46 = R36 ^ R42;
152 R47 = R37 ^ R43;
153 R48 = R38 ^ R44;
154 R49 = R39 ^ R45;
155 R4A = R3A ^ R46;
156 R4B = R3B ^ R47;
157 R4C = R3C ^ R48;
158 R4D = R3D ^ R49;
159 R4E = R3E ^ R4A;
160 R4F = R3F ^ R4B;
161 R50 = R40 ^ HEAP[sbox | R4D] ^ 16;
162 R51 = R41 ^ HEAP[sbox | R4E];
163 R52 = R42 ^ HEAP[sbox | R4F];
164 R53 = R43 ^ HEAP[sbox | R4C];
165 R54 = R44 ^ R50;
166 R55 = R45 ^ R51;
167 R56 = R46 ^ R52;
168 R57 = R47 ^ R53;
169 R58 = R48 ^ R54;
170 R59 = R49 ^ R55;
171 R5A = R4A ^ R56;
172 R5B = R4B ^ R57;
173 R5C = R4C ^ R58;
174 R5D = R4D ^ R59;
175 R5E = R4E ^ R5A;
176 R5F = R4F ^ R5B;
177 R60 = R50 ^ HEAP[sbox | R5D] ^ 32;
178 R61 = R51 ^ HEAP[sbox | R5E];
179 R62 = R52 ^ HEAP[sbox | R5F];
180 R63 = R53 ^ HEAP[sbox | R5C];
181 R64 = R54 ^ R60;
182 R65 = R55 ^ R61;
183 R66 = R56 ^ R62;
184 R67 = R57 ^ R63;
185 R68 = R58 ^ R64;
186 R69 = R59 ^ R65;
187 R6A = R5A ^ R66;
188 R6B = R5B ^ R67;
189 R6C = R5C ^ R68;
190 R6D = R5D ^ R69;
191 R6E = R5E ^ R6A;
192 R6F = R5F ^ R6B;
193 R70 = R60 ^ HEAP[sbox | R6D] ^ 64;
194 R71 = R61 ^ HEAP[sbox | R6E];
195 R72 = R62 ^ HEAP[sbox | R6F];
196 R73 = R63 ^ HEAP[sbox | R6C];
197 R74 = R64 ^ R70;
198 R75 = R65 ^ R71;
199 R76 = R66 ^ R72;
200 R77 = R67 ^ R73;
201 R78 = R68 ^ R74;
202 R79 = R69 ^ R75;
203 R7A = R6A ^ R76;
204 R7B = R6B ^ R77;
205 R7C = R6C ^ R78;
206 R7D = R6D ^ R79;
207 R7E = R6E ^ R7A;
208 R7F = R6F ^ R7B;
209 R80 = R70 ^ HEAP[sbox | R7D] ^ 128;
210 R81 = R71 ^ HEAP[sbox | R7E];
211 R82 = R72 ^ HEAP[sbox | R7F];
212 R83 = R73 ^ HEAP[sbox | R7C];
213 R84 = R74 ^ R80;
214 R85 = R75 ^ R81;
215 R86 = R76 ^ R82;
216 R87 = R77 ^ R83;
217 R88 = R78 ^ R84;
218 R89 = R79 ^ R85;
219 R8A = R7A ^ R86;
220 R8B = R7B ^ R87;
221 R8C = R7C ^ R88;
222 R8D = R7D ^ R89;
223 R8E = R7E ^ R8A;
224 R8F = R7F ^ R8B;
225 R90 = R80 ^ HEAP[sbox | R8D] ^ 27;
226 R91 = R81 ^ HEAP[sbox | R8E];
227 R92 = R82 ^ HEAP[sbox | R8F];
228 R93 = R83 ^ HEAP[sbox | R8C];
229 R94 = R84 ^ R90;
230 R95 = R85 ^ R91;
231 R96 = R86 ^ R92;
232 R97 = R87 ^ R93;
233 R98 = R88 ^ R94;
234 R99 = R89 ^ R95;
235 R9A = R8A ^ R96;
236 R9B = R8B ^ R97;
237 R9C = R8C ^ R98;
238 R9D = R8D ^ R99;
239 R9E = R8E ^ R9A;
240 R9F = R8F ^ R9B;
241 RA0 = R90 ^ HEAP[sbox | R9D] ^ 54;
242 RA1 = R91 ^ HEAP[sbox | R9E];
243 RA2 = R92 ^ HEAP[sbox | R9F];
244 RA3 = R93 ^ HEAP[sbox | R9C];
245 RA4 = R94 ^ RA0;
246 RA5 = R95 ^ RA1;
247 RA6 = R96 ^ RA2;
248 RA7 = R97 ^ RA3;
249 RA8 = R98 ^ RA4;
250 RA9 = R99 ^ RA5;
251 RAA = R9A ^ RA6;
252 RAB = R9B ^ RA7;
253 RAC = R9C ^ RA8;
254 RAD = R9D ^ RA9;
255 RAE = R9E ^ RAA;
256 RAF = R9F ^ RAB;
257 }
258 function _expand_key_256() {
259 var sbox = 0;
260 R20 = R00 ^ HEAP[sbox | R1D] ^ 1;
261 R21 = R01 ^ HEAP[sbox | R1E];
262 R22 = R02 ^ HEAP[sbox | R1F];
263 R23 = R03 ^ HEAP[sbox | R1C];
264 R24 = R04 ^ R20;
265 R25 = R05 ^ R21;
266 R26 = R06 ^ R22;
267 R27 = R07 ^ R23;
268 R28 = R08 ^ R24;
269 R29 = R09 ^ R25;
270 R2A = R0A ^ R26;
271 R2B = R0B ^ R27;
272 R2C = R0C ^ R28;
273 R2D = R0D ^ R29;
274 R2E = R0E ^ R2A;
275 R2F = R0F ^ R2B;
276 R30 = R10 ^ HEAP[sbox | R2C];
277 R31 = R11 ^ HEAP[sbox | R2D];
278 R32 = R12 ^ HEAP[sbox | R2E];
279 R33 = R13 ^ HEAP[sbox | R2F];
280 R34 = R14 ^ R30;
281 R35 = R15 ^ R31;
282 R36 = R16 ^ R32;
283 R37 = R17 ^ R33;
284 R38 = R18 ^ R34;
285 R39 = R19 ^ R35;
286 R3A = R1A ^ R36;
287 R3B = R1B ^ R37;
288 R3C = R1C ^ R38;
289 R3D = R1D ^ R39;
290 R3E = R1E ^ R3A;
291 R3F = R1F ^ R3B;
292 R40 = R20 ^ HEAP[sbox | R3D] ^ 2;
293 R41 = R21 ^ HEAP[sbox | R3E];
294 R42 = R22 ^ HEAP[sbox | R3F];
295 R43 = R23 ^ HEAP[sbox | R3C];
296 R44 = R24 ^ R40;
297 R45 = R25 ^ R41;
298 R46 = R26 ^ R42;
299 R47 = R27 ^ R43;
300 R48 = R28 ^ R44;
301 R49 = R29 ^ R45;
302 R4A = R2A ^ R46;
303 R4B = R2B ^ R47;
304 R4C = R2C ^ R48;
305 R4D = R2D ^ R49;
306 R4E = R2E ^ R4A;
307 R4F = R2F ^ R4B;
308 R50 = R30 ^ HEAP[sbox | R4C];
309 R51 = R31 ^ HEAP[sbox | R4D];
310 R52 = R32 ^ HEAP[sbox | R4E];
311 R53 = R33 ^ HEAP[sbox | R4F];
312 R54 = R34 ^ R50;
313 R55 = R35 ^ R51;
314 R56 = R36 ^ R52;
315 R57 = R37 ^ R53;
316 R58 = R38 ^ R54;
317 R59 = R39 ^ R55;
318 R5A = R3A ^ R56;
319 R5B = R3B ^ R57;
320 R5C = R3C ^ R58;
321 R5D = R3D ^ R59;
322 R5E = R3E ^ R5A;
323 R5F = R3F ^ R5B;
324 R60 = R40 ^ HEAP[sbox | R5D] ^ 4;
325 R61 = R41 ^ HEAP[sbox | R5E];
326 R62 = R42 ^ HEAP[sbox | R5F];
327 R63 = R43 ^ HEAP[sbox | R5C];
328 R64 = R44 ^ R60;
329 R65 = R45 ^ R61;
330 R66 = R46 ^ R62;
331 R67 = R47 ^ R63;
332 R68 = R48 ^ R64;
333 R69 = R49 ^ R65;
334 R6A = R4A ^ R66;
335 R6B = R4B ^ R67;
336 R6C = R4C ^ R68;
337 R6D = R4D ^ R69;
338 R6E = R4E ^ R6A;
339 R6F = R4F ^ R6B;
340 R70 = R50 ^ HEAP[sbox | R6C];
341 R71 = R51 ^ HEAP[sbox | R6D];
342 R72 = R52 ^ HEAP[sbox | R6E];
343 R73 = R53 ^ HEAP[sbox | R6F];
344 R74 = R54 ^ R70;
345 R75 = R55 ^ R71;
346 R76 = R56 ^ R72;
347 R77 = R57 ^ R73;
348 R78 = R58 ^ R74;
349 R79 = R59 ^ R75;
350 R7A = R5A ^ R76;
351 R7B = R5B ^ R77;
352 R7C = R5C ^ R78;
353 R7D = R5D ^ R79;
354 R7E = R5E ^ R7A;
355 R7F = R5F ^ R7B;
356 R80 = R60 ^ HEAP[sbox | R7D] ^ 8;
357 R81 = R61 ^ HEAP[sbox | R7E];
358 R82 = R62 ^ HEAP[sbox | R7F];
359 R83 = R63 ^ HEAP[sbox | R7C];
360 R84 = R64 ^ R80;
361 R85 = R65 ^ R81;
362 R86 = R66 ^ R82;
363 R87 = R67 ^ R83;
364 R88 = R68 ^ R84;
365 R89 = R69 ^ R85;
366 R8A = R6A ^ R86;
367 R8B = R6B ^ R87;
368 R8C = R6C ^ R88;
369 R8D = R6D ^ R89;
370 R8E = R6E ^ R8A;
371 R8F = R6F ^ R8B;
372 R90 = R70 ^ HEAP[sbox | R8C];
373 R91 = R71 ^ HEAP[sbox | R8D];
374 R92 = R72 ^ HEAP[sbox | R8E];
375 R93 = R73 ^ HEAP[sbox | R8F];
376 R94 = R74 ^ R90;
377 R95 = R75 ^ R91;
378 R96 = R76 ^ R92;
379 R97 = R77 ^ R93;
380 R98 = R78 ^ R94;
381 R99 = R79 ^ R95;
382 R9A = R7A ^ R96;
383 R9B = R7B ^ R97;
384 R9C = R7C ^ R98;
385 R9D = R7D ^ R99;
386 R9E = R7E ^ R9A;
387 R9F = R7F ^ R9B;
388 RA0 = R80 ^ HEAP[sbox | R9D] ^ 16;
389 RA1 = R81 ^ HEAP[sbox | R9E];
390 RA2 = R82 ^ HEAP[sbox | R9F];
391 RA3 = R83 ^ HEAP[sbox | R9C];
392 RA4 = R84 ^ RA0;
393 RA5 = R85 ^ RA1;
394 RA6 = R86 ^ RA2;
395 RA7 = R87 ^ RA3;
396 RA8 = R88 ^ RA4;
397 RA9 = R89 ^ RA5;
398 RAA = R8A ^ RA6;
399 RAB = R8B ^ RA7;
400 RAC = R8C ^ RA8;
401 RAD = R8D ^ RA9;
402 RAE = R8E ^ RAA;
403 RAF = R8F ^ RAB;
404 RB0 = R90 ^ HEAP[sbox | RAC];
405 RB1 = R91 ^ HEAP[sbox | RAD];
406 RB2 = R92 ^ HEAP[sbox | RAE];
407 RB3 = R93 ^ HEAP[sbox | RAF];
408 RB4 = R94 ^ RB0;
409 RB5 = R95 ^ RB1;
410 RB6 = R96 ^ RB2;
411 RB7 = R97 ^ RB3;
412 RB8 = R98 ^ RB4;
413 RB9 = R99 ^ RB5;
414 RBA = R9A ^ RB6;
415 RBB = R9B ^ RB7;
416 RBC = R9C ^ RB8;
417 RBD = R9D ^ RB9;
418 RBE = R9E ^ RBA;
419 RBF = R9F ^ RBB;
420 RC0 = RA0 ^ HEAP[sbox | RBD] ^ 32;
421 RC1 = RA1 ^ HEAP[sbox | RBE];
422 RC2 = RA2 ^ HEAP[sbox | RBF];
423 RC3 = RA3 ^ HEAP[sbox | RBC];
424 RC4 = RA4 ^ RC0;
425 RC5 = RA5 ^ RC1;
426 RC6 = RA6 ^ RC2;
427 RC7 = RA7 ^ RC3;
428 RC8 = RA8 ^ RC4;
429 RC9 = RA9 ^ RC5;
430 RCA = RAA ^ RC6;
431 RCB = RAB ^ RC7;
432 RCC = RAC ^ RC8;
433 RCD = RAD ^ RC9;
434 RCE = RAE ^ RCA;
435 RCF = RAF ^ RCB;
436 RD0 = RB0 ^ HEAP[sbox | RCC];
437 RD1 = RB1 ^ HEAP[sbox | RCD];
438 RD2 = RB2 ^ HEAP[sbox | RCE];
439 RD3 = RB3 ^ HEAP[sbox | RCF];
440 RD4 = RB4 ^ RD0;
441 RD5 = RB5 ^ RD1;
442 RD6 = RB6 ^ RD2;
443 RD7 = RB7 ^ RD3;
444 RD8 = RB8 ^ RD4;
445 RD9 = RB9 ^ RD5;
446 RDA = RBA ^ RD6;
447 RDB = RBB ^ RD7;
448 RDC = RBC ^ RD8;
449 RDD = RBD ^ RD9;
450 RDE = RBE ^ RDA;
451 RDF = RBF ^ RDB;
452 RE0 = RC0 ^ HEAP[sbox | RDD] ^ 64;
453 RE1 = RC1 ^ HEAP[sbox | RDE];
454 RE2 = RC2 ^ HEAP[sbox | RDF];
455 RE3 = RC3 ^ HEAP[sbox | RDC];
456 RE4 = RC4 ^ RE0;
457 RE5 = RC5 ^ RE1;
458 RE6 = RC6 ^ RE2;
459 RE7 = RC7 ^ RE3;
460 RE8 = RC8 ^ RE4;
461 RE9 = RC9 ^ RE5;
462 REA = RCA ^ RE6;
463 REB = RCB ^ RE7;
464 REC = RCC ^ RE8;
465 RED = RCD ^ RE9;
466 REE = RCE ^ REA;
467 REF = RCF ^ REB;
468 }
469 function _encrypt(s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, sA, sB, sC, sD, sE, sF) {
470 s0 = s0 | 0;
471 s1 = s1 | 0;
472 s2 = s2 | 0;
473 s3 = s3 | 0;
474 s4 = s4 | 0;
475 s5 = s5 | 0;
476 s6 = s6 | 0;
477 s7 = s7 | 0;
478 s8 = s8 | 0;
479 s9 = s9 | 0;
480 sA = sA | 0;
481 sB = sB | 0;
482 sC = sC | 0;
483 sD = sD | 0;
484 sE = sE | 0;
485 sF = sF | 0;
486 var t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0, t8 = 0, t9 = 0, tA = 0, tB = 0, tC = 0, tD = 0, tE = 0, tF = 0, sbox = 0, x2_sbox = 512, x3_sbox = 768;
487 s0 = s0 ^ R00;
488 s1 = s1 ^ R01;
489 s2 = s2 ^ R02;
490 s3 = s3 ^ R03;
491 s4 = s4 ^ R04;
492 s5 = s5 ^ R05;
493 s6 = s6 ^ R06;
494 s7 = s7 ^ R07;
495 s8 = s8 ^ R08;
496 s9 = s9 ^ R09;
497 sA = sA ^ R0A;
498 sB = sB ^ R0B;
499 sC = sC ^ R0C;
500 sD = sD ^ R0D;
501 sE = sE ^ R0E;
502 sF = sF ^ R0F;
503 t0 = HEAP[x2_sbox | s0] ^ HEAP[x3_sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[sbox | sF] ^ R10;
504 t1 = HEAP[sbox | s0] ^ HEAP[x2_sbox | s5] ^ HEAP[x3_sbox | sA] ^ HEAP[sbox | sF] ^ R11;
505 t2 = HEAP[sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[x2_sbox | sA] ^ HEAP[x3_sbox | sF] ^ R12;
506 t3 = HEAP[x3_sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[x2_sbox | sF] ^ R13;
507 t4 = HEAP[x2_sbox | s4] ^ HEAP[x3_sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[sbox | s3] ^ R14;
508 t5 = HEAP[sbox | s4] ^ HEAP[x2_sbox | s9] ^ HEAP[x3_sbox | sE] ^ HEAP[sbox | s3] ^ R15;
509 t6 = HEAP[sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[x2_sbox | sE] ^ HEAP[x3_sbox | s3] ^ R16;
510 t7 = HEAP[x3_sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[x2_sbox | s3] ^ R17;
511 t8 = HEAP[x2_sbox | s8] ^ HEAP[x3_sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[sbox | s7] ^ R18;
512 t9 = HEAP[sbox | s8] ^ HEAP[x2_sbox | sD] ^ HEAP[x3_sbox | s2] ^ HEAP[sbox | s7] ^ R19;
513 tA = HEAP[sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[x2_sbox | s2] ^ HEAP[x3_sbox | s7] ^ R1A;
514 tB = HEAP[x3_sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[x2_sbox | s7] ^ R1B;
515 tC = HEAP[x2_sbox | sC] ^ HEAP[x3_sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[sbox | sB] ^ R1C;
516 tD = HEAP[sbox | sC] ^ HEAP[x2_sbox | s1] ^ HEAP[x3_sbox | s6] ^ HEAP[sbox | sB] ^ R1D;
517 tE = HEAP[sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[x2_sbox | s6] ^ HEAP[x3_sbox | sB] ^ R1E;
518 tF = HEAP[x3_sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[x2_sbox | sB] ^ R1F;
519 s0 = HEAP[x2_sbox | t0] ^ HEAP[x3_sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[sbox | tF] ^ R20;
520 s1 = HEAP[sbox | t0] ^ HEAP[x2_sbox | t5] ^ HEAP[x3_sbox | tA] ^ HEAP[sbox | tF] ^ R21;
521 s2 = HEAP[sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[x2_sbox | tA] ^ HEAP[x3_sbox | tF] ^ R22;
522 s3 = HEAP[x3_sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[x2_sbox | tF] ^ R23;
523 s4 = HEAP[x2_sbox | t4] ^ HEAP[x3_sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[sbox | t3] ^ R24;
524 s5 = HEAP[sbox | t4] ^ HEAP[x2_sbox | t9] ^ HEAP[x3_sbox | tE] ^ HEAP[sbox | t3] ^ R25;
525 s6 = HEAP[sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[x2_sbox | tE] ^ HEAP[x3_sbox | t3] ^ R26;
526 s7 = HEAP[x3_sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[x2_sbox | t3] ^ R27;
527 s8 = HEAP[x2_sbox | t8] ^ HEAP[x3_sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[sbox | t7] ^ R28;
528 s9 = HEAP[sbox | t8] ^ HEAP[x2_sbox | tD] ^ HEAP[x3_sbox | t2] ^ HEAP[sbox | t7] ^ R29;
529 sA = HEAP[sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[x2_sbox | t2] ^ HEAP[x3_sbox | t7] ^ R2A;
530 sB = HEAP[x3_sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[x2_sbox | t7] ^ R2B;
531 sC = HEAP[x2_sbox | tC] ^ HEAP[x3_sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[sbox | tB] ^ R2C;
532 sD = HEAP[sbox | tC] ^ HEAP[x2_sbox | t1] ^ HEAP[x3_sbox | t6] ^ HEAP[sbox | tB] ^ R2D;
533 sE = HEAP[sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[x2_sbox | t6] ^ HEAP[x3_sbox | tB] ^ R2E;
534 sF = HEAP[x3_sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[x2_sbox | tB] ^ R2F;
535 t0 = HEAP[x2_sbox | s0] ^ HEAP[x3_sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[sbox | sF] ^ R30;
536 t1 = HEAP[sbox | s0] ^ HEAP[x2_sbox | s5] ^ HEAP[x3_sbox | sA] ^ HEAP[sbox | sF] ^ R31;
537 t2 = HEAP[sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[x2_sbox | sA] ^ HEAP[x3_sbox | sF] ^ R32;
538 t3 = HEAP[x3_sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[x2_sbox | sF] ^ R33;
539 t4 = HEAP[x2_sbox | s4] ^ HEAP[x3_sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[sbox | s3] ^ R34;
540 t5 = HEAP[sbox | s4] ^ HEAP[x2_sbox | s9] ^ HEAP[x3_sbox | sE] ^ HEAP[sbox | s3] ^ R35;
541 t6 = HEAP[sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[x2_sbox | sE] ^ HEAP[x3_sbox | s3] ^ R36;
542 t7 = HEAP[x3_sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[x2_sbox | s3] ^ R37;
543 t8 = HEAP[x2_sbox | s8] ^ HEAP[x3_sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[sbox | s7] ^ R38;
544 t9 = HEAP[sbox | s8] ^ HEAP[x2_sbox | sD] ^ HEAP[x3_sbox | s2] ^ HEAP[sbox | s7] ^ R39;
545 tA = HEAP[sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[x2_sbox | s2] ^ HEAP[x3_sbox | s7] ^ R3A;
546 tB = HEAP[x3_sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[x2_sbox | s7] ^ R3B;
547 tC = HEAP[x2_sbox | sC] ^ HEAP[x3_sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[sbox | sB] ^ R3C;
548 tD = HEAP[sbox | sC] ^ HEAP[x2_sbox | s1] ^ HEAP[x3_sbox | s6] ^ HEAP[sbox | sB] ^ R3D;
549 tE = HEAP[sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[x2_sbox | s6] ^ HEAP[x3_sbox | sB] ^ R3E;
550 tF = HEAP[x3_sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[x2_sbox | sB] ^ R3F;
551 s0 = HEAP[x2_sbox | t0] ^ HEAP[x3_sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[sbox | tF] ^ R40;
552 s1 = HEAP[sbox | t0] ^ HEAP[x2_sbox | t5] ^ HEAP[x3_sbox | tA] ^ HEAP[sbox | tF] ^ R41;
553 s2 = HEAP[sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[x2_sbox | tA] ^ HEAP[x3_sbox | tF] ^ R42;
554 s3 = HEAP[x3_sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[x2_sbox | tF] ^ R43;
555 s4 = HEAP[x2_sbox | t4] ^ HEAP[x3_sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[sbox | t3] ^ R44;
556 s5 = HEAP[sbox | t4] ^ HEAP[x2_sbox | t9] ^ HEAP[x3_sbox | tE] ^ HEAP[sbox | t3] ^ R45;
557 s6 = HEAP[sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[x2_sbox | tE] ^ HEAP[x3_sbox | t3] ^ R46;
558 s7 = HEAP[x3_sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[x2_sbox | t3] ^ R47;
559 s8 = HEAP[x2_sbox | t8] ^ HEAP[x3_sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[sbox | t7] ^ R48;
560 s9 = HEAP[sbox | t8] ^ HEAP[x2_sbox | tD] ^ HEAP[x3_sbox | t2] ^ HEAP[sbox | t7] ^ R49;
561 sA = HEAP[sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[x2_sbox | t2] ^ HEAP[x3_sbox | t7] ^ R4A;
562 sB = HEAP[x3_sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[x2_sbox | t7] ^ R4B;
563 sC = HEAP[x2_sbox | tC] ^ HEAP[x3_sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[sbox | tB] ^ R4C;
564 sD = HEAP[sbox | tC] ^ HEAP[x2_sbox | t1] ^ HEAP[x3_sbox | t6] ^ HEAP[sbox | tB] ^ R4D;
565 sE = HEAP[sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[x2_sbox | t6] ^ HEAP[x3_sbox | tB] ^ R4E;
566 sF = HEAP[x3_sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[x2_sbox | tB] ^ R4F;
567 t0 = HEAP[x2_sbox | s0] ^ HEAP[x3_sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[sbox | sF] ^ R50;
568 t1 = HEAP[sbox | s0] ^ HEAP[x2_sbox | s5] ^ HEAP[x3_sbox | sA] ^ HEAP[sbox | sF] ^ R51;
569 t2 = HEAP[sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[x2_sbox | sA] ^ HEAP[x3_sbox | sF] ^ R52;
570 t3 = HEAP[x3_sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[x2_sbox | sF] ^ R53;
571 t4 = HEAP[x2_sbox | s4] ^ HEAP[x3_sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[sbox | s3] ^ R54;
572 t5 = HEAP[sbox | s4] ^ HEAP[x2_sbox | s9] ^ HEAP[x3_sbox | sE] ^ HEAP[sbox | s3] ^ R55;
573 t6 = HEAP[sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[x2_sbox | sE] ^ HEAP[x3_sbox | s3] ^ R56;
574 t7 = HEAP[x3_sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[x2_sbox | s3] ^ R57;
575 t8 = HEAP[x2_sbox | s8] ^ HEAP[x3_sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[sbox | s7] ^ R58;
576 t9 = HEAP[sbox | s8] ^ HEAP[x2_sbox | sD] ^ HEAP[x3_sbox | s2] ^ HEAP[sbox | s7] ^ R59;
577 tA = HEAP[sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[x2_sbox | s2] ^ HEAP[x3_sbox | s7] ^ R5A;
578 tB = HEAP[x3_sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[x2_sbox | s7] ^ R5B;
579 tC = HEAP[x2_sbox | sC] ^ HEAP[x3_sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[sbox | sB] ^ R5C;
580 tD = HEAP[sbox | sC] ^ HEAP[x2_sbox | s1] ^ HEAP[x3_sbox | s6] ^ HEAP[sbox | sB] ^ R5D;
581 tE = HEAP[sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[x2_sbox | s6] ^ HEAP[x3_sbox | sB] ^ R5E;
582 tF = HEAP[x3_sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[x2_sbox | sB] ^ R5F;
583 s0 = HEAP[x2_sbox | t0] ^ HEAP[x3_sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[sbox | tF] ^ R60;
584 s1 = HEAP[sbox | t0] ^ HEAP[x2_sbox | t5] ^ HEAP[x3_sbox | tA] ^ HEAP[sbox | tF] ^ R61;
585 s2 = HEAP[sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[x2_sbox | tA] ^ HEAP[x3_sbox | tF] ^ R62;
586 s3 = HEAP[x3_sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[x2_sbox | tF] ^ R63;
587 s4 = HEAP[x2_sbox | t4] ^ HEAP[x3_sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[sbox | t3] ^ R64;
588 s5 = HEAP[sbox | t4] ^ HEAP[x2_sbox | t9] ^ HEAP[x3_sbox | tE] ^ HEAP[sbox | t3] ^ R65;
589 s6 = HEAP[sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[x2_sbox | tE] ^ HEAP[x3_sbox | t3] ^ R66;
590 s7 = HEAP[x3_sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[x2_sbox | t3] ^ R67;
591 s8 = HEAP[x2_sbox | t8] ^ HEAP[x3_sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[sbox | t7] ^ R68;
592 s9 = HEAP[sbox | t8] ^ HEAP[x2_sbox | tD] ^ HEAP[x3_sbox | t2] ^ HEAP[sbox | t7] ^ R69;
593 sA = HEAP[sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[x2_sbox | t2] ^ HEAP[x3_sbox | t7] ^ R6A;
594 sB = HEAP[x3_sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[x2_sbox | t7] ^ R6B;
595 sC = HEAP[x2_sbox | tC] ^ HEAP[x3_sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[sbox | tB] ^ R6C;
596 sD = HEAP[sbox | tC] ^ HEAP[x2_sbox | t1] ^ HEAP[x3_sbox | t6] ^ HEAP[sbox | tB] ^ R6D;
597 sE = HEAP[sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[x2_sbox | t6] ^ HEAP[x3_sbox | tB] ^ R6E;
598 sF = HEAP[x3_sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[x2_sbox | tB] ^ R6F;
599 t0 = HEAP[x2_sbox | s0] ^ HEAP[x3_sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[sbox | sF] ^ R70;
600 t1 = HEAP[sbox | s0] ^ HEAP[x2_sbox | s5] ^ HEAP[x3_sbox | sA] ^ HEAP[sbox | sF] ^ R71;
601 t2 = HEAP[sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[x2_sbox | sA] ^ HEAP[x3_sbox | sF] ^ R72;
602 t3 = HEAP[x3_sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[x2_sbox | sF] ^ R73;
603 t4 = HEAP[x2_sbox | s4] ^ HEAP[x3_sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[sbox | s3] ^ R74;
604 t5 = HEAP[sbox | s4] ^ HEAP[x2_sbox | s9] ^ HEAP[x3_sbox | sE] ^ HEAP[sbox | s3] ^ R75;
605 t6 = HEAP[sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[x2_sbox | sE] ^ HEAP[x3_sbox | s3] ^ R76;
606 t7 = HEAP[x3_sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[x2_sbox | s3] ^ R77;
607 t8 = HEAP[x2_sbox | s8] ^ HEAP[x3_sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[sbox | s7] ^ R78;
608 t9 = HEAP[sbox | s8] ^ HEAP[x2_sbox | sD] ^ HEAP[x3_sbox | s2] ^ HEAP[sbox | s7] ^ R79;
609 tA = HEAP[sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[x2_sbox | s2] ^ HEAP[x3_sbox | s7] ^ R7A;
610 tB = HEAP[x3_sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[x2_sbox | s7] ^ R7B;
611 tC = HEAP[x2_sbox | sC] ^ HEAP[x3_sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[sbox | sB] ^ R7C;
612 tD = HEAP[sbox | sC] ^ HEAP[x2_sbox | s1] ^ HEAP[x3_sbox | s6] ^ HEAP[sbox | sB] ^ R7D;
613 tE = HEAP[sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[x2_sbox | s6] ^ HEAP[x3_sbox | sB] ^ R7E;
614 tF = HEAP[x3_sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[x2_sbox | sB] ^ R7F;
615 s0 = HEAP[x2_sbox | t0] ^ HEAP[x3_sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[sbox | tF] ^ R80;
616 s1 = HEAP[sbox | t0] ^ HEAP[x2_sbox | t5] ^ HEAP[x3_sbox | tA] ^ HEAP[sbox | tF] ^ R81;
617 s2 = HEAP[sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[x2_sbox | tA] ^ HEAP[x3_sbox | tF] ^ R82;
618 s3 = HEAP[x3_sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[x2_sbox | tF] ^ R83;
619 s4 = HEAP[x2_sbox | t4] ^ HEAP[x3_sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[sbox | t3] ^ R84;
620 s5 = HEAP[sbox | t4] ^ HEAP[x2_sbox | t9] ^ HEAP[x3_sbox | tE] ^ HEAP[sbox | t3] ^ R85;
621 s6 = HEAP[sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[x2_sbox | tE] ^ HEAP[x3_sbox | t3] ^ R86;
622 s7 = HEAP[x3_sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[x2_sbox | t3] ^ R87;
623 s8 = HEAP[x2_sbox | t8] ^ HEAP[x3_sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[sbox | t7] ^ R88;
624 s9 = HEAP[sbox | t8] ^ HEAP[x2_sbox | tD] ^ HEAP[x3_sbox | t2] ^ HEAP[sbox | t7] ^ R89;
625 sA = HEAP[sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[x2_sbox | t2] ^ HEAP[x3_sbox | t7] ^ R8A;
626 sB = HEAP[x3_sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[x2_sbox | t7] ^ R8B;
627 sC = HEAP[x2_sbox | tC] ^ HEAP[x3_sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[sbox | tB] ^ R8C;
628 sD = HEAP[sbox | tC] ^ HEAP[x2_sbox | t1] ^ HEAP[x3_sbox | t6] ^ HEAP[sbox | tB] ^ R8D;
629 sE = HEAP[sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[x2_sbox | t6] ^ HEAP[x3_sbox | tB] ^ R8E;
630 sF = HEAP[x3_sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[x2_sbox | tB] ^ R8F;
631 t0 = HEAP[x2_sbox | s0] ^ HEAP[x3_sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[sbox | sF] ^ R90;
632 t1 = HEAP[sbox | s0] ^ HEAP[x2_sbox | s5] ^ HEAP[x3_sbox | sA] ^ HEAP[sbox | sF] ^ R91;
633 t2 = HEAP[sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[x2_sbox | sA] ^ HEAP[x3_sbox | sF] ^ R92;
634 t3 = HEAP[x3_sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[x2_sbox | sF] ^ R93;
635 t4 = HEAP[x2_sbox | s4] ^ HEAP[x3_sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[sbox | s3] ^ R94;
636 t5 = HEAP[sbox | s4] ^ HEAP[x2_sbox | s9] ^ HEAP[x3_sbox | sE] ^ HEAP[sbox | s3] ^ R95;
637 t6 = HEAP[sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[x2_sbox | sE] ^ HEAP[x3_sbox | s3] ^ R96;
638 t7 = HEAP[x3_sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[x2_sbox | s3] ^ R97;
639 t8 = HEAP[x2_sbox | s8] ^ HEAP[x3_sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[sbox | s7] ^ R98;
640 t9 = HEAP[sbox | s8] ^ HEAP[x2_sbox | sD] ^ HEAP[x3_sbox | s2] ^ HEAP[sbox | s7] ^ R99;
641 tA = HEAP[sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[x2_sbox | s2] ^ HEAP[x3_sbox | s7] ^ R9A;
642 tB = HEAP[x3_sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[x2_sbox | s7] ^ R9B;
643 tC = HEAP[x2_sbox | sC] ^ HEAP[x3_sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[sbox | sB] ^ R9C;
644 tD = HEAP[sbox | sC] ^ HEAP[x2_sbox | s1] ^ HEAP[x3_sbox | s6] ^ HEAP[sbox | sB] ^ R9D;
645 tE = HEAP[sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[x2_sbox | s6] ^ HEAP[x3_sbox | sB] ^ R9E;
646 tF = HEAP[x3_sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[x2_sbox | sB] ^ R9F;
647 if ((keySize | 0) == 16) {
648 S0 = HEAP[sbox | t0] ^ RA0;
649 S1 = HEAP[sbox | t5] ^ RA1;
650 S2 = HEAP[sbox | tA] ^ RA2;
651 S3 = HEAP[sbox | tF] ^ RA3;
652 S4 = HEAP[sbox | t4] ^ RA4;
653 S5 = HEAP[sbox | t9] ^ RA5;
654 S6 = HEAP[sbox | tE] ^ RA6;
655 S7 = HEAP[sbox | t3] ^ RA7;
656 S8 = HEAP[sbox | t8] ^ RA8;
657 S9 = HEAP[sbox | tD] ^ RA9;
658 SA = HEAP[sbox | t2] ^ RAA;
659 SB = HEAP[sbox | t7] ^ RAB;
660 SC = HEAP[sbox | tC] ^ RAC;
661 SD = HEAP[sbox | t1] ^ RAD;
662 SE = HEAP[sbox | t6] ^ RAE;
663 SF = HEAP[sbox | tB] ^ RAF;
664 return;
665 }
666 s0 = HEAP[x2_sbox | t0] ^ HEAP[x3_sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[sbox | tF] ^ RA0;
667 s1 = HEAP[sbox | t0] ^ HEAP[x2_sbox | t5] ^ HEAP[x3_sbox | tA] ^ HEAP[sbox | tF] ^ RA1;
668 s2 = HEAP[sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[x2_sbox | tA] ^ HEAP[x3_sbox | tF] ^ RA2;
669 s3 = HEAP[x3_sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[x2_sbox | tF] ^ RA3;
670 s4 = HEAP[x2_sbox | t4] ^ HEAP[x3_sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[sbox | t3] ^ RA4;
671 s5 = HEAP[sbox | t4] ^ HEAP[x2_sbox | t9] ^ HEAP[x3_sbox | tE] ^ HEAP[sbox | t3] ^ RA5;
672 s6 = HEAP[sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[x2_sbox | tE] ^ HEAP[x3_sbox | t3] ^ RA6;
673 s7 = HEAP[x3_sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[x2_sbox | t3] ^ RA7;
674 s8 = HEAP[x2_sbox | t8] ^ HEAP[x3_sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[sbox | t7] ^ RA8;
675 s9 = HEAP[sbox | t8] ^ HEAP[x2_sbox | tD] ^ HEAP[x3_sbox | t2] ^ HEAP[sbox | t7] ^ RA9;
676 sA = HEAP[sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[x2_sbox | t2] ^ HEAP[x3_sbox | t7] ^ RAA;
677 sB = HEAP[x3_sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[x2_sbox | t7] ^ RAB;
678 sC = HEAP[x2_sbox | tC] ^ HEAP[x3_sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[sbox | tB] ^ RAC;
679 sD = HEAP[sbox | tC] ^ HEAP[x2_sbox | t1] ^ HEAP[x3_sbox | t6] ^ HEAP[sbox | tB] ^ RAD;
680 sE = HEAP[sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[x2_sbox | t6] ^ HEAP[x3_sbox | tB] ^ RAE;
681 sF = HEAP[x3_sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[x2_sbox | tB] ^ RAF;
682 t0 = HEAP[x2_sbox | s0] ^ HEAP[x3_sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[sbox | sF] ^ RB0;
683 t1 = HEAP[sbox | s0] ^ HEAP[x2_sbox | s5] ^ HEAP[x3_sbox | sA] ^ HEAP[sbox | sF] ^ RB1;
684 t2 = HEAP[sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[x2_sbox | sA] ^ HEAP[x3_sbox | sF] ^ RB2;
685 t3 = HEAP[x3_sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[x2_sbox | sF] ^ RB3;
686 t4 = HEAP[x2_sbox | s4] ^ HEAP[x3_sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[sbox | s3] ^ RB4;
687 t5 = HEAP[sbox | s4] ^ HEAP[x2_sbox | s9] ^ HEAP[x3_sbox | sE] ^ HEAP[sbox | s3] ^ RB5;
688 t6 = HEAP[sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[x2_sbox | sE] ^ HEAP[x3_sbox | s3] ^ RB6;
689 t7 = HEAP[x3_sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[x2_sbox | s3] ^ RB7;
690 t8 = HEAP[x2_sbox | s8] ^ HEAP[x3_sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[sbox | s7] ^ RB8;
691 t9 = HEAP[sbox | s8] ^ HEAP[x2_sbox | sD] ^ HEAP[x3_sbox | s2] ^ HEAP[sbox | s7] ^ RB9;
692 tA = HEAP[sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[x2_sbox | s2] ^ HEAP[x3_sbox | s7] ^ RBA;
693 tB = HEAP[x3_sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[x2_sbox | s7] ^ RBB;
694 tC = HEAP[x2_sbox | sC] ^ HEAP[x3_sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[sbox | sB] ^ RBC;
695 tD = HEAP[sbox | sC] ^ HEAP[x2_sbox | s1] ^ HEAP[x3_sbox | s6] ^ HEAP[sbox | sB] ^ RBD;
696 tE = HEAP[sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[x2_sbox | s6] ^ HEAP[x3_sbox | sB] ^ RBE;
697 tF = HEAP[x3_sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[x2_sbox | sB] ^ RBF;
698 s0 = HEAP[x2_sbox | t0] ^ HEAP[x3_sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[sbox | tF] ^ RC0;
699 s1 = HEAP[sbox | t0] ^ HEAP[x2_sbox | t5] ^ HEAP[x3_sbox | tA] ^ HEAP[sbox | tF] ^ RC1;
700 s2 = HEAP[sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[x2_sbox | tA] ^ HEAP[x3_sbox | tF] ^ RC2;
701 s3 = HEAP[x3_sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[x2_sbox | tF] ^ RC3;
702 s4 = HEAP[x2_sbox | t4] ^ HEAP[x3_sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[sbox | t3] ^ RC4;
703 s5 = HEAP[sbox | t4] ^ HEAP[x2_sbox | t9] ^ HEAP[x3_sbox | tE] ^ HEAP[sbox | t3] ^ RC5;
704 s6 = HEAP[sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[x2_sbox | tE] ^ HEAP[x3_sbox | t3] ^ RC6;
705 s7 = HEAP[x3_sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[x2_sbox | t3] ^ RC7;
706 s8 = HEAP[x2_sbox | t8] ^ HEAP[x3_sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[sbox | t7] ^ RC8;
707 s9 = HEAP[sbox | t8] ^ HEAP[x2_sbox | tD] ^ HEAP[x3_sbox | t2] ^ HEAP[sbox | t7] ^ RC9;
708 sA = HEAP[sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[x2_sbox | t2] ^ HEAP[x3_sbox | t7] ^ RCA;
709 sB = HEAP[x3_sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[x2_sbox | t7] ^ RCB;
710 sC = HEAP[x2_sbox | tC] ^ HEAP[x3_sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[sbox | tB] ^ RCC;
711 sD = HEAP[sbox | tC] ^ HEAP[x2_sbox | t1] ^ HEAP[x3_sbox | t6] ^ HEAP[sbox | tB] ^ RCD;
712 sE = HEAP[sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[x2_sbox | t6] ^ HEAP[x3_sbox | tB] ^ RCE;
713 sF = HEAP[x3_sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[x2_sbox | tB] ^ RCF;
714 t0 = HEAP[x2_sbox | s0] ^ HEAP[x3_sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[sbox | sF] ^ RD0;
715 t1 = HEAP[sbox | s0] ^ HEAP[x2_sbox | s5] ^ HEAP[x3_sbox | sA] ^ HEAP[sbox | sF] ^ RD1;
716 t2 = HEAP[sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[x2_sbox | sA] ^ HEAP[x3_sbox | sF] ^ RD2;
717 t3 = HEAP[x3_sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[x2_sbox | sF] ^ RD3;
718 t4 = HEAP[x2_sbox | s4] ^ HEAP[x3_sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[sbox | s3] ^ RD4;
719 t5 = HEAP[sbox | s4] ^ HEAP[x2_sbox | s9] ^ HEAP[x3_sbox | sE] ^ HEAP[sbox | s3] ^ RD5;
720 t6 = HEAP[sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[x2_sbox | sE] ^ HEAP[x3_sbox | s3] ^ RD6;
721 t7 = HEAP[x3_sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[x2_sbox | s3] ^ RD7;
722 t8 = HEAP[x2_sbox | s8] ^ HEAP[x3_sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[sbox | s7] ^ RD8;
723 t9 = HEAP[sbox | s8] ^ HEAP[x2_sbox | sD] ^ HEAP[x3_sbox | s2] ^ HEAP[sbox | s7] ^ RD9;
724 tA = HEAP[sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[x2_sbox | s2] ^ HEAP[x3_sbox | s7] ^ RDA;
725 tB = HEAP[x3_sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[x2_sbox | s7] ^ RDB;
726 tC = HEAP[x2_sbox | sC] ^ HEAP[x3_sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[sbox | sB] ^ RDC;
727 tD = HEAP[sbox | sC] ^ HEAP[x2_sbox | s1] ^ HEAP[x3_sbox | s6] ^ HEAP[sbox | sB] ^ RDD;
728 tE = HEAP[sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[x2_sbox | s6] ^ HEAP[x3_sbox | sB] ^ RDE;
729 tF = HEAP[x3_sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[x2_sbox | sB] ^ RDF;
730 S0 = HEAP[sbox | t0] ^ RE0;
731 S1 = HEAP[sbox | t5] ^ RE1;
732 S2 = HEAP[sbox | tA] ^ RE2;
733 S3 = HEAP[sbox | tF] ^ RE3;
734 S4 = HEAP[sbox | t4] ^ RE4;
735 S5 = HEAP[sbox | t9] ^ RE5;
736 S6 = HEAP[sbox | tE] ^ RE6;
737 S7 = HEAP[sbox | t3] ^ RE7;
738 S8 = HEAP[sbox | t8] ^ RE8;
739 S9 = HEAP[sbox | tD] ^ RE9;
740 SA = HEAP[sbox | t2] ^ REA;
741 SB = HEAP[sbox | t7] ^ REB;
742 SC = HEAP[sbox | tC] ^ REC;
743 SD = HEAP[sbox | t1] ^ RED;
744 SE = HEAP[sbox | t6] ^ REE;
745 SF = HEAP[sbox | tB] ^ REF;
746 }
747 function _decrypt(s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, sA, sB, sC, sD, sE, sF) {
748 s0 = s0 | 0;
749 s1 = s1 | 0;
750 s2 = s2 | 0;
751 s3 = s3 | 0;
752 s4 = s4 | 0;
753 s5 = s5 | 0;
754 s6 = s6 | 0;
755 s7 = s7 | 0;
756 s8 = s8 | 0;
757 s9 = s9 | 0;
758 sA = sA | 0;
759 sB = sB | 0;
760 sC = sC | 0;
761 sD = sD | 0;
762 sE = sE | 0;
763 sF = sF | 0;
764 var t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0, t8 = 0, t9 = 0, tA = 0, tB = 0, tC = 0, tD = 0, tE = 0, tF = 0, inv_sbox = 256, x9 = 1024, xB = 1280, xD = 1536, xE = 1792;
765 if ((keySize | 0) == 32) {
766 t0 = HEAP[inv_sbox | s0 ^ RE0] ^ RD0;
767 t1 = HEAP[inv_sbox | sD ^ RED] ^ RD1;
768 t2 = HEAP[inv_sbox | sA ^ REA] ^ RD2;
769 t3 = HEAP[inv_sbox | s7 ^ RE7] ^ RD3;
770 t4 = HEAP[inv_sbox | s4 ^ RE4] ^ RD4;
771 t5 = HEAP[inv_sbox | s1 ^ RE1] ^ RD5;
772 t6 = HEAP[inv_sbox | sE ^ REE] ^ RD6;
773 t7 = HEAP[inv_sbox | sB ^ REB] ^ RD7;
774 t8 = HEAP[inv_sbox | s8 ^ RE8] ^ RD8;
775 t9 = HEAP[inv_sbox | s5 ^ RE5] ^ RD9;
776 tA = HEAP[inv_sbox | s2 ^ RE2] ^ RDA;
777 tB = HEAP[inv_sbox | sF ^ REF] ^ RDB;
778 tC = HEAP[inv_sbox | sC ^ REC] ^ RDC;
779 tD = HEAP[inv_sbox | s9 ^ RE9] ^ RDD;
780 tE = HEAP[inv_sbox | s6 ^ RE6] ^ RDE;
781 tF = HEAP[inv_sbox | s3 ^ RE3] ^ RDF;
782 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
783 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
784 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
785 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
786 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
787 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
788 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
789 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
790 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
791 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
792 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
793 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
794 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
795 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
796 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
797 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
798 t0 = HEAP[inv_sbox | s0] ^ RC0;
799 t1 = HEAP[inv_sbox | s1] ^ RC1;
800 t2 = HEAP[inv_sbox | s2] ^ RC2;
801 t3 = HEAP[inv_sbox | s3] ^ RC3;
802 t4 = HEAP[inv_sbox | s4] ^ RC4;
803 t5 = HEAP[inv_sbox | s5] ^ RC5;
804 t6 = HEAP[inv_sbox | s6] ^ RC6;
805 t7 = HEAP[inv_sbox | s7] ^ RC7;
806 t8 = HEAP[inv_sbox | s8] ^ RC8;
807 t9 = HEAP[inv_sbox | s9] ^ RC9;
808 tA = HEAP[inv_sbox | sA] ^ RCA;
809 tB = HEAP[inv_sbox | sB] ^ RCB;
810 tC = HEAP[inv_sbox | sC] ^ RCC;
811 tD = HEAP[inv_sbox | sD] ^ RCD;
812 tE = HEAP[inv_sbox | sE] ^ RCE;
813 tF = HEAP[inv_sbox | sF] ^ RCF;
814 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
815 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
816 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
817 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
818 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
819 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
820 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
821 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
822 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
823 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
824 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
825 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
826 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
827 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
828 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
829 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
830 t0 = HEAP[inv_sbox | s0] ^ RB0;
831 t1 = HEAP[inv_sbox | s1] ^ RB1;
832 t2 = HEAP[inv_sbox | s2] ^ RB2;
833 t3 = HEAP[inv_sbox | s3] ^ RB3;
834 t4 = HEAP[inv_sbox | s4] ^ RB4;
835 t5 = HEAP[inv_sbox | s5] ^ RB5;
836 t6 = HEAP[inv_sbox | s6] ^ RB6;
837 t7 = HEAP[inv_sbox | s7] ^ RB7;
838 t8 = HEAP[inv_sbox | s8] ^ RB8;
839 t9 = HEAP[inv_sbox | s9] ^ RB9;
840 tA = HEAP[inv_sbox | sA] ^ RBA;
841 tB = HEAP[inv_sbox | sB] ^ RBB;
842 tC = HEAP[inv_sbox | sC] ^ RBC;
843 tD = HEAP[inv_sbox | sD] ^ RBD;
844 tE = HEAP[inv_sbox | sE] ^ RBE;
845 tF = HEAP[inv_sbox | sF] ^ RBF;
846 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
847 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
848 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
849 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
850 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
851 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
852 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
853 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
854 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
855 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
856 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
857 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
858 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
859 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
860 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
861 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
862 t0 = HEAP[inv_sbox | s0] ^ RA0;
863 t1 = HEAP[inv_sbox | s1] ^ RA1;
864 t2 = HEAP[inv_sbox | s2] ^ RA2;
865 t3 = HEAP[inv_sbox | s3] ^ RA3;
866 t4 = HEAP[inv_sbox | s4] ^ RA4;
867 t5 = HEAP[inv_sbox | s5] ^ RA5;
868 t6 = HEAP[inv_sbox | s6] ^ RA6;
869 t7 = HEAP[inv_sbox | s7] ^ RA7;
870 t8 = HEAP[inv_sbox | s8] ^ RA8;
871 t9 = HEAP[inv_sbox | s9] ^ RA9;
872 tA = HEAP[inv_sbox | sA] ^ RAA;
873 tB = HEAP[inv_sbox | sB] ^ RAB;
874 tC = HEAP[inv_sbox | sC] ^ RAC;
875 tD = HEAP[inv_sbox | sD] ^ RAD;
876 tE = HEAP[inv_sbox | sE] ^ RAE;
877 tF = HEAP[inv_sbox | sF] ^ RAF;
878 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
879 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
880 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
881 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
882 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
883 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
884 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
885 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
886 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
887 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
888 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
889 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
890 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
891 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
892 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
893 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
894 t0 = HEAP[inv_sbox | s0] ^ R90;
895 t1 = HEAP[inv_sbox | s1] ^ R91;
896 t2 = HEAP[inv_sbox | s2] ^ R92;
897 t3 = HEAP[inv_sbox | s3] ^ R93;
898 t4 = HEAP[inv_sbox | s4] ^ R94;
899 t5 = HEAP[inv_sbox | s5] ^ R95;
900 t6 = HEAP[inv_sbox | s6] ^ R96;
901 t7 = HEAP[inv_sbox | s7] ^ R97;
902 t8 = HEAP[inv_sbox | s8] ^ R98;
903 t9 = HEAP[inv_sbox | s9] ^ R99;
904 tA = HEAP[inv_sbox | sA] ^ R9A;
905 tB = HEAP[inv_sbox | sB] ^ R9B;
906 tC = HEAP[inv_sbox | sC] ^ R9C;
907 tD = HEAP[inv_sbox | sD] ^ R9D;
908 tE = HEAP[inv_sbox | sE] ^ R9E;
909 tF = HEAP[inv_sbox | sF] ^ R9F;
910 } else {
911 t0 = HEAP[inv_sbox | s0 ^ RA0] ^ R90;
912 t1 = HEAP[inv_sbox | sD ^ RAD] ^ R91;
913 t2 = HEAP[inv_sbox | sA ^ RAA] ^ R92;
914 t3 = HEAP[inv_sbox | s7 ^ RA7] ^ R93;
915 t4 = HEAP[inv_sbox | s4 ^ RA4] ^ R94;
916 t5 = HEAP[inv_sbox | s1 ^ RA1] ^ R95;
917 t6 = HEAP[inv_sbox | sE ^ RAE] ^ R96;
918 t7 = HEAP[inv_sbox | sB ^ RAB] ^ R97;
919 t8 = HEAP[inv_sbox | s8 ^ RA8] ^ R98;
920 t9 = HEAP[inv_sbox | s5 ^ RA5] ^ R99;
921 tA = HEAP[inv_sbox | s2 ^ RA2] ^ R9A;
922 tB = HEAP[inv_sbox | sF ^ RAF] ^ R9B;
923 tC = HEAP[inv_sbox | sC ^ RAC] ^ R9C;
924 tD = HEAP[inv_sbox | s9 ^ RA9] ^ R9D;
925 tE = HEAP[inv_sbox | s6 ^ RA6] ^ R9E;
926 tF = HEAP[inv_sbox | s3 ^ RA3] ^ R9F;
927 }
928 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
929 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
930 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
931 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
932 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
933 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
934 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
935 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
936 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
937 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
938 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
939 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
940 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
941 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
942 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
943 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
944 t0 = HEAP[inv_sbox | s0] ^ R80;
945 t1 = HEAP[inv_sbox | s1] ^ R81;
946 t2 = HEAP[inv_sbox | s2] ^ R82;
947 t3 = HEAP[inv_sbox | s3] ^ R83;
948 t4 = HEAP[inv_sbox | s4] ^ R84;
949 t5 = HEAP[inv_sbox | s5] ^ R85;
950 t6 = HEAP[inv_sbox | s6] ^ R86;
951 t7 = HEAP[inv_sbox | s7] ^ R87;
952 t8 = HEAP[inv_sbox | s8] ^ R88;
953 t9 = HEAP[inv_sbox | s9] ^ R89;
954 tA = HEAP[inv_sbox | sA] ^ R8A;
955 tB = HEAP[inv_sbox | sB] ^ R8B;
956 tC = HEAP[inv_sbox | sC] ^ R8C;
957 tD = HEAP[inv_sbox | sD] ^ R8D;
958 tE = HEAP[inv_sbox | sE] ^ R8E;
959 tF = HEAP[inv_sbox | sF] ^ R8F;
960 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
961 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
962 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
963 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
964 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
965 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
966 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
967 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
968 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
969 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
970 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
971 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
972 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
973 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
974 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
975 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
976 t0 = HEAP[inv_sbox | s0] ^ R70;
977 t1 = HEAP[inv_sbox | s1] ^ R71;
978 t2 = HEAP[inv_sbox | s2] ^ R72;
979 t3 = HEAP[inv_sbox | s3] ^ R73;
980 t4 = HEAP[inv_sbox | s4] ^ R74;
981 t5 = HEAP[inv_sbox | s5] ^ R75;
982 t6 = HEAP[inv_sbox | s6] ^ R76;
983 t7 = HEAP[inv_sbox | s7] ^ R77;
984 t8 = HEAP[inv_sbox | s8] ^ R78;
985 t9 = HEAP[inv_sbox | s9] ^ R79;
986 tA = HEAP[inv_sbox | sA] ^ R7A;
987 tB = HEAP[inv_sbox | sB] ^ R7B;
988 tC = HEAP[inv_sbox | sC] ^ R7C;
989 tD = HEAP[inv_sbox | sD] ^ R7D;
990 tE = HEAP[inv_sbox | sE] ^ R7E;
991 tF = HEAP[inv_sbox | sF] ^ R7F;
992 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
993 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
994 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
995 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
996 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
997 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
998 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
999 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
1000 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
1001 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
1002 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
1003 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
1004 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
1005 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
1006 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
1007 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
1008 t0 = HEAP[inv_sbox | s0] ^ R60;
1009 t1 = HEAP[inv_sbox | s1] ^ R61;
1010 t2 = HEAP[inv_sbox | s2] ^ R62;
1011 t3 = HEAP[inv_sbox | s3] ^ R63;
1012 t4 = HEAP[inv_sbox | s4] ^ R64;
1013 t5 = HEAP[inv_sbox | s5] ^ R65;
1014 t6 = HEAP[inv_sbox | s6] ^ R66;
1015 t7 = HEAP[inv_sbox | s7] ^ R67;
1016 t8 = HEAP[inv_sbox | s8] ^ R68;
1017 t9 = HEAP[inv_sbox | s9] ^ R69;
1018 tA = HEAP[inv_sbox | sA] ^ R6A;
1019 tB = HEAP[inv_sbox | sB] ^ R6B;
1020 tC = HEAP[inv_sbox | sC] ^ R6C;
1021 tD = HEAP[inv_sbox | sD] ^ R6D;
1022 tE = HEAP[inv_sbox | sE] ^ R6E;
1023 tF = HEAP[inv_sbox | sF] ^ R6F;
1024 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
1025 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
1026 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
1027 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
1028 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
1029 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
1030 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
1031 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
1032 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
1033 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
1034 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
1035 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
1036 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
1037 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
1038 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
1039 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
1040 t0 = HEAP[inv_sbox | s0] ^ R50;
1041 t1 = HEAP[inv_sbox | s1] ^ R51;
1042 t2 = HEAP[inv_sbox | s2] ^ R52;
1043 t3 = HEAP[inv_sbox | s3] ^ R53;
1044 t4 = HEAP[inv_sbox | s4] ^ R54;
1045 t5 = HEAP[inv_sbox | s5] ^ R55;
1046 t6 = HEAP[inv_sbox | s6] ^ R56;
1047 t7 = HEAP[inv_sbox | s7] ^ R57;
1048 t8 = HEAP[inv_sbox | s8] ^ R58;
1049 t9 = HEAP[inv_sbox | s9] ^ R59;
1050 tA = HEAP[inv_sbox | sA] ^ R5A;
1051 tB = HEAP[inv_sbox | sB] ^ R5B;
1052 tC = HEAP[inv_sbox | sC] ^ R5C;
1053 tD = HEAP[inv_sbox | sD] ^ R5D;
1054 tE = HEAP[inv_sbox | sE] ^ R5E;
1055 tF = HEAP[inv_sbox | sF] ^ R5F;
1056 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
1057 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
1058 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
1059 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
1060 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
1061 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
1062 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
1063 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
1064 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
1065 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
1066 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
1067 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
1068 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
1069 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
1070 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
1071 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
1072 t0 = HEAP[inv_sbox | s0] ^ R40;
1073 t1 = HEAP[inv_sbox | s1] ^ R41;
1074 t2 = HEAP[inv_sbox | s2] ^ R42;
1075 t3 = HEAP[inv_sbox | s3] ^ R43;
1076 t4 = HEAP[inv_sbox | s4] ^ R44;
1077 t5 = HEAP[inv_sbox | s5] ^ R45;
1078 t6 = HEAP[inv_sbox | s6] ^ R46;
1079 t7 = HEAP[inv_sbox | s7] ^ R47;
1080 t8 = HEAP[inv_sbox | s8] ^ R48;
1081 t9 = HEAP[inv_sbox | s9] ^ R49;
1082 tA = HEAP[inv_sbox | sA] ^ R4A;
1083 tB = HEAP[inv_sbox | sB] ^ R4B;
1084 tC = HEAP[inv_sbox | sC] ^ R4C;
1085 tD = HEAP[inv_sbox | sD] ^ R4D;
1086 tE = HEAP[inv_sbox | sE] ^ R4E;
1087 tF = HEAP[inv_sbox | sF] ^ R4F;
1088 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
1089 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
1090 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
1091 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
1092 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
1093 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
1094 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
1095 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
1096 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
1097 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
1098 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
1099 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
1100 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
1101 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
1102 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
1103 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
1104 t0 = HEAP[inv_sbox | s0] ^ R30;
1105 t1 = HEAP[inv_sbox | s1] ^ R31;
1106 t2 = HEAP[inv_sbox | s2] ^ R32;
1107 t3 = HEAP[inv_sbox | s3] ^ R33;
1108 t4 = HEAP[inv_sbox | s4] ^ R34;
1109 t5 = HEAP[inv_sbox | s5] ^ R35;
1110 t6 = HEAP[inv_sbox | s6] ^ R36;
1111 t7 = HEAP[inv_sbox | s7] ^ R37;
1112 t8 = HEAP[inv_sbox | s8] ^ R38;
1113 t9 = HEAP[inv_sbox | s9] ^ R39;
1114 tA = HEAP[inv_sbox | sA] ^ R3A;
1115 tB = HEAP[inv_sbox | sB] ^ R3B;
1116 tC = HEAP[inv_sbox | sC] ^ R3C;
1117 tD = HEAP[inv_sbox | sD] ^ R3D;
1118 tE = HEAP[inv_sbox | sE] ^ R3E;
1119 tF = HEAP[inv_sbox | sF] ^ R3F;
1120 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
1121 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
1122 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
1123 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
1124 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
1125 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
1126 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
1127 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
1128 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
1129 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
1130 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
1131 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
1132 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
1133 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
1134 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
1135 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
1136 t0 = HEAP[inv_sbox | s0] ^ R20;
1137 t1 = HEAP[inv_sbox | s1] ^ R21;
1138 t2 = HEAP[inv_sbox | s2] ^ R22;
1139 t3 = HEAP[inv_sbox | s3] ^ R23;
1140 t4 = HEAP[inv_sbox | s4] ^ R24;
1141 t5 = HEAP[inv_sbox | s5] ^ R25;
1142 t6 = HEAP[inv_sbox | s6] ^ R26;
1143 t7 = HEAP[inv_sbox | s7] ^ R27;
1144 t8 = HEAP[inv_sbox | s8] ^ R28;
1145 t9 = HEAP[inv_sbox | s9] ^ R29;
1146 tA = HEAP[inv_sbox | sA] ^ R2A;
1147 tB = HEAP[inv_sbox | sB] ^ R2B;
1148 tC = HEAP[inv_sbox | sC] ^ R2C;
1149 tD = HEAP[inv_sbox | sD] ^ R2D;
1150 tE = HEAP[inv_sbox | sE] ^ R2E;
1151 tF = HEAP[inv_sbox | sF] ^ R2F;
1152 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
1153 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
1154 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
1155 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
1156 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
1157 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
1158 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
1159 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
1160 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
1161 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
1162 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
1163 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
1164 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
1165 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
1166 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
1167 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
1168 t0 = HEAP[inv_sbox | s0] ^ R10;
1169 t1 = HEAP[inv_sbox | s1] ^ R11;
1170 t2 = HEAP[inv_sbox | s2] ^ R12;
1171 t3 = HEAP[inv_sbox | s3] ^ R13;
1172 t4 = HEAP[inv_sbox | s4] ^ R14;
1173 t5 = HEAP[inv_sbox | s5] ^ R15;
1174 t6 = HEAP[inv_sbox | s6] ^ R16;
1175 t7 = HEAP[inv_sbox | s7] ^ R17;
1176 t8 = HEAP[inv_sbox | s8] ^ R18;
1177 t9 = HEAP[inv_sbox | s9] ^ R19;
1178 tA = HEAP[inv_sbox | sA] ^ R1A;
1179 tB = HEAP[inv_sbox | sB] ^ R1B;
1180 tC = HEAP[inv_sbox | sC] ^ R1C;
1181 tD = HEAP[inv_sbox | sD] ^ R1D;
1182 tE = HEAP[inv_sbox | sE] ^ R1E;
1183 tF = HEAP[inv_sbox | sF] ^ R1F;
1184 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
1185 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
1186 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
1187 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
1188 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
1189 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
1190 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
1191 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
1192 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
1193 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
1194 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
1195 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
1196 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
1197 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
1198 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
1199 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
1200 S0 = HEAP[inv_sbox | s0] ^ R00;
1201 S1 = HEAP[inv_sbox | s1] ^ R01;
1202 S2 = HEAP[inv_sbox | s2] ^ R02;
1203 S3 = HEAP[inv_sbox | s3] ^ R03;
1204 S4 = HEAP[inv_sbox | s4] ^ R04;
1205 S5 = HEAP[inv_sbox | s5] ^ R05;
1206 S6 = HEAP[inv_sbox | s6] ^ R06;
1207 S7 = HEAP[inv_sbox | s7] ^ R07;
1208 S8 = HEAP[inv_sbox | s8] ^ R08;
1209 S9 = HEAP[inv_sbox | s9] ^ R09;
1210 SA = HEAP[inv_sbox | sA] ^ R0A;
1211 SB = HEAP[inv_sbox | sB] ^ R0B;
1212 SC = HEAP[inv_sbox | sC] ^ R0C;
1213 SD = HEAP[inv_sbox | sD] ^ R0D;
1214 SE = HEAP[inv_sbox | sE] ^ R0E;
1215 SF = HEAP[inv_sbox | sF] ^ R0F;
1216 }
1217 function init_state(s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, sA, sB, sC, sD, sE, sF) {
1218 s0 = s0 | 0;
1219 s1 = s1 | 0;
1220 s2 = s2 | 0;
1221 s3 = s3 | 0;
1222 s4 = s4 | 0;
1223 s5 = s5 | 0;
1224 s6 = s6 | 0;
1225 s7 = s7 | 0;
1226 s8 = s8 | 0;
1227 s9 = s9 | 0;
1228 sA = sA | 0;
1229 sB = sB | 0;
1230 sC = sC | 0;
1231 sD = sD | 0;
1232 sE = sE | 0;
1233 sF = sF | 0;
1234 S0 = s0;
1235 S1 = s1;
1236 S2 = s2;
1237 S3 = s3;
1238 S4 = s4;
1239 S5 = s5;
1240 S6 = s6;
1241 S7 = s7;
1242 S8 = s8;
1243 S9 = s9;
1244 SA = sA;
1245 SB = sB;
1246 SC = sC;
1247 SD = sD;
1248 SE = sE;
1249 SF = sF;
1250 }
1251 function save_state(offset) {
1252 offset = offset | 0;
1253 HEAP[offset] = S0;
1254 HEAP[offset | 1] = S1;
1255 HEAP[offset | 2] = S2;
1256 HEAP[offset | 3] = S3;
1257 HEAP[offset | 4] = S4;
1258 HEAP[offset | 5] = S5;
1259 HEAP[offset | 6] = S6;
1260 HEAP[offset | 7] = S7;
1261 HEAP[offset | 8] = S8;
1262 HEAP[offset | 9] = S9;
1263 HEAP[offset | 10] = SA;
1264 HEAP[offset | 11] = SB;
1265 HEAP[offset | 12] = SC;
1266 HEAP[offset | 13] = SD;
1267 HEAP[offset | 14] = SE;
1268 HEAP[offset | 15] = SF;
1269 }
1270 function init_key_128(k0, k1, k2, k3, k4, k5, k6, k7, k8, k9, kA, kB, kC, kD, kE, kF) {
1271 k0 = k0 | 0;
1272 k1 = k1 | 0;
1273 k2 = k2 | 0;
1274 k3 = k3 | 0;
1275 k4 = k4 | 0;
1276 k5 = k5 | 0;
1277 k6 = k6 | 0;
1278 k7 = k7 | 0;
1279 k8 = k8 | 0;
1280 k9 = k9 | 0;
1281 kA = kA | 0;
1282 kB = kB | 0;
1283 kC = kC | 0;
1284 kD = kD | 0;
1285 kE = kE | 0;
1286 kF = kF | 0;
1287 R00 = k0;
1288 R01 = k1;
1289 R02 = k2;
1290 R03 = k3;
1291 R04 = k4;
1292 R05 = k5;
1293 R06 = k6;
1294 R07 = k7;
1295 R08 = k8;
1296 R09 = k9;
1297 R0A = kA;
1298 R0B = kB;
1299 R0C = kC;
1300 R0D = kD;
1301 R0E = kE;
1302 R0F = kF;
1303 keySize = 16;
1304 _expand_key_128();
1305 }
1306 function init_key_256(k00, k01, k02, k03, k04, k05, k06, k07, k08, k09, k0A, k0B, k0C, k0D, k0E, k0F, k10, k11, k12, k13, k14, k15, k16, k17, k18, k19, k1A, k1B, k1C, k1D, k1E, k1F) {
1307 k00 = k00 | 0;
1308 k01 = k01 | 0;
1309 k02 = k02 | 0;
1310 k03 = k03 | 0;
1311 k04 = k04 | 0;
1312 k05 = k05 | 0;
1313 k06 = k06 | 0;
1314 k07 = k07 | 0;
1315 k08 = k08 | 0;
1316 k09 = k09 | 0;
1317 k0A = k0A | 0;
1318 k0B = k0B | 0;
1319 k0C = k0C | 0;
1320 k0D = k0D | 0;
1321 k0E = k0E | 0;
1322 k0F = k0F | 0;
1323 k10 = k10 | 0;
1324 k11 = k11 | 0;
1325 k12 = k12 | 0;
1326 k13 = k13 | 0;
1327 k14 = k14 | 0;
1328 k15 = k15 | 0;
1329 k16 = k16 | 0;
1330 k17 = k17 | 0;
1331 k18 = k18 | 0;
1332 k19 = k19 | 0;
1333 k1A = k1A | 0;
1334 k1B = k1B | 0;
1335 k1C = k1C | 0;
1336 k1D = k1D | 0;
1337 k1E = k1E | 0;
1338 k1F = k1F | 0;
1339 R00 = k00;
1340 R01 = k01;
1341 R02 = k02;
1342 R03 = k03;
1343 R04 = k04;
1344 R05 = k05;
1345 R06 = k06;
1346 R07 = k07;
1347 R08 = k08;
1348 R09 = k09;
1349 R0A = k0A;
1350 R0B = k0B;
1351 R0C = k0C;
1352 R0D = k0D;
1353 R0E = k0E;
1354 R0F = k0F;
1355 R10 = k10;
1356 R11 = k11;
1357 R12 = k12;
1358 R13 = k13;
1359 R14 = k14;
1360 R15 = k15;
1361 R16 = k16;
1362 R17 = k17;
1363 R18 = k18;
1364 R19 = k19;
1365 R1A = k1A;
1366 R1B = k1B;
1367 R1C = k1C;
1368 R1D = k1D;
1369 R1E = k1E;
1370 R1F = k1F;
1371 keySize = 32;
1372 _expand_key_256();
1373 }
1374 function cbc_encrypt(offset, length) {
1375 offset = offset | 0;
1376 length = length | 0;
1377 var encrypted = 0;
1378 if (offset & 15) return -1;
1379 while ((length | 0) >= 16) {
1380 _encrypt(S0 ^ HEAP[offset], S1 ^ HEAP[offset | 1], S2 ^ HEAP[offset | 2], S3 ^ HEAP[offset | 3], S4 ^ HEAP[offset | 4], S5 ^ HEAP[offset | 5], S6 ^ HEAP[offset | 6], S7 ^ HEAP[offset | 7], S8 ^ HEAP[offset | 8], S9 ^ HEAP[offset | 9], SA ^ HEAP[offset | 10], SB ^ HEAP[offset | 11], SC ^ HEAP[offset | 12], SD ^ HEAP[offset | 13], SE ^ HEAP[offset | 14], SF ^ HEAP[offset | 15]);
1381 HEAP[offset] = S0;
1382 HEAP[offset | 1] = S1;
1383 HEAP[offset | 2] = S2;
1384 HEAP[offset | 3] = S3;
1385 HEAP[offset | 4] = S4;
1386 HEAP[offset | 5] = S5;
1387 HEAP[offset | 6] = S6;
1388 HEAP[offset | 7] = S7;
1389 HEAP[offset | 8] = S8;
1390 HEAP[offset | 9] = S9;
1391 HEAP[offset | 10] = SA;
1392 HEAP[offset | 11] = SB;
1393 HEAP[offset | 12] = SC;
1394 HEAP[offset | 13] = SD;
1395 HEAP[offset | 14] = SE;
1396 HEAP[offset | 15] = SF;
1397 offset = offset + 16 | 0;
1398 length = length - 16 | 0;
1399 encrypted = encrypted + 16 | 0;
1400 }
1401 return encrypted | 0;
1402 }
1403 function cbc_decrypt(offset, length) {
1404 offset = offset | 0;
1405 length = length | 0;
1406 var iv0 = 0, iv1 = 0, iv2 = 0, iv3 = 0, iv4 = 0, iv5 = 0, iv6 = 0, iv7 = 0, iv8 = 0, iv9 = 0, ivA = 0, ivB = 0, ivC = 0, ivD = 0, ivE = 0, ivF = 0, decrypted = 0;
1407 if (offset & 15) return -1;
1408 iv0 = S0;
1409 iv1 = S1;
1410 iv2 = S2;
1411 iv3 = S3;
1412 iv4 = S4;
1413 iv5 = S5;
1414 iv6 = S6;
1415 iv7 = S7;
1416 iv8 = S8;
1417 iv9 = S9;
1418 ivA = SA;
1419 ivB = SB;
1420 ivC = SC;
1421 ivD = SD;
1422 ivE = SE;
1423 ivF = SF;
1424 while ((length | 0) >= 16) {
1425 _decrypt(HEAP[offset] | 0, HEAP[offset | 1] | 0, HEAP[offset | 2] | 0, HEAP[offset | 3] | 0, HEAP[offset | 4] | 0, HEAP[offset | 5] | 0, HEAP[offset | 6] | 0, HEAP[offset | 7] | 0, HEAP[offset | 8] | 0, HEAP[offset | 9] | 0, HEAP[offset | 10] | 0, HEAP[offset | 11] | 0, HEAP[offset | 12] | 0, HEAP[offset | 13] | 0, HEAP[offset | 14] | 0, HEAP[offset | 15] | 0);
1426 S0 = S0 ^ iv0;
1427 iv0 = HEAP[offset] | 0;
1428 S1 = S1 ^ iv1;
1429 iv1 = HEAP[offset | 1] | 0;
1430 S2 = S2 ^ iv2;
1431 iv2 = HEAP[offset | 2] | 0;
1432 S3 = S3 ^ iv3;
1433 iv3 = HEAP[offset | 3] | 0;
1434 S4 = S4 ^ iv4;
1435 iv4 = HEAP[offset | 4] | 0;
1436 S5 = S5 ^ iv5;
1437 iv5 = HEAP[offset | 5] | 0;
1438 S6 = S6 ^ iv6;
1439 iv6 = HEAP[offset | 6] | 0;
1440 S7 = S7 ^ iv7;
1441 iv7 = HEAP[offset | 7] | 0;
1442 S8 = S8 ^ iv8;
1443 iv8 = HEAP[offset | 8] | 0;
1444 S9 = S9 ^ iv9;
1445 iv9 = HEAP[offset | 9] | 0;
1446 SA = SA ^ ivA;
1447 ivA = HEAP[offset | 10] | 0;
1448 SB = SB ^ ivB;
1449 ivB = HEAP[offset | 11] | 0;
1450 SC = SC ^ ivC;
1451 ivC = HEAP[offset | 12] | 0;
1452 SD = SD ^ ivD;
1453 ivD = HEAP[offset | 13] | 0;
1454 SE = SE ^ ivE;
1455 ivE = HEAP[offset | 14] | 0;
1456 SF = SF ^ ivF;
1457 ivF = HEAP[offset | 15] | 0;
1458 HEAP[offset] = S0;
1459 HEAP[offset | 1] = S1;
1460 HEAP[offset | 2] = S2;
1461 HEAP[offset | 3] = S3;
1462 HEAP[offset | 4] = S4;
1463 HEAP[offset | 5] = S5;
1464 HEAP[offset | 6] = S6;
1465 HEAP[offset | 7] = S7;
1466 HEAP[offset | 8] = S8;
1467 HEAP[offset | 9] = S9;
1468 HEAP[offset | 10] = SA;
1469 HEAP[offset | 11] = SB;
1470 HEAP[offset | 12] = SC;
1471 HEAP[offset | 13] = SD;
1472 HEAP[offset | 14] = SE;
1473 HEAP[offset | 15] = SF;
1474 offset = offset + 16 | 0;
1475 length = length - 16 | 0;
1476 decrypted = decrypted + 16 | 0;
1477 }
1478 S0 = iv0;
1479 S1 = iv1;
1480 S2 = iv2;
1481 S3 = iv3;
1482 S4 = iv4;
1483 S5 = iv5;
1484 S6 = iv6;
1485 S7 = iv7;
1486 S8 = iv8;
1487 S9 = iv9;
1488 SA = ivA;
1489 SB = ivB;
1490 SC = ivC;
1491 SD = ivD;
1492 SE = ivE;
1493 SF = ivF;
1494 return decrypted | 0;
1495 }
1496 function cbc_mac(offset, length, output) {
1497 offset = offset | 0;
1498 length = length | 0;
1499 output = output | 0;
1500 if (offset & 15) return -1;
1501 if (~output) if (output & 31) return -1;
1502 while ((length | 0) >= 16) {
1503 _encrypt(S0 ^ HEAP[offset], S1 ^ HEAP[offset | 1], S2 ^ HEAP[offset | 2], S3 ^ HEAP[offset | 3], S4 ^ HEAP[offset | 4], S5 ^ HEAP[offset | 5], S6 ^ HEAP[offset | 6], S7 ^ HEAP[offset | 7], S8 ^ HEAP[offset | 8], S9 ^ HEAP[offset | 9], SA ^ HEAP[offset | 10], SB ^ HEAP[offset | 11], SC ^ HEAP[offset | 12], SD ^ HEAP[offset | 13], SE ^ HEAP[offset | 14], SF ^ HEAP[offset | 15]);
1504 offset = offset + 16 | 0;
1505 length = length - 16 | 0;
1506 }
1507 if ((length | 0) > 0) {
1508 S0 = S0 ^ HEAP[offset];
1509 if ((length | 0) > 1) S1 = S1 ^ HEAP[offset | 1];
1510 if ((length | 0) > 2) S2 = S2 ^ HEAP[offset | 2];
1511 if ((length | 0) > 3) S3 = S3 ^ HEAP[offset | 3];
1512 if ((length | 0) > 4) S4 = S4 ^ HEAP[offset | 4];
1513 if ((length | 0) > 5) S5 = S5 ^ HEAP[offset | 5];
1514 if ((length | 0) > 6) S6 = S6 ^ HEAP[offset | 6];
1515 if ((length | 0) > 7) S7 = S7 ^ HEAP[offset | 7];
1516 if ((length | 0) > 8) S8 = S8 ^ HEAP[offset | 8];
1517 if ((length | 0) > 9) S9 = S9 ^ HEAP[offset | 9];
1518 if ((length | 0) > 10) SA = SA ^ HEAP[offset | 10];
1519 if ((length | 0) > 11) SB = SB ^ HEAP[offset | 11];
1520 if ((length | 0) > 12) SC = SC ^ HEAP[offset | 12];
1521 if ((length | 0) > 13) SD = SD ^ HEAP[offset | 13];
1522 if ((length | 0) > 14) SE = SE ^ HEAP[offset | 14];
1523 _encrypt(S0, S1, S2, S3, S4, S5, S6, S7, S8, S9, SA, SB, SC, SD, SE, SF);
1524 offset = offset + length | 0;
1525 length = 0;
1526 }
1527 if (~output) {
1528 HEAP[output | 0] = S0;
1529 HEAP[output | 1] = S1;
1530 HEAP[output | 2] = S2;
1531 HEAP[output | 3] = S3;
1532 HEAP[output | 4] = S4;
1533 HEAP[output | 5] = S5;
1534 HEAP[output | 6] = S6;
1535 HEAP[output | 7] = S7;
1536 HEAP[output | 8] = S8;
1537 HEAP[output | 9] = S9;
1538 HEAP[output | 10] = SA;
1539 HEAP[output | 11] = SB;
1540 HEAP[output | 12] = SC;
1541 HEAP[output | 13] = SD;
1542 HEAP[output | 14] = SE;
1543 HEAP[output | 15] = SF;
1544 }
1545 return 0;
1546 }
1547 function ccm_encrypt(offset, length, nonce0, nonce1, nonce2, nonce3, nonce4, nonce5, nonce6, nonce7, nonce8, nonce9, nonceA, nonceB, nonceC, nonceD, counter0, counter1) {
1548 offset = offset | 0;
1549 length = length | 0;
1550 nonce0 = nonce0 | 0;
1551 nonce1 = nonce1 | 0;
1552 nonce2 = nonce2 | 0;
1553 nonce3 = nonce3 | 0;
1554 nonce4 = nonce4 | 0;
1555 nonce5 = nonce5 | 0;
1556 nonce6 = nonce6 | 0;
1557 nonce7 = nonce7 | 0;
1558 nonce8 = nonce8 | 0;
1559 nonce9 = nonce9 | 0;
1560 nonceA = nonceA | 0;
1561 nonceB = nonceB | 0;
1562 nonceC = nonceC | 0;
1563 nonceD = nonceD | 0;
1564 counter0 = counter0 | 0;
1565 counter1 = counter1 | 0;
1566 var iv0 = 0, iv1 = 0, iv2 = 0, iv3 = 0, iv4 = 0, iv5 = 0, iv6 = 0, iv7 = 0, iv8 = 0, iv9 = 0, ivA = 0, ivB = 0, ivC = 0, ivD = 0, ivE = 0, ivF = 0, s0 = 0, s1 = 0, s2 = 0, s3 = 0, s4 = 0, s5 = 0, s6 = 0, s7 = 0, s8 = 0, s9 = 0, sA = 0, sB = 0, sC = 0, sD = 0, sE = 0, sF = 0, encrypted = 0;
1567 if (offset & 15) return -1;
1568 iv0 = S0, iv1 = S1, iv2 = S2, iv3 = S3, iv4 = S4, iv5 = S5, iv6 = S6, iv7 = S7,
1569 iv8 = S8, iv9 = S9, ivA = SA, ivB = SB, ivC = SC, ivD = SD, ivE = SE, ivF = SF;
1570 while ((length | 0) >= 16) {
1571 s0 = HEAP[offset] | 0;
1572 s1 = HEAP[offset | 1] | 0;
1573 s2 = HEAP[offset | 2] | 0;
1574 s3 = HEAP[offset | 3] | 0;
1575 s4 = HEAP[offset | 4] | 0;
1576 s5 = HEAP[offset | 5] | 0;
1577 s6 = HEAP[offset | 6] | 0;
1578 s7 = HEAP[offset | 7] | 0;
1579 s8 = HEAP[offset | 8] | 0;
1580 s9 = HEAP[offset | 9] | 0;
1581 sA = HEAP[offset | 10] | 0;
1582 sB = HEAP[offset | 11] | 0;
1583 sC = HEAP[offset | 12] | 0;
1584 sD = HEAP[offset | 13] | 0;
1585 sE = HEAP[offset | 14] | 0;
1586 sF = HEAP[offset | 15] | 0;
1587 _encrypt(nonce0, nonce1, nonce2, nonce3, nonce4, nonce5, nonce6, nonce7, nonce8 ^ counter0 >>> 24, nonce9 ^ counter0 >>> 16 & 255, nonceA ^ counter0 >>> 8 & 255, nonceB ^ counter0 & 255, nonceC ^ counter1 >>> 24, nonceD ^ counter1 >>> 16 & 255, counter1 >>> 8 & 255, counter1 & 255);
1588 HEAP[offset] = s0 ^ S0;
1589 HEAP[offset | 1] = s1 ^ S1;
1590 HEAP[offset | 2] = s2 ^ S2;
1591 HEAP[offset | 3] = s3 ^ S3;
1592 HEAP[offset | 4] = s4 ^ S4;
1593 HEAP[offset | 5] = s5 ^ S5;
1594 HEAP[offset | 6] = s6 ^ S6;
1595 HEAP[offset | 7] = s7 ^ S7;
1596 HEAP[offset | 8] = s8 ^ S8;
1597 HEAP[offset | 9] = s9 ^ S9;
1598 HEAP[offset | 10] = sA ^ SA;
1599 HEAP[offset | 11] = sB ^ SB;
1600 HEAP[offset | 12] = sC ^ SC;
1601 HEAP[offset | 13] = sD ^ SD;
1602 HEAP[offset | 14] = sE ^ SE;
1603 HEAP[offset | 15] = sF ^ SF;
1604 _encrypt(s0 ^ iv0, s1 ^ iv1, s2 ^ iv2, s3 ^ iv3, s4 ^ iv4, s5 ^ iv5, s6 ^ iv6, s7 ^ iv7, s8 ^ iv8, s9 ^ iv9, sA ^ ivA, sB ^ ivB, sC ^ ivC, sD ^ ivD, sE ^ ivE, sF ^ ivF);
1605 iv0 = S0, iv1 = S1, iv2 = S2, iv3 = S3, iv4 = S4, iv5 = S5, iv6 = S6, iv7 = S7,
1606 iv8 = S8, iv9 = S9, ivA = SA, ivB = SB, ivC = SC, ivD = SD, ivE = SE, ivF = SF;
1607 encrypted = encrypted + 16 | 0;
1608 offset = offset + 16 | 0;
1609 length = length - 16 | 0;
1610 counter1 = counter1 + 1 | 0;
1611 if ((counter1 | 0) == 0) counter0 = counter0 + 1 | 0;
1612 }
1613 if ((length | 0) > 0) {
1614 s0 = HEAP[offset] | 0;
1615 s1 = (length | 0) > 1 ? HEAP[offset | 1] | 0 : 0;
1616 s2 = (length | 0) > 2 ? HEAP[offset | 2] | 0 : 0;
1617 s3 = (length | 0) > 3 ? HEAP[offset | 3] | 0 : 0;
1618 s4 = (length | 0) > 4 ? HEAP[offset | 4] | 0 : 0;
1619 s5 = (length | 0) > 5 ? HEAP[offset | 5] | 0 : 0;
1620 s6 = (length | 0) > 6 ? HEAP[offset | 6] | 0 : 0;
1621 s7 = (length | 0) > 7 ? HEAP[offset | 7] | 0 : 0;
1622 s8 = (length | 0) > 8 ? HEAP[offset | 8] | 0 : 0;
1623 s9 = (length | 0) > 9 ? HEAP[offset | 9] | 0 : 0;
1624 sA = (length | 0) > 10 ? HEAP[offset | 10] | 0 : 0;
1625 sB = (length | 0) > 11 ? HEAP[offset | 11] | 0 : 0;
1626 sC = (length | 0) > 12 ? HEAP[offset | 12] | 0 : 0;
1627 sD = (length | 0) > 13 ? HEAP[offset | 13] | 0 : 0;
1628 sE = (length | 0) > 14 ? HEAP[offset | 14] | 0 : 0;
1629 _encrypt(nonce0, nonce1, nonce2, nonce3, nonce4, nonce5, nonce6, nonce7, nonce8 ^ counter0 >>> 24, nonce9 ^ counter0 >>> 16 & 255, nonceA ^ counter0 >>> 8 & 255, nonceB ^ counter0 & 255, nonceC ^ counter1 >>> 24, nonceD ^ counter1 >>> 16 & 255, counter1 >>> 8 & 255, counter1 & 255);
1630 HEAP[offset] = s0 ^ S0;
1631 if ((length | 0) > 1) HEAP[offset | 1] = s1 ^ S1;
1632 if ((length | 0) > 2) HEAP[offset | 2] = s2 ^ S2;
1633 if ((length | 0) > 3) HEAP[offset | 3] = s3 ^ S3;
1634 if ((length | 0) > 4) HEAP[offset | 4] = s4 ^ S4;
1635 if ((length | 0) > 5) HEAP[offset | 5] = s5 ^ S5;
1636 if ((length | 0) > 6) HEAP[offset | 6] = s6 ^ S6;
1637 if ((length | 0) > 7) HEAP[offset | 7] = s7 ^ S7;
1638 if ((length | 0) > 8) HEAP[offset | 8] = s8 ^ S8;
1639 if ((length | 0) > 9) HEAP[offset | 9] = s9 ^ S9;
1640 if ((length | 0) > 10) HEAP[offset | 10] = sA ^ SA;
1641 if ((length | 0) > 11) HEAP[offset | 11] = sB ^ SB;
1642 if ((length | 0) > 12) HEAP[offset | 12] = sC ^ SC;
1643 if ((length | 0) > 13) HEAP[offset | 13] = sD ^ SD;
1644 if ((length | 0) > 14) HEAP[offset | 14] = sE ^ SE;
1645 _encrypt(s0 ^ iv0, s1 ^ iv1, s2 ^ iv2, s3 ^ iv3, s4 ^ iv4, s5 ^ iv5, s6 ^ iv6, s7 ^ iv7, s8 ^ iv8, s9 ^ iv9, sA ^ ivA, sB ^ ivB, sC ^ ivC, sD ^ ivD, sE ^ ivE, ivF);
1646 iv0 = S0, iv1 = S1, iv2 = S2, iv3 = S3, iv4 = S4, iv5 = S5, iv6 = S6, iv7 = S7,
1647 iv8 = S8, iv9 = S9, ivA = SA, ivB = SB, ivC = SC, ivD = SD, ivE = SE, ivF = SF;
1648 encrypted = encrypted + length | 0;
1649 offset = offset + length | 0;
1650 length = 0;
1651 counter1 = counter1 + 1 | 0;
1652 if ((counter1 | 0) == 0) counter0 = counter0 + 1 | 0;
1653 }
1654 return encrypted | 0;
1655 }
1656 function ccm_decrypt(offset, length, nonce0, nonce1, nonce2, nonce3, nonce4, nonce5, nonce6, nonce7, nonce8, nonce9, nonceA, nonceB, nonceC, nonceD, counter0, counter1) {
1657 offset = offset | 0;
1658 length = length | 0;
1659 nonce0 = nonce0 | 0;
1660 nonce1 = nonce1 | 0;
1661 nonce2 = nonce2 | 0;
1662 nonce3 = nonce3 | 0;
1663 nonce4 = nonce4 | 0;
1664 nonce5 = nonce5 | 0;
1665 nonce6 = nonce6 | 0;
1666 nonce7 = nonce7 | 0;
1667 nonce8 = nonce8 | 0;
1668 nonce9 = nonce9 | 0;
1669 nonceA = nonceA | 0;
1670 nonceB = nonceB | 0;
1671 nonceC = nonceC | 0;
1672 nonceD = nonceD | 0;
1673 counter0 = counter0 | 0;
1674 counter1 = counter1 | 0;
1675 var iv0 = 0, iv1 = 0, iv2 = 0, iv3 = 0, iv4 = 0, iv5 = 0, iv6 = 0, iv7 = 0, iv8 = 0, iv9 = 0, ivA = 0, ivB = 0, ivC = 0, ivD = 0, ivE = 0, ivF = 0, s0 = 0, s1 = 0, s2 = 0, s3 = 0, s4 = 0, s5 = 0, s6 = 0, s7 = 0, s8 = 0, s9 = 0, sA = 0, sB = 0, sC = 0, sD = 0, sE = 0, sF = 0, decrypted = 0;
1676 if (offset & 15) return -1;
1677 iv0 = S0, iv1 = S1, iv2 = S2, iv3 = S3, iv4 = S4, iv5 = S5, iv6 = S6, iv7 = S7,
1678 iv8 = S8, iv9 = S9, ivA = SA, ivB = SB, ivC = SC, ivD = SD, ivE = SE, ivF = SF;
1679 while ((length | 0) >= 16) {
1680 _encrypt(nonce0, nonce1, nonce2, nonce3, nonce4, nonce5, nonce6, nonce7, nonce8 ^ counter0 >>> 24, nonce9 ^ counter0 >>> 16 & 255, nonceA ^ counter0 >>> 8 & 255, nonceB ^ counter0 & 255, nonceC ^ counter1 >>> 24, nonceD ^ counter1 >>> 16 & 255, counter1 >>> 8 & 255, counter1 & 255);
1681 HEAP[offset] = s0 = HEAP[offset] ^ S0;
1682 HEAP[offset | 1] = s1 = HEAP[offset | 1] ^ S1;
1683 HEAP[offset | 2] = s2 = HEAP[offset | 2] ^ S2;
1684 HEAP[offset | 3] = s3 = HEAP[offset | 3] ^ S3;
1685 HEAP[offset | 4] = s4 = HEAP[offset | 4] ^ S4;
1686 HEAP[offset | 5] = s5 = HEAP[offset | 5] ^ S5;
1687 HEAP[offset | 6] = s6 = HEAP[offset | 6] ^ S6;
1688 HEAP[offset | 7] = s7 = HEAP[offset | 7] ^ S7;
1689 HEAP[offset | 8] = s8 = HEAP[offset | 8] ^ S8;
1690 HEAP[offset | 9] = s9 = HEAP[offset | 9] ^ S9;
1691 HEAP[offset | 10] = sA = HEAP[offset | 10] ^ SA;
1692 HEAP[offset | 11] = sB = HEAP[offset | 11] ^ SB;
1693 HEAP[offset | 12] = sC = HEAP[offset | 12] ^ SC;
1694 HEAP[offset | 13] = sD = HEAP[offset | 13] ^ SD;
1695 HEAP[offset | 14] = sE = HEAP[offset | 14] ^ SE;
1696 HEAP[offset | 15] = sF = HEAP[offset | 15] ^ SF;
1697 _encrypt(s0 ^ iv0, s1 ^ iv1, s2 ^ iv2, s3 ^ iv3, s4 ^ iv4, s5 ^ iv5, s6 ^ iv6, s7 ^ iv7, s8 ^ iv8, s9 ^ iv9, sA ^ ivA, sB ^ ivB, sC ^ ivC, sD ^ ivD, sE ^ ivE, sF ^ ivF);
1698 iv0 = S0, iv1 = S1, iv2 = S2, iv3 = S3, iv4 = S4, iv5 = S5, iv6 = S6, iv7 = S7,
1699 iv8 = S8, iv9 = S9, ivA = SA, ivB = SB, ivC = SC, ivD = SD, ivE = SE, ivF = SF;
1700 decrypted = decrypted + 16 | 0;
1701 offset = offset + 16 | 0;
1702 length = length - 16 | 0;
1703 counter1 = counter1 + 1 | 0;
1704 if ((counter1 | 0) == 0) counter0 = counter0 + 1 | 0;
1705 }
1706 if ((length | 0) > 0) {
1707 _encrypt(nonce0, nonce1, nonce2, nonce3, nonce4, nonce5, nonce6, nonce7, nonce8 ^ counter0 >>> 24, nonce9 ^ counter0 >>> 16 & 255, nonceA ^ counter0 >>> 8 & 255, nonceB ^ counter0 & 255, nonceC ^ counter1 >>> 24, nonceD ^ counter1 >>> 16 & 255, counter1 >>> 8 & 255, counter1 & 255);
1708 s0 = HEAP[offset] ^ S0;
1709 s1 = (length | 0) > 1 ? HEAP[offset | 1] ^ S1 : 0;
1710 s2 = (length | 0) > 2 ? HEAP[offset | 2] ^ S2 : 0;
1711 s3 = (length | 0) > 3 ? HEAP[offset | 3] ^ S3 : 0;
1712 s4 = (length | 0) > 4 ? HEAP[offset | 4] ^ S4 : 0;
1713 s5 = (length | 0) > 5 ? HEAP[offset | 5] ^ S5 : 0;
1714 s6 = (length | 0) > 6 ? HEAP[offset | 6] ^ S6 : 0;
1715 s7 = (length | 0) > 7 ? HEAP[offset | 7] ^ S7 : 0;
1716 s8 = (length | 0) > 8 ? HEAP[offset | 8] ^ S8 : 0;
1717 s9 = (length | 0) > 9 ? HEAP[offset | 9] ^ S9 : 0;
1718 sA = (length | 0) > 10 ? HEAP[offset | 10] ^ SA : 0;
1719 sB = (length | 0) > 11 ? HEAP[offset | 11] ^ SB : 0;
1720 sC = (length | 0) > 12 ? HEAP[offset | 12] ^ SC : 0;
1721 sD = (length | 0) > 13 ? HEAP[offset | 13] ^ SD : 0;
1722 sE = (length | 0) > 14 ? HEAP[offset | 14] ^ SE : 0;
1723 sF = (length | 0) > 15 ? HEAP[offset | 15] ^ SF : 0;
1724 HEAP[offset] = s0;
1725 if ((length | 0) > 1) HEAP[offset | 1] = s1;
1726 if ((length | 0) > 2) HEAP[offset | 2] = s2;
1727 if ((length | 0) > 3) HEAP[offset | 3] = s3;
1728 if ((length | 0) > 4) HEAP[offset | 4] = s4;
1729 if ((length | 0) > 5) HEAP[offset | 5] = s5;
1730 if ((length | 0) > 6) HEAP[offset | 6] = s6;
1731 if ((length | 0) > 7) HEAP[offset | 7] = s7;
1732 if ((length | 0) > 8) HEAP[offset | 8] = s8;
1733 if ((length | 0) > 9) HEAP[offset | 9] = s9;
1734 if ((length | 0) > 10) HEAP[offset | 10] = sA;
1735 if ((length | 0) > 11) HEAP[offset | 11] = sB;
1736 if ((length | 0) > 12) HEAP[offset | 12] = sC;
1737 if ((length | 0) > 13) HEAP[offset | 13] = sD;
1738 if ((length | 0) > 14) HEAP[offset | 14] = sE;
1739 _encrypt(s0 ^ iv0, s1 ^ iv1, s2 ^ iv2, s3 ^ iv3, s4 ^ iv4, s5 ^ iv5, s6 ^ iv6, s7 ^ iv7, s8 ^ iv8, s9 ^ iv9, sA ^ ivA, sB ^ ivB, sC ^ ivC, sD ^ ivD, sE ^ ivE, sF ^ ivF);
1740 iv0 = S0, iv1 = S1, iv2 = S2, iv3 = S3, iv4 = S4, iv5 = S5, iv6 = S6, iv7 = S7,
1741 iv8 = S8, iv9 = S9, ivA = SA, ivB = SB, ivC = SC, ivD = SD, ivE = SE, ivF = SF;
1742 decrypted = decrypted + length | 0;
1743 offset = offset + length | 0;
1744 length = 0;
1745 counter1 = counter1 + 1 | 0;
1746 if ((counter1 | 0) == 0) counter0 = counter0 + 1 | 0;
1747 }
1748 return decrypted | 0;
1749 }
1750 function cfb_encrypt(offset, length) {
1751 offset = offset | 0;
1752 length = length | 0;
1753 var encrypted = 0;
1754 if (offset & 15) return -1;
1755 while ((length | 0) >= 16) {
1756 _encrypt(S0, S1, S2, S3, S4, S5, S6, S7, S8, S9, SA, SB, SC, SD, SE, SF);
1757 S0 = S0 ^ HEAP[offset];
1758 S1 = S1 ^ HEAP[offset | 1];
1759 S2 = S2 ^ HEAP[offset | 2];
1760 S3 = S3 ^ HEAP[offset | 3];
1761 S4 = S4 ^ HEAP[offset | 4];
1762 S5 = S5 ^ HEAP[offset | 5];
1763 S6 = S6 ^ HEAP[offset | 6];
1764 S7 = S7 ^ HEAP[offset | 7];
1765 S8 = S8 ^ HEAP[offset | 8];
1766 S9 = S9 ^ HEAP[offset | 9];
1767 SA = SA ^ HEAP[offset | 10];
1768 SB = SB ^ HEAP[offset | 11];
1769 SC = SC ^ HEAP[offset | 12];
1770 SD = SD ^ HEAP[offset | 13];
1771 SE = SE ^ HEAP[offset | 14];
1772 SF = SF ^ HEAP[offset | 15];
1773 HEAP[offset] = S0;
1774 HEAP[offset | 1] = S1;
1775 HEAP[offset | 2] = S2;
1776 HEAP[offset | 3] = S3;
1777 HEAP[offset | 4] = S4;
1778 HEAP[offset | 5] = S5;
1779 HEAP[offset | 6] = S6;
1780 HEAP[offset | 7] = S7;
1781 HEAP[offset | 8] = S8;
1782 HEAP[offset | 9] = S9;
1783 HEAP[offset | 10] = SA;
1784 HEAP[offset | 11] = SB;
1785 HEAP[offset | 12] = SC;
1786 HEAP[offset | 13] = SD;
1787 HEAP[offset | 14] = SE;
1788 HEAP[offset | 15] = SF;
1789 offset = offset + 16 | 0;
1790 length = length - 16 | 0;
1791 encrypted = encrypted + 16 | 0;
1792 }
1793 if ((length | 0) > 0) {
1794 _encrypt(S0, S1, S2, S3, S4, S5, S6, S7, S8, S9, SA, SB, SC, SD, SE, SF);
1795 HEAP[offset] = HEAP[offset] ^ S0;
1796 if ((length | 0) > 1) HEAP[offset | 1] = HEAP[offset | 1] ^ S1;
1797 if ((length | 0) > 2) HEAP[offset | 2] = HEAP[offset | 2] ^ S2;
1798 if ((length | 0) > 3) HEAP[offset | 3] = HEAP[offset | 3] ^ S3;
1799 if ((length | 0) > 4) HEAP[offset | 4] = HEAP[offset | 4] ^ S4;
1800 if ((length | 0) > 5) HEAP[offset | 5] = HEAP[offset | 5] ^ S5;
1801 if ((length | 0) > 6) HEAP[offset | 6] = HEAP[offset | 6] ^ S6;
1802 if ((length | 0) > 7) HEAP[offset | 7] = HEAP[offset | 7] ^ S7;
1803 if ((length | 0) > 8) HEAP[offset | 8] = HEAP[offset | 8] ^ S8;
1804 if ((length | 0) > 9) HEAP[offset | 9] = HEAP[offset | 9] ^ S9;
1805 if ((length | 0) > 10) HEAP[offset | 10] = HEAP[offset | 10] ^ SA;
1806 if ((length | 0) > 11) HEAP[offset | 11] = HEAP[offset | 11] ^ SB;
1807 if ((length | 0) > 12) HEAP[offset | 12] = HEAP[offset | 12] ^ SC;
1808 if ((length | 0) > 13) HEAP[offset | 13] = HEAP[offset | 13] ^ SD;
1809 if ((length | 0) > 14) HEAP[offset | 14] = HEAP[offset | 14] ^ SE;
1810 encrypted = encrypted + length | 0;
1811 offset = offset + length | 0;
1812 length = 0;
1813 }
1814 return encrypted | 0;
1815 }
1816 function cfb_decrypt(offset, length) {
1817 offset = offset | 0;
1818 length = length | 0;
1819 var iv0 = 0, iv1 = 0, iv2 = 0, iv3 = 0, iv4 = 0, iv5 = 0, iv6 = 0, iv7 = 0, iv8 = 0, iv9 = 0, ivA = 0, ivB = 0, ivC = 0, ivD = 0, ivE = 0, ivF = 0, decrypted = 0;
1820 if (offset & 15) return -1;
1821 while ((length | 0) >= 16) {
1822 _encrypt(S0, S1, S2, S3, S4, S5, S6, S7, S8, S9, SA, SB, SC, SD, SE, SF);
1823 iv0 = HEAP[offset] | 0;
1824 iv1 = HEAP[offset | 1] | 0;
1825 iv2 = HEAP[offset | 2] | 0;
1826 iv3 = HEAP[offset | 3] | 0;
1827 iv4 = HEAP[offset | 4] | 0;
1828 iv5 = HEAP[offset | 5] | 0;
1829 iv6 = HEAP[offset | 6] | 0;
1830 iv7 = HEAP[offset | 7] | 0;
1831 iv8 = HEAP[offset | 8] | 0;
1832 iv9 = HEAP[offset | 9] | 0;
1833 ivA = HEAP[offset | 10] | 0;
1834 ivB = HEAP[offset | 11] | 0;
1835 ivC = HEAP[offset | 12] | 0;
1836 ivD = HEAP[offset | 13] | 0;
1837 ivE = HEAP[offset | 14] | 0;
1838 ivF = HEAP[offset | 15] | 0;
1839 HEAP[offset] = S0 ^ iv0;
1840 HEAP[offset | 1] = S1 ^ iv1;
1841 HEAP[offset | 2] = S2 ^ iv2;
1842 HEAP[offset | 3] = S3 ^ iv3;
1843 HEAP[offset | 4] = S4 ^ iv4;
1844 HEAP[offset | 5] = S5 ^ iv5;
1845 HEAP[offset | 6] = S6 ^ iv6;
1846 HEAP[offset | 7] = S7 ^ iv7;
1847 HEAP[offset | 8] = S8 ^ iv8;
1848 HEAP[offset | 9] = S9 ^ iv9;
1849 HEAP[offset | 10] = SA ^ ivA;
1850 HEAP[offset | 11] = SB ^ ivB;
1851 HEAP[offset | 12] = SC ^ ivC;
1852 HEAP[offset | 13] = SD ^ ivD;
1853 HEAP[offset | 14] = SE ^ ivE;
1854 HEAP[offset | 15] = SF ^ ivF;
1855 S0 = iv0;
1856 S1 = iv1;
1857 S2 = iv2;
1858 S3 = iv3;
1859 S4 = iv4;
1860 S5 = iv5;
1861 S6 = iv6;
1862 S7 = iv7;
1863 S8 = iv8;
1864 S9 = iv9;
1865 SA = ivA;
1866 SB = ivB;
1867 SC = ivC;
1868 SD = ivD;
1869 SE = ivE;
1870 SF = ivF;
1871 offset = offset + 16 | 0;
1872 length = length - 16 | 0;
1873 decrypted = decrypted + 16 | 0;
1874 }
1875 if ((length | 0) > 0) {
1876 _encrypt(S0, S1, S2, S3, S4, S5, S6, S7, S8, S9, SA, SB, SC, SD, SE, SF);
1877 HEAP[offset] = HEAP[offset] ^ S0;
1878 if ((length | 0) > 1) HEAP[offset | 1] = HEAP[offset | 1] ^ S1;
1879 if ((length | 0) > 2) HEAP[offset | 2] = HEAP[offset | 2] ^ S2;
1880 if ((length | 0) > 3) HEAP[offset | 3] = HEAP[offset | 3] ^ S3;
1881 if ((length | 0) > 4) HEAP[offset | 4] = HEAP[offset | 4] ^ S4;
1882 if ((length | 0) > 5) HEAP[offset | 5] = HEAP[offset | 5] ^ S5;
1883 if ((length | 0) > 6) HEAP[offset | 6] = HEAP[offset | 6] ^ S6;
1884 if ((length | 0) > 7) HEAP[offset | 7] = HEAP[offset | 7] ^ S7;
1885 if ((length | 0) > 8) HEAP[offset | 8] = HEAP[offset | 8] ^ S8;
1886 if ((length | 0) > 9) HEAP[offset | 9] = HEAP[offset | 9] ^ S9;
1887 if ((length | 0) > 10) HEAP[offset | 10] = HEAP[offset | 10] ^ SA;
1888 if ((length | 0) > 11) HEAP[offset | 11] = HEAP[offset | 11] ^ SB;
1889 if ((length | 0) > 12) HEAP[offset | 12] = HEAP[offset | 12] ^ SC;
1890 if ((length | 0) > 13) HEAP[offset | 13] = HEAP[offset | 13] ^ SD;
1891 if ((length | 0) > 14) HEAP[offset | 14] = HEAP[offset | 14] ^ SE;
1892 decrypted = decrypted + length | 0;
1893 offset = offset + length | 0;
1894 length = 0;
1895 }
1896 return decrypted | 0;
1897 }
1898 return {
1899 init_state: init_state,
1900 save_state: save_state,
1901 init_key_128: init_key_128,
1902 init_key_256: init_key_256,
1903 cbc_encrypt: cbc_encrypt,
1904 cbc_decrypt: cbc_decrypt,
1905 cbc_mac: cbc_mac,
1906 ccm_encrypt: ccm_encrypt,
1907 ccm_decrypt: ccm_decrypt,
1908 cfb_encrypt: cfb_encrypt,
1909 cfb_decrypt: cfb_decrypt
1910 };
1911 }
1912 function aes_asm(stdlib, foreign, buffer) {
1913 var heap = new Uint8Array(buffer);
1914 heap.set(_aes_tables);
1915 return _aes_asm(stdlib, foreign, buffer);
1916 }
1917 var _aes_block_size = 16;
1918 function _aes_constructor(options) {
1919 options = options || {};
1920 options.heapSize = options.heapSize || 4096;
1921 if (options.heapSize <= 0 || options.heapSize % 4096) throw new IllegalArgumentError("heapSize must be a positive number and multiple of 4096");
1922 this.BLOCK_SIZE = _aes_block_size;
1923 this.heap = options.heap || new Uint8Array(options.heapSize);
1924 this.asm = options.asm || aes_asm(global, null, this.heap.buffer);
1925 this.pos = _aes_heap_start;
1926 this.len = 0;
1927 this.key = null;
1928 this.result = null;
1929 this.reset(options);
1930 }
1931 function _aes_reset(options) {
1932 options = options || {};
1933 this.result = null;
1934 this.pos = _aes_heap_start;
1935 this.len = 0;
1936 var asm = this.asm;
1937 var key = options.key;
1938 if (key !== undefined) {
1939 if (is_buffer(key) || is_bytes(key)) {
1940 key = new Uint8Array(key);
1941 } else if (is_string(key)) {
1942 var str = key;
1943 key = new Uint8Array(str.length);
1944 for (var i = 0; i < str.length; ++i) key[i] = str.charCodeAt(i);
1945 } else {
1946 throw new TypeError("unexpected key type");
1947 }
1948 if (key.length === 16) {
1949 this.key = key;
1950 asm.init_key_128.call(asm, key[0], key[1], key[2], key[3], key[4], key[5], key[6], key[7], key[8], key[9], key[10], key[11], key[12], key[13], key[14], key[15]);
1951 } else if (key.length === 24) {
1952 throw new IllegalArgumentError("illegal key size");
1953 } else if (key.length === 32) {
1954 this.key = key;
1955 asm.init_key_256.call(asm, key[0], key[1], key[2], key[3], key[4], key[5], key[6], key[7], key[8], key[9], key[10], key[11], key[12], key[13], key[14], key[15], key[16], key[17], key[18], key[19], key[20], key[21], key[22], key[23], key[24], key[25], key[26], key[27], key[28], key[29], key[30], key[31]);
1956 } else {
1957 throw new IllegalArgumentError("illegal key size");
1958 }
1959 }
1960 return this;
1961 }
1962 function _aes_init_iv(iv) {
1963 var asm = this.asm;
1964 if (iv !== undefined) {
1965 if (is_buffer(iv) || is_bytes(iv)) {
1966 iv = new Uint8Array(iv);
1967 } else if (is_string(iv)) {
1968 var str = iv;
1969 iv = new Uint8Array(str.length);
1970 for (var i = 0; i < str.length; ++i) iv[i] = str.charCodeAt(i);
1971 } else {
1972 throw new TypeError("unexpected iv type");
1973 }
1974 if (iv.length !== _aes_block_size) throw new IllegalArgumentError("illegal iv size");
1975 this.iv = iv;
1976 asm.init_state.call(asm, iv[0], iv[1], iv[2], iv[3], iv[4], iv[5], iv[6], iv[7], iv[8], iv[9], iv[10], iv[11], iv[12], iv[13], iv[14], iv[15]);
1977 } else {
1978 this.iv = null;
1979 asm.init_state.call(asm, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
1980 }
1981 }
1982 function _aes_heap_write(heap, hpos, data, dpos, dlen) {
1983 var hlen = heap.byteLength - hpos, wlen = hlen < dlen ? hlen : dlen;
1984 if (is_buffer(data) || is_bytes(data)) {
1985 heap.set(new Uint8Array(data.buffer || data, dpos, wlen), hpos);
1986 } else if (is_string(data)) {
1987 for (var i = 0; i < wlen; ++i) heap[hpos + i] = data.charCodeAt(dpos + i);
1988 } else {
1989 throw new TypeError("unexpected data type");
1990 }
1991 return wlen;
1992 }
1993 function cbc_aes_constructor(options) {
1994 this.padding = true;
1995 this.mode = "cbc";
1996 this.iv = null;
1997 _aes_constructor.call(this, options);
1998 }
1999 function cbc_aes_encrypt_constructor(options) {
2000 cbc_aes_constructor.call(this, options);
2001 }
2002 function cbc_aes_decrypt_constructor(options) {
2003 cbc_aes_constructor.call(this, options);
2004 }
2005 function cbc_aes_reset(options) {
2006 options = options || {};
2007 _aes_reset.call(this, options);
2008 var padding = options.padding;
2009 if (padding !== undefined) {
2010 this.padding = !!padding;
2011 } else {
2012 this.padding = true;
2013 }
2014 _aes_init_iv.call(this, options.iv);
2015 return this;
2016 }
2017 function cbc_aes_encrypt_process(data) {
2018 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
2019 var dpos = data.byteOffset || 0, dlen = data.byteLength || data.length || 0, asm = this.asm, heap = this.heap, pos = this.pos, len = this.len, rpos = 0, rlen = _aes_block_size * Math.floor((len + dlen) / _aes_block_size), wlen = 0;
2020 var result = new Uint8Array(rlen);
2021 while (dlen > 0) {
2022 wlen = _aes_heap_write(heap, pos + len, data, dpos, dlen);
2023 len += wlen;
2024 dpos += wlen;
2025 dlen -= wlen;
2026 wlen = asm.cbc_encrypt(pos, len);
2027 result.set(heap.subarray(pos, pos + wlen), rpos);
2028 rpos += wlen;
2029 if (wlen < len) {
2030 pos += wlen;
2031 len -= wlen;
2032 } else {
2033 pos = _aes_heap_start;
2034 len = 0;
2035 }
2036 }
2037 this.result = result;
2038 this.pos = pos;
2039 this.len = len;
2040 return this;
2041 }
2042 function cbc_aes_encrypt_finish() {
2043 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
2044 var asm = this.asm, heap = this.heap, padding = this.padding, pos = this.pos, len = this.len, rlen = _aes_block_size * Math.ceil(len / _aes_block_size);
2045 if (len % _aes_block_size === 0) {
2046 if (padding) rlen += _aes_block_size;
2047 } else if (!padding) {
2048 throw new IllegalArgumentError("data length must be a multiple of " + _aes_block_size);
2049 }
2050 var result = new Uint8Array(rlen);
2051 if (len < rlen) {
2052 var plen = _aes_block_size - len % _aes_block_size;
2053 for (var p = 0; p < plen; ++p) heap[pos + len + p] = plen;
2054 len += plen;
2055 }
2056 asm.cbc_encrypt(pos, len);
2057 result.set(heap.subarray(pos, pos + len));
2058 this.result = result;
2059 this.pos = _aes_heap_start;
2060 this.len = 0;
2061 return this;
2062 }
2063 function cbc_aes_encrypt(data) {
2064 var result1 = cbc_aes_encrypt_process.call(this, data).result, result2 = cbc_aes_encrypt_finish.call(this).result, result;
2065 result = new Uint8Array(result1.length + result2.length);
2066 result.set(result1);
2067 result.set(result2, result1.length);
2068 this.result = result;
2069 return this;
2070 }
2071 function cbc_aes_decrypt_process(data) {
2072 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
2073 var dpos = data.byteOffset || 0, dlen = data.byteLength || data.length || 0, asm = this.asm, heap = this.heap, padding = this.padding, pos = this.pos, len = this.len, rpos = 0, rlen = _aes_block_size * Math.floor((len + dlen) / _aes_block_size), wlen = 0;
2074 var result = new Uint8Array(rlen);
2075 while (dlen > 0) {
2076 wlen = _aes_heap_write(heap, pos + len, data, dpos, dlen);
2077 len += wlen;
2078 dpos += wlen;
2079 dlen -= wlen;
2080 wlen = asm.cbc_decrypt(pos, len - (padding && dlen === 0 && len % _aes_block_size === 0 ? _aes_block_size : 0));
2081 result.set(heap.subarray(pos, pos + wlen), rpos);
2082 rpos += wlen;
2083 if (wlen < len) {
2084 pos += wlen;
2085 len -= wlen;
2086 } else {
2087 pos = _aes_heap_start;
2088 len = 0;
2089 }
2090 }
2091 this.result = result.subarray(0, rpos);
2092 this.pos = pos;
2093 this.len = len;
2094 return this;
2095 }
2096 function cbc_aes_decrypt_finish() {
2097 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
2098 var asm = this.asm, heap = this.heap, padding = this.padding, pos = this.pos, len = this.len;
2099 if (len === 0) {
2100 if (!padding) {
2101 this.result = new Uint8Array(0);
2102 this.pos = _aes_heap_start;
2103 this.len = 0;
2104 return this;
2105 } else {
2106 throw new IllegalStateError("padding not found");
2107 }
2108 }
2109 if (len % _aes_block_size !== 0) throw new IllegalArgumentError("data length must be a multiple of " + _aes_block_size);
2110 var result = new Uint8Array(len);
2111 asm.cbc_decrypt(pos, len);
2112 result.set(heap.subarray(pos, pos + len));
2113 if (padding) {
2114 var pad = result[len - 1];
2115 result = result.subarray(0, len - pad);
2116 }
2117 this.result = result;
2118 this.pos = _aes_heap_start;
2119 this.len = 0;
2120 return this;
2121 }
2122 function cbc_aes_decrypt(data) {
2123 var result1 = cbc_aes_decrypt_process.call(this, data).result, result2 = cbc_aes_decrypt_finish.call(this).result, result;
2124 result = new Uint8Array(result1.length + result2.length);
2125 result.set(result1);
2126 result.set(result2, result1.length);
2127 this.result = result;
2128 return this;
2129 }
2130 var cbc_aes_encrypt_prototype = cbc_aes_encrypt_constructor.prototype;
2131 cbc_aes_encrypt_prototype.reset = cbc_aes_reset;
2132 cbc_aes_encrypt_prototype.process = cbc_aes_encrypt_process;
2133 cbc_aes_encrypt_prototype.finish = cbc_aes_encrypt_finish;
2134 var cbc_aes_decrypt_prototype = cbc_aes_decrypt_constructor.prototype;
2135 cbc_aes_decrypt_prototype.reset = cbc_aes_reset;
2136 cbc_aes_decrypt_prototype.process = cbc_aes_decrypt_process;
2137 cbc_aes_decrypt_prototype.finish = cbc_aes_decrypt_finish;
2138 var cbc_aes_prototype = cbc_aes_constructor.prototype;
2139 cbc_aes_prototype.reset = cbc_aes_reset;
2140 cbc_aes_prototype.encrypt = cbc_aes_encrypt;
2141 cbc_aes_prototype.decrypt = cbc_aes_decrypt;
2142 function _cbc_mac_process(data) {
2143 var dpos = data.byteOffset || 0, dlen = data.byteLength || data.length || 0, wlen = 0;
2144 while (dlen > 0) {
2145 wlen = _aes_heap_write(this.heap, _aes_heap_start, data, dpos, dlen);
2146 this.asm.cbc_mac(_aes_heap_start, wlen, -1);
2147 dpos += wlen;
2148 dlen -= wlen;
2149 }
2150 }
2151 var _ccm_adata_maxLength = 65279, _ccm_data_maxLength = 68719476720;
2152 function ccm_aes_constructor(options) {
2153 this.padding = false;
2154 this.mode = "ccm";
2155 this.tagSize = _aes_block_size;
2156 this.lengthSize = 4;
2157 this.nonce = null;
2158 this.adata = null;
2159 this.iv = null;
2160 this.dataLength = -1;
2161 this.dataLeft = -1;
2162 this.counter = 1;
2163 _aes_constructor.call(this, options);
2164 }
2165 function ccm_aes_encrypt_constructor(options) {
2166 ccm_aes_constructor.call(this, options);
2167 }
2168 function ccm_aes_decrypt_constructor(options) {
2169 ccm_aes_constructor.call(this, options);
2170 }
2171 function _ccm_calculate_iv() {
2172 var nonce = this.nonce, adata = this.adata, tagSize = this.tagSize, lengthSize = this.lengthSize, dataLength = this.dataLength;
2173 var data = new Uint8Array(_aes_block_size + (adata ? 2 + adata.byteLength : 0));
2174 data[0] = (adata ? 64 : 0) | tagSize - 2 << 2 | lengthSize - 1;
2175 data.set(nonce, 1);
2176 if (lengthSize > 4) data[11] = (dataLength - (dataLength >>> 0)) / 4294967296 & 15;
2177 if (lengthSize > 3) data[12] = dataLength >>> 24;
2178 if (lengthSize > 2) data[13] = dataLength >>> 16 & 255;
2179 data[14] = dataLength >>> 8 & 255;
2180 data[15] = dataLength & 255;
2181 if (adata) {
2182 data[16] = adata.byteLength >>> 8 & 255;
2183 data[17] = adata.byteLength & 255;
2184 data.set(adata, 18);
2185 }
2186 _cbc_mac_process.call(this, data);
2187 this.asm.save_state(_aes_heap_start);
2188 this.iv = new Uint8Array(this.heap.subarray(_aes_heap_start, _aes_heap_start + _aes_block_size));
2189 }
2190 function ccm_aes_reset(options) {
2191 options = options || {};
2192 _aes_reset.call(this, options);
2193 _aes_init_iv.call(this, options.iv);
2194 var tagSize = options.tagSize;
2195 if (tagSize !== undefined) {
2196 if (!is_number(tagSize)) throw new TypeError("tagSize must be a number");
2197 if (tagSize < 4 || tagSize > 16 || tagSize & 1) throw new IllegalArgumentError("illegal tagSize value");
2198 this.tagSize = tagSize;
2199 } else {
2200 this.tagSize = _aes_block_size;
2201 }
2202 var lengthSize = options.lengthSize, nonce = options.nonce;
2203 if (nonce !== undefined) {
2204 if (is_buffer(nonce) || is_bytes(nonce)) {
2205 nonce = new Uint8Array(nonce);
2206 } else if (is_string(nonce)) {
2207 var str = nonce;
2208 nonce = new Uint8Array(str.length);
2209 for (var i = 0; i < str.length; ++i) nonce[i] = str.charCodeAt(i);
2210 } else {
2211 throw new TypeError("unexpected nonce type");
2212 }
2213 if (nonce.length < 10 || nonce.length > 13) throw new IllegalArgumentError("illegal nonce length");
2214 lengthSize = lengthSize || 15 - nonce.length;
2215 this.nonce = nonce;
2216 } else {
2217 this.nonce = null;
2218 }
2219 if (lengthSize !== undefined) {
2220 if (!is_number(lengthSize)) throw new TypeError("lengthSize must be a number");
2221 if (lengthSize < 2 || lengthSize > 5 || nonce.length + lengthSize !== 15) throw new IllegalArgumentError("illegal lengthSize value");
2222 this.lengthSize = lengthSize;
2223 } else {
2224 this.lengthSize = lengthSize = 4;
2225 }
2226 var iv = this.iv;
2227 var counter = options.counter;
2228 if (counter !== undefined) {
2229 if (iv === null) throw new IllegalStateError("iv is also required");
2230 if (!is_number(counter)) throw new TypeError("counter must be a number");
2231 this.counter = counter;
2232 } else {
2233 this.counter = 1;
2234 }
2235 var dataLength = options.dataLength;
2236 if (dataLength !== undefined) {
2237 if (!is_number(dataLength)) throw new TypeError("dataLength must be a number");
2238 if (dataLength < 0 || dataLength > _ccm_data_maxLength || dataLength > Math.pow(2, 8 * lengthSize) - 1) throw new IllegalArgumentError("illegal dataLength value");
2239 this.dataLength = dataLength;
2240 var dataLeft = options.dataLeft || dataLength;
2241 if (!is_number(dataLeft)) throw new TypeError("dataLeft must be a number");
2242 if (dataLeft < 0 || dataLeft > dataLength) throw new IllegalArgumentError("illegal dataLeft value");
2243 this.dataLeft = dataLeft;
2244 } else {
2245 this.dataLength = dataLength = -1;
2246 this.dataLeft = dataLength;
2247 }
2248 var adata = options.adata;
2249 if (adata !== undefined) {
2250 if (iv !== null) throw new IllegalStateError("you must specify either adata or iv, not both");
2251 if (is_buffer(adata) || is_bytes(adata)) {
2252 adata = new Uint8Array(adata);
2253 } else if (is_string(adata)) {
2254 var str = adata;
2255 adata = new Uint8Array(str.length);
2256 for (var i = 0; i < str.length; ++i) adata[i] = str.charCodeAt(i);
2257 } else {
2258 throw new TypeError("unexpected adata type");
2259 }
2260 if (adata.byteLength === 0 || adata.byteLength > _ccm_adata_maxLength) throw new IllegalArgumentError("illegal adata length");
2261 this.adata = adata;
2262 this.counter = 1;
2263 } else {
2264 this.adata = adata = null;
2265 }
2266 if (dataLength !== -1) _ccm_calculate_iv.call(this);
2267 return this;
2268 }
2269 function ccm_aes_encrypt_process(data) {
2270 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
2271 var dpos = data.byteOffset || 0, dlen = data.byteLength || data.length || 0, asm = this.asm, heap = this.heap, nonce = this.nonce, counter = this.counter, pos = this.pos, len = this.len, rpos = 0, rlen = _aes_block_size * Math.floor((len + dlen) / _aes_block_size), wlen = 0;
2272 if ((counter - 1 << 4) + len + dlen > _ccm_data_maxLength) throw new RangeError("counter overflow");
2273 var result = new Uint8Array(rlen);
2274 var asm_args = [ 0, 0, this.lengthSize - 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 ];
2275 for (var i = 0; i < nonce.length; i++) asm_args[3 + i] = nonce[i];
2276 while (dlen > 0) {
2277 wlen = _aes_heap_write(heap, pos + len, data, dpos, dlen);
2278 len += wlen;
2279 dpos += wlen;
2280 dlen -= wlen;
2281 asm_args[0] = pos;
2282 asm_args[1] = len & ~15;
2283 asm_args[16] = counter / 4294967296 >>> 0;
2284 asm_args[17] = counter >>> 0;
2285 wlen = asm.ccm_encrypt.apply(asm, asm_args);
2286 result.set(heap.subarray(pos, pos + wlen), rpos);
2287 counter += wlen >>> 4;
2288 rpos += wlen;
2289 if (wlen < len) {
2290 pos += wlen;
2291 len -= wlen;
2292 } else {
2293 pos = _aes_heap_start;
2294 len = 0;
2295 }
2296 }
2297 this.result = result;
2298 this.counter = counter;
2299 this.pos = pos;
2300 this.len = len;
2301 return this;
2302 }
2303 function ccm_aes_encrypt_finish() {
2304 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
2305 var asm = this.asm, heap = this.heap, nonce = this.nonce, counter = this.counter, tagSize = this.tagSize, pos = this.pos, len = this.len, wlen = 0;
2306 var result = new Uint8Array(len + tagSize);
2307 var asm_args = [ 0, 0, this.lengthSize - 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 ];
2308 for (var i = 0; i < nonce.length; i++) asm_args[3 + i] = nonce[i];
2309 asm_args[0] = pos;
2310 asm_args[1] = len;
2311 asm_args[16] = counter / 4294967296 >>> 0;
2312 asm_args[17] = counter >>> 0;
2313 wlen = asm.ccm_encrypt.apply(asm, asm_args);
2314 result.set(heap.subarray(pos, pos + wlen));
2315 counter = 1;
2316 pos = _aes_heap_start;
2317 len = 0;
2318 asm.save_state(_aes_heap_start);
2319 asm_args[0] = _aes_heap_start, asm_args[1] = _aes_block_size, asm_args[16] = 0;
2320 asm_args[17] = 0;
2321 asm.ccm_encrypt.apply(asm, asm_args);
2322 result.set(heap.subarray(_aes_heap_start, _aes_heap_start + tagSize), wlen);
2323 this.result = result;
2324 this.counter = counter;
2325 this.pos = pos;
2326 this.len = len;
2327 return this;
2328 }
2329 function ccm_aes_encrypt(data) {
2330 this.dataLength = this.dataLeft = data.byteLength || data.length || 0;
2331 var result1 = ccm_aes_encrypt_process.call(this, data).result, result2 = ccm_aes_encrypt_finish.call(this).result, result;
2332 result = new Uint8Array(result1.length + result2.length);
2333 result.set(result1);
2334 result.set(result2, result1.length);
2335 this.result = result;
2336 return this;
2337 }
2338 function ccm_aes_decrypt_process(data) {
2339 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
2340 var dpos = data.byteOffset || 0, dlen = data.byteLength || data.length || 0, asm = this.asm, heap = this.heap, nonce = this.nonce, counter = this.counter, tagSize = this.tagSize, pos = this.pos, len = this.len, rpos = 0, rlen = _aes_block_size * Math.floor((len + dlen) / _aes_block_size), wlen = 0;
2341 if ((counter - 1 << 4) + len + dlen > _ccm_data_maxLength) throw new RangeError("counter overflow");
2342 var result = new Uint8Array(rlen);
2343 var asm_args = [ 0, 0, this.lengthSize - 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 ];
2344 for (var i = 0; i < nonce.length; i++) asm_args[3 + i] = nonce[i];
2345 while (dlen > 0) {
2346 wlen = _aes_heap_write(heap, pos + len, data, dpos, dlen);
2347 len += wlen;
2348 dpos += wlen;
2349 dlen -= wlen;
2350 asm_args[0] = pos;
2351 asm_args[1] = len + dlen - tagSize >= _aes_block_size ? dlen >= tagSize ? len & ~15 : len + dlen - tagSize & ~15 : 0;
2352 asm_args[16] = counter / 4294967296 >>> 0;
2353 asm_args[17] = counter >>> 0;
2354 wlen = asm.ccm_decrypt.apply(asm, asm_args);
2355 result.set(heap.subarray(pos, pos + wlen), rpos);
2356 counter += wlen >>> 4;
2357 rpos += wlen;
2358 if (wlen < len) {
2359 pos += wlen;
2360 len -= wlen;
2361 } else {
2362 pos = _aes_heap_start;
2363 len = 0;
2364 }
2365 }
2366 this.result = result.subarray(0, rpos);
2367 this.counter = counter;
2368 this.pos = pos;
2369 this.len = len;
2370 return this;
2371 }
2372 function ccm_aes_decrypt_finish() {
2373 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
2374 var asm = this.asm, heap = this.heap, nonce = this.nonce, counter = this.counter, tagSize = this.tagSize, pos = this.pos, len = this.len, rlen = len - tagSize, wlen = 0;
2375 if (len < tagSize) throw new IllegalStateError("authentication tag not found");
2376 var result = new Uint8Array(rlen), atag = new Uint8Array(heap.subarray(pos + rlen, pos + len));
2377 var asm_args = [ 0, 0, this.lengthSize - 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 ];
2378 for (var i = 0; i < nonce.length; i++) asm_args[3 + i] = nonce[i];
2379 asm_args[0] = pos;
2380 asm_args[1] = rlen;
2381 asm_args[16] = counter / 4294967296 >>> 0;
2382 asm_args[17] = counter >>> 0;
2383 wlen = asm.ccm_decrypt.apply(asm, asm_args);
2384 result.set(heap.subarray(pos, pos + wlen));
2385 counter = 1;
2386 pos = _aes_heap_start;
2387 len = 0;
2388 asm.save_state(_aes_heap_start);
2389 asm_args[0] = _aes_heap_start, asm_args[1] = _aes_block_size, asm_args[16] = 0;
2390 asm_args[17] = 0;
2391 asm.ccm_encrypt.apply(asm, asm_args);
2392 var acheck = 0;
2393 for (var i = 0; i < tagSize; ++i) acheck |= atag[i] ^ heap[_aes_heap_start + i];
2394 if (acheck) throw new SecurityError("data integrity check failed");
2395 this.result = result;
2396 this.counter = counter;
2397 this.pos = pos;
2398 this.len = len;
2399 return this;
2400 }
2401 function ccm_aes_decrypt(data) {
2402 this.dataLength = this.dataLeft = data.byteLength || data.length || 0;
2403 var result1 = ccm_aes_decrypt_process.call(this, data).result, result2 = ccm_aes_decrypt_finish.call(this).result, result;
2404 result = new Uint8Array(result1.length + result2.length);
2405 result.set(result1);
2406 result.set(result2, result1.length);
2407 this.result = result;
2408 return this;
2409 }
2410 var ccm_aes_prototype = ccm_aes_constructor.prototype;
2411 ccm_aes_prototype.reset = ccm_aes_reset;
2412 ccm_aes_prototype.encrypt = ccm_aes_encrypt;
2413 ccm_aes_prototype.decrypt = ccm_aes_decrypt;
2414 var ccm_aes_encrypt_prototype = ccm_aes_encrypt_constructor.prototype;
2415 ccm_aes_encrypt_prototype.reset = ccm_aes_reset;
2416 ccm_aes_encrypt_prototype.process = ccm_aes_encrypt_process;
2417 ccm_aes_encrypt_prototype.finish = ccm_aes_encrypt_finish;
2418 var ccm_aes_decrypt_prototype = ccm_aes_decrypt_constructor.prototype;
2419 ccm_aes_decrypt_prototype.reset = ccm_aes_reset;
2420 ccm_aes_decrypt_prototype.process = ccm_aes_decrypt_process;
2421 ccm_aes_decrypt_prototype.finish = ccm_aes_decrypt_finish;
2422 function cfb_aes_constructor(options) {
2423 this.padding = false;
2424 this.mode = "cfb";
2425 this.iv = null;
2426 _aes_constructor.call(this, options);
2427 }
2428 function cfb_aes_encrypt_constructor(options) {
2429 cfb_aes_constructor.call(this, options);
2430 }
2431 function cfb_aes_decrypt_constructor(options) {
2432 cfb_aes_constructor.call(this, options);
2433 }
2434 function cfb_aes_reset(options) {
2435 options = options || {};
2436 _aes_reset.call(this, options);
2437 _aes_init_iv.call(this, options.iv);
2438 return this;
2439 }
2440 function cfb_aes_encrypt_process(data) {
2441 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
2442 var dpos = data.byteOffset || 0, dlen = data.byteLength || data.length || 0, asm = this.asm, heap = this.heap, pos = this.pos, len = this.len, rpos = 0, rlen = _aes_block_size * Math.floor((len + dlen) / _aes_block_size), wlen = 0;
2443 var result = new Uint8Array(rlen);
2444 while (dlen > 0) {
2445 wlen = _aes_heap_write(heap, pos + len, data, dpos, dlen);
2446 len += wlen;
2447 dpos += wlen;
2448 dlen -= wlen;
2449 wlen = asm.cfb_encrypt(pos, _aes_block_size * Math.floor(len / _aes_block_size));
2450 result.set(heap.subarray(pos, pos + wlen), rpos);
2451 rpos += wlen;
2452 if (wlen < len) {
2453 pos += wlen;
2454 len -= wlen;
2455 } else {
2456 pos = _aes_heap_start;
2457 len = 0;
2458 }
2459 }
2460 this.result = result;
2461 this.pos = pos;
2462 this.len = len;
2463 return this;
2464 }
2465 function cfb_aes_encrypt_finish() {
2466 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
2467 var asm = this.asm, heap = this.heap, pos = this.pos, len = this.len;
2468 var result = new Uint8Array(len);
2469 asm.cfb_encrypt(pos, len);
2470 result.set(heap.subarray(pos, pos + len));
2471 this.result = result;
2472 this.pos = _aes_heap_start;
2473 this.len = 0;
2474 return this;
2475 }
2476 function cfb_aes_encrypt(data) {
2477 var result1 = cfb_aes_encrypt_process.call(this, data).result, result2 = cfb_aes_encrypt_finish.call(this).result, result;
2478 result = new Uint8Array(result1.length + result2.length);
2479 result.set(result1);
2480 result.set(result2, result1.length);
2481 this.result = result;
2482 return this;
2483 }
2484 function cfb_aes_decrypt_process(data) {
2485 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
2486 var dpos = data.byteOffset || 0, dlen = data.byteLength || data.length || 0, asm = this.asm, heap = this.heap, pos = this.pos, len = this.len, rpos = 0, rlen = _aes_block_size * Math.floor((len + dlen) / _aes_block_size), wlen = 0;
2487 var result = new Uint8Array(rlen);
2488 while (dlen > 0) {
2489 wlen = _aes_heap_write(heap, pos + len, data, dpos, dlen);
2490 len += wlen;
2491 dpos += wlen;
2492 dlen -= wlen;
2493 wlen = asm.cfb_decrypt(pos, _aes_block_size * Math.floor(len / _aes_block_size));
2494 result.set(heap.subarray(pos, pos + wlen), rpos);
2495 rpos += wlen;
2496 if (wlen < len) {
2497 pos += wlen;
2498 len -= wlen;
2499 } else {
2500 pos = _aes_heap_start;
2501 len = 0;
2502 }
2503 }
2504 this.result = result.subarray(0, rpos);
2505 this.pos = pos;
2506 this.len = len;
2507 return this;
2508 }
2509 function cfb_aes_decrypt_finish() {
2510 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
2511 var asm = this.asm, heap = this.heap, pos = this.pos, len = this.len;
2512 if (len === 0) {
2513 this.result = new Uint8Array(0);
2514 this.pos = _aes_heap_start;
2515 this.len = 0;
2516 return this;
2517 }
2518 var result = new Uint8Array(len);
2519 asm.cfb_decrypt(pos, len);
2520 result.set(heap.subarray(pos, pos + len));
2521 this.result = result;
2522 this.pos = _aes_heap_start;
2523 this.len = 0;
2524 return this;
2525 }
2526 function cfb_aes_decrypt(data) {
2527 var result1 = cfb_aes_decrypt_process.call(this, data).result, result2 = cfb_aes_decrypt_finish.call(this).result, result;
2528 result = new Uint8Array(result1.length + result2.length);
2529 result.set(result1);
2530 result.set(result2, result1.length);
2531 this.result = result;
2532 return this;
2533 }
2534 var cfb_aes_encrypt_prototype = cfb_aes_encrypt_constructor.prototype;
2535 cfb_aes_encrypt_prototype.reset = cfb_aes_reset;
2536 cfb_aes_encrypt_prototype.process = cfb_aes_encrypt_process;
2537 cfb_aes_encrypt_prototype.finish = cfb_aes_encrypt_finish;
2538 var cfb_aes_decrypt_prototype = cfb_aes_decrypt_constructor.prototype;
2539 cfb_aes_decrypt_prototype.reset = cfb_aes_reset;
2540 cfb_aes_decrypt_prototype.process = cfb_aes_decrypt_process;
2541 cfb_aes_decrypt_prototype.finish = cfb_aes_decrypt_finish;
2542 var cfb_aes_prototype = cfb_aes_constructor.prototype;
2543 cfb_aes_prototype.reset = cfb_aes_reset;
2544 cfb_aes_prototype.encrypt = cfb_aes_encrypt;
2545 cfb_aes_prototype.decrypt = cfb_aes_decrypt;
2546 function sha256_asm(stdlib, foreign, buffer) {
2547 // Closure Compiler warning - commented out
2548 //"use asm";
2549 var H0 = 0, H1 = 0, H2 = 0, H3 = 0, H4 = 0, H5 = 0, H6 = 0, H7 = 0, TOTAL = 0;
2550 var I0 = 0, I1 = 0, I2 = 0, I3 = 0, I4 = 0, I5 = 0, I6 = 0, I7 = 0, O0 = 0, O1 = 0, O2 = 0, O3 = 0, O4 = 0, O5 = 0, O6 = 0, O7 = 0;
2551 var HEAP = new stdlib.Uint8Array(buffer);
2552 function _core(w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15) {
2553 w0 = w0 | 0;
2554 w1 = w1 | 0;
2555 w2 = w2 | 0;
2556 w3 = w3 | 0;
2557 w4 = w4 | 0;
2558 w5 = w5 | 0;
2559 w6 = w6 | 0;
2560 w7 = w7 | 0;
2561 w8 = w8 | 0;
2562 w9 = w9 | 0;
2563 w10 = w10 | 0;
2564 w11 = w11 | 0;
2565 w12 = w12 | 0;
2566 w13 = w13 | 0;
2567 w14 = w14 | 0;
2568 w15 = w15 | 0;
2569 var a = 0, b = 0, c = 0, d = 0, e = 0, f = 0, g = 0, h = 0, t = 0;
2570 a = H0;
2571 b = H1;
2572 c = H2;
2573 d = H3;
2574 e = H4;
2575 f = H5;
2576 g = H6;
2577 h = H7;
2578 t = w0 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1116352408 | 0;
2579 h = g;
2580 g = f;
2581 f = e;
2582 e = d + t | 0;
2583 d = c;
2584 c = b;
2585 b = a;
2586 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2587 t = w1 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1899447441 | 0;
2588 h = g;
2589 g = f;
2590 f = e;
2591 e = d + t | 0;
2592 d = c;
2593 c = b;
2594 b = a;
2595 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2596 t = w2 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3049323471 | 0;
2597 h = g;
2598 g = f;
2599 f = e;
2600 e = d + t | 0;
2601 d = c;
2602 c = b;
2603 b = a;
2604 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2605 t = w3 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3921009573 | 0;
2606 h = g;
2607 g = f;
2608 f = e;
2609 e = d + t | 0;
2610 d = c;
2611 c = b;
2612 b = a;
2613 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2614 t = w4 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 961987163 | 0;
2615 h = g;
2616 g = f;
2617 f = e;
2618 e = d + t | 0;
2619 d = c;
2620 c = b;
2621 b = a;
2622 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2623 t = w5 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1508970993 | 0;
2624 h = g;
2625 g = f;
2626 f = e;
2627 e = d + t | 0;
2628 d = c;
2629 c = b;
2630 b = a;
2631 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2632 t = w6 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2453635748 | 0;
2633 h = g;
2634 g = f;
2635 f = e;
2636 e = d + t | 0;
2637 d = c;
2638 c = b;
2639 b = a;
2640 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2641 t = w7 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2870763221 | 0;
2642 h = g;
2643 g = f;
2644 f = e;
2645 e = d + t | 0;
2646 d = c;
2647 c = b;
2648 b = a;
2649 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2650 t = w8 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3624381080 | 0;
2651 h = g;
2652 g = f;
2653 f = e;
2654 e = d + t | 0;
2655 d = c;
2656 c = b;
2657 b = a;
2658 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2659 t = w9 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 310598401 | 0;
2660 h = g;
2661 g = f;
2662 f = e;
2663 e = d + t | 0;
2664 d = c;
2665 c = b;
2666 b = a;
2667 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2668 t = w10 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 607225278 | 0;
2669 h = g;
2670 g = f;
2671 f = e;
2672 e = d + t | 0;
2673 d = c;
2674 c = b;
2675 b = a;
2676 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2677 t = w11 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1426881987 | 0;
2678 h = g;
2679 g = f;
2680 f = e;
2681 e = d + t | 0;
2682 d = c;
2683 c = b;
2684 b = a;
2685 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2686 t = w12 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1925078388 | 0;
2687 h = g;
2688 g = f;
2689 f = e;
2690 e = d + t | 0;
2691 d = c;
2692 c = b;
2693 b = a;
2694 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2695 t = w13 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2162078206 | 0;
2696 h = g;
2697 g = f;
2698 f = e;
2699 e = d + t | 0;
2700 d = c;
2701 c = b;
2702 b = a;
2703 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2704 t = w14 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2614888103 | 0;
2705 h = g;
2706 g = f;
2707 f = e;
2708 e = d + t | 0;
2709 d = c;
2710 c = b;
2711 b = a;
2712 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2713 t = w15 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3248222580 | 0;
2714 h = g;
2715 g = f;
2716 f = e;
2717 e = d + t | 0;
2718 d = c;
2719 c = b;
2720 b = a;
2721 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2722 w0 = t = (w1 >>> 7 ^ w1 >>> 18 ^ w1 >>> 3 ^ w1 << 25 ^ w1 << 14) + (w14 >>> 17 ^ w14 >>> 19 ^ w14 >>> 10 ^ w14 << 15 ^ w14 << 13) + w0 + w9 | 0;
2723 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3835390401 | 0;
2724 h = g;
2725 g = f;
2726 f = e;
2727 e = d + t | 0;
2728 d = c;
2729 c = b;
2730 b = a;
2731 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2732 w1 = t = (w2 >>> 7 ^ w2 >>> 18 ^ w2 >>> 3 ^ w2 << 25 ^ w2 << 14) + (w15 >>> 17 ^ w15 >>> 19 ^ w15 >>> 10 ^ w15 << 15 ^ w15 << 13) + w1 + w10 | 0;
2733 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 4022224774 | 0;
2734 h = g;
2735 g = f;
2736 f = e;
2737 e = d + t | 0;
2738 d = c;
2739 c = b;
2740 b = a;
2741 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2742 w2 = t = (w3 >>> 7 ^ w3 >>> 18 ^ w3 >>> 3 ^ w3 << 25 ^ w3 << 14) + (w0 >>> 17 ^ w0 >>> 19 ^ w0 >>> 10 ^ w0 << 15 ^ w0 << 13) + w2 + w11 | 0;
2743 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 264347078 | 0;
2744 h = g;
2745 g = f;
2746 f = e;
2747 e = d + t | 0;
2748 d = c;
2749 c = b;
2750 b = a;
2751 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2752 w3 = t = (w4 >>> 7 ^ w4 >>> 18 ^ w4 >>> 3 ^ w4 << 25 ^ w4 << 14) + (w1 >>> 17 ^ w1 >>> 19 ^ w1 >>> 10 ^ w1 << 15 ^ w1 << 13) + w3 + w12 | 0;
2753 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 604807628 | 0;
2754 h = g;
2755 g = f;
2756 f = e;
2757 e = d + t | 0;
2758 d = c;
2759 c = b;
2760 b = a;
2761 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2762 w4 = t = (w5 >>> 7 ^ w5 >>> 18 ^ w5 >>> 3 ^ w5 << 25 ^ w5 << 14) + (w2 >>> 17 ^ w2 >>> 19 ^ w2 >>> 10 ^ w2 << 15 ^ w2 << 13) + w4 + w13 | 0;
2763 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 770255983 | 0;
2764 h = g;
2765 g = f;
2766 f = e;
2767 e = d + t | 0;
2768 d = c;
2769 c = b;
2770 b = a;
2771 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2772 w5 = t = (w6 >>> 7 ^ w6 >>> 18 ^ w6 >>> 3 ^ w6 << 25 ^ w6 << 14) + (w3 >>> 17 ^ w3 >>> 19 ^ w3 >>> 10 ^ w3 << 15 ^ w3 << 13) + w5 + w14 | 0;
2773 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1249150122 | 0;
2774 h = g;
2775 g = f;
2776 f = e;
2777 e = d + t | 0;
2778 d = c;
2779 c = b;
2780 b = a;
2781 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2782 w6 = t = (w7 >>> 7 ^ w7 >>> 18 ^ w7 >>> 3 ^ w7 << 25 ^ w7 << 14) + (w4 >>> 17 ^ w4 >>> 19 ^ w4 >>> 10 ^ w4 << 15 ^ w4 << 13) + w6 + w15 | 0;
2783 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1555081692 | 0;
2784 h = g;
2785 g = f;
2786 f = e;
2787 e = d + t | 0;
2788 d = c;
2789 c = b;
2790 b = a;
2791 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2792 w7 = t = (w8 >>> 7 ^ w8 >>> 18 ^ w8 >>> 3 ^ w8 << 25 ^ w8 << 14) + (w5 >>> 17 ^ w5 >>> 19 ^ w5 >>> 10 ^ w5 << 15 ^ w5 << 13) + w7 + w0 | 0;
2793 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1996064986 | 0;
2794 h = g;
2795 g = f;
2796 f = e;
2797 e = d + t | 0;
2798 d = c;
2799 c = b;
2800 b = a;
2801 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2802 w8 = t = (w9 >>> 7 ^ w9 >>> 18 ^ w9 >>> 3 ^ w9 << 25 ^ w9 << 14) + (w6 >>> 17 ^ w6 >>> 19 ^ w6 >>> 10 ^ w6 << 15 ^ w6 << 13) + w8 + w1 | 0;
2803 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2554220882 | 0;
2804 h = g;
2805 g = f;
2806 f = e;
2807 e = d + t | 0;
2808 d = c;
2809 c = b;
2810 b = a;
2811 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2812 w9 = t = (w10 >>> 7 ^ w10 >>> 18 ^ w10 >>> 3 ^ w10 << 25 ^ w10 << 14) + (w7 >>> 17 ^ w7 >>> 19 ^ w7 >>> 10 ^ w7 << 15 ^ w7 << 13) + w9 + w2 | 0;
2813 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2821834349 | 0;
2814 h = g;
2815 g = f;
2816 f = e;
2817 e = d + t | 0;
2818 d = c;
2819 c = b;
2820 b = a;
2821 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2822 w10 = t = (w11 >>> 7 ^ w11 >>> 18 ^ w11 >>> 3 ^ w11 << 25 ^ w11 << 14) + (w8 >>> 17 ^ w8 >>> 19 ^ w8 >>> 10 ^ w8 << 15 ^ w8 << 13) + w10 + w3 | 0;
2823 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2952996808 | 0;
2824 h = g;
2825 g = f;
2826 f = e;
2827 e = d + t | 0;
2828 d = c;
2829 c = b;
2830 b = a;
2831 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2832 w11 = t = (w12 >>> 7 ^ w12 >>> 18 ^ w12 >>> 3 ^ w12 << 25 ^ w12 << 14) + (w9 >>> 17 ^ w9 >>> 19 ^ w9 >>> 10 ^ w9 << 15 ^ w9 << 13) + w11 + w4 | 0;
2833 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3210313671 | 0;
2834 h = g;
2835 g = f;
2836 f = e;
2837 e = d + t | 0;
2838 d = c;
2839 c = b;
2840 b = a;
2841 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2842 w12 = t = (w13 >>> 7 ^ w13 >>> 18 ^ w13 >>> 3 ^ w13 << 25 ^ w13 << 14) + (w10 >>> 17 ^ w10 >>> 19 ^ w10 >>> 10 ^ w10 << 15 ^ w10 << 13) + w12 + w5 | 0;
2843 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3336571891 | 0;
2844 h = g;
2845 g = f;
2846 f = e;
2847 e = d + t | 0;
2848 d = c;
2849 c = b;
2850 b = a;
2851 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2852 w13 = t = (w14 >>> 7 ^ w14 >>> 18 ^ w14 >>> 3 ^ w14 << 25 ^ w14 << 14) + (w11 >>> 17 ^ w11 >>> 19 ^ w11 >>> 10 ^ w11 << 15 ^ w11 << 13) + w13 + w6 | 0;
2853 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3584528711 | 0;
2854 h = g;
2855 g = f;
2856 f = e;
2857 e = d + t | 0;
2858 d = c;
2859 c = b;
2860 b = a;
2861 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2862 w14 = t = (w15 >>> 7 ^ w15 >>> 18 ^ w15 >>> 3 ^ w15 << 25 ^ w15 << 14) + (w12 >>> 17 ^ w12 >>> 19 ^ w12 >>> 10 ^ w12 << 15 ^ w12 << 13) + w14 + w7 | 0;
2863 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 113926993 | 0;
2864 h = g;
2865 g = f;
2866 f = e;
2867 e = d + t | 0;
2868 d = c;
2869 c = b;
2870 b = a;
2871 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2872 w15 = t = (w0 >>> 7 ^ w0 >>> 18 ^ w0 >>> 3 ^ w0 << 25 ^ w0 << 14) + (w13 >>> 17 ^ w13 >>> 19 ^ w13 >>> 10 ^ w13 << 15 ^ w13 << 13) + w15 + w8 | 0;
2873 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 338241895 | 0;
2874 h = g;
2875 g = f;
2876 f = e;
2877 e = d + t | 0;
2878 d = c;
2879 c = b;
2880 b = a;
2881 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2882 w0 = t = (w1 >>> 7 ^ w1 >>> 18 ^ w1 >>> 3 ^ w1 << 25 ^ w1 << 14) + (w14 >>> 17 ^ w14 >>> 19 ^ w14 >>> 10 ^ w14 << 15 ^ w14 << 13) + w0 + w9 | 0;
2883 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 666307205 | 0;
2884 h = g;
2885 g = f;
2886 f = e;
2887 e = d + t | 0;
2888 d = c;
2889 c = b;
2890 b = a;
2891 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2892 w1 = t = (w2 >>> 7 ^ w2 >>> 18 ^ w2 >>> 3 ^ w2 << 25 ^ w2 << 14) + (w15 >>> 17 ^ w15 >>> 19 ^ w15 >>> 10 ^ w15 << 15 ^ w15 << 13) + w1 + w10 | 0;
2893 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 773529912 | 0;
2894 h = g;
2895 g = f;
2896 f = e;
2897 e = d + t | 0;
2898 d = c;
2899 c = b;
2900 b = a;
2901 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2902 w2 = t = (w3 >>> 7 ^ w3 >>> 18 ^ w3 >>> 3 ^ w3 << 25 ^ w3 << 14) + (w0 >>> 17 ^ w0 >>> 19 ^ w0 >>> 10 ^ w0 << 15 ^ w0 << 13) + w2 + w11 | 0;
2903 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1294757372 | 0;
2904 h = g;
2905 g = f;
2906 f = e;
2907 e = d + t | 0;
2908 d = c;
2909 c = b;
2910 b = a;
2911 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2912 w3 = t = (w4 >>> 7 ^ w4 >>> 18 ^ w4 >>> 3 ^ w4 << 25 ^ w4 << 14) + (w1 >>> 17 ^ w1 >>> 19 ^ w1 >>> 10 ^ w1 << 15 ^ w1 << 13) + w3 + w12 | 0;
2913 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1396182291 | 0;
2914 h = g;
2915 g = f;
2916 f = e;
2917 e = d + t | 0;
2918 d = c;
2919 c = b;
2920 b = a;
2921 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2922 w4 = t = (w5 >>> 7 ^ w5 >>> 18 ^ w5 >>> 3 ^ w5 << 25 ^ w5 << 14) + (w2 >>> 17 ^ w2 >>> 19 ^ w2 >>> 10 ^ w2 << 15 ^ w2 << 13) + w4 + w13 | 0;
2923 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1695183700 | 0;
2924 h = g;
2925 g = f;
2926 f = e;
2927 e = d + t | 0;
2928 d = c;
2929 c = b;
2930 b = a;
2931 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2932 w5 = t = (w6 >>> 7 ^ w6 >>> 18 ^ w6 >>> 3 ^ w6 << 25 ^ w6 << 14) + (w3 >>> 17 ^ w3 >>> 19 ^ w3 >>> 10 ^ w3 << 15 ^ w3 << 13) + w5 + w14 | 0;
2933 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1986661051 | 0;
2934 h = g;
2935 g = f;
2936 f = e;
2937 e = d + t | 0;
2938 d = c;
2939 c = b;
2940 b = a;
2941 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2942 w6 = t = (w7 >>> 7 ^ w7 >>> 18 ^ w7 >>> 3 ^ w7 << 25 ^ w7 << 14) + (w4 >>> 17 ^ w4 >>> 19 ^ w4 >>> 10 ^ w4 << 15 ^ w4 << 13) + w6 + w15 | 0;
2943 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2177026350 | 0;
2944 h = g;
2945 g = f;
2946 f = e;
2947 e = d + t | 0;
2948 d = c;
2949 c = b;
2950 b = a;
2951 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2952 w7 = t = (w8 >>> 7 ^ w8 >>> 18 ^ w8 >>> 3 ^ w8 << 25 ^ w8 << 14) + (w5 >>> 17 ^ w5 >>> 19 ^ w5 >>> 10 ^ w5 << 15 ^ w5 << 13) + w7 + w0 | 0;
2953 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2456956037 | 0;
2954 h = g;
2955 g = f;
2956 f = e;
2957 e = d + t | 0;
2958 d = c;
2959 c = b;
2960 b = a;
2961 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2962 w8 = t = (w9 >>> 7 ^ w9 >>> 18 ^ w9 >>> 3 ^ w9 << 25 ^ w9 << 14) + (w6 >>> 17 ^ w6 >>> 19 ^ w6 >>> 10 ^ w6 << 15 ^ w6 << 13) + w8 + w1 | 0;
2963 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2730485921 | 0;
2964 h = g;
2965 g = f;
2966 f = e;
2967 e = d + t | 0;
2968 d = c;
2969 c = b;
2970 b = a;
2971 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2972 w9 = t = (w10 >>> 7 ^ w10 >>> 18 ^ w10 >>> 3 ^ w10 << 25 ^ w10 << 14) + (w7 >>> 17 ^ w7 >>> 19 ^ w7 >>> 10 ^ w7 << 15 ^ w7 << 13) + w9 + w2 | 0;
2973 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2820302411 | 0;
2974 h = g;
2975 g = f;
2976 f = e;
2977 e = d + t | 0;
2978 d = c;
2979 c = b;
2980 b = a;
2981 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2982 w10 = t = (w11 >>> 7 ^ w11 >>> 18 ^ w11 >>> 3 ^ w11 << 25 ^ w11 << 14) + (w8 >>> 17 ^ w8 >>> 19 ^ w8 >>> 10 ^ w8 << 15 ^ w8 << 13) + w10 + w3 | 0;
2983 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3259730800 | 0;
2984 h = g;
2985 g = f;
2986 f = e;
2987 e = d + t | 0;
2988 d = c;
2989 c = b;
2990 b = a;
2991 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2992 w11 = t = (w12 >>> 7 ^ w12 >>> 18 ^ w12 >>> 3 ^ w12 << 25 ^ w12 << 14) + (w9 >>> 17 ^ w9 >>> 19 ^ w9 >>> 10 ^ w9 << 15 ^ w9 << 13) + w11 + w4 | 0;
2993 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3345764771 | 0;
2994 h = g;
2995 g = f;
2996 f = e;
2997 e = d + t | 0;
2998 d = c;
2999 c = b;
3000 b = a;
3001 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3002 w12 = t = (w13 >>> 7 ^ w13 >>> 18 ^ w13 >>> 3 ^ w13 << 25 ^ w13 << 14) + (w10 >>> 17 ^ w10 >>> 19 ^ w10 >>> 10 ^ w10 << 15 ^ w10 << 13) + w12 + w5 | 0;
3003 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3516065817 | 0;
3004 h = g;
3005 g = f;
3006 f = e;
3007 e = d + t | 0;
3008 d = c;
3009 c = b;
3010 b = a;
3011 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3012 w13 = t = (w14 >>> 7 ^ w14 >>> 18 ^ w14 >>> 3 ^ w14 << 25 ^ w14 << 14) + (w11 >>> 17 ^ w11 >>> 19 ^ w11 >>> 10 ^ w11 << 15 ^ w11 << 13) + w13 + w6 | 0;
3013 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3600352804 | 0;
3014 h = g;
3015 g = f;
3016 f = e;
3017 e = d + t | 0;
3018 d = c;
3019 c = b;
3020 b = a;
3021 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3022 w14 = t = (w15 >>> 7 ^ w15 >>> 18 ^ w15 >>> 3 ^ w15 << 25 ^ w15 << 14) + (w12 >>> 17 ^ w12 >>> 19 ^ w12 >>> 10 ^ w12 << 15 ^ w12 << 13) + w14 + w7 | 0;
3023 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 4094571909 | 0;
3024 h = g;
3025 g = f;
3026 f = e;
3027 e = d + t | 0;
3028 d = c;
3029 c = b;
3030 b = a;
3031 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3032 w15 = t = (w0 >>> 7 ^ w0 >>> 18 ^ w0 >>> 3 ^ w0 << 25 ^ w0 << 14) + (w13 >>> 17 ^ w13 >>> 19 ^ w13 >>> 10 ^ w13 << 15 ^ w13 << 13) + w15 + w8 | 0;
3033 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 275423344 | 0;
3034 h = g;
3035 g = f;
3036 f = e;
3037 e = d + t | 0;
3038 d = c;
3039 c = b;
3040 b = a;
3041 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3042 w0 = t = (w1 >>> 7 ^ w1 >>> 18 ^ w1 >>> 3 ^ w1 << 25 ^ w1 << 14) + (w14 >>> 17 ^ w14 >>> 19 ^ w14 >>> 10 ^ w14 << 15 ^ w14 << 13) + w0 + w9 | 0;
3043 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 430227734 | 0;
3044 h = g;
3045 g = f;
3046 f = e;
3047 e = d + t | 0;
3048 d = c;
3049 c = b;
3050 b = a;
3051 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3052 w1 = t = (w2 >>> 7 ^ w2 >>> 18 ^ w2 >>> 3 ^ w2 << 25 ^ w2 << 14) + (w15 >>> 17 ^ w15 >>> 19 ^ w15 >>> 10 ^ w15 << 15 ^ w15 << 13) + w1 + w10 | 0;
3053 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 506948616 | 0;
3054 h = g;
3055 g = f;
3056 f = e;
3057 e = d + t | 0;
3058 d = c;
3059 c = b;
3060 b = a;
3061 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3062 w2 = t = (w3 >>> 7 ^ w3 >>> 18 ^ w3 >>> 3 ^ w3 << 25 ^ w3 << 14) + (w0 >>> 17 ^ w0 >>> 19 ^ w0 >>> 10 ^ w0 << 15 ^ w0 << 13) + w2 + w11 | 0;
3063 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 659060556 | 0;
3064 h = g;
3065 g = f;
3066 f = e;
3067 e = d + t | 0;
3068 d = c;
3069 c = b;
3070 b = a;
3071 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3072 w3 = t = (w4 >>> 7 ^ w4 >>> 18 ^ w4 >>> 3 ^ w4 << 25 ^ w4 << 14) + (w1 >>> 17 ^ w1 >>> 19 ^ w1 >>> 10 ^ w1 << 15 ^ w1 << 13) + w3 + w12 | 0;
3073 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 883997877 | 0;
3074 h = g;
3075 g = f;
3076 f = e;
3077 e = d + t | 0;
3078 d = c;
3079 c = b;
3080 b = a;
3081 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3082 w4 = t = (w5 >>> 7 ^ w5 >>> 18 ^ w5 >>> 3 ^ w5 << 25 ^ w5 << 14) + (w2 >>> 17 ^ w2 >>> 19 ^ w2 >>> 10 ^ w2 << 15 ^ w2 << 13) + w4 + w13 | 0;
3083 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 958139571 | 0;
3084 h = g;
3085 g = f;
3086 f = e;
3087 e = d + t | 0;
3088 d = c;
3089 c = b;
3090 b = a;
3091 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3092 w5 = t = (w6 >>> 7 ^ w6 >>> 18 ^ w6 >>> 3 ^ w6 << 25 ^ w6 << 14) + (w3 >>> 17 ^ w3 >>> 19 ^ w3 >>> 10 ^ w3 << 15 ^ w3 << 13) + w5 + w14 | 0;
3093 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1322822218 | 0;
3094 h = g;
3095 g = f;
3096 f = e;
3097 e = d + t | 0;
3098 d = c;
3099 c = b;
3100 b = a;
3101 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3102 w6 = t = (w7 >>> 7 ^ w7 >>> 18 ^ w7 >>> 3 ^ w7 << 25 ^ w7 << 14) + (w4 >>> 17 ^ w4 >>> 19 ^ w4 >>> 10 ^ w4 << 15 ^ w4 << 13) + w6 + w15 | 0;
3103 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1537002063 | 0;
3104 h = g;
3105 g = f;
3106 f = e;
3107 e = d + t | 0;
3108 d = c;
3109 c = b;
3110 b = a;
3111 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3112 w7 = t = (w8 >>> 7 ^ w8 >>> 18 ^ w8 >>> 3 ^ w8 << 25 ^ w8 << 14) + (w5 >>> 17 ^ w5 >>> 19 ^ w5 >>> 10 ^ w5 << 15 ^ w5 << 13) + w7 + w0 | 0;
3113 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1747873779 | 0;
3114 h = g;
3115 g = f;
3116 f = e;
3117 e = d + t | 0;
3118 d = c;
3119 c = b;
3120 b = a;
3121 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3122 w8 = t = (w9 >>> 7 ^ w9 >>> 18 ^ w9 >>> 3 ^ w9 << 25 ^ w9 << 14) + (w6 >>> 17 ^ w6 >>> 19 ^ w6 >>> 10 ^ w6 << 15 ^ w6 << 13) + w8 + w1 | 0;
3123 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1955562222 | 0;
3124 h = g;
3125 g = f;
3126 f = e;
3127 e = d + t | 0;
3128 d = c;
3129 c = b;
3130 b = a;
3131 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3132 w9 = t = (w10 >>> 7 ^ w10 >>> 18 ^ w10 >>> 3 ^ w10 << 25 ^ w10 << 14) + (w7 >>> 17 ^ w7 >>> 19 ^ w7 >>> 10 ^ w7 << 15 ^ w7 << 13) + w9 + w2 | 0;
3133 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2024104815 | 0;
3134 h = g;
3135 g = f;
3136 f = e;
3137 e = d + t | 0;
3138 d = c;
3139 c = b;
3140 b = a;
3141 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3142 w10 = t = (w11 >>> 7 ^ w11 >>> 18 ^ w11 >>> 3 ^ w11 << 25 ^ w11 << 14) + (w8 >>> 17 ^ w8 >>> 19 ^ w8 >>> 10 ^ w8 << 15 ^ w8 << 13) + w10 + w3 | 0;
3143 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2227730452 | 0;
3144 h = g;
3145 g = f;
3146 f = e;
3147 e = d + t | 0;
3148 d = c;
3149 c = b;
3150 b = a;
3151 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3152 w11 = t = (w12 >>> 7 ^ w12 >>> 18 ^ w12 >>> 3 ^ w12 << 25 ^ w12 << 14) + (w9 >>> 17 ^ w9 >>> 19 ^ w9 >>> 10 ^ w9 << 15 ^ w9 << 13) + w11 + w4 | 0;
3153 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2361852424 | 0;
3154 h = g;
3155 g = f;
3156 f = e;
3157 e = d + t | 0;
3158 d = c;
3159 c = b;
3160 b = a;
3161 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3162 w12 = t = (w13 >>> 7 ^ w13 >>> 18 ^ w13 >>> 3 ^ w13 << 25 ^ w13 << 14) + (w10 >>> 17 ^ w10 >>> 19 ^ w10 >>> 10 ^ w10 << 15 ^ w10 << 13) + w12 + w5 | 0;
3163 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2428436474 | 0;
3164 h = g;
3165 g = f;
3166 f = e;
3167 e = d + t | 0;
3168 d = c;
3169 c = b;
3170 b = a;
3171 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3172 w13 = t = (w14 >>> 7 ^ w14 >>> 18 ^ w14 >>> 3 ^ w14 << 25 ^ w14 << 14) + (w11 >>> 17 ^ w11 >>> 19 ^ w11 >>> 10 ^ w11 << 15 ^ w11 << 13) + w13 + w6 | 0;
3173 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2756734187 | 0;
3174 h = g;
3175 g = f;
3176 f = e;
3177 e = d + t | 0;
3178 d = c;
3179 c = b;
3180 b = a;
3181 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3182 w14 = t = (w15 >>> 7 ^ w15 >>> 18 ^ w15 >>> 3 ^ w15 << 25 ^ w15 << 14) + (w12 >>> 17 ^ w12 >>> 19 ^ w12 >>> 10 ^ w12 << 15 ^ w12 << 13) + w14 + w7 | 0;
3183 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3204031479 | 0;
3184 h = g;
3185 g = f;
3186 f = e;
3187 e = d + t | 0;
3188 d = c;
3189 c = b;
3190 b = a;
3191 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3192 w15 = t = (w0 >>> 7 ^ w0 >>> 18 ^ w0 >>> 3 ^ w0 << 25 ^ w0 << 14) + (w13 >>> 17 ^ w13 >>> 19 ^ w13 >>> 10 ^ w13 << 15 ^ w13 << 13) + w15 + w8 | 0;
3193 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3329325298 | 0;
3194 h = g;
3195 g = f;
3196 f = e;
3197 e = d + t | 0;
3198 d = c;
3199 c = b;
3200 b = a;
3201 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3202 H0 = H0 + a | 0;
3203 H1 = H1 + b | 0;
3204 H2 = H2 + c | 0;
3205 H3 = H3 + d | 0;
3206 H4 = H4 + e | 0;
3207 H5 = H5 + f | 0;
3208 H6 = H6 + g | 0;
3209 H7 = H7 + h | 0;
3210 }
3211 function _core_heap(offset) {
3212 offset = offset | 0;
3213 _core(HEAP[offset | 0] << 24 | HEAP[offset | 1] << 16 | HEAP[offset | 2] << 8 | HEAP[offset | 3], HEAP[offset | 4] << 24 | HEAP[offset | 5] << 16 | HEAP[offset | 6] << 8 | HEAP[offset | 7], HEAP[offset | 8] << 24 | HEAP[offset | 9] << 16 | HEAP[offset | 10] << 8 | HEAP[offset | 11], HEAP[offset | 12] << 24 | HEAP[offset | 13] << 16 | HEAP[offset | 14] << 8 | HEAP[offset | 15], HEAP[offset | 16] << 24 | HEAP[offset | 17] << 16 | HEAP[offset | 18] << 8 | HEAP[offset | 19], HEAP[offset | 20] << 24 | HEAP[offset | 21] << 16 | HEAP[offset | 22] << 8 | HEAP[offset | 23], HEAP[offset | 24] << 24 | HEAP[offset | 25] << 16 | HEAP[offset | 26] << 8 | HEAP[offset | 27], HEAP[offset | 28] << 24 | HEAP[offset | 29] << 16 | HEAP[offset | 30] << 8 | HEAP[offset | 31], HEAP[offset | 32] << 24 | HEAP[offset | 33] << 16 | HEAP[offset | 34] << 8 | HEAP[offset | 35], HEAP[offset | 36] << 24 | HEAP[offset | 37] << 16 | HEAP[offset | 38] << 8 | HEAP[offset | 39], HEAP[offset | 40] << 24 | HEAP[offset | 41] << 16 | HEAP[offset | 42] << 8 | HEAP[offset | 43], HEAP[offset | 44] << 24 | HEAP[offset | 45] << 16 | HEAP[offset | 46] << 8 | HEAP[offset | 47], HEAP[offset | 48] << 24 | HEAP[offset | 49] << 16 | HEAP[offset | 50] << 8 | HEAP[offset | 51], HEAP[offset | 52] << 24 | HEAP[offset | 53] << 16 | HEAP[offset | 54] << 8 | HEAP[offset | 55], HEAP[offset | 56] << 24 | HEAP[offset | 57] << 16 | HEAP[offset | 58] << 8 | HEAP[offset | 59], HEAP[offset | 60] << 24 | HEAP[offset | 61] << 16 | HEAP[offset | 62] << 8 | HEAP[offset | 63]);
3214 }
3215 function _state_to_heap(output) {
3216 output = output | 0;
3217 HEAP[output | 0] = H0 >>> 24;
3218 HEAP[output | 1] = H0 >>> 16 & 255;
3219 HEAP[output | 2] = H0 >>> 8 & 255;
3220 HEAP[output | 3] = H0 & 255;
3221 HEAP[output | 4] = H1 >>> 24;
3222 HEAP[output | 5] = H1 >>> 16 & 255;
3223 HEAP[output | 6] = H1 >>> 8 & 255;
3224 HEAP[output | 7] = H1 & 255;
3225 HEAP[output | 8] = H2 >>> 24;
3226 HEAP[output | 9] = H2 >>> 16 & 255;
3227 HEAP[output | 10] = H2 >>> 8 & 255;
3228 HEAP[output | 11] = H2 & 255;
3229 HEAP[output | 12] = H3 >>> 24;
3230 HEAP[output | 13] = H3 >>> 16 & 255;
3231 HEAP[output | 14] = H3 >>> 8 & 255;
3232 HEAP[output | 15] = H3 & 255;
3233 HEAP[output | 16] = H4 >>> 24;
3234 HEAP[output | 17] = H4 >>> 16 & 255;
3235 HEAP[output | 18] = H4 >>> 8 & 255;
3236 HEAP[output | 19] = H4 & 255;
3237 HEAP[output | 20] = H5 >>> 24;
3238 HEAP[output | 21] = H5 >>> 16 & 255;
3239 HEAP[output | 22] = H5 >>> 8 & 255;
3240 HEAP[output | 23] = H5 & 255;
3241 HEAP[output | 24] = H6 >>> 24;
3242 HEAP[output | 25] = H6 >>> 16 & 255;
3243 HEAP[output | 26] = H6 >>> 8 & 255;
3244 HEAP[output | 27] = H6 & 255;
3245 HEAP[output | 28] = H7 >>> 24;
3246 HEAP[output | 29] = H7 >>> 16 & 255;
3247 HEAP[output | 30] = H7 >>> 8 & 255;
3248 HEAP[output | 31] = H7 & 255;
3249 }
3250 function reset() {
3251 H0 = 1779033703;
3252 H1 = 3144134277;
3253 H2 = 1013904242;
3254 H3 = 2773480762;
3255 H4 = 1359893119;
3256 H5 = 2600822924;
3257 H6 = 528734635;
3258 H7 = 1541459225;
3259 TOTAL = 0;
3260 }
3261 function init(h0, h1, h2, h3, h4, h5, h6, h7, total) {
3262 h0 = h0 | 0;
3263 h1 = h1 | 0;
3264 h2 = h2 | 0;
3265 h3 = h3 | 0;
3266 h4 = h4 | 0;
3267 h5 = h5 | 0;
3268 h6 = h6 | 0;
3269 h7 = h7 | 0;
3270 total = total | 0;
3271 H0 = h0;
3272 H1 = h1;
3273 H2 = h2;
3274 H3 = h3;
3275 H4 = h4;
3276 H5 = h5;
3277 H6 = h6;
3278 H7 = h7;
3279 TOTAL = total;
3280 }
3281 function process(offset, length) {
3282 offset = offset | 0;
3283 length = length | 0;
3284 var hashed = 0;
3285 if (offset & 63) return -1;
3286 while ((length | 0) >= 64) {
3287 _core_heap(offset);
3288 offset = offset + 64 | 0;
3289 length = length - 64 | 0;
3290 hashed = hashed + 64 | 0;
3291 }
3292 TOTAL = TOTAL + hashed | 0;
3293 return hashed | 0;
3294 }
3295 function finish(offset, length, output) {
3296 offset = offset | 0;
3297 length = length | 0;
3298 output = output | 0;
3299 var hashed = 0, i = 0;
3300 if (offset & 63) return -1;
3301 if (~output) if (output & 31) return -1;
3302 if ((length | 0) >= 64) {
3303 hashed = process(offset, length) | 0;
3304 if ((hashed | 0) == -1) return -1;
3305 offset = offset + hashed | 0;
3306 length = length - hashed | 0;
3307 }
3308 hashed = hashed + length | 0;
3309 TOTAL = TOTAL + length | 0;
3310 HEAP[offset | length] = 128;
3311 if ((length | 0) >= 56) {
3312 for (i = length + 1 | 0; (i | 0) < 64; i = i + 1 | 0) HEAP[offset | i] = 0;
3313 _core_heap(offset);
3314 length = 0;
3315 HEAP[offset | 0] = 0;
3316 }
3317 for (i = length + 1 | 0; (i | 0) < 59; i = i + 1 | 0) HEAP[offset | i] = 0;
3318 HEAP[offset | 59] = TOTAL >>> 29;
3319 HEAP[offset | 60] = TOTAL >>> 21 & 255;
3320 HEAP[offset | 61] = TOTAL >>> 13 & 255;
3321 HEAP[offset | 62] = TOTAL >>> 5 & 255;
3322 HEAP[offset | 63] = TOTAL << 3 & 255;
3323 _core_heap(offset);
3324 if (~output) _state_to_heap(output);
3325 return hashed | 0;
3326 }
3327 function hmac_reset() {
3328 H0 = I0;
3329 H1 = I1;
3330 H2 = I2;
3331 H3 = I3;
3332 H4 = I4;
3333 H5 = I5;
3334 H6 = I6;
3335 H7 = I7;
3336 TOTAL = 64;
3337 }
3338 function _hmac_opad() {
3339 H0 = O0;
3340 H1 = O1;
3341 H2 = O2;
3342 H3 = O3;
3343 H4 = O4;
3344 H5 = O5;
3345 H6 = O6;
3346 H7 = O7;
3347 TOTAL = 64;
3348 }
3349 function hmac_init(p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, p10, p11, p12, p13, p14, p15) {
3350 p0 = p0 | 0;
3351 p1 = p1 | 0;
3352 p2 = p2 | 0;
3353 p3 = p3 | 0;
3354 p4 = p4 | 0;
3355 p5 = p5 | 0;
3356 p6 = p6 | 0;
3357 p7 = p7 | 0;
3358 p8 = p8 | 0;
3359 p9 = p9 | 0;
3360 p10 = p10 | 0;
3361 p11 = p11 | 0;
3362 p12 = p12 | 0;
3363 p13 = p13 | 0;
3364 p14 = p14 | 0;
3365 p15 = p15 | 0;
3366 reset();
3367 _core(p0 ^ 1549556828, p1 ^ 1549556828, p2 ^ 1549556828, p3 ^ 1549556828, p4 ^ 1549556828, p5 ^ 1549556828, p6 ^ 1549556828, p7 ^ 1549556828, p8 ^ 1549556828, p9 ^ 1549556828, p10 ^ 1549556828, p11 ^ 1549556828, p12 ^ 1549556828, p13 ^ 1549556828, p14 ^ 1549556828, p15 ^ 1549556828);
3368 O0 = H0;
3369 O1 = H1;
3370 O2 = H2;
3371 O3 = H3;
3372 O4 = H4;
3373 O5 = H5;
3374 O6 = H6;
3375 O7 = H7;
3376 reset();
3377 _core(p0 ^ 909522486, p1 ^ 909522486, p2 ^ 909522486, p3 ^ 909522486, p4 ^ 909522486, p5 ^ 909522486, p6 ^ 909522486, p7 ^ 909522486, p8 ^ 909522486, p9 ^ 909522486, p10 ^ 909522486, p11 ^ 909522486, p12 ^ 909522486, p13 ^ 909522486, p14 ^ 909522486, p15 ^ 909522486);
3378 I0 = H0;
3379 I1 = H1;
3380 I2 = H2;
3381 I3 = H3;
3382 I4 = H4;
3383 I5 = H5;
3384 I6 = H6;
3385 I7 = H7;
3386 TOTAL = 64;
3387 }
3388 function hmac_finish(offset, length, output) {
3389 offset = offset | 0;
3390 length = length | 0;
3391 output = output | 0;
3392 var t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0, hashed = 0;
3393 if (offset & 63) return -1;
3394 if (~output) if (output & 31) return -1;
3395 hashed = finish(offset, length, -1) | 0;
3396 t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7;
3397 _hmac_opad();
3398 _core(t0, t1, t2, t3, t4, t5, t6, t7, 2147483648, 0, 0, 0, 0, 0, 0, 768);
3399 if (~output) _state_to_heap(output);
3400 return hashed | 0;
3401 }
3402 function pbkdf2_generate_block(offset, length, block, count, output) {
3403 offset = offset | 0;
3404 length = length | 0;
3405 block = block | 0;
3406 count = count | 0;
3407 output = output | 0;
3408 var h0 = 0, h1 = 0, h2 = 0, h3 = 0, h4 = 0, h5 = 0, h6 = 0, h7 = 0, t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0;
3409 if (offset & 63) return -1;
3410 if (~output) if (output & 31) return -1;
3411 HEAP[offset + length | 0] = block >>> 24;
3412 HEAP[offset + length + 1 | 0] = block >>> 16 & 255;
3413 HEAP[offset + length + 2 | 0] = block >>> 8 & 255;
3414 HEAP[offset + length + 3 | 0] = block & 255;
3415 // Closure compiler warning - The result of the 'bitor' operator is not being used
3416 //hmac_finish(offset, length + 4 | 0, -1) | 0;
3417 hmac_finish(offset, length + 4 | 0, -1);
3418 h0 = t0 = H0, h1 = t1 = H1, h2 = t2 = H2, h3 = t3 = H3, h4 = t4 = H4, h5 = t5 = H5,
3419 h6 = t6 = H6, h7 = t7 = H7;
3420 count = count - 1 | 0;
3421 while ((count | 0) > 0) {
3422 hmac_reset();
3423 _core(t0, t1, t2, t3, t4, t5, t6, t7, 2147483648, 0, 0, 0, 0, 0, 0, 768);
3424 t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7;
3425 _hmac_opad();
3426 _core(t0, t1, t2, t3, t4, t5, t6, t7, 2147483648, 0, 0, 0, 0, 0, 0, 768);
3427 t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7;
3428 h0 = h0 ^ H0;
3429 h1 = h1 ^ H1;
3430 h2 = h2 ^ H2;
3431 h3 = h3 ^ H3;
3432 h4 = h4 ^ H4;
3433 h5 = h5 ^ H5;
3434 h6 = h6 ^ H6;
3435 h7 = h7 ^ H7;
3436 count = count - 1 | 0;
3437 }
3438 H0 = h0;
3439 H1 = h1;
3440 H2 = h2;
3441 H3 = h3;
3442 H4 = h4;
3443 H5 = h5;
3444 H6 = h6;
3445 H7 = h7;
3446 if (~output) _state_to_heap(output);
3447 return 0;
3448 }
3449 return {
3450 reset: reset,
3451 init: init,
3452 process: process,
3453 finish: finish,
3454 hmac_reset: hmac_reset,
3455 hmac_init: hmac_init,
3456 hmac_finish: hmac_finish,
3457 pbkdf2_generate_block: pbkdf2_generate_block
3458 };
3459 }
3460 var _sha256_block_size = 64, _sha256_hash_size = 32;
3461 function sha256_constructor(options) {
3462 options = options || {};
3463 options.heapSize = options.heapSize || 4096;
3464 if (options.heapSize <= 0 || options.heapSize % 4096) throw new IllegalArgumentError("heapSize must be a positive number and multiple of 4096");
3465 this.heap = options.heap || new Uint8Array(options.heapSize);
3466 this.asm = options.asm || sha256_asm(global, null, this.heap.buffer);
3467 this.BLOCK_SIZE = _sha256_block_size;
3468 this.HASH_SIZE = _sha256_hash_size;
3469 this.reset();
3470 }
3471 function sha256_reset() {
3472 this.result = null;
3473 this.pos = 0;
3474 this.len = 0;
3475 this.asm.reset();
3476 return this;
3477 }
3478 function sha256_process(data) {
3479 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
3480 var dpos = 0, dlen = 0, clen = 0;
3481 if (is_buffer(data) || is_bytes(data)) {
3482 dpos = data.byteOffset || 0;
3483 dlen = data.byteLength;
3484 } else if (is_string(data)) {
3485 dlen = data.length;
3486 } else {
3487 throw new TypeError("data isn't of expected type");
3488 }
3489 while (dlen > 0) {
3490 clen = this.heap.byteLength - this.pos - this.len;
3491 clen = clen < dlen ? clen : dlen;
3492 if (is_buffer(data) || is_bytes(data)) {
3493 this.heap.set(new Uint8Array(data.buffer || data, dpos, clen), this.pos + this.len);
3494 } else {
3495 for (var i = 0; i < clen; i++) this.heap[this.pos + this.len + i] = data.charCodeAt(dpos + i);
3496 }
3497 this.len += clen;
3498 dpos += clen;
3499 dlen -= clen;
3500 clen = this.asm.process(this.pos, this.len);
3501 if (clen < this.len) {
3502 this.pos += clen;
3503 this.len -= clen;
3504 } else {
3505 this.pos = 0;
3506 this.len = 0;
3507 }
3508 }
3509 return this;
3510 }
3511 function sha256_finish() {
3512 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
3513 this.asm.finish(this.pos, this.len, 0);
3514 this.result = new Uint8Array(_sha256_hash_size);
3515 this.result.set(this.heap.subarray(0, _sha256_hash_size));
3516 this.pos = 0;
3517 this.len = 0;
3518 return this;
3519 }
3520 sha256_constructor.BLOCK_SIZE = _sha256_block_size;
3521 sha256_constructor.HASH_SIZE = _sha256_hash_size;
3522 var sha256_prototype = sha256_constructor.prototype;
3523 sha256_prototype.reset = sha256_reset;
3524 sha256_prototype.process = sha256_process;
3525 sha256_prototype.finish = sha256_finish;
3526 function sha512_asm(stdlib, foreign, buffer) {
3527 // Closure Compiler warning - commented out
3528 //"use asm";
3529 var H0h = 0, H0l = 0, H1h = 0, H1l = 0, H2h = 0, H2l = 0, H3h = 0, H3l = 0, H4h = 0, H4l = 0, H5h = 0, H5l = 0, H6h = 0, H6l = 0, H7h = 0, H7l = 0, TOTAL = 0;
3530 var I0h = 0, I0l = 0, I1h = 0, I1l = 0, I2h = 0, I2l = 0, I3h = 0, I3l = 0, I4h = 0, I4l = 0, I5h = 0, I5l = 0, I6h = 0, I6l = 0, I7h = 0, I7l = 0, O0h = 0, O0l = 0, O1h = 0, O1l = 0, O2h = 0, O2l = 0, O3h = 0, O3l = 0, O4h = 0, O4l = 0, O5h = 0, O5l = 0, O6h = 0, O6l = 0, O7h = 0, O7l = 0;
3531 var HEAP = new stdlib.Uint8Array(buffer);
3532 function _core(w0h, w0l, w1h, w1l, w2h, w2l, w3h, w3l, w4h, w4l, w5h, w5l, w6h, w6l, w7h, w7l, w8h, w8l, w9h, w9l, w10h, w10l, w11h, w11l, w12h, w12l, w13h, w13l, w14h, w14l, w15h, w15l) {
3533 w0h = w0h | 0;
3534 w0l = w0l | 0;
3535 w1h = w1h | 0;
3536 w1l = w1l | 0;
3537 w2h = w2h | 0;
3538 w2l = w2l | 0;
3539 w3h = w3h | 0;
3540 w3l = w3l | 0;
3541 w4h = w4h | 0;
3542 w4l = w4l | 0;
3543 w5h = w5h | 0;
3544 w5l = w5l | 0;
3545 w6h = w6h | 0;
3546 w6l = w6l | 0;
3547 w7h = w7h | 0;
3548 w7l = w7l | 0;
3549 w8h = w8h | 0;
3550 w8l = w8l | 0;
3551 w9h = w9h | 0;
3552 w9l = w9l | 0;
3553 w10h = w10h | 0;
3554 w10l = w10l | 0;
3555 w11h = w11h | 0;
3556 w11l = w11l | 0;
3557 w12h = w12h | 0;
3558 w12l = w12l | 0;
3559 w13h = w13h | 0;
3560 w13l = w13l | 0;
3561 w14h = w14h | 0;
3562 w14l = w14l | 0;
3563 w15h = w15h | 0;
3564 w15l = w15l | 0;
3565 var ah = 0, al = 0, bh = 0, bl = 0, ch = 0, cl = 0, dh = 0, dl = 0, eh = 0, el = 0, fh = 0, fl = 0, gh = 0, gl = 0, hh = 0, hl = 0, th = 0, tl = 0, xl = 0;
3566 ah = H0h;
3567 al = H0l;
3568 bh = H1h;
3569 bl = H1l;
3570 ch = H2h;
3571 cl = H2l;
3572 dh = H3h;
3573 dl = H3l;
3574 eh = H4h;
3575 el = H4l;
3576 fh = H5h;
3577 fl = H5l;
3578 gh = H6h;
3579 gl = H6l;
3580 hh = H7h;
3581 hl = H7l;
3582 tl = 3609767458 + w0l | 0;
3583 th = 1116352408 + w0h + (tl >>> 0 < w0l >>> 0 ? 1 : 0) | 0;
3584 tl = tl + hl | 0;
3585 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3586 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3587 tl = tl + xl | 0;
3588 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3589 xl = gl ^ el & (fl ^ gl) | 0;
3590 tl = tl + xl | 0;
3591 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3592 hl = gl;
3593 hh = gh;
3594 gl = fl;
3595 gh = fh;
3596 fl = el;
3597 fh = eh;
3598 el = dl + tl | 0;
3599 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
3600 dl = cl;
3601 dh = ch;
3602 cl = bl;
3603 ch = bh;
3604 bl = al;
3605 bh = ah;
3606 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
3607 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
3608 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
3609 al = al + xl | 0;
3610 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3611 tl = 602891725 + w1l | 0;
3612 th = 1899447441 + w1h + (tl >>> 0 < w1l >>> 0 ? 1 : 0) | 0;
3613 tl = tl + hl | 0;
3614 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3615 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3616 tl = tl + xl | 0;
3617 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3618 xl = gl ^ el & (fl ^ gl) | 0;
3619 tl = tl + xl | 0;
3620 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3621 hl = gl;
3622 hh = gh;
3623 gl = fl;
3624 gh = fh;
3625 fl = el;
3626 fh = eh;
3627 el = dl + tl | 0;
3628 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
3629 dl = cl;
3630 dh = ch;
3631 cl = bl;
3632 ch = bh;
3633 bl = al;
3634 bh = ah;
3635 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
3636 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
3637 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
3638 al = al + xl | 0;
3639 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3640 tl = 3964484399 + w2l | 0;
3641 th = 3049323471 + w2h + (tl >>> 0 < w2l >>> 0 ? 1 : 0) | 0;
3642 tl = tl + hl | 0;
3643 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3644 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3645 tl = tl + xl | 0;
3646 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3647 xl = gl ^ el & (fl ^ gl) | 0;
3648 tl = tl + xl | 0;
3649 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3650 hl = gl;
3651 hh = gh;
3652 gl = fl;
3653 gh = fh;
3654 fl = el;
3655 fh = eh;
3656 el = dl + tl | 0;
3657 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
3658 dl = cl;
3659 dh = ch;
3660 cl = bl;
3661 ch = bh;
3662 bl = al;
3663 bh = ah;
3664 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
3665 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
3666 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
3667 al = al + xl | 0;
3668 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3669 tl = 2173295548 + w3l | 0;
3670 th = 3921009573 + w3h + (tl >>> 0 < w3l >>> 0 ? 1 : 0) | 0;
3671 tl = tl + hl | 0;
3672 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3673 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3674 tl = tl + xl | 0;
3675 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3676 xl = gl ^ el & (fl ^ gl) | 0;
3677 tl = tl + xl | 0;
3678 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3679 hl = gl;
3680 hh = gh;
3681 gl = fl;
3682 gh = fh;
3683 fl = el;
3684 fh = eh;
3685 el = dl + tl | 0;
3686 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
3687 dl = cl;
3688 dh = ch;
3689 cl = bl;
3690 ch = bh;
3691 bl = al;
3692 bh = ah;
3693 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
3694 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
3695 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
3696 al = al + xl | 0;
3697 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3698 tl = 4081628472 + w4l | 0;
3699 th = 961987163 + w4h + (tl >>> 0 < w4l >>> 0 ? 1 : 0) | 0;
3700 tl = tl + hl | 0;
3701 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3702 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3703 tl = tl + xl | 0;
3704 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3705 xl = gl ^ el & (fl ^ gl) | 0;
3706 tl = tl + xl | 0;
3707 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3708 hl = gl;
3709 hh = gh;
3710 gl = fl;
3711 gh = fh;
3712 fl = el;
3713 fh = eh;
3714 el = dl + tl | 0;
3715 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
3716 dl = cl;
3717 dh = ch;
3718 cl = bl;
3719 ch = bh;
3720 bl = al;
3721 bh = ah;
3722 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
3723 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
3724 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
3725 al = al + xl | 0;
3726 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3727 tl = 3053834265 + w5l | 0;
3728 th = 1508970993 + w5h + (tl >>> 0 < w5l >>> 0 ? 1 : 0) | 0;
3729 tl = tl + hl | 0;
3730 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3731 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3732 tl = tl + xl | 0;
3733 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3734 xl = gl ^ el & (fl ^ gl) | 0;
3735 tl = tl + xl | 0;
3736 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3737 hl = gl;
3738 hh = gh;
3739 gl = fl;
3740 gh = fh;
3741 fl = el;
3742 fh = eh;
3743 el = dl + tl | 0;
3744 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
3745 dl = cl;
3746 dh = ch;
3747 cl = bl;
3748 ch = bh;
3749 bl = al;
3750 bh = ah;
3751 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
3752 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
3753 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
3754 al = al + xl | 0;
3755 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3756 tl = 2937671579 + w6l | 0;
3757 th = 2453635748 + w6h + (tl >>> 0 < w6l >>> 0 ? 1 : 0) | 0;
3758 tl = tl + hl | 0;
3759 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3760 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3761 tl = tl + xl | 0;
3762 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3763 xl = gl ^ el & (fl ^ gl) | 0;
3764 tl = tl + xl | 0;
3765 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3766 hl = gl;
3767 hh = gh;
3768 gl = fl;
3769 gh = fh;
3770 fl = el;
3771 fh = eh;
3772 el = dl + tl | 0;
3773 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
3774 dl = cl;
3775 dh = ch;
3776 cl = bl;
3777 ch = bh;
3778 bl = al;
3779 bh = ah;
3780 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
3781 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
3782 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
3783 al = al + xl | 0;
3784 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3785 tl = 3664609560 + w7l | 0;
3786 th = 2870763221 + w7h + (tl >>> 0 < w7l >>> 0 ? 1 : 0) | 0;
3787 tl = tl + hl | 0;
3788 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3789 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3790 tl = tl + xl | 0;
3791 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3792 xl = gl ^ el & (fl ^ gl) | 0;
3793 tl = tl + xl | 0;
3794 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3795 hl = gl;
3796 hh = gh;
3797 gl = fl;
3798 gh = fh;
3799 fl = el;
3800 fh = eh;
3801 el = dl + tl | 0;
3802 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
3803 dl = cl;
3804 dh = ch;
3805 cl = bl;
3806 ch = bh;
3807 bl = al;
3808 bh = ah;
3809 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
3810 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
3811 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
3812 al = al + xl | 0;
3813 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3814 tl = 2734883394 + w8l | 0;
3815 th = 3624381080 + w8h + (tl >>> 0 < w8l >>> 0 ? 1 : 0) | 0;
3816 tl = tl + hl | 0;
3817 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3818 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3819 tl = tl + xl | 0;
3820 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3821 xl = gl ^ el & (fl ^ gl) | 0;
3822 tl = tl + xl | 0;
3823 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3824 hl = gl;
3825 hh = gh;
3826 gl = fl;
3827 gh = fh;
3828 fl = el;
3829 fh = eh;
3830 el = dl + tl | 0;
3831 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
3832 dl = cl;
3833 dh = ch;
3834 cl = bl;
3835 ch = bh;
3836 bl = al;
3837 bh = ah;
3838 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
3839 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
3840 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
3841 al = al + xl | 0;
3842 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3843 tl = 1164996542 + w9l | 0;
3844 th = 310598401 + w9h + (tl >>> 0 < w9l >>> 0 ? 1 : 0) | 0;
3845 tl = tl + hl | 0;
3846 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3847 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3848 tl = tl + xl | 0;
3849 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3850 xl = gl ^ el & (fl ^ gl) | 0;
3851 tl = tl + xl | 0;
3852 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3853 hl = gl;
3854 hh = gh;
3855 gl = fl;
3856 gh = fh;
3857 fl = el;
3858 fh = eh;
3859 el = dl + tl | 0;
3860 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
3861 dl = cl;
3862 dh = ch;
3863 cl = bl;
3864 ch = bh;
3865 bl = al;
3866 bh = ah;
3867 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
3868 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
3869 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
3870 al = al + xl | 0;
3871 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3872 tl = 1323610764 + w10l | 0;
3873 th = 607225278 + w10h + (tl >>> 0 < w10l >>> 0 ? 1 : 0) | 0;
3874 tl = tl + hl | 0;
3875 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3876 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3877 tl = tl + xl | 0;
3878 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3879 xl = gl ^ el & (fl ^ gl) | 0;
3880 tl = tl + xl | 0;
3881 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3882 hl = gl;
3883 hh = gh;
3884 gl = fl;
3885 gh = fh;
3886 fl = el;
3887 fh = eh;
3888 el = dl + tl | 0;
3889 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
3890 dl = cl;
3891 dh = ch;
3892 cl = bl;
3893 ch = bh;
3894 bl = al;
3895 bh = ah;
3896 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
3897 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
3898 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
3899 al = al + xl | 0;
3900 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3901 tl = 3590304994 + w11l | 0;
3902 th = 1426881987 + w11h + (tl >>> 0 < w11l >>> 0 ? 1 : 0) | 0;
3903 tl = tl + hl | 0;
3904 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3905 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3906 tl = tl + xl | 0;
3907 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3908 xl = gl ^ el & (fl ^ gl) | 0;
3909 tl = tl + xl | 0;
3910 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3911 hl = gl;
3912 hh = gh;
3913 gl = fl;
3914 gh = fh;
3915 fl = el;
3916 fh = eh;
3917 el = dl + tl | 0;
3918 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
3919 dl = cl;
3920 dh = ch;
3921 cl = bl;
3922 ch = bh;
3923 bl = al;
3924 bh = ah;
3925 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
3926 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
3927 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
3928 al = al + xl | 0;
3929 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3930 tl = 4068182383 + w12l | 0;
3931 th = 1925078388 + w12h + (tl >>> 0 < w12l >>> 0 ? 1 : 0) | 0;
3932 tl = tl + hl | 0;
3933 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3934 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3935 tl = tl + xl | 0;
3936 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3937 xl = gl ^ el & (fl ^ gl) | 0;
3938 tl = tl + xl | 0;
3939 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3940 hl = gl;
3941 hh = gh;
3942 gl = fl;
3943 gh = fh;
3944 fl = el;
3945 fh = eh;
3946 el = dl + tl | 0;
3947 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
3948 dl = cl;
3949 dh = ch;
3950 cl = bl;
3951 ch = bh;
3952 bl = al;
3953 bh = ah;
3954 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
3955 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
3956 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
3957 al = al + xl | 0;
3958 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3959 tl = 991336113 + w13l | 0;
3960 th = 2162078206 + w13h + (tl >>> 0 < w13l >>> 0 ? 1 : 0) | 0;
3961 tl = tl + hl | 0;
3962 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3963 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3964 tl = tl + xl | 0;
3965 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3966 xl = gl ^ el & (fl ^ gl) | 0;
3967 tl = tl + xl | 0;
3968 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3969 hl = gl;
3970 hh = gh;
3971 gl = fl;
3972 gh = fh;
3973 fl = el;
3974 fh = eh;
3975 el = dl + tl | 0;
3976 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
3977 dl = cl;
3978 dh = ch;
3979 cl = bl;
3980 ch = bh;
3981 bl = al;
3982 bh = ah;
3983 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
3984 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
3985 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
3986 al = al + xl | 0;
3987 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3988 tl = 633803317 + w14l | 0;
3989 th = 2614888103 + w14h + (tl >>> 0 < w14l >>> 0 ? 1 : 0) | 0;
3990 tl = tl + hl | 0;
3991 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3992 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3993 tl = tl + xl | 0;
3994 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3995 xl = gl ^ el & (fl ^ gl) | 0;
3996 tl = tl + xl | 0;
3997 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3998 hl = gl;
3999 hh = gh;
4000 gl = fl;
4001 gh = fh;
4002 fl = el;
4003 fh = eh;
4004 el = dl + tl | 0;
4005 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4006 dl = cl;
4007 dh = ch;
4008 cl = bl;
4009 ch = bh;
4010 bl = al;
4011 bh = ah;
4012 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4013 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4014 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4015 al = al + xl | 0;
4016 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4017 tl = 3479774868 + w15l | 0;
4018 th = 3248222580 + w15h + (tl >>> 0 < w15l >>> 0 ? 1 : 0) | 0;
4019 tl = tl + hl | 0;
4020 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4021 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4022 tl = tl + xl | 0;
4023 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4024 xl = gl ^ el & (fl ^ gl) | 0;
4025 tl = tl + xl | 0;
4026 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4027 hl = gl;
4028 hh = gh;
4029 gl = fl;
4030 gh = fh;
4031 fl = el;
4032 fh = eh;
4033 el = dl + tl | 0;
4034 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4035 dl = cl;
4036 dh = ch;
4037 cl = bl;
4038 ch = bh;
4039 bl = al;
4040 bh = ah;
4041 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4042 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4043 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4044 al = al + xl | 0;
4045 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4046 w0l = w0l + w9l | 0;
4047 w0h = w0h + w9h + (w0l >>> 0 < w9l >>> 0 ? 1 : 0) | 0;
4048 xl = (w1l >>> 1 | w1h << 31) ^ (w1l >>> 8 | w1h << 24) ^ (w1l >>> 7 | w1h << 25) | 0;
4049 w0l = w0l + xl | 0;
4050 w0h = w0h + ((w1h >>> 1 | w1l << 31) ^ (w1h >>> 8 | w1l << 24) ^ w1h >>> 7) + (w0l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4051 xl = (w14l >>> 19 | w14h << 13) ^ (w14l << 3 | w14h >>> 29) ^ (w14l >>> 6 | w14h << 26) | 0;
4052 w0l = w0l + xl | 0;
4053 w0h = w0h + ((w14h >>> 19 | w14l << 13) ^ (w14h << 3 | w14l >>> 29) ^ w14h >>> 6) + (w0l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4054 tl = 2666613458 + w0l | 0;
4055 th = 3835390401 + w0h + (tl >>> 0 < w0l >>> 0 ? 1 : 0) | 0;
4056 tl = tl + hl | 0;
4057 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4058 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4059 tl = tl + xl | 0;
4060 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4061 xl = gl ^ el & (fl ^ gl) | 0;
4062 tl = tl + xl | 0;
4063 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4064 hl = gl;
4065 hh = gh;
4066 gl = fl;
4067 gh = fh;
4068 fl = el;
4069 fh = eh;
4070 el = dl + tl | 0;
4071 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4072 dl = cl;
4073 dh = ch;
4074 cl = bl;
4075 ch = bh;
4076 bl = al;
4077 bh = ah;
4078 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4079 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4080 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4081 al = al + xl | 0;
4082 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4083 w1l = w1l + w10l | 0;
4084 w1h = w1h + w10h + (w1l >>> 0 < w10l >>> 0 ? 1 : 0) | 0;
4085 xl = (w2l >>> 1 | w2h << 31) ^ (w2l >>> 8 | w2h << 24) ^ (w2l >>> 7 | w2h << 25) | 0;
4086 w1l = w1l + xl | 0;
4087 w1h = w1h + ((w2h >>> 1 | w2l << 31) ^ (w2h >>> 8 | w2l << 24) ^ w2h >>> 7) + (w1l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4088 xl = (w15l >>> 19 | w15h << 13) ^ (w15l << 3 | w15h >>> 29) ^ (w15l >>> 6 | w15h << 26) | 0;
4089 w1l = w1l + xl | 0;
4090 w1h = w1h + ((w15h >>> 19 | w15l << 13) ^ (w15h << 3 | w15l >>> 29) ^ w15h >>> 6) + (w1l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4091 tl = 944711139 + w1l | 0;
4092 th = 4022224774 + w1h + (tl >>> 0 < w1l >>> 0 ? 1 : 0) | 0;
4093 tl = tl + hl | 0;
4094 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4095 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4096 tl = tl + xl | 0;
4097 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4098 xl = gl ^ el & (fl ^ gl) | 0;
4099 tl = tl + xl | 0;
4100 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4101 hl = gl;
4102 hh = gh;
4103 gl = fl;
4104 gh = fh;
4105 fl = el;
4106 fh = eh;
4107 el = dl + tl | 0;
4108 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4109 dl = cl;
4110 dh = ch;
4111 cl = bl;
4112 ch = bh;
4113 bl = al;
4114 bh = ah;
4115 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4116 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4117 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4118 al = al + xl | 0;
4119 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4120 w2l = w2l + w11l | 0;
4121 w2h = w2h + w11h + (w2l >>> 0 < w11l >>> 0 ? 1 : 0) | 0;
4122 xl = (w3l >>> 1 | w3h << 31) ^ (w3l >>> 8 | w3h << 24) ^ (w3l >>> 7 | w3h << 25) | 0;
4123 w2l = w2l + xl | 0;
4124 w2h = w2h + ((w3h >>> 1 | w3l << 31) ^ (w3h >>> 8 | w3l << 24) ^ w3h >>> 7) + (w2l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4125 xl = (w0l >>> 19 | w0h << 13) ^ (w0l << 3 | w0h >>> 29) ^ (w0l >>> 6 | w0h << 26) | 0;
4126 w2l = w2l + xl | 0;
4127 w2h = w2h + ((w0h >>> 19 | w0l << 13) ^ (w0h << 3 | w0l >>> 29) ^ w0h >>> 6) + (w2l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4128 tl = 2341262773 + w2l | 0;
4129 th = 264347078 + w2h + (tl >>> 0 < w2l >>> 0 ? 1 : 0) | 0;
4130 tl = tl + hl | 0;
4131 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4132 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4133 tl = tl + xl | 0;
4134 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4135 xl = gl ^ el & (fl ^ gl) | 0;
4136 tl = tl + xl | 0;
4137 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4138 hl = gl;
4139 hh = gh;
4140 gl = fl;
4141 gh = fh;
4142 fl = el;
4143 fh = eh;
4144 el = dl + tl | 0;
4145 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4146 dl = cl;
4147 dh = ch;
4148 cl = bl;
4149 ch = bh;
4150 bl = al;
4151 bh = ah;
4152 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4153 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4154 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4155 al = al + xl | 0;
4156 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4157 w3l = w3l + w12l | 0;
4158 w3h = w3h + w12h + (w3l >>> 0 < w12l >>> 0 ? 1 : 0) | 0;
4159 xl = (w4l >>> 1 | w4h << 31) ^ (w4l >>> 8 | w4h << 24) ^ (w4l >>> 7 | w4h << 25) | 0;
4160 w3l = w3l + xl | 0;
4161 w3h = w3h + ((w4h >>> 1 | w4l << 31) ^ (w4h >>> 8 | w4l << 24) ^ w4h >>> 7) + (w3l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4162 xl = (w1l >>> 19 | w1h << 13) ^ (w1l << 3 | w1h >>> 29) ^ (w1l >>> 6 | w1h << 26) | 0;
4163 w3l = w3l + xl | 0;
4164 w3h = w3h + ((w1h >>> 19 | w1l << 13) ^ (w1h << 3 | w1l >>> 29) ^ w1h >>> 6) + (w3l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4165 tl = 2007800933 + w3l | 0;
4166 th = 604807628 + w3h + (tl >>> 0 < w3l >>> 0 ? 1 : 0) | 0;
4167 tl = tl + hl | 0;
4168 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4169 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4170 tl = tl + xl | 0;
4171 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4172 xl = gl ^ el & (fl ^ gl) | 0;
4173 tl = tl + xl | 0;
4174 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4175 hl = gl;
4176 hh = gh;
4177 gl = fl;
4178 gh = fh;
4179 fl = el;
4180 fh = eh;
4181 el = dl + tl | 0;
4182 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4183 dl = cl;
4184 dh = ch;
4185 cl = bl;
4186 ch = bh;
4187 bl = al;
4188 bh = ah;
4189 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4190 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4191 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4192 al = al + xl | 0;
4193 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4194 w4l = w4l + w13l | 0;
4195 w4h = w4h + w13h + (w4l >>> 0 < w13l >>> 0 ? 1 : 0) | 0;
4196 xl = (w5l >>> 1 | w5h << 31) ^ (w5l >>> 8 | w5h << 24) ^ (w5l >>> 7 | w5h << 25) | 0;
4197 w4l = w4l + xl | 0;
4198 w4h = w4h + ((w5h >>> 1 | w5l << 31) ^ (w5h >>> 8 | w5l << 24) ^ w5h >>> 7) + (w4l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4199 xl = (w2l >>> 19 | w2h << 13) ^ (w2l << 3 | w2h >>> 29) ^ (w2l >>> 6 | w2h << 26) | 0;
4200 w4l = w4l + xl | 0;
4201 w4h = w4h + ((w2h >>> 19 | w2l << 13) ^ (w2h << 3 | w2l >>> 29) ^ w2h >>> 6) + (w4l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4202 tl = 1495990901 + w4l | 0;
4203 th = 770255983 + w4h + (tl >>> 0 < w4l >>> 0 ? 1 : 0) | 0;
4204 tl = tl + hl | 0;
4205 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4206 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4207 tl = tl + xl | 0;
4208 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4209 xl = gl ^ el & (fl ^ gl) | 0;
4210 tl = tl + xl | 0;
4211 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4212 hl = gl;
4213 hh = gh;
4214 gl = fl;
4215 gh = fh;
4216 fl = el;
4217 fh = eh;
4218 el = dl + tl | 0;
4219 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4220 dl = cl;
4221 dh = ch;
4222 cl = bl;
4223 ch = bh;
4224 bl = al;
4225 bh = ah;
4226 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4227 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4228 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4229 al = al + xl | 0;
4230 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4231 w5l = w5l + w14l | 0;
4232 w5h = w5h + w14h + (w5l >>> 0 < w14l >>> 0 ? 1 : 0) | 0;
4233 xl = (w6l >>> 1 | w6h << 31) ^ (w6l >>> 8 | w6h << 24) ^ (w6l >>> 7 | w6h << 25) | 0;
4234 w5l = w5l + xl | 0;
4235 w5h = w5h + ((w6h >>> 1 | w6l << 31) ^ (w6h >>> 8 | w6l << 24) ^ w6h >>> 7) + (w5l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4236 xl = (w3l >>> 19 | w3h << 13) ^ (w3l << 3 | w3h >>> 29) ^ (w3l >>> 6 | w3h << 26) | 0;
4237 w5l = w5l + xl | 0;
4238 w5h = w5h + ((w3h >>> 19 | w3l << 13) ^ (w3h << 3 | w3l >>> 29) ^ w3h >>> 6) + (w5l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4239 tl = 1856431235 + w5l | 0;
4240 th = 1249150122 + w5h + (tl >>> 0 < w5l >>> 0 ? 1 : 0) | 0;
4241 tl = tl + hl | 0;
4242 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4243 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4244 tl = tl + xl | 0;
4245 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4246 xl = gl ^ el & (fl ^ gl) | 0;
4247 tl = tl + xl | 0;
4248 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4249 hl = gl;
4250 hh = gh;
4251 gl = fl;
4252 gh = fh;
4253 fl = el;
4254 fh = eh;
4255 el = dl + tl | 0;
4256 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4257 dl = cl;
4258 dh = ch;
4259 cl = bl;
4260 ch = bh;
4261 bl = al;
4262 bh = ah;
4263 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4264 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4265 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4266 al = al + xl | 0;
4267 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4268 w6l = w6l + w15l | 0;
4269 w6h = w6h + w15h + (w6l >>> 0 < w15l >>> 0 ? 1 : 0) | 0;
4270 xl = (w7l >>> 1 | w7h << 31) ^ (w7l >>> 8 | w7h << 24) ^ (w7l >>> 7 | w7h << 25) | 0;
4271 w6l = w6l + xl | 0;
4272 w6h = w6h + ((w7h >>> 1 | w7l << 31) ^ (w7h >>> 8 | w7l << 24) ^ w7h >>> 7) + (w6l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4273 xl = (w4l >>> 19 | w4h << 13) ^ (w4l << 3 | w4h >>> 29) ^ (w4l >>> 6 | w4h << 26) | 0;
4274 w6l = w6l + xl | 0;
4275 w6h = w6h + ((w4h >>> 19 | w4l << 13) ^ (w4h << 3 | w4l >>> 29) ^ w4h >>> 6) + (w6l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4276 tl = 3175218132 + w6l | 0;
4277 th = 1555081692 + w6h + (tl >>> 0 < w6l >>> 0 ? 1 : 0) | 0;
4278 tl = tl + hl | 0;
4279 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4280 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4281 tl = tl + xl | 0;
4282 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4283 xl = gl ^ el & (fl ^ gl) | 0;
4284 tl = tl + xl | 0;
4285 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4286 hl = gl;
4287 hh = gh;
4288 gl = fl;
4289 gh = fh;
4290 fl = el;
4291 fh = eh;
4292 el = dl + tl | 0;
4293 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4294 dl = cl;
4295 dh = ch;
4296 cl = bl;
4297 ch = bh;
4298 bl = al;
4299 bh = ah;
4300 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4301 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4302 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4303 al = al + xl | 0;
4304 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4305 w7l = w7l + w0l | 0;
4306 w7h = w7h + w0h + (w7l >>> 0 < w0l >>> 0 ? 1 : 0) | 0;
4307 xl = (w8l >>> 1 | w8h << 31) ^ (w8l >>> 8 | w8h << 24) ^ (w8l >>> 7 | w8h << 25) | 0;
4308 w7l = w7l + xl | 0;
4309 w7h = w7h + ((w8h >>> 1 | w8l << 31) ^ (w8h >>> 8 | w8l << 24) ^ w8h >>> 7) + (w7l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4310 xl = (w5l >>> 19 | w5h << 13) ^ (w5l << 3 | w5h >>> 29) ^ (w5l >>> 6 | w5h << 26) | 0;
4311 w7l = w7l + xl | 0;
4312 w7h = w7h + ((w5h >>> 19 | w5l << 13) ^ (w5h << 3 | w5l >>> 29) ^ w5h >>> 6) + (w7l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4313 tl = 2198950837 + w7l | 0;
4314 th = 1996064986 + w7h + (tl >>> 0 < w7l >>> 0 ? 1 : 0) | 0;
4315 tl = tl + hl | 0;
4316 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4317 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4318 tl = tl + xl | 0;
4319 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4320 xl = gl ^ el & (fl ^ gl) | 0;
4321 tl = tl + xl | 0;
4322 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4323 hl = gl;
4324 hh = gh;
4325 gl = fl;
4326 gh = fh;
4327 fl = el;
4328 fh = eh;
4329 el = dl + tl | 0;
4330 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4331 dl = cl;
4332 dh = ch;
4333 cl = bl;
4334 ch = bh;
4335 bl = al;
4336 bh = ah;
4337 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4338 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4339 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4340 al = al + xl | 0;
4341 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4342 w8l = w8l + w1l | 0;
4343 w8h = w8h + w1h + (w8l >>> 0 < w1l >>> 0 ? 1 : 0) | 0;
4344 xl = (w9l >>> 1 | w9h << 31) ^ (w9l >>> 8 | w9h << 24) ^ (w9l >>> 7 | w9h << 25) | 0;
4345 w8l = w8l + xl | 0;
4346 w8h = w8h + ((w9h >>> 1 | w9l << 31) ^ (w9h >>> 8 | w9l << 24) ^ w9h >>> 7) + (w8l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4347 xl = (w6l >>> 19 | w6h << 13) ^ (w6l << 3 | w6h >>> 29) ^ (w6l >>> 6 | w6h << 26) | 0;
4348 w8l = w8l + xl | 0;
4349 w8h = w8h + ((w6h >>> 19 | w6l << 13) ^ (w6h << 3 | w6l >>> 29) ^ w6h >>> 6) + (w8l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4350 tl = 3999719339 + w8l | 0;
4351 th = 2554220882 + w8h + (tl >>> 0 < w8l >>> 0 ? 1 : 0) | 0;
4352 tl = tl + hl | 0;
4353 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4354 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4355 tl = tl + xl | 0;
4356 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4357 xl = gl ^ el & (fl ^ gl) | 0;
4358 tl = tl + xl | 0;
4359 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4360 hl = gl;
4361 hh = gh;
4362 gl = fl;
4363 gh = fh;
4364 fl = el;
4365 fh = eh;
4366 el = dl + tl | 0;
4367 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4368 dl = cl;
4369 dh = ch;
4370 cl = bl;
4371 ch = bh;
4372 bl = al;
4373 bh = ah;
4374 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4375 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4376 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4377 al = al + xl | 0;
4378 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4379 w9l = w9l + w2l | 0;
4380 w9h = w9h + w2h + (w9l >>> 0 < w2l >>> 0 ? 1 : 0) | 0;
4381 xl = (w10l >>> 1 | w10h << 31) ^ (w10l >>> 8 | w10h << 24) ^ (w10l >>> 7 | w10h << 25) | 0;
4382 w9l = w9l + xl | 0;
4383 w9h = w9h + ((w10h >>> 1 | w10l << 31) ^ (w10h >>> 8 | w10l << 24) ^ w10h >>> 7) + (w9l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4384 xl = (w7l >>> 19 | w7h << 13) ^ (w7l << 3 | w7h >>> 29) ^ (w7l >>> 6 | w7h << 26) | 0;
4385 w9l = w9l + xl | 0;
4386 w9h = w9h + ((w7h >>> 19 | w7l << 13) ^ (w7h << 3 | w7l >>> 29) ^ w7h >>> 6) + (w9l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4387 tl = 766784016 + w9l | 0;
4388 th = 2821834349 + w9h + (tl >>> 0 < w9l >>> 0 ? 1 : 0) | 0;
4389 tl = tl + hl | 0;
4390 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4391 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4392 tl = tl + xl | 0;
4393 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4394 xl = gl ^ el & (fl ^ gl) | 0;
4395 tl = tl + xl | 0;
4396 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4397 hl = gl;
4398 hh = gh;
4399 gl = fl;
4400 gh = fh;
4401 fl = el;
4402 fh = eh;
4403 el = dl + tl | 0;
4404 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4405 dl = cl;
4406 dh = ch;
4407 cl = bl;
4408 ch = bh;
4409 bl = al;
4410 bh = ah;
4411 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4412 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4413 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4414 al = al + xl | 0;
4415 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4416 w10l = w10l + w3l | 0;
4417 w10h = w10h + w3h + (w10l >>> 0 < w3l >>> 0 ? 1 : 0) | 0;
4418 xl = (w11l >>> 1 | w11h << 31) ^ (w11l >>> 8 | w11h << 24) ^ (w11l >>> 7 | w11h << 25) | 0;
4419 w10l = w10l + xl | 0;
4420 w10h = w10h + ((w11h >>> 1 | w11l << 31) ^ (w11h >>> 8 | w11l << 24) ^ w11h >>> 7) + (w10l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4421 xl = (w8l >>> 19 | w8h << 13) ^ (w8l << 3 | w8h >>> 29) ^ (w8l >>> 6 | w8h << 26) | 0;
4422 w10l = w10l + xl | 0;
4423 w10h = w10h + ((w8h >>> 19 | w8l << 13) ^ (w8h << 3 | w8l >>> 29) ^ w8h >>> 6) + (w10l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4424 tl = 2566594879 + w10l | 0;
4425 th = 2952996808 + w10h + (tl >>> 0 < w10l >>> 0 ? 1 : 0) | 0;
4426 tl = tl + hl | 0;
4427 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4428 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4429 tl = tl + xl | 0;
4430 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4431 xl = gl ^ el & (fl ^ gl) | 0;
4432 tl = tl + xl | 0;
4433 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4434 hl = gl;
4435 hh = gh;
4436 gl = fl;
4437 gh = fh;
4438 fl = el;
4439 fh = eh;
4440 el = dl + tl | 0;
4441 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4442 dl = cl;
4443 dh = ch;
4444 cl = bl;
4445 ch = bh;
4446 bl = al;
4447 bh = ah;
4448 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4449 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4450 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4451 al = al + xl | 0;
4452 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4453 w11l = w11l + w4l | 0;
4454 w11h = w11h + w4h + (w11l >>> 0 < w4l >>> 0 ? 1 : 0) | 0;
4455 xl = (w12l >>> 1 | w12h << 31) ^ (w12l >>> 8 | w12h << 24) ^ (w12l >>> 7 | w12h << 25) | 0;
4456 w11l = w11l + xl | 0;
4457 w11h = w11h + ((w12h >>> 1 | w12l << 31) ^ (w12h >>> 8 | w12l << 24) ^ w12h >>> 7) + (w11l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4458 xl = (w9l >>> 19 | w9h << 13) ^ (w9l << 3 | w9h >>> 29) ^ (w9l >>> 6 | w9h << 26) | 0;
4459 w11l = w11l + xl | 0;
4460 w11h = w11h + ((w9h >>> 19 | w9l << 13) ^ (w9h << 3 | w9l >>> 29) ^ w9h >>> 6) + (w11l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4461 tl = 3203337956 + w11l | 0;
4462 th = 3210313671 + w11h + (tl >>> 0 < w11l >>> 0 ? 1 : 0) | 0;
4463 tl = tl + hl | 0;
4464 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4465 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4466 tl = tl + xl | 0;
4467 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4468 xl = gl ^ el & (fl ^ gl) | 0;
4469 tl = tl + xl | 0;
4470 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4471 hl = gl;
4472 hh = gh;
4473 gl = fl;
4474 gh = fh;
4475 fl = el;
4476 fh = eh;
4477 el = dl + tl | 0;
4478 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4479 dl = cl;
4480 dh = ch;
4481 cl = bl;
4482 ch = bh;
4483 bl = al;
4484 bh = ah;
4485 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4486 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4487 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4488 al = al + xl | 0;
4489 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4490 w12l = w12l + w5l | 0;
4491 w12h = w12h + w5h + (w12l >>> 0 < w5l >>> 0 ? 1 : 0) | 0;
4492 xl = (w13l >>> 1 | w13h << 31) ^ (w13l >>> 8 | w13h << 24) ^ (w13l >>> 7 | w13h << 25) | 0;
4493 w12l = w12l + xl | 0;
4494 w12h = w12h + ((w13h >>> 1 | w13l << 31) ^ (w13h >>> 8 | w13l << 24) ^ w13h >>> 7) + (w12l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4495 xl = (w10l >>> 19 | w10h << 13) ^ (w10l << 3 | w10h >>> 29) ^ (w10l >>> 6 | w10h << 26) | 0;
4496 w12l = w12l + xl | 0;
4497 w12h = w12h + ((w10h >>> 19 | w10l << 13) ^ (w10h << 3 | w10l >>> 29) ^ w10h >>> 6) + (w12l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4498 tl = 1034457026 + w12l | 0;
4499 th = 3336571891 + w12h + (tl >>> 0 < w12l >>> 0 ? 1 : 0) | 0;
4500 tl = tl + hl | 0;
4501 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4502 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4503 tl = tl + xl | 0;
4504 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4505 xl = gl ^ el & (fl ^ gl) | 0;
4506 tl = tl + xl | 0;
4507 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4508 hl = gl;
4509 hh = gh;
4510 gl = fl;
4511 gh = fh;
4512 fl = el;
4513 fh = eh;
4514 el = dl + tl | 0;
4515 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4516 dl = cl;
4517 dh = ch;
4518 cl = bl;
4519 ch = bh;
4520 bl = al;
4521 bh = ah;
4522 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4523 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4524 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4525 al = al + xl | 0;
4526 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4527 w13l = w13l + w6l | 0;
4528 w13h = w13h + w6h + (w13l >>> 0 < w6l >>> 0 ? 1 : 0) | 0;
4529 xl = (w14l >>> 1 | w14h << 31) ^ (w14l >>> 8 | w14h << 24) ^ (w14l >>> 7 | w14h << 25) | 0;
4530 w13l = w13l + xl | 0;
4531 w13h = w13h + ((w14h >>> 1 | w14l << 31) ^ (w14h >>> 8 | w14l << 24) ^ w14h >>> 7) + (w13l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4532 xl = (w11l >>> 19 | w11h << 13) ^ (w11l << 3 | w11h >>> 29) ^ (w11l >>> 6 | w11h << 26) | 0;
4533 w13l = w13l + xl | 0;
4534 w13h = w13h + ((w11h >>> 19 | w11l << 13) ^ (w11h << 3 | w11l >>> 29) ^ w11h >>> 6) + (w13l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4535 tl = 2466948901 + w13l | 0;
4536 th = 3584528711 + w13h + (tl >>> 0 < w13l >>> 0 ? 1 : 0) | 0;
4537 tl = tl + hl | 0;
4538 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4539 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4540 tl = tl + xl | 0;
4541 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4542 xl = gl ^ el & (fl ^ gl) | 0;
4543 tl = tl + xl | 0;
4544 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4545 hl = gl;
4546 hh = gh;
4547 gl = fl;
4548 gh = fh;
4549 fl = el;
4550 fh = eh;
4551 el = dl + tl | 0;
4552 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4553 dl = cl;
4554 dh = ch;
4555 cl = bl;
4556 ch = bh;
4557 bl = al;
4558 bh = ah;
4559 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4560 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4561 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4562 al = al + xl | 0;
4563 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4564 w14l = w14l + w7l | 0;
4565 w14h = w14h + w7h + (w14l >>> 0 < w7l >>> 0 ? 1 : 0) | 0;
4566 xl = (w15l >>> 1 | w15h << 31) ^ (w15l >>> 8 | w15h << 24) ^ (w15l >>> 7 | w15h << 25) | 0;
4567 w14l = w14l + xl | 0;
4568 w14h = w14h + ((w15h >>> 1 | w15l << 31) ^ (w15h >>> 8 | w15l << 24) ^ w15h >>> 7) + (w14l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4569 xl = (w12l >>> 19 | w12h << 13) ^ (w12l << 3 | w12h >>> 29) ^ (w12l >>> 6 | w12h << 26) | 0;
4570 w14l = w14l + xl | 0;
4571 w14h = w14h + ((w12h >>> 19 | w12l << 13) ^ (w12h << 3 | w12l >>> 29) ^ w12h >>> 6) + (w14l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4572 tl = 3758326383 + w14l | 0;
4573 th = 113926993 + w14h + (tl >>> 0 < w14l >>> 0 ? 1 : 0) | 0;
4574 tl = tl + hl | 0;
4575 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4576 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4577 tl = tl + xl | 0;
4578 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4579 xl = gl ^ el & (fl ^ gl) | 0;
4580 tl = tl + xl | 0;
4581 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4582 hl = gl;
4583 hh = gh;
4584 gl = fl;
4585 gh = fh;
4586 fl = el;
4587 fh = eh;
4588 el = dl + tl | 0;
4589 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4590 dl = cl;
4591 dh = ch;
4592 cl = bl;
4593 ch = bh;
4594 bl = al;
4595 bh = ah;
4596 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4597 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4598 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4599 al = al + xl | 0;
4600 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4601 w15l = w15l + w8l | 0;
4602 w15h = w15h + w8h + (w15l >>> 0 < w8l >>> 0 ? 1 : 0) | 0;
4603 xl = (w0l >>> 1 | w0h << 31) ^ (w0l >>> 8 | w0h << 24) ^ (w0l >>> 7 | w0h << 25) | 0;
4604 w15l = w15l + xl | 0;
4605 w15h = w15h + ((w0h >>> 1 | w0l << 31) ^ (w0h >>> 8 | w0l << 24) ^ w0h >>> 7) + (w15l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4606 xl = (w13l >>> 19 | w13h << 13) ^ (w13l << 3 | w13h >>> 29) ^ (w13l >>> 6 | w13h << 26) | 0;
4607 w15l = w15l + xl | 0;
4608 w15h = w15h + ((w13h >>> 19 | w13l << 13) ^ (w13h << 3 | w13l >>> 29) ^ w13h >>> 6) + (w15l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4609 tl = 168717936 + w15l | 0;
4610 th = 338241895 + w15h + (tl >>> 0 < w15l >>> 0 ? 1 : 0) | 0;
4611 tl = tl + hl | 0;
4612 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4613 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4614 tl = tl + xl | 0;
4615 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4616 xl = gl ^ el & (fl ^ gl) | 0;
4617 tl = tl + xl | 0;
4618 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4619 hl = gl;
4620 hh = gh;
4621 gl = fl;
4622 gh = fh;
4623 fl = el;
4624 fh = eh;
4625 el = dl + tl | 0;
4626 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4627 dl = cl;
4628 dh = ch;
4629 cl = bl;
4630 ch = bh;
4631 bl = al;
4632 bh = ah;
4633 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4634 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4635 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4636 al = al + xl | 0;
4637 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4638 w0l = w0l + w9l | 0;
4639 w0h = w0h + w9h + (w0l >>> 0 < w9l >>> 0 ? 1 : 0) | 0;
4640 xl = (w1l >>> 1 | w1h << 31) ^ (w1l >>> 8 | w1h << 24) ^ (w1l >>> 7 | w1h << 25) | 0;
4641 w0l = w0l + xl | 0;
4642 w0h = w0h + ((w1h >>> 1 | w1l << 31) ^ (w1h >>> 8 | w1l << 24) ^ w1h >>> 7) + (w0l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4643 xl = (w14l >>> 19 | w14h << 13) ^ (w14l << 3 | w14h >>> 29) ^ (w14l >>> 6 | w14h << 26) | 0;
4644 w0l = w0l + xl | 0;
4645 w0h = w0h + ((w14h >>> 19 | w14l << 13) ^ (w14h << 3 | w14l >>> 29) ^ w14h >>> 6) + (w0l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4646 tl = 1188179964 + w0l | 0;
4647 th = 666307205 + w0h + (tl >>> 0 < w0l >>> 0 ? 1 : 0) | 0;
4648 tl = tl + hl | 0;
4649 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4650 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4651 tl = tl + xl | 0;
4652 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4653 xl = gl ^ el & (fl ^ gl) | 0;
4654 tl = tl + xl | 0;
4655 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4656 hl = gl;
4657 hh = gh;
4658 gl = fl;
4659 gh = fh;
4660 fl = el;
4661 fh = eh;
4662 el = dl + tl | 0;
4663 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4664 dl = cl;
4665 dh = ch;
4666 cl = bl;
4667 ch = bh;
4668 bl = al;
4669 bh = ah;
4670 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4671 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4672 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4673 al = al + xl | 0;
4674 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4675 w1l = w1l + w10l | 0;
4676 w1h = w1h + w10h + (w1l >>> 0 < w10l >>> 0 ? 1 : 0) | 0;
4677 xl = (w2l >>> 1 | w2h << 31) ^ (w2l >>> 8 | w2h << 24) ^ (w2l >>> 7 | w2h << 25) | 0;
4678 w1l = w1l + xl | 0;
4679 w1h = w1h + ((w2h >>> 1 | w2l << 31) ^ (w2h >>> 8 | w2l << 24) ^ w2h >>> 7) + (w1l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4680 xl = (w15l >>> 19 | w15h << 13) ^ (w15l << 3 | w15h >>> 29) ^ (w15l >>> 6 | w15h << 26) | 0;
4681 w1l = w1l + xl | 0;
4682 w1h = w1h + ((w15h >>> 19 | w15l << 13) ^ (w15h << 3 | w15l >>> 29) ^ w15h >>> 6) + (w1l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4683 tl = 1546045734 + w1l | 0;
4684 th = 773529912 + w1h + (tl >>> 0 < w1l >>> 0 ? 1 : 0) | 0;
4685 tl = tl + hl | 0;
4686 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4687 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4688 tl = tl + xl | 0;
4689 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4690 xl = gl ^ el & (fl ^ gl) | 0;
4691 tl = tl + xl | 0;
4692 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4693 hl = gl;
4694 hh = gh;
4695 gl = fl;
4696 gh = fh;
4697 fl = el;
4698 fh = eh;
4699 el = dl + tl | 0;
4700 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4701 dl = cl;
4702 dh = ch;
4703 cl = bl;
4704 ch = bh;
4705 bl = al;
4706 bh = ah;
4707 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4708 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4709 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4710 al = al + xl | 0;
4711 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4712 w2l = w2l + w11l | 0;
4713 w2h = w2h + w11h + (w2l >>> 0 < w11l >>> 0 ? 1 : 0) | 0;
4714 xl = (w3l >>> 1 | w3h << 31) ^ (w3l >>> 8 | w3h << 24) ^ (w3l >>> 7 | w3h << 25) | 0;
4715 w2l = w2l + xl | 0;
4716 w2h = w2h + ((w3h >>> 1 | w3l << 31) ^ (w3h >>> 8 | w3l << 24) ^ w3h >>> 7) + (w2l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4717 xl = (w0l >>> 19 | w0h << 13) ^ (w0l << 3 | w0h >>> 29) ^ (w0l >>> 6 | w0h << 26) | 0;
4718 w2l = w2l + xl | 0;
4719 w2h = w2h + ((w0h >>> 19 | w0l << 13) ^ (w0h << 3 | w0l >>> 29) ^ w0h >>> 6) + (w2l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4720 tl = 1522805485 + w2l | 0;
4721 th = 1294757372 + w2h + (tl >>> 0 < w2l >>> 0 ? 1 : 0) | 0;
4722 tl = tl + hl | 0;
4723 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4724 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4725 tl = tl + xl | 0;
4726 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4727 xl = gl ^ el & (fl ^ gl) | 0;
4728 tl = tl + xl | 0;
4729 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4730 hl = gl;
4731 hh = gh;
4732 gl = fl;
4733 gh = fh;
4734 fl = el;
4735 fh = eh;
4736 el = dl + tl | 0;
4737 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4738 dl = cl;
4739 dh = ch;
4740 cl = bl;
4741 ch = bh;
4742 bl = al;
4743 bh = ah;
4744 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4745 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4746 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4747 al = al + xl | 0;
4748 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4749 w3l = w3l + w12l | 0;
4750 w3h = w3h + w12h + (w3l >>> 0 < w12l >>> 0 ? 1 : 0) | 0;
4751 xl = (w4l >>> 1 | w4h << 31) ^ (w4l >>> 8 | w4h << 24) ^ (w4l >>> 7 | w4h << 25) | 0;
4752 w3l = w3l + xl | 0;
4753 w3h = w3h + ((w4h >>> 1 | w4l << 31) ^ (w4h >>> 8 | w4l << 24) ^ w4h >>> 7) + (w3l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4754 xl = (w1l >>> 19 | w1h << 13) ^ (w1l << 3 | w1h >>> 29) ^ (w1l >>> 6 | w1h << 26) | 0;
4755 w3l = w3l + xl | 0;
4756 w3h = w3h + ((w1h >>> 19 | w1l << 13) ^ (w1h << 3 | w1l >>> 29) ^ w1h >>> 6) + (w3l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4757 tl = 2643833823 + w3l | 0;
4758 th = 1396182291 + w3h + (tl >>> 0 < w3l >>> 0 ? 1 : 0) | 0;
4759 tl = tl + hl | 0;
4760 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4761 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4762 tl = tl + xl | 0;
4763 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4764 xl = gl ^ el & (fl ^ gl) | 0;
4765 tl = tl + xl | 0;
4766 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4767 hl = gl;
4768 hh = gh;
4769 gl = fl;
4770 gh = fh;
4771 fl = el;
4772 fh = eh;
4773 el = dl + tl | 0;
4774 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4775 dl = cl;
4776 dh = ch;
4777 cl = bl;
4778 ch = bh;
4779 bl = al;
4780 bh = ah;
4781 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4782 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4783 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4784 al = al + xl | 0;
4785 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4786 w4l = w4l + w13l | 0;
4787 w4h = w4h + w13h + (w4l >>> 0 < w13l >>> 0 ? 1 : 0) | 0;
4788 xl = (w5l >>> 1 | w5h << 31) ^ (w5l >>> 8 | w5h << 24) ^ (w5l >>> 7 | w5h << 25) | 0;
4789 w4l = w4l + xl | 0;
4790 w4h = w4h + ((w5h >>> 1 | w5l << 31) ^ (w5h >>> 8 | w5l << 24) ^ w5h >>> 7) + (w4l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4791 xl = (w2l >>> 19 | w2h << 13) ^ (w2l << 3 | w2h >>> 29) ^ (w2l >>> 6 | w2h << 26) | 0;
4792 w4l = w4l + xl | 0;
4793 w4h = w4h + ((w2h >>> 19 | w2l << 13) ^ (w2h << 3 | w2l >>> 29) ^ w2h >>> 6) + (w4l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4794 tl = 2343527390 + w4l | 0;
4795 th = 1695183700 + w4h + (tl >>> 0 < w4l >>> 0 ? 1 : 0) | 0;
4796 tl = tl + hl | 0;
4797 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4798 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4799 tl = tl + xl | 0;
4800 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4801 xl = gl ^ el & (fl ^ gl) | 0;
4802 tl = tl + xl | 0;
4803 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4804 hl = gl;
4805 hh = gh;
4806 gl = fl;
4807 gh = fh;
4808 fl = el;
4809 fh = eh;
4810 el = dl + tl | 0;
4811 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4812 dl = cl;
4813 dh = ch;
4814 cl = bl;
4815 ch = bh;
4816 bl = al;
4817 bh = ah;
4818 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4819 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4820 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4821 al = al + xl | 0;
4822 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4823 w5l = w5l + w14l | 0;
4824 w5h = w5h + w14h + (w5l >>> 0 < w14l >>> 0 ? 1 : 0) | 0;
4825 xl = (w6l >>> 1 | w6h << 31) ^ (w6l >>> 8 | w6h << 24) ^ (w6l >>> 7 | w6h << 25) | 0;
4826 w5l = w5l + xl | 0;
4827 w5h = w5h + ((w6h >>> 1 | w6l << 31) ^ (w6h >>> 8 | w6l << 24) ^ w6h >>> 7) + (w5l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4828 xl = (w3l >>> 19 | w3h << 13) ^ (w3l << 3 | w3h >>> 29) ^ (w3l >>> 6 | w3h << 26) | 0;
4829 w5l = w5l + xl | 0;
4830 w5h = w5h + ((w3h >>> 19 | w3l << 13) ^ (w3h << 3 | w3l >>> 29) ^ w3h >>> 6) + (w5l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4831 tl = 1014477480 + w5l | 0;
4832 th = 1986661051 + w5h + (tl >>> 0 < w5l >>> 0 ? 1 : 0) | 0;
4833 tl = tl + hl | 0;
4834 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4835 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4836 tl = tl + xl | 0;
4837 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4838 xl = gl ^ el & (fl ^ gl) | 0;
4839 tl = tl + xl | 0;
4840 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4841 hl = gl;
4842 hh = gh;
4843 gl = fl;
4844 gh = fh;
4845 fl = el;
4846 fh = eh;
4847 el = dl + tl | 0;
4848 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4849 dl = cl;
4850 dh = ch;
4851 cl = bl;
4852 ch = bh;
4853 bl = al;
4854 bh = ah;
4855 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4856 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4857 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4858 al = al + xl | 0;
4859 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4860 w6l = w6l + w15l | 0;
4861 w6h = w6h + w15h + (w6l >>> 0 < w15l >>> 0 ? 1 : 0) | 0;
4862 xl = (w7l >>> 1 | w7h << 31) ^ (w7l >>> 8 | w7h << 24) ^ (w7l >>> 7 | w7h << 25) | 0;
4863 w6l = w6l + xl | 0;
4864 w6h = w6h + ((w7h >>> 1 | w7l << 31) ^ (w7h >>> 8 | w7l << 24) ^ w7h >>> 7) + (w6l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4865 xl = (w4l >>> 19 | w4h << 13) ^ (w4l << 3 | w4h >>> 29) ^ (w4l >>> 6 | w4h << 26) | 0;
4866 w6l = w6l + xl | 0;
4867 w6h = w6h + ((w4h >>> 19 | w4l << 13) ^ (w4h << 3 | w4l >>> 29) ^ w4h >>> 6) + (w6l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4868 tl = 1206759142 + w6l | 0;
4869 th = 2177026350 + w6h + (tl >>> 0 < w6l >>> 0 ? 1 : 0) | 0;
4870 tl = tl + hl | 0;
4871 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4872 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4873 tl = tl + xl | 0;
4874 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4875 xl = gl ^ el & (fl ^ gl) | 0;
4876 tl = tl + xl | 0;
4877 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4878 hl = gl;
4879 hh = gh;
4880 gl = fl;
4881 gh = fh;
4882 fl = el;
4883 fh = eh;
4884 el = dl + tl | 0;
4885 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4886 dl = cl;
4887 dh = ch;
4888 cl = bl;
4889 ch = bh;
4890 bl = al;
4891 bh = ah;
4892 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4893 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4894 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4895 al = al + xl | 0;
4896 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4897 w7l = w7l + w0l | 0;
4898 w7h = w7h + w0h + (w7l >>> 0 < w0l >>> 0 ? 1 : 0) | 0;
4899 xl = (w8l >>> 1 | w8h << 31) ^ (w8l >>> 8 | w8h << 24) ^ (w8l >>> 7 | w8h << 25) | 0;
4900 w7l = w7l + xl | 0;
4901 w7h = w7h + ((w8h >>> 1 | w8l << 31) ^ (w8h >>> 8 | w8l << 24) ^ w8h >>> 7) + (w7l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4902 xl = (w5l >>> 19 | w5h << 13) ^ (w5l << 3 | w5h >>> 29) ^ (w5l >>> 6 | w5h << 26) | 0;
4903 w7l = w7l + xl | 0;
4904 w7h = w7h + ((w5h >>> 19 | w5l << 13) ^ (w5h << 3 | w5l >>> 29) ^ w5h >>> 6) + (w7l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4905 tl = 344077627 + w7l | 0;
4906 th = 2456956037 + w7h + (tl >>> 0 < w7l >>> 0 ? 1 : 0) | 0;
4907 tl = tl + hl | 0;
4908 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4909 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4910 tl = tl + xl | 0;
4911 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4912 xl = gl ^ el & (fl ^ gl) | 0;
4913 tl = tl + xl | 0;
4914 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4915 hl = gl;
4916 hh = gh;
4917 gl = fl;
4918 gh = fh;
4919 fl = el;
4920 fh = eh;
4921 el = dl + tl | 0;
4922 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4923 dl = cl;
4924 dh = ch;
4925 cl = bl;
4926 ch = bh;
4927 bl = al;
4928 bh = ah;
4929 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4930 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4931 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4932 al = al + xl | 0;
4933 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4934 w8l = w8l + w1l | 0;
4935 w8h = w8h + w1h + (w8l >>> 0 < w1l >>> 0 ? 1 : 0) | 0;
4936 xl = (w9l >>> 1 | w9h << 31) ^ (w9l >>> 8 | w9h << 24) ^ (w9l >>> 7 | w9h << 25) | 0;
4937 w8l = w8l + xl | 0;
4938 w8h = w8h + ((w9h >>> 1 | w9l << 31) ^ (w9h >>> 8 | w9l << 24) ^ w9h >>> 7) + (w8l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4939 xl = (w6l >>> 19 | w6h << 13) ^ (w6l << 3 | w6h >>> 29) ^ (w6l >>> 6 | w6h << 26) | 0;
4940 w8l = w8l + xl | 0;
4941 w8h = w8h + ((w6h >>> 19 | w6l << 13) ^ (w6h << 3 | w6l >>> 29) ^ w6h >>> 6) + (w8l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4942 tl = 1290863460 + w8l | 0;
4943 th = 2730485921 + w8h + (tl >>> 0 < w8l >>> 0 ? 1 : 0) | 0;
4944 tl = tl + hl | 0;
4945 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4946 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4947 tl = tl + xl | 0;
4948 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4949 xl = gl ^ el & (fl ^ gl) | 0;
4950 tl = tl + xl | 0;
4951 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4952 hl = gl;
4953 hh = gh;
4954 gl = fl;
4955 gh = fh;
4956 fl = el;
4957 fh = eh;
4958 el = dl + tl | 0;
4959 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4960 dl = cl;
4961 dh = ch;
4962 cl = bl;
4963 ch = bh;
4964 bl = al;
4965 bh = ah;
4966 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4967 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4968 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4969 al = al + xl | 0;
4970 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4971 w9l = w9l + w2l | 0;
4972 w9h = w9h + w2h + (w9l >>> 0 < w2l >>> 0 ? 1 : 0) | 0;
4973 xl = (w10l >>> 1 | w10h << 31) ^ (w10l >>> 8 | w10h << 24) ^ (w10l >>> 7 | w10h << 25) | 0;
4974 w9l = w9l + xl | 0;
4975 w9h = w9h + ((w10h >>> 1 | w10l << 31) ^ (w10h >>> 8 | w10l << 24) ^ w10h >>> 7) + (w9l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4976 xl = (w7l >>> 19 | w7h << 13) ^ (w7l << 3 | w7h >>> 29) ^ (w7l >>> 6 | w7h << 26) | 0;
4977 w9l = w9l + xl | 0;
4978 w9h = w9h + ((w7h >>> 19 | w7l << 13) ^ (w7h << 3 | w7l >>> 29) ^ w7h >>> 6) + (w9l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4979 tl = 3158454273 + w9l | 0;
4980 th = 2820302411 + w9h + (tl >>> 0 < w9l >>> 0 ? 1 : 0) | 0;
4981 tl = tl + hl | 0;
4982 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4983 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4984 tl = tl + xl | 0;
4985 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4986 xl = gl ^ el & (fl ^ gl) | 0;
4987 tl = tl + xl | 0;
4988 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4989 hl = gl;
4990 hh = gh;
4991 gl = fl;
4992 gh = fh;
4993 fl = el;
4994 fh = eh;
4995 el = dl + tl | 0;
4996 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4997 dl = cl;
4998 dh = ch;
4999 cl = bl;
5000 ch = bh;
5001 bl = al;
5002 bh = ah;
5003 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5004 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5005 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5006 al = al + xl | 0;
5007 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5008 w10l = w10l + w3l | 0;
5009 w10h = w10h + w3h + (w10l >>> 0 < w3l >>> 0 ? 1 : 0) | 0;
5010 xl = (w11l >>> 1 | w11h << 31) ^ (w11l >>> 8 | w11h << 24) ^ (w11l >>> 7 | w11h << 25) | 0;
5011 w10l = w10l + xl | 0;
5012 w10h = w10h + ((w11h >>> 1 | w11l << 31) ^ (w11h >>> 8 | w11l << 24) ^ w11h >>> 7) + (w10l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5013 xl = (w8l >>> 19 | w8h << 13) ^ (w8l << 3 | w8h >>> 29) ^ (w8l >>> 6 | w8h << 26) | 0;
5014 w10l = w10l + xl | 0;
5015 w10h = w10h + ((w8h >>> 19 | w8l << 13) ^ (w8h << 3 | w8l >>> 29) ^ w8h >>> 6) + (w10l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5016 tl = 3505952657 + w10l | 0;
5017 th = 3259730800 + w10h + (tl >>> 0 < w10l >>> 0 ? 1 : 0) | 0;
5018 tl = tl + hl | 0;
5019 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5020 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5021 tl = tl + xl | 0;
5022 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5023 xl = gl ^ el & (fl ^ gl) | 0;
5024 tl = tl + xl | 0;
5025 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5026 hl = gl;
5027 hh = gh;
5028 gl = fl;
5029 gh = fh;
5030 fl = el;
5031 fh = eh;
5032 el = dl + tl | 0;
5033 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5034 dl = cl;
5035 dh = ch;
5036 cl = bl;
5037 ch = bh;
5038 bl = al;
5039 bh = ah;
5040 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5041 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5042 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5043 al = al + xl | 0;
5044 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5045 w11l = w11l + w4l | 0;
5046 w11h = w11h + w4h + (w11l >>> 0 < w4l >>> 0 ? 1 : 0) | 0;
5047 xl = (w12l >>> 1 | w12h << 31) ^ (w12l >>> 8 | w12h << 24) ^ (w12l >>> 7 | w12h << 25) | 0;
5048 w11l = w11l + xl | 0;
5049 w11h = w11h + ((w12h >>> 1 | w12l << 31) ^ (w12h >>> 8 | w12l << 24) ^ w12h >>> 7) + (w11l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5050 xl = (w9l >>> 19 | w9h << 13) ^ (w9l << 3 | w9h >>> 29) ^ (w9l >>> 6 | w9h << 26) | 0;
5051 w11l = w11l + xl | 0;
5052 w11h = w11h + ((w9h >>> 19 | w9l << 13) ^ (w9h << 3 | w9l >>> 29) ^ w9h >>> 6) + (w11l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5053 tl = 106217008 + w11l | 0;
5054 th = 3345764771 + w11h + (tl >>> 0 < w11l >>> 0 ? 1 : 0) | 0;
5055 tl = tl + hl | 0;
5056 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5057 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5058 tl = tl + xl | 0;
5059 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5060 xl = gl ^ el & (fl ^ gl) | 0;
5061 tl = tl + xl | 0;
5062 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5063 hl = gl;
5064 hh = gh;
5065 gl = fl;
5066 gh = fh;
5067 fl = el;
5068 fh = eh;
5069 el = dl + tl | 0;
5070 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5071 dl = cl;
5072 dh = ch;
5073 cl = bl;
5074 ch = bh;
5075 bl = al;
5076 bh = ah;
5077 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5078 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5079 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5080 al = al + xl | 0;
5081 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5082 w12l = w12l + w5l | 0;
5083 w12h = w12h + w5h + (w12l >>> 0 < w5l >>> 0 ? 1 : 0) | 0;
5084 xl = (w13l >>> 1 | w13h << 31) ^ (w13l >>> 8 | w13h << 24) ^ (w13l >>> 7 | w13h << 25) | 0;
5085 w12l = w12l + xl | 0;
5086 w12h = w12h + ((w13h >>> 1 | w13l << 31) ^ (w13h >>> 8 | w13l << 24) ^ w13h >>> 7) + (w12l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5087 xl = (w10l >>> 19 | w10h << 13) ^ (w10l << 3 | w10h >>> 29) ^ (w10l >>> 6 | w10h << 26) | 0;
5088 w12l = w12l + xl | 0;
5089 w12h = w12h + ((w10h >>> 19 | w10l << 13) ^ (w10h << 3 | w10l >>> 29) ^ w10h >>> 6) + (w12l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5090 tl = 3606008344 + w12l | 0;
5091 th = 3516065817 + w12h + (tl >>> 0 < w12l >>> 0 ? 1 : 0) | 0;
5092 tl = tl + hl | 0;
5093 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5094 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5095 tl = tl + xl | 0;
5096 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5097 xl = gl ^ el & (fl ^ gl) | 0;
5098 tl = tl + xl | 0;
5099 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5100 hl = gl;
5101 hh = gh;
5102 gl = fl;
5103 gh = fh;
5104 fl = el;
5105 fh = eh;
5106 el = dl + tl | 0;
5107 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5108 dl = cl;
5109 dh = ch;
5110 cl = bl;
5111 ch = bh;
5112 bl = al;
5113 bh = ah;
5114 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5115 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5116 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5117 al = al + xl | 0;
5118 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5119 w13l = w13l + w6l | 0;
5120 w13h = w13h + w6h + (w13l >>> 0 < w6l >>> 0 ? 1 : 0) | 0;
5121 xl = (w14l >>> 1 | w14h << 31) ^ (w14l >>> 8 | w14h << 24) ^ (w14l >>> 7 | w14h << 25) | 0;
5122 w13l = w13l + xl | 0;
5123 w13h = w13h + ((w14h >>> 1 | w14l << 31) ^ (w14h >>> 8 | w14l << 24) ^ w14h >>> 7) + (w13l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5124 xl = (w11l >>> 19 | w11h << 13) ^ (w11l << 3 | w11h >>> 29) ^ (w11l >>> 6 | w11h << 26) | 0;
5125 w13l = w13l + xl | 0;
5126 w13h = w13h + ((w11h >>> 19 | w11l << 13) ^ (w11h << 3 | w11l >>> 29) ^ w11h >>> 6) + (w13l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5127 tl = 1432725776 + w13l | 0;
5128 th = 3600352804 + w13h + (tl >>> 0 < w13l >>> 0 ? 1 : 0) | 0;
5129 tl = tl + hl | 0;
5130 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5131 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5132 tl = tl + xl | 0;
5133 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5134 xl = gl ^ el & (fl ^ gl) | 0;
5135 tl = tl + xl | 0;
5136 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5137 hl = gl;
5138 hh = gh;
5139 gl = fl;
5140 gh = fh;
5141 fl = el;
5142 fh = eh;
5143 el = dl + tl | 0;
5144 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5145 dl = cl;
5146 dh = ch;
5147 cl = bl;
5148 ch = bh;
5149 bl = al;
5150 bh = ah;
5151 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5152 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5153 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5154 al = al + xl | 0;
5155 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5156 w14l = w14l + w7l | 0;
5157 w14h = w14h + w7h + (w14l >>> 0 < w7l >>> 0 ? 1 : 0) | 0;
5158 xl = (w15l >>> 1 | w15h << 31) ^ (w15l >>> 8 | w15h << 24) ^ (w15l >>> 7 | w15h << 25) | 0;
5159 w14l = w14l + xl | 0;
5160 w14h = w14h + ((w15h >>> 1 | w15l << 31) ^ (w15h >>> 8 | w15l << 24) ^ w15h >>> 7) + (w14l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5161 xl = (w12l >>> 19 | w12h << 13) ^ (w12l << 3 | w12h >>> 29) ^ (w12l >>> 6 | w12h << 26) | 0;
5162 w14l = w14l + xl | 0;
5163 w14h = w14h + ((w12h >>> 19 | w12l << 13) ^ (w12h << 3 | w12l >>> 29) ^ w12h >>> 6) + (w14l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5164 tl = 1467031594 + w14l | 0;
5165 th = 4094571909 + w14h + (tl >>> 0 < w14l >>> 0 ? 1 : 0) | 0;
5166 tl = tl + hl | 0;
5167 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5168 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5169 tl = tl + xl | 0;
5170 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5171 xl = gl ^ el & (fl ^ gl) | 0;
5172 tl = tl + xl | 0;
5173 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5174 hl = gl;
5175 hh = gh;
5176 gl = fl;
5177 gh = fh;
5178 fl = el;
5179 fh = eh;
5180 el = dl + tl | 0;
5181 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5182 dl = cl;
5183 dh = ch;
5184 cl = bl;
5185 ch = bh;
5186 bl = al;
5187 bh = ah;
5188 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5189 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5190 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5191 al = al + xl | 0;
5192 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5193 w15l = w15l + w8l | 0;
5194 w15h = w15h + w8h + (w15l >>> 0 < w8l >>> 0 ? 1 : 0) | 0;
5195 xl = (w0l >>> 1 | w0h << 31) ^ (w0l >>> 8 | w0h << 24) ^ (w0l >>> 7 | w0h << 25) | 0;
5196 w15l = w15l + xl | 0;
5197 w15h = w15h + ((w0h >>> 1 | w0l << 31) ^ (w0h >>> 8 | w0l << 24) ^ w0h >>> 7) + (w15l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5198 xl = (w13l >>> 19 | w13h << 13) ^ (w13l << 3 | w13h >>> 29) ^ (w13l >>> 6 | w13h << 26) | 0;
5199 w15l = w15l + xl | 0;
5200 w15h = w15h + ((w13h >>> 19 | w13l << 13) ^ (w13h << 3 | w13l >>> 29) ^ w13h >>> 6) + (w15l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5201 tl = 851169720 + w15l | 0;
5202 th = 275423344 + w15h + (tl >>> 0 < w15l >>> 0 ? 1 : 0) | 0;
5203 tl = tl + hl | 0;
5204 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5205 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5206 tl = tl + xl | 0;
5207 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5208 xl = gl ^ el & (fl ^ gl) | 0;
5209 tl = tl + xl | 0;
5210 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5211 hl = gl;
5212 hh = gh;
5213 gl = fl;
5214 gh = fh;
5215 fl = el;
5216 fh = eh;
5217 el = dl + tl | 0;
5218 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5219 dl = cl;
5220 dh = ch;
5221 cl = bl;
5222 ch = bh;
5223 bl = al;
5224 bh = ah;
5225 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5226 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5227 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5228 al = al + xl | 0;
5229 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5230 w0l = w0l + w9l | 0;
5231 w0h = w0h + w9h + (w0l >>> 0 < w9l >>> 0 ? 1 : 0) | 0;
5232 xl = (w1l >>> 1 | w1h << 31) ^ (w1l >>> 8 | w1h << 24) ^ (w1l >>> 7 | w1h << 25) | 0;
5233 w0l = w0l + xl | 0;
5234 w0h = w0h + ((w1h >>> 1 | w1l << 31) ^ (w1h >>> 8 | w1l << 24) ^ w1h >>> 7) + (w0l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5235 xl = (w14l >>> 19 | w14h << 13) ^ (w14l << 3 | w14h >>> 29) ^ (w14l >>> 6 | w14h << 26) | 0;
5236 w0l = w0l + xl | 0;
5237 w0h = w0h + ((w14h >>> 19 | w14l << 13) ^ (w14h << 3 | w14l >>> 29) ^ w14h >>> 6) + (w0l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5238 tl = 3100823752 + w0l | 0;
5239 th = 430227734 + w0h + (tl >>> 0 < w0l >>> 0 ? 1 : 0) | 0;
5240 tl = tl + hl | 0;
5241 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5242 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5243 tl = tl + xl | 0;
5244 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5245 xl = gl ^ el & (fl ^ gl) | 0;
5246 tl = tl + xl | 0;
5247 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5248 hl = gl;
5249 hh = gh;
5250 gl = fl;
5251 gh = fh;
5252 fl = el;
5253 fh = eh;
5254 el = dl + tl | 0;
5255 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5256 dl = cl;
5257 dh = ch;
5258 cl = bl;
5259 ch = bh;
5260 bl = al;
5261 bh = ah;
5262 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5263 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5264 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5265 al = al + xl | 0;
5266 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5267 w1l = w1l + w10l | 0;
5268 w1h = w1h + w10h + (w1l >>> 0 < w10l >>> 0 ? 1 : 0) | 0;
5269 xl = (w2l >>> 1 | w2h << 31) ^ (w2l >>> 8 | w2h << 24) ^ (w2l >>> 7 | w2h << 25) | 0;
5270 w1l = w1l + xl | 0;
5271 w1h = w1h + ((w2h >>> 1 | w2l << 31) ^ (w2h >>> 8 | w2l << 24) ^ w2h >>> 7) + (w1l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5272 xl = (w15l >>> 19 | w15h << 13) ^ (w15l << 3 | w15h >>> 29) ^ (w15l >>> 6 | w15h << 26) | 0;
5273 w1l = w1l + xl | 0;
5274 w1h = w1h + ((w15h >>> 19 | w15l << 13) ^ (w15h << 3 | w15l >>> 29) ^ w15h >>> 6) + (w1l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5275 tl = 1363258195 + w1l | 0;
5276 th = 506948616 + w1h + (tl >>> 0 < w1l >>> 0 ? 1 : 0) | 0;
5277 tl = tl + hl | 0;
5278 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5279 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5280 tl = tl + xl | 0;
5281 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5282 xl = gl ^ el & (fl ^ gl) | 0;
5283 tl = tl + xl | 0;
5284 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5285 hl = gl;
5286 hh = gh;
5287 gl = fl;
5288 gh = fh;
5289 fl = el;
5290 fh = eh;
5291 el = dl + tl | 0;
5292 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5293 dl = cl;
5294 dh = ch;
5295 cl = bl;
5296 ch = bh;
5297 bl = al;
5298 bh = ah;
5299 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5300 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5301 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5302 al = al + xl | 0;
5303 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5304 w2l = w2l + w11l | 0;
5305 w2h = w2h + w11h + (w2l >>> 0 < w11l >>> 0 ? 1 : 0) | 0;
5306 xl = (w3l >>> 1 | w3h << 31) ^ (w3l >>> 8 | w3h << 24) ^ (w3l >>> 7 | w3h << 25) | 0;
5307 w2l = w2l + xl | 0;
5308 w2h = w2h + ((w3h >>> 1 | w3l << 31) ^ (w3h >>> 8 | w3l << 24) ^ w3h >>> 7) + (w2l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5309 xl = (w0l >>> 19 | w0h << 13) ^ (w0l << 3 | w0h >>> 29) ^ (w0l >>> 6 | w0h << 26) | 0;
5310 w2l = w2l + xl | 0;
5311 w2h = w2h + ((w0h >>> 19 | w0l << 13) ^ (w0h << 3 | w0l >>> 29) ^ w0h >>> 6) + (w2l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5312 tl = 3750685593 + w2l | 0;
5313 th = 659060556 + w2h + (tl >>> 0 < w2l >>> 0 ? 1 : 0) | 0;
5314 tl = tl + hl | 0;
5315 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5316 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5317 tl = tl + xl | 0;
5318 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5319 xl = gl ^ el & (fl ^ gl) | 0;
5320 tl = tl + xl | 0;
5321 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5322 hl = gl;
5323 hh = gh;
5324 gl = fl;
5325 gh = fh;
5326 fl = el;
5327 fh = eh;
5328 el = dl + tl | 0;
5329 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5330 dl = cl;
5331 dh = ch;
5332 cl = bl;
5333 ch = bh;
5334 bl = al;
5335 bh = ah;
5336 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5337 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5338 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5339 al = al + xl | 0;
5340 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5341 w3l = w3l + w12l | 0;
5342 w3h = w3h + w12h + (w3l >>> 0 < w12l >>> 0 ? 1 : 0) | 0;
5343 xl = (w4l >>> 1 | w4h << 31) ^ (w4l >>> 8 | w4h << 24) ^ (w4l >>> 7 | w4h << 25) | 0;
5344 w3l = w3l + xl | 0;
5345 w3h = w3h + ((w4h >>> 1 | w4l << 31) ^ (w4h >>> 8 | w4l << 24) ^ w4h >>> 7) + (w3l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5346 xl = (w1l >>> 19 | w1h << 13) ^ (w1l << 3 | w1h >>> 29) ^ (w1l >>> 6 | w1h << 26) | 0;
5347 w3l = w3l + xl | 0;
5348 w3h = w3h + ((w1h >>> 19 | w1l << 13) ^ (w1h << 3 | w1l >>> 29) ^ w1h >>> 6) + (w3l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5349 tl = 3785050280 + w3l | 0;
5350 th = 883997877 + w3h + (tl >>> 0 < w3l >>> 0 ? 1 : 0) | 0;
5351 tl = tl + hl | 0;
5352 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5353 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5354 tl = tl + xl | 0;
5355 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5356 xl = gl ^ el & (fl ^ gl) | 0;
5357 tl = tl + xl | 0;
5358 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5359 hl = gl;
5360 hh = gh;
5361 gl = fl;
5362 gh = fh;
5363 fl = el;
5364 fh = eh;
5365 el = dl + tl | 0;
5366 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5367 dl = cl;
5368 dh = ch;
5369 cl = bl;
5370 ch = bh;
5371 bl = al;
5372 bh = ah;
5373 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5374 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5375 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5376 al = al + xl | 0;
5377 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5378 w4l = w4l + w13l | 0;
5379 w4h = w4h + w13h + (w4l >>> 0 < w13l >>> 0 ? 1 : 0) | 0;
5380 xl = (w5l >>> 1 | w5h << 31) ^ (w5l >>> 8 | w5h << 24) ^ (w5l >>> 7 | w5h << 25) | 0;
5381 w4l = w4l + xl | 0;
5382 w4h = w4h + ((w5h >>> 1 | w5l << 31) ^ (w5h >>> 8 | w5l << 24) ^ w5h >>> 7) + (w4l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5383 xl = (w2l >>> 19 | w2h << 13) ^ (w2l << 3 | w2h >>> 29) ^ (w2l >>> 6 | w2h << 26) | 0;
5384 w4l = w4l + xl | 0;
5385 w4h = w4h + ((w2h >>> 19 | w2l << 13) ^ (w2h << 3 | w2l >>> 29) ^ w2h >>> 6) + (w4l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5386 tl = 3318307427 + w4l | 0;
5387 th = 958139571 + w4h + (tl >>> 0 < w4l >>> 0 ? 1 : 0) | 0;
5388 tl = tl + hl | 0;
5389 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5390 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5391 tl = tl + xl | 0;
5392 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5393 xl = gl ^ el & (fl ^ gl) | 0;
5394 tl = tl + xl | 0;
5395 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5396 hl = gl;
5397 hh = gh;
5398 gl = fl;
5399 gh = fh;
5400 fl = el;
5401 fh = eh;
5402 el = dl + tl | 0;
5403 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5404 dl = cl;
5405 dh = ch;
5406 cl = bl;
5407 ch = bh;
5408 bl = al;
5409 bh = ah;
5410 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5411 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5412 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5413 al = al + xl | 0;
5414 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5415 w5l = w5l + w14l | 0;
5416 w5h = w5h + w14h + (w5l >>> 0 < w14l >>> 0 ? 1 : 0) | 0;
5417 xl = (w6l >>> 1 | w6h << 31) ^ (w6l >>> 8 | w6h << 24) ^ (w6l >>> 7 | w6h << 25) | 0;
5418 w5l = w5l + xl | 0;
5419 w5h = w5h + ((w6h >>> 1 | w6l << 31) ^ (w6h >>> 8 | w6l << 24) ^ w6h >>> 7) + (w5l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5420 xl = (w3l >>> 19 | w3h << 13) ^ (w3l << 3 | w3h >>> 29) ^ (w3l >>> 6 | w3h << 26) | 0;
5421 w5l = w5l + xl | 0;
5422 w5h = w5h + ((w3h >>> 19 | w3l << 13) ^ (w3h << 3 | w3l >>> 29) ^ w3h >>> 6) + (w5l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5423 tl = 3812723403 + w5l | 0;
5424 th = 1322822218 + w5h + (tl >>> 0 < w5l >>> 0 ? 1 : 0) | 0;
5425 tl = tl + hl | 0;
5426 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5427 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5428 tl = tl + xl | 0;
5429 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5430 xl = gl ^ el & (fl ^ gl) | 0;
5431 tl = tl + xl | 0;
5432 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5433 hl = gl;
5434 hh = gh;
5435 gl = fl;
5436 gh = fh;
5437 fl = el;
5438 fh = eh;
5439 el = dl + tl | 0;
5440 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5441 dl = cl;
5442 dh = ch;
5443 cl = bl;
5444 ch = bh;
5445 bl = al;
5446 bh = ah;
5447 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5448 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5449 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5450 al = al + xl | 0;
5451 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5452 w6l = w6l + w15l | 0;
5453 w6h = w6h + w15h + (w6l >>> 0 < w15l >>> 0 ? 1 : 0) | 0;
5454 xl = (w7l >>> 1 | w7h << 31) ^ (w7l >>> 8 | w7h << 24) ^ (w7l >>> 7 | w7h << 25) | 0;
5455 w6l = w6l + xl | 0;
5456 w6h = w6h + ((w7h >>> 1 | w7l << 31) ^ (w7h >>> 8 | w7l << 24) ^ w7h >>> 7) + (w6l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5457 xl = (w4l >>> 19 | w4h << 13) ^ (w4l << 3 | w4h >>> 29) ^ (w4l >>> 6 | w4h << 26) | 0;
5458 w6l = w6l + xl | 0;
5459 w6h = w6h + ((w4h >>> 19 | w4l << 13) ^ (w4h << 3 | w4l >>> 29) ^ w4h >>> 6) + (w6l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5460 tl = 2003034995 + w6l | 0;
5461 th = 1537002063 + w6h + (tl >>> 0 < w6l >>> 0 ? 1 : 0) | 0;
5462 tl = tl + hl | 0;
5463 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5464 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5465 tl = tl + xl | 0;
5466 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5467 xl = gl ^ el & (fl ^ gl) | 0;
5468 tl = tl + xl | 0;
5469 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5470 hl = gl;
5471 hh = gh;
5472 gl = fl;
5473 gh = fh;
5474 fl = el;
5475 fh = eh;
5476 el = dl + tl | 0;
5477 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5478 dl = cl;
5479 dh = ch;
5480 cl = bl;
5481 ch = bh;
5482 bl = al;
5483 bh = ah;
5484 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5485 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5486 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5487 al = al + xl | 0;
5488 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5489 w7l = w7l + w0l | 0;
5490 w7h = w7h + w0h + (w7l >>> 0 < w0l >>> 0 ? 1 : 0) | 0;
5491 xl = (w8l >>> 1 | w8h << 31) ^ (w8l >>> 8 | w8h << 24) ^ (w8l >>> 7 | w8h << 25) | 0;
5492 w7l = w7l + xl | 0;
5493 w7h = w7h + ((w8h >>> 1 | w8l << 31) ^ (w8h >>> 8 | w8l << 24) ^ w8h >>> 7) + (w7l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5494 xl = (w5l >>> 19 | w5h << 13) ^ (w5l << 3 | w5h >>> 29) ^ (w5l >>> 6 | w5h << 26) | 0;
5495 w7l = w7l + xl | 0;
5496 w7h = w7h + ((w5h >>> 19 | w5l << 13) ^ (w5h << 3 | w5l >>> 29) ^ w5h >>> 6) + (w7l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5497 tl = 3602036899 + w7l | 0;
5498 th = 1747873779 + w7h + (tl >>> 0 < w7l >>> 0 ? 1 : 0) | 0;
5499 tl = tl + hl | 0;
5500 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5501 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5502 tl = tl + xl | 0;
5503 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5504 xl = gl ^ el & (fl ^ gl) | 0;
5505 tl = tl + xl | 0;
5506 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5507 hl = gl;
5508 hh = gh;
5509 gl = fl;
5510 gh = fh;
5511 fl = el;
5512 fh = eh;
5513 el = dl + tl | 0;
5514 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5515 dl = cl;
5516 dh = ch;
5517 cl = bl;
5518 ch = bh;
5519 bl = al;
5520 bh = ah;
5521 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5522 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5523 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5524 al = al + xl | 0;
5525 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5526 w8l = w8l + w1l | 0;
5527 w8h = w8h + w1h + (w8l >>> 0 < w1l >>> 0 ? 1 : 0) | 0;
5528 xl = (w9l >>> 1 | w9h << 31) ^ (w9l >>> 8 | w9h << 24) ^ (w9l >>> 7 | w9h << 25) | 0;
5529 w8l = w8l + xl | 0;
5530 w8h = w8h + ((w9h >>> 1 | w9l << 31) ^ (w9h >>> 8 | w9l << 24) ^ w9h >>> 7) + (w8l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5531 xl = (w6l >>> 19 | w6h << 13) ^ (w6l << 3 | w6h >>> 29) ^ (w6l >>> 6 | w6h << 26) | 0;
5532 w8l = w8l + xl | 0;
5533 w8h = w8h + ((w6h >>> 19 | w6l << 13) ^ (w6h << 3 | w6l >>> 29) ^ w6h >>> 6) + (w8l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5534 tl = 1575990012 + w8l | 0;
5535 th = 1955562222 + w8h + (tl >>> 0 < w8l >>> 0 ? 1 : 0) | 0;
5536 tl = tl + hl | 0;
5537 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5538 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5539 tl = tl + xl | 0;
5540 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5541 xl = gl ^ el & (fl ^ gl) | 0;
5542 tl = tl + xl | 0;
5543 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5544 hl = gl;
5545 hh = gh;
5546 gl = fl;
5547 gh = fh;
5548 fl = el;
5549 fh = eh;
5550 el = dl + tl | 0;
5551 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5552 dl = cl;
5553 dh = ch;
5554 cl = bl;
5555 ch = bh;
5556 bl = al;
5557 bh = ah;
5558 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5559 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5560 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5561 al = al + xl | 0;
5562 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5563 w9l = w9l + w2l | 0;
5564 w9h = w9h + w2h + (w9l >>> 0 < w2l >>> 0 ? 1 : 0) | 0;
5565 xl = (w10l >>> 1 | w10h << 31) ^ (w10l >>> 8 | w10h << 24) ^ (w10l >>> 7 | w10h << 25) | 0;
5566 w9l = w9l + xl | 0;
5567 w9h = w9h + ((w10h >>> 1 | w10l << 31) ^ (w10h >>> 8 | w10l << 24) ^ w10h >>> 7) + (w9l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5568 xl = (w7l >>> 19 | w7h << 13) ^ (w7l << 3 | w7h >>> 29) ^ (w7l >>> 6 | w7h << 26) | 0;
5569 w9l = w9l + xl | 0;
5570 w9h = w9h + ((w7h >>> 19 | w7l << 13) ^ (w7h << 3 | w7l >>> 29) ^ w7h >>> 6) + (w9l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5571 tl = 1125592928 + w9l | 0;
5572 th = 2024104815 + w9h + (tl >>> 0 < w9l >>> 0 ? 1 : 0) | 0;
5573 tl = tl + hl | 0;
5574 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5575 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5576 tl = tl + xl | 0;
5577 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5578 xl = gl ^ el & (fl ^ gl) | 0;
5579 tl = tl + xl | 0;
5580 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5581 hl = gl;
5582 hh = gh;
5583 gl = fl;
5584 gh = fh;
5585 fl = el;
5586 fh = eh;
5587 el = dl + tl | 0;
5588 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5589 dl = cl;
5590 dh = ch;
5591 cl = bl;
5592 ch = bh;
5593 bl = al;
5594 bh = ah;
5595 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5596 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5597 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5598 al = al + xl | 0;
5599 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5600 w10l = w10l + w3l | 0;
5601 w10h = w10h + w3h + (w10l >>> 0 < w3l >>> 0 ? 1 : 0) | 0;
5602 xl = (w11l >>> 1 | w11h << 31) ^ (w11l >>> 8 | w11h << 24) ^ (w11l >>> 7 | w11h << 25) | 0;
5603 w10l = w10l + xl | 0;
5604 w10h = w10h + ((w11h >>> 1 | w11l << 31) ^ (w11h >>> 8 | w11l << 24) ^ w11h >>> 7) + (w10l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5605 xl = (w8l >>> 19 | w8h << 13) ^ (w8l << 3 | w8h >>> 29) ^ (w8l >>> 6 | w8h << 26) | 0;
5606 w10l = w10l + xl | 0;
5607 w10h = w10h + ((w8h >>> 19 | w8l << 13) ^ (w8h << 3 | w8l >>> 29) ^ w8h >>> 6) + (w10l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5608 tl = 2716904306 + w10l | 0;
5609 th = 2227730452 + w10h + (tl >>> 0 < w10l >>> 0 ? 1 : 0) | 0;
5610 tl = tl + hl | 0;
5611 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5612 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5613 tl = tl + xl | 0;
5614 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5615 xl = gl ^ el & (fl ^ gl) | 0;
5616 tl = tl + xl | 0;
5617 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5618 hl = gl;
5619 hh = gh;
5620 gl = fl;
5621 gh = fh;
5622 fl = el;
5623 fh = eh;
5624 el = dl + tl | 0;
5625 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5626 dl = cl;
5627 dh = ch;
5628 cl = bl;
5629 ch = bh;
5630 bl = al;
5631 bh = ah;
5632 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5633 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5634 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5635 al = al + xl | 0;
5636 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5637 w11l = w11l + w4l | 0;
5638 w11h = w11h + w4h + (w11l >>> 0 < w4l >>> 0 ? 1 : 0) | 0;
5639 xl = (w12l >>> 1 | w12h << 31) ^ (w12l >>> 8 | w12h << 24) ^ (w12l >>> 7 | w12h << 25) | 0;
5640 w11l = w11l + xl | 0;
5641 w11h = w11h + ((w12h >>> 1 | w12l << 31) ^ (w12h >>> 8 | w12l << 24) ^ w12h >>> 7) + (w11l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5642 xl = (w9l >>> 19 | w9h << 13) ^ (w9l << 3 | w9h >>> 29) ^ (w9l >>> 6 | w9h << 26) | 0;
5643 w11l = w11l + xl | 0;
5644 w11h = w11h + ((w9h >>> 19 | w9l << 13) ^ (w9h << 3 | w9l >>> 29) ^ w9h >>> 6) + (w11l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5645 tl = 442776044 + w11l | 0;
5646 th = 2361852424 + w11h + (tl >>> 0 < w11l >>> 0 ? 1 : 0) | 0;
5647 tl = tl + hl | 0;
5648 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5649 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5650 tl = tl + xl | 0;
5651 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5652 xl = gl ^ el & (fl ^ gl) | 0;
5653 tl = tl + xl | 0;
5654 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5655 hl = gl;
5656 hh = gh;
5657 gl = fl;
5658 gh = fh;
5659 fl = el;
5660 fh = eh;
5661 el = dl + tl | 0;
5662 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5663 dl = cl;
5664 dh = ch;
5665 cl = bl;
5666 ch = bh;
5667 bl = al;
5668 bh = ah;
5669 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5670 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5671 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5672 al = al + xl | 0;
5673 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5674 w12l = w12l + w5l | 0;
5675 w12h = w12h + w5h + (w12l >>> 0 < w5l >>> 0 ? 1 : 0) | 0;
5676 xl = (w13l >>> 1 | w13h << 31) ^ (w13l >>> 8 | w13h << 24) ^ (w13l >>> 7 | w13h << 25) | 0;
5677 w12l = w12l + xl | 0;
5678 w12h = w12h + ((w13h >>> 1 | w13l << 31) ^ (w13h >>> 8 | w13l << 24) ^ w13h >>> 7) + (w12l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5679 xl = (w10l >>> 19 | w10h << 13) ^ (w10l << 3 | w10h >>> 29) ^ (w10l >>> 6 | w10h << 26) | 0;
5680 w12l = w12l + xl | 0;
5681 w12h = w12h + ((w10h >>> 19 | w10l << 13) ^ (w10h << 3 | w10l >>> 29) ^ w10h >>> 6) + (w12l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5682 tl = 593698344 + w12l | 0;
5683 th = 2428436474 + w12h + (tl >>> 0 < w12l >>> 0 ? 1 : 0) | 0;
5684 tl = tl + hl | 0;
5685 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5686 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5687 tl = tl + xl | 0;
5688 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5689 xl = gl ^ el & (fl ^ gl) | 0;
5690 tl = tl + xl | 0;
5691 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5692 hl = gl;
5693 hh = gh;
5694 gl = fl;
5695 gh = fh;
5696 fl = el;
5697 fh = eh;
5698 el = dl + tl | 0;
5699 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5700 dl = cl;
5701 dh = ch;
5702 cl = bl;
5703 ch = bh;
5704 bl = al;
5705 bh = ah;
5706 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5707 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5708 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5709 al = al + xl | 0;
5710 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5711 w13l = w13l + w6l | 0;
5712 w13h = w13h + w6h + (w13l >>> 0 < w6l >>> 0 ? 1 : 0) | 0;
5713 xl = (w14l >>> 1 | w14h << 31) ^ (w14l >>> 8 | w14h << 24) ^ (w14l >>> 7 | w14h << 25) | 0;
5714 w13l = w13l + xl | 0;
5715 w13h = w13h + ((w14h >>> 1 | w14l << 31) ^ (w14h >>> 8 | w14l << 24) ^ w14h >>> 7) + (w13l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5716 xl = (w11l >>> 19 | w11h << 13) ^ (w11l << 3 | w11h >>> 29) ^ (w11l >>> 6 | w11h << 26) | 0;
5717 w13l = w13l + xl | 0;
5718 w13h = w13h + ((w11h >>> 19 | w11l << 13) ^ (w11h << 3 | w11l >>> 29) ^ w11h >>> 6) + (w13l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5719 tl = 3733110249 + w13l | 0;
5720 th = 2756734187 + w13h + (tl >>> 0 < w13l >>> 0 ? 1 : 0) | 0;
5721 tl = tl + hl | 0;
5722 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5723 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5724 tl = tl + xl | 0;
5725 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5726 xl = gl ^ el & (fl ^ gl) | 0;
5727 tl = tl + xl | 0;
5728 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5729 hl = gl;
5730 hh = gh;
5731 gl = fl;
5732 gh = fh;
5733 fl = el;
5734 fh = eh;
5735 el = dl + tl | 0;
5736 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5737 dl = cl;
5738 dh = ch;
5739 cl = bl;
5740 ch = bh;
5741 bl = al;
5742 bh = ah;
5743 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5744 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5745 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5746 al = al + xl | 0;
5747 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5748 w14l = w14l + w7l | 0;
5749 w14h = w14h + w7h + (w14l >>> 0 < w7l >>> 0 ? 1 : 0) | 0;
5750 xl = (w15l >>> 1 | w15h << 31) ^ (w15l >>> 8 | w15h << 24) ^ (w15l >>> 7 | w15h << 25) | 0;
5751 w14l = w14l + xl | 0;
5752 w14h = w14h + ((w15h >>> 1 | w15l << 31) ^ (w15h >>> 8 | w15l << 24) ^ w15h >>> 7) + (w14l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5753 xl = (w12l >>> 19 | w12h << 13) ^ (w12l << 3 | w12h >>> 29) ^ (w12l >>> 6 | w12h << 26) | 0;
5754 w14l = w14l + xl | 0;
5755 w14h = w14h + ((w12h >>> 19 | w12l << 13) ^ (w12h << 3 | w12l >>> 29) ^ w12h >>> 6) + (w14l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5756 tl = 2999351573 + w14l | 0;
5757 th = 3204031479 + w14h + (tl >>> 0 < w14l >>> 0 ? 1 : 0) | 0;
5758 tl = tl + hl | 0;
5759 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5760 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5761 tl = tl + xl | 0;
5762 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5763 xl = gl ^ el & (fl ^ gl) | 0;
5764 tl = tl + xl | 0;
5765 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5766 hl = gl;
5767 hh = gh;
5768 gl = fl;
5769 gh = fh;
5770 fl = el;
5771 fh = eh;
5772 el = dl + tl | 0;
5773 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5774 dl = cl;
5775 dh = ch;
5776 cl = bl;
5777 ch = bh;
5778 bl = al;
5779 bh = ah;
5780 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5781 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5782 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5783 al = al + xl | 0;
5784 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5785 w15l = w15l + w8l | 0;
5786 w15h = w15h + w8h + (w15l >>> 0 < w8l >>> 0 ? 1 : 0) | 0;
5787 xl = (w0l >>> 1 | w0h << 31) ^ (w0l >>> 8 | w0h << 24) ^ (w0l >>> 7 | w0h << 25) | 0;
5788 w15l = w15l + xl | 0;
5789 w15h = w15h + ((w0h >>> 1 | w0l << 31) ^ (w0h >>> 8 | w0l << 24) ^ w0h >>> 7) + (w15l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5790 xl = (w13l >>> 19 | w13h << 13) ^ (w13l << 3 | w13h >>> 29) ^ (w13l >>> 6 | w13h << 26) | 0;
5791 w15l = w15l + xl | 0;
5792 w15h = w15h + ((w13h >>> 19 | w13l << 13) ^ (w13h << 3 | w13l >>> 29) ^ w13h >>> 6) + (w15l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5793 tl = 3815920427 + w15l | 0;
5794 th = 3329325298 + w15h + (tl >>> 0 < w15l >>> 0 ? 1 : 0) | 0;
5795 tl = tl + hl | 0;
5796 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5797 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5798 tl = tl + xl | 0;
5799 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5800 xl = gl ^ el & (fl ^ gl) | 0;
5801 tl = tl + xl | 0;
5802 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5803 hl = gl;
5804 hh = gh;
5805 gl = fl;
5806 gh = fh;
5807 fl = el;
5808 fh = eh;
5809 el = dl + tl | 0;
5810 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5811 dl = cl;
5812 dh = ch;
5813 cl = bl;
5814 ch = bh;
5815 bl = al;
5816 bh = ah;
5817 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5818 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5819 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5820 al = al + xl | 0;
5821 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5822 w0l = w0l + w9l | 0;
5823 w0h = w0h + w9h + (w0l >>> 0 < w9l >>> 0 ? 1 : 0) | 0;
5824 xl = (w1l >>> 1 | w1h << 31) ^ (w1l >>> 8 | w1h << 24) ^ (w1l >>> 7 | w1h << 25) | 0;
5825 w0l = w0l + xl | 0;
5826 w0h = w0h + ((w1h >>> 1 | w1l << 31) ^ (w1h >>> 8 | w1l << 24) ^ w1h >>> 7) + (w0l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5827 xl = (w14l >>> 19 | w14h << 13) ^ (w14l << 3 | w14h >>> 29) ^ (w14l >>> 6 | w14h << 26) | 0;
5828 w0l = w0l + xl | 0;
5829 w0h = w0h + ((w14h >>> 19 | w14l << 13) ^ (w14h << 3 | w14l >>> 29) ^ w14h >>> 6) + (w0l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5830 tl = 3928383900 + w0l | 0;
5831 th = 3391569614 + w0h + (tl >>> 0 < w0l >>> 0 ? 1 : 0) | 0;
5832 tl = tl + hl | 0;
5833 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5834 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5835 tl = tl + xl | 0;
5836 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5837 xl = gl ^ el & (fl ^ gl) | 0;
5838 tl = tl + xl | 0;
5839 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5840 hl = gl;
5841 hh = gh;
5842 gl = fl;
5843 gh = fh;
5844 fl = el;
5845 fh = eh;
5846 el = dl + tl | 0;
5847 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5848 dl = cl;
5849 dh = ch;
5850 cl = bl;
5851 ch = bh;
5852 bl = al;
5853 bh = ah;
5854 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5855 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5856 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5857 al = al + xl | 0;
5858 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5859 w1l = w1l + w10l | 0;
5860 w1h = w1h + w10h + (w1l >>> 0 < w10l >>> 0 ? 1 : 0) | 0;
5861 xl = (w2l >>> 1 | w2h << 31) ^ (w2l >>> 8 | w2h << 24) ^ (w2l >>> 7 | w2h << 25) | 0;
5862 w1l = w1l + xl | 0;
5863 w1h = w1h + ((w2h >>> 1 | w2l << 31) ^ (w2h >>> 8 | w2l << 24) ^ w2h >>> 7) + (w1l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5864 xl = (w15l >>> 19 | w15h << 13) ^ (w15l << 3 | w15h >>> 29) ^ (w15l >>> 6 | w15h << 26) | 0;
5865 w1l = w1l + xl | 0;
5866 w1h = w1h + ((w15h >>> 19 | w15l << 13) ^ (w15h << 3 | w15l >>> 29) ^ w15h >>> 6) + (w1l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5867 tl = 566280711 + w1l | 0;
5868 th = 3515267271 + w1h + (tl >>> 0 < w1l >>> 0 ? 1 : 0) | 0;
5869 tl = tl + hl | 0;
5870 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5871 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5872 tl = tl + xl | 0;
5873 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5874 xl = gl ^ el & (fl ^ gl) | 0;
5875 tl = tl + xl | 0;
5876 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5877 hl = gl;
5878 hh = gh;
5879 gl = fl;
5880 gh = fh;
5881 fl = el;
5882 fh = eh;
5883 el = dl + tl | 0;
5884 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5885 dl = cl;
5886 dh = ch;
5887 cl = bl;
5888 ch = bh;
5889 bl = al;
5890 bh = ah;
5891 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5892 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5893 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5894 al = al + xl | 0;
5895 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5896 w2l = w2l + w11l | 0;
5897 w2h = w2h + w11h + (w2l >>> 0 < w11l >>> 0 ? 1 : 0) | 0;
5898 xl = (w3l >>> 1 | w3h << 31) ^ (w3l >>> 8 | w3h << 24) ^ (w3l >>> 7 | w3h << 25) | 0;
5899 w2l = w2l + xl | 0;
5900 w2h = w2h + ((w3h >>> 1 | w3l << 31) ^ (w3h >>> 8 | w3l << 24) ^ w3h >>> 7) + (w2l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5901 xl = (w0l >>> 19 | w0h << 13) ^ (w0l << 3 | w0h >>> 29) ^ (w0l >>> 6 | w0h << 26) | 0;
5902 w2l = w2l + xl | 0;
5903 w2h = w2h + ((w0h >>> 19 | w0l << 13) ^ (w0h << 3 | w0l >>> 29) ^ w0h >>> 6) + (w2l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5904 tl = 3454069534 + w2l | 0;
5905 th = 3940187606 + w2h + (tl >>> 0 < w2l >>> 0 ? 1 : 0) | 0;
5906 tl = tl + hl | 0;
5907 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5908 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5909 tl = tl + xl | 0;
5910 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5911 xl = gl ^ el & (fl ^ gl) | 0;
5912 tl = tl + xl | 0;
5913 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5914 hl = gl;
5915 hh = gh;
5916 gl = fl;
5917 gh = fh;
5918 fl = el;
5919 fh = eh;
5920 el = dl + tl | 0;
5921 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5922 dl = cl;
5923 dh = ch;
5924 cl = bl;
5925 ch = bh;
5926 bl = al;
5927 bh = ah;
5928 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5929 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5930 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5931 al = al + xl | 0;
5932 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5933 w3l = w3l + w12l | 0;
5934 w3h = w3h + w12h + (w3l >>> 0 < w12l >>> 0 ? 1 : 0) | 0;
5935 xl = (w4l >>> 1 | w4h << 31) ^ (w4l >>> 8 | w4h << 24) ^ (w4l >>> 7 | w4h << 25) | 0;
5936 w3l = w3l + xl | 0;
5937 w3h = w3h + ((w4h >>> 1 | w4l << 31) ^ (w4h >>> 8 | w4l << 24) ^ w4h >>> 7) + (w3l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5938 xl = (w1l >>> 19 | w1h << 13) ^ (w1l << 3 | w1h >>> 29) ^ (w1l >>> 6 | w1h << 26) | 0;
5939 w3l = w3l + xl | 0;
5940 w3h = w3h + ((w1h >>> 19 | w1l << 13) ^ (w1h << 3 | w1l >>> 29) ^ w1h >>> 6) + (w3l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5941 tl = 4000239992 + w3l | 0;
5942 th = 4118630271 + w3h + (tl >>> 0 < w3l >>> 0 ? 1 : 0) | 0;
5943 tl = tl + hl | 0;
5944 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5945 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5946 tl = tl + xl | 0;
5947 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5948 xl = gl ^ el & (fl ^ gl) | 0;
5949 tl = tl + xl | 0;
5950 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5951 hl = gl;
5952 hh = gh;
5953 gl = fl;
5954 gh = fh;
5955 fl = el;
5956 fh = eh;
5957 el = dl + tl | 0;
5958 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5959 dl = cl;
5960 dh = ch;
5961 cl = bl;
5962 ch = bh;
5963 bl = al;
5964 bh = ah;
5965 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5966 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5967 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5968 al = al + xl | 0;
5969 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5970 w4l = w4l + w13l | 0;
5971 w4h = w4h + w13h + (w4l >>> 0 < w13l >>> 0 ? 1 : 0) | 0;
5972 xl = (w5l >>> 1 | w5h << 31) ^ (w5l >>> 8 | w5h << 24) ^ (w5l >>> 7 | w5h << 25) | 0;
5973 w4l = w4l + xl | 0;
5974 w4h = w4h + ((w5h >>> 1 | w5l << 31) ^ (w5h >>> 8 | w5l << 24) ^ w5h >>> 7) + (w4l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5975 xl = (w2l >>> 19 | w2h << 13) ^ (w2l << 3 | w2h >>> 29) ^ (w2l >>> 6 | w2h << 26) | 0;
5976 w4l = w4l + xl | 0;
5977 w4h = w4h + ((w2h >>> 19 | w2l << 13) ^ (w2h << 3 | w2l >>> 29) ^ w2h >>> 6) + (w4l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5978 tl = 1914138554 + w4l | 0;
5979 th = 116418474 + w4h + (tl >>> 0 < w4l >>> 0 ? 1 : 0) | 0;
5980 tl = tl + hl | 0;
5981 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5982 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5983 tl = tl + xl | 0;
5984 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5985 xl = gl ^ el & (fl ^ gl) | 0;
5986 tl = tl + xl | 0;
5987 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5988 hl = gl;
5989 hh = gh;
5990 gl = fl;
5991 gh = fh;
5992 fl = el;
5993 fh = eh;
5994 el = dl + tl | 0;
5995 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5996 dl = cl;
5997 dh = ch;
5998 cl = bl;
5999 ch = bh;
6000 bl = al;
6001 bh = ah;
6002 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
6003 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
6004 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
6005 al = al + xl | 0;
6006 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6007 w5l = w5l + w14l | 0;
6008 w5h = w5h + w14h + (w5l >>> 0 < w14l >>> 0 ? 1 : 0) | 0;
6009 xl = (w6l >>> 1 | w6h << 31) ^ (w6l >>> 8 | w6h << 24) ^ (w6l >>> 7 | w6h << 25) | 0;
6010 w5l = w5l + xl | 0;
6011 w5h = w5h + ((w6h >>> 1 | w6l << 31) ^ (w6h >>> 8 | w6l << 24) ^ w6h >>> 7) + (w5l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6012 xl = (w3l >>> 19 | w3h << 13) ^ (w3l << 3 | w3h >>> 29) ^ (w3l >>> 6 | w3h << 26) | 0;
6013 w5l = w5l + xl | 0;
6014 w5h = w5h + ((w3h >>> 19 | w3l << 13) ^ (w3h << 3 | w3l >>> 29) ^ w3h >>> 6) + (w5l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6015 tl = 2731055270 + w5l | 0;
6016 th = 174292421 + w5h + (tl >>> 0 < w5l >>> 0 ? 1 : 0) | 0;
6017 tl = tl + hl | 0;
6018 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
6019 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
6020 tl = tl + xl | 0;
6021 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6022 xl = gl ^ el & (fl ^ gl) | 0;
6023 tl = tl + xl | 0;
6024 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6025 hl = gl;
6026 hh = gh;
6027 gl = fl;
6028 gh = fh;
6029 fl = el;
6030 fh = eh;
6031 el = dl + tl | 0;
6032 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
6033 dl = cl;
6034 dh = ch;
6035 cl = bl;
6036 ch = bh;
6037 bl = al;
6038 bh = ah;
6039 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
6040 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
6041 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
6042 al = al + xl | 0;
6043 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6044 w6l = w6l + w15l | 0;
6045 w6h = w6h + w15h + (w6l >>> 0 < w15l >>> 0 ? 1 : 0) | 0;
6046 xl = (w7l >>> 1 | w7h << 31) ^ (w7l >>> 8 | w7h << 24) ^ (w7l >>> 7 | w7h << 25) | 0;
6047 w6l = w6l + xl | 0;
6048 w6h = w6h + ((w7h >>> 1 | w7l << 31) ^ (w7h >>> 8 | w7l << 24) ^ w7h >>> 7) + (w6l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6049 xl = (w4l >>> 19 | w4h << 13) ^ (w4l << 3 | w4h >>> 29) ^ (w4l >>> 6 | w4h << 26) | 0;
6050 w6l = w6l + xl | 0;
6051 w6h = w6h + ((w4h >>> 19 | w4l << 13) ^ (w4h << 3 | w4l >>> 29) ^ w4h >>> 6) + (w6l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6052 tl = 3203993006 + w6l | 0;
6053 th = 289380356 + w6h + (tl >>> 0 < w6l >>> 0 ? 1 : 0) | 0;
6054 tl = tl + hl | 0;
6055 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
6056 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
6057 tl = tl + xl | 0;
6058 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6059 xl = gl ^ el & (fl ^ gl) | 0;
6060 tl = tl + xl | 0;
6061 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6062 hl = gl;
6063 hh = gh;
6064 gl = fl;
6065 gh = fh;
6066 fl = el;
6067 fh = eh;
6068 el = dl + tl | 0;
6069 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
6070 dl = cl;
6071 dh = ch;
6072 cl = bl;
6073 ch = bh;
6074 bl = al;
6075 bh = ah;
6076 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
6077 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
6078 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
6079 al = al + xl | 0;
6080 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6081 w7l = w7l + w0l | 0;
6082 w7h = w7h + w0h + (w7l >>> 0 < w0l >>> 0 ? 1 : 0) | 0;
6083 xl = (w8l >>> 1 | w8h << 31) ^ (w8l >>> 8 | w8h << 24) ^ (w8l >>> 7 | w8h << 25) | 0;
6084 w7l = w7l + xl | 0;
6085 w7h = w7h + ((w8h >>> 1 | w8l << 31) ^ (w8h >>> 8 | w8l << 24) ^ w8h >>> 7) + (w7l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6086 xl = (w5l >>> 19 | w5h << 13) ^ (w5l << 3 | w5h >>> 29) ^ (w5l >>> 6 | w5h << 26) | 0;
6087 w7l = w7l + xl | 0;
6088 w7h = w7h + ((w5h >>> 19 | w5l << 13) ^ (w5h << 3 | w5l >>> 29) ^ w5h >>> 6) + (w7l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6089 tl = 320620315 + w7l | 0;
6090 th = 460393269 + w7h + (tl >>> 0 < w7l >>> 0 ? 1 : 0) | 0;
6091 tl = tl + hl | 0;
6092 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
6093 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
6094 tl = tl + xl | 0;
6095 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6096 xl = gl ^ el & (fl ^ gl) | 0;
6097 tl = tl + xl | 0;
6098 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6099 hl = gl;
6100 hh = gh;
6101 gl = fl;
6102 gh = fh;
6103 fl = el;
6104 fh = eh;
6105 el = dl + tl | 0;
6106 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
6107 dl = cl;
6108 dh = ch;
6109 cl = bl;
6110 ch = bh;
6111 bl = al;
6112 bh = ah;
6113 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
6114 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
6115 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
6116 al = al + xl | 0;
6117 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6118 w8l = w8l + w1l | 0;
6119 w8h = w8h + w1h + (w8l >>> 0 < w1l >>> 0 ? 1 : 0) | 0;
6120 xl = (w9l >>> 1 | w9h << 31) ^ (w9l >>> 8 | w9h << 24) ^ (w9l >>> 7 | w9h << 25) | 0;
6121 w8l = w8l + xl | 0;
6122 w8h = w8h + ((w9h >>> 1 | w9l << 31) ^ (w9h >>> 8 | w9l << 24) ^ w9h >>> 7) + (w8l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6123 xl = (w6l >>> 19 | w6h << 13) ^ (w6l << 3 | w6h >>> 29) ^ (w6l >>> 6 | w6h << 26) | 0;
6124 w8l = w8l + xl | 0;
6125 w8h = w8h + ((w6h >>> 19 | w6l << 13) ^ (w6h << 3 | w6l >>> 29) ^ w6h >>> 6) + (w8l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6126 tl = 587496836 + w8l | 0;
6127 th = 685471733 + w8h + (tl >>> 0 < w8l >>> 0 ? 1 : 0) | 0;
6128 tl = tl + hl | 0;
6129 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
6130 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
6131 tl = tl + xl | 0;
6132 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6133 xl = gl ^ el & (fl ^ gl) | 0;
6134 tl = tl + xl | 0;
6135 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6136 hl = gl;
6137 hh = gh;
6138 gl = fl;
6139 gh = fh;
6140 fl = el;
6141 fh = eh;
6142 el = dl + tl | 0;
6143 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
6144 dl = cl;
6145 dh = ch;
6146 cl = bl;
6147 ch = bh;
6148 bl = al;
6149 bh = ah;
6150 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
6151 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
6152 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
6153 al = al + xl | 0;
6154 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6155 w9l = w9l + w2l | 0;
6156 w9h = w9h + w2h + (w9l >>> 0 < w2l >>> 0 ? 1 : 0) | 0;
6157 xl = (w10l >>> 1 | w10h << 31) ^ (w10l >>> 8 | w10h << 24) ^ (w10l >>> 7 | w10h << 25) | 0;
6158 w9l = w9l + xl | 0;
6159 w9h = w9h + ((w10h >>> 1 | w10l << 31) ^ (w10h >>> 8 | w10l << 24) ^ w10h >>> 7) + (w9l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6160 xl = (w7l >>> 19 | w7h << 13) ^ (w7l << 3 | w7h >>> 29) ^ (w7l >>> 6 | w7h << 26) | 0;
6161 w9l = w9l + xl | 0;
6162 w9h = w9h + ((w7h >>> 19 | w7l << 13) ^ (w7h << 3 | w7l >>> 29) ^ w7h >>> 6) + (w9l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6163 tl = 1086792851 + w9l | 0;
6164 th = 852142971 + w9h + (tl >>> 0 < w9l >>> 0 ? 1 : 0) | 0;
6165 tl = tl + hl | 0;
6166 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
6167 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
6168 tl = tl + xl | 0;
6169 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6170 xl = gl ^ el & (fl ^ gl) | 0;
6171 tl = tl + xl | 0;
6172 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6173 hl = gl;
6174 hh = gh;
6175 gl = fl;
6176 gh = fh;
6177 fl = el;
6178 fh = eh;
6179 el = dl + tl | 0;
6180 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
6181 dl = cl;
6182 dh = ch;
6183 cl = bl;
6184 ch = bh;
6185 bl = al;
6186 bh = ah;
6187 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
6188 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
6189 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
6190 al = al + xl | 0;
6191 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6192 w10l = w10l + w3l | 0;
6193 w10h = w10h + w3h + (w10l >>> 0 < w3l >>> 0 ? 1 : 0) | 0;
6194 xl = (w11l >>> 1 | w11h << 31) ^ (w11l >>> 8 | w11h << 24) ^ (w11l >>> 7 | w11h << 25) | 0;
6195 w10l = w10l + xl | 0;
6196 w10h = w10h + ((w11h >>> 1 | w11l << 31) ^ (w11h >>> 8 | w11l << 24) ^ w11h >>> 7) + (w10l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6197 xl = (w8l >>> 19 | w8h << 13) ^ (w8l << 3 | w8h >>> 29) ^ (w8l >>> 6 | w8h << 26) | 0;
6198 w10l = w10l + xl | 0;
6199 w10h = w10h + ((w8h >>> 19 | w8l << 13) ^ (w8h << 3 | w8l >>> 29) ^ w8h >>> 6) + (w10l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6200 tl = 365543100 + w10l | 0;
6201 th = 1017036298 + w10h + (tl >>> 0 < w10l >>> 0 ? 1 : 0) | 0;
6202 tl = tl + hl | 0;
6203 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
6204 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
6205 tl = tl + xl | 0;
6206 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6207 xl = gl ^ el & (fl ^ gl) | 0;
6208 tl = tl + xl | 0;
6209 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6210 hl = gl;
6211 hh = gh;
6212 gl = fl;
6213 gh = fh;
6214 fl = el;
6215 fh = eh;
6216 el = dl + tl | 0;
6217 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
6218 dl = cl;
6219 dh = ch;
6220 cl = bl;
6221 ch = bh;
6222 bl = al;
6223 bh = ah;
6224 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
6225 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
6226 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
6227 al = al + xl | 0;
6228 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6229 w11l = w11l + w4l | 0;
6230 w11h = w11h + w4h + (w11l >>> 0 < w4l >>> 0 ? 1 : 0) | 0;
6231 xl = (w12l >>> 1 | w12h << 31) ^ (w12l >>> 8 | w12h << 24) ^ (w12l >>> 7 | w12h << 25) | 0;
6232 w11l = w11l + xl | 0;
6233 w11h = w11h + ((w12h >>> 1 | w12l << 31) ^ (w12h >>> 8 | w12l << 24) ^ w12h >>> 7) + (w11l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6234 xl = (w9l >>> 19 | w9h << 13) ^ (w9l << 3 | w9h >>> 29) ^ (w9l >>> 6 | w9h << 26) | 0;
6235 w11l = w11l + xl | 0;
6236 w11h = w11h + ((w9h >>> 19 | w9l << 13) ^ (w9h << 3 | w9l >>> 29) ^ w9h >>> 6) + (w11l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6237 tl = 2618297676 + w11l | 0;
6238 th = 1126000580 + w11h + (tl >>> 0 < w11l >>> 0 ? 1 : 0) | 0;
6239 tl = tl + hl | 0;
6240 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
6241 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
6242 tl = tl + xl | 0;
6243 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6244 xl = gl ^ el & (fl ^ gl) | 0;
6245 tl = tl + xl | 0;
6246 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6247 hl = gl;
6248 hh = gh;
6249 gl = fl;
6250 gh = fh;
6251 fl = el;
6252 fh = eh;
6253 el = dl + tl | 0;
6254 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
6255 dl = cl;
6256 dh = ch;
6257 cl = bl;
6258 ch = bh;
6259 bl = al;
6260 bh = ah;
6261 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
6262 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
6263 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
6264 al = al + xl | 0;
6265 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6266 w12l = w12l + w5l | 0;
6267 w12h = w12h + w5h + (w12l >>> 0 < w5l >>> 0 ? 1 : 0) | 0;
6268 xl = (w13l >>> 1 | w13h << 31) ^ (w13l >>> 8 | w13h << 24) ^ (w13l >>> 7 | w13h << 25) | 0;
6269 w12l = w12l + xl | 0;
6270 w12h = w12h + ((w13h >>> 1 | w13l << 31) ^ (w13h >>> 8 | w13l << 24) ^ w13h >>> 7) + (w12l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6271 xl = (w10l >>> 19 | w10h << 13) ^ (w10l << 3 | w10h >>> 29) ^ (w10l >>> 6 | w10h << 26) | 0;
6272 w12l = w12l + xl | 0;
6273 w12h = w12h + ((w10h >>> 19 | w10l << 13) ^ (w10h << 3 | w10l >>> 29) ^ w10h >>> 6) + (w12l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6274 tl = 3409855158 + w12l | 0;
6275 th = 1288033470 + w12h + (tl >>> 0 < w12l >>> 0 ? 1 : 0) | 0;
6276 tl = tl + hl | 0;
6277 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
6278 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
6279 tl = tl + xl | 0;
6280 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6281 xl = gl ^ el & (fl ^ gl) | 0;
6282 tl = tl + xl | 0;
6283 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6284 hl = gl;
6285 hh = gh;
6286 gl = fl;
6287 gh = fh;
6288 fl = el;
6289 fh = eh;
6290 el = dl + tl | 0;
6291 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
6292 dl = cl;
6293 dh = ch;
6294 cl = bl;
6295 ch = bh;
6296 bl = al;
6297 bh = ah;
6298 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
6299 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
6300 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
6301 al = al + xl | 0;
6302 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6303 w13l = w13l + w6l | 0;
6304 w13h = w13h + w6h + (w13l >>> 0 < w6l >>> 0 ? 1 : 0) | 0;
6305 xl = (w14l >>> 1 | w14h << 31) ^ (w14l >>> 8 | w14h << 24) ^ (w14l >>> 7 | w14h << 25) | 0;
6306 w13l = w13l + xl | 0;
6307 w13h = w13h + ((w14h >>> 1 | w14l << 31) ^ (w14h >>> 8 | w14l << 24) ^ w14h >>> 7) + (w13l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6308 xl = (w11l >>> 19 | w11h << 13) ^ (w11l << 3 | w11h >>> 29) ^ (w11l >>> 6 | w11h << 26) | 0;
6309 w13l = w13l + xl | 0;
6310 w13h = w13h + ((w11h >>> 19 | w11l << 13) ^ (w11h << 3 | w11l >>> 29) ^ w11h >>> 6) + (w13l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6311 tl = 4234509866 + w13l | 0;
6312 th = 1501505948 + w13h + (tl >>> 0 < w13l >>> 0 ? 1 : 0) | 0;
6313 tl = tl + hl | 0;
6314 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
6315 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
6316 tl = tl + xl | 0;
6317 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6318 xl = gl ^ el & (fl ^ gl) | 0;
6319 tl = tl + xl | 0;
6320 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6321 hl = gl;
6322 hh = gh;
6323 gl = fl;
6324 gh = fh;
6325 fl = el;
6326 fh = eh;
6327 el = dl + tl | 0;
6328 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
6329 dl = cl;
6330 dh = ch;
6331 cl = bl;
6332 ch = bh;
6333 bl = al;
6334 bh = ah;
6335 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
6336 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
6337 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
6338 al = al + xl | 0;
6339 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6340 w14l = w14l + w7l | 0;
6341 w14h = w14h + w7h + (w14l >>> 0 < w7l >>> 0 ? 1 : 0) | 0;
6342 xl = (w15l >>> 1 | w15h << 31) ^ (w15l >>> 8 | w15h << 24) ^ (w15l >>> 7 | w15h << 25) | 0;
6343 w14l = w14l + xl | 0;
6344 w14h = w14h + ((w15h >>> 1 | w15l << 31) ^ (w15h >>> 8 | w15l << 24) ^ w15h >>> 7) + (w14l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6345 xl = (w12l >>> 19 | w12h << 13) ^ (w12l << 3 | w12h >>> 29) ^ (w12l >>> 6 | w12h << 26) | 0;
6346 w14l = w14l + xl | 0;
6347 w14h = w14h + ((w12h >>> 19 | w12l << 13) ^ (w12h << 3 | w12l >>> 29) ^ w12h >>> 6) + (w14l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6348 tl = 987167468 + w14l | 0;
6349 th = 1607167915 + w14h + (tl >>> 0 < w14l >>> 0 ? 1 : 0) | 0;
6350 tl = tl + hl | 0;
6351 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
6352 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
6353 tl = tl + xl | 0;
6354 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6355 xl = gl ^ el & (fl ^ gl) | 0;
6356 tl = tl + xl | 0;
6357 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6358 hl = gl;
6359 hh = gh;
6360 gl = fl;
6361 gh = fh;
6362 fl = el;
6363 fh = eh;
6364 el = dl + tl | 0;
6365 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
6366 dl = cl;
6367 dh = ch;
6368 cl = bl;
6369 ch = bh;
6370 bl = al;
6371 bh = ah;
6372 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
6373 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
6374 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
6375 al = al + xl | 0;
6376 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6377 w15l = w15l + w8l | 0;
6378 w15h = w15h + w8h + (w15l >>> 0 < w8l >>> 0 ? 1 : 0) | 0;
6379 xl = (w0l >>> 1 | w0h << 31) ^ (w0l >>> 8 | w0h << 24) ^ (w0l >>> 7 | w0h << 25) | 0;
6380 w15l = w15l + xl | 0;
6381 w15h = w15h + ((w0h >>> 1 | w0l << 31) ^ (w0h >>> 8 | w0l << 24) ^ w0h >>> 7) + (w15l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6382 xl = (w13l >>> 19 | w13h << 13) ^ (w13l << 3 | w13h >>> 29) ^ (w13l >>> 6 | w13h << 26) | 0;
6383 w15l = w15l + xl | 0;
6384 w15h = w15h + ((w13h >>> 19 | w13l << 13) ^ (w13h << 3 | w13l >>> 29) ^ w13h >>> 6) + (w15l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6385 tl = 1246189591 + w15l | 0;
6386 th = 1816402316 + w15h + (tl >>> 0 < w15l >>> 0 ? 1 : 0) | 0;
6387 tl = tl + hl | 0;
6388 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
6389 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
6390 tl = tl + xl | 0;
6391 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6392 xl = gl ^ el & (fl ^ gl) | 0;
6393 tl = tl + xl | 0;
6394 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6395 hl = gl;
6396 hh = gh;
6397 gl = fl;
6398 gh = fh;
6399 fl = el;
6400 fh = eh;
6401 el = dl + tl | 0;
6402 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
6403 dl = cl;
6404 dh = ch;
6405 cl = bl;
6406 ch = bh;
6407 bl = al;
6408 bh = ah;
6409 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
6410 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
6411 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
6412 al = al + xl | 0;
6413 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6414 H0l = H0l + al | 0;
6415 H0h = H0h + ah + (H0l >>> 0 < al >>> 0 ? 1 : 0) | 0;
6416 H1l = H1l + bl | 0;
6417 H1h = H1h + bh + (H1l >>> 0 < bl >>> 0 ? 1 : 0) | 0;
6418 H2l = H2l + cl | 0;
6419 H2h = H2h + ch + (H2l >>> 0 < cl >>> 0 ? 1 : 0) | 0;
6420 H3l = H3l + dl | 0;
6421 H3h = H3h + dh + (H3l >>> 0 < dl >>> 0 ? 1 : 0) | 0;
6422 H4l = H4l + el | 0;
6423 H4h = H4h + eh + (H4l >>> 0 < el >>> 0 ? 1 : 0) | 0;
6424 H5l = H5l + fl | 0;
6425 H5h = H5h + fh + (H5l >>> 0 < fl >>> 0 ? 1 : 0) | 0;
6426 H6l = H6l + gl | 0;
6427 H6h = H6h + gh + (H6l >>> 0 < gl >>> 0 ? 1 : 0) | 0;
6428 H7l = H7l + hl | 0;
6429 H7h = H7h + hh + (H7l >>> 0 < hl >>> 0 ? 1 : 0) | 0;
6430 }
6431 function _core_heap(offset) {
6432 offset = offset | 0;
6433 _core(HEAP[offset | 0] << 24 | HEAP[offset | 1] << 16 | HEAP[offset | 2] << 8 | HEAP[offset | 3], HEAP[offset | 4] << 24 | HEAP[offset | 5] << 16 | HEAP[offset | 6] << 8 | HEAP[offset | 7], HEAP[offset | 8] << 24 | HEAP[offset | 9] << 16 | HEAP[offset | 10] << 8 | HEAP[offset | 11], HEAP[offset | 12] << 24 | HEAP[offset | 13] << 16 | HEAP[offset | 14] << 8 | HEAP[offset | 15], HEAP[offset | 16] << 24 | HEAP[offset | 17] << 16 | HEAP[offset | 18] << 8 | HEAP[offset | 19], HEAP[offset | 20] << 24 | HEAP[offset | 21] << 16 | HEAP[offset | 22] << 8 | HEAP[offset | 23], HEAP[offset | 24] << 24 | HEAP[offset | 25] << 16 | HEAP[offset | 26] << 8 | HEAP[offset | 27], HEAP[offset | 28] << 24 | HEAP[offset | 29] << 16 | HEAP[offset | 30] << 8 | HEAP[offset | 31], HEAP[offset | 32] << 24 | HEAP[offset | 33] << 16 | HEAP[offset | 34] << 8 | HEAP[offset | 35], HEAP[offset | 36] << 24 | HEAP[offset | 37] << 16 | HEAP[offset | 38] << 8 | HEAP[offset | 39], HEAP[offset | 40] << 24 | HEAP[offset | 41] << 16 | HEAP[offset | 42] << 8 | HEAP[offset | 43], HEAP[offset | 44] << 24 | HEAP[offset | 45] << 16 | HEAP[offset | 46] << 8 | HEAP[offset | 47], HEAP[offset | 48] << 24 | HEAP[offset | 49] << 16 | HEAP[offset | 50] << 8 | HEAP[offset | 51], HEAP[offset | 52] << 24 | HEAP[offset | 53] << 16 | HEAP[offset | 54] << 8 | HEAP[offset | 55], HEAP[offset | 56] << 24 | HEAP[offset | 57] << 16 | HEAP[offset | 58] << 8 | HEAP[offset | 59], HEAP[offset | 60] << 24 | HEAP[offset | 61] << 16 | HEAP[offset | 62] << 8 | HEAP[offset | 63], HEAP[offset | 64] << 24 | HEAP[offset | 65] << 16 | HEAP[offset | 66] << 8 | HEAP[offset | 67], HEAP[offset | 68] << 24 | HEAP[offset | 69] << 16 | HEAP[offset | 70] << 8 | HEAP[offset | 71], HEAP[offset | 72] << 24 | HEAP[offset | 73] << 16 | HEAP[offset | 74] << 8 | HEAP[offset | 75], HEAP[offset | 76] << 24 | HEAP[offset | 77] << 16 | HEAP[offset | 78] << 8 | HEAP[offset | 79], HEAP[offset | 80] << 24 | HEAP[offset | 81] << 16 | HEAP[offset | 82] << 8 | HEAP[offset | 83], HEAP[offset | 84] << 24 | HEAP[offset | 85] << 16 | HEAP[offset | 86] << 8 | HEAP[offset | 87], HEAP[offset | 88] << 24 | HEAP[offset | 89] << 16 | HEAP[offset | 90] << 8 | HEAP[offset | 91], HEAP[offset | 92] << 24 | HEAP[offset | 93] << 16 | HEAP[offset | 94] << 8 | HEAP[offset | 95], HEAP[offset | 96] << 24 | HEAP[offset | 97] << 16 | HEAP[offset | 98] << 8 | HEAP[offset | 99], HEAP[offset | 100] << 24 | HEAP[offset | 101] << 16 | HEAP[offset | 102] << 8 | HEAP[offset | 103], HEAP[offset | 104] << 24 | HEAP[offset | 105] << 16 | HEAP[offset | 106] << 8 | HEAP[offset | 107], HEAP[offset | 108] << 24 | HEAP[offset | 109] << 16 | HEAP[offset | 110] << 8 | HEAP[offset | 111], HEAP[offset | 112] << 24 | HEAP[offset | 113] << 16 | HEAP[offset | 114] << 8 | HEAP[offset | 115], HEAP[offset | 116] << 24 | HEAP[offset | 117] << 16 | HEAP[offset | 118] << 8 | HEAP[offset | 119], HEAP[offset | 120] << 24 | HEAP[offset | 121] << 16 | HEAP[offset | 122] << 8 | HEAP[offset | 123], HEAP[offset | 124] << 24 | HEAP[offset | 125] << 16 | HEAP[offset | 126] << 8 | HEAP[offset | 127]);
6434 }
6435 function _state_to_heap(output) {
6436 output = output | 0;
6437 HEAP[output | 0] = H0h >>> 24;
6438 HEAP[output | 1] = H0h >>> 16 & 255;
6439 HEAP[output | 2] = H0h >>> 8 & 255;
6440 HEAP[output | 3] = H0h & 255;
6441 HEAP[output | 4] = H0l >>> 24;
6442 HEAP[output | 5] = H0l >>> 16 & 255;
6443 HEAP[output | 6] = H0l >>> 8 & 255;
6444 HEAP[output | 7] = H0l & 255;
6445 HEAP[output | 8] = H1h >>> 24;
6446 HEAP[output | 9] = H1h >>> 16 & 255;
6447 HEAP[output | 10] = H1h >>> 8 & 255;
6448 HEAP[output | 11] = H1h & 255;
6449 HEAP[output | 12] = H1l >>> 24;
6450 HEAP[output | 13] = H1l >>> 16 & 255;
6451 HEAP[output | 14] = H1l >>> 8 & 255;
6452 HEAP[output | 15] = H1l & 255;
6453 HEAP[output | 16] = H2h >>> 24;
6454 HEAP[output | 17] = H2h >>> 16 & 255;
6455 HEAP[output | 18] = H2h >>> 8 & 255;
6456 HEAP[output | 19] = H2h & 255;
6457 HEAP[output | 20] = H2l >>> 24;
6458 HEAP[output | 21] = H2l >>> 16 & 255;
6459 HEAP[output | 22] = H2l >>> 8 & 255;
6460 HEAP[output | 23] = H2l & 255;
6461 HEAP[output | 24] = H3h >>> 24;
6462 HEAP[output | 25] = H3h >>> 16 & 255;
6463 HEAP[output | 26] = H3h >>> 8 & 255;
6464 HEAP[output | 27] = H3h & 255;
6465 HEAP[output | 28] = H3l >>> 24;
6466 HEAP[output | 29] = H3l >>> 16 & 255;
6467 HEAP[output | 30] = H3l >>> 8 & 255;
6468 HEAP[output | 31] = H3l & 255;
6469 HEAP[output | 32] = H4h >>> 24;
6470 HEAP[output | 33] = H4h >>> 16 & 255;
6471 HEAP[output | 34] = H4h >>> 8 & 255;
6472 HEAP[output | 35] = H4h & 255;
6473 HEAP[output | 36] = H4l >>> 24;
6474 HEAP[output | 37] = H4l >>> 16 & 255;
6475 HEAP[output | 38] = H4l >>> 8 & 255;
6476 HEAP[output | 39] = H4l & 255;
6477 HEAP[output | 40] = H5h >>> 24;
6478 HEAP[output | 41] = H5h >>> 16 & 255;
6479 HEAP[output | 42] = H5h >>> 8 & 255;
6480 HEAP[output | 43] = H5h & 255;
6481 HEAP[output | 44] = H5l >>> 24;
6482 HEAP[output | 45] = H5l >>> 16 & 255;
6483 HEAP[output | 46] = H5l >>> 8 & 255;
6484 HEAP[output | 47] = H5l & 255;
6485 HEAP[output | 48] = H6h >>> 24;
6486 HEAP[output | 49] = H6h >>> 16 & 255;
6487 HEAP[output | 50] = H6h >>> 8 & 255;
6488 HEAP[output | 51] = H6h & 255;
6489 HEAP[output | 52] = H6l >>> 24;
6490 HEAP[output | 53] = H6l >>> 16 & 255;
6491 HEAP[output | 54] = H6l >>> 8 & 255;
6492 HEAP[output | 55] = H6l & 255;
6493 HEAP[output | 56] = H7h >>> 24;
6494 HEAP[output | 57] = H7h >>> 16 & 255;
6495 HEAP[output | 58] = H7h >>> 8 & 255;
6496 HEAP[output | 59] = H7h & 255;
6497 HEAP[output | 60] = H7l >>> 24;
6498 HEAP[output | 61] = H7l >>> 16 & 255;
6499 HEAP[output | 62] = H7l >>> 8 & 255;
6500 HEAP[output | 63] = H7l & 255;
6501 }
6502 function reset() {
6503 H0h = 1779033703;
6504 H0l = 4089235720;
6505 H1h = 3144134277;
6506 H1l = 2227873595;
6507 H2h = 1013904242;
6508 H2l = 4271175723;
6509 H3h = 2773480762;
6510 H3l = 1595750129;
6511 H4h = 1359893119;
6512 H4l = 2917565137;
6513 H5h = 2600822924;
6514 H5l = 725511199;
6515 H6h = 528734635;
6516 H6l = 4215389547;
6517 H7h = 1541459225;
6518 H7l = 327033209;
6519 TOTAL = 0;
6520 }
6521 function init(h0h, h0l, h1h, h1l, h2h, h2l, h3h, h3l, h4h, h4l, h5h, h5l, h6h, h6l, h7h, h7l, total) {
6522 h0h = h0h | 0;
6523 h0l = h0l | 0;
6524 h1h = h1h | 0;
6525 h1l = h1l | 0;
6526 h2h = h2h | 0;
6527 h2l = h2l | 0;
6528 h3h = h3h | 0;
6529 h3l = h3l | 0;
6530 h4h = h4h | 0;
6531 h4l = h4l | 0;
6532 h5h = h5h | 0;
6533 h5l = h5l | 0;
6534 h6h = h6h | 0;
6535 h6l = h6l | 0;
6536 h7h = h7h | 0;
6537 h7l = h7l | 0;
6538 total = total | 0;
6539 H0h = h0h;
6540 H0l = h0l;
6541 H1h = h1h;
6542 H1l = h1l;
6543 H2h = h2h;
6544 H2l = h2l;
6545 H3h = h3h;
6546 H3l = h3l;
6547 H4h = h4h;
6548 H4l = h4l;
6549 H5h = h5h;
6550 H5l = h5l;
6551 H6h = h6h;
6552 H6l = h6l;
6553 H7h = h7h;
6554 H7l = h7l;
6555 TOTAL = total;
6556 }
6557 function process(offset, length) {
6558 offset = offset | 0;
6559 length = length | 0;
6560 var hashed = 0;
6561 if (offset & 127) return -1;
6562 while ((length | 0) >= 128) {
6563 _core_heap(offset);
6564 offset = offset + 128 | 0;
6565 length = length - 128 | 0;
6566 hashed = hashed + 128 | 0;
6567 }
6568 TOTAL = TOTAL + hashed | 0;
6569 return hashed | 0;
6570 }
6571 function finish(offset, length, output) {
6572 offset = offset | 0;
6573 length = length | 0;
6574 output = output | 0;
6575 var hashed = 0, i = 0;
6576 if (offset & 127) return -1;
6577 if (~output) if (output & 63) return -1;
6578 if ((length | 0) >= 128) {
6579 hashed = process(offset, length) | 0;
6580 if ((hashed | 0) == -1) return -1;
6581 offset = offset + hashed | 0;
6582 length = length - hashed | 0;
6583 }
6584 hashed = hashed + length | 0;
6585 TOTAL = TOTAL + length | 0;
6586 HEAP[offset | length] = 128;
6587 if ((length | 0) >= 112) {
6588 for (i = length + 1 | 0; (i | 0) < 128; i = i + 1 | 0) HEAP[offset | i] = 0;
6589 _core_heap(offset);
6590 length = 0;
6591 HEAP[offset | 0] = 0;
6592 }
6593 for (i = length + 1 | 0; (i | 0) < 123; i = i + 1 | 0) HEAP[offset | i] = 0;
6594 HEAP[offset | 123] = TOTAL >>> 29;
6595 HEAP[offset | 124] = TOTAL >>> 21 & 255;
6596 HEAP[offset | 125] = TOTAL >>> 13 & 255;
6597 HEAP[offset | 126] = TOTAL >>> 5 & 255;
6598 HEAP[offset | 127] = TOTAL << 3 & 255;
6599 _core_heap(offset);
6600 if (~output) _state_to_heap(output);
6601 return hashed | 0;
6602 }
6603 function hmac_reset() {
6604 H0h = I0h;
6605 H0l = I0l;
6606 H1h = I1h;
6607 H1l = I1l;
6608 H2h = I2h;
6609 H2l = I2l;
6610 H3h = I3h;
6611 H3l = I3l;
6612 H4h = I4h;
6613 H4l = I4l;
6614 H5h = I5h;
6615 H5l = I5l;
6616 H6h = I6h;
6617 H6l = I6l;
6618 H7h = I7h;
6619 H7l = I7l;
6620 TOTAL = 128;
6621 }
6622 function _hmac_opad() {
6623 H0h = O0h;
6624 H0l = O0l;
6625 H1h = O1h;
6626 H1l = O1l;
6627 H2h = O2h;
6628 H2l = O2l;
6629 H3h = O3h;
6630 H3l = O3l;
6631 H4h = O4h;
6632 H4l = O4l;
6633 H5h = O5h;
6634 H5l = O5l;
6635 H6h = O6h;
6636 H6l = O6l;
6637 H7h = O7h;
6638 H7l = O7l;
6639 TOTAL = 128;
6640 }
6641 function hmac_init(p0h, p0l, p1h, p1l, p2h, p2l, p3h, p3l, p4h, p4l, p5h, p5l, p6h, p6l, p7h, p7l, p8h, p8l, p9h, p9l, p10h, p10l, p11h, p11l, p12h, p12l, p13h, p13l, p14h, p14l, p15h, p15l) {
6642 p0h = p0h | 0;
6643 p0l = p0l | 0;
6644 p1h = p1h | 0;
6645 p1l = p1l | 0;
6646 p2h = p2h | 0;
6647 p2l = p2l | 0;
6648 p3h = p3h | 0;
6649 p3l = p3l | 0;
6650 p4h = p4h | 0;
6651 p4l = p4l | 0;
6652 p5h = p5h | 0;
6653 p5l = p5l | 0;
6654 p6h = p6h | 0;
6655 p6l = p6l | 0;
6656 p7h = p7h | 0;
6657 p7l = p7l | 0;
6658 p8h = p8h | 0;
6659 p8l = p8l | 0;
6660 p9h = p9h | 0;
6661 p9l = p9l | 0;
6662 p10h = p10h | 0;
6663 p10l = p10l | 0;
6664 p11h = p11h | 0;
6665 p11l = p11l | 0;
6666 p12h = p12h | 0;
6667 p12l = p12l | 0;
6668 p13h = p13h | 0;
6669 p13l = p13l | 0;
6670 p14h = p14h | 0;
6671 p14l = p14l | 0;
6672 p15h = p15h | 0;
6673 p15l = p15l | 0;
6674 reset();
6675 _core(p0h ^ 1549556828, p0l ^ 1549556828, p1h ^ 1549556828, p1l ^ 1549556828, p2h ^ 1549556828, p2l ^ 1549556828, p3h ^ 1549556828, p3l ^ 1549556828, p4h ^ 1549556828, p4l ^ 1549556828, p5h ^ 1549556828, p5l ^ 1549556828, p6h ^ 1549556828, p6l ^ 1549556828, p7h ^ 1549556828, p7l ^ 1549556828, p8h ^ 1549556828, p8l ^ 1549556828, p9h ^ 1549556828, p9l ^ 1549556828, p10h ^ 1549556828, p10l ^ 1549556828, p11h ^ 1549556828, p11l ^ 1549556828, p12h ^ 1549556828, p12l ^ 1549556828, p13h ^ 1549556828, p13l ^ 1549556828, p14h ^ 1549556828, p14l ^ 1549556828, p15h ^ 1549556828, p15l ^ 1549556828);
6676 O0h = H0h;
6677 O0l = H0l;
6678 O1h = H1h;
6679 O1l = H1l;
6680 O2h = H2h;
6681 O2l = H2l;
6682 O3h = H3h;
6683 O3l = H3l;
6684 O4h = H4h;
6685 O4l = H4l;
6686 O5h = H5h;
6687 O5l = H5l;
6688 O6h = H6h;
6689 O6l = H6l;
6690 O7h = H7h;
6691 O7l = H7l;
6692 reset();
6693 _core(p0h ^ 909522486, p0l ^ 909522486, p1h ^ 909522486, p1l ^ 909522486, p2h ^ 909522486, p2l ^ 909522486, p3h ^ 909522486, p3l ^ 909522486, p4h ^ 909522486, p4l ^ 909522486, p5h ^ 909522486, p5l ^ 909522486, p6h ^ 909522486, p6l ^ 909522486, p7h ^ 909522486, p7l ^ 909522486, p8h ^ 909522486, p8l ^ 909522486, p9h ^ 909522486, p9l ^ 909522486, p10h ^ 909522486, p10l ^ 909522486, p11h ^ 909522486, p11l ^ 909522486, p12h ^ 909522486, p12l ^ 909522486, p13h ^ 909522486, p13l ^ 909522486, p14h ^ 909522486, p14l ^ 909522486, p15h ^ 909522486, p15l ^ 909522486);
6694 I0h = H0h;
6695 I0l = H0l;
6696 I1h = H1h;
6697 I1l = H1l;
6698 I2h = H2h;
6699 I2l = H2l;
6700 I3h = H3h;
6701 I3l = H3l;
6702 I4h = H4h;
6703 I4l = H4l;
6704 I5h = H5h;
6705 I5l = H5l;
6706 I6h = H6h;
6707 I6l = H6l;
6708 I7h = H7h;
6709 I7l = H7l;
6710 TOTAL = 128;
6711 }
6712 function hmac_finish(offset, length, output) {
6713 offset = offset | 0;
6714 length = length | 0;
6715 output = output | 0;
6716 var t0h = 0, t0l = 0, t1h = 0, t1l = 0, t2h = 0, t2l = 0, t3h = 0, t3l = 0, t4h = 0, t4l = 0, t5h = 0, t5l = 0, t6h = 0, t6l = 0, t7h = 0, t7l = 0, hashed = 0;
6717 if (offset & 127) return -1;
6718 if (~output) if (output & 63) return -1;
6719 hashed = finish(offset, length, -1) | 0;
6720 t0h = H0h;
6721 t0l = H0l;
6722 t1h = H1h;
6723 t1l = H1l;
6724 t2h = H2h;
6725 t2l = H2l;
6726 t3h = H3h;
6727 t3l = H3l;
6728 t4h = H4h;
6729 t4l = H4l;
6730 t5h = H5h;
6731 t5l = H5l;
6732 t6h = H6h;
6733 t6l = H6l;
6734 t7h = H7h;
6735 t7l = H7l;
6736 _hmac_opad();
6737 _core(t0h, t0l, t1h, t1l, t2h, t2l, t3h, t3l, t4h, t4l, t5h, t5l, t6h, t6l, t7h, t7l, 2147483648, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1536);
6738 if (~output) _state_to_heap(output);
6739 return hashed | 0;
6740 }
6741 function pbkdf2_generate_block(offset, length, block, count, output) {
6742 offset = offset | 0;
6743 length = length | 0;
6744 block = block | 0;
6745 count = count | 0;
6746 output = output | 0;
6747 var h0h = 0, h0l = 0, h1h = 0, h1l = 0, h2h = 0, h2l = 0, h3h = 0, h3l = 0, h4h = 0, h4l = 0, h5h = 0, h5l = 0, h6h = 0, h6l = 0, h7h = 0, h7l = 0, t0h = 0, t0l = 0, t1h = 0, t1l = 0, t2h = 0, t2l = 0, t3h = 0, t3l = 0, t4h = 0, t4l = 0, t5h = 0, t5l = 0, t6h = 0, t6l = 0, t7h = 0, t7l = 0;
6748 if (offset & 127) return -1;
6749 if (~output) if (output & 63) return -1;
6750 HEAP[offset + length | 0] = block >>> 24;
6751 HEAP[offset + length + 1 | 0] = block >>> 16 & 255;
6752 HEAP[offset + length + 2 | 0] = block >>> 8 & 255;
6753 HEAP[offset + length + 3 | 0] = block & 255;
6754 // Closure compiler warning - The result of the 'bitor' operator is not being used
6755 //hmac_finish(offset, length + 4 | 0, -1) | 0;
6756 hmac_finish(offset, length + 4 | 0, -1);
6757 h0h = t0h = H0h;
6758 h0l = t0l = H0l;
6759 h1h = t1h = H1h;
6760 h1l = t1l = H1l;
6761 h2h = t2h = H2h;
6762 h2l = t2l = H2l;
6763 h3h = t3h = H3h;
6764 h3l = t3l = H3l;
6765 h4h = t4h = H4h;
6766 h4l = t4l = H4l;
6767 h5h = t5h = H5h;
6768 h5l = t5l = H5l;
6769 h6h = t6h = H6h;
6770 h6l = t6l = H6l;
6771 h7h = t7h = H7h;
6772 h7l = t7l = H7l;
6773 count = count - 1 | 0;
6774 while ((count | 0) > 0) {
6775 hmac_reset();
6776 _core(t0h, t0l, t1h, t1l, t2h, t2l, t3h, t3l, t4h, t4l, t5h, t5l, t6h, t6l, t7h, t7l, 2147483648, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1536);
6777 t0h = H0h;
6778 t0l = H0l;
6779 t1h = H1h;
6780 t1l = H1l;
6781 t2h = H2h;
6782 t2l = H2l;
6783 t3h = H3h;
6784 t3l = H3l;
6785 t4h = H4h;
6786 t4l = H4l;
6787 t5h = H5h;
6788 t5l = H5l;
6789 t6h = H6h;
6790 t6l = H6l;
6791 t7h = H7h;
6792 t7l = H7l;
6793 _hmac_opad();
6794 _core(t0h, t0l, t1h, t1l, t2h, t2l, t3h, t3l, t4h, t4l, t5h, t5l, t6h, t6l, t7h, t7l, 2147483648, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1536);
6795 t0h = H0h;
6796 t0l = H0l;
6797 t1h = H1h;
6798 t1l = H1l;
6799 t2h = H2h;
6800 t2l = H2l;
6801 t3h = H3h;
6802 t3l = H3l;
6803 t4h = H4h;
6804 t4l = H4l;
6805 t5h = H5h;
6806 t5l = H5l;
6807 t6h = H6h;
6808 t6l = H6l;
6809 t7h = H7h;
6810 t7l = H7l;
6811 h0h = h0h ^ H0h;
6812 h0l = h0l ^ H0l;
6813 h1h = h1h ^ H1h;
6814 h1l = h1l ^ H1l;
6815 h2h = h2h ^ H2h;
6816 h2l = h2l ^ H2l;
6817 h3h = h3h ^ H3h;
6818 h3l = h3l ^ H3l;
6819 h4h = h4h ^ H4h;
6820 h4l = h4l ^ H4l;
6821 h5h = h5h ^ H5h;
6822 h5l = h5l ^ H5l;
6823 h6h = h6h ^ H6h;
6824 h6l = h6l ^ H6l;
6825 h7h = h7h ^ H7h;
6826 h7l = h7l ^ H7l;
6827 count = count - 1 | 0;
6828 }
6829 H0h = h0h;
6830 H0l = h0l;
6831 H1h = h1h;
6832 H1l = h1l;
6833 H2h = h2h;
6834 H2l = h2l;
6835 H3h = h3h;
6836 H3l = h3l;
6837 H4h = h4h;
6838 H4l = h4l;
6839 H5h = h5h;
6840 H5l = h5l;
6841 H6h = h6h;
6842 H6l = h6l;
6843 H7h = h7h;
6844 H7l = h7l;
6845 if (~output) _state_to_heap(output);
6846 return 0;
6847 }
6848 return {
6849 reset: reset,
6850 init: init,
6851 process: process,
6852 finish: finish,
6853 hmac_reset: hmac_reset,
6854 hmac_init: hmac_init,
6855 hmac_finish: hmac_finish,
6856 pbkdf2_generate_block: pbkdf2_generate_block
6857 };
6858 }
6859 var _sha512_block_size = 128, _sha512_hash_size = 64;
6860 function sha512_constructor(options) {
6861 options = options || {};
6862 options.heapSize = options.heapSize || 4096;
6863 if (options.heapSize <= 0 || options.heapSize % 4096) throw new IllegalArgumentError("heapSize must be a positive number and multiple of 4096");
6864 this.heap = options.heap || new Uint8Array(options.heapSize);
6865 this.asm = options.asm || sha512_asm(global, null, this.heap.buffer);
6866 this.BLOCK_SIZE = _sha512_block_size;
6867 this.HASH_SIZE = _sha512_hash_size;
6868 this.reset();
6869 }
6870 function sha512_reset() {
6871 this.result = null;
6872 this.pos = 0;
6873 this.len = 0;
6874 this.asm.reset();
6875 return this;
6876 }
6877 function sha512_process(data) {
6878 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
6879 var dpos = 0, dlen = 0, clen = 0;
6880 if (is_buffer(data) || is_bytes(data)) {
6881 dpos = data.byteOffset || 0;
6882 dlen = data.byteLength;
6883 } else if (is_string(data)) {
6884 dlen = data.length;
6885 } else {
6886 throw new TypeError("data isn't of expected type");
6887 }
6888 while (dlen > 0) {
6889 clen = this.heap.byteLength - this.pos - this.len;
6890 clen = clen < dlen ? clen : dlen;
6891 if (is_buffer(data) || is_bytes(data)) {
6892 this.heap.set(new Uint8Array(data.buffer || data, dpos, clen), this.pos + this.len);
6893 } else {
6894 for (var i = 0; i < clen; i++) this.heap[this.pos + this.len + i] = data.charCodeAt(dpos + i);
6895 }
6896 this.len += clen;
6897 dpos += clen;
6898 dlen -= clen;
6899 clen = this.asm.process(this.pos, this.len);
6900 if (clen < this.len) {
6901 this.pos += clen;
6902 this.len -= clen;
6903 } else {
6904 this.pos = 0;
6905 this.len = 0;
6906 }
6907 }
6908 return this;
6909 }
6910 function sha512_finish() {
6911 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
6912 this.asm.finish(this.pos, this.len, 0);
6913 this.result = new Uint8Array(_sha512_hash_size);
6914 this.result.set(this.heap.subarray(0, _sha512_hash_size));
6915 this.pos = 0;
6916 this.len = 0;
6917 return this;
6918 }
6919 sha512_constructor.BLOCK_SIZE = _sha512_block_size;
6920 sha512_constructor.HASH_SIZE = _sha512_hash_size;
6921 var sha512_prototype = sha512_constructor.prototype;
6922 sha512_prototype.reset = sha512_reset;
6923 sha512_prototype.process = sha512_process;
6924 sha512_prototype.finish = sha512_finish;
6925 function hmac_constructor(options) {
6926 options = options || {};
6927 if (!options.hash) throw new SyntaxError("option 'hash' is required");
6928 if (!options.hash.HASH_SIZE) throw new SyntaxError("option 'hash' supplied doesn't seem to be a valid hash function");
6929 this.hash = options.hash;
6930 this.BLOCK_SIZE = this.hash.BLOCK_SIZE;
6931 this.HMAC_SIZE = this.hash.HASH_SIZE;
6932 this.key = null;
6933 this.verify = null;
6934 this.result = null;
6935 if (options.password !== undefined || options.verify !== undefined) this.reset(options);
6936 return this;
6937 }
6938 function hmac_sha256_constructor(options) {
6939 options = options || {};
6940 if (!(options.hash instanceof sha256_constructor)) options.hash = new sha256_constructor(options);
6941 hmac_constructor.call(this, options);
6942 return this;
6943 }
6944 function hmac_sha512_constructor(options) {
6945 options = options || {};
6946 if (!(options.hash instanceof sha512_constructor)) options.hash = new sha512_constructor(options);
6947 hmac_constructor.call(this, options);
6948 return this;
6949 }
6950 function _hmac_key(hash, password) {
6951 var key;
6952 if (is_buffer(password) || is_bytes(password)) {
6953 key = new Uint8Array(hash.BLOCK_SIZE);
6954 if (password.byteLength > hash.BLOCK_SIZE) {
6955 key.set(new Uint8Array(hash.reset().process(password).finish().result));
6956 } else if (is_buffer(password)) {
6957 key.set(new Uint8Array(password));
6958 } else {
6959 key.set(password);
6960 }
6961 } else if (is_string(password)) {
6962 key = new Uint8Array(hash.BLOCK_SIZE);
6963 if (password.length > hash.BLOCK_SIZE) {
6964 key.set(new Uint8Array(hash.reset().process(password).finish().result));
6965 } else {
6966 for (var i = 0; i < password.length; ++i) key[i] = password.charCodeAt(i);
6967 }
6968 } else {
6969 throw new TypeError("password isn't of expected type");
6970 }
6971 return key;
6972 }
6973 function _hmac_init_verify(verify) {
6974 if (is_buffer(verify) || is_bytes(verify)) {
6975 verify = new Uint8Array(verify);
6976 } else if (is_string(verify)) {
6977 verify = string_to_bytes(verify);
6978 } else {
6979 throw new TypeError("verify tag isn't of expected type");
6980 }
6981 if (verify.length !== this.HMAC_SIZE) throw new IllegalArgumentError("illegal verification tag size");
6982 this.verify = verify;
6983 }
6984 function hmac_reset(options) {
6985 options = options || {};
6986 var password = options.password;
6987 if (this.key === null && !is_string(password) && !password) throw new IllegalStateError("no key is associated with the instance");
6988 this.result = null;
6989 this.hash.reset();
6990 if (password || is_string(password)) this.key = _hmac_key(this.hash, password);
6991 var ipad = new Uint8Array(this.key);
6992 for (var i = 0; i < ipad.length; ++i) ipad[i] ^= 54;
6993 this.hash.process(ipad);
6994 var verify = options.verify;
6995 if (verify !== undefined) {
6996 _hmac_init_verify.call(this, verify);
6997 } else {
6998 this.verify = null;
6999 }
7000 return this;
7001 }
7002 function hmac_sha256_reset(options) {
7003 options = options || {};
7004 var password = options.password;
7005 if (this.key === null && !is_string(password) && !password) throw new IllegalStateError("no key is associated with the instance");
7006 this.result = null;
7007 this.hash.reset();
7008 if (password || is_string(password)) {
7009 this.key = _hmac_key(this.hash, password);
7010 this.hash.reset().asm.hmac_init(this.key[0] << 24 | this.key[1] << 16 | this.key[2] << 8 | this.key[3], this.key[4] << 24 | this.key[5] << 16 | this.key[6] << 8 | this.key[7], this.key[8] << 24 | this.key[9] << 16 | this.key[10] << 8 | this.key[11], this.key[12] << 24 | this.key[13] << 16 | this.key[14] << 8 | this.key[15], this.key[16] << 24 | this.key[17] << 16 | this.key[18] << 8 | this.key[19], this.key[20] << 24 | this.key[21] << 16 | this.key[22] << 8 | this.key[23], this.key[24] << 24 | this.key[25] << 16 | this.key[26] << 8 | this.key[27], this.key[28] << 24 | this.key[29] << 16 | this.key[30] << 8 | this.key[31], this.key[32] << 24 | this.key[33] << 16 | this.key[34] << 8 | this.key[35], this.key[36] << 24 | this.key[37] << 16 | this.key[38] << 8 | this.key[39], this.key[40] << 24 | this.key[41] << 16 | this.key[42] << 8 | this.key[43], this.key[44] << 24 | this.key[45] << 16 | this.key[46] << 8 | this.key[47], this.key[48] << 24 | this.key[49] << 16 | this.key[50] << 8 | this.key[51], this.key[52] << 24 | this.key[53] << 16 | this.key[54] << 8 | this.key[55], this.key[56] << 24 | this.key[57] << 16 | this.key[58] << 8 | this.key[59], this.key[60] << 24 | this.key[61] << 16 | this.key[62] << 8 | this.key[63]);
7011 } else {
7012 this.hash.asm.hmac_reset();
7013 }
7014 var verify = options.verify;
7015 if (verify !== undefined) {
7016 _hmac_init_verify.call(this, verify);
7017 } else {
7018 this.verify = null;
7019 }
7020 return this;
7021 }
7022 function hmac_sha512_reset(options) {
7023 options = options || {};
7024 var password = options.password;
7025 if (this.key === null && !is_string(password) && !password) throw new IllegalStateError("no key is associated with the instance");
7026 this.result = null;
7027 this.hash.reset();
7028 if (password || is_string(password)) {
7029 this.key = _hmac_key(this.hash, password);
7030 this.hash.reset().asm.hmac_init(this.key[0] << 24 | this.key[1] << 16 | this.key[2] << 8 | this.key[3], this.key[4] << 24 | this.key[5] << 16 | this.key[6] << 8 | this.key[7], this.key[8] << 24 | this.key[9] << 16 | this.key[10] << 8 | this.key[11], this.key[12] << 24 | this.key[13] << 16 | this.key[14] << 8 | this.key[15], this.key[16] << 24 | this.key[17] << 16 | this.key[18] << 8 | this.key[19], this.key[20] << 24 | this.key[21] << 16 | this.key[22] << 8 | this.key[23], this.key[24] << 24 | this.key[25] << 16 | this.key[26] << 8 | this.key[27], this.key[28] << 24 | this.key[29] << 16 | this.key[30] << 8 | this.key[31], this.key[32] << 24 | this.key[33] << 16 | this.key[34] << 8 | this.key[35], this.key[36] << 24 | this.key[37] << 16 | this.key[38] << 8 | this.key[39], this.key[40] << 24 | this.key[41] << 16 | this.key[42] << 8 | this.key[43], this.key[44] << 24 | this.key[45] << 16 | this.key[46] << 8 | this.key[47], this.key[48] << 24 | this.key[49] << 16 | this.key[50] << 8 | this.key[51], this.key[52] << 24 | this.key[53] << 16 | this.key[54] << 8 | this.key[55], this.key[56] << 24 | this.key[57] << 16 | this.key[58] << 8 | this.key[59], this.key[60] << 24 | this.key[61] << 16 | this.key[62] << 8 | this.key[63], this.key[64] << 24 | this.key[65] << 16 | this.key[66] << 8 | this.key[67], this.key[68] << 24 | this.key[69] << 16 | this.key[70] << 8 | this.key[71], this.key[72] << 24 | this.key[73] << 16 | this.key[74] << 8 | this.key[75], this.key[76] << 24 | this.key[77] << 16 | this.key[78] << 8 | this.key[79], this.key[80] << 24 | this.key[81] << 16 | this.key[82] << 8 | this.key[83], this.key[84] << 24 | this.key[85] << 16 | this.key[86] << 8 | this.key[87], this.key[88] << 24 | this.key[89] << 16 | this.key[90] << 8 | this.key[91], this.key[92] << 24 | this.key[93] << 16 | this.key[94] << 8 | this.key[95], this.key[96] << 24 | this.key[97] << 16 | this.key[98] << 8 | this.key[99], this.key[100] << 24 | this.key[101] << 16 | this.key[102] << 8 | this.key[103], this.key[104] << 24 | this.key[105] << 16 | this.key[106] << 8 | this.key[107], this.key[108] << 24 | this.key[109] << 16 | this.key[110] << 8 | this.key[111], this.key[112] << 24 | this.key[113] << 16 | this.key[114] << 8 | this.key[115], this.key[116] << 24 | this.key[117] << 16 | this.key[118] << 8 | this.key[119], this.key[120] << 24 | this.key[121] << 16 | this.key[122] << 8 | this.key[123], this.key[124] << 24 | this.key[125] << 16 | this.key[126] << 8 | this.key[127]);
7031 } else {
7032 this.hash.asm.hmac_reset();
7033 }
7034 var verify = options.verify;
7035 if (verify !== undefined) {
7036 _hmac_init_verify.call(this, verify);
7037 } else {
7038 this.verify = null;
7039 }
7040 return this;
7041 }
7042 function hmac_process(data) {
7043 if (this.key === null) throw new IllegalStateError("no key is associated with the instance");
7044 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
7045 this.hash.process(data);
7046 return this;
7047 }
7048 function hmac_finish() {
7049 if (this.key === null) throw new IllegalStateError("no key is associated with the instance");
7050 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
7051 var inner_result = this.hash.finish().result;
7052 var opad = new Uint8Array(this.key);
7053 for (var i = 0; i < opad.length; ++i) opad[i] ^= 92;
7054 var verify = this.verify;
7055 var result = this.hash.reset().process(opad).process(inner_result).finish().result;
7056 if (verify) {
7057 if (verify.length === result.length) {
7058 var diff = 0;
7059 for (var i = 0; i < verify.length; i++) {
7060 diff |= verify[i] ^ result[i];
7061 }
7062 this.result = !diff;
7063 } else {
7064 this.result = false;
7065 }
7066 } else {
7067 this.result = result;
7068 }
7069 return this;
7070 }
7071 function hmac_sha256_finish() {
7072 if (this.key === null) throw new IllegalStateError("no key is associated with the instance");
7073 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
7074 var hash = this.hash, asm = this.hash.asm, heap = this.hash.heap;
7075 asm.hmac_finish(hash.pos, hash.len, 0);
7076 var verify = this.verify;
7077 var result = new Uint8Array(_sha256_hash_size);
7078 result.set(heap.subarray(0, _sha256_hash_size));
7079 if (verify) {
7080 if (verify.length === result.length) {
7081 var diff = 0;
7082 for (var i = 0; i < verify.length; i++) {
7083 diff |= verify[i] ^ result[i];
7084 }
7085 this.result = !diff;
7086 } else {
7087 this.result = false;
7088 }
7089 } else {
7090 this.result = result;
7091 }
7092 return this;
7093 }
7094 function hmac_sha512_finish() {
7095 if (this.key === null) throw new IllegalStateError("no key is associated with the instance");
7096 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
7097 var hash = this.hash, asm = this.hash.asm, heap = this.hash.heap;
7098 asm.hmac_finish(hash.pos, hash.len, 0);
7099 var verify = this.verify;
7100 var result = new Uint8Array(_sha512_hash_size);
7101 result.set(heap.subarray(0, _sha512_hash_size));
7102 if (verify) {
7103 if (verify.length === result.length) {
7104 var diff = 0;
7105 for (var i = 0; i < verify.length; i++) {
7106 diff |= verify[i] ^ result[i];
7107 }
7108 this.result = !diff;
7109 } else {
7110 this.result = false;
7111 }
7112 } else {
7113 this.result = result;
7114 }
7115 return this;
7116 }
7117 var hmac_prototype = hmac_constructor.prototype;
7118 hmac_prototype.reset = hmac_reset;
7119 hmac_prototype.process = hmac_process;
7120 hmac_prototype.finish = hmac_finish;
7121 hmac_sha256_constructor.BLOCK_SIZE = sha256_constructor.BLOCK_SIZE;
7122 hmac_sha256_constructor.HMAC_SIZE = sha256_constructor.HASH_SIZE;
7123 var hmac_sha256_prototype = hmac_sha256_constructor.prototype;
7124 hmac_sha256_prototype.reset = hmac_sha256_reset;
7125 hmac_sha256_prototype.process = hmac_process;
7126 hmac_sha256_prototype.finish = hmac_sha256_finish;
7127 hmac_sha512_constructor.BLOCK_SIZE = sha512_constructor.BLOCK_SIZE;
7128 hmac_sha512_constructor.HMAC_SIZE = sha512_constructor.HASH_SIZE;
7129 var hmac_sha512_prototype = hmac_sha512_constructor.prototype;
7130 hmac_sha512_prototype.reset = hmac_sha512_reset;
7131 hmac_sha512_prototype.process = hmac_process;
7132 hmac_sha512_prototype.finish = hmac_sha512_finish;
7133 function pbkdf2_constructor(options) {
7134 options = options || {};
7135 if (!options.hmac) throw new SyntaxError("option 'hmac' is required");
7136 if (!options.hmac.HMAC_SIZE) throw new SyntaxError("option 'hmac' supplied doesn't seem to be a valid HMAC function");
7137 this.hmac = options.hmac;
7138 this.count = options.count || 4096;
7139 this.length = options.length || this.hmac.HMAC_SIZE;
7140 this.result = null;
7141 var password = options.password;
7142 if (password || is_string(password)) this.reset(options);
7143 return this;
7144 }
7145 function pbkdf2_hmac_sha256_constructor(options) {
7146 options = options || {};
7147 if (!(options.hmac instanceof hmac_sha256_constructor)) options.hmac = new hmac_sha256_constructor(options);
7148 pbkdf2_constructor.call(this, options);
7149 return this;
7150 }
7151 function pbkdf2_hmac_sha512_constructor(options) {
7152 options = options || {};
7153 if (!(options.hmac instanceof hmac_sha512_constructor)) options.hmac = new hmac_sha512_constructor(options);
7154 pbkdf2_constructor.call(this, options);
7155 return this;
7156 }
7157 function pbkdf2_reset(options) {
7158 this.result = null;
7159 this.hmac.reset(options);
7160 return this;
7161 }
7162 function pbkdf2_generate(salt, count, length) {
7163 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
7164 if (!salt && !is_string(salt)) throw new IllegalArgumentError("bad 'salt' value");
7165 count = count || this.count;
7166 length = length || this.length;
7167 this.result = new Uint8Array(length);
7168 var blocks = Math.ceil(length / this.hmac.HMAC_SIZE);
7169 for (var i = 1; i <= blocks; ++i) {
7170 var j = (i - 1) * this.hmac.HMAC_SIZE;
7171 var l = (i < blocks ? 0 : length % this.hmac.HMAC_SIZE) || this.hmac.HMAC_SIZE;
7172 var tmp = new Uint8Array(this.hmac.reset().process(salt).process(new Uint8Array([ i >>> 24 & 255, i >>> 16 & 255, i >>> 8 & 255, i & 255 ])).finish().result);
7173 this.result.set(tmp.subarray(0, l), j);
7174 for (var k = 1; k < count; ++k) {
7175 tmp = new Uint8Array(this.hmac.reset().process(tmp).finish().result);
7176 for (var r = 0; r < l; ++r) this.result[j + r] ^= tmp[r];
7177 }
7178 }
7179 return this;
7180 }
7181 function pbkdf2_hmac_sha256_generate(salt, count, length) {
7182 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
7183 if (!salt && !is_string(salt)) throw new IllegalArgumentError("bad 'salt' value");
7184 count = count || this.count;
7185 length = length || this.length;
7186 this.result = new Uint8Array(length);
7187 var blocks = Math.ceil(length / this.hmac.HMAC_SIZE);
7188 for (var i = 1; i <= blocks; ++i) {
7189 var j = (i - 1) * this.hmac.HMAC_SIZE;
7190 var l = (i < blocks ? 0 : length % this.hmac.HMAC_SIZE) || this.hmac.HMAC_SIZE;
7191 this.hmac.reset().process(salt);
7192 this.hmac.hash.asm.pbkdf2_generate_block(this.hmac.hash.pos, this.hmac.hash.len, i, count, 0);
7193 this.result.set(this.hmac.hash.heap.subarray(0, l), j);
7194 }
7195 return this;
7196 }
7197 function pbkdf2_hmac_sha512_generate(salt, count, length) {
7198 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
7199 if (!salt && !is_string(salt)) throw new IllegalArgumentError("bad 'salt' value");
7200 count = count || this.count;
7201 length = length || this.length;
7202 this.result = new Uint8Array(length);
7203 var blocks = Math.ceil(length / this.hmac.HMAC_SIZE);
7204 for (var i = 1; i <= blocks; ++i) {
7205 var j = (i - 1) * this.hmac.HMAC_SIZE;
7206 var l = (i < blocks ? 0 : length % this.hmac.HMAC_SIZE) || this.hmac.HMAC_SIZE;
7207 this.hmac.reset().process(salt);
7208 this.hmac.hash.asm.pbkdf2_generate_block(this.hmac.hash.pos, this.hmac.hash.len, i, count, 0);
7209 this.result.set(this.hmac.hash.heap.subarray(0, l), j);
7210 }
7211 return this;
7212 }
7213 var pbkdf2_prototype = pbkdf2_constructor.prototype;
7214 pbkdf2_prototype.reset = pbkdf2_reset;
7215 pbkdf2_prototype.generate = pbkdf2_generate;
7216 var pbkdf2_hmac_sha256_prototype = pbkdf2_hmac_sha256_constructor.prototype;
7217 pbkdf2_hmac_sha256_prototype.reset = pbkdf2_reset;
7218 pbkdf2_hmac_sha256_prototype.generate = pbkdf2_hmac_sha256_generate;
7219 var pbkdf2_hmac_sha512_prototype = pbkdf2_hmac_sha512_constructor.prototype;
7220 pbkdf2_hmac_sha512_prototype.reset = pbkdf2_reset;
7221 pbkdf2_hmac_sha512_prototype.generate = pbkdf2_hmac_sha512_generate;
7222 global.IllegalStateError = IllegalStateError;
7223 global.IllegalArgumentError = IllegalArgumentError;
7224 global.SecurityError = SecurityError;
7225 exports.string_to_bytes = string_to_bytes;
7226 exports.hex_to_bytes = hex_to_bytes;
7227 exports.base64_to_bytes = base64_to_bytes;
7228 exports.bytes_to_string = bytes_to_string;
7229 exports.bytes_to_hex = bytes_to_hex;
7230 exports.bytes_to_base64 = bytes_to_base64;
7231 var SHA256_instance = new sha256_constructor({
7232 heapSize: 1048576
7233 });
7234 function sha256_bytes(data) {
7235 if (data === undefined) throw new SyntaxError("data required");
7236 return SHA256_instance.reset().process(data).finish().result;
7237 }
7238 function sha256_hex(data) {
7239 var result = sha256_bytes(data);
7240 return bytes_to_hex(result);
7241 }
7242 function sha256_base64(data) {
7243 var result = sha256_bytes(data);
7244 return bytes_to_base64(result);
7245 }
7246 exports.SHA256 = {
7247 bytes: sha256_bytes,
7248 hex: sha256_hex,
7249 base64: sha256_base64
7250 };
7251 var SHA512_instance = new sha512_constructor({
7252 heapSize: 1048576
7253 });
7254 function sha512_bytes(data) {
7255 if (data === undefined) throw new SyntaxError("data required");
7256 return SHA512_instance.reset().process(data).finish().result;
7257 }
7258 function sha512_hex(data) {
7259 var result = sha512_bytes(data);
7260 return bytes_to_hex(result);
7261 }
7262 function sha512_base64(data) {
7263 var result = sha512_bytes(data);
7264 return bytes_to_base64(result);
7265 }
7266 exports.SHA512 = {
7267 bytes: sha512_bytes,
7268 hex: sha512_hex,
7269 base64: sha512_base64
7270 };
7271 var hmac_sha256_instance = new hmac_sha256_constructor({
7272 hash: SHA256_instance
7273 });
7274 function hmac_sha256_bytes(data, password) {
7275 if (data === undefined) throw new SyntaxError("data required");
7276 if (password === undefined) throw new SyntaxError("password required");
7277 return hmac_sha256_instance.reset({
7278 password: password
7279 }).process(data).finish().result;
7280 }
7281 function hmac_sha256_hex(data, password) {
7282 var result = hmac_sha256_bytes(data, password);
7283 return bytes_to_hex(result);
7284 }
7285 function hmac_sha256_base64(data, password) {
7286 var result = hmac_sha256_bytes(data, password);
7287 return bytes_to_base64(result);
7288 }
7289 exports.HMAC = exports.HMAC_SHA256 = {
7290 bytes: hmac_sha256_bytes,
7291 hex: hmac_sha256_hex,
7292 base64: hmac_sha256_base64
7293 };
7294 var hmac_sha512_instance = new hmac_sha512_constructor({
7295 hash: SHA512_instance
7296 });
7297 function hmac_sha512_bytes(data, password) {
7298 if (data === undefined) throw new SyntaxError("data required");
7299 if (password === undefined) throw new SyntaxError("password required");
7300 return hmac_sha512_instance.reset({
7301 password: password
7302 }).process(data).finish().result;
7303 }
7304 function hmac_sha512_hex(data, password) {
7305 var result = hmac_sha512_bytes(data, password);
7306 return bytes_to_hex(result);
7307 }
7308 function hmac_sha512_base64(data, password) {
7309 var result = hmac_sha512_bytes(data, password);
7310 return bytes_to_base64(result);
7311 }
7312 exports.HMAC_SHA512 = {
7313 bytes: hmac_sha512_bytes,
7314 hex: hmac_sha512_hex,
7315 base64: hmac_sha512_base64
7316 };
7317 var pbkdf2_hmac_sha256_instance = new pbkdf2_hmac_sha256_constructor({
7318 hmac: hmac_sha256_instance
7319 });
7320 function pbkdf2_hmac_sha256_bytes(password, salt, iterations, dklen) {
7321 if (password === undefined) throw new SyntaxError("password required");
7322 if (salt === undefined) throw new SyntaxError("salt required");
7323 return pbkdf2_hmac_sha256_instance.reset({
7324 password: password
7325 }).generate(salt, iterations, dklen).result;
7326 }
7327 function pbkdf2_hmac_sha256_hex(password, salt, iterations, dklen) {
7328 var result = pbkdf2_hmac_sha256_bytes(password, salt, iterations, dklen);
7329 return bytes_to_hex(result);
7330 }
7331 function pbkdf2_hmac_sha256_base64(password, salt, iterations, dklen) {
7332 var result = pbkdf2_hmac_sha256_bytes(password, salt, iterations, dklen);
7333 return bytes_to_base64(result);
7334 }
7335 exports.PBKDF2 = exports.PBKDF2_HMAC_SHA256 = {
7336 bytes: pbkdf2_hmac_sha256_bytes,
7337 hex: pbkdf2_hmac_sha256_hex,
7338 base64: pbkdf2_hmac_sha256_base64
7339 };
7340 var pbkdf2_hmac_sha512_instance = new pbkdf2_hmac_sha512_constructor({
7341 hmac: hmac_sha512_instance
7342 });
7343 function pbkdf2_hmac_sha512_bytes(password, salt, iterations, dklen) {
7344 if (password === undefined) throw new SyntaxError("password required");
7345 if (salt === undefined) throw new SyntaxError("salt required");
7346 return pbkdf2_hmac_sha512_instance.reset({
7347 password: password
7348 }).generate(salt, iterations, dklen).result;
7349 }
7350 function pbkdf2_hmac_sha512_hex(password, salt, iterations, dklen) {
7351 var result = pbkdf2_hmac_sha512_bytes(password, salt, iterations, dklen);
7352 return bytes_to_hex(result);
7353 }
7354 function pbkdf2_hmac_sha512_base64(password, salt, iterations, dklen) {
7355 var result = pbkdf2_hmac_sha512_bytes(password, salt, iterations, dklen);
7356 return bytes_to_base64(result);
7357 }
7358 exports.PBKDF2_HMAC_SHA512 = {
7359 bytes: pbkdf2_hmac_sha512_bytes,
7360 hex: pbkdf2_hmac_sha512_hex,
7361 base64: pbkdf2_hmac_sha512_base64
7362 };
7363 var cbc_aes_instance = new cbc_aes_constructor({
7364 heapSize: 1048576
7365 });
7366 function cbc_aes_encrypt_bytes(data, key, padding, iv) {
7367 if (data === undefined) throw new SyntaxError("data required");
7368 if (key === undefined) throw new SyntaxError("key required");
7369 return cbc_aes_instance.reset({
7370 key: key,
7371 padding: padding,
7372 iv: iv
7373 }).encrypt(data).result;
7374 }
7375 function cbc_aes_decrypt_bytes(data, key, padding, iv) {
7376 if (data === undefined) throw new SyntaxError("data required");
7377 if (key === undefined) throw new SyntaxError("key required");
7378 return cbc_aes_instance.reset({
7379 key: key,
7380 padding: padding,
7381 iv: iv
7382 }).decrypt(data).result;
7383 }
7384 exports.AES = exports.AES_CBC = {
7385 encrypt: cbc_aes_encrypt_bytes,
7386 decrypt: cbc_aes_decrypt_bytes
7387 };
7388 var ccm_aes_instance = new ccm_aes_constructor({
7389 heap: cbc_aes_instance.heap,
7390 asm: cbc_aes_instance.asm
7391 });
7392 function ccm_aes_encrypt_bytes(data, key, nonce, adata, tagSize) {
7393 if (data === undefined) throw new SyntaxError("data required");
7394 if (key === undefined) throw new SyntaxError("key required");
7395 if (nonce === undefined) throw new SyntaxError("nonce required");
7396 var dataLength = data.byteLength || data.length || 0;
7397 return ccm_aes_instance.reset({
7398 key: key,
7399 nonce: nonce,
7400 adata: adata,
7401 tagSize: tagSize,
7402 dataLength: dataLength
7403 }).encrypt(data).result;
7404 }
7405 function ccm_aes_decrypt_bytes(data, key, nonce, adata, tagSize) {
7406 if (data === undefined) throw new SyntaxError("data required");
7407 if (key === undefined) throw new SyntaxError("key required");
7408 if (nonce === undefined) throw new SyntaxError("nonce required");
7409 var dataLength = data.byteLength || data.length || 0;
7410 tagSize = tagSize || _aes_block_size;
7411 return ccm_aes_instance.reset({
7412 key: key,
7413 nonce: nonce,
7414 adata: adata,
7415 tagSize: tagSize,
7416 dataLength: dataLength - tagSize
7417 }).decrypt(data).result;
7418 }
7419 exports.AES_CCM = {
7420 encrypt: ccm_aes_encrypt_bytes,
7421 decrypt: ccm_aes_decrypt_bytes
7422 };
7423 var cfb_aes_instance = new cfb_aes_constructor({
7424 heap: cbc_aes_instance.heap,
7425 asm: cbc_aes_instance.asm
7426 });
7427 function cfb_aes_encrypt_bytes(data, key, padding, iv) {
7428 if (data === undefined) throw new SyntaxError("data required");
7429 if (key === undefined) throw new SyntaxError("key required");
7430 return cfb_aes_instance.reset({
7431 key: key,
7432 padding: padding,
7433 iv: iv
7434 }).encrypt(data).result;
7435 }
7436 function cfb_aes_decrypt_bytes(data, key, padding, iv) {
7437 if (data === undefined) throw new SyntaxError("data required");
7438 if (key === undefined) throw new SyntaxError("key required");
7439 return cfb_aes_instance.reset({
7440 key: key,
7441 padding: padding,
7442 iv: iv
7443 }).decrypt(data).result;
7444 }
7445 exports.AES_CFB = {
7446 encrypt: cfb_aes_encrypt_bytes,
7447 decrypt: cfb_aes_decrypt_bytes
7448 };
7449 var cfb_aes_decrypt_instance = new cfb_aes_decrypt_constructor({
7450 heap: cbc_aes_instance.heap,
7451 asm: cbc_aes_instance.asm
7452 });
7453 function cfb_aes_decrypt_init(key, padding, iv) {
7454 if (key === undefined) throw new SyntaxError("key required");
7455 return cfb_aes_decrypt_instance.reset({
7456 key: key,
7457 padding: padding,
7458 iv: iv
7459 });
7460 }
7461 exports.AES_CFB = exports.AES_CFB || {};
7462 exports.AES_CFB.decryptor = {
7463 init: cfb_aes_decrypt_init
7464 };
7465})({}, function() {
7466 return this;
7467}());
diff --git a/src/js/bitcoinjs-1-0-0.js b/src/js/bitcoinjs-1-0-0.js
new file mode 100644
index 0000000..3f53b2c
--- /dev/null
+++ b/src/js/bitcoinjs-1-0-0.js
@@ -0,0 +1,14463 @@
1(function(e){if("object"==typeof exports&&"undefined"!=typeof module)module.exports=e();else if("function"==typeof define&&define.amd)define([],e);else{var f;"undefined"!=typeof window?f=window:"undefined"!=typeof global?f=global:"undefined"!=typeof self&&(f=self),f.Bitcoin=e()}})(function(){var define,module,exports;return (function e(t,n,r){function s(o,u){if(!n[o]){if(!t[o]){var a=typeof require=="function"&&require;if(!u&&a)return a(o,!0);if(i)return i(o,!0);throw new Error("Cannot find module '"+o+"'")}var f=n[o]={exports:{}};t[o][0].call(f.exports,function(e){var n=t[o][1][e];return s(n?n:e)},f,f.exports,e,t,n,r)}return n[o].exports}var i=typeof require=="function"&&require;for(var o=0;o<r.length;o++)s(r[o]);return s})({1:[function(_dereq_,module,exports){
2var assert = _dereq_('assert')
3
4module.exports = BigInteger
5
6// JavaScript engine analysis
7var canary = 0xdeadbeefcafe;
8var j_lm = ((canary&0xffffff)==0xefcafe);
9
10// (public) Constructor
11function BigInteger(a,b,c) {
12 if (!(this instanceof BigInteger)) {
13 return new BigInteger(a, b, c);
14 }
15
16 if(a != null) {
17 if("number" == typeof a) this.fromNumber(a,b,c);
18 else if(b == null && "string" != typeof a) this.fromString(a,256);
19 else this.fromString(a,b);
20 }
21}
22
23var proto = BigInteger.prototype;
24
25// return new, unset BigInteger
26function nbi() { return new BigInteger(null); }
27
28// Bits per digit
29var dbits;
30
31// am: Compute w_j += (x*this_i), propagate carries,
32// c is initial carry, returns final carry.
33// c < 3*dvalue, x < 2*dvalue, this_i < dvalue
34// We need to select the fastest one that works in this environment.
35
36// am1: use a single mult and divide to get the high bits,
37// max digit bits should be 26 because
38// max internal value = 2*dvalue^2-2*dvalue (< 2^53)
39function am1(i,x,w,j,c,n) {
40 while(--n >= 0) {
41 var v = x*this[i++]+w[j]+c;
42 c = Math.floor(v/0x4000000);
43 w[j++] = v&0x3ffffff;
44 }
45 return c;
46}
47// am2 avoids a big mult-and-extract completely.
48// Max digit bits should be <= 30 because we do bitwise ops
49// on values up to 2*hdvalue^2-hdvalue-1 (< 2^31)
50function am2(i,x,w,j,c,n) {
51 var xl = x&0x7fff, xh = x>>15;
52 while(--n >= 0) {
53 var l = this[i]&0x7fff;
54 var h = this[i++]>>15;
55 var m = xh*l+h*xl;
56 l = xl*l+((m&0x7fff)<<15)+w[j]+(c&0x3fffffff);
57 c = (l>>>30)+(m>>>15)+xh*h+(c>>>30);
58 w[j++] = l&0x3fffffff;
59 }
60 return c;
61}
62// Alternately, set max digit bits to 28 since some
63// browsers slow down when dealing with 32-bit numbers.
64function am3(i,x,w,j,c,n) {
65 var xl = x&0x3fff, xh = x>>14;
66 while(--n >= 0) {
67 var l = this[i]&0x3fff;
68 var h = this[i++]>>14;
69 var m = xh*l+h*xl;
70 l = xl*l+((m&0x3fff)<<14)+w[j]+c;
71 c = (l>>28)+(m>>14)+xh*h;
72 w[j++] = l&0xfffffff;
73 }
74 return c;
75}
76
77// wtf?
78BigInteger.prototype.am = am1;
79dbits = 26;
80
81/*
82if(j_lm && (navigator.appName == "Microsoft Internet Explorer")) {
83 BigInteger.prototype.am = am2;
84 dbits = 30;
85}
86else if(j_lm && (navigator.appName != "Netscape")) {
87 BigInteger.prototype.am = am1;
88 dbits = 26;
89}
90else { // Mozilla/Netscape seems to prefer am3
91 BigInteger.prototype.am = am3;
92 dbits = 28;
93}
94*/
95
96BigInteger.prototype.DB = dbits;
97BigInteger.prototype.DM = ((1<<dbits)-1);
98var DV = BigInteger.prototype.DV = (1<<dbits);
99
100var BI_FP = 52;
101BigInteger.prototype.FV = Math.pow(2,BI_FP);
102BigInteger.prototype.F1 = BI_FP-dbits;
103BigInteger.prototype.F2 = 2*dbits-BI_FP;
104
105// Digit conversions
106var BI_RM = "0123456789abcdefghijklmnopqrstuvwxyz";
107var BI_RC = new Array();
108var rr,vv;
109rr = "0".charCodeAt(0);
110for(vv = 0; vv <= 9; ++vv) BI_RC[rr++] = vv;
111rr = "a".charCodeAt(0);
112for(vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv;
113rr = "A".charCodeAt(0);
114for(vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv;
115
116function int2char(n) { return BI_RM.charAt(n); }
117function intAt(s,i) {
118 var c = BI_RC[s.charCodeAt(i)];
119 return (c==null)?-1:c;
120}
121
122// (protected) copy this to r
123function bnpCopyTo(r) {
124 for(var i = this.t-1; i >= 0; --i) r[i] = this[i];
125 r.t = this.t;
126 r.s = this.s;
127}
128
129// (protected) set from integer value x, -DV <= x < DV
130function bnpFromInt(x) {
131 this.t = 1;
132 this.s = (x<0)?-1:0;
133 if(x > 0) this[0] = x;
134 else if(x < -1) this[0] = x+DV;
135 else this.t = 0;
136}
137
138// return bigint initialized to value
139function nbv(i) { var r = nbi(); r.fromInt(i); return r; }
140
141// (protected) set from string and radix
142function bnpFromString(s,b) {
143 var self = this;
144
145 var k;
146 if(b == 16) k = 4;
147 else if(b == 8) k = 3;
148 else if(b == 256) k = 8; // byte array
149 else if(b == 2) k = 1;
150 else if(b == 32) k = 5;
151 else if(b == 4) k = 2;
152 else { self.fromRadix(s,b); return; }
153 self.t = 0;
154 self.s = 0;
155 var i = s.length, mi = false, sh = 0;
156 while(--i >= 0) {
157 var x = (k==8)?s[i]&0xff:intAt(s,i);
158 if(x < 0) {
159 if(s.charAt(i) == "-") mi = true;
160 continue;
161 }
162 mi = false;
163 if(sh == 0)
164 self[self.t++] = x;
165 else if(sh+k > self.DB) {
166 self[self.t-1] |= (x&((1<<(self.DB-sh))-1))<<sh;
167 self[self.t++] = (x>>(self.DB-sh));
168 }
169 else
170 self[self.t-1] |= x<<sh;
171 sh += k;
172 if(sh >= self.DB) sh -= self.DB;
173 }
174 if(k == 8 && (s[0]&0x80) != 0) {
175 self.s = -1;
176 if(sh > 0) self[self.t-1] |= ((1<<(self.DB-sh))-1)<<sh;
177 }
178 self.clamp();
179 if(mi) BigInteger.ZERO.subTo(self,self);
180}
181
182// (protected) clamp off excess high words
183function bnpClamp() {
184 var c = this.s&this.DM;
185 while(this.t > 0 && this[this.t-1] == c) --this.t;
186}
187
188// (public) return string representation in given radix
189function bnToString(b) {
190 var self = this;
191 if(self.s < 0) return "-"+self.negate().toString(b);
192 var k;
193 if(b == 16) k = 4;
194 else if(b == 8) k = 3;
195 else if(b == 2) k = 1;
196 else if(b == 32) k = 5;
197 else if(b == 4) k = 2;
198 else return self.toRadix(b);
199 var km = (1<<k)-1, d, m = false, r = "", i = self.t;
200 var p = self.DB-(i*self.DB)%k;
201 if(i-- > 0) {
202 if(p < self.DB && (d = self[i]>>p) > 0) { m = true; r = int2char(d); }
203 while(i >= 0) {
204 if(p < k) {
205 d = (self[i]&((1<<p)-1))<<(k-p);
206 d |= self[--i]>>(p+=self.DB-k);
207 }
208 else {
209 d = (self[i]>>(p-=k))&km;
210 if(p <= 0) { p += self.DB; --i; }
211 }
212 if(d > 0) m = true;
213 if(m) r += int2char(d);
214 }
215 }
216 return m?r:"0";
217}
218
219// (public) -this
220function bnNegate() { var r = nbi(); BigInteger.ZERO.subTo(this,r); return r; }
221
222// (public) |this|
223function bnAbs() { return (this.s<0)?this.negate():this; }
224
225// (public) return + if this > a, - if this < a, 0 if equal
226function bnCompareTo(a) {
227 var r = this.s-a.s;
228 if(r != 0) return r;
229 var i = this.t;
230 r = i-a.t;
231 if(r != 0) return (this.s<0)?-r:r;
232 while(--i >= 0) if((r=this[i]-a[i]) != 0) return r;
233 return 0;
234}
235
236// returns bit length of the integer x
237function nbits(x) {
238 var r = 1, t;
239 if((t=x>>>16) != 0) { x = t; r += 16; }
240 if((t=x>>8) != 0) { x = t; r += 8; }
241 if((t=x>>4) != 0) { x = t; r += 4; }
242 if((t=x>>2) != 0) { x = t; r += 2; }
243 if((t=x>>1) != 0) { x = t; r += 1; }
244 return r;
245}
246
247// (public) return the number of bits in "this"
248function bnBitLength() {
249 if(this.t <= 0) return 0;
250 return this.DB*(this.t-1)+nbits(this[this.t-1]^(this.s&this.DM));
251}
252
253// (protected) r = this << n*DB
254function bnpDLShiftTo(n,r) {
255 var i;
256 for(i = this.t-1; i >= 0; --i) r[i+n] = this[i];
257 for(i = n-1; i >= 0; --i) r[i] = 0;
258 r.t = this.t+n;
259 r.s = this.s;
260}
261
262// (protected) r = this >> n*DB
263function bnpDRShiftTo(n,r) {
264 for(var i = n; i < this.t; ++i) r[i-n] = this[i];
265 r.t = Math.max(this.t-n,0);
266 r.s = this.s;
267}
268
269// (protected) r = this << n
270function bnpLShiftTo(n,r) {
271 var self = this;
272 var bs = n%self.DB;
273 var cbs = self.DB-bs;
274 var bm = (1<<cbs)-1;
275 var ds = Math.floor(n/self.DB), c = (self.s<<bs)&self.DM, i;
276 for(i = self.t-1; i >= 0; --i) {
277 r[i+ds+1] = (self[i]>>cbs)|c;
278 c = (self[i]&bm)<<bs;
279 }
280 for(i = ds-1; i >= 0; --i) r[i] = 0;
281 r[ds] = c;
282 r.t = self.t+ds+1;
283 r.s = self.s;
284 r.clamp();
285}
286
287// (protected) r = this >> n
288function bnpRShiftTo(n,r) {
289 var self = this;
290 r.s = self.s;
291 var ds = Math.floor(n/self.DB);
292 if(ds >= self.t) { r.t = 0; return; }
293 var bs = n%self.DB;
294 var cbs = self.DB-bs;
295 var bm = (1<<bs)-1;
296 r[0] = self[ds]>>bs;
297 for(var i = ds+1; i < self.t; ++i) {
298 r[i-ds-1] |= (self[i]&bm)<<cbs;
299 r[i-ds] = self[i]>>bs;
300 }
301 if(bs > 0) r[self.t-ds-1] |= (self.s&bm)<<cbs;
302 r.t = self.t-ds;
303 r.clamp();
304}
305
306// (protected) r = this - a
307function bnpSubTo(a,r) {
308 var self = this;
309 var i = 0, c = 0, m = Math.min(a.t,self.t);
310 while(i < m) {
311 c += self[i]-a[i];
312 r[i++] = c&self.DM;
313 c >>= self.DB;
314 }
315 if(a.t < self.t) {
316 c -= a.s;
317 while(i < self.t) {
318 c += self[i];
319 r[i++] = c&self.DM;
320 c >>= self.DB;
321 }
322 c += self.s;
323 }
324 else {
325 c += self.s;
326 while(i < a.t) {
327 c -= a[i];
328 r[i++] = c&self.DM;
329 c >>= self.DB;
330 }
331 c -= a.s;
332 }
333 r.s = (c<0)?-1:0;
334 if(c < -1) r[i++] = self.DV+c;
335 else if(c > 0) r[i++] = c;
336 r.t = i;
337 r.clamp();
338}
339
340// (protected) r = this * a, r != this,a (HAC 14.12)
341// "this" should be the larger one if appropriate.
342function bnpMultiplyTo(a,r) {
343 var x = this.abs(), y = a.abs();
344 var i = x.t;
345 r.t = i+y.t;
346 while(--i >= 0) r[i] = 0;
347 for(i = 0; i < y.t; ++i) r[i+x.t] = x.am(0,y[i],r,i,0,x.t);
348 r.s = 0;
349 r.clamp();
350 if(this.s != a.s) BigInteger.ZERO.subTo(r,r);
351}
352
353// (protected) r = this^2, r != this (HAC 14.16)
354function bnpSquareTo(r) {
355 var x = this.abs();
356 var i = r.t = 2*x.t;
357 while(--i >= 0) r[i] = 0;
358 for(i = 0; i < x.t-1; ++i) {
359 var c = x.am(i,x[i],r,2*i,0,1);
360 if((r[i+x.t]+=x.am(i+1,2*x[i],r,2*i+1,c,x.t-i-1)) >= x.DV) {
361 r[i+x.t] -= x.DV;
362 r[i+x.t+1] = 1;
363 }
364 }
365 if(r.t > 0) r[r.t-1] += x.am(i,x[i],r,2*i,0,1);
366 r.s = 0;
367 r.clamp();
368}
369
370// (protected) divide this by m, quotient and remainder to q, r (HAC 14.20)
371// r != q, this != m. q or r may be null.
372function bnpDivRemTo(m,q,r) {
373 var self = this;
374 var pm = m.abs();
375 if(pm.t <= 0) return;
376 var pt = self.abs();
377 if(pt.t < pm.t) {
378 if(q != null) q.fromInt(0);
379 if(r != null) self.copyTo(r);
380 return;
381 }
382 if(r == null) r = nbi();
383 var y = nbi(), ts = self.s, ms = m.s;
384 var nsh = self.DB-nbits(pm[pm.t-1]); // normalize modulus
385 if(nsh > 0) { pm.lShiftTo(nsh,y); pt.lShiftTo(nsh,r); }
386 else { pm.copyTo(y); pt.copyTo(r); }
387 var ys = y.t;
388 var y0 = y[ys-1];
389 if(y0 == 0) return;
390 var yt = y0*(1<<self.F1)+((ys>1)?y[ys-2]>>self.F2:0);
391 var d1 = self.FV/yt, d2 = (1<<self.F1)/yt, e = 1<<self.F2;
392 var i = r.t, j = i-ys, t = (q==null)?nbi():q;
393 y.dlShiftTo(j,t);
394 if(r.compareTo(t) >= 0) {
395 r[r.t++] = 1;
396 r.subTo(t,r);
397 }
398 BigInteger.ONE.dlShiftTo(ys,t);
399 t.subTo(y,y); // "negative" y so we can replace sub with am later
400 while(y.t < ys) y[y.t++] = 0;
401 while(--j >= 0) {
402 // Estimate quotient digit
403 var qd = (r[--i]==y0)?self.DM:Math.floor(r[i]*d1+(r[i-1]+e)*d2);
404 if((r[i]+=y.am(0,qd,r,j,0,ys)) < qd) { // Try it out
405 y.dlShiftTo(j,t);
406 r.subTo(t,r);
407 while(r[i] < --qd) r.subTo(t,r);
408 }
409 }
410 if(q != null) {
411 r.drShiftTo(ys,q);
412 if(ts != ms) BigInteger.ZERO.subTo(q,q);
413 }
414 r.t = ys;
415 r.clamp();
416 if(nsh > 0) r.rShiftTo(nsh,r); // Denormalize remainder
417 if(ts < 0) BigInteger.ZERO.subTo(r,r);
418}
419
420// (public) this mod a
421function bnMod(a) {
422 var r = nbi();
423 this.abs().divRemTo(a,null,r);
424 if(this.s < 0 && r.compareTo(BigInteger.ZERO) > 0) a.subTo(r,r);
425 return r;
426}
427
428// Modular reduction using "classic" algorithm
429function Classic(m) { this.m = m; }
430function cConvert(x) {
431 if(x.s < 0 || x.compareTo(this.m) >= 0) return x.mod(this.m);
432 else return x;
433}
434function cRevert(x) { return x; }
435function cReduce(x) { x.divRemTo(this.m,null,x); }
436function cMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); }
437function cSqrTo(x,r) { x.squareTo(r); this.reduce(r); }
438
439Classic.prototype.convert = cConvert;
440Classic.prototype.revert = cRevert;
441Classic.prototype.reduce = cReduce;
442Classic.prototype.mulTo = cMulTo;
443Classic.prototype.sqrTo = cSqrTo;
444
445// (protected) return "-1/this % 2^DB"; useful for Mont. reduction
446// justification:
447// xy == 1 (mod m)
448// xy = 1+km
449// xy(2-xy) = (1+km)(1-km)
450// x[y(2-xy)] = 1-k^2m^2
451// x[y(2-xy)] == 1 (mod m^2)
452// if y is 1/x mod m, then y(2-xy) is 1/x mod m^2
453// should reduce x and y(2-xy) by m^2 at each step to keep size bounded.
454// JS multiply "overflows" differently from C/C++, so care is needed here.
455function bnpInvDigit() {
456 if(this.t < 1) return 0;
457 var x = this[0];
458 if((x&1) == 0) return 0;
459 var y = x&3; // y == 1/x mod 2^2
460 y = (y*(2-(x&0xf)*y))&0xf; // y == 1/x mod 2^4
461 y = (y*(2-(x&0xff)*y))&0xff; // y == 1/x mod 2^8
462 y = (y*(2-(((x&0xffff)*y)&0xffff)))&0xffff; // y == 1/x mod 2^16
463 // last step - calculate inverse mod DV directly;
464 // assumes 16 < DB <= 32 and assumes ability to handle 48-bit ints
465 y = (y*(2-x*y%this.DV))%this.DV; // y == 1/x mod 2^dbits
466 // we really want the negative inverse, and -DV < y < DV
467 return (y>0)?this.DV-y:-y;
468}
469
470// Montgomery reduction
471function Montgomery(m) {
472 this.m = m;
473 this.mp = m.invDigit();
474 this.mpl = this.mp&0x7fff;
475 this.mph = this.mp>>15;
476 this.um = (1<<(m.DB-15))-1;
477 this.mt2 = 2*m.t;
478}
479
480// xR mod m
481function montConvert(x) {
482 var r = nbi();
483 x.abs().dlShiftTo(this.m.t,r);
484 r.divRemTo(this.m,null,r);
485 if(x.s < 0 && r.compareTo(BigInteger.ZERO) > 0) this.m.subTo(r,r);
486 return r;
487}
488
489// x/R mod m
490function montRevert(x) {
491 var r = nbi();
492 x.copyTo(r);
493 this.reduce(r);
494 return r;
495}
496
497// x = x/R mod m (HAC 14.32)
498function montReduce(x) {
499 while(x.t <= this.mt2) // pad x so am has enough room later
500 x[x.t++] = 0;
501 for(var i = 0; i < this.m.t; ++i) {
502 // faster way of calculating u0 = x[i]*mp mod DV
503 var j = x[i]&0x7fff;
504 var u0 = (j*this.mpl+(((j*this.mph+(x[i]>>15)*this.mpl)&this.um)<<15))&x.DM;
505 // use am to combine the multiply-shift-add into one call
506 j = i+this.m.t;
507 x[j] += this.m.am(0,u0,x,i,0,this.m.t);
508 // propagate carry
509 while(x[j] >= x.DV) { x[j] -= x.DV; x[++j]++; }
510 }
511 x.clamp();
512 x.drShiftTo(this.m.t,x);
513 if(x.compareTo(this.m) >= 0) x.subTo(this.m,x);
514}
515
516// r = "x^2/R mod m"; x != r
517function montSqrTo(x,r) { x.squareTo(r); this.reduce(r); }
518
519// r = "xy/R mod m"; x,y != r
520function montMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); }
521
522Montgomery.prototype.convert = montConvert;
523Montgomery.prototype.revert = montRevert;
524Montgomery.prototype.reduce = montReduce;
525Montgomery.prototype.mulTo = montMulTo;
526Montgomery.prototype.sqrTo = montSqrTo;
527
528// (protected) true iff this is even
529function bnpIsEven() { return ((this.t>0)?(this[0]&1):this.s) == 0; }
530
531// (protected) this^e, e < 2^32, doing sqr and mul with "r" (HAC 14.79)
532function bnpExp(e,z) {
533 if(e > 0xffffffff || e < 1) return BigInteger.ONE;
534 var r = nbi(), r2 = nbi(), g = z.convert(this), i = nbits(e)-1;
535 g.copyTo(r);
536 while(--i >= 0) {
537 z.sqrTo(r,r2);
538 if((e&(1<<i)) > 0) z.mulTo(r2,g,r);
539 else { var t = r; r = r2; r2 = t; }
540 }
541 return z.revert(r);
542}
543
544// (public) this^e % m, 0 <= e < 2^32
545function bnModPowInt(e,m) {
546 var z;
547 if(e < 256 || m.isEven()) z = new Classic(m); else z = new Montgomery(m);
548 return this.exp(e,z);
549}
550
551// protected
552proto.copyTo = bnpCopyTo;
553proto.fromInt = bnpFromInt;
554proto.fromString = bnpFromString;
555proto.clamp = bnpClamp;
556proto.dlShiftTo = bnpDLShiftTo;
557proto.drShiftTo = bnpDRShiftTo;
558proto.lShiftTo = bnpLShiftTo;
559proto.rShiftTo = bnpRShiftTo;
560proto.subTo = bnpSubTo;
561proto.multiplyTo = bnpMultiplyTo;
562proto.squareTo = bnpSquareTo;
563proto.divRemTo = bnpDivRemTo;
564proto.invDigit = bnpInvDigit;
565proto.isEven = bnpIsEven;
566proto.exp = bnpExp;
567
568// public
569proto.toString = bnToString;
570proto.negate = bnNegate;
571proto.abs = bnAbs;
572proto.compareTo = bnCompareTo;
573proto.bitLength = bnBitLength;
574proto.mod = bnMod;
575proto.modPowInt = bnModPowInt;
576
577//// jsbn2
578
579function nbi() { return new BigInteger(null); }
580
581// (public)
582function bnClone() { var r = nbi(); this.copyTo(r); return r; }
583
584// (public) return value as integer
585function bnIntValue() {
586 if(this.s < 0) {
587 if(this.t == 1) return this[0]-this.DV;
588 else if(this.t == 0) return -1;
589 }
590 else if(this.t == 1) return this[0];
591 else if(this.t == 0) return 0;
592 // assumes 16 < DB < 32
593 return ((this[1]&((1<<(32-this.DB))-1))<<this.DB)|this[0];
594}
595
596// (public) return value as byte
597function bnByteValue() { return (this.t==0)?this.s:(this[0]<<24)>>24; }
598
599// (public) return value as short (assumes DB>=16)
600function bnShortValue() { return (this.t==0)?this.s:(this[0]<<16)>>16; }
601
602// (protected) return x s.t. r^x < DV
603function bnpChunkSize(r) { return Math.floor(Math.LN2*this.DB/Math.log(r)); }
604
605// (public) 0 if this == 0, 1 if this > 0
606function bnSigNum() {
607 if(this.s < 0) return -1;
608 else if(this.t <= 0 || (this.t == 1 && this[0] <= 0)) return 0;
609 else return 1;
610}
611
612// (protected) convert to radix string
613function bnpToRadix(b) {
614 if(b == null) b = 10;
615 if(this.signum() == 0 || b < 2 || b > 36) return "0";
616 var cs = this.chunkSize(b);
617 var a = Math.pow(b,cs);
618 var d = nbv(a), y = nbi(), z = nbi(), r = "";
619 this.divRemTo(d,y,z);
620 while(y.signum() > 0) {
621 r = (a+z.intValue()).toString(b).substr(1) + r;
622 y.divRemTo(d,y,z);
623 }
624 return z.intValue().toString(b) + r;
625}
626
627// (protected) convert from radix string
628function bnpFromRadix(s,b) {
629 var self = this;
630 self.fromInt(0);
631 if(b == null) b = 10;
632 var cs = self.chunkSize(b);
633 var d = Math.pow(b,cs), mi = false, j = 0, w = 0;
634 for(var i = 0; i < s.length; ++i) {
635 var x = intAt(s,i);
636 if(x < 0) {
637 if(s.charAt(i) == "-" && self.signum() == 0) mi = true;
638 continue;
639 }
640 w = b*w+x;
641 if(++j >= cs) {
642 self.dMultiply(d);
643 self.dAddOffset(w,0);
644 j = 0;
645 w = 0;
646 }
647 }
648 if(j > 0) {
649 self.dMultiply(Math.pow(b,j));
650 self.dAddOffset(w,0);
651 }
652 if(mi) BigInteger.ZERO.subTo(self,self);
653}
654
655// (protected) alternate constructor
656function bnpFromNumber(a,b,c) {
657 var self = this;
658 if("number" == typeof b) {
659 // new BigInteger(int,int,RNG)
660 if(a < 2) self.fromInt(1);
661 else {
662 self.fromNumber(a,c);
663 if(!self.testBit(a-1)) // force MSB set
664 self.bitwiseTo(BigInteger.ONE.shiftLeft(a-1),op_or,self);
665 if(self.isEven()) self.dAddOffset(1,0); // force odd
666 while(!self.isProbablePrime(b)) {
667 self.dAddOffset(2,0);
668 if(self.bitLength() > a) self.subTo(BigInteger.ONE.shiftLeft(a-1),self);
669 }
670 }
671 }
672 else {
673 // new BigInteger(int,RNG)
674 var x = new Array(), t = a&7;
675 x.length = (a>>3)+1;
676 b.nextBytes(x);
677 if(t > 0) x[0] &= ((1<<t)-1); else x[0] = 0;
678 self.fromString(x,256);
679 }
680}
681
682// (public) convert to bigendian byte array
683function bnToByteArray() {
684 var self = this;
685 var i = self.t, r = new Array();
686 r[0] = self.s;
687 var p = self.DB-(i*self.DB)%8, d, k = 0;
688 if(i-- > 0) {
689 if(p < self.DB && (d = self[i]>>p) != (self.s&self.DM)>>p)
690 r[k++] = d|(self.s<<(self.DB-p));
691 while(i >= 0) {
692 if(p < 8) {
693 d = (self[i]&((1<<p)-1))<<(8-p);
694 d |= self[--i]>>(p+=self.DB-8);
695 }
696 else {
697 d = (self[i]>>(p-=8))&0xff;
698 if(p <= 0) { p += self.DB; --i; }
699 }
700 if((d&0x80) != 0) d |= -256;
701 if(k === 0 && (self.s&0x80) != (d&0x80)) ++k;
702 if(k > 0 || d != self.s) r[k++] = d;
703 }
704 }
705 return r;
706}
707
708function bnEquals(a) { return(this.compareTo(a)==0); }
709function bnMin(a) { return(this.compareTo(a)<0)?this:a; }
710function bnMax(a) { return(this.compareTo(a)>0)?this:a; }
711
712// (protected) r = this op a (bitwise)
713function bnpBitwiseTo(a,op,r) {
714 var self = this;
715 var i, f, m = Math.min(a.t,self.t);
716 for(i = 0; i < m; ++i) r[i] = op(self[i],a[i]);
717 if(a.t < self.t) {
718 f = a.s&self.DM;
719 for(i = m; i < self.t; ++i) r[i] = op(self[i],f);
720 r.t = self.t;
721 }
722 else {
723 f = self.s&self.DM;
724 for(i = m; i < a.t; ++i) r[i] = op(f,a[i]);
725 r.t = a.t;
726 }
727 r.s = op(self.s,a.s);
728 r.clamp();
729}
730
731// (public) this & a
732function op_and(x,y) { return x&y; }
733function bnAnd(a) { var r = nbi(); this.bitwiseTo(a,op_and,r); return r; }
734
735// (public) this | a
736function op_or(x,y) { return x|y; }
737function bnOr(a) { var r = nbi(); this.bitwiseTo(a,op_or,r); return r; }
738
739// (public) this ^ a
740function op_xor(x,y) { return x^y; }
741function bnXor(a) { var r = nbi(); this.bitwiseTo(a,op_xor,r); return r; }
742
743// (public) this & ~a
744function op_andnot(x,y) { return x&~y; }
745function bnAndNot(a) { var r = nbi(); this.bitwiseTo(a,op_andnot,r); return r; }
746
747// (public) ~this
748function bnNot() {
749 var r = nbi();
750 for(var i = 0; i < this.t; ++i) r[i] = this.DM&~this[i];
751 r.t = this.t;
752 r.s = ~this.s;
753 return r;
754}
755
756// (public) this << n
757function bnShiftLeft(n) {
758 var r = nbi();
759 if(n < 0) this.rShiftTo(-n,r); else this.lShiftTo(n,r);
760 return r;
761}
762
763// (public) this >> n
764function bnShiftRight(n) {
765 var r = nbi();
766 if(n < 0) this.lShiftTo(-n,r); else this.rShiftTo(n,r);
767 return r;
768}
769
770// return index of lowest 1-bit in x, x < 2^31
771function lbit(x) {
772 if(x == 0) return -1;
773 var r = 0;
774 if((x&0xffff) == 0) { x >>= 16; r += 16; }
775 if((x&0xff) == 0) { x >>= 8; r += 8; }
776 if((x&0xf) == 0) { x >>= 4; r += 4; }
777 if((x&3) == 0) { x >>= 2; r += 2; }
778 if((x&1) == 0) ++r;
779 return r;
780}
781
782// (public) returns index of lowest 1-bit (or -1 if none)
783function bnGetLowestSetBit() {
784 for(var i = 0; i < this.t; ++i)
785 if(this[i] != 0) return i*this.DB+lbit(this[i]);
786 if(this.s < 0) return this.t*this.DB;
787 return -1;
788}
789
790// return number of 1 bits in x
791function cbit(x) {
792 var r = 0;
793 while(x != 0) { x &= x-1; ++r; }
794 return r;
795}
796
797// (public) return number of set bits
798function bnBitCount() {
799 var r = 0, x = this.s&this.DM;
800 for(var i = 0; i < this.t; ++i) r += cbit(this[i]^x);
801 return r;
802}
803
804// (public) true iff nth bit is set
805function bnTestBit(n) {
806 var j = Math.floor(n/this.DB);
807 if(j >= this.t) return(this.s!=0);
808 return((this[j]&(1<<(n%this.DB)))!=0);
809}
810
811// (protected) this op (1<<n)
812function bnpChangeBit(n,op) {
813 var r = BigInteger.ONE.shiftLeft(n);
814 this.bitwiseTo(r,op,r);
815 return r;
816}
817
818// (public) this | (1<<n)
819function bnSetBit(n) { return this.changeBit(n,op_or); }
820
821// (public) this & ~(1<<n)
822function bnClearBit(n) { return this.changeBit(n,op_andnot); }
823
824// (public) this ^ (1<<n)
825function bnFlipBit(n) { return this.changeBit(n,op_xor); }
826
827// (protected) r = this + a
828function bnpAddTo(a,r) {
829 var self = this;
830
831 var i = 0, c = 0, m = Math.min(a.t,self.t);
832 while(i < m) {
833 c += self[i]+a[i];
834 r[i++] = c&self.DM;
835 c >>= self.DB;
836 }
837 if(a.t < self.t) {
838 c += a.s;
839 while(i < self.t) {
840 c += self[i];
841 r[i++] = c&self.DM;
842 c >>= self.DB;
843 }
844 c += self.s;
845 }
846 else {
847 c += self.s;
848 while(i < a.t) {
849 c += a[i];
850 r[i++] = c&self.DM;
851 c >>= self.DB;
852 }
853 c += a.s;
854 }
855 r.s = (c<0)?-1:0;
856 if(c > 0) r[i++] = c;
857 else if(c < -1) r[i++] = self.DV+c;
858 r.t = i;
859 r.clamp();
860}
861
862// (public) this + a
863function bnAdd(a) { var r = nbi(); this.addTo(a,r); return r; }
864
865// (public) this - a
866function bnSubtract(a) { var r = nbi(); this.subTo(a,r); return r; }
867
868// (public) this * a
869function bnMultiply(a) { var r = nbi(); this.multiplyTo(a,r); return r; }
870
871// (public) this^2
872function bnSquare() { var r = nbi(); this.squareTo(r); return r; }
873
874// (public) this / a
875function bnDivide(a) { var r = nbi(); this.divRemTo(a,r,null); return r; }
876
877// (public) this % a
878function bnRemainder(a) { var r = nbi(); this.divRemTo(a,null,r); return r; }
879
880// (public) [this/a,this%a]
881function bnDivideAndRemainder(a) {
882 var q = nbi(), r = nbi();
883 this.divRemTo(a,q,r);
884 return new Array(q,r);
885}
886
887// (protected) this *= n, this >= 0, 1 < n < DV
888function bnpDMultiply(n) {
889 this[this.t] = this.am(0,n-1,this,0,0,this.t);
890 ++this.t;
891 this.clamp();
892}
893
894// (protected) this += n << w words, this >= 0
895function bnpDAddOffset(n,w) {
896 if(n == 0) return;
897 while(this.t <= w) this[this.t++] = 0;
898 this[w] += n;
899 while(this[w] >= this.DV) {
900 this[w] -= this.DV;
901 if(++w >= this.t) this[this.t++] = 0;
902 ++this[w];
903 }
904}
905
906// A "null" reducer
907function NullExp() {}
908function nNop(x) { return x; }
909function nMulTo(x,y,r) { x.multiplyTo(y,r); }
910function nSqrTo(x,r) { x.squareTo(r); }
911
912NullExp.prototype.convert = nNop;
913NullExp.prototype.revert = nNop;
914NullExp.prototype.mulTo = nMulTo;
915NullExp.prototype.sqrTo = nSqrTo;
916
917// (public) this^e
918function bnPow(e) { return this.exp(e,new NullExp()); }
919
920// (protected) r = lower n words of "this * a", a.t <= n
921// "this" should be the larger one if appropriate.
922function bnpMultiplyLowerTo(a,n,r) {
923 var i = Math.min(this.t+a.t,n);
924 r.s = 0; // assumes a,this >= 0
925 r.t = i;
926 while(i > 0) r[--i] = 0;
927 var j;
928 for(j = r.t-this.t; i < j; ++i) r[i+this.t] = this.am(0,a[i],r,i,0,this.t);
929 for(j = Math.min(a.t,n); i < j; ++i) this.am(0,a[i],r,i,0,n-i);
930 r.clamp();
931}
932
933// (protected) r = "this * a" without lower n words, n > 0
934// "this" should be the larger one if appropriate.
935function bnpMultiplyUpperTo(a,n,r) {
936 --n;
937 var i = r.t = this.t+a.t-n;
938 r.s = 0; // assumes a,this >= 0
939 while(--i >= 0) r[i] = 0;
940 for(i = Math.max(n-this.t,0); i < a.t; ++i)
941 r[this.t+i-n] = this.am(n-i,a[i],r,0,0,this.t+i-n);
942 r.clamp();
943 r.drShiftTo(1,r);
944}
945
946// Barrett modular reduction
947function Barrett(m) {
948 // setup Barrett
949 this.r2 = nbi();
950 this.q3 = nbi();
951 BigInteger.ONE.dlShiftTo(2*m.t,this.r2);
952 this.mu = this.r2.divide(m);
953 this.m = m;
954}
955
956function barrettConvert(x) {
957 if(x.s < 0 || x.t > 2*this.m.t) return x.mod(this.m);
958 else if(x.compareTo(this.m) < 0) return x;
959 else { var r = nbi(); x.copyTo(r); this.reduce(r); return r; }
960}
961
962function barrettRevert(x) { return x; }
963
964// x = x mod m (HAC 14.42)
965function barrettReduce(x) {
966 var self = this;
967 x.drShiftTo(self.m.t-1,self.r2);
968 if(x.t > self.m.t+1) { x.t = self.m.t+1; x.clamp(); }
969 self.mu.multiplyUpperTo(self.r2,self.m.t+1,self.q3);
970 self.m.multiplyLowerTo(self.q3,self.m.t+1,self.r2);
971 while(x.compareTo(self.r2) < 0) x.dAddOffset(1,self.m.t+1);
972 x.subTo(self.r2,x);
973 while(x.compareTo(self.m) >= 0) x.subTo(self.m,x);
974}
975
976// r = x^2 mod m; x != r
977function barrettSqrTo(x,r) { x.squareTo(r); this.reduce(r); }
978
979// r = x*y mod m; x,y != r
980function barrettMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); }
981
982Barrett.prototype.convert = barrettConvert;
983Barrett.prototype.revert = barrettRevert;
984Barrett.prototype.reduce = barrettReduce;
985Barrett.prototype.mulTo = barrettMulTo;
986Barrett.prototype.sqrTo = barrettSqrTo;
987
988// (public) this^e % m (HAC 14.85)
989function bnModPow(e,m) {
990 var i = e.bitLength(), k, r = nbv(1), z;
991 if(i <= 0) return r;
992 else if(i < 18) k = 1;
993 else if(i < 48) k = 3;
994 else if(i < 144) k = 4;
995 else if(i < 768) k = 5;
996 else k = 6;
997 if(i < 8)
998 z = new Classic(m);
999 else if(m.isEven())
1000 z = new Barrett(m);
1001 else
1002 z = new Montgomery(m);
1003
1004 // precomputation
1005 var g = new Array(), n = 3, k1 = k-1, km = (1<<k)-1;
1006 g[1] = z.convert(this);
1007 if(k > 1) {
1008 var g2 = nbi();
1009 z.sqrTo(g[1],g2);
1010 while(n <= km) {
1011 g[n] = nbi();
1012 z.mulTo(g2,g[n-2],g[n]);
1013 n += 2;
1014 }
1015 }
1016
1017 var j = e.t-1, w, is1 = true, r2 = nbi(), t;
1018 i = nbits(e[j])-1;
1019 while(j >= 0) {
1020 if(i >= k1) w = (e[j]>>(i-k1))&km;
1021 else {
1022 w = (e[j]&((1<<(i+1))-1))<<(k1-i);
1023 if(j > 0) w |= e[j-1]>>(this.DB+i-k1);
1024 }
1025
1026 n = k;
1027 while((w&1) == 0) { w >>= 1; --n; }
1028 if((i -= n) < 0) { i += this.DB; --j; }
1029 if(is1) { // ret == 1, don't bother squaring or multiplying it
1030 g[w].copyTo(r);
1031 is1 = false;
1032 }
1033 else {
1034 while(n > 1) { z.sqrTo(r,r2); z.sqrTo(r2,r); n -= 2; }
1035 if(n > 0) z.sqrTo(r,r2); else { t = r; r = r2; r2 = t; }
1036 z.mulTo(r2,g[w],r);
1037 }
1038
1039 while(j >= 0 && (e[j]&(1<<i)) == 0) {
1040 z.sqrTo(r,r2); t = r; r = r2; r2 = t;
1041 if(--i < 0) { i = this.DB-1; --j; }
1042 }
1043 }
1044 return z.revert(r);
1045}
1046
1047// (public) gcd(this,a) (HAC 14.54)
1048function bnGCD(a) {
1049 var x = (this.s<0)?this.negate():this.clone();
1050 var y = (a.s<0)?a.negate():a.clone();
1051 if(x.compareTo(y) < 0) { var t = x; x = y; y = t; }
1052 var i = x.getLowestSetBit(), g = y.getLowestSetBit();
1053 if(g < 0) return x;
1054 if(i < g) g = i;
1055 if(g > 0) {
1056 x.rShiftTo(g,x);
1057 y.rShiftTo(g,y);
1058 }
1059 while(x.signum() > 0) {
1060 if((i = x.getLowestSetBit()) > 0) x.rShiftTo(i,x);
1061 if((i = y.getLowestSetBit()) > 0) y.rShiftTo(i,y);
1062 if(x.compareTo(y) >= 0) {
1063 x.subTo(y,x);
1064 x.rShiftTo(1,x);
1065 }
1066 else {
1067 y.subTo(x,y);
1068 y.rShiftTo(1,y);
1069 }
1070 }
1071 if(g > 0) y.lShiftTo(g,y);
1072 return y;
1073}
1074
1075// (protected) this % n, n < 2^26
1076function bnpModInt(n) {
1077 if(n <= 0) return 0;
1078 var d = this.DV%n, r = (this.s<0)?n-1:0;
1079 if(this.t > 0)
1080 if(d == 0) r = this[0]%n;
1081 else for(var i = this.t-1; i >= 0; --i) r = (d*r+this[i])%n;
1082 return r;
1083}
1084
1085// (public) 1/this % m (HAC 14.61)
1086function bnModInverse(m) {
1087 var ac = m.isEven();
1088 if((this.isEven() && ac) || m.signum() == 0) return BigInteger.ZERO;
1089 var u = m.clone(), v = this.clone();
1090 var a = nbv(1), b = nbv(0), c = nbv(0), d = nbv(1);
1091 while(u.signum() != 0) {
1092 while(u.isEven()) {
1093 u.rShiftTo(1,u);
1094 if(ac) {
1095 if(!a.isEven() || !b.isEven()) { a.addTo(this,a); b.subTo(m,b); }
1096 a.rShiftTo(1,a);
1097 }
1098 else if(!b.isEven()) b.subTo(m,b);
1099 b.rShiftTo(1,b);
1100 }
1101 while(v.isEven()) {
1102 v.rShiftTo(1,v);
1103 if(ac) {
1104 if(!c.isEven() || !d.isEven()) { c.addTo(this,c); d.subTo(m,d); }
1105 c.rShiftTo(1,c);
1106 }
1107 else if(!d.isEven()) d.subTo(m,d);
1108 d.rShiftTo(1,d);
1109 }
1110 if(u.compareTo(v) >= 0) {
1111 u.subTo(v,u);
1112 if(ac) a.subTo(c,a);
1113 b.subTo(d,b);
1114 }
1115 else {
1116 v.subTo(u,v);
1117 if(ac) c.subTo(a,c);
1118 d.subTo(b,d);
1119 }
1120 }
1121 if(v.compareTo(BigInteger.ONE) != 0) return BigInteger.ZERO;
1122 if(d.compareTo(m) >= 0) return d.subtract(m);
1123 if(d.signum() < 0) d.addTo(m,d); else return d;
1124 if(d.signum() < 0) return d.add(m); else return d;
1125}
1126
1127// protected
1128proto.chunkSize = bnpChunkSize;
1129proto.toRadix = bnpToRadix;
1130proto.fromRadix = bnpFromRadix;
1131proto.fromNumber = bnpFromNumber;
1132proto.bitwiseTo = bnpBitwiseTo;
1133proto.changeBit = bnpChangeBit;
1134proto.addTo = bnpAddTo;
1135proto.dMultiply = bnpDMultiply;
1136proto.dAddOffset = bnpDAddOffset;
1137proto.multiplyLowerTo = bnpMultiplyLowerTo;
1138proto.multiplyUpperTo = bnpMultiplyUpperTo;
1139proto.modInt = bnpModInt;
1140
1141// public
1142proto.clone = bnClone;
1143proto.intValue = bnIntValue;
1144proto.byteValue = bnByteValue;
1145proto.shortValue = bnShortValue;
1146proto.signum = bnSigNum;
1147proto.toByteArray = bnToByteArray;
1148proto.equals = bnEquals;
1149proto.min = bnMin;
1150proto.max = bnMax;
1151proto.and = bnAnd;
1152proto.or = bnOr;
1153proto.xor = bnXor;
1154proto.andNot = bnAndNot;
1155proto.not = bnNot;
1156proto.shiftLeft = bnShiftLeft;
1157proto.shiftRight = bnShiftRight;
1158proto.getLowestSetBit = bnGetLowestSetBit;
1159proto.bitCount = bnBitCount;
1160proto.testBit = bnTestBit;
1161proto.setBit = bnSetBit;
1162proto.clearBit = bnClearBit;
1163proto.flipBit = bnFlipBit;
1164proto.add = bnAdd;
1165proto.subtract = bnSubtract;
1166proto.multiply = bnMultiply;
1167proto.divide = bnDivide;
1168proto.remainder = bnRemainder;
1169proto.divideAndRemainder = bnDivideAndRemainder;
1170proto.modPow = bnModPow;
1171proto.modInverse = bnModInverse;
1172proto.pow = bnPow;
1173proto.gcd = bnGCD;
1174
1175// JSBN-specific extension
1176proto.square = bnSquare;
1177
1178// BigInteger interfaces not implemented in jsbn:
1179
1180// BigInteger(int signum, byte[] magnitude)
1181// double doubleValue()
1182// float floatValue()
1183// int hashCode()
1184// long longValue()
1185// static BigInteger valueOf(long val)
1186
1187// "constants"
1188BigInteger.ZERO = nbv(0);
1189BigInteger.ONE = nbv(1);
1190BigInteger.valueOf = nbv;
1191
1192},{"assert":4}],2:[function(_dereq_,module,exports){
1193(function (Buffer){
1194// FIXME: Kind of a weird way to throw exceptions, consider removing
1195var assert = _dereq_('assert')
1196var BigInteger = _dereq_('./bigi')
1197
1198/**
1199 * Turns a byte array into a big integer.
1200 *
1201 * This function will interpret a byte array as a big integer in big
1202 * endian notation.
1203 */
1204BigInteger.fromByteArrayUnsigned = function(byteArray) {
1205 // BigInteger expects a DER integer conformant byte array
1206 if (byteArray[0] & 0x80) {
1207 return new BigInteger([0].concat(byteArray))
1208 }
1209
1210 return new BigInteger(byteArray)
1211}
1212
1213/**
1214 * Returns a byte array representation of the big integer.
1215 *
1216 * This returns the absolute of the contained value in big endian
1217 * form. A value of zero results in an empty array.
1218 */
1219BigInteger.prototype.toByteArrayUnsigned = function() {
1220 var byteArray = this.toByteArray()
1221 return byteArray[0] === 0 ? byteArray.slice(1) : byteArray
1222}
1223
1224BigInteger.fromDERInteger = function(byteArray) {
1225 return new BigInteger(byteArray)
1226}
1227
1228/*
1229 * Converts BigInteger to a DER integer representation.
1230 *
1231 * The format for this value uses the most significant bit as a sign
1232 * bit. If the most significant bit is already set and the integer is
1233 * positive, a 0x00 is prepended.
1234 *
1235 * Examples:
1236 *
1237 * 0 => 0x00
1238 * 1 => 0x01
1239 * -1 => 0x81
1240 * 127 => 0x7f
1241 * -127 => 0xff
1242 * 128 => 0x0080
1243 * -128 => 0x80
1244 * 255 => 0x00ff
1245 * -255 => 0xff
1246 * 16300 => 0x3fac
1247 * -16300 => 0xbfac
1248 * 62300 => 0x00f35c
1249 * -62300 => 0xf35c
1250*/
1251BigInteger.prototype.toDERInteger = BigInteger.prototype.toByteArray
1252
1253BigInteger.fromBuffer = function(buffer) {
1254 // BigInteger expects a DER integer conformant byte array
1255 if (buffer[0] & 0x80) {
1256 var byteArray = Array.prototype.slice.call(buffer)
1257
1258 return new BigInteger([0].concat(byteArray))
1259 }
1260
1261 return new BigInteger(buffer)
1262}
1263
1264BigInteger.fromHex = function(hex) {
1265 if (hex === '') return BigInteger.ZERO
1266
1267 assert.equal(hex, hex.match(/^[A-Fa-f0-9]+/), 'Invalid hex string')
1268 assert.equal(hex.length % 2, 0, 'Incomplete hex')
1269 return new BigInteger(hex, 16)
1270}
1271
1272BigInteger.prototype.toBuffer = function(size) {
1273 var byteArray = this.toByteArrayUnsigned()
1274 var zeros = []
1275
1276 var padding = size - byteArray.length
1277 while (zeros.length < padding) zeros.push(0)
1278
1279 return new Buffer(zeros.concat(byteArray))
1280}
1281
1282BigInteger.prototype.toHex = function(size) {
1283 return this.toBuffer(size).toString('hex')
1284}
1285
1286}).call(this,_dereq_("buffer").Buffer)
1287},{"./bigi":1,"assert":4,"buffer":8}],3:[function(_dereq_,module,exports){
1288var BigInteger = _dereq_('./bigi')
1289
1290//addons
1291_dereq_('./convert')
1292
1293module.exports = BigInteger
1294},{"./bigi":1,"./convert":2}],4:[function(_dereq_,module,exports){
1295// http://wiki.commonjs.org/wiki/Unit_Testing/1.0
1296//
1297// THIS IS NOT TESTED NOR LIKELY TO WORK OUTSIDE V8!
1298//
1299// Originally from narwhal.js (http://narwhaljs.org)
1300// Copyright (c) 2009 Thomas Robinson <280north.com>
1301//
1302// Permission is hereby granted, free of charge, to any person obtaining a copy
1303// of this software and associated documentation files (the 'Software'), to
1304// deal in the Software without restriction, including without limitation the
1305// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
1306// sell copies of the Software, and to permit persons to whom the Software is
1307// furnished to do so, subject to the following conditions:
1308//
1309// The above copyright notice and this permission notice shall be included in
1310// all copies or substantial portions of the Software.
1311//
1312// THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
1313// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
1314// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
1315// AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
1316// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
1317// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
1318
1319// when used in node, this will actually load the util module we depend on
1320// versus loading the builtin util module as happens otherwise
1321// this is a bug in node module loading as far as I am concerned
1322var util = _dereq_('util/');
1323
1324var pSlice = Array.prototype.slice;
1325var hasOwn = Object.prototype.hasOwnProperty;
1326
1327// 1. The assert module provides functions that throw
1328// AssertionError's when particular conditions are not met. The
1329// assert module must conform to the following interface.
1330
1331var assert = module.exports = ok;
1332
1333// 2. The AssertionError is defined in assert.
1334// new assert.AssertionError({ message: message,
1335// actual: actual,
1336// expected: expected })
1337
1338assert.AssertionError = function AssertionError(options) {
1339 this.name = 'AssertionError';
1340 this.actual = options.actual;
1341 this.expected = options.expected;
1342 this.operator = options.operator;
1343 if (options.message) {
1344 this.message = options.message;
1345 this.generatedMessage = false;
1346 } else {
1347 this.message = getMessage(this);
1348 this.generatedMessage = true;
1349 }
1350 var stackStartFunction = options.stackStartFunction || fail;
1351
1352 if (Error.captureStackTrace) {
1353 Error.captureStackTrace(this, stackStartFunction);
1354 }
1355 else {
1356 // non v8 browsers so we can have a stacktrace
1357 var err = new Error();
1358 if (err.stack) {
1359 var out = err.stack;
1360
1361 // try to strip useless frames
1362 var fn_name = stackStartFunction.name;
1363 var idx = out.indexOf('\n' + fn_name);
1364 if (idx >= 0) {
1365 // once we have located the function frame
1366 // we need to strip out everything before it (and its line)
1367 var next_line = out.indexOf('\n', idx + 1);
1368 out = out.substring(next_line + 1);
1369 }
1370
1371 this.stack = out;
1372 }
1373 }
1374};
1375
1376// assert.AssertionError instanceof Error
1377util.inherits(assert.AssertionError, Error);
1378
1379function replacer(key, value) {
1380 if (util.isUndefined(value)) {
1381 return '' + value;
1382 }
1383 if (util.isNumber(value) && (isNaN(value) || !isFinite(value))) {
1384 return value.toString();
1385 }
1386 if (util.isFunction(value) || util.isRegExp(value)) {
1387 return value.toString();
1388 }
1389 return value;
1390}
1391
1392function truncate(s, n) {
1393 if (util.isString(s)) {
1394 return s.length < n ? s : s.slice(0, n);
1395 } else {
1396 return s;
1397 }
1398}
1399
1400function getMessage(self) {
1401 return truncate(JSON.stringify(self.actual, replacer), 128) + ' ' +
1402 self.operator + ' ' +
1403 truncate(JSON.stringify(self.expected, replacer), 128);
1404}
1405
1406// At present only the three keys mentioned above are used and
1407// understood by the spec. Implementations or sub modules can pass
1408// other keys to the AssertionError's constructor - they will be
1409// ignored.
1410
1411// 3. All of the following functions must throw an AssertionError
1412// when a corresponding condition is not met, with a message that
1413// may be undefined if not provided. All assertion methods provide
1414// both the actual and expected values to the assertion error for
1415// display purposes.
1416
1417function fail(actual, expected, message, operator, stackStartFunction) {
1418 throw new assert.AssertionError({
1419 message: message,
1420 actual: actual,
1421 expected: expected,
1422 operator: operator,
1423 stackStartFunction: stackStartFunction
1424 });
1425}
1426
1427// EXTENSION! allows for well behaved errors defined elsewhere.
1428assert.fail = fail;
1429
1430// 4. Pure assertion tests whether a value is truthy, as determined
1431// by !!guard.
1432// assert.ok(guard, message_opt);
1433// This statement is equivalent to assert.equal(true, !!guard,
1434// message_opt);. To test strictly for the value true, use
1435// assert.strictEqual(true, guard, message_opt);.
1436
1437function ok(value, message) {
1438 if (!value) fail(value, true, message, '==', assert.ok);
1439}
1440assert.ok = ok;
1441
1442// 5. The equality assertion tests shallow, coercive equality with
1443// ==.
1444// assert.equal(actual, expected, message_opt);
1445
1446assert.equal = function equal(actual, expected, message) {
1447 if (actual != expected) fail(actual, expected, message, '==', assert.equal);
1448};
1449
1450// 6. The non-equality assertion tests for whether two objects are not equal
1451// with != assert.notEqual(actual, expected, message_opt);
1452
1453assert.notEqual = function notEqual(actual, expected, message) {
1454 if (actual == expected) {
1455 fail(actual, expected, message, '!=', assert.notEqual);
1456 }
1457};
1458
1459// 7. The equivalence assertion tests a deep equality relation.
1460// assert.deepEqual(actual, expected, message_opt);
1461
1462assert.deepEqual = function deepEqual(actual, expected, message) {
1463 if (!_deepEqual(actual, expected)) {
1464 fail(actual, expected, message, 'deepEqual', assert.deepEqual);
1465 }
1466};
1467
1468function _deepEqual(actual, expected) {
1469 // 7.1. All identical values are equivalent, as determined by ===.
1470 if (actual === expected) {
1471 return true;
1472
1473 } else if (util.isBuffer(actual) && util.isBuffer(expected)) {
1474 if (actual.length != expected.length) return false;
1475
1476 for (var i = 0; i < actual.length; i++) {
1477 if (actual[i] !== expected[i]) return false;
1478 }
1479
1480 return true;
1481
1482 // 7.2. If the expected value is a Date object, the actual value is
1483 // equivalent if it is also a Date object that refers to the same time.
1484 } else if (util.isDate(actual) && util.isDate(expected)) {
1485 return actual.getTime() === expected.getTime();
1486
1487 // 7.3 If the expected value is a RegExp object, the actual value is
1488 // equivalent if it is also a RegExp object with the same source and
1489 // properties (`global`, `multiline`, `lastIndex`, `ignoreCase`).
1490 } else if (util.isRegExp(actual) && util.isRegExp(expected)) {
1491 return actual.source === expected.source &&
1492 actual.global === expected.global &&
1493 actual.multiline === expected.multiline &&
1494 actual.lastIndex === expected.lastIndex &&
1495 actual.ignoreCase === expected.ignoreCase;
1496
1497 // 7.4. Other pairs that do not both pass typeof value == 'object',
1498 // equivalence is determined by ==.
1499 } else if (!util.isObject(actual) && !util.isObject(expected)) {
1500 return actual == expected;
1501
1502 // 7.5 For all other Object pairs, including Array objects, equivalence is
1503 // determined by having the same number of owned properties (as verified
1504 // with Object.prototype.hasOwnProperty.call), the same set of keys
1505 // (although not necessarily the same order), equivalent values for every
1506 // corresponding key, and an identical 'prototype' property. Note: this
1507 // accounts for both named and indexed properties on Arrays.
1508 } else {
1509 return objEquiv(actual, expected);
1510 }
1511}
1512
1513function isArguments(object) {
1514 return Object.prototype.toString.call(object) == '[object Arguments]';
1515}
1516
1517function objEquiv(a, b) {
1518 if (util.isNullOrUndefined(a) || util.isNullOrUndefined(b))
1519 return false;
1520 // an identical 'prototype' property.
1521 if (a.prototype !== b.prototype) return false;
1522 //~~~I've managed to break Object.keys through screwy arguments passing.
1523 // Converting to array solves the problem.
1524 if (isArguments(a)) {
1525 if (!isArguments(b)) {
1526 return false;
1527 }
1528 a = pSlice.call(a);
1529 b = pSlice.call(b);
1530 return _deepEqual(a, b);
1531 }
1532 try {
1533 var ka = objectKeys(a),
1534 kb = objectKeys(b),
1535 key, i;
1536 } catch (e) {//happens when one is a string literal and the other isn't
1537 return false;
1538 }
1539 // having the same number of owned properties (keys incorporates
1540 // hasOwnProperty)
1541 if (ka.length != kb.length)
1542 return false;
1543 //the same set of keys (although not necessarily the same order),
1544 ka.sort();
1545 kb.sort();
1546 //~~~cheap key test
1547 for (i = ka.length - 1; i >= 0; i--) {
1548 if (ka[i] != kb[i])
1549 return false;
1550 }
1551 //equivalent values for every corresponding key, and
1552 //~~~possibly expensive deep test
1553 for (i = ka.length - 1; i >= 0; i--) {
1554 key = ka[i];
1555 if (!_deepEqual(a[key], b[key])) return false;
1556 }
1557 return true;
1558}
1559
1560// 8. The non-equivalence assertion tests for any deep inequality.
1561// assert.notDeepEqual(actual, expected, message_opt);
1562
1563assert.notDeepEqual = function notDeepEqual(actual, expected, message) {
1564 if (_deepEqual(actual, expected)) {
1565 fail(actual, expected, message, 'notDeepEqual', assert.notDeepEqual);
1566 }
1567};
1568
1569// 9. The strict equality assertion tests strict equality, as determined by ===.
1570// assert.strictEqual(actual, expected, message_opt);
1571
1572assert.strictEqual = function strictEqual(actual, expected, message) {
1573 if (actual !== expected) {
1574 fail(actual, expected, message, '===', assert.strictEqual);
1575 }
1576};
1577
1578// 10. The strict non-equality assertion tests for strict inequality, as
1579// determined by !==. assert.notStrictEqual(actual, expected, message_opt);
1580
1581assert.notStrictEqual = function notStrictEqual(actual, expected, message) {
1582 if (actual === expected) {
1583 fail(actual, expected, message, '!==', assert.notStrictEqual);
1584 }
1585};
1586
1587function expectedException(actual, expected) {
1588 if (!actual || !expected) {
1589 return false;
1590 }
1591
1592 if (Object.prototype.toString.call(expected) == '[object RegExp]') {
1593 return expected.test(actual);
1594 } else if (actual instanceof expected) {
1595 return true;
1596 } else if (expected.call({}, actual) === true) {
1597 return true;
1598 }
1599
1600 return false;
1601}
1602
1603function _throws(shouldThrow, block, expected, message) {
1604 var actual;
1605
1606 if (util.isString(expected)) {
1607 message = expected;
1608 expected = null;
1609 }
1610
1611 try {
1612 block();
1613 } catch (e) {
1614 actual = e;
1615 }
1616
1617 message = (expected && expected.name ? ' (' + expected.name + ').' : '.') +
1618 (message ? ' ' + message : '.');
1619
1620 if (shouldThrow && !actual) {
1621 fail(actual, expected, 'Missing expected exception' + message);
1622 }
1623
1624 if (!shouldThrow && expectedException(actual, expected)) {
1625 fail(actual, expected, 'Got unwanted exception' + message);
1626 }
1627
1628 if ((shouldThrow && actual && expected &&
1629 !expectedException(actual, expected)) || (!shouldThrow && actual)) {
1630 throw actual;
1631 }
1632}
1633
1634// 11. Expected to throw an error:
1635// assert.throws(block, Error_opt, message_opt);
1636
1637assert.throws = function(block, /*optional*/error, /*optional*/message) {
1638 _throws.apply(this, [true].concat(pSlice.call(arguments)));
1639};
1640
1641// EXTENSION! This is annoying to write outside this module.
1642assert.doesNotThrow = function(block, /*optional*/message) {
1643 _throws.apply(this, [false].concat(pSlice.call(arguments)));
1644};
1645
1646assert.ifError = function(err) { if (err) {throw err;}};
1647
1648var objectKeys = Object.keys || function (obj) {
1649 var keys = [];
1650 for (var key in obj) {
1651 if (hasOwn.call(obj, key)) keys.push(key);
1652 }
1653 return keys;
1654};
1655
1656},{"util/":6}],5:[function(_dereq_,module,exports){
1657module.exports = function isBuffer(arg) {
1658 return arg && typeof arg === 'object'
1659 && typeof arg.copy === 'function'
1660 && typeof arg.fill === 'function'
1661 && typeof arg.readUInt8 === 'function';
1662}
1663},{}],6:[function(_dereq_,module,exports){
1664(function (process,global){
1665// Copyright Joyent, Inc. and other Node contributors.
1666//
1667// Permission is hereby granted, free of charge, to any person obtaining a
1668// copy of this software and associated documentation files (the
1669// "Software"), to deal in the Software without restriction, including
1670// without limitation the rights to use, copy, modify, merge, publish,
1671// distribute, sublicense, and/or sell copies of the Software, and to permit
1672// persons to whom the Software is furnished to do so, subject to the
1673// following conditions:
1674//
1675// The above copyright notice and this permission notice shall be included
1676// in all copies or substantial portions of the Software.
1677//
1678// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
1679// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
1680// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
1681// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
1682// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
1683// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
1684// USE OR OTHER DEALINGS IN THE SOFTWARE.
1685
1686var formatRegExp = /%[sdj%]/g;
1687exports.format = function(f) {
1688 if (!isString(f)) {
1689 var objects = [];
1690 for (var i = 0; i < arguments.length; i++) {
1691 objects.push(inspect(arguments[i]));
1692 }
1693 return objects.join(' ');
1694 }
1695
1696 var i = 1;
1697 var args = arguments;
1698 var len = args.length;
1699 var str = String(f).replace(formatRegExp, function(x) {
1700 if (x === '%%') return '%';
1701 if (i >= len) return x;
1702 switch (x) {
1703 case '%s': return String(args[i++]);
1704 case '%d': return Number(args[i++]);
1705 case '%j':
1706 try {
1707 return JSON.stringify(args[i++]);
1708 } catch (_) {
1709 return '[Circular]';
1710 }
1711 default:
1712 return x;
1713 }
1714 });
1715 for (var x = args[i]; i < len; x = args[++i]) {
1716 if (isNull(x) || !isObject(x)) {
1717 str += ' ' + x;
1718 } else {
1719 str += ' ' + inspect(x);
1720 }
1721 }
1722 return str;
1723};
1724
1725
1726// Mark that a method should not be used.
1727// Returns a modified function which warns once by default.
1728// If --no-deprecation is set, then it is a no-op.
1729exports.deprecate = function(fn, msg) {
1730 // Allow for deprecating things in the process of starting up.
1731 if (isUndefined(global.process)) {
1732 return function() {
1733 return exports.deprecate(fn, msg).apply(this, arguments);
1734 };
1735 }
1736
1737 if (process.noDeprecation === true) {
1738 return fn;
1739 }
1740
1741 var warned = false;
1742 function deprecated() {
1743 if (!warned) {
1744 if (process.throwDeprecation) {
1745 throw new Error(msg);
1746 } else if (process.traceDeprecation) {
1747 console.trace(msg);
1748 } else {
1749 console.error(msg);
1750 }
1751 warned = true;
1752 }
1753 return fn.apply(this, arguments);
1754 }
1755
1756 return deprecated;
1757};
1758
1759
1760var debugs = {};
1761var debugEnviron;
1762exports.debuglog = function(set) {
1763 if (isUndefined(debugEnviron))
1764 debugEnviron = process.env.NODE_DEBUG || '';
1765 set = set.toUpperCase();
1766 if (!debugs[set]) {
1767 if (new RegExp('\\b' + set + '\\b', 'i').test(debugEnviron)) {
1768 var pid = process.pid;
1769 debugs[set] = function() {
1770 var msg = exports.format.apply(exports, arguments);
1771 console.error('%s %d: %s', set, pid, msg);
1772 };
1773 } else {
1774 debugs[set] = function() {};
1775 }
1776 }
1777 return debugs[set];
1778};
1779
1780
1781/**
1782 * Echos the value of a value. Trys to print the value out
1783 * in the best way possible given the different types.
1784 *
1785 * @param {Object} obj The object to print out.
1786 * @param {Object} opts Optional options object that alters the output.
1787 */
1788/* legacy: obj, showHidden, depth, colors*/
1789function inspect(obj, opts) {
1790 // default options
1791 var ctx = {
1792 seen: [],
1793 stylize: stylizeNoColor
1794 };
1795 // legacy...
1796 if (arguments.length >= 3) ctx.depth = arguments[2];
1797 if (arguments.length >= 4) ctx.colors = arguments[3];
1798 if (isBoolean(opts)) {
1799 // legacy...
1800 ctx.showHidden = opts;
1801 } else if (opts) {
1802 // got an "options" object
1803 exports._extend(ctx, opts);
1804 }
1805 // set default options
1806 if (isUndefined(ctx.showHidden)) ctx.showHidden = false;
1807 if (isUndefined(ctx.depth)) ctx.depth = 2;
1808 if (isUndefined(ctx.colors)) ctx.colors = false;
1809 if (isUndefined(ctx.customInspect)) ctx.customInspect = true;
1810 if (ctx.colors) ctx.stylize = stylizeWithColor;
1811 return formatValue(ctx, obj, ctx.depth);
1812}
1813exports.inspect = inspect;
1814
1815
1816// http://en.wikipedia.org/wiki/ANSI_escape_code#graphics
1817inspect.colors = {
1818 'bold' : [1, 22],
1819 'italic' : [3, 23],
1820 'underline' : [4, 24],
1821 'inverse' : [7, 27],
1822 'white' : [37, 39],
1823 'grey' : [90, 39],
1824 'black' : [30, 39],
1825 'blue' : [34, 39],
1826 'cyan' : [36, 39],
1827 'green' : [32, 39],
1828 'magenta' : [35, 39],
1829 'red' : [31, 39],
1830 'yellow' : [33, 39]
1831};
1832
1833// Don't use 'blue' not visible on cmd.exe
1834inspect.styles = {
1835 'special': 'cyan',
1836 'number': 'yellow',
1837 'boolean': 'yellow',
1838 'undefined': 'grey',
1839 'null': 'bold',
1840 'string': 'green',
1841 'date': 'magenta',
1842 // "name": intentionally not styling
1843 'regexp': 'red'
1844};
1845
1846
1847function stylizeWithColor(str, styleType) {
1848 var style = inspect.styles[styleType];
1849
1850 if (style) {
1851 return '\u001b[' + inspect.colors[style][0] + 'm' + str +
1852 '\u001b[' + inspect.colors[style][1] + 'm';
1853 } else {
1854 return str;
1855 }
1856}
1857
1858
1859function stylizeNoColor(str, styleType) {
1860 return str;
1861}
1862
1863
1864function arrayToHash(array) {
1865 var hash = {};
1866
1867 array.forEach(function(val, idx) {
1868 hash[val] = true;
1869 });
1870
1871 return hash;
1872}
1873
1874
1875function formatValue(ctx, value, recurseTimes) {
1876 // Provide a hook for user-specified inspect functions.
1877 // Check that value is an object with an inspect function on it
1878 if (ctx.customInspect &&
1879 value &&
1880 isFunction(value.inspect) &&
1881 // Filter out the util module, it's inspect function is special
1882 value.inspect !== exports.inspect &&
1883 // Also filter out any prototype objects using the circular check.
1884 !(value.constructor && value.constructor.prototype === value)) {
1885 var ret = value.inspect(recurseTimes, ctx);
1886 if (!isString(ret)) {
1887 ret = formatValue(ctx, ret, recurseTimes);
1888 }
1889 return ret;
1890 }
1891
1892 // Primitive types cannot have properties
1893 var primitive = formatPrimitive(ctx, value);
1894 if (primitive) {
1895 return primitive;
1896 }
1897
1898 // Look up the keys of the object.
1899 var keys = Object.keys(value);
1900 var visibleKeys = arrayToHash(keys);
1901
1902 if (ctx.showHidden) {
1903 keys = Object.getOwnPropertyNames(value);
1904 }
1905
1906 // IE doesn't make error fields non-enumerable
1907 // http://msdn.microsoft.com/en-us/library/ie/dww52sbt(v=vs.94).aspx
1908 if (isError(value)
1909 && (keys.indexOf('message') >= 0 || keys.indexOf('description') >= 0)) {
1910 return formatError(value);
1911 }
1912
1913 // Some type of object without properties can be shortcutted.
1914 if (keys.length === 0) {
1915 if (isFunction(value)) {
1916 var name = value.name ? ': ' + value.name : '';
1917 return ctx.stylize('[Function' + name + ']', 'special');
1918 }
1919 if (isRegExp(value)) {
1920 return ctx.stylize(RegExp.prototype.toString.call(value), 'regexp');
1921 }
1922 if (isDate(value)) {
1923 return ctx.stylize(Date.prototype.toString.call(value), 'date');
1924 }
1925 if (isError(value)) {
1926 return formatError(value);
1927 }
1928 }
1929
1930 var base = '', array = false, braces = ['{', '}'];
1931
1932 // Make Array say that they are Array
1933 if (isArray(value)) {
1934 array = true;
1935 braces = ['[', ']'];
1936 }
1937
1938 // Make functions say that they are functions
1939 if (isFunction(value)) {
1940 var n = value.name ? ': ' + value.name : '';
1941 base = ' [Function' + n + ']';
1942 }
1943
1944 // Make RegExps say that they are RegExps
1945 if (isRegExp(value)) {
1946 base = ' ' + RegExp.prototype.toString.call(value);
1947 }
1948
1949 // Make dates with properties first say the date
1950 if (isDate(value)) {
1951 base = ' ' + Date.prototype.toUTCString.call(value);
1952 }
1953
1954 // Make error with message first say the error
1955 if (isError(value)) {
1956 base = ' ' + formatError(value);
1957 }
1958
1959 if (keys.length === 0 && (!array || value.length == 0)) {
1960 return braces[0] + base + braces[1];
1961 }
1962
1963 if (recurseTimes < 0) {
1964 if (isRegExp(value)) {
1965 return ctx.stylize(RegExp.prototype.toString.call(value), 'regexp');
1966 } else {
1967 return ctx.stylize('[Object]', 'special');
1968 }
1969 }
1970
1971 ctx.seen.push(value);
1972
1973 var output;
1974 if (array) {
1975 output = formatArray(ctx, value, recurseTimes, visibleKeys, keys);
1976 } else {
1977 output = keys.map(function(key) {
1978 return formatProperty(ctx, value, recurseTimes, visibleKeys, key, array);
1979 });
1980 }
1981
1982 ctx.seen.pop();
1983
1984 return reduceToSingleString(output, base, braces);
1985}
1986
1987
1988function formatPrimitive(ctx, value) {
1989 if (isUndefined(value))
1990 return ctx.stylize('undefined', 'undefined');
1991 if (isString(value)) {
1992 var simple = '\'' + JSON.stringify(value).replace(/^"|"$/g, '')
1993 .replace(/'/g, "\\'")
1994 .replace(/\\"/g, '"') + '\'';
1995 return ctx.stylize(simple, 'string');
1996 }
1997 if (isNumber(value))
1998 return ctx.stylize('' + value, 'number');
1999 if (isBoolean(value))
2000 return ctx.stylize('' + value, 'boolean');
2001 // For some reason typeof null is "object", so special case here.
2002 if (isNull(value))
2003 return ctx.stylize('null', 'null');
2004}
2005
2006
2007function formatError(value) {
2008 return '[' + Error.prototype.toString.call(value) + ']';
2009}
2010
2011
2012function formatArray(ctx, value, recurseTimes, visibleKeys, keys) {
2013 var output = [];
2014 for (var i = 0, l = value.length; i < l; ++i) {
2015 if (hasOwnProperty(value, String(i))) {
2016 output.push(formatProperty(ctx, value, recurseTimes, visibleKeys,
2017 String(i), true));
2018 } else {
2019 output.push('');
2020 }
2021 }
2022 keys.forEach(function(key) {
2023 if (!key.match(/^\d+$/)) {
2024 output.push(formatProperty(ctx, value, recurseTimes, visibleKeys,
2025 key, true));
2026 }
2027 });
2028 return output;
2029}
2030
2031
2032function formatProperty(ctx, value, recurseTimes, visibleKeys, key, array) {
2033 var name, str, desc;
2034 desc = Object.getOwnPropertyDescriptor(value, key) || { value: value[key] };
2035 if (desc.get) {
2036 if (desc.set) {
2037 str = ctx.stylize('[Getter/Setter]', 'special');
2038 } else {
2039 str = ctx.stylize('[Getter]', 'special');
2040 }
2041 } else {
2042 if (desc.set) {
2043 str = ctx.stylize('[Setter]', 'special');
2044 }
2045 }
2046 if (!hasOwnProperty(visibleKeys, key)) {
2047 name = '[' + key + ']';
2048 }
2049 if (!str) {
2050 if (ctx.seen.indexOf(desc.value) < 0) {
2051 if (isNull(recurseTimes)) {
2052 str = formatValue(ctx, desc.value, null);
2053 } else {
2054 str = formatValue(ctx, desc.value, recurseTimes - 1);
2055 }
2056 if (str.indexOf('\n') > -1) {
2057 if (array) {
2058 str = str.split('\n').map(function(line) {
2059 return ' ' + line;
2060 }).join('\n').substr(2);
2061 } else {
2062 str = '\n' + str.split('\n').map(function(line) {
2063 return ' ' + line;
2064 }).join('\n');
2065 }
2066 }
2067 } else {
2068 str = ctx.stylize('[Circular]', 'special');
2069 }
2070 }
2071 if (isUndefined(name)) {
2072 if (array && key.match(/^\d+$/)) {
2073 return str;
2074 }
2075 name = JSON.stringify('' + key);
2076 if (name.match(/^"([a-zA-Z_][a-zA-Z_0-9]*)"$/)) {
2077 name = name.substr(1, name.length - 2);
2078 name = ctx.stylize(name, 'name');
2079 } else {
2080 name = name.replace(/'/g, "\\'")
2081 .replace(/\\"/g, '"')
2082 .replace(/(^"|"$)/g, "'");
2083 name = ctx.stylize(name, 'string');
2084 }
2085 }
2086
2087 return name + ': ' + str;
2088}
2089
2090
2091function reduceToSingleString(output, base, braces) {
2092 var numLinesEst = 0;
2093 var length = output.reduce(function(prev, cur) {
2094 numLinesEst++;
2095 if (cur.indexOf('\n') >= 0) numLinesEst++;
2096 return prev + cur.replace(/\u001b\[\d\d?m/g, '').length + 1;
2097 }, 0);
2098
2099 if (length > 60) {
2100 return braces[0] +
2101 (base === '' ? '' : base + '\n ') +
2102 ' ' +
2103 output.join(',\n ') +
2104 ' ' +
2105 braces[1];
2106 }
2107
2108 return braces[0] + base + ' ' + output.join(', ') + ' ' + braces[1];
2109}
2110
2111
2112// NOTE: These type checking functions intentionally don't use `instanceof`
2113// because it is fragile and can be easily faked with `Object.create()`.
2114function isArray(ar) {
2115 return Array.isArray(ar);
2116}
2117exports.isArray = isArray;
2118
2119function isBoolean(arg) {
2120 return typeof arg === 'boolean';
2121}
2122exports.isBoolean = isBoolean;
2123
2124function isNull(arg) {
2125 return arg === null;
2126}
2127exports.isNull = isNull;
2128
2129function isNullOrUndefined(arg) {
2130 return arg == null;
2131}
2132exports.isNullOrUndefined = isNullOrUndefined;
2133
2134function isNumber(arg) {
2135 return typeof arg === 'number';
2136}
2137exports.isNumber = isNumber;
2138
2139function isString(arg) {
2140 return typeof arg === 'string';
2141}
2142exports.isString = isString;
2143
2144function isSymbol(arg) {
2145 return typeof arg === 'symbol';
2146}
2147exports.isSymbol = isSymbol;
2148
2149function isUndefined(arg) {
2150 return arg === void 0;
2151}
2152exports.isUndefined = isUndefined;
2153
2154function isRegExp(re) {
2155 return isObject(re) && objectToString(re) === '[object RegExp]';
2156}
2157exports.isRegExp = isRegExp;
2158
2159function isObject(arg) {
2160 return typeof arg === 'object' && arg !== null;
2161}
2162exports.isObject = isObject;
2163
2164function isDate(d) {
2165 return isObject(d) && objectToString(d) === '[object Date]';
2166}
2167exports.isDate = isDate;
2168
2169function isError(e) {
2170 return isObject(e) &&
2171 (objectToString(e) === '[object Error]' || e instanceof Error);
2172}
2173exports.isError = isError;
2174
2175function isFunction(arg) {
2176 return typeof arg === 'function';
2177}
2178exports.isFunction = isFunction;
2179
2180function isPrimitive(arg) {
2181 return arg === null ||
2182 typeof arg === 'boolean' ||
2183 typeof arg === 'number' ||
2184 typeof arg === 'string' ||
2185 typeof arg === 'symbol' || // ES6 symbol
2186 typeof arg === 'undefined';
2187}
2188exports.isPrimitive = isPrimitive;
2189
2190exports.isBuffer = _dereq_('./support/isBuffer');
2191
2192function objectToString(o) {
2193 return Object.prototype.toString.call(o);
2194}
2195
2196
2197function pad(n) {
2198 return n < 10 ? '0' + n.toString(10) : n.toString(10);
2199}
2200
2201
2202var months = ['Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep',
2203 'Oct', 'Nov', 'Dec'];
2204
2205// 26 Feb 16:19:34
2206function timestamp() {
2207 var d = new Date();
2208 var time = [pad(d.getHours()),
2209 pad(d.getMinutes()),
2210 pad(d.getSeconds())].join(':');
2211 return [d.getDate(), months[d.getMonth()], time].join(' ');
2212}
2213
2214
2215// log is just a thin wrapper to console.log that prepends a timestamp
2216exports.log = function() {
2217 console.log('%s - %s', timestamp(), exports.format.apply(exports, arguments));
2218};
2219
2220
2221/**
2222 * Inherit the prototype methods from one constructor into another.
2223 *
2224 * The Function.prototype.inherits from lang.js rewritten as a standalone
2225 * function (not on Function.prototype). NOTE: If this file is to be loaded
2226 * during bootstrapping this function needs to be rewritten using some native
2227 * functions as prototype setup using normal JavaScript does not work as
2228 * expected during bootstrapping (see mirror.js in r114903).
2229 *
2230 * @param {function} ctor Constructor function which needs to inherit the
2231 * prototype.
2232 * @param {function} superCtor Constructor function to inherit prototype from.
2233 */
2234exports.inherits = _dereq_('inherits');
2235
2236exports._extend = function(origin, add) {
2237 // Don't do anything if add isn't an object
2238 if (!add || !isObject(add)) return origin;
2239
2240 var keys = Object.keys(add);
2241 var i = keys.length;
2242 while (i--) {
2243 origin[keys[i]] = add[keys[i]];
2244 }
2245 return origin;
2246};
2247
2248function hasOwnProperty(obj, prop) {
2249 return Object.prototype.hasOwnProperty.call(obj, prop);
2250}
2251
2252}).call(this,_dereq_("FWaASH"),typeof self !== "undefined" ? self : typeof window !== "undefined" ? window : {})
2253},{"./support/isBuffer":5,"FWaASH":12,"inherits":11}],7:[function(_dereq_,module,exports){
2254
2255},{}],8:[function(_dereq_,module,exports){
2256/*!
2257 * The buffer module from node.js, for the browser.
2258 *
2259 * at author Feross Aboukhadijeh <feross@feross.org> <http://feross.org>
2260 * at license MIT
2261 */
2262
2263var base64 = _dereq_('base64-js')
2264var ieee754 = _dereq_('ieee754')
2265
2266exports.Buffer = Buffer
2267exports.SlowBuffer = Buffer
2268exports.INSPECT_MAX_BYTES = 50
2269Buffer.poolSize = 8192
2270
2271/**
2272 * If `Buffer._useTypedArrays`:
2273 * === true Use Uint8Array implementation (fastest)
2274 * === false Use Object implementation (compatible down to IE6)
2275 */
2276Buffer._useTypedArrays = (function () {
2277 // Detect if browser supports Typed Arrays. Supported browsers are IE 10+, Firefox 4+,
2278 // Chrome 7+, Safari 5.1+, Opera 11.6+, iOS 4.2+. If the browser does not support adding
2279 // properties to `Uint8Array` instances, then that's the same as no `Uint8Array` support
2280 // because we need to be able to add all the node Buffer API methods. This is an issue
2281 // in Firefox 4-29. Now fixed: https://bugzilla.mozilla.org/show_bug.cgi?id=695438
2282 try {
2283 var buf = new ArrayBuffer(0)
2284 var arr = new Uint8Array(buf)
2285 arr.foo = function () { return 42 }
2286 return 42 === arr.foo() &&
2287 typeof arr.subarray === 'function' // Chrome 9-10 lack `subarray`
2288 } catch (e) {
2289 return false
2290 }
2291})()
2292
2293/**
2294 * Class: Buffer
2295 * =============
2296 *
2297 * The Buffer constructor returns instances of `Uint8Array` that are augmented
2298 * with function properties for all the node `Buffer` API functions. We use
2299 * `Uint8Array` so that square bracket notation works as expected -- it returns
2300 * a single octet.
2301 *
2302 * By augmenting the instances, we can avoid modifying the `Uint8Array`
2303 * prototype.
2304 */
2305function Buffer (subject, encoding, noZero) {
2306 if (!(this instanceof Buffer))
2307 return new Buffer(subject, encoding, noZero)
2308
2309 var type = typeof subject
2310
2311 if (encoding === 'base64' && type === 'string') {
2312 subject = base64clean(subject)
2313 }
2314
2315 // Find the length
2316 var length
2317 if (type === 'number')
2318 length = coerce(subject)
2319 else if (type === 'string')
2320 length = Buffer.byteLength(subject, encoding)
2321 else if (type === 'object')
2322 length = coerce(subject.length) // assume that object is array-like
2323 else
2324 throw new Error('First argument needs to be a number, array or string.')
2325
2326 var buf
2327 if (Buffer._useTypedArrays) {
2328 // Preferred: Return an augmented `Uint8Array` instance for best performance
2329 buf = Buffer._augment(new Uint8Array(length))
2330 } else {
2331 // Fallback: Return THIS instance of Buffer (created by `new`)
2332 buf = this
2333 buf.length = length
2334 buf._isBuffer = true
2335 }
2336
2337 var i
2338 if (Buffer._useTypedArrays && typeof subject.byteLength === 'number') {
2339 // Speed optimization -- use set if we're copying from a typed array
2340 buf._set(subject)
2341 } else if (isArrayish(subject)) {
2342 // Treat array-ish objects as a byte array
2343 if (Buffer.isBuffer(subject)) {
2344 for (i = 0; i < length; i++)
2345 buf[i] = subject.readUInt8(i)
2346 } else {
2347 for (i = 0; i < length; i++)
2348 buf[i] = ((subject[i] % 256) + 256) % 256
2349 }
2350 } else if (type === 'string') {
2351 buf.write(subject, 0, encoding)
2352 } else if (type === 'number' && !Buffer._useTypedArrays && !noZero) {
2353 for (i = 0; i < length; i++) {
2354 buf[i] = 0
2355 }
2356 }
2357
2358 return buf
2359}
2360
2361// STATIC METHODS
2362// ==============
2363
2364Buffer.isEncoding = function (encoding) {
2365 switch (String(encoding).toLowerCase()) {
2366 case 'hex':
2367 case 'utf8':
2368 case 'utf-8':
2369 case 'ascii':
2370 case 'binary':
2371 case 'base64':
2372 case 'raw':
2373 case 'ucs2':
2374 case 'ucs-2':
2375 case 'utf16le':
2376 case 'utf-16le':
2377 return true
2378 default:
2379 return false
2380 }
2381}
2382
2383Buffer.isBuffer = function (b) {
2384 return !!(b !== null && b !== undefined && b._isBuffer)
2385}
2386
2387Buffer.byteLength = function (str, encoding) {
2388 var ret
2389 str = str.toString()
2390 switch (encoding || 'utf8') {
2391 case 'hex':
2392 ret = str.length / 2
2393 break
2394 case 'utf8':
2395 case 'utf-8':
2396 ret = utf8ToBytes(str).length
2397 break
2398 case 'ascii':
2399 case 'binary':
2400 case 'raw':
2401 ret = str.length
2402 break
2403 case 'base64':
2404 ret = base64ToBytes(str).length
2405 break
2406 case 'ucs2':
2407 case 'ucs-2':
2408 case 'utf16le':
2409 case 'utf-16le':
2410 ret = str.length * 2
2411 break
2412 default:
2413 throw new Error('Unknown encoding')
2414 }
2415 return ret
2416}
2417
2418Buffer.concat = function (list, totalLength) {
2419 assert(isArray(list), 'Usage: Buffer.concat(list[, length])')
2420
2421 if (list.length === 0) {
2422 return new Buffer(0)
2423 } else if (list.length === 1) {
2424 return list[0]
2425 }
2426
2427 var i
2428 if (totalLength === undefined) {
2429 totalLength = 0
2430 for (i = 0; i < list.length; i++) {
2431 totalLength += list[i].length
2432 }
2433 }
2434
2435 var buf = new Buffer(totalLength)
2436 var pos = 0
2437 for (i = 0; i < list.length; i++) {
2438 var item = list[i]
2439 item.copy(buf, pos)
2440 pos += item.length
2441 }
2442 return buf
2443}
2444
2445Buffer.compare = function (a, b) {
2446 assert(Buffer.isBuffer(a) && Buffer.isBuffer(b), 'Arguments must be Buffers')
2447 var x = a.length
2448 var y = b.length
2449 for (var i = 0, len = Math.min(x, y); i < len && a[i] === b[i]; i++) {}
2450 if (i !== len) {
2451 x = a[i]
2452 y = b[i]
2453 }
2454 if (x < y) {
2455 return -1
2456 }
2457 if (y < x) {
2458 return 1
2459 }
2460 return 0
2461}
2462
2463// BUFFER INSTANCE METHODS
2464// =======================
2465
2466function hexWrite (buf, string, offset, length) {
2467 offset = Number(offset) || 0
2468 var remaining = buf.length - offset
2469 if (!length) {
2470 length = remaining
2471 } else {
2472 length = Number(length)
2473 if (length > remaining) {
2474 length = remaining
2475 }
2476 }
2477
2478 // must be an even number of digits
2479 var strLen = string.length
2480 assert(strLen % 2 === 0, 'Invalid hex string')
2481
2482 if (length > strLen / 2) {
2483 length = strLen / 2
2484 }
2485 for (var i = 0; i < length; i++) {
2486 var byte = parseInt(string.substr(i * 2, 2), 16)
2487 assert(!isNaN(byte), 'Invalid hex string')
2488 buf[offset + i] = byte
2489 }
2490 return i
2491}
2492
2493function utf8Write (buf, string, offset, length) {
2494 var charsWritten = blitBuffer(utf8ToBytes(string), buf, offset, length)
2495 return charsWritten
2496}
2497
2498function asciiWrite (buf, string, offset, length) {
2499 var charsWritten = blitBuffer(asciiToBytes(string), buf, offset, length)
2500 return charsWritten
2501}
2502
2503function binaryWrite (buf, string, offset, length) {
2504 return asciiWrite(buf, string, offset, length)
2505}
2506
2507function base64Write (buf, string, offset, length) {
2508 var charsWritten = blitBuffer(base64ToBytes(string), buf, offset, length)
2509 return charsWritten
2510}
2511
2512function utf16leWrite (buf, string, offset, length) {
2513 var charsWritten = blitBuffer(utf16leToBytes(string), buf, offset, length)
2514 return charsWritten
2515}
2516
2517Buffer.prototype.write = function (string, offset, length, encoding) {
2518 // Support both (string, offset, length, encoding)
2519 // and the legacy (string, encoding, offset, length)
2520 if (isFinite(offset)) {
2521 if (!isFinite(length)) {
2522 encoding = length
2523 length = undefined
2524 }
2525 } else { // legacy
2526 var swap = encoding
2527 encoding = offset
2528 offset = length
2529 length = swap
2530 }
2531
2532 offset = Number(offset) || 0
2533 var remaining = this.length - offset
2534 if (!length) {
2535 length = remaining
2536 } else {
2537 length = Number(length)
2538 if (length > remaining) {
2539 length = remaining
2540 }
2541 }
2542 encoding = String(encoding || 'utf8').toLowerCase()
2543
2544 var ret
2545 switch (encoding) {
2546 case 'hex':
2547 ret = hexWrite(this, string, offset, length)
2548 break
2549 case 'utf8':
2550 case 'utf-8':
2551 ret = utf8Write(this, string, offset, length)
2552 break
2553 case 'ascii':
2554 ret = asciiWrite(this, string, offset, length)
2555 break
2556 case 'binary':
2557 ret = binaryWrite(this, string, offset, length)
2558 break
2559 case 'base64':
2560 ret = base64Write(this, string, offset, length)
2561 break
2562 case 'ucs2':
2563 case 'ucs-2':
2564 case 'utf16le':
2565 case 'utf-16le':
2566 ret = utf16leWrite(this, string, offset, length)
2567 break
2568 default:
2569 throw new Error('Unknown encoding')
2570 }
2571 return ret
2572}
2573
2574Buffer.prototype.toString = function (encoding, start, end) {
2575 var self = this
2576
2577 encoding = String(encoding || 'utf8').toLowerCase()
2578 start = Number(start) || 0
2579 end = (end === undefined) ? self.length : Number(end)
2580
2581 // Fastpath empty strings
2582 if (end === start)
2583 return ''
2584
2585 var ret
2586 switch (encoding) {
2587 case 'hex':
2588 ret = hexSlice(self, start, end)
2589 break
2590 case 'utf8':
2591 case 'utf-8':
2592 ret = utf8Slice(self, start, end)
2593 break
2594 case 'ascii':
2595 ret = asciiSlice(self, start, end)
2596 break
2597 case 'binary':
2598 ret = binarySlice(self, start, end)
2599 break
2600 case 'base64':
2601 ret = base64Slice(self, start, end)
2602 break
2603 case 'ucs2':
2604 case 'ucs-2':
2605 case 'utf16le':
2606 case 'utf-16le':
2607 ret = utf16leSlice(self, start, end)
2608 break
2609 default:
2610 throw new Error('Unknown encoding')
2611 }
2612 return ret
2613}
2614
2615Buffer.prototype.toJSON = function () {
2616 return {
2617 type: 'Buffer',
2618 data: Array.prototype.slice.call(this._arr || this, 0)
2619 }
2620}
2621
2622Buffer.prototype.equals = function (b) {
2623 assert(Buffer.isBuffer(b), 'Argument must be a Buffer')
2624 return Buffer.compare(this, b) === 0
2625}
2626
2627Buffer.prototype.compare = function (b) {
2628 assert(Buffer.isBuffer(b), 'Argument must be a Buffer')
2629 return Buffer.compare(this, b)
2630}
2631
2632// copy(targetBuffer, targetStart=0, sourceStart=0, sourceEnd=buffer.length)
2633Buffer.prototype.copy = function (target, target_start, start, end) {
2634 var source = this
2635
2636 if (!start) start = 0
2637 if (!end && end !== 0) end = this.length
2638 if (!target_start) target_start = 0
2639
2640 // Copy 0 bytes; we're done
2641 if (end === start) return
2642 if (target.length === 0 || source.length === 0) return
2643
2644 // Fatal error conditions
2645 assert(end >= start, 'sourceEnd < sourceStart')
2646 assert(target_start >= 0 && target_start < target.length,
2647 'targetStart out of bounds')
2648 assert(start >= 0 && start < source.length, 'sourceStart out of bounds')
2649 assert(end >= 0 && end <= source.length, 'sourceEnd out of bounds')
2650
2651 // Are we oob?
2652 if (end > this.length)
2653 end = this.length
2654 if (target.length - target_start < end - start)
2655 end = target.length - target_start + start
2656
2657 var len = end - start
2658
2659 if (len < 100 || !Buffer._useTypedArrays) {
2660 for (var i = 0; i < len; i++) {
2661 target[i + target_start] = this[i + start]
2662 }
2663 } else {
2664 target._set(this.subarray(start, start + len), target_start)
2665 }
2666}
2667
2668function base64Slice (buf, start, end) {
2669 if (start === 0 && end === buf.length) {
2670 return base64.fromByteArray(buf)
2671 } else {
2672 return base64.fromByteArray(buf.slice(start, end))
2673 }
2674}
2675
2676function utf8Slice (buf, start, end) {
2677 var res = ''
2678 var tmp = ''
2679 end = Math.min(buf.length, end)
2680
2681 for (var i = start; i < end; i++) {
2682 if (buf[i] <= 0x7F) {
2683 res += decodeUtf8Char(tmp) + String.fromCharCode(buf[i])
2684 tmp = ''
2685 } else {
2686 tmp += '%' + buf[i].toString(16)
2687 }
2688 }
2689
2690 return res + decodeUtf8Char(tmp)
2691}
2692
2693function asciiSlice (buf, start, end) {
2694 var ret = ''
2695 end = Math.min(buf.length, end)
2696
2697 for (var i = start; i < end; i++) {
2698 ret += String.fromCharCode(buf[i])
2699 }
2700 return ret
2701}
2702
2703function binarySlice (buf, start, end) {
2704 return asciiSlice(buf, start, end)
2705}
2706
2707function hexSlice (buf, start, end) {
2708 var len = buf.length
2709
2710 if (!start || start < 0) start = 0
2711 if (!end || end < 0 || end > len) end = len
2712
2713 var out = ''
2714 for (var i = start; i < end; i++) {
2715 out += toHex(buf[i])
2716 }
2717 return out
2718}
2719
2720function utf16leSlice (buf, start, end) {
2721 var bytes = buf.slice(start, end)
2722 var res = ''
2723 for (var i = 0; i < bytes.length; i += 2) {
2724 res += String.fromCharCode(bytes[i] + bytes[i + 1] * 256)
2725 }
2726 return res
2727}
2728
2729Buffer.prototype.slice = function (start, end) {
2730 var len = this.length
2731 start = clamp(start, len, 0)
2732 end = clamp(end, len, len)
2733
2734 if (Buffer._useTypedArrays) {
2735 return Buffer._augment(this.subarray(start, end))
2736 } else {
2737 var sliceLen = end - start
2738 var newBuf = new Buffer(sliceLen, undefined, true)
2739 for (var i = 0; i < sliceLen; i++) {
2740 newBuf[i] = this[i + start]
2741 }
2742 return newBuf
2743 }
2744}
2745
2746// `get` will be removed in Node 0.13+
2747Buffer.prototype.get = function (offset) {
2748 console.log('.get() is deprecated. Access using array indexes instead.')
2749 return this.readUInt8(offset)
2750}
2751
2752// `set` will be removed in Node 0.13+
2753Buffer.prototype.set = function (v, offset) {
2754 console.log('.set() is deprecated. Access using array indexes instead.')
2755 return this.writeUInt8(v, offset)
2756}
2757
2758Buffer.prototype.readUInt8 = function (offset, noAssert) {
2759 if (!noAssert) {
2760 assert(offset !== undefined && offset !== null, 'missing offset')
2761 assert(offset < this.length, 'Trying to read beyond buffer length')
2762 }
2763
2764 if (offset >= this.length)
2765 return
2766
2767 return this[offset]
2768}
2769
2770function readUInt16 (buf, offset, littleEndian, noAssert) {
2771 if (!noAssert) {
2772 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
2773 assert(offset !== undefined && offset !== null, 'missing offset')
2774 assert(offset + 1 < buf.length, 'Trying to read beyond buffer length')
2775 }
2776
2777 var len = buf.length
2778 if (offset >= len)
2779 return
2780
2781 var val
2782 if (littleEndian) {
2783 val = buf[offset]
2784 if (offset + 1 < len)
2785 val |= buf[offset + 1] << 8
2786 } else {
2787 val = buf[offset] << 8
2788 if (offset + 1 < len)
2789 val |= buf[offset + 1]
2790 }
2791 return val
2792}
2793
2794Buffer.prototype.readUInt16LE = function (offset, noAssert) {
2795 return readUInt16(this, offset, true, noAssert)
2796}
2797
2798Buffer.prototype.readUInt16BE = function (offset, noAssert) {
2799 return readUInt16(this, offset, false, noAssert)
2800}
2801
2802function readUInt32 (buf, offset, littleEndian, noAssert) {
2803 if (!noAssert) {
2804 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
2805 assert(offset !== undefined && offset !== null, 'missing offset')
2806 assert(offset + 3 < buf.length, 'Trying to read beyond buffer length')
2807 }
2808
2809 var len = buf.length
2810 if (offset >= len)
2811 return
2812
2813 var val
2814 if (littleEndian) {
2815 if (offset + 2 < len)
2816 val = buf[offset + 2] << 16
2817 if (offset + 1 < len)
2818 val |= buf[offset + 1] << 8
2819 val |= buf[offset]
2820 if (offset + 3 < len)
2821 val = val + (buf[offset + 3] << 24 >>> 0)
2822 } else {
2823 if (offset + 1 < len)
2824 val = buf[offset + 1] << 16
2825 if (offset + 2 < len)
2826 val |= buf[offset + 2] << 8
2827 if (offset + 3 < len)
2828 val |= buf[offset + 3]
2829 val = val + (buf[offset] << 24 >>> 0)
2830 }
2831 return val
2832}
2833
2834Buffer.prototype.readUInt32LE = function (offset, noAssert) {
2835 return readUInt32(this, offset, true, noAssert)
2836}
2837
2838Buffer.prototype.readUInt32BE = function (offset, noAssert) {
2839 return readUInt32(this, offset, false, noAssert)
2840}
2841
2842Buffer.prototype.readInt8 = function (offset, noAssert) {
2843 if (!noAssert) {
2844 assert(offset !== undefined && offset !== null,
2845 'missing offset')
2846 assert(offset < this.length, 'Trying to read beyond buffer length')
2847 }
2848
2849 if (offset >= this.length)
2850 return
2851
2852 var neg = this[offset] & 0x80
2853 if (neg)
2854 return (0xff - this[offset] + 1) * -1
2855 else
2856 return this[offset]
2857}
2858
2859function readInt16 (buf, offset, littleEndian, noAssert) {
2860 if (!noAssert) {
2861 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
2862 assert(offset !== undefined && offset !== null, 'missing offset')
2863 assert(offset + 1 < buf.length, 'Trying to read beyond buffer length')
2864 }
2865
2866 var len = buf.length
2867 if (offset >= len)
2868 return
2869
2870 var val = readUInt16(buf, offset, littleEndian, true)
2871 var neg = val & 0x8000
2872 if (neg)
2873 return (0xffff - val + 1) * -1
2874 else
2875 return val
2876}
2877
2878Buffer.prototype.readInt16LE = function (offset, noAssert) {
2879 return readInt16(this, offset, true, noAssert)
2880}
2881
2882Buffer.prototype.readInt16BE = function (offset, noAssert) {
2883 return readInt16(this, offset, false, noAssert)
2884}
2885
2886function readInt32 (buf, offset, littleEndian, noAssert) {
2887 if (!noAssert) {
2888 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
2889 assert(offset !== undefined && offset !== null, 'missing offset')
2890 assert(offset + 3 < buf.length, 'Trying to read beyond buffer length')
2891 }
2892
2893 var len = buf.length
2894 if (offset >= len)
2895 return
2896
2897 var val = readUInt32(buf, offset, littleEndian, true)
2898 var neg = val & 0x80000000
2899 if (neg)
2900 return (0xffffffff - val + 1) * -1
2901 else
2902 return val
2903}
2904
2905Buffer.prototype.readInt32LE = function (offset, noAssert) {
2906 return readInt32(this, offset, true, noAssert)
2907}
2908
2909Buffer.prototype.readInt32BE = function (offset, noAssert) {
2910 return readInt32(this, offset, false, noAssert)
2911}
2912
2913function readFloat (buf, offset, littleEndian, noAssert) {
2914 if (!noAssert) {
2915 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
2916 assert(offset + 3 < buf.length, 'Trying to read beyond buffer length')
2917 }
2918
2919 return ieee754.read(buf, offset, littleEndian, 23, 4)
2920}
2921
2922Buffer.prototype.readFloatLE = function (offset, noAssert) {
2923 return readFloat(this, offset, true, noAssert)
2924}
2925
2926Buffer.prototype.readFloatBE = function (offset, noAssert) {
2927 return readFloat(this, offset, false, noAssert)
2928}
2929
2930function readDouble (buf, offset, littleEndian, noAssert) {
2931 if (!noAssert) {
2932 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
2933 assert(offset + 7 < buf.length, 'Trying to read beyond buffer length')
2934 }
2935
2936 return ieee754.read(buf, offset, littleEndian, 52, 8)
2937}
2938
2939Buffer.prototype.readDoubleLE = function (offset, noAssert) {
2940 return readDouble(this, offset, true, noAssert)
2941}
2942
2943Buffer.prototype.readDoubleBE = function (offset, noAssert) {
2944 return readDouble(this, offset, false, noAssert)
2945}
2946
2947Buffer.prototype.writeUInt8 = function (value, offset, noAssert) {
2948 if (!noAssert) {
2949 assert(value !== undefined && value !== null, 'missing value')
2950 assert(offset !== undefined && offset !== null, 'missing offset')
2951 assert(offset < this.length, 'trying to write beyond buffer length')
2952 verifuint(value, 0xff)
2953 }
2954
2955 if (offset >= this.length) return
2956
2957 this[offset] = value
2958 return offset + 1
2959}
2960
2961function writeUInt16 (buf, value, offset, littleEndian, noAssert) {
2962 if (!noAssert) {
2963 assert(value !== undefined && value !== null, 'missing value')
2964 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
2965 assert(offset !== undefined && offset !== null, 'missing offset')
2966 assert(offset + 1 < buf.length, 'trying to write beyond buffer length')
2967 verifuint(value, 0xffff)
2968 }
2969
2970 var len = buf.length
2971 if (offset >= len)
2972 return
2973
2974 for (var i = 0, j = Math.min(len - offset, 2); i < j; i++) {
2975 buf[offset + i] =
2976 (value & (0xff << (8 * (littleEndian ? i : 1 - i)))) >>>
2977 (littleEndian ? i : 1 - i) * 8
2978 }
2979 return offset + 2
2980}
2981
2982Buffer.prototype.writeUInt16LE = function (value, offset, noAssert) {
2983 return writeUInt16(this, value, offset, true, noAssert)
2984}
2985
2986Buffer.prototype.writeUInt16BE = function (value, offset, noAssert) {
2987 return writeUInt16(this, value, offset, false, noAssert)
2988}
2989
2990function writeUInt32 (buf, value, offset, littleEndian, noAssert) {
2991 if (!noAssert) {
2992 assert(value !== undefined && value !== null, 'missing value')
2993 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
2994 assert(offset !== undefined && offset !== null, 'missing offset')
2995 assert(offset + 3 < buf.length, 'trying to write beyond buffer length')
2996 verifuint(value, 0xffffffff)
2997 }
2998
2999 var len = buf.length
3000 if (offset >= len)
3001 return
3002
3003 for (var i = 0, j = Math.min(len - offset, 4); i < j; i++) {
3004 buf[offset + i] =
3005 (value >>> (littleEndian ? i : 3 - i) * 8) & 0xff
3006 }
3007 return offset + 4
3008}
3009
3010Buffer.prototype.writeUInt32LE = function (value, offset, noAssert) {
3011 return writeUInt32(this, value, offset, true, noAssert)
3012}
3013
3014Buffer.prototype.writeUInt32BE = function (value, offset, noAssert) {
3015 return writeUInt32(this, value, offset, false, noAssert)
3016}
3017
3018Buffer.prototype.writeInt8 = function (value, offset, noAssert) {
3019 if (!noAssert) {
3020 assert(value !== undefined && value !== null, 'missing value')
3021 assert(offset !== undefined && offset !== null, 'missing offset')
3022 assert(offset < this.length, 'Trying to write beyond buffer length')
3023 verifsint(value, 0x7f, -0x80)
3024 }
3025
3026 if (offset >= this.length)
3027 return
3028
3029 if (value >= 0)
3030 this.writeUInt8(value, offset, noAssert)
3031 else
3032 this.writeUInt8(0xff + value + 1, offset, noAssert)
3033 return offset + 1
3034}
3035
3036function writeInt16 (buf, value, offset, littleEndian, noAssert) {
3037 if (!noAssert) {
3038 assert(value !== undefined && value !== null, 'missing value')
3039 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
3040 assert(offset !== undefined && offset !== null, 'missing offset')
3041 assert(offset + 1 < buf.length, 'Trying to write beyond buffer length')
3042 verifsint(value, 0x7fff, -0x8000)
3043 }
3044
3045 var len = buf.length
3046 if (offset >= len)
3047 return
3048
3049 if (value >= 0)
3050 writeUInt16(buf, value, offset, littleEndian, noAssert)
3051 else
3052 writeUInt16(buf, 0xffff + value + 1, offset, littleEndian, noAssert)
3053 return offset + 2
3054}
3055
3056Buffer.prototype.writeInt16LE = function (value, offset, noAssert) {
3057 return writeInt16(this, value, offset, true, noAssert)
3058}
3059
3060Buffer.prototype.writeInt16BE = function (value, offset, noAssert) {
3061 return writeInt16(this, value, offset, false, noAssert)
3062}
3063
3064function writeInt32 (buf, value, offset, littleEndian, noAssert) {
3065 if (!noAssert) {
3066 assert(value !== undefined && value !== null, 'missing value')
3067 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
3068 assert(offset !== undefined && offset !== null, 'missing offset')
3069 assert(offset + 3 < buf.length, 'Trying to write beyond buffer length')
3070 verifsint(value, 0x7fffffff, -0x80000000)
3071 }
3072
3073 var len = buf.length
3074 if (offset >= len)
3075 return
3076
3077 if (value >= 0)
3078 writeUInt32(buf, value, offset, littleEndian, noAssert)
3079 else
3080 writeUInt32(buf, 0xffffffff + value + 1, offset, littleEndian, noAssert)
3081 return offset + 4
3082}
3083
3084Buffer.prototype.writeInt32LE = function (value, offset, noAssert) {
3085 return writeInt32(this, value, offset, true, noAssert)
3086}
3087
3088Buffer.prototype.writeInt32BE = function (value, offset, noAssert) {
3089 return writeInt32(this, value, offset, false, noAssert)
3090}
3091
3092function writeFloat (buf, value, offset, littleEndian, noAssert) {
3093 if (!noAssert) {
3094 assert(value !== undefined && value !== null, 'missing value')
3095 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
3096 assert(offset !== undefined && offset !== null, 'missing offset')
3097 assert(offset + 3 < buf.length, 'Trying to write beyond buffer length')
3098 verifIEEE754(value, 3.4028234663852886e+38, -3.4028234663852886e+38)
3099 }
3100
3101 var len = buf.length
3102 if (offset >= len)
3103 return
3104
3105 ieee754.write(buf, value, offset, littleEndian, 23, 4)
3106 return offset + 4
3107}
3108
3109Buffer.prototype.writeFloatLE = function (value, offset, noAssert) {
3110 return writeFloat(this, value, offset, true, noAssert)
3111}
3112
3113Buffer.prototype.writeFloatBE = function (value, offset, noAssert) {
3114 return writeFloat(this, value, offset, false, noAssert)
3115}
3116
3117function writeDouble (buf, value, offset, littleEndian, noAssert) {
3118 if (!noAssert) {
3119 assert(value !== undefined && value !== null, 'missing value')
3120 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
3121 assert(offset !== undefined && offset !== null, 'missing offset')
3122 assert(offset + 7 < buf.length,
3123 'Trying to write beyond buffer length')
3124 verifIEEE754(value, 1.7976931348623157E+308, -1.7976931348623157E+308)
3125 }
3126
3127 var len = buf.length
3128 if (offset >= len)
3129 return
3130
3131 ieee754.write(buf, value, offset, littleEndian, 52, 8)
3132 return offset + 8
3133}
3134
3135Buffer.prototype.writeDoubleLE = function (value, offset, noAssert) {
3136 return writeDouble(this, value, offset, true, noAssert)
3137}
3138
3139Buffer.prototype.writeDoubleBE = function (value, offset, noAssert) {
3140 return writeDouble(this, value, offset, false, noAssert)
3141}
3142
3143// fill(value, start=0, end=buffer.length)
3144Buffer.prototype.fill = function (value, start, end) {
3145 if (!value) value = 0
3146 if (!start) start = 0
3147 if (!end) end = this.length
3148
3149 assert(end >= start, 'end < start')
3150
3151 // Fill 0 bytes; we're done
3152 if (end === start) return
3153 if (this.length === 0) return
3154
3155 assert(start >= 0 && start < this.length, 'start out of bounds')
3156 assert(end >= 0 && end <= this.length, 'end out of bounds')
3157
3158 var i
3159 if (typeof value === 'number') {
3160 for (i = start; i < end; i++) {
3161 this[i] = value
3162 }
3163 } else {
3164 var bytes = utf8ToBytes(value.toString())
3165 var len = bytes.length
3166 for (i = start; i < end; i++) {
3167 this[i] = bytes[i % len]
3168 }
3169 }
3170
3171 return this
3172}
3173
3174Buffer.prototype.inspect = function () {
3175 var out = []
3176 var len = this.length
3177 for (var i = 0; i < len; i++) {
3178 out[i] = toHex(this[i])
3179 if (i === exports.INSPECT_MAX_BYTES) {
3180 out[i + 1] = '...'
3181 break
3182 }
3183 }
3184 return '<Buffer ' + out.join(' ') + '>'
3185}
3186
3187/**
3188 * Creates a new `ArrayBuffer` with the *copied* memory of the buffer instance.
3189 * Added in Node 0.12. Only available in browsers that support ArrayBuffer.
3190 */
3191Buffer.prototype.toArrayBuffer = function () {
3192 if (typeof Uint8Array !== 'undefined') {
3193 if (Buffer._useTypedArrays) {
3194 return (new Buffer(this)).buffer
3195 } else {
3196 var buf = new Uint8Array(this.length)
3197 for (var i = 0, len = buf.length; i < len; i += 1) {
3198 buf[i] = this[i]
3199 }
3200 return buf.buffer
3201 }
3202 } else {
3203 throw new Error('Buffer.toArrayBuffer not supported in this browser')
3204 }
3205}
3206
3207// HELPER FUNCTIONS
3208// ================
3209
3210var BP = Buffer.prototype
3211
3212/**
3213 * Augment a Uint8Array *instance* (not the Uint8Array class!) with Buffer methods
3214 */
3215Buffer._augment = function (arr) {
3216 arr._isBuffer = true
3217
3218 // save reference to original Uint8Array get/set methods before overwriting
3219 arr._get = arr.get
3220 arr._set = arr.set
3221
3222 // deprecated, will be removed in node 0.13+
3223 arr.get = BP.get
3224 arr.set = BP.set
3225
3226 arr.write = BP.write
3227 arr.toString = BP.toString
3228 arr.toLocaleString = BP.toString
3229 arr.toJSON = BP.toJSON
3230 arr.equals = BP.equals
3231 arr.compare = BP.compare
3232 arr.copy = BP.copy
3233 arr.slice = BP.slice
3234 arr.readUInt8 = BP.readUInt8
3235 arr.readUInt16LE = BP.readUInt16LE
3236 arr.readUInt16BE = BP.readUInt16BE
3237 arr.readUInt32LE = BP.readUInt32LE
3238 arr.readUInt32BE = BP.readUInt32BE
3239 arr.readInt8 = BP.readInt8
3240 arr.readInt16LE = BP.readInt16LE
3241 arr.readInt16BE = BP.readInt16BE
3242 arr.readInt32LE = BP.readInt32LE
3243 arr.readInt32BE = BP.readInt32BE
3244 arr.readFloatLE = BP.readFloatLE
3245 arr.readFloatBE = BP.readFloatBE
3246 arr.readDoubleLE = BP.readDoubleLE
3247 arr.readDoubleBE = BP.readDoubleBE
3248 arr.writeUInt8 = BP.writeUInt8
3249 arr.writeUInt16LE = BP.writeUInt16LE
3250 arr.writeUInt16BE = BP.writeUInt16BE
3251 arr.writeUInt32LE = BP.writeUInt32LE
3252 arr.writeUInt32BE = BP.writeUInt32BE
3253 arr.writeInt8 = BP.writeInt8
3254 arr.writeInt16LE = BP.writeInt16LE
3255 arr.writeInt16BE = BP.writeInt16BE
3256 arr.writeInt32LE = BP.writeInt32LE
3257 arr.writeInt32BE = BP.writeInt32BE
3258 arr.writeFloatLE = BP.writeFloatLE
3259 arr.writeFloatBE = BP.writeFloatBE
3260 arr.writeDoubleLE = BP.writeDoubleLE
3261 arr.writeDoubleBE = BP.writeDoubleBE
3262 arr.fill = BP.fill
3263 arr.inspect = BP.inspect
3264 arr.toArrayBuffer = BP.toArrayBuffer
3265
3266 return arr
3267}
3268
3269var INVALID_BASE64_RE = /[^+\/0-9A-z]/g
3270
3271function base64clean (str) {
3272 // Node strips out invalid characters like \n and \t from the string, base64-js does not
3273 str = stringtrim(str).replace(INVALID_BASE64_RE, '')
3274 // Node allows for non-padded base64 strings (missing trailing ===), base64-js does not
3275 while (str.length % 4 !== 0) {
3276 str = str + '='
3277 }
3278 return str
3279}
3280
3281function stringtrim (str) {
3282 if (str.trim) return str.trim()
3283 return str.replace(/^\s+|\s+$/g, '')
3284}
3285
3286// slice(start, end)
3287function clamp (index, len, defaultValue) {
3288 if (typeof index !== 'number') return defaultValue
3289 index = ~~index; // Coerce to integer.
3290 if (index >= len) return len
3291 if (index >= 0) return index
3292 index += len
3293 if (index >= 0) return index
3294 return 0
3295}
3296
3297function coerce (length) {
3298 // Coerce length to a number (possibly NaN), round up
3299 // in case it's fractional (e.g. 123.456) then do a
3300 // double negate to coerce a NaN to 0. Easy, right?
3301 length = ~~Math.ceil(+length)
3302 return length < 0 ? 0 : length
3303}
3304
3305function isArray (subject) {
3306 return (Array.isArray || function (subject) {
3307 return Object.prototype.toString.call(subject) === '[object Array]'
3308 })(subject)
3309}
3310
3311function isArrayish (subject) {
3312 return isArray(subject) || Buffer.isBuffer(subject) ||
3313 subject && typeof subject === 'object' &&
3314 typeof subject.length === 'number'
3315}
3316
3317function toHex (n) {
3318 if (n < 16) return '0' + n.toString(16)
3319 return n.toString(16)
3320}
3321
3322function utf8ToBytes (str) {
3323 var byteArray = []
3324 for (var i = 0; i < str.length; i++) {
3325 var b = str.charCodeAt(i)
3326 if (b <= 0x7F) {
3327 byteArray.push(b)
3328 } else {
3329 var start = i
3330 if (b >= 0xD800 && b <= 0xDFFF) i++
3331 var h = encodeURIComponent(str.slice(start, i+1)).substr(1).split('%')
3332 for (var j = 0; j < h.length; j++) {
3333 byteArray.push(parseInt(h[j], 16))
3334 }
3335 }
3336 }
3337 return byteArray
3338}
3339
3340function asciiToBytes (str) {
3341 var byteArray = []
3342 for (var i = 0; i < str.length; i++) {
3343 // Node's code seems to be doing this and not & 0x7F..
3344 byteArray.push(str.charCodeAt(i) & 0xFF)
3345 }
3346 return byteArray
3347}
3348
3349function utf16leToBytes (str) {
3350 var c, hi, lo
3351 var byteArray = []
3352 for (var i = 0; i < str.length; i++) {
3353 c = str.charCodeAt(i)
3354 hi = c >> 8
3355 lo = c % 256
3356 byteArray.push(lo)
3357 byteArray.push(hi)
3358 }
3359
3360 return byteArray
3361}
3362
3363function base64ToBytes (str) {
3364 return base64.toByteArray(str)
3365}
3366
3367function blitBuffer (src, dst, offset, length) {
3368 for (var i = 0; i < length; i++) {
3369 if ((i + offset >= dst.length) || (i >= src.length))
3370 break
3371 dst[i + offset] = src[i]
3372 }
3373 return i
3374}
3375
3376function decodeUtf8Char (str) {
3377 try {
3378 return decodeURIComponent(str)
3379 } catch (err) {
3380 return String.fromCharCode(0xFFFD) // UTF 8 invalid char
3381 }
3382}
3383
3384/*
3385 * We have to make sure that the value is a valid integer. This means that it
3386 * is non-negative. It has no fractional component and that it does not
3387 * exceed the maximum allowed value.
3388 */
3389function verifuint (value, max) {
3390 assert(typeof value === 'number', 'cannot write a non-number as a number')
3391 assert(value >= 0, 'specified a negative value for writing an unsigned value')
3392 assert(value <= max, 'value is larger than maximum value for type')
3393 assert(Math.floor(value) === value, 'value has a fractional component')
3394}
3395
3396function verifsint (value, max, min) {
3397 assert(typeof value === 'number', 'cannot write a non-number as a number')
3398 assert(value <= max, 'value larger than maximum allowed value')
3399 assert(value >= min, 'value smaller than minimum allowed value')
3400 assert(Math.floor(value) === value, 'value has a fractional component')
3401}
3402
3403function verifIEEE754 (value, max, min) {
3404 assert(typeof value === 'number', 'cannot write a non-number as a number')
3405 assert(value <= max, 'value larger than maximum allowed value')
3406 assert(value >= min, 'value smaller than minimum allowed value')
3407}
3408
3409function assert (test, message) {
3410 if (!test) throw new Error(message || 'Failed assertion')
3411}
3412
3413},{"base64-js":9,"ieee754":10}],9:[function(_dereq_,module,exports){
3414var lookup = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
3415
3416;(function (exports) {
3417 'use strict';
3418
3419 var Arr = (typeof Uint8Array !== 'undefined')
3420 ? Uint8Array
3421 : Array
3422
3423 var PLUS = '+'.charCodeAt(0)
3424 var SLASH = '/'.charCodeAt(0)
3425 var NUMBER = '0'.charCodeAt(0)
3426 var LOWER = 'a'.charCodeAt(0)
3427 var UPPER = 'A'.charCodeAt(0)
3428
3429 function decode (elt) {
3430 var code = elt.charCodeAt(0)
3431 if (code === PLUS)
3432 return 62 // '+'
3433 if (code === SLASH)
3434 return 63 // '/'
3435 if (code < NUMBER)
3436 return -1 //no match
3437 if (code < NUMBER + 10)
3438 return code - NUMBER + 26 + 26
3439 if (code < UPPER + 26)
3440 return code - UPPER
3441 if (code < LOWER + 26)
3442 return code - LOWER + 26
3443 }
3444
3445 function b64ToByteArray (b64) {
3446 var i, j, l, tmp, placeHolders, arr
3447
3448 if (b64.length % 4 > 0) {
3449 throw new Error('Invalid string. Length must be a multiple of 4')
3450 }
3451
3452 // the number of equal signs (place holders)
3453 // if there are two placeholders, than the two characters before it
3454 // represent one byte
3455 // if there is only one, then the three characters before it represent 2 bytes
3456 // this is just a cheap hack to not do indexOf twice
3457 var len = b64.length
3458 placeHolders = '=' === b64.charAt(len - 2) ? 2 : '=' === b64.charAt(len - 1) ? 1 : 0
3459
3460 // base64 is 4/3 + up to two characters of the original data
3461 arr = new Arr(b64.length * 3 / 4 - placeHolders)
3462
3463 // if there are placeholders, only get up to the last complete 4 chars
3464 l = placeHolders > 0 ? b64.length - 4 : b64.length
3465
3466 var L = 0
3467
3468 function push (v) {
3469 arr[L++] = v
3470 }
3471
3472 for (i = 0, j = 0; i < l; i += 4, j += 3) {
3473 tmp = (decode(b64.charAt(i)) << 18) | (decode(b64.charAt(i + 1)) << 12) | (decode(b64.charAt(i + 2)) << 6) | decode(b64.charAt(i + 3))
3474 push((tmp & 0xFF0000) >> 16)
3475 push((tmp & 0xFF00) >> 8)
3476 push(tmp & 0xFF)
3477 }
3478
3479 if (placeHolders === 2) {
3480 tmp = (decode(b64.charAt(i)) << 2) | (decode(b64.charAt(i + 1)) >> 4)
3481 push(tmp & 0xFF)
3482 } else if (placeHolders === 1) {
3483 tmp = (decode(b64.charAt(i)) << 10) | (decode(b64.charAt(i + 1)) << 4) | (decode(b64.charAt(i + 2)) >> 2)
3484 push((tmp >> 8) & 0xFF)
3485 push(tmp & 0xFF)
3486 }
3487
3488 return arr
3489 }
3490
3491 function uint8ToBase64 (uint8) {
3492 var i,
3493 extraBytes = uint8.length % 3, // if we have 1 byte left, pad 2 bytes
3494 output = "",
3495 temp, length
3496
3497 function encode (num) {
3498 return lookup.charAt(num)
3499 }
3500
3501 function tripletToBase64 (num) {
3502 return encode(num >> 18 & 0x3F) + encode(num >> 12 & 0x3F) + encode(num >> 6 & 0x3F) + encode(num & 0x3F)
3503 }
3504
3505 // go through the array every three bytes, we'll deal with trailing stuff later
3506 for (i = 0, length = uint8.length - extraBytes; i < length; i += 3) {
3507 temp = (uint8[i] << 16) + (uint8[i + 1] << 8) + (uint8[i + 2])
3508 output += tripletToBase64(temp)
3509 }
3510
3511 // pad the end with zeros, but make sure to not forget the extra bytes
3512 switch (extraBytes) {
3513 case 1:
3514 temp = uint8[uint8.length - 1]
3515 output += encode(temp >> 2)
3516 output += encode((temp << 4) & 0x3F)
3517 output += '=='
3518 break
3519 case 2:
3520 temp = (uint8[uint8.length - 2] << 8) + (uint8[uint8.length - 1])
3521 output += encode(temp >> 10)
3522 output += encode((temp >> 4) & 0x3F)
3523 output += encode((temp << 2) & 0x3F)
3524 output += '='
3525 break
3526 }
3527
3528 return output
3529 }
3530
3531 exports.toByteArray = b64ToByteArray
3532 exports.fromByteArray = uint8ToBase64
3533}(typeof exports === 'undefined' ? (this.base64js = {}) : exports))
3534
3535},{}],10:[function(_dereq_,module,exports){
3536exports.read = function(buffer, offset, isLE, mLen, nBytes) {
3537 var e, m,
3538 eLen = nBytes * 8 - mLen - 1,
3539 eMax = (1 << eLen) - 1,
3540 eBias = eMax >> 1,
3541 nBits = -7,
3542 i = isLE ? (nBytes - 1) : 0,
3543 d = isLE ? -1 : 1,
3544 s = buffer[offset + i];
3545
3546 i += d;
3547
3548 e = s & ((1 << (-nBits)) - 1);
3549 s >>= (-nBits);
3550 nBits += eLen;
3551 for (; nBits > 0; e = e * 256 + buffer[offset + i], i += d, nBits -= 8){};
3552
3553 m = e & ((1 << (-nBits)) - 1);
3554 e >>= (-nBits);
3555 nBits += mLen;
3556 for (; nBits > 0; m = m * 256 + buffer[offset + i], i += d, nBits -= 8){};
3557
3558 if (e === 0) {
3559 e = 1 - eBias;
3560 } else if (e === eMax) {
3561 return m ? NaN : ((s ? -1 : 1) * Infinity);
3562 } else {
3563 m = m + Math.pow(2, mLen);
3564 e = e - eBias;
3565 }
3566 return (s ? -1 : 1) * m * Math.pow(2, e - mLen);
3567};
3568
3569exports.write = function(buffer, value, offset, isLE, mLen, nBytes) {
3570 var e, m, c,
3571 eLen = nBytes * 8 - mLen - 1,
3572 eMax = (1 << eLen) - 1,
3573 eBias = eMax >> 1,
3574 rt = (mLen === 23 ? Math.pow(2, -24) - Math.pow(2, -77) : 0),
3575 i = isLE ? 0 : (nBytes - 1),
3576 d = isLE ? 1 : -1,
3577 s = value < 0 || (value === 0 && 1 / value < 0) ? 1 : 0;
3578
3579 value = Math.abs(value);
3580
3581 if (isNaN(value) || value === Infinity) {
3582 m = isNaN(value) ? 1 : 0;
3583 e = eMax;
3584 } else {
3585 e = Math.floor(Math.log(value) / Math.LN2);
3586 if (value * (c = Math.pow(2, -e)) < 1) {
3587 e--;
3588 c *= 2;
3589 }
3590 if (e + eBias >= 1) {
3591 value += rt / c;
3592 } else {
3593 value += rt * Math.pow(2, 1 - eBias);
3594 }
3595 if (value * c >= 2) {
3596 e++;
3597 c /= 2;
3598 }
3599
3600 if (e + eBias >= eMax) {
3601 m = 0;
3602 e = eMax;
3603 } else if (e + eBias >= 1) {
3604 m = (value * c - 1) * Math.pow(2, mLen);
3605 e = e + eBias;
3606 } else {
3607 m = value * Math.pow(2, eBias - 1) * Math.pow(2, mLen);
3608 e = 0;
3609 }
3610 }
3611
3612 for (; mLen >= 8; buffer[offset + i] = m & 0xff, i += d, m /= 256, mLen -= 8){};
3613
3614 e = (e << mLen) | m;
3615 eLen += mLen;
3616 for (; eLen > 0; buffer[offset + i] = e & 0xff, i += d, e /= 256, eLen -= 8){};
3617
3618 buffer[offset + i - d] |= s * 128;
3619};
3620
3621},{}],11:[function(_dereq_,module,exports){
3622if (typeof Object.create === 'function') {
3623 // implementation from standard node.js 'util' module
3624 module.exports = function inherits(ctor, superCtor) {
3625 ctor.super_ = superCtor
3626 ctor.prototype = Object.create(superCtor.prototype, {
3627 constructor: {
3628 value: ctor,
3629 enumerable: false,
3630 writable: true,
3631 configurable: true
3632 }
3633 });
3634 };
3635} else {
3636 // old school shim for old browsers
3637 module.exports = function inherits(ctor, superCtor) {
3638 ctor.super_ = superCtor
3639 var TempCtor = function () {}
3640 TempCtor.prototype = superCtor.prototype
3641 ctor.prototype = new TempCtor()
3642 ctor.prototype.constructor = ctor
3643 }
3644}
3645
3646},{}],12:[function(_dereq_,module,exports){
3647// shim for using process in browser
3648
3649var process = module.exports = {};
3650
3651process.nextTick = (function () {
3652 var canSetImmediate = typeof window !== 'undefined'
3653 && window.setImmediate;
3654 var canPost = typeof window !== 'undefined'
3655 && window.postMessage && window.addEventListener
3656 ;
3657
3658 if (canSetImmediate) {
3659 return function (f) { return window.setImmediate(f) };
3660 }
3661
3662 if (canPost) {
3663 var queue = [];
3664 window.addEventListener('message', function (ev) {
3665 var source = ev.source;
3666 if ((source === window || source === null) && ev.data === 'process-tick') {
3667 ev.stopPropagation();
3668 if (queue.length > 0) {
3669 var fn = queue.shift();
3670 fn();
3671 }
3672 }
3673 }, true);
3674
3675 return function nextTick(fn) {
3676 queue.push(fn);
3677 window.postMessage('process-tick', '*');
3678 };
3679 }
3680
3681 return function nextTick(fn) {
3682 setTimeout(fn, 0);
3683 };
3684})();
3685
3686process.title = 'browser';
3687process.browser = true;
3688process.env = {};
3689process.argv = [];
3690
3691function noop() {}
3692
3693process.on = noop;
3694process.addListener = noop;
3695process.once = noop;
3696process.off = noop;
3697process.removeListener = noop;
3698process.removeAllListeners = noop;
3699process.emit = noop;
3700
3701process.binding = function (name) {
3702 throw new Error('process.binding is not supported');
3703}
3704
3705// TODO(shtylman)
3706process.cwd = function () { return '/' };
3707process.chdir = function (dir) {
3708 throw new Error('process.chdir is not supported');
3709};
3710
3711},{}],13:[function(_dereq_,module,exports){
3712module.exports=_dereq_(5)
3713},{}],14:[function(_dereq_,module,exports){
3714module.exports=_dereq_(6)
3715},{"./support/isBuffer":13,"FWaASH":12,"inherits":11}],15:[function(_dereq_,module,exports){
3716(function (Buffer){
3717// Base58 encoding/decoding
3718// Originally written by Mike Hearn for BitcoinJ
3719// Copyright (c) 2011 Google Inc
3720// Ported to JavaScript by Stefan Thomas
3721// Merged Buffer refactorings from base58-native by Stephen Pair
3722// Copyright (c) 2013 BitPay Inc
3723
3724var assert = _dereq_('assert')
3725var BigInteger = _dereq_('bigi')
3726
3727var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'
3728var ALPHABET_BUF = new Buffer(ALPHABET, 'ascii')
3729var ALPHABET_MAP = {}
3730for(var i = 0; i < ALPHABET.length; i++) {
3731 ALPHABET_MAP[ALPHABET.charAt(i)] = BigInteger.valueOf(i)
3732}
3733var BASE = new BigInteger('58')
3734
3735function encode(buffer) {
3736 var bi = BigInteger.fromBuffer(buffer)
3737 var result = new Buffer(buffer.length << 1)
3738
3739 var i = result.length - 1
3740 while (bi.signum() > 0) {
3741 var remainder = bi.mod(BASE)
3742 bi = bi.divide(BASE)
3743
3744 result[i] = ALPHABET_BUF[remainder.intValue()]
3745 i--
3746 }
3747
3748 // deal with leading zeros
3749 var j = 0
3750 while (buffer[j] === 0) {
3751 result[i] = ALPHABET_BUF[0]
3752 j++
3753 i--
3754 }
3755
3756 return result.slice(i + 1, result.length).toString('ascii')
3757}
3758
3759function decode(string) {
3760 if (string.length === 0) return new Buffer(0)
3761
3762 var num = BigInteger.ZERO
3763
3764 for (var i = 0; i < string.length; i++) {
3765 num = num.multiply(BASE)
3766
3767 var figure = ALPHABET_MAP[string.charAt(i)]
3768 assert.notEqual(figure, undefined, 'Non-base58 character')
3769
3770 num = num.add(figure)
3771 }
3772
3773 // deal with leading zeros
3774 var j = 0
3775 while ((j < string.length) && (string[j] === ALPHABET[0])) {
3776 j++
3777 }
3778
3779 var buffer = num.toBuffer()
3780 var leadingZeros = new Buffer(j)
3781 leadingZeros.fill(0)
3782
3783 return Buffer.concat([leadingZeros, buffer])
3784}
3785
3786module.exports = {
3787 encode: encode,
3788 decode: decode
3789}
3790
3791}).call(this,_dereq_("buffer").Buffer)
3792},{"assert":4,"bigi":3,"buffer":8}],16:[function(_dereq_,module,exports){
3793(function (Buffer){
3794var createHash = _dereq_('sha.js')
3795
3796var md5 = toConstructor(_dereq_('./md5'))
3797var rmd160 = toConstructor(_dereq_('ripemd160'))
3798
3799function toConstructor (fn) {
3800 return function () {
3801 var buffers = []
3802 var m= {
3803 update: function (data, enc) {
3804 if(!Buffer.isBuffer(data)) data = new Buffer(data, enc)
3805 buffers.push(data)
3806 return this
3807 },
3808 digest: function (enc) {
3809 var buf = Buffer.concat(buffers)
3810 var r = fn(buf)
3811 buffers = null
3812 return enc ? r.toString(enc) : r
3813 }
3814 }
3815 return m
3816 }
3817}
3818
3819module.exports = function (alg) {
3820 if('md5' === alg) return new md5()
3821 if('rmd160' === alg) return new rmd160()
3822 return createHash(alg)
3823}
3824
3825}).call(this,_dereq_("buffer").Buffer)
3826},{"./md5":20,"buffer":8,"ripemd160":21,"sha.js":23}],17:[function(_dereq_,module,exports){
3827(function (Buffer){
3828var createHash = _dereq_('./create-hash')
3829
3830var blocksize = 64
3831var zeroBuffer = new Buffer(blocksize); zeroBuffer.fill(0)
3832
3833module.exports = Hmac
3834
3835function Hmac (alg, key) {
3836 if(!(this instanceof Hmac)) return new Hmac(alg, key)
3837 this._opad = opad
3838 this._alg = alg
3839
3840 key = this._key = !Buffer.isBuffer(key) ? new Buffer(key) : key
3841
3842 if(key.length > blocksize) {
3843 key = createHash(alg).update(key).digest()
3844 } else if(key.length < blocksize) {
3845 key = Buffer.concat([key, zeroBuffer], blocksize)
3846 }
3847
3848 var ipad = this._ipad = new Buffer(blocksize)
3849 var opad = this._opad = new Buffer(blocksize)
3850
3851 for(var i = 0; i < blocksize; i++) {
3852 ipad[i] = key[i] ^ 0x36
3853 opad[i] = key[i] ^ 0x5C
3854 }
3855
3856 this._hash = createHash(alg).update(ipad)
3857}
3858
3859Hmac.prototype.update = function (data, enc) {
3860 this._hash.update(data, enc)
3861 return this
3862}
3863
3864Hmac.prototype.digest = function (enc) {
3865 var h = this._hash.digest()
3866 return createHash(this._alg).update(this._opad).update(h).digest(enc)
3867}
3868
3869
3870}).call(this,_dereq_("buffer").Buffer)
3871},{"./create-hash":16,"buffer":8}],18:[function(_dereq_,module,exports){
3872(function (Buffer){
3873var intSize = 4;
3874var zeroBuffer = new Buffer(intSize); zeroBuffer.fill(0);
3875var chrsz = 8;
3876
3877function toArray(buf, bigEndian) {
3878 if ((buf.length % intSize) !== 0) {
3879 var len = buf.length + (intSize - (buf.length % intSize));
3880 buf = Buffer.concat([buf, zeroBuffer], len);
3881 }
3882
3883 var arr = [];
3884 var fn = bigEndian ? buf.readInt32BE : buf.readInt32LE;
3885 for (var i = 0; i < buf.length; i += intSize) {
3886 arr.push(fn.call(buf, i));
3887 }
3888 return arr;
3889}
3890
3891function toBuffer(arr, size, bigEndian) {
3892 var buf = new Buffer(size);
3893 var fn = bigEndian ? buf.writeInt32BE : buf.writeInt32LE;
3894 for (var i = 0; i < arr.length; i++) {
3895 fn.call(buf, arr[i], i * 4, true);
3896 }
3897 return buf;
3898}
3899
3900function hash(buf, fn, hashSize, bigEndian) {
3901 if (!Buffer.isBuffer(buf)) buf = new Buffer(buf);
3902 var arr = fn(toArray(buf, bigEndian), buf.length * chrsz);
3903 return toBuffer(arr, hashSize, bigEndian);
3904}
3905
3906module.exports = { hash: hash };
3907
3908}).call(this,_dereq_("buffer").Buffer)
3909},{"buffer":8}],19:[function(_dereq_,module,exports){
3910(function (Buffer){
3911var rng = _dereq_('./rng')
3912
3913function error () {
3914 var m = [].slice.call(arguments).join(' ')
3915 throw new Error([
3916 m,
3917 'we accept pull requests',
3918 'http://github.com/dominictarr/crypto-browserify'
3919 ].join('\n'))
3920}
3921
3922exports.createHash = _dereq_('./create-hash')
3923
3924exports.createHmac = _dereq_('./create-hmac')
3925
3926exports.randomBytes = function(size, callback) {
3927 if (callback && callback.call) {
3928 try {
3929 callback.call(this, undefined, new Buffer(rng(size)))
3930 } catch (err) { callback(err) }
3931 } else {
3932 return new Buffer(rng(size))
3933 }
3934}
3935
3936function each(a, f) {
3937 for(var i in a)
3938 f(a[i], i)
3939}
3940
3941exports.getHashes = function () {
3942 return ['sha1', 'sha256', 'md5', 'rmd160']
3943
3944}
3945
3946var p = _dereq_('./pbkdf2')(exports.createHmac)
3947exports.pbkdf2 = p.pbkdf2
3948exports.pbkdf2Sync = p.pbkdf2Sync
3949
3950
3951// the least I can do is make error messages for the rest of the node.js/crypto api.
3952each(['createCredentials'
3953, 'createCipher'
3954, 'createCipheriv'
3955, 'createDecipher'
3956, 'createDecipheriv'
3957, 'createSign'
3958, 'createVerify'
3959, 'createDiffieHellman'
3960], function (name) {
3961 exports[name] = function () {
3962 error('sorry,', name, 'is not implemented yet')
3963 }
3964})
3965
3966}).call(this,_dereq_("buffer").Buffer)
3967},{"./create-hash":16,"./create-hmac":17,"./pbkdf2":27,"./rng":28,"buffer":8}],20:[function(_dereq_,module,exports){
3968/*
3969 * A JavaScript implementation of the RSA Data Security, Inc. MD5 Message
3970 * Digest Algorithm, as defined in RFC 1321.
3971 * Version 2.1 Copyright (C) Paul Johnston 1999 - 2002.
3972 * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
3973 * Distributed under the BSD License
3974 * See http://pajhome.org.uk/crypt/md5 for more info.
3975 */
3976
3977var helpers = _dereq_('./helpers');
3978
3979/*
3980 * Calculate the MD5 of an array of little-endian words, and a bit length
3981 */
3982function core_md5(x, len)
3983{
3984 /* append padding */
3985 x[len >> 5] |= 0x80 << ((len) % 32);
3986 x[(((len + 64) >>> 9) << 4) + 14] = len;
3987
3988 var a = 1732584193;
3989 var b = -271733879;
3990 var c = -1732584194;
3991 var d = 271733878;
3992
3993 for(var i = 0; i < x.length; i += 16)
3994 {
3995 var olda = a;
3996 var oldb = b;
3997 var oldc = c;
3998 var oldd = d;
3999
4000 a = md5_ff(a, b, c, d, x[i+ 0], 7 , -680876936);
4001 d = md5_ff(d, a, b, c, x[i+ 1], 12, -389564586);
4002 c = md5_ff(c, d, a, b, x[i+ 2], 17, 606105819);
4003 b = md5_ff(b, c, d, a, x[i+ 3], 22, -1044525330);
4004 a = md5_ff(a, b, c, d, x[i+ 4], 7 , -176418897);
4005 d = md5_ff(d, a, b, c, x[i+ 5], 12, 1200080426);
4006 c = md5_ff(c, d, a, b, x[i+ 6], 17, -1473231341);
4007 b = md5_ff(b, c, d, a, x[i+ 7], 22, -45705983);
4008 a = md5_ff(a, b, c, d, x[i+ 8], 7 , 1770035416);
4009 d = md5_ff(d, a, b, c, x[i+ 9], 12, -1958414417);
4010 c = md5_ff(c, d, a, b, x[i+10], 17, -42063);
4011 b = md5_ff(b, c, d, a, x[i+11], 22, -1990404162);
4012 a = md5_ff(a, b, c, d, x[i+12], 7 , 1804603682);
4013 d = md5_ff(d, a, b, c, x[i+13], 12, -40341101);
4014 c = md5_ff(c, d, a, b, x[i+14], 17, -1502002290);
4015 b = md5_ff(b, c, d, a, x[i+15], 22, 1236535329);
4016
4017 a = md5_gg(a, b, c, d, x[i+ 1], 5 , -165796510);
4018 d = md5_gg(d, a, b, c, x[i+ 6], 9 , -1069501632);
4019 c = md5_gg(c, d, a, b, x[i+11], 14, 643717713);
4020 b = md5_gg(b, c, d, a, x[i+ 0], 20, -373897302);
4021 a = md5_gg(a, b, c, d, x[i+ 5], 5 , -701558691);
4022 d = md5_gg(d, a, b, c, x[i+10], 9 , 38016083);
4023 c = md5_gg(c, d, a, b, x[i+15], 14, -660478335);
4024 b = md5_gg(b, c, d, a, x[i+ 4], 20, -405537848);
4025 a = md5_gg(a, b, c, d, x[i+ 9], 5 , 568446438);
4026 d = md5_gg(d, a, b, c, x[i+14], 9 , -1019803690);
4027 c = md5_gg(c, d, a, b, x[i+ 3], 14, -187363961);
4028 b = md5_gg(b, c, d, a, x[i+ 8], 20, 1163531501);
4029 a = md5_gg(a, b, c, d, x[i+13], 5 , -1444681467);
4030 d = md5_gg(d, a, b, c, x[i+ 2], 9 , -51403784);
4031 c = md5_gg(c, d, a, b, x[i+ 7], 14, 1735328473);
4032 b = md5_gg(b, c, d, a, x[i+12], 20, -1926607734);
4033
4034 a = md5_hh(a, b, c, d, x[i+ 5], 4 , -378558);
4035 d = md5_hh(d, a, b, c, x[i+ 8], 11, -2022574463);
4036 c = md5_hh(c, d, a, b, x[i+11], 16, 1839030562);
4037 b = md5_hh(b, c, d, a, x[i+14], 23, -35309556);
4038 a = md5_hh(a, b, c, d, x[i+ 1], 4 , -1530992060);
4039 d = md5_hh(d, a, b, c, x[i+ 4], 11, 1272893353);
4040 c = md5_hh(c, d, a, b, x[i+ 7], 16, -155497632);
4041 b = md5_hh(b, c, d, a, x[i+10], 23, -1094730640);
4042 a = md5_hh(a, b, c, d, x[i+13], 4 , 681279174);
4043 d = md5_hh(d, a, b, c, x[i+ 0], 11, -358537222);
4044 c = md5_hh(c, d, a, b, x[i+ 3], 16, -722521979);
4045 b = md5_hh(b, c, d, a, x[i+ 6], 23, 76029189);
4046 a = md5_hh(a, b, c, d, x[i+ 9], 4 , -640364487);
4047 d = md5_hh(d, a, b, c, x[i+12], 11, -421815835);
4048 c = md5_hh(c, d, a, b, x[i+15], 16, 530742520);
4049 b = md5_hh(b, c, d, a, x[i+ 2], 23, -995338651);
4050
4051 a = md5_ii(a, b, c, d, x[i+ 0], 6 , -198630844);
4052 d = md5_ii(d, a, b, c, x[i+ 7], 10, 1126891415);
4053 c = md5_ii(c, d, a, b, x[i+14], 15, -1416354905);
4054 b = md5_ii(b, c, d, a, x[i+ 5], 21, -57434055);
4055 a = md5_ii(a, b, c, d, x[i+12], 6 , 1700485571);
4056 d = md5_ii(d, a, b, c, x[i+ 3], 10, -1894986606);
4057 c = md5_ii(c, d, a, b, x[i+10], 15, -1051523);
4058 b = md5_ii(b, c, d, a, x[i+ 1], 21, -2054922799);
4059 a = md5_ii(a, b, c, d, x[i+ 8], 6 , 1873313359);
4060 d = md5_ii(d, a, b, c, x[i+15], 10, -30611744);
4061 c = md5_ii(c, d, a, b, x[i+ 6], 15, -1560198380);
4062 b = md5_ii(b, c, d, a, x[i+13], 21, 1309151649);
4063 a = md5_ii(a, b, c, d, x[i+ 4], 6 , -145523070);
4064 d = md5_ii(d, a, b, c, x[i+11], 10, -1120210379);
4065 c = md5_ii(c, d, a, b, x[i+ 2], 15, 718787259);
4066 b = md5_ii(b, c, d, a, x[i+ 9], 21, -343485551);
4067
4068 a = safe_add(a, olda);
4069 b = safe_add(b, oldb);
4070 c = safe_add(c, oldc);
4071 d = safe_add(d, oldd);
4072 }
4073 return Array(a, b, c, d);
4074
4075}
4076
4077/*
4078 * These functions implement the four basic operations the algorithm uses.
4079 */
4080function md5_cmn(q, a, b, x, s, t)
4081{
4082 return safe_add(bit_rol(safe_add(safe_add(a, q), safe_add(x, t)), s),b);
4083}
4084function md5_ff(a, b, c, d, x, s, t)
4085{
4086 return md5_cmn((b & c) | ((~b) & d), a, b, x, s, t);
4087}
4088function md5_gg(a, b, c, d, x, s, t)
4089{
4090 return md5_cmn((b & d) | (c & (~d)), a, b, x, s, t);
4091}
4092function md5_hh(a, b, c, d, x, s, t)
4093{
4094 return md5_cmn(b ^ c ^ d, a, b, x, s, t);
4095}
4096function md5_ii(a, b, c, d, x, s, t)
4097{
4098 return md5_cmn(c ^ (b | (~d)), a, b, x, s, t);
4099}
4100
4101/*
4102 * Add integers, wrapping at 2^32. This uses 16-bit operations internally
4103 * to work around bugs in some JS interpreters.
4104 */
4105function safe_add(x, y)
4106{
4107 var lsw = (x & 0xFFFF) + (y & 0xFFFF);
4108 var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
4109 return (msw << 16) | (lsw & 0xFFFF);
4110}
4111
4112/*
4113 * Bitwise rotate a 32-bit number to the left.
4114 */
4115function bit_rol(num, cnt)
4116{
4117 return (num << cnt) | (num >>> (32 - cnt));
4118}
4119
4120module.exports = function md5(buf) {
4121 return helpers.hash(buf, core_md5, 16);
4122};
4123
4124},{"./helpers":18}],21:[function(_dereq_,module,exports){
4125(function (Buffer){
4126
4127module.exports = ripemd160
4128
4129
4130
4131/*
4132CryptoJS v3.1.2
4133code.google.com/p/crypto-js
4134(c) 2009-2013 by Jeff Mott. All rights reserved.
4135code.google.com/p/crypto-js/wiki/License
4136*/
4137/** @preserve
4138(c) 2012 by Cédric Mesnil. All rights reserved.
4139
4140Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
4141
4142 - Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
4143 - Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
4144
4145THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
4146*/
4147
4148// Constants table
4149var zl = [
4150 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
4151 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8,
4152 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12,
4153 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2,
4154 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13];
4155var zr = [
4156 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12,
4157 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2,
4158 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13,
4159 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14,
4160 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11];
4161var sl = [
4162 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8,
4163 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12,
4164 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5,
4165 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12,
4166 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6 ];
4167var sr = [
4168 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6,
4169 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11,
4170 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5,
4171 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8,
4172 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11 ];
4173
4174var hl = [ 0x00000000, 0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xA953FD4E];
4175var hr = [ 0x50A28BE6, 0x5C4DD124, 0x6D703EF3, 0x7A6D76E9, 0x00000000];
4176
4177var bytesToWords = function (bytes) {
4178 var words = [];
4179 for (var i = 0, b = 0; i < bytes.length; i++, b += 8) {
4180 words[b >>> 5] |= bytes[i] << (24 - b % 32);
4181 }
4182 return words;
4183};
4184
4185var wordsToBytes = function (words) {
4186 var bytes = [];
4187 for (var b = 0; b < words.length * 32; b += 8) {
4188 bytes.push((words[b >>> 5] >>> (24 - b % 32)) & 0xFF);
4189 }
4190 return bytes;
4191};
4192
4193var processBlock = function (H, M, offset) {
4194
4195 // Swap endian
4196 for (var i = 0; i < 16; i++) {
4197 var offset_i = offset + i;
4198 var M_offset_i = M[offset_i];
4199
4200 // Swap
4201 M[offset_i] = (
4202 (((M_offset_i << 8) | (M_offset_i >>> 24)) & 0x00ff00ff) |
4203 (((M_offset_i << 24) | (M_offset_i >>> 8)) & 0xff00ff00)
4204 );
4205 }
4206
4207 // Working variables
4208 var al, bl, cl, dl, el;
4209 var ar, br, cr, dr, er;
4210
4211 ar = al = H[0];
4212 br = bl = H[1];
4213 cr = cl = H[2];
4214 dr = dl = H[3];
4215 er = el = H[4];
4216 // Computation
4217 var t;
4218 for (var i = 0; i < 80; i += 1) {
4219 t = (al + M[offset+zl[i]])|0;
4220 if (i<16){
4221 t += f1(bl,cl,dl) + hl[0];
4222 } else if (i<32) {
4223 t += f2(bl,cl,dl) + hl[1];
4224 } else if (i<48) {
4225 t += f3(bl,cl,dl) + hl[2];
4226 } else if (i<64) {
4227 t += f4(bl,cl,dl) + hl[3];
4228 } else {// if (i<80) {
4229 t += f5(bl,cl,dl) + hl[4];
4230 }
4231 t = t|0;
4232 t = rotl(t,sl[i]);
4233 t = (t+el)|0;
4234 al = el;
4235 el = dl;
4236 dl = rotl(cl, 10);
4237 cl = bl;
4238 bl = t;
4239
4240 t = (ar + M[offset+zr[i]])|0;
4241 if (i<16){
4242 t += f5(br,cr,dr) + hr[0];
4243 } else if (i<32) {
4244 t += f4(br,cr,dr) + hr[1];
4245 } else if (i<48) {
4246 t += f3(br,cr,dr) + hr[2];
4247 } else if (i<64) {
4248 t += f2(br,cr,dr) + hr[3];
4249 } else {// if (i<80) {
4250 t += f1(br,cr,dr) + hr[4];
4251 }
4252 t = t|0;
4253 t = rotl(t,sr[i]) ;
4254 t = (t+er)|0;
4255 ar = er;
4256 er = dr;
4257 dr = rotl(cr, 10);
4258 cr = br;
4259 br = t;
4260 }
4261 // Intermediate hash value
4262 t = (H[1] + cl + dr)|0;
4263 H[1] = (H[2] + dl + er)|0;
4264 H[2] = (H[3] + el + ar)|0;
4265 H[3] = (H[4] + al + br)|0;
4266 H[4] = (H[0] + bl + cr)|0;
4267 H[0] = t;
4268};
4269
4270function f1(x, y, z) {
4271 return ((x) ^ (y) ^ (z));
4272}
4273
4274function f2(x, y, z) {
4275 return (((x)&(y)) | ((~x)&(z)));
4276}
4277
4278function f3(x, y, z) {
4279 return (((x) | (~(y))) ^ (z));
4280}
4281
4282function f4(x, y, z) {
4283 return (((x) & (z)) | ((y)&(~(z))));
4284}
4285
4286function f5(x, y, z) {
4287 return ((x) ^ ((y) |(~(z))));
4288}
4289
4290function rotl(x,n) {
4291 return (x<<n) | (x>>>(32-n));
4292}
4293
4294function ripemd160(message) {
4295 var H = [0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0];
4296
4297 if (typeof message == 'string')
4298 message = new Buffer(message, 'utf8');
4299
4300 var m = bytesToWords(message);
4301
4302 var nBitsLeft = message.length * 8;
4303 var nBitsTotal = message.length * 8;
4304
4305 // Add padding
4306 m[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
4307 m[(((nBitsLeft + 64) >>> 9) << 4) + 14] = (
4308 (((nBitsTotal << 8) | (nBitsTotal >>> 24)) & 0x00ff00ff) |
4309 (((nBitsTotal << 24) | (nBitsTotal >>> 8)) & 0xff00ff00)
4310 );
4311
4312 for (var i=0 ; i<m.length; i += 16) {
4313 processBlock(H, m, i);
4314 }
4315
4316 // Swap endian
4317 for (var i = 0; i < 5; i++) {
4318 // Shortcut
4319 var H_i = H[i];
4320
4321 // Swap
4322 H[i] = (((H_i << 8) | (H_i >>> 24)) & 0x00ff00ff) |
4323 (((H_i << 24) | (H_i >>> 8)) & 0xff00ff00);
4324 }
4325
4326 var digestbytes = wordsToBytes(H);
4327 return new Buffer(digestbytes);
4328}
4329
4330
4331
4332}).call(this,_dereq_("buffer").Buffer)
4333},{"buffer":8}],22:[function(_dereq_,module,exports){
4334var u = _dereq_('./util')
4335var write = u.write
4336var fill = u.zeroFill
4337
4338module.exports = function (Buffer) {
4339
4340 //prototype class for hash functions
4341 function Hash (blockSize, finalSize) {
4342 this._block = new Buffer(blockSize) //new Uint32Array(blockSize/4)
4343 this._finalSize = finalSize
4344 this._blockSize = blockSize
4345 this._len = 0
4346 this._s = 0
4347 }
4348
4349 Hash.prototype.init = function () {
4350 this._s = 0
4351 this._len = 0
4352 }
4353
4354 function lengthOf(data, enc) {
4355 if(enc == null) return data.byteLength || data.length
4356 if(enc == 'ascii' || enc == 'binary') return data.length
4357 if(enc == 'hex') return data.length/2
4358 if(enc == 'base64') return data.length/3
4359 }
4360
4361 Hash.prototype.update = function (data, enc) {
4362 var bl = this._blockSize
4363
4364 //I'd rather do this with a streaming encoder, like the opposite of
4365 //http://nodejs.org/api/string_decoder.html
4366 var length
4367 if(!enc && 'string' === typeof data)
4368 enc = 'utf8'
4369
4370 if(enc) {
4371 if(enc === 'utf-8')
4372 enc = 'utf8'
4373
4374 if(enc === 'base64' || enc === 'utf8')
4375 data = new Buffer(data, enc), enc = null
4376
4377 length = lengthOf(data, enc)
4378 } else
4379 length = data.byteLength || data.length
4380
4381 var l = this._len += length
4382 var s = this._s = (this._s || 0)
4383 var f = 0
4384 var buffer = this._block
4385 while(s < l) {
4386 var t = Math.min(length, f + bl)
4387 write(buffer, data, enc, s%bl, f, t)
4388 var ch = (t - f);
4389 s += ch; f += ch
4390
4391 if(!(s%bl))
4392 this._update(buffer)
4393 }
4394 this._s = s
4395
4396 return this
4397
4398 }
4399
4400 Hash.prototype.digest = function (enc) {
4401 var bl = this._blockSize
4402 var fl = this._finalSize
4403 var len = this._len*8
4404
4405 var x = this._block
4406
4407 var bits = len % (bl*8)
4408
4409 //add end marker, so that appending 0's creats a different hash.
4410 x[this._len % bl] = 0x80
4411 fill(this._block, this._len % bl + 1)
4412
4413 if(bits >= fl*8) {
4414 this._update(this._block)
4415 u.zeroFill(this._block, 0)
4416 }
4417
4418 //TODO: handle case where the bit length is > Math.pow(2, 29)
4419 x.writeInt32BE(len, fl + 4) //big endian
4420
4421 var hash = this._update(this._block) || this._hash()
4422 if(enc == null) return hash
4423 return hash.toString(enc)
4424 }
4425
4426 Hash.prototype._update = function () {
4427 throw new Error('_update must be implemented by subclass')
4428 }
4429
4430 return Hash
4431}
4432
4433},{"./util":26}],23:[function(_dereq_,module,exports){
4434var exports = module.exports = function (alg) {
4435 var Alg = exports[alg]
4436 if(!Alg) throw new Error(alg + ' is not supported (we accept pull requests)')
4437 return new Alg()
4438}
4439
4440var Buffer = _dereq_('buffer').Buffer
4441var Hash = _dereq_('./hash')(Buffer)
4442
4443exports.sha =
4444exports.sha1 = _dereq_('./sha1')(Buffer, Hash)
4445exports.sha256 = _dereq_('./sha256')(Buffer, Hash)
4446
4447},{"./hash":22,"./sha1":24,"./sha256":25,"buffer":8}],24:[function(_dereq_,module,exports){
4448/*
4449 * A JavaScript implementation of the Secure Hash Algorithm, SHA-1, as defined
4450 * in FIPS PUB 180-1
4451 * Version 2.1a Copyright Paul Johnston 2000 - 2002.
4452 * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
4453 * Distributed under the BSD License
4454 * See http://pajhome.org.uk/crypt/md5 for details.
4455 */
4456module.exports = function (Buffer, Hash) {
4457
4458 var inherits = _dereq_('util').inherits
4459
4460 inherits(Sha1, Hash)
4461
4462 var A = 0|0
4463 var B = 4|0
4464 var C = 8|0
4465 var D = 12|0
4466 var E = 16|0
4467
4468 var BE = false
4469 var LE = true
4470
4471 var W = new Int32Array(80)
4472
4473 var POOL = []
4474
4475 function Sha1 () {
4476 if(POOL.length)
4477 return POOL.pop().init()
4478
4479 if(!(this instanceof Sha1)) return new Sha1()
4480 this._w = W
4481 Hash.call(this, 16*4, 14*4)
4482
4483 this._h = null
4484 this.init()
4485 }
4486
4487 Sha1.prototype.init = function () {
4488 this._a = 0x67452301
4489 this._b = 0xefcdab89
4490 this._c = 0x98badcfe
4491 this._d = 0x10325476
4492 this._e = 0xc3d2e1f0
4493
4494 Hash.prototype.init.call(this)
4495 return this
4496 }
4497
4498 Sha1.prototype._POOL = POOL
4499
4500 // assume that array is a Uint32Array with length=16,
4501 // and that if it is the last block, it already has the length and the 1 bit appended.
4502
4503
4504 var isDV = new Buffer(1) instanceof DataView
4505 function readInt32BE (X, i) {
4506 return isDV
4507 ? X.getInt32(i, false)
4508 : X.readInt32BE(i)
4509 }
4510
4511 Sha1.prototype._update = function (array) {
4512
4513 var X = this._block
4514 var h = this._h
4515 var a, b, c, d, e, _a, _b, _c, _d, _e
4516
4517 a = _a = this._a
4518 b = _b = this._b
4519 c = _c = this._c
4520 d = _d = this._d
4521 e = _e = this._e
4522
4523 var w = this._w
4524
4525 for(var j = 0; j < 80; j++) {
4526 var W = w[j]
4527 = j < 16
4528 //? X.getInt32(j*4, false)
4529 //? readInt32BE(X, j*4) //*/ X.readInt32BE(j*4) //*/
4530 ? X.readInt32BE(j*4)
4531 : rol(w[j - 3] ^ w[j - 8] ^ w[j - 14] ^ w[j - 16], 1)
4532
4533 var t =
4534 add(
4535 add(rol(a, 5), sha1_ft(j, b, c, d)),
4536 add(add(e, W), sha1_kt(j))
4537 );
4538
4539 e = d
4540 d = c
4541 c = rol(b, 30)
4542 b = a
4543 a = t
4544 }
4545
4546 this._a = add(a, _a)
4547 this._b = add(b, _b)
4548 this._c = add(c, _c)
4549 this._d = add(d, _d)
4550 this._e = add(e, _e)
4551 }
4552
4553 Sha1.prototype._hash = function () {
4554 if(POOL.length < 100) POOL.push(this)
4555 var H = new Buffer(20)
4556 //console.log(this._a|0, this._b|0, this._c|0, this._d|0, this._e|0)
4557 H.writeInt32BE(this._a|0, A)
4558 H.writeInt32BE(this._b|0, B)
4559 H.writeInt32BE(this._c|0, C)
4560 H.writeInt32BE(this._d|0, D)
4561 H.writeInt32BE(this._e|0, E)
4562 return H
4563 }
4564
4565 /*
4566 * Perform the appropriate triplet combination function for the current
4567 * iteration
4568 */
4569 function sha1_ft(t, b, c, d) {
4570 if(t < 20) return (b & c) | ((~b) & d);
4571 if(t < 40) return b ^ c ^ d;
4572 if(t < 60) return (b & c) | (b & d) | (c & d);
4573 return b ^ c ^ d;
4574 }
4575
4576 /*
4577 * Determine the appropriate additive constant for the current iteration
4578 */
4579 function sha1_kt(t) {
4580 return (t < 20) ? 1518500249 : (t < 40) ? 1859775393 :
4581 (t < 60) ? -1894007588 : -899497514;
4582 }
4583
4584 /*
4585 * Add integers, wrapping at 2^32. This uses 16-bit operations internally
4586 * to work around bugs in some JS interpreters.
4587 * //dominictarr: this is 10 years old, so maybe this can be dropped?)
4588 *
4589 */
4590 function add(x, y) {
4591 return (x + y ) | 0
4592 //lets see how this goes on testling.
4593 // var lsw = (x & 0xFFFF) + (y & 0xFFFF);
4594 // var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
4595 // return (msw << 16) | (lsw & 0xFFFF);
4596 }
4597
4598 /*
4599 * Bitwise rotate a 32-bit number to the left.
4600 */
4601 function rol(num, cnt) {
4602 return (num << cnt) | (num >>> (32 - cnt));
4603 }
4604
4605 return Sha1
4606}
4607
4608},{"util":14}],25:[function(_dereq_,module,exports){
4609
4610/**
4611 * A JavaScript implementation of the Secure Hash Algorithm, SHA-256, as defined
4612 * in FIPS 180-2
4613 * Version 2.2-beta Copyright Angel Marin, Paul Johnston 2000 - 2009.
4614 * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
4615 *
4616 */
4617
4618var inherits = _dereq_('util').inherits
4619var BE = false
4620var LE = true
4621var u = _dereq_('./util')
4622
4623module.exports = function (Buffer, Hash) {
4624
4625 var K = [
4626 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
4627 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
4628 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
4629 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
4630 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
4631 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
4632 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
4633 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
4634 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
4635 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
4636 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
4637 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
4638 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
4639 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
4640 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
4641 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2
4642 ]
4643
4644 inherits(Sha256, Hash)
4645 var W = new Array(64)
4646 var POOL = []
4647 function Sha256() {
4648 // Closure compiler warning - this code lacks side effects - thus commented out
4649 // if(POOL.length) {
4650 // return POOL.shift().init()
4651 // }
4652 //this._data = new Buffer(32)
4653
4654 this.init()
4655
4656 this._w = W //new Array(64)
4657
4658 Hash.call(this, 16*4, 14*4)
4659 };
4660
4661 Sha256.prototype.init = function () {
4662
4663 this._a = 0x6a09e667|0
4664 this._b = 0xbb67ae85|0
4665 this._c = 0x3c6ef372|0
4666 this._d = 0xa54ff53a|0
4667 this._e = 0x510e527f|0
4668 this._f = 0x9b05688c|0
4669 this._g = 0x1f83d9ab|0
4670 this._h = 0x5be0cd19|0
4671
4672 this._len = this._s = 0
4673
4674 return this
4675 }
4676
4677 var safe_add = function(x, y) {
4678 var lsw = (x & 0xFFFF) + (y & 0xFFFF);
4679 var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
4680 return (msw << 16) | (lsw & 0xFFFF);
4681 }
4682
4683 function S (X, n) {
4684 return (X >>> n) | (X << (32 - n));
4685 }
4686
4687 function R (X, n) {
4688 return (X >>> n);
4689 }
4690
4691 function Ch (x, y, z) {
4692 return ((x & y) ^ ((~x) & z));
4693 }
4694
4695 function Maj (x, y, z) {
4696 return ((x & y) ^ (x & z) ^ (y & z));
4697 }
4698
4699 function Sigma0256 (x) {
4700 return (S(x, 2) ^ S(x, 13) ^ S(x, 22));
4701 }
4702
4703 function Sigma1256 (x) {
4704 return (S(x, 6) ^ S(x, 11) ^ S(x, 25));
4705 }
4706
4707 function Gamma0256 (x) {
4708 return (S(x, 7) ^ S(x, 18) ^ R(x, 3));
4709 }
4710
4711 function Gamma1256 (x) {
4712 return (S(x, 17) ^ S(x, 19) ^ R(x, 10));
4713 }
4714
4715 Sha256.prototype._update = function(m) {
4716 var M = this._block
4717 var W = this._w
4718 var a, b, c, d, e, f, g, h
4719 var T1, T2
4720
4721 a = this._a | 0
4722 b = this._b | 0
4723 c = this._c | 0
4724 d = this._d | 0
4725 e = this._e | 0
4726 f = this._f | 0
4727 g = this._g | 0
4728 h = this._h | 0
4729
4730 for (var j = 0; j < 64; j++) {
4731 var w = W[j] = j < 16
4732 ? M.readInt32BE(j * 4)
4733 : Gamma1256(W[j - 2]) + W[j - 7] + Gamma0256(W[j - 15]) + W[j - 16]
4734
4735 T1 = h + Sigma1256(e) + Ch(e, f, g) + K[j] + w
4736
4737 T2 = Sigma0256(a) + Maj(a, b, c);
4738 h = g; g = f; f = e; e = d + T1; d = c; c = b; b = a; a = T1 + T2;
4739 }
4740
4741 this._a = (a + this._a) | 0
4742 this._b = (b + this._b) | 0
4743 this._c = (c + this._c) | 0
4744 this._d = (d + this._d) | 0
4745 this._e = (e + this._e) | 0
4746 this._f = (f + this._f) | 0
4747 this._g = (g + this._g) | 0
4748 this._h = (h + this._h) | 0
4749
4750 };
4751
4752 Sha256.prototype._hash = function () {
4753 if(POOL.length < 10)
4754 POOL.push(this)
4755
4756 var H = new Buffer(32)
4757
4758 H.writeInt32BE(this._a, 0)
4759 H.writeInt32BE(this._b, 4)
4760 H.writeInt32BE(this._c, 8)
4761 H.writeInt32BE(this._d, 12)
4762 H.writeInt32BE(this._e, 16)
4763 H.writeInt32BE(this._f, 20)
4764 H.writeInt32BE(this._g, 24)
4765 H.writeInt32BE(this._h, 28)
4766
4767 return H
4768 }
4769
4770 return Sha256
4771
4772}
4773
4774},{"./util":26,"util":14}],26:[function(_dereq_,module,exports){
4775exports.write = write
4776exports.zeroFill = zeroFill
4777
4778exports.toString = toString
4779
4780function write (buffer, string, enc, start, from, to, LE) {
4781 var l = (to - from)
4782 if(enc === 'ascii' || enc === 'binary') {
4783 for( var i = 0; i < l; i++) {
4784 buffer[start + i] = string.charCodeAt(i + from)
4785 }
4786 }
4787 else if(enc == null) {
4788 for( var i = 0; i < l; i++) {
4789 buffer[start + i] = string[i + from]
4790 }
4791 }
4792 else if(enc === 'hex') {
4793 for(var i = 0; i < l; i++) {
4794 var j = from + i
4795 buffer[start + i] = parseInt(string[j*2] + string[(j*2)+1], 16)
4796 }
4797 }
4798 else if(enc === 'base64') {
4799 throw new Error('base64 encoding not yet supported')
4800 }
4801 else
4802 throw new Error(enc +' encoding not yet supported')
4803}
4804
4805//always fill to the end!
4806function zeroFill(buf, from) {
4807 for(var i = from; i < buf.length; i++)
4808 buf[i] = 0
4809}
4810
4811
4812},{}],27:[function(_dereq_,module,exports){
4813(function (Buffer){
4814// JavaScript PBKDF2 Implementation
4815// Based on http://git.io/qsv2zw
4816// Licensed under LGPL v3
4817// Copyright (c) 2013 jduncanator
4818
4819var blocksize = 64
4820var zeroBuffer = new Buffer(blocksize); zeroBuffer.fill(0)
4821
4822module.exports = function (createHmac, exports) {
4823 exports = exports || {}
4824
4825 exports.pbkdf2 = function(password, salt, iterations, keylen, cb) {
4826 if('function' !== typeof cb)
4827 throw new Error('No callback provided to pbkdf2');
4828 setTimeout(function () {
4829 cb(null, exports.pbkdf2Sync(password, salt, iterations, keylen))
4830 })
4831 }
4832
4833 exports.pbkdf2Sync = function(key, salt, iterations, keylen) {
4834 if('number' !== typeof iterations)
4835 throw new TypeError('Iterations not a number')
4836 if(iterations < 0)
4837 throw new TypeError('Bad iterations')
4838 if('number' !== typeof keylen)
4839 throw new TypeError('Key length not a number')
4840 if(keylen < 0)
4841 throw new TypeError('Bad key length')
4842
4843 //stretch key to the correct length that hmac wants it,
4844 //otherwise this will happen every time hmac is called
4845 //twice per iteration.
4846 var key = !Buffer.isBuffer(key) ? new Buffer(key) : key
4847
4848 if(key.length > blocksize) {
4849 key = createHash(alg).update(key).digest()
4850 } else if(key.length < blocksize) {
4851 key = Buffer.concat([key, zeroBuffer], blocksize)
4852 }
4853
4854 var HMAC;
4855 var cplen, p = 0, i = 1, itmp = new Buffer(4), digtmp;
4856 var out = new Buffer(keylen);
4857 out.fill(0);
4858 while(keylen) {
4859 if(keylen > 20)
4860 cplen = 20;
4861 else
4862 cplen = keylen;
4863
4864 /* We are unlikely to ever use more than 256 blocks (5120 bits!)
4865 * but just in case...
4866 */
4867 itmp[0] = (i >> 24) & 0xff;
4868 itmp[1] = (i >> 16) & 0xff;
4869 itmp[2] = (i >> 8) & 0xff;
4870 itmp[3] = i & 0xff;
4871
4872 HMAC = createHmac('sha1', key);
4873 HMAC.update(salt)
4874 HMAC.update(itmp);
4875 digtmp = HMAC.digest();
4876 digtmp.copy(out, p, 0, cplen);
4877
4878 for(var j = 1; j < iterations; j++) {
4879 HMAC = createHmac('sha1', key);
4880 HMAC.update(digtmp);
4881 digtmp = HMAC.digest();
4882 for(var k = 0; k < cplen; k++) {
4883 out[k] ^= digtmp[k];
4884 }
4885 }
4886 keylen -= cplen;
4887 i++;
4888 p += cplen;
4889 }
4890
4891 return out;
4892 }
4893
4894 return exports
4895}
4896
4897}).call(this,_dereq_("buffer").Buffer)
4898},{"buffer":8}],28:[function(_dereq_,module,exports){
4899(function (Buffer){
4900// Original code adapted from Robert Kieffer.
4901// details at https://github.com/broofa/node-uuid
4902
4903
4904(function() {
4905 var _global = this;
4906
4907 var mathRNG, whatwgRNG;
4908
4909 // NOTE: Math.random() does not guarantee "cryptographic quality"
4910 mathRNG = function(size) {
4911 var bytes = new Buffer(size);
4912 var r;
4913
4914 for (var i = 0, r; i < size; i++) {
4915 if ((i & 0x03) == 0) r = Math.random() * 0x100000000;
4916 bytes[i] = r >>> ((i & 0x03) << 3) & 0xff;
4917 }
4918
4919 return bytes;
4920 }
4921
4922 if (_global.crypto && crypto.getRandomValues) {
4923 whatwgRNG = function(size) {
4924 var bytes = new Buffer(size); //in browserify, this is an extended Uint8Array
4925 crypto.getRandomValues(bytes);
4926 return bytes;
4927 }
4928 }
4929
4930 module.exports = whatwgRNG || mathRNG;
4931
4932}())
4933
4934}).call(this,_dereq_("buffer").Buffer)
4935},{"buffer":8}],29:[function(_dereq_,module,exports){
4936;(function (root, factory, undef) {
4937 if (typeof exports === "object") {
4938 // CommonJS
4939 module.exports = exports = factory(_dereq_("./core"), _dereq_("./enc-base64"), _dereq_("./md5"), _dereq_("./evpkdf"), _dereq_("./cipher-core"));
4940 }
4941 else if (typeof define === "function" && define.amd) {
4942 // AMD
4943 define(["./core", "./enc-base64", "./md5", "./evpkdf", "./cipher-core"], factory);
4944 }
4945 else {
4946 // Global (browser)
4947 factory(root.CryptoJS);
4948 }
4949}(this, function (CryptoJS) {
4950
4951 (function () {
4952 // Shortcuts
4953 var C = CryptoJS;
4954 var C_lib = C.lib;
4955 var BlockCipher = C_lib.BlockCipher;
4956 var C_algo = C.algo;
4957
4958 // Lookup tables
4959 var SBOX = [];
4960 var INV_SBOX = [];
4961 var SUB_MIX_0 = [];
4962 var SUB_MIX_1 = [];
4963 var SUB_MIX_2 = [];
4964 var SUB_MIX_3 = [];
4965 var INV_SUB_MIX_0 = [];
4966 var INV_SUB_MIX_1 = [];
4967 var INV_SUB_MIX_2 = [];
4968 var INV_SUB_MIX_3 = [];
4969
4970 // Compute lookup tables
4971 (function () {
4972 // Compute double table
4973 var d = [];
4974 for (var i = 0; i < 256; i++) {
4975 if (i < 128) {
4976 d[i] = i << 1;
4977 } else {
4978 d[i] = (i << 1) ^ 0x11b;
4979 }
4980 }
4981
4982 // Walk GF(2^8)
4983 var x = 0;
4984 var xi = 0;
4985 for (var i = 0; i < 256; i++) {
4986 // Compute sbox
4987 var sx = xi ^ (xi << 1) ^ (xi << 2) ^ (xi << 3) ^ (xi << 4);
4988 sx = (sx >>> 8) ^ (sx & 0xff) ^ 0x63;
4989 SBOX[x] = sx;
4990 INV_SBOX[sx] = x;
4991
4992 // Compute multiplication
4993 var x2 = d[x];
4994 var x4 = d[x2];
4995 var x8 = d[x4];
4996
4997 // Compute sub bytes, mix columns tables
4998 var t = (d[sx] * 0x101) ^ (sx * 0x1010100);
4999 SUB_MIX_0[x] = (t << 24) | (t >>> 8);
5000 SUB_MIX_1[x] = (t << 16) | (t >>> 16);
5001 SUB_MIX_2[x] = (t << 8) | (t >>> 24);
5002 SUB_MIX_3[x] = t;
5003
5004 // Compute inv sub bytes, inv mix columns tables
5005 var t = (x8 * 0x1010101) ^ (x4 * 0x10001) ^ (x2 * 0x101) ^ (x * 0x1010100);
5006 INV_SUB_MIX_0[sx] = (t << 24) | (t >>> 8);
5007 INV_SUB_MIX_1[sx] = (t << 16) | (t >>> 16);
5008 INV_SUB_MIX_2[sx] = (t << 8) | (t >>> 24);
5009 INV_SUB_MIX_3[sx] = t;
5010
5011 // Compute next counter
5012 if (!x) {
5013 x = xi = 1;
5014 } else {
5015 x = x2 ^ d[d[d[x8 ^ x2]]];
5016 xi ^= d[d[xi]];
5017 }
5018 }
5019 }());
5020
5021 // Precomputed Rcon lookup
5022 var RCON = [0x00, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36];
5023
5024 /**
5025 * AES block cipher algorithm.
5026 */
5027 var AES = C_algo.AES = BlockCipher.extend({
5028 _doReset: function () {
5029 // Shortcuts
5030 var key = this._key;
5031 var keyWords = key.words;
5032 var keySize = key.sigBytes / 4;
5033
5034 // Compute number of rounds
5035 var nRounds = this._nRounds = keySize + 6
5036
5037 // Compute number of key schedule rows
5038 var ksRows = (nRounds + 1) * 4;
5039
5040 // Compute key schedule
5041 var keySchedule = this._keySchedule = [];
5042 for (var ksRow = 0; ksRow < ksRows; ksRow++) {
5043 if (ksRow < keySize) {
5044 keySchedule[ksRow] = keyWords[ksRow];
5045 } else {
5046 var t = keySchedule[ksRow - 1];
5047
5048 if (!(ksRow % keySize)) {
5049 // Rot word
5050 t = (t << 8) | (t >>> 24);
5051
5052 // Sub word
5053 t = (SBOX[t >>> 24] << 24) | (SBOX[(t >>> 16) & 0xff] << 16) | (SBOX[(t >>> 8) & 0xff] << 8) | SBOX[t & 0xff];
5054
5055 // Mix Rcon
5056 t ^= RCON[(ksRow / keySize) | 0] << 24;
5057 } else if (keySize > 6 && ksRow % keySize == 4) {
5058 // Sub word
5059 t = (SBOX[t >>> 24] << 24) | (SBOX[(t >>> 16) & 0xff] << 16) | (SBOX[(t >>> 8) & 0xff] << 8) | SBOX[t & 0xff];
5060 }
5061
5062 keySchedule[ksRow] = keySchedule[ksRow - keySize] ^ t;
5063 }
5064 }
5065
5066 // Compute inv key schedule
5067 var invKeySchedule = this._invKeySchedule = [];
5068 for (var invKsRow = 0; invKsRow < ksRows; invKsRow++) {
5069 var ksRow = ksRows - invKsRow;
5070
5071 if (invKsRow % 4) {
5072 var t = keySchedule[ksRow];
5073 } else {
5074 var t = keySchedule[ksRow - 4];
5075 }
5076
5077 if (invKsRow < 4 || ksRow <= 4) {
5078 invKeySchedule[invKsRow] = t;
5079 } else {
5080 invKeySchedule[invKsRow] = INV_SUB_MIX_0[SBOX[t >>> 24]] ^ INV_SUB_MIX_1[SBOX[(t >>> 16) & 0xff]] ^
5081 INV_SUB_MIX_2[SBOX[(t >>> 8) & 0xff]] ^ INV_SUB_MIX_3[SBOX[t & 0xff]];
5082 }
5083 }
5084 },
5085
5086 encryptBlock: function (M, offset) {
5087 this._doCryptBlock(M, offset, this._keySchedule, SUB_MIX_0, SUB_MIX_1, SUB_MIX_2, SUB_MIX_3, SBOX);
5088 },
5089
5090 decryptBlock: function (M, offset) {
5091 // Swap 2nd and 4th rows
5092 var t = M[offset + 1];
5093 M[offset + 1] = M[offset + 3];
5094 M[offset + 3] = t;
5095
5096 this._doCryptBlock(M, offset, this._invKeySchedule, INV_SUB_MIX_0, INV_SUB_MIX_1, INV_SUB_MIX_2, INV_SUB_MIX_3, INV_SBOX);
5097
5098 // Inv swap 2nd and 4th rows
5099 var t = M[offset + 1];
5100 M[offset + 1] = M[offset + 3];
5101 M[offset + 3] = t;
5102 },
5103
5104 _doCryptBlock: function (M, offset, keySchedule, SUB_MIX_0, SUB_MIX_1, SUB_MIX_2, SUB_MIX_3, SBOX) {
5105 // Shortcut
5106 var nRounds = this._nRounds;
5107
5108 // Get input, add round key
5109 var s0 = M[offset] ^ keySchedule[0];
5110 var s1 = M[offset + 1] ^ keySchedule[1];
5111 var s2 = M[offset + 2] ^ keySchedule[2];
5112 var s3 = M[offset + 3] ^ keySchedule[3];
5113
5114 // Key schedule row counter
5115 var ksRow = 4;
5116
5117 // Rounds
5118 for (var round = 1; round < nRounds; round++) {
5119 // Shift rows, sub bytes, mix columns, add round key
5120 var t0 = SUB_MIX_0[s0 >>> 24] ^ SUB_MIX_1[(s1 >>> 16) & 0xff] ^ SUB_MIX_2[(s2 >>> 8) & 0xff] ^ SUB_MIX_3[s3 & 0xff] ^ keySchedule[ksRow++];
5121 var t1 = SUB_MIX_0[s1 >>> 24] ^ SUB_MIX_1[(s2 >>> 16) & 0xff] ^ SUB_MIX_2[(s3 >>> 8) & 0xff] ^ SUB_MIX_3[s0 & 0xff] ^ keySchedule[ksRow++];
5122 var t2 = SUB_MIX_0[s2 >>> 24] ^ SUB_MIX_1[(s3 >>> 16) & 0xff] ^ SUB_MIX_2[(s0 >>> 8) & 0xff] ^ SUB_MIX_3[s1 & 0xff] ^ keySchedule[ksRow++];
5123 var t3 = SUB_MIX_0[s3 >>> 24] ^ SUB_MIX_1[(s0 >>> 16) & 0xff] ^ SUB_MIX_2[(s1 >>> 8) & 0xff] ^ SUB_MIX_3[s2 & 0xff] ^ keySchedule[ksRow++];
5124
5125 // Update state
5126 s0 = t0;
5127 s1 = t1;
5128 s2 = t2;
5129 s3 = t3;
5130 }
5131
5132 // Shift rows, sub bytes, add round key
5133 var t0 = ((SBOX[s0 >>> 24] << 24) | (SBOX[(s1 >>> 16) & 0xff] << 16) | (SBOX[(s2 >>> 8) & 0xff] << 8) | SBOX[s3 & 0xff]) ^ keySchedule[ksRow++];
5134 var t1 = ((SBOX[s1 >>> 24] << 24) | (SBOX[(s2 >>> 16) & 0xff] << 16) | (SBOX[(s3 >>> 8) & 0xff] << 8) | SBOX[s0 & 0xff]) ^ keySchedule[ksRow++];
5135 var t2 = ((SBOX[s2 >>> 24] << 24) | (SBOX[(s3 >>> 16) & 0xff] << 16) | (SBOX[(s0 >>> 8) & 0xff] << 8) | SBOX[s1 & 0xff]) ^ keySchedule[ksRow++];
5136 var t3 = ((SBOX[s3 >>> 24] << 24) | (SBOX[(s0 >>> 16) & 0xff] << 16) | (SBOX[(s1 >>> 8) & 0xff] << 8) | SBOX[s2 & 0xff]) ^ keySchedule[ksRow++];
5137
5138 // Set output
5139 M[offset] = t0;
5140 M[offset + 1] = t1;
5141 M[offset + 2] = t2;
5142 M[offset + 3] = t3;
5143 },
5144
5145 keySize: 256/32
5146 });
5147
5148 /**
5149 * Shortcut functions to the cipher's object interface.
5150 *
5151 * @example
5152 *
5153 * var ciphertext = CryptoJS.AES.encrypt(message, key, cfg);
5154 * var plaintext = CryptoJS.AES.decrypt(ciphertext, key, cfg);
5155 */
5156 C.AES = BlockCipher._createHelper(AES);
5157 }());
5158
5159
5160 return CryptoJS.AES;
5161
5162}));
5163},{"./cipher-core":30,"./core":31,"./enc-base64":32,"./evpkdf":34,"./md5":39}],30:[function(_dereq_,module,exports){
5164;(function (root, factory) {
5165 if (typeof exports === "object") {
5166 // CommonJS
5167 module.exports = exports = factory(_dereq_("./core"));
5168 }
5169 else if (typeof define === "function" && define.amd) {
5170 // AMD
5171 define(["./core"], factory);
5172 }
5173 else {
5174 // Global (browser)
5175 factory(root.CryptoJS);
5176 }
5177}(this, function (CryptoJS) {
5178
5179 /**
5180 * Cipher core components.
5181 */
5182 CryptoJS.lib.Cipher || (function (undefined) {
5183 // Shortcuts
5184 var C = CryptoJS;
5185 var C_lib = C.lib;
5186 var Base = C_lib.Base;
5187 var WordArray = C_lib.WordArray;
5188 var BufferedBlockAlgorithm = C_lib.BufferedBlockAlgorithm;
5189 var C_enc = C.enc;
5190 var Utf8 = C_enc.Utf8;
5191 var Base64 = C_enc.Base64;
5192 var C_algo = C.algo;
5193 var EvpKDF = C_algo.EvpKDF;
5194
5195 /**
5196 * Abstract base cipher template.
5197 *
5198 * @property {number} keySize This cipher's key size. Default: 4 (128 bits)
5199 * @property {number} ivSize This cipher's IV size. Default: 4 (128 bits)
5200 * @property {number} _ENC_XFORM_MODE A constant representing encryption mode.
5201 * @property {number} _DEC_XFORM_MODE A constant representing decryption mode.
5202 */
5203 var Cipher = C_lib.Cipher = BufferedBlockAlgorithm.extend({
5204 /**
5205 * Configuration options.
5206 *
5207 * @property {WordArray} iv The IV to use for this operation.
5208 */
5209 cfg: Base.extend(),
5210
5211 /**
5212 * Creates this cipher in encryption mode.
5213 *
5214 * @param {WordArray} key The key.
5215 * @param {Object} cfg (Optional) The configuration options to use for this operation.
5216 *
5217 * @return {Cipher} A cipher instance.
5218 *
5219 * @static
5220 *
5221 * @example
5222 *
5223 * var cipher = CryptoJS.algo.AES.createEncryptor(keyWordArray, { iv: ivWordArray });
5224 */
5225 createEncryptor: function (key, cfg) {
5226 return this.create(this._ENC_XFORM_MODE, key, cfg);
5227 },
5228
5229 /**
5230 * Creates this cipher in decryption mode.
5231 *
5232 * @param {WordArray} key The key.
5233 * @param {Object} cfg (Optional) The configuration options to use for this operation.
5234 *
5235 * @return {Cipher} A cipher instance.
5236 *
5237 * @static
5238 *
5239 * @example
5240 *
5241 * var cipher = CryptoJS.algo.AES.createDecryptor(keyWordArray, { iv: ivWordArray });
5242 */
5243 createDecryptor: function (key, cfg) {
5244 return this.create(this._DEC_XFORM_MODE, key, cfg);
5245 },
5246
5247 /**
5248 * Initializes a newly created cipher.
5249 *
5250 * @param {number} xformMode Either the encryption or decryption transormation mode constant.
5251 * @param {WordArray} key The key.
5252 * @param {Object} cfg (Optional) The configuration options to use for this operation.
5253 *
5254 * @example
5255 *
5256 * var cipher = CryptoJS.algo.AES.create(CryptoJS.algo.AES._ENC_XFORM_MODE, keyWordArray, { iv: ivWordArray });
5257 */
5258 init: function (xformMode, key, cfg) {
5259 // Apply config defaults
5260 this.cfg = this.cfg.extend(cfg);
5261
5262 // Store transform mode and key
5263 this._xformMode = xformMode;
5264 this._key = key;
5265
5266 // Set initial values
5267 this.reset();
5268 },
5269
5270 /**
5271 * Resets this cipher to its initial state.
5272 *
5273 * @example
5274 *
5275 * cipher.reset();
5276 */
5277 reset: function () {
5278 // Reset data buffer
5279 BufferedBlockAlgorithm.reset.call(this);
5280
5281 // Perform concrete-cipher logic
5282 this._doReset();
5283 },
5284
5285 /**
5286 * Adds data to be encrypted or decrypted.
5287 *
5288 * @param {WordArray|string} dataUpdate The data to encrypt or decrypt.
5289 *
5290 * @return {WordArray} The data after processing.
5291 *
5292 * @example
5293 *
5294 * var encrypted = cipher.process('data');
5295 * var encrypted = cipher.process(wordArray);
5296 */
5297 process: function (dataUpdate) {
5298 // Append
5299 this._append(dataUpdate);
5300
5301 // Process available blocks
5302 return this._process();
5303 },
5304
5305 /**
5306 * Finalizes the encryption or decryption process.
5307 * Note that the finalize operation is effectively a destructive, read-once operation.
5308 *
5309 * @param {WordArray|string} dataUpdate The final data to encrypt or decrypt.
5310 *
5311 * @return {WordArray} The data after final processing.
5312 *
5313 * @example
5314 *
5315 * var encrypted = cipher.finalize();
5316 * var encrypted = cipher.finalize('data');
5317 * var encrypted = cipher.finalize(wordArray);
5318 */
5319 finalize: function (dataUpdate) {
5320 // Final data update
5321 if (dataUpdate) {
5322 this._append(dataUpdate);
5323 }
5324
5325 // Perform concrete-cipher logic
5326 var finalProcessedData = this._doFinalize();
5327
5328 return finalProcessedData;
5329 },
5330
5331 keySize: 128/32,
5332
5333 ivSize: 128/32,
5334
5335 _ENC_XFORM_MODE: 1,
5336
5337 _DEC_XFORM_MODE: 2,
5338
5339 /**
5340 * Creates shortcut functions to a cipher's object interface.
5341 *
5342 * @param {Cipher} cipher The cipher to create a helper for.
5343 *
5344 * @return {Object} An object with encrypt and decrypt shortcut functions.
5345 *
5346 * @static
5347 *
5348 * @example
5349 *
5350 * var AES = CryptoJS.lib.Cipher._createHelper(CryptoJS.algo.AES);
5351 */
5352 _createHelper: (function () {
5353 function selectCipherStrategy(key) {
5354 if (typeof key == 'string') {
5355 return PasswordBasedCipher;
5356 } else {
5357 return SerializableCipher;
5358 }
5359 }
5360
5361 return function (cipher) {
5362 return {
5363 encrypt: function (message, key, cfg) {
5364 return selectCipherStrategy(key).encrypt(cipher, message, key, cfg);
5365 },
5366
5367 decrypt: function (ciphertext, key, cfg) {
5368 return selectCipherStrategy(key).decrypt(cipher, ciphertext, key, cfg);
5369 }
5370 };
5371 };
5372 }())
5373 });
5374
5375 /**
5376 * Abstract base stream cipher template.
5377 *
5378 * @property {number} blockSize The number of 32-bit words this cipher operates on. Default: 1 (32 bits)
5379 */
5380 var StreamCipher = C_lib.StreamCipher = Cipher.extend({
5381 _doFinalize: function () {
5382 // Process partial blocks
5383 var finalProcessedBlocks = this._process(!!'flush');
5384
5385 return finalProcessedBlocks;
5386 },
5387
5388 blockSize: 1
5389 });
5390
5391 /**
5392 * Mode namespace.
5393 */
5394 var C_mode = C.mode = {};
5395
5396 /**
5397 * Abstract base block cipher mode template.
5398 */
5399 var BlockCipherMode = C_lib.BlockCipherMode = Base.extend({
5400 /**
5401 * Creates this mode for encryption.
5402 *
5403 * @param {Cipher} cipher A block cipher instance.
5404 * @param {Array} iv The IV words.
5405 *
5406 * @static
5407 *
5408 * @example
5409 *
5410 * var mode = CryptoJS.mode.CBC.createEncryptor(cipher, iv.words);
5411 */
5412 createEncryptor: function (cipher, iv) {
5413 return this.Encryptor.create(cipher, iv);
5414 },
5415
5416 /**
5417 * Creates this mode for decryption.
5418 *
5419 * @param {Cipher} cipher A block cipher instance.
5420 * @param {Array} iv The IV words.
5421 *
5422 * @static
5423 *
5424 * @example
5425 *
5426 * var mode = CryptoJS.mode.CBC.createDecryptor(cipher, iv.words);
5427 */
5428 createDecryptor: function (cipher, iv) {
5429 return this.Decryptor.create(cipher, iv);
5430 },
5431
5432 /**
5433 * Initializes a newly created mode.
5434 *
5435 * @param {Cipher} cipher A block cipher instance.
5436 * @param {Array} iv The IV words.
5437 *
5438 * @example
5439 *
5440 * var mode = CryptoJS.mode.CBC.Encryptor.create(cipher, iv.words);
5441 */
5442 init: function (cipher, iv) {
5443 this._cipher = cipher;
5444 this._iv = iv;
5445 }
5446 });
5447
5448 /**
5449 * Cipher Block Chaining mode.
5450 */
5451 var CBC = C_mode.CBC = (function () {
5452 /**
5453 * Abstract base CBC mode.
5454 */
5455 var CBC = BlockCipherMode.extend();
5456
5457 /**
5458 * CBC encryptor.
5459 */
5460 CBC.Encryptor = CBC.extend({
5461 /**
5462 * Processes the data block at offset.
5463 *
5464 * @param {Array} words The data words to operate on.
5465 * @param {number} offset The offset where the block starts.
5466 *
5467 * @example
5468 *
5469 * mode.processBlock(data.words, offset);
5470 */
5471 processBlock: function (words, offset) {
5472 // Shortcuts
5473 var cipher = this._cipher;
5474 var blockSize = cipher.blockSize;
5475
5476 // XOR and encrypt
5477 xorBlock.call(this, words, offset, blockSize);
5478 cipher.encryptBlock(words, offset);
5479
5480 // Remember this block to use with next block
5481 this._prevBlock = words.slice(offset, offset + blockSize);
5482 }
5483 });
5484
5485 /**
5486 * CBC decryptor.
5487 */
5488 CBC.Decryptor = CBC.extend({
5489 /**
5490 * Processes the data block at offset.
5491 *
5492 * @param {Array} words The data words to operate on.
5493 * @param {number} offset The offset where the block starts.
5494 *
5495 * @example
5496 *
5497 * mode.processBlock(data.words, offset);
5498 */
5499 processBlock: function (words, offset) {
5500 // Shortcuts
5501 var cipher = this._cipher;
5502 var blockSize = cipher.blockSize;
5503
5504 // Remember this block to use with next block
5505 var thisBlock = words.slice(offset, offset + blockSize);
5506
5507 // Decrypt and XOR
5508 cipher.decryptBlock(words, offset);
5509 xorBlock.call(this, words, offset, blockSize);
5510
5511 // This block becomes the previous block
5512 this._prevBlock = thisBlock;
5513 }
5514 });
5515
5516 function xorBlock(words, offset, blockSize) {
5517 // Shortcut
5518 var iv = this._iv;
5519
5520 // Choose mixing block
5521 if (iv) {
5522 var block = iv;
5523
5524 // Remove IV for subsequent blocks
5525 this._iv = undefined;
5526 } else {
5527 var block = this._prevBlock;
5528 }
5529
5530 // XOR blocks
5531 for (var i = 0; i < blockSize; i++) {
5532 words[offset + i] ^= block[i];
5533 }
5534 }
5535
5536 return CBC;
5537 }());
5538
5539 /**
5540 * Padding namespace.
5541 */
5542 var C_pad = C.pad = {};
5543
5544 /**
5545 * PKCS #5/7 padding strategy.
5546 */
5547 var Pkcs7 = C_pad.Pkcs7 = {
5548 /**
5549 * Pads data using the algorithm defined in PKCS #5/7.
5550 *
5551 * @param {WordArray} data The data to pad.
5552 * @param {number} blockSize The multiple that the data should be padded to.
5553 *
5554 * @static
5555 *
5556 * @example
5557 *
5558 * CryptoJS.pad.Pkcs7.pad(wordArray, 4);
5559 */
5560 pad: function (data, blockSize) {
5561 // Shortcut
5562 var blockSizeBytes = blockSize * 4;
5563
5564 // Count padding bytes
5565 var nPaddingBytes = blockSizeBytes - data.sigBytes % blockSizeBytes;
5566
5567 // Create padding word
5568 var paddingWord = (nPaddingBytes << 24) | (nPaddingBytes << 16) | (nPaddingBytes << 8) | nPaddingBytes;
5569
5570 // Create padding
5571 var paddingWords = [];
5572 for (var i = 0; i < nPaddingBytes; i += 4) {
5573 paddingWords.push(paddingWord);
5574 }
5575 var padding = WordArray.create(paddingWords, nPaddingBytes);
5576
5577 // Add padding
5578 data.concat(padding);
5579 },
5580
5581 /**
5582 * Unpads data that had been padded using the algorithm defined in PKCS #5/7.
5583 *
5584 * @param {WordArray} data The data to unpad.
5585 *
5586 * @static
5587 *
5588 * @example
5589 *
5590 * CryptoJS.pad.Pkcs7.unpad(wordArray);
5591 */
5592 unpad: function (data) {
5593 // Get number of padding bytes from last byte
5594 var nPaddingBytes = data.words[(data.sigBytes - 1) >>> 2] & 0xff;
5595
5596 // Remove padding
5597 data.sigBytes -= nPaddingBytes;
5598 }
5599 };
5600
5601 /**
5602 * Abstract base block cipher template.
5603 *
5604 * @property {number} blockSize The number of 32-bit words this cipher operates on. Default: 4 (128 bits)
5605 */
5606 var BlockCipher = C_lib.BlockCipher = Cipher.extend({
5607 /**
5608 * Configuration options.
5609 *
5610 * @property {Mode} mode The block mode to use. Default: CBC
5611 * @property {Padding} padding The padding strategy to use. Default: Pkcs7
5612 */
5613 cfg: Cipher.cfg.extend({
5614 mode: CBC,
5615 padding: Pkcs7
5616 }),
5617
5618 reset: function () {
5619 // Reset cipher
5620 Cipher.reset.call(this);
5621
5622 // Shortcuts
5623 var cfg = this.cfg;
5624 var iv = cfg.iv;
5625 var mode = cfg.mode;
5626
5627 // Reset block mode
5628 if (this._xformMode == this._ENC_XFORM_MODE) {
5629 var modeCreator = mode.createEncryptor;
5630 } else /* if (this._xformMode == this._DEC_XFORM_MODE) */ {
5631 var modeCreator = mode.createDecryptor;
5632
5633 // Keep at least one block in the buffer for unpadding
5634 this._minBufferSize = 1;
5635 }
5636 this._mode = modeCreator.call(mode, this, iv && iv.words);
5637 },
5638
5639 _doProcessBlock: function (words, offset) {
5640 this._mode.processBlock(words, offset);
5641 },
5642
5643 _doFinalize: function () {
5644 // Shortcut
5645 var padding = this.cfg.padding;
5646
5647 // Finalize
5648 if (this._xformMode == this._ENC_XFORM_MODE) {
5649 // Pad data
5650 padding.pad(this._data, this.blockSize);
5651
5652 // Process final blocks
5653 var finalProcessedBlocks = this._process(!!'flush');
5654 } else /* if (this._xformMode == this._DEC_XFORM_MODE) */ {
5655 // Process final blocks
5656 var finalProcessedBlocks = this._process(!!'flush');
5657
5658 // Unpad data
5659 padding.unpad(finalProcessedBlocks);
5660 }
5661
5662 return finalProcessedBlocks;
5663 },
5664
5665 blockSize: 128/32
5666 });
5667
5668 /**
5669 * A collection of cipher parameters.
5670 *
5671 * @property {WordArray} ciphertext The raw ciphertext.
5672 * @property {WordArray} key The key to this ciphertext.
5673 * @property {WordArray} iv The IV used in the ciphering operation.
5674 * @property {WordArray} salt The salt used with a key derivation function.
5675 * @property {Cipher} algorithm The cipher algorithm.
5676 * @property {Mode} mode The block mode used in the ciphering operation.
5677 * @property {Padding} padding The padding scheme used in the ciphering operation.
5678 * @property {number} blockSize The block size of the cipher.
5679 * @property {Format} formatter The default formatting strategy to convert this cipher params object to a string.
5680 */
5681 var CipherParams = C_lib.CipherParams = Base.extend({
5682 /**
5683 * Initializes a newly created cipher params object.
5684 *
5685 * @param {Object} cipherParams An object with any of the possible cipher parameters.
5686 *
5687 * @example
5688 *
5689 * var cipherParams = CryptoJS.lib.CipherParams.create({
5690 * ciphertext: ciphertextWordArray,
5691 * key: keyWordArray,
5692 * iv: ivWordArray,
5693 * salt: saltWordArray,
5694 * algorithm: CryptoJS.algo.AES,
5695 * mode: CryptoJS.mode.CBC,
5696 * padding: CryptoJS.pad.PKCS7,
5697 * blockSize: 4,
5698 * formatter: CryptoJS.format.OpenSSL
5699 * });
5700 */
5701 init: function (cipherParams) {
5702 this.mixIn(cipherParams);
5703 },
5704
5705 /**
5706 * Converts this cipher params object to a string.
5707 *
5708 * @param {Format} formatter (Optional) The formatting strategy to use.
5709 *
5710 * @return {string} The stringified cipher params.
5711 *
5712 * @throws Error If neither the formatter nor the default formatter is set.
5713 *
5714 * @example
5715 *
5716 * var string = cipherParams + '';
5717 * var string = cipherParams.toString();
5718 * var string = cipherParams.toString(CryptoJS.format.OpenSSL);
5719 */
5720 toString: function (formatter) {
5721 return (formatter || this.formatter).stringify(this);
5722 }
5723 });
5724
5725 /**
5726 * Format namespace.
5727 */
5728 var C_format = C.format = {};
5729
5730 /**
5731 * OpenSSL formatting strategy.
5732 */
5733 var OpenSSLFormatter = C_format.OpenSSL = {
5734 /**
5735 * Converts a cipher params object to an OpenSSL-compatible string.
5736 *
5737 * @param {CipherParams} cipherParams The cipher params object.
5738 *
5739 * @return {string} The OpenSSL-compatible string.
5740 *
5741 * @static
5742 *
5743 * @example
5744 *
5745 * var openSSLString = CryptoJS.format.OpenSSL.stringify(cipherParams);
5746 */
5747 stringify: function (cipherParams) {
5748 // Shortcuts
5749 var ciphertext = cipherParams.ciphertext;
5750 var salt = cipherParams.salt;
5751
5752 // Format
5753 if (salt) {
5754 var wordArray = WordArray.create([0x53616c74, 0x65645f5f]).concat(salt).concat(ciphertext);
5755 } else {
5756 var wordArray = ciphertext;
5757 }
5758
5759 return wordArray.toString(Base64);
5760 },
5761
5762 /**
5763 * Converts an OpenSSL-compatible string to a cipher params object.
5764 *
5765 * @param {string} openSSLStr The OpenSSL-compatible string.
5766 *
5767 * @return {CipherParams} The cipher params object.
5768 *
5769 * @static
5770 *
5771 * @example
5772 *
5773 * var cipherParams = CryptoJS.format.OpenSSL.parse(openSSLString);
5774 */
5775 parse: function (openSSLStr) {
5776 // Parse base64
5777 var ciphertext = Base64.parse(openSSLStr);
5778
5779 // Shortcut
5780 var ciphertextWords = ciphertext.words;
5781
5782 // Test for salt
5783 if (ciphertextWords[0] == 0x53616c74 && ciphertextWords[1] == 0x65645f5f) {
5784 // Extract salt
5785 var salt = WordArray.create(ciphertextWords.slice(2, 4));
5786
5787 // Remove salt from ciphertext
5788 ciphertextWords.splice(0, 4);
5789 ciphertext.sigBytes -= 16;
5790 }
5791
5792 return CipherParams.create({ ciphertext: ciphertext, salt: salt });
5793 }
5794 };
5795
5796 /**
5797 * A cipher wrapper that returns ciphertext as a serializable cipher params object.
5798 */
5799 var SerializableCipher = C_lib.SerializableCipher = Base.extend({
5800 /**
5801 * Configuration options.
5802 *
5803 * @property {Formatter} format The formatting strategy to convert cipher param objects to and from a string. Default: OpenSSL
5804 */
5805 cfg: Base.extend({
5806 format: OpenSSLFormatter
5807 }),
5808
5809 /**
5810 * Encrypts a message.
5811 *
5812 * @param {Cipher} cipher The cipher algorithm to use.
5813 * @param {WordArray|string} message The message to encrypt.
5814 * @param {WordArray} key The key.
5815 * @param {Object} cfg (Optional) The configuration options to use for this operation.
5816 *
5817 * @return {CipherParams} A cipher params object.
5818 *
5819 * @static
5820 *
5821 * @example
5822 *
5823 * var ciphertextParams = CryptoJS.lib.SerializableCipher.encrypt(CryptoJS.algo.AES, message, key);
5824 * var ciphertextParams = CryptoJS.lib.SerializableCipher.encrypt(CryptoJS.algo.AES, message, key, { iv: iv });
5825 * var ciphertextParams = CryptoJS.lib.SerializableCipher.encrypt(CryptoJS.algo.AES, message, key, { iv: iv, format: CryptoJS.format.OpenSSL });
5826 */
5827 encrypt: function (cipher, message, key, cfg) {
5828 // Apply config defaults
5829 cfg = this.cfg.extend(cfg);
5830
5831 // Encrypt
5832 var encryptor = cipher.createEncryptor(key, cfg);
5833 var ciphertext = encryptor.finalize(message);
5834
5835 // Shortcut
5836 var cipherCfg = encryptor.cfg;
5837
5838 // Create and return serializable cipher params
5839 return CipherParams.create({
5840 ciphertext: ciphertext,
5841 key: key,
5842 iv: cipherCfg.iv,
5843 algorithm: cipher,
5844 mode: cipherCfg.mode,
5845 padding: cipherCfg.padding,
5846 blockSize: cipher.blockSize,
5847 formatter: cfg.format
5848 });
5849 },
5850
5851 /**
5852 * Decrypts serialized ciphertext.
5853 *
5854 * @param {Cipher} cipher The cipher algorithm to use.
5855 * @param {CipherParams|string} ciphertext The ciphertext to decrypt.
5856 * @param {WordArray} key The key.
5857 * @param {Object} cfg (Optional) The configuration options to use for this operation.
5858 *
5859 * @return {WordArray} The plaintext.
5860 *
5861 * @static
5862 *
5863 * @example
5864 *
5865 * var plaintext = CryptoJS.lib.SerializableCipher.decrypt(CryptoJS.algo.AES, formattedCiphertext, key, { iv: iv, format: CryptoJS.format.OpenSSL });
5866 * var plaintext = CryptoJS.lib.SerializableCipher.decrypt(CryptoJS.algo.AES, ciphertextParams, key, { iv: iv, format: CryptoJS.format.OpenSSL });
5867 */
5868 decrypt: function (cipher, ciphertext, key, cfg) {
5869 // Apply config defaults
5870 cfg = this.cfg.extend(cfg);
5871
5872 // Convert string to CipherParams
5873 ciphertext = this._parse(ciphertext, cfg.format);
5874
5875 // Decrypt
5876 var plaintext = cipher.createDecryptor(key, cfg).finalize(ciphertext.ciphertext);
5877
5878 return plaintext;
5879 },
5880
5881 /**
5882 * Converts serialized ciphertext to CipherParams,
5883 * else assumed CipherParams already and returns ciphertext unchanged.
5884 *
5885 * @param {CipherParams|string} ciphertext The ciphertext.
5886 * @param {Formatter} format The formatting strategy to use to parse serialized ciphertext.
5887 *
5888 * @return {CipherParams} The unserialized ciphertext.
5889 *
5890 * @static
5891 *
5892 * @example
5893 *
5894 * var ciphertextParams = CryptoJS.lib.SerializableCipher._parse(ciphertextStringOrParams, format);
5895 */
5896 _parse: function (ciphertext, format) {
5897 if (typeof ciphertext == 'string') {
5898 return format.parse(ciphertext, this);
5899 } else {
5900 return ciphertext;
5901 }
5902 }
5903 });
5904
5905 /**
5906 * Key derivation function namespace.
5907 */
5908 var C_kdf = C.kdf = {};
5909
5910 /**
5911 * OpenSSL key derivation function.
5912 */
5913 var OpenSSLKdf = C_kdf.OpenSSL = {
5914 /**
5915 * Derives a key and IV from a password.
5916 *
5917 * @param {string} password The password to derive from.
5918 * @param {number} keySize The size in words of the key to generate.
5919 * @param {number} ivSize The size in words of the IV to generate.
5920 * @param {WordArray|string} salt (Optional) A 64-bit salt to use. If omitted, a salt will be generated randomly.
5921 *
5922 * @return {CipherParams} A cipher params object with the key, IV, and salt.
5923 *
5924 * @static
5925 *
5926 * @example
5927 *
5928 * var derivedParams = CryptoJS.kdf.OpenSSL.execute('Password', 256/32, 128/32);
5929 * var derivedParams = CryptoJS.kdf.OpenSSL.execute('Password', 256/32, 128/32, 'saltsalt');
5930 */
5931 execute: function (password, keySize, ivSize, salt) {
5932 // Generate random salt
5933 if (!salt) {
5934 salt = WordArray.random(64/8);
5935 }
5936
5937 // Derive key and IV
5938 var key = EvpKDF.create({ keySize: keySize + ivSize }).compute(password, salt);
5939
5940 // Separate key and IV
5941 var iv = WordArray.create(key.words.slice(keySize), ivSize * 4);
5942 key.sigBytes = keySize * 4;
5943
5944 // Return params
5945 return CipherParams.create({ key: key, iv: iv, salt: salt });
5946 }
5947 };
5948
5949 /**
5950 * A serializable cipher wrapper that derives the key from a password,
5951 * and returns ciphertext as a serializable cipher params object.
5952 */
5953 var PasswordBasedCipher = C_lib.PasswordBasedCipher = SerializableCipher.extend({
5954 /**
5955 * Configuration options.
5956 *
5957 * @property {KDF} kdf The key derivation function to use to generate a key and IV from a password. Default: OpenSSL
5958 */
5959 cfg: SerializableCipher.cfg.extend({
5960 kdf: OpenSSLKdf
5961 }),
5962
5963 /**
5964 * Encrypts a message using a password.
5965 *
5966 * @param {Cipher} cipher The cipher algorithm to use.
5967 * @param {WordArray|string} message The message to encrypt.
5968 * @param {string} password The password.
5969 * @param {Object} cfg (Optional) The configuration options to use for this operation.
5970 *
5971 * @return {CipherParams} A cipher params object.
5972 *
5973 * @static
5974 *
5975 * @example
5976 *
5977 * var ciphertextParams = CryptoJS.lib.PasswordBasedCipher.encrypt(CryptoJS.algo.AES, message, 'password');
5978 * var ciphertextParams = CryptoJS.lib.PasswordBasedCipher.encrypt(CryptoJS.algo.AES, message, 'password', { format: CryptoJS.format.OpenSSL });
5979 */
5980 encrypt: function (cipher, message, password, cfg) {
5981 // Apply config defaults
5982 cfg = this.cfg.extend(cfg);
5983
5984 // Derive key and other params
5985 var derivedParams = cfg.kdf.execute(password, cipher.keySize, cipher.ivSize);
5986
5987 // Add IV to config
5988 cfg.iv = derivedParams.iv;
5989
5990 // Encrypt
5991 var ciphertext = SerializableCipher.encrypt.call(this, cipher, message, derivedParams.key, cfg);
5992
5993 // Mix in derived params
5994 ciphertext.mixIn(derivedParams);
5995
5996 return ciphertext;
5997 },
5998
5999 /**
6000 * Decrypts serialized ciphertext using a password.
6001 *
6002 * @param {Cipher} cipher The cipher algorithm to use.
6003 * @param {CipherParams|string} ciphertext The ciphertext to decrypt.
6004 * @param {string} password The password.
6005 * @param {Object} cfg (Optional) The configuration options to use for this operation.
6006 *
6007 * @return {WordArray} The plaintext.
6008 *
6009 * @static
6010 *
6011 * @example
6012 *
6013 * var plaintext = CryptoJS.lib.PasswordBasedCipher.decrypt(CryptoJS.algo.AES, formattedCiphertext, 'password', { format: CryptoJS.format.OpenSSL });
6014 * var plaintext = CryptoJS.lib.PasswordBasedCipher.decrypt(CryptoJS.algo.AES, ciphertextParams, 'password', { format: CryptoJS.format.OpenSSL });
6015 */
6016 decrypt: function (cipher, ciphertext, password, cfg) {
6017 // Apply config defaults
6018 cfg = this.cfg.extend(cfg);
6019
6020 // Convert string to CipherParams
6021 ciphertext = this._parse(ciphertext, cfg.format);
6022
6023 // Derive key and other params
6024 var derivedParams = cfg.kdf.execute(password, cipher.keySize, cipher.ivSize, ciphertext.salt);
6025
6026 // Add IV to config
6027 cfg.iv = derivedParams.iv;
6028
6029 // Decrypt
6030 var plaintext = SerializableCipher.decrypt.call(this, cipher, ciphertext, derivedParams.key, cfg);
6031
6032 return plaintext;
6033 }
6034 });
6035 }());
6036
6037
6038}));
6039},{"./core":31}],31:[function(_dereq_,module,exports){
6040;(function (root, factory) {
6041 if (typeof exports === "object") {
6042 // CommonJS
6043 module.exports = exports = factory();
6044 }
6045 else if (typeof define === "function" && define.amd) {
6046 // AMD
6047 define([], factory);
6048 }
6049 else {
6050 // Global (browser)
6051 root.CryptoJS = factory();
6052 }
6053}(this, function () {
6054
6055 /**
6056 * CryptoJS core components.
6057 */
6058 var CryptoJS = CryptoJS || (function (Math, undefined) {
6059 /**
6060 * CryptoJS namespace.
6061 */
6062 var C = {};
6063
6064 /**
6065 * Library namespace.
6066 */
6067 var C_lib = C.lib = {};
6068
6069 /**
6070 * Base object for prototypal inheritance.
6071 */
6072 var Base = C_lib.Base = (function () {
6073 function F() {}
6074
6075 return {
6076 /**
6077 * Creates a new object that inherits from this object.
6078 *
6079 * @param {Object} overrides Properties to copy into the new object.
6080 *
6081 * @return {Object} The new object.
6082 *
6083 * @static
6084 *
6085 * @example
6086 *
6087 * var MyType = CryptoJS.lib.Base.extend({
6088 * field: 'value',
6089 *
6090 * method: function () {
6091 * }
6092 * });
6093 */
6094 extend: function (overrides) {
6095 // Spawn
6096 F.prototype = this;
6097 var subtype = new F();
6098
6099 // Augment
6100 if (overrides) {
6101 subtype.mixIn(overrides);
6102 }
6103
6104 // Create default initializer
6105 if (!subtype.hasOwnProperty('init')) {
6106 subtype.init = function () {
6107 subtype.$super.init.apply(this, arguments);
6108 };
6109 }
6110
6111 // Initializer's prototype is the subtype object
6112 subtype.init.prototype = subtype;
6113
6114 // Reference supertype
6115 subtype.$super = this;
6116
6117 return subtype;
6118 },
6119
6120 /**
6121 * Extends this object and runs the init method.
6122 * Arguments to create() will be passed to init().
6123 *
6124 * @return {Object} The new object.
6125 *
6126 * @static
6127 *
6128 * @example
6129 *
6130 * var instance = MyType.create();
6131 */
6132 create: function () {
6133 var instance = this.extend();
6134 instance.init.apply(instance, arguments);
6135
6136 return instance;
6137 },
6138
6139 /**
6140 * Initializes a newly created object.
6141 * Override this method to add some logic when your objects are created.
6142 *
6143 * @example
6144 *
6145 * var MyType = CryptoJS.lib.Base.extend({
6146 * init: function () {
6147 * // ...
6148 * }
6149 * });
6150 */
6151 init: function () {
6152 },
6153
6154 /**
6155 * Copies properties into this object.
6156 *
6157 * @param {Object} properties The properties to mix in.
6158 *
6159 * @example
6160 *
6161 * MyType.mixIn({
6162 * field: 'value'
6163 * });
6164 */
6165 mixIn: function (properties) {
6166 for (var propertyName in properties) {
6167 if (properties.hasOwnProperty(propertyName)) {
6168 this[propertyName] = properties[propertyName];
6169 }
6170 }
6171
6172 // IE won't copy toString using the loop above
6173 if (properties.hasOwnProperty('toString')) {
6174 this.toString = properties.toString;
6175 }
6176 },
6177
6178 /**
6179 * Creates a copy of this object.
6180 *
6181 * @return {Object} The clone.
6182 *
6183 * @example
6184 *
6185 * var clone = instance.clone();
6186 */
6187 clone: function () {
6188 return this.init.prototype.extend(this);
6189 }
6190 };
6191 }());
6192
6193 /**
6194 * An array of 32-bit words.
6195 *
6196 * @property {Array} words The array of 32-bit words.
6197 * @property {number} sigBytes The number of significant bytes in this word array.
6198 */
6199 var WordArray = C_lib.WordArray = Base.extend({
6200 /**
6201 * Initializes a newly created word array.
6202 *
6203 * @param {Array} words (Optional) An array of 32-bit words.
6204 * @param {number} sigBytes (Optional) The number of significant bytes in the words.
6205 *
6206 * @example
6207 *
6208 * var wordArray = CryptoJS.lib.WordArray.create();
6209 * var wordArray = CryptoJS.lib.WordArray.create([0x00010203, 0x04050607]);
6210 * var wordArray = CryptoJS.lib.WordArray.create([0x00010203, 0x04050607], 6);
6211 */
6212 init: function (words, sigBytes) {
6213 words = this.words = words || [];
6214
6215 if (sigBytes != undefined) {
6216 this.sigBytes = sigBytes;
6217 } else {
6218 this.sigBytes = words.length * 4;
6219 }
6220 },
6221
6222 /**
6223 * Converts this word array to a string.
6224 *
6225 * @param {Encoder} encoder (Optional) The encoding strategy to use. Default: CryptoJS.enc.Hex
6226 *
6227 * @return {string} The stringified word array.
6228 *
6229 * @example
6230 *
6231 * var string = wordArray + '';
6232 * var string = wordArray.toString();
6233 * var string = wordArray.toString(CryptoJS.enc.Utf8);
6234 */
6235 toString: function (encoder) {
6236 return (encoder || Hex).stringify(this);
6237 },
6238
6239 /**
6240 * Concatenates a word array to this word array.
6241 *
6242 * @param {WordArray} wordArray The word array to append.
6243 *
6244 * @return {WordArray} This word array.
6245 *
6246 * @example
6247 *
6248 * wordArray1.concat(wordArray2);
6249 */
6250 concat: function (wordArray) {
6251 // Shortcuts
6252 var thisWords = this.words;
6253 var thatWords = wordArray.words;
6254 var thisSigBytes = this.sigBytes;
6255 var thatSigBytes = wordArray.sigBytes;
6256
6257 // Clamp excess bits
6258 this.clamp();
6259
6260 // Concat
6261 if (thisSigBytes % 4) {
6262 // Copy one byte at a time
6263 for (var i = 0; i < thatSigBytes; i++) {
6264 var thatByte = (thatWords[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
6265 thisWords[(thisSigBytes + i) >>> 2] |= thatByte << (24 - ((thisSigBytes + i) % 4) * 8);
6266 }
6267 } else if (thatWords.length > 0xffff) {
6268 // Copy one word at a time
6269 for (var i = 0; i < thatSigBytes; i += 4) {
6270 thisWords[(thisSigBytes + i) >>> 2] = thatWords[i >>> 2];
6271 }
6272 } else {
6273 // Copy all words at once
6274 thisWords.push.apply(thisWords, thatWords);
6275 }
6276 this.sigBytes += thatSigBytes;
6277
6278 // Chainable
6279 return this;
6280 },
6281
6282 /**
6283 * Removes insignificant bits.
6284 *
6285 * @example
6286 *
6287 * wordArray.clamp();
6288 */
6289 clamp: function () {
6290 // Shortcuts
6291 var words = this.words;
6292 var sigBytes = this.sigBytes;
6293
6294 // Clamp
6295 words[sigBytes >>> 2] &= 0xffffffff << (32 - (sigBytes % 4) * 8);
6296 words.length = Math.ceil(sigBytes / 4);
6297 },
6298
6299 /**
6300 * Creates a copy of this word array.
6301 *
6302 * @return {WordArray} The clone.
6303 *
6304 * @example
6305 *
6306 * var clone = wordArray.clone();
6307 */
6308 clone: function () {
6309 var clone = Base.clone.call(this);
6310 clone.words = this.words.slice(0);
6311
6312 return clone;
6313 },
6314
6315 /**
6316 * Creates a word array filled with random bytes.
6317 *
6318 * @param {number} nBytes The number of random bytes to generate.
6319 *
6320 * @return {WordArray} The random word array.
6321 *
6322 * @static
6323 *
6324 * @example
6325 *
6326 * var wordArray = CryptoJS.lib.WordArray.random(16);
6327 */
6328 random: function (nBytes) {
6329 var words = [];
6330 for (var i = 0; i < nBytes; i += 4) {
6331 words.push((Math.random() * 0x100000000) | 0);
6332 }
6333
6334 return new WordArray.init(words, nBytes);
6335 }
6336 });
6337
6338 /**
6339 * Encoder namespace.
6340 */
6341 var C_enc = C.enc = {};
6342
6343 /**
6344 * Hex encoding strategy.
6345 */
6346 var Hex = C_enc.Hex = {
6347 /**
6348 * Converts a word array to a hex string.
6349 *
6350 * @param {WordArray} wordArray The word array.
6351 *
6352 * @return {string} The hex string.
6353 *
6354 * @static
6355 *
6356 * @example
6357 *
6358 * var hexString = CryptoJS.enc.Hex.stringify(wordArray);
6359 */
6360 stringify: function (wordArray) {
6361 // Shortcuts
6362 var words = wordArray.words;
6363 var sigBytes = wordArray.sigBytes;
6364
6365 // Convert
6366 var hexChars = [];
6367 for (var i = 0; i < sigBytes; i++) {
6368 var bite = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
6369 hexChars.push((bite >>> 4).toString(16));
6370 hexChars.push((bite & 0x0f).toString(16));
6371 }
6372
6373 return hexChars.join('');
6374 },
6375
6376 /**
6377 * Converts a hex string to a word array.
6378 *
6379 * @param {string} hexStr The hex string.
6380 *
6381 * @return {WordArray} The word array.
6382 *
6383 * @static
6384 *
6385 * @example
6386 *
6387 * var wordArray = CryptoJS.enc.Hex.parse(hexString);
6388 */
6389 parse: function (hexStr) {
6390 // Shortcut
6391 var hexStrLength = hexStr.length;
6392
6393 // Convert
6394 var words = [];
6395 for (var i = 0; i < hexStrLength; i += 2) {
6396 words[i >>> 3] |= parseInt(hexStr.substr(i, 2), 16) << (24 - (i % 8) * 4);
6397 }
6398
6399 return new WordArray.init(words, hexStrLength / 2);
6400 }
6401 };
6402
6403 /**
6404 * Latin1 encoding strategy.
6405 */
6406 var Latin1 = C_enc.Latin1 = {
6407 /**
6408 * Converts a word array to a Latin1 string.
6409 *
6410 * @param {WordArray} wordArray The word array.
6411 *
6412 * @return {string} The Latin1 string.
6413 *
6414 * @static
6415 *
6416 * @example
6417 *
6418 * var latin1String = CryptoJS.enc.Latin1.stringify(wordArray);
6419 */
6420 stringify: function (wordArray) {
6421 // Shortcuts
6422 var words = wordArray.words;
6423 var sigBytes = wordArray.sigBytes;
6424
6425 // Convert
6426 var latin1Chars = [];
6427 for (var i = 0; i < sigBytes; i++) {
6428 var bite = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
6429 latin1Chars.push(String.fromCharCode(bite));
6430 }
6431
6432 return latin1Chars.join('');
6433 },
6434
6435 /**
6436 * Converts a Latin1 string to a word array.
6437 *
6438 * @param {string} latin1Str The Latin1 string.
6439 *
6440 * @return {WordArray} The word array.
6441 *
6442 * @static
6443 *
6444 * @example
6445 *
6446 * var wordArray = CryptoJS.enc.Latin1.parse(latin1String);
6447 */
6448 parse: function (latin1Str) {
6449 // Shortcut
6450 var latin1StrLength = latin1Str.length;
6451
6452 // Convert
6453 var words = [];
6454 for (var i = 0; i < latin1StrLength; i++) {
6455 words[i >>> 2] |= (latin1Str.charCodeAt(i) & 0xff) << (24 - (i % 4) * 8);
6456 }
6457
6458 return new WordArray.init(words, latin1StrLength);
6459 }
6460 };
6461
6462 /**
6463 * UTF-8 encoding strategy.
6464 */
6465 var Utf8 = C_enc.Utf8 = {
6466 /**
6467 * Converts a word array to a UTF-8 string.
6468 *
6469 * @param {WordArray} wordArray The word array.
6470 *
6471 * @return {string} The UTF-8 string.
6472 *
6473 * @static
6474 *
6475 * @example
6476 *
6477 * var utf8String = CryptoJS.enc.Utf8.stringify(wordArray);
6478 */
6479 stringify: function (wordArray) {
6480 try {
6481 return decodeURIComponent(escape(Latin1.stringify(wordArray)));
6482 } catch (e) {
6483 throw new Error('Malformed UTF-8 data');
6484 }
6485 },
6486
6487 /**
6488 * Converts a UTF-8 string to a word array.
6489 *
6490 * @param {string} utf8Str The UTF-8 string.
6491 *
6492 * @return {WordArray} The word array.
6493 *
6494 * @static
6495 *
6496 * @example
6497 *
6498 * var wordArray = CryptoJS.enc.Utf8.parse(utf8String);
6499 */
6500 parse: function (utf8Str) {
6501 return Latin1.parse(unescape(encodeURIComponent(utf8Str)));
6502 }
6503 };
6504
6505 /**
6506 * Abstract buffered block algorithm template.
6507 *
6508 * The property blockSize must be implemented in a concrete subtype.
6509 *
6510 * @property {number} _minBufferSize The number of blocks that should be kept unprocessed in the buffer. Default: 0
6511 */
6512 var BufferedBlockAlgorithm = C_lib.BufferedBlockAlgorithm = Base.extend({
6513 /**
6514 * Resets this block algorithm's data buffer to its initial state.
6515 *
6516 * @example
6517 *
6518 * bufferedBlockAlgorithm.reset();
6519 */
6520 reset: function () {
6521 // Initial values
6522 this._data = new WordArray.init();
6523 this._nDataBytes = 0;
6524 },
6525
6526 /**
6527 * Adds new data to this block algorithm's buffer.
6528 *
6529 * @param {WordArray|string} data The data to append. Strings are converted to a WordArray using UTF-8.
6530 *
6531 * @example
6532 *
6533 * bufferedBlockAlgorithm._append('data');
6534 * bufferedBlockAlgorithm._append(wordArray);
6535 */
6536 _append: function (data) {
6537 // Convert string to WordArray, else assume WordArray already
6538 if (typeof data == 'string') {
6539 data = Utf8.parse(data);
6540 }
6541
6542 // Append
6543 this._data.concat(data);
6544 this._nDataBytes += data.sigBytes;
6545 },
6546
6547 /**
6548 * Processes available data blocks.
6549 *
6550 * This method invokes _doProcessBlock(offset), which must be implemented by a concrete subtype.
6551 *
6552 * @param {boolean} doFlush Whether all blocks and partial blocks should be processed.
6553 *
6554 * @return {WordArray} The processed data.
6555 *
6556 * @example
6557 *
6558 * var processedData = bufferedBlockAlgorithm._process();
6559 * var processedData = bufferedBlockAlgorithm._process(!!'flush');
6560 */
6561 _process: function (doFlush) {
6562 // Shortcuts
6563 var data = this._data;
6564 var dataWords = data.words;
6565 var dataSigBytes = data.sigBytes;
6566 var blockSize = this.blockSize;
6567 var blockSizeBytes = blockSize * 4;
6568
6569 // Count blocks ready
6570 var nBlocksReady = dataSigBytes / blockSizeBytes;
6571 if (doFlush) {
6572 // Round up to include partial blocks
6573 nBlocksReady = Math.ceil(nBlocksReady);
6574 } else {
6575 // Round down to include only full blocks,
6576 // less the number of blocks that must remain in the buffer
6577 nBlocksReady = Math.max((nBlocksReady | 0) - this._minBufferSize, 0);
6578 }
6579
6580 // Count words ready
6581 var nWordsReady = nBlocksReady * blockSize;
6582
6583 // Count bytes ready
6584 var nBytesReady = Math.min(nWordsReady * 4, dataSigBytes);
6585
6586 // Process blocks
6587 if (nWordsReady) {
6588 for (var offset = 0; offset < nWordsReady; offset += blockSize) {
6589 // Perform concrete-algorithm logic
6590 this._doProcessBlock(dataWords, offset);
6591 }
6592
6593 // Remove processed words
6594 var processedWords = dataWords.splice(0, nWordsReady);
6595 data.sigBytes -= nBytesReady;
6596 }
6597
6598 // Return processed words
6599 return new WordArray.init(processedWords, nBytesReady);
6600 },
6601
6602 /**
6603 * Creates a copy of this object.
6604 *
6605 * @return {Object} The clone.
6606 *
6607 * @example
6608 *
6609 * var clone = bufferedBlockAlgorithm.clone();
6610 */
6611 clone: function () {
6612 var clone = Base.clone.call(this);
6613 clone._data = this._data.clone();
6614
6615 return clone;
6616 },
6617
6618 _minBufferSize: 0
6619 });
6620
6621 /**
6622 * Abstract hasher template.
6623 *
6624 * @property {number} blockSize The number of 32-bit words this hasher operates on. Default: 16 (512 bits)
6625 */
6626 var Hasher = C_lib.Hasher = BufferedBlockAlgorithm.extend({
6627 /**
6628 * Configuration options.
6629 */
6630 cfg: Base.extend(),
6631
6632 /**
6633 * Initializes a newly created hasher.
6634 *
6635 * @param {Object} cfg (Optional) The configuration options to use for this hash computation.
6636 *
6637 * @example
6638 *
6639 * var hasher = CryptoJS.algo.SHA256.create();
6640 */
6641 init: function (cfg) {
6642 // Apply config defaults
6643 this.cfg = this.cfg.extend(cfg);
6644
6645 // Set initial values
6646 this.reset();
6647 },
6648
6649 /**
6650 * Resets this hasher to its initial state.
6651 *
6652 * @example
6653 *
6654 * hasher.reset();
6655 */
6656 reset: function () {
6657 // Reset data buffer
6658 BufferedBlockAlgorithm.reset.call(this);
6659
6660 // Perform concrete-hasher logic
6661 this._doReset();
6662 },
6663
6664 /**
6665 * Updates this hasher with a message.
6666 *
6667 * @param {WordArray|string} messageUpdate The message to append.
6668 *
6669 * @return {Hasher} This hasher.
6670 *
6671 * @example
6672 *
6673 * hasher.update('message');
6674 * hasher.update(wordArray);
6675 */
6676 update: function (messageUpdate) {
6677 // Append
6678 this._append(messageUpdate);
6679
6680 // Update the hash
6681 this._process();
6682
6683 // Chainable
6684 return this;
6685 },
6686
6687 /**
6688 * Finalizes the hash computation.
6689 * Note that the finalize operation is effectively a destructive, read-once operation.
6690 *
6691 * @param {WordArray|string} messageUpdate (Optional) A final message update.
6692 *
6693 * @return {WordArray} The hash.
6694 *
6695 * @example
6696 *
6697 * var hash = hasher.finalize();
6698 * var hash = hasher.finalize('message');
6699 * var hash = hasher.finalize(wordArray);
6700 */
6701 finalize: function (messageUpdate) {
6702 // Final message update
6703 if (messageUpdate) {
6704 this._append(messageUpdate);
6705 }
6706
6707 // Perform concrete-hasher logic
6708 var hash = this._doFinalize();
6709
6710 return hash;
6711 },
6712
6713 blockSize: 512/32,
6714
6715 /**
6716 * Creates a shortcut function to a hasher's object interface.
6717 *
6718 * @param {Hasher} hasher The hasher to create a helper for.
6719 *
6720 * @return {Function} The shortcut function.
6721 *
6722 * @static
6723 *
6724 * @example
6725 *
6726 * var SHA256 = CryptoJS.lib.Hasher._createHelper(CryptoJS.algo.SHA256);
6727 */
6728 _createHelper: function (hasher) {
6729 return function (message, cfg) {
6730 return new hasher.init(cfg).finalize(message);
6731 };
6732 },
6733
6734 /**
6735 * Creates a shortcut function to the HMAC's object interface.
6736 *
6737 * @param {Hasher} hasher The hasher to use in this HMAC helper.
6738 *
6739 * @return {Function} The shortcut function.
6740 *
6741 * @static
6742 *
6743 * @example
6744 *
6745 * var HmacSHA256 = CryptoJS.lib.Hasher._createHmacHelper(CryptoJS.algo.SHA256);
6746 */
6747 _createHmacHelper: function (hasher) {
6748 return function (message, key) {
6749 return new C_algo.HMAC.init(hasher, key).finalize(message);
6750 };
6751 }
6752 });
6753
6754 /**
6755 * Algorithm namespace.
6756 */
6757 var C_algo = C.algo = {};
6758
6759 return C;
6760 }(Math));
6761
6762
6763 return CryptoJS;
6764
6765}));
6766},{}],32:[function(_dereq_,module,exports){
6767;(function (root, factory) {
6768 if (typeof exports === "object") {
6769 // CommonJS
6770 module.exports = exports = factory(_dereq_("./core"));
6771 }
6772 else if (typeof define === "function" && define.amd) {
6773 // AMD
6774 define(["./core"], factory);
6775 }
6776 else {
6777 // Global (browser)
6778 factory(root.CryptoJS);
6779 }
6780}(this, function (CryptoJS) {
6781
6782 (function () {
6783 // Shortcuts
6784 var C = CryptoJS;
6785 var C_lib = C.lib;
6786 var WordArray = C_lib.WordArray;
6787 var C_enc = C.enc;
6788
6789 /**
6790 * Base64 encoding strategy.
6791 */
6792 var Base64 = C_enc.Base64 = {
6793 /**
6794 * Converts a word array to a Base64 string.
6795 *
6796 * @param {WordArray} wordArray The word array.
6797 *
6798 * @return {string} The Base64 string.
6799 *
6800 * @static
6801 *
6802 * @example
6803 *
6804 * var base64String = CryptoJS.enc.Base64.stringify(wordArray);
6805 */
6806 stringify: function (wordArray) {
6807 // Shortcuts
6808 var words = wordArray.words;
6809 var sigBytes = wordArray.sigBytes;
6810 var map = this._map;
6811
6812 // Clamp excess bits
6813 wordArray.clamp();
6814
6815 // Convert
6816 var base64Chars = [];
6817 for (var i = 0; i < sigBytes; i += 3) {
6818 var byte1 = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
6819 var byte2 = (words[(i + 1) >>> 2] >>> (24 - ((i + 1) % 4) * 8)) & 0xff;
6820 var byte3 = (words[(i + 2) >>> 2] >>> (24 - ((i + 2) % 4) * 8)) & 0xff;
6821
6822 var triplet = (byte1 << 16) | (byte2 << 8) | byte3;
6823
6824 for (var j = 0; (j < 4) && (i + j * 0.75 < sigBytes); j++) {
6825 base64Chars.push(map.charAt((triplet >>> (6 * (3 - j))) & 0x3f));
6826 }
6827 }
6828
6829 // Add padding
6830 var paddingChar = map.charAt(64);
6831 if (paddingChar) {
6832 while (base64Chars.length % 4) {
6833 base64Chars.push(paddingChar);
6834 }
6835 }
6836
6837 return base64Chars.join('');
6838 },
6839
6840 /**
6841 * Converts a Base64 string to a word array.
6842 *
6843 * @param {string} base64Str The Base64 string.
6844 *
6845 * @return {WordArray} The word array.
6846 *
6847 * @static
6848 *
6849 * @example
6850 *
6851 * var wordArray = CryptoJS.enc.Base64.parse(base64String);
6852 */
6853 parse: function (base64Str) {
6854 // Shortcuts
6855 var base64StrLength = base64Str.length;
6856 var map = this._map;
6857
6858 // Ignore padding
6859 var paddingChar = map.charAt(64);
6860 if (paddingChar) {
6861 var paddingIndex = base64Str.indexOf(paddingChar);
6862 if (paddingIndex != -1) {
6863 base64StrLength = paddingIndex;
6864 }
6865 }
6866
6867 // Convert
6868 var words = [];
6869 var nBytes = 0;
6870 for (var i = 0; i < base64StrLength; i++) {
6871 if (i % 4) {
6872 var bits1 = map.indexOf(base64Str.charAt(i - 1)) << ((i % 4) * 2);
6873 var bits2 = map.indexOf(base64Str.charAt(i)) >>> (6 - (i % 4) * 2);
6874 words[nBytes >>> 2] |= (bits1 | bits2) << (24 - (nBytes % 4) * 8);
6875 nBytes++;
6876 }
6877 }
6878
6879 return WordArray.create(words, nBytes);
6880 },
6881
6882 _map: 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='
6883 };
6884 }());
6885
6886
6887 return CryptoJS.enc.Base64;
6888
6889}));
6890},{"./core":31}],33:[function(_dereq_,module,exports){
6891;(function (root, factory) {
6892 if (typeof exports === "object") {
6893 // CommonJS
6894 module.exports = exports = factory(_dereq_("./core"));
6895 }
6896 else if (typeof define === "function" && define.amd) {
6897 // AMD
6898 define(["./core"], factory);
6899 }
6900 else {
6901 // Global (browser)
6902 factory(root.CryptoJS);
6903 }
6904}(this, function (CryptoJS) {
6905
6906 (function () {
6907 // Shortcuts
6908 var C = CryptoJS;
6909 var C_lib = C.lib;
6910 var WordArray = C_lib.WordArray;
6911 var C_enc = C.enc;
6912
6913 /**
6914 * UTF-16 BE encoding strategy.
6915 */
6916 var Utf16BE = C_enc.Utf16 = C_enc.Utf16BE = {
6917 /**
6918 * Converts a word array to a UTF-16 BE string.
6919 *
6920 * @param {WordArray} wordArray The word array.
6921 *
6922 * @return {string} The UTF-16 BE string.
6923 *
6924 * @static
6925 *
6926 * @example
6927 *
6928 * var utf16String = CryptoJS.enc.Utf16.stringify(wordArray);
6929 */
6930 stringify: function (wordArray) {
6931 // Shortcuts
6932 var words = wordArray.words;
6933 var sigBytes = wordArray.sigBytes;
6934
6935 // Convert
6936 var utf16Chars = [];
6937 for (var i = 0; i < sigBytes; i += 2) {
6938 var codePoint = (words[i >>> 2] >>> (16 - (i % 4) * 8)) & 0xffff;
6939 utf16Chars.push(String.fromCharCode(codePoint));
6940 }
6941
6942 return utf16Chars.join('');
6943 },
6944
6945 /**
6946 * Converts a UTF-16 BE string to a word array.
6947 *
6948 * @param {string} utf16Str The UTF-16 BE string.
6949 *
6950 * @return {WordArray} The word array.
6951 *
6952 * @static
6953 *
6954 * @example
6955 *
6956 * var wordArray = CryptoJS.enc.Utf16.parse(utf16String);
6957 */
6958 parse: function (utf16Str) {
6959 // Shortcut
6960 var utf16StrLength = utf16Str.length;
6961
6962 // Convert
6963 var words = [];
6964 for (var i = 0; i < utf16StrLength; i++) {
6965 words[i >>> 1] |= utf16Str.charCodeAt(i) << (16 - (i % 2) * 16);
6966 }
6967
6968 return WordArray.create(words, utf16StrLength * 2);
6969 }
6970 };
6971
6972 /**
6973 * UTF-16 LE encoding strategy.
6974 */
6975 C_enc.Utf16LE = {
6976 /**
6977 * Converts a word array to a UTF-16 LE string.
6978 *
6979 * @param {WordArray} wordArray The word array.
6980 *
6981 * @return {string} The UTF-16 LE string.
6982 *
6983 * @static
6984 *
6985 * @example
6986 *
6987 * var utf16Str = CryptoJS.enc.Utf16LE.stringify(wordArray);
6988 */
6989 stringify: function (wordArray) {
6990 // Shortcuts
6991 var words = wordArray.words;
6992 var sigBytes = wordArray.sigBytes;
6993
6994 // Convert
6995 var utf16Chars = [];
6996 for (var i = 0; i < sigBytes; i += 2) {
6997 var codePoint = swapEndian((words[i >>> 2] >>> (16 - (i % 4) * 8)) & 0xffff);
6998 utf16Chars.push(String.fromCharCode(codePoint));
6999 }
7000
7001 return utf16Chars.join('');
7002 },
7003
7004 /**
7005 * Converts a UTF-16 LE string to a word array.
7006 *
7007 * @param {string} utf16Str The UTF-16 LE string.
7008 *
7009 * @return {WordArray} The word array.
7010 *
7011 * @static
7012 *
7013 * @example
7014 *
7015 * var wordArray = CryptoJS.enc.Utf16LE.parse(utf16Str);
7016 */
7017 parse: function (utf16Str) {
7018 // Shortcut
7019 var utf16StrLength = utf16Str.length;
7020
7021 // Convert
7022 var words = [];
7023 for (var i = 0; i < utf16StrLength; i++) {
7024 words[i >>> 1] |= swapEndian(utf16Str.charCodeAt(i) << (16 - (i % 2) * 16));
7025 }
7026
7027 return WordArray.create(words, utf16StrLength * 2);
7028 }
7029 };
7030
7031 function swapEndian(word) {
7032 return ((word << 8) & 0xff00ff00) | ((word >>> 8) & 0x00ff00ff);
7033 }
7034 }());
7035
7036
7037 return CryptoJS.enc.Utf16;
7038
7039}));
7040},{"./core":31}],34:[function(_dereq_,module,exports){
7041;(function (root, factory, undef) {
7042 if (typeof exports === "object") {
7043 // CommonJS
7044 module.exports = exports = factory(_dereq_("./core"), _dereq_("./sha1"), _dereq_("./hmac"));
7045 }
7046 else if (typeof define === "function" && define.amd) {
7047 // AMD
7048 define(["./core", "./sha1", "./hmac"], factory);
7049 }
7050 else {
7051 // Global (browser)
7052 factory(root.CryptoJS);
7053 }
7054}(this, function (CryptoJS) {
7055
7056 (function () {
7057 // Shortcuts
7058 var C = CryptoJS;
7059 var C_lib = C.lib;
7060 var Base = C_lib.Base;
7061 var WordArray = C_lib.WordArray;
7062 var C_algo = C.algo;
7063 var MD5 = C_algo.MD5;
7064
7065 /**
7066 * This key derivation function is meant to conform with EVP_BytesToKey.
7067 * www.openssl.org/docs/crypto/EVP_BytesToKey.html
7068 */
7069 var EvpKDF = C_algo.EvpKDF = Base.extend({
7070 /**
7071 * Configuration options.
7072 *
7073 * @property {number} keySize The key size in words to generate. Default: 4 (128 bits)
7074 * @property {Hasher} hasher The hash algorithm to use. Default: MD5
7075 * @property {number} iterations The number of iterations to perform. Default: 1
7076 */
7077 cfg: Base.extend({
7078 keySize: 128/32,
7079 hasher: MD5,
7080 iterations: 1
7081 }),
7082
7083 /**
7084 * Initializes a newly created key derivation function.
7085 *
7086 * @param {Object} cfg (Optional) The configuration options to use for the derivation.
7087 *
7088 * @example
7089 *
7090 * var kdf = CryptoJS.algo.EvpKDF.create();
7091 * var kdf = CryptoJS.algo.EvpKDF.create({ keySize: 8 });
7092 * var kdf = CryptoJS.algo.EvpKDF.create({ keySize: 8, iterations: 1000 });
7093 */
7094 init: function (cfg) {
7095 this.cfg = this.cfg.extend(cfg);
7096 },
7097
7098 /**
7099 * Derives a key from a password.
7100 *
7101 * @param {WordArray|string} password The password.
7102 * @param {WordArray|string} salt A salt.
7103 *
7104 * @return {WordArray} The derived key.
7105 *
7106 * @example
7107 *
7108 * var key = kdf.compute(password, salt);
7109 */
7110 compute: function (password, salt) {
7111 // Shortcut
7112 var cfg = this.cfg;
7113
7114 // Init hasher
7115 var hasher = cfg.hasher.create();
7116
7117 // Initial values
7118 var derivedKey = WordArray.create();
7119
7120 // Shortcuts
7121 var derivedKeyWords = derivedKey.words;
7122 var keySize = cfg.keySize;
7123 var iterations = cfg.iterations;
7124
7125 // Generate key
7126 while (derivedKeyWords.length < keySize) {
7127 if (block) {
7128 hasher.update(block);
7129 }
7130 var block = hasher.update(password).finalize(salt);
7131 hasher.reset();
7132
7133 // Iterations
7134 for (var i = 1; i < iterations; i++) {
7135 block = hasher.finalize(block);
7136 hasher.reset();
7137 }
7138
7139 derivedKey.concat(block);
7140 }
7141 derivedKey.sigBytes = keySize * 4;
7142
7143 return derivedKey;
7144 }
7145 });
7146
7147 /**
7148 * Derives a key from a password.
7149 *
7150 * @param {WordArray|string} password The password.
7151 * @param {WordArray|string} salt A salt.
7152 * @param {Object} cfg (Optional) The configuration options to use for this computation.
7153 *
7154 * @return {WordArray} The derived key.
7155 *
7156 * @static
7157 *
7158 * @example
7159 *
7160 * var key = CryptoJS.EvpKDF(password, salt);
7161 * var key = CryptoJS.EvpKDF(password, salt, { keySize: 8 });
7162 * var key = CryptoJS.EvpKDF(password, salt, { keySize: 8, iterations: 1000 });
7163 */
7164 C.EvpKDF = function (password, salt, cfg) {
7165 return EvpKDF.create(cfg).compute(password, salt);
7166 };
7167 }());
7168
7169
7170 return CryptoJS.EvpKDF;
7171
7172}));
7173},{"./core":31,"./hmac":36,"./sha1":55}],35:[function(_dereq_,module,exports){
7174;(function (root, factory, undef) {
7175 if (typeof exports === "object") {
7176 // CommonJS
7177 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
7178 }
7179 else if (typeof define === "function" && define.amd) {
7180 // AMD
7181 define(["./core", "./cipher-core"], factory);
7182 }
7183 else {
7184 // Global (browser)
7185 factory(root.CryptoJS);
7186 }
7187}(this, function (CryptoJS) {
7188
7189 (function (undefined) {
7190 // Shortcuts
7191 var C = CryptoJS;
7192 var C_lib = C.lib;
7193 var CipherParams = C_lib.CipherParams;
7194 var C_enc = C.enc;
7195 var Hex = C_enc.Hex;
7196 var C_format = C.format;
7197
7198 var HexFormatter = C_format.Hex = {
7199 /**
7200 * Converts the ciphertext of a cipher params object to a hexadecimally encoded string.
7201 *
7202 * @param {CipherParams} cipherParams The cipher params object.
7203 *
7204 * @return {string} The hexadecimally encoded string.
7205 *
7206 * @static
7207 *
7208 * @example
7209 *
7210 * var hexString = CryptoJS.format.Hex.stringify(cipherParams);
7211 */
7212 stringify: function (cipherParams) {
7213 return cipherParams.ciphertext.toString(Hex);
7214 },
7215
7216 /**
7217 * Converts a hexadecimally encoded ciphertext string to a cipher params object.
7218 *
7219 * @param {string} input The hexadecimally encoded string.
7220 *
7221 * @return {CipherParams} The cipher params object.
7222 *
7223 * @static
7224 *
7225 * @example
7226 *
7227 * var cipherParams = CryptoJS.format.Hex.parse(hexString);
7228 */
7229 parse: function (input) {
7230 var ciphertext = Hex.parse(input);
7231 return CipherParams.create({ ciphertext: ciphertext });
7232 }
7233 };
7234 }());
7235
7236
7237 return CryptoJS.format.Hex;
7238
7239}));
7240},{"./cipher-core":30,"./core":31}],36:[function(_dereq_,module,exports){
7241;(function (root, factory) {
7242 if (typeof exports === "object") {
7243 // CommonJS
7244 module.exports = exports = factory(_dereq_("./core"));
7245 }
7246 else if (typeof define === "function" && define.amd) {
7247 // AMD
7248 define(["./core"], factory);
7249 }
7250 else {
7251 // Global (browser)
7252 factory(root.CryptoJS);
7253 }
7254}(this, function (CryptoJS) {
7255
7256 (function () {
7257 // Shortcuts
7258 var C = CryptoJS;
7259 var C_lib = C.lib;
7260 var Base = C_lib.Base;
7261 var C_enc = C.enc;
7262 var Utf8 = C_enc.Utf8;
7263 var C_algo = C.algo;
7264
7265 /**
7266 * HMAC algorithm.
7267 */
7268 var HMAC = C_algo.HMAC = Base.extend({
7269 /**
7270 * Initializes a newly created HMAC.
7271 *
7272 * @param {Hasher} hasher The hash algorithm to use.
7273 * @param {WordArray|string} key The secret key.
7274 *
7275 * @example
7276 *
7277 * var hmacHasher = CryptoJS.algo.HMAC.create(CryptoJS.algo.SHA256, key);
7278 */
7279 init: function (hasher, key) {
7280 // Init hasher
7281 hasher = this._hasher = new hasher.init();
7282
7283 // Convert string to WordArray, else assume WordArray already
7284 if (typeof key == 'string') {
7285 key = Utf8.parse(key);
7286 }
7287
7288 // Shortcuts
7289 var hasherBlockSize = hasher.blockSize;
7290 var hasherBlockSizeBytes = hasherBlockSize * 4;
7291
7292 // Allow arbitrary length keys
7293 if (key.sigBytes > hasherBlockSizeBytes) {
7294 key = hasher.finalize(key);
7295 }
7296
7297 // Clamp excess bits
7298 key.clamp();
7299
7300 // Clone key for inner and outer pads
7301 var oKey = this._oKey = key.clone();
7302 var iKey = this._iKey = key.clone();
7303
7304 // Shortcuts
7305 var oKeyWords = oKey.words;
7306 var iKeyWords = iKey.words;
7307
7308 // XOR keys with pad constants
7309 for (var i = 0; i < hasherBlockSize; i++) {
7310 oKeyWords[i] ^= 0x5c5c5c5c;
7311 iKeyWords[i] ^= 0x36363636;
7312 }
7313 oKey.sigBytes = iKey.sigBytes = hasherBlockSizeBytes;
7314
7315 // Set initial values
7316 this.reset();
7317 },
7318
7319 /**
7320 * Resets this HMAC to its initial state.
7321 *
7322 * @example
7323 *
7324 * hmacHasher.reset();
7325 */
7326 reset: function () {
7327 // Shortcut
7328 var hasher = this._hasher;
7329
7330 // Reset
7331 hasher.reset();
7332 hasher.update(this._iKey);
7333 },
7334
7335 /**
7336 * Updates this HMAC with a message.
7337 *
7338 * @param {WordArray|string} messageUpdate The message to append.
7339 *
7340 * @return {HMAC} This HMAC instance.
7341 *
7342 * @example
7343 *
7344 * hmacHasher.update('message');
7345 * hmacHasher.update(wordArray);
7346 */
7347 update: function (messageUpdate) {
7348 this._hasher.update(messageUpdate);
7349
7350 // Chainable
7351 return this;
7352 },
7353
7354 /**
7355 * Finalizes the HMAC computation.
7356 * Note that the finalize operation is effectively a destructive, read-once operation.
7357 *
7358 * @param {WordArray|string} messageUpdate (Optional) A final message update.
7359 *
7360 * @return {WordArray} The HMAC.
7361 *
7362 * @example
7363 *
7364 * var hmac = hmacHasher.finalize();
7365 * var hmac = hmacHasher.finalize('message');
7366 * var hmac = hmacHasher.finalize(wordArray);
7367 */
7368 finalize: function (messageUpdate) {
7369 // Shortcut
7370 var hasher = this._hasher;
7371
7372 // Compute HMAC
7373 var innerHash = hasher.finalize(messageUpdate);
7374 hasher.reset();
7375 var hmac = hasher.finalize(this._oKey.clone().concat(innerHash));
7376
7377 return hmac;
7378 }
7379 });
7380 }());
7381
7382
7383}));
7384},{"./core":31}],37:[function(_dereq_,module,exports){
7385;(function (root, factory, undef) {
7386 if (typeof exports === "object") {
7387 // CommonJS
7388 module.exports = exports = factory(_dereq_("./core"), _dereq_("./x64-core"), _dereq_("./lib-typedarrays"), _dereq_("./enc-utf16"), _dereq_("./enc-base64"), _dereq_("./md5"), _dereq_("./sha1"), _dereq_("./sha256"), _dereq_("./sha224"), _dereq_("./sha512"), _dereq_("./sha384"), _dereq_("./sha3"), _dereq_("./ripemd160"), _dereq_("./hmac"), _dereq_("./pbkdf2"), _dereq_("./evpkdf"), _dereq_("./cipher-core"), _dereq_("./mode-cfb"), _dereq_("./mode-ctr"), _dereq_("./mode-ctr-gladman"), _dereq_("./mode-ofb"), _dereq_("./mode-ecb"), _dereq_("./pad-ansix923"), _dereq_("./pad-iso10126"), _dereq_("./pad-iso97971"), _dereq_("./pad-zeropadding"), _dereq_("./pad-nopadding"), _dereq_("./format-hex"), _dereq_("./aes"), _dereq_("./tripledes"), _dereq_("./rc4"), _dereq_("./rabbit"), _dereq_("./rabbit-legacy"));
7389 }
7390 else if (typeof define === "function" && define.amd) {
7391 // AMD
7392 define(["./core", "./x64-core", "./lib-typedarrays", "./enc-utf16", "./enc-base64", "./md5", "./sha1", "./sha256", "./sha224", "./sha512", "./sha384", "./sha3", "./ripemd160", "./hmac", "./pbkdf2", "./evpkdf", "./cipher-core", "./mode-cfb", "./mode-ctr", "./mode-ctr-gladman", "./mode-ofb", "./mode-ecb", "./pad-ansix923", "./pad-iso10126", "./pad-iso97971", "./pad-zeropadding", "./pad-nopadding", "./format-hex", "./aes", "./tripledes", "./rc4", "./rabbit", "./rabbit-legacy"], factory);
7393 }
7394 else {
7395 // Global (browser)
7396 factory(root.CryptoJS);
7397 }
7398}(this, function (CryptoJS) {
7399
7400 return CryptoJS;
7401
7402}));
7403},{"./aes":29,"./cipher-core":30,"./core":31,"./enc-base64":32,"./enc-utf16":33,"./evpkdf":34,"./format-hex":35,"./hmac":36,"./lib-typedarrays":38,"./md5":39,"./mode-cfb":40,"./mode-ctr":42,"./mode-ctr-gladman":41,"./mode-ecb":43,"./mode-ofb":44,"./pad-ansix923":45,"./pad-iso10126":46,"./pad-iso97971":47,"./pad-nopadding":48,"./pad-zeropadding":49,"./pbkdf2":50,"./rabbit":52,"./rabbit-legacy":51,"./rc4":53,"./ripemd160":54,"./sha1":55,"./sha224":56,"./sha256":57,"./sha3":58,"./sha384":59,"./sha512":60,"./tripledes":61,"./x64-core":62}],38:[function(_dereq_,module,exports){
7404;(function (root, factory) {
7405 if (typeof exports === "object") {
7406 // CommonJS
7407 module.exports = exports = factory(_dereq_("./core"));
7408 }
7409 else if (typeof define === "function" && define.amd) {
7410 // AMD
7411 define(["./core"], factory);
7412 }
7413 else {
7414 // Global (browser)
7415 factory(root.CryptoJS);
7416 }
7417}(this, function (CryptoJS) {
7418
7419 (function () {
7420 // Check if typed arrays are supported
7421 if (typeof ArrayBuffer != 'function') {
7422 return;
7423 }
7424
7425 // Shortcuts
7426 var C = CryptoJS;
7427 var C_lib = C.lib;
7428 var WordArray = C_lib.WordArray;
7429
7430 // Reference original init
7431 var superInit = WordArray.init;
7432
7433 // Augment WordArray.init to handle typed arrays
7434 var subInit = WordArray.init = function (typedArray) {
7435 // Convert buffers to uint8
7436 if (typedArray instanceof ArrayBuffer) {
7437 typedArray = new Uint8Array(typedArray);
7438 }
7439
7440 // Convert other array views to uint8
7441 if (
7442 typedArray instanceof Int8Array ||
7443 typedArray instanceof Uint8ClampedArray ||
7444 typedArray instanceof Int16Array ||
7445 typedArray instanceof Uint16Array ||
7446 typedArray instanceof Int32Array ||
7447 typedArray instanceof Uint32Array ||
7448 typedArray instanceof Float32Array ||
7449 typedArray instanceof Float64Array
7450 ) {
7451 typedArray = new Uint8Array(typedArray.buffer, typedArray.byteOffset, typedArray.byteLength);
7452 }
7453
7454 // Handle Uint8Array
7455 if (typedArray instanceof Uint8Array) {
7456 // Shortcut
7457 var typedArrayByteLength = typedArray.byteLength;
7458
7459 // Extract bytes
7460 var words = [];
7461 for (var i = 0; i < typedArrayByteLength; i++) {
7462 words[i >>> 2] |= typedArray[i] << (24 - (i % 4) * 8);
7463 }
7464
7465 // Initialize this word array
7466 superInit.call(this, words, typedArrayByteLength);
7467 } else {
7468 // Else call normal init
7469 superInit.apply(this, arguments);
7470 }
7471 };
7472
7473 subInit.prototype = WordArray;
7474 }());
7475
7476
7477 return CryptoJS.lib.WordArray;
7478
7479}));
7480},{"./core":31}],39:[function(_dereq_,module,exports){
7481;(function (root, factory) {
7482 if (typeof exports === "object") {
7483 // CommonJS
7484 module.exports = exports = factory(_dereq_("./core"));
7485 }
7486 else if (typeof define === "function" && define.amd) {
7487 // AMD
7488 define(["./core"], factory);
7489 }
7490 else {
7491 // Global (browser)
7492 factory(root.CryptoJS);
7493 }
7494}(this, function (CryptoJS) {
7495
7496 (function (Math) {
7497 // Shortcuts
7498 var C = CryptoJS;
7499 var C_lib = C.lib;
7500 var WordArray = C_lib.WordArray;
7501 var Hasher = C_lib.Hasher;
7502 var C_algo = C.algo;
7503
7504 // Constants table
7505 var T = [];
7506
7507 // Compute constants
7508 (function () {
7509 for (var i = 0; i < 64; i++) {
7510 T[i] = (Math.abs(Math.sin(i + 1)) * 0x100000000) | 0;
7511 }
7512 }());
7513
7514 /**
7515 * MD5 hash algorithm.
7516 */
7517 var MD5 = C_algo.MD5 = Hasher.extend({
7518 _doReset: function () {
7519 this._hash = new WordArray.init([
7520 0x67452301, 0xefcdab89,
7521 0x98badcfe, 0x10325476
7522 ]);
7523 },
7524
7525 _doProcessBlock: function (M, offset) {
7526 // Swap endian
7527 for (var i = 0; i < 16; i++) {
7528 // Shortcuts
7529 var offset_i = offset + i;
7530 var M_offset_i = M[offset_i];
7531
7532 M[offset_i] = (
7533 (((M_offset_i << 8) | (M_offset_i >>> 24)) & 0x00ff00ff) |
7534 (((M_offset_i << 24) | (M_offset_i >>> 8)) & 0xff00ff00)
7535 );
7536 }
7537
7538 // Shortcuts
7539 var H = this._hash.words;
7540
7541 var M_offset_0 = M[offset + 0];
7542 var M_offset_1 = M[offset + 1];
7543 var M_offset_2 = M[offset + 2];
7544 var M_offset_3 = M[offset + 3];
7545 var M_offset_4 = M[offset + 4];
7546 var M_offset_5 = M[offset + 5];
7547 var M_offset_6 = M[offset + 6];
7548 var M_offset_7 = M[offset + 7];
7549 var M_offset_8 = M[offset + 8];
7550 var M_offset_9 = M[offset + 9];
7551 var M_offset_10 = M[offset + 10];
7552 var M_offset_11 = M[offset + 11];
7553 var M_offset_12 = M[offset + 12];
7554 var M_offset_13 = M[offset + 13];
7555 var M_offset_14 = M[offset + 14];
7556 var M_offset_15 = M[offset + 15];
7557
7558 // Working varialbes
7559 var a = H[0];
7560 var b = H[1];
7561 var c = H[2];
7562 var d = H[3];
7563
7564 // Computation
7565 a = FF(a, b, c, d, M_offset_0, 7, T[0]);
7566 d = FF(d, a, b, c, M_offset_1, 12, T[1]);
7567 c = FF(c, d, a, b, M_offset_2, 17, T[2]);
7568 b = FF(b, c, d, a, M_offset_3, 22, T[3]);
7569 a = FF(a, b, c, d, M_offset_4, 7, T[4]);
7570 d = FF(d, a, b, c, M_offset_5, 12, T[5]);
7571 c = FF(c, d, a, b, M_offset_6, 17, T[6]);
7572 b = FF(b, c, d, a, M_offset_7, 22, T[7]);
7573 a = FF(a, b, c, d, M_offset_8, 7, T[8]);
7574 d = FF(d, a, b, c, M_offset_9, 12, T[9]);
7575 c = FF(c, d, a, b, M_offset_10, 17, T[10]);
7576 b = FF(b, c, d, a, M_offset_11, 22, T[11]);
7577 a = FF(a, b, c, d, M_offset_12, 7, T[12]);
7578 d = FF(d, a, b, c, M_offset_13, 12, T[13]);
7579 c = FF(c, d, a, b, M_offset_14, 17, T[14]);
7580 b = FF(b, c, d, a, M_offset_15, 22, T[15]);
7581
7582 a = GG(a, b, c, d, M_offset_1, 5, T[16]);
7583 d = GG(d, a, b, c, M_offset_6, 9, T[17]);
7584 c = GG(c, d, a, b, M_offset_11, 14, T[18]);
7585 b = GG(b, c, d, a, M_offset_0, 20, T[19]);
7586 a = GG(a, b, c, d, M_offset_5, 5, T[20]);
7587 d = GG(d, a, b, c, M_offset_10, 9, T[21]);
7588 c = GG(c, d, a, b, M_offset_15, 14, T[22]);
7589 b = GG(b, c, d, a, M_offset_4, 20, T[23]);
7590 a = GG(a, b, c, d, M_offset_9, 5, T[24]);
7591 d = GG(d, a, b, c, M_offset_14, 9, T[25]);
7592 c = GG(c, d, a, b, M_offset_3, 14, T[26]);
7593 b = GG(b, c, d, a, M_offset_8, 20, T[27]);
7594 a = GG(a, b, c, d, M_offset_13, 5, T[28]);
7595 d = GG(d, a, b, c, M_offset_2, 9, T[29]);
7596 c = GG(c, d, a, b, M_offset_7, 14, T[30]);
7597 b = GG(b, c, d, a, M_offset_12, 20, T[31]);
7598
7599 a = HH(a, b, c, d, M_offset_5, 4, T[32]);
7600 d = HH(d, a, b, c, M_offset_8, 11, T[33]);
7601 c = HH(c, d, a, b, M_offset_11, 16, T[34]);
7602 b = HH(b, c, d, a, M_offset_14, 23, T[35]);
7603 a = HH(a, b, c, d, M_offset_1, 4, T[36]);
7604 d = HH(d, a, b, c, M_offset_4, 11, T[37]);
7605 c = HH(c, d, a, b, M_offset_7, 16, T[38]);
7606 b = HH(b, c, d, a, M_offset_10, 23, T[39]);
7607 a = HH(a, b, c, d, M_offset_13, 4, T[40]);
7608 d = HH(d, a, b, c, M_offset_0, 11, T[41]);
7609 c = HH(c, d, a, b, M_offset_3, 16, T[42]);
7610 b = HH(b, c, d, a, M_offset_6, 23, T[43]);
7611 a = HH(a, b, c, d, M_offset_9, 4, T[44]);
7612 d = HH(d, a, b, c, M_offset_12, 11, T[45]);
7613 c = HH(c, d, a, b, M_offset_15, 16, T[46]);
7614 b = HH(b, c, d, a, M_offset_2, 23, T[47]);
7615
7616 a = II(a, b, c, d, M_offset_0, 6, T[48]);
7617 d = II(d, a, b, c, M_offset_7, 10, T[49]);
7618 c = II(c, d, a, b, M_offset_14, 15, T[50]);
7619 b = II(b, c, d, a, M_offset_5, 21, T[51]);
7620 a = II(a, b, c, d, M_offset_12, 6, T[52]);
7621 d = II(d, a, b, c, M_offset_3, 10, T[53]);
7622 c = II(c, d, a, b, M_offset_10, 15, T[54]);
7623 b = II(b, c, d, a, M_offset_1, 21, T[55]);
7624 a = II(a, b, c, d, M_offset_8, 6, T[56]);
7625 d = II(d, a, b, c, M_offset_15, 10, T[57]);
7626 c = II(c, d, a, b, M_offset_6, 15, T[58]);
7627 b = II(b, c, d, a, M_offset_13, 21, T[59]);
7628 a = II(a, b, c, d, M_offset_4, 6, T[60]);
7629 d = II(d, a, b, c, M_offset_11, 10, T[61]);
7630 c = II(c, d, a, b, M_offset_2, 15, T[62]);
7631 b = II(b, c, d, a, M_offset_9, 21, T[63]);
7632
7633 // Intermediate hash value
7634 H[0] = (H[0] + a) | 0;
7635 H[1] = (H[1] + b) | 0;
7636 H[2] = (H[2] + c) | 0;
7637 H[3] = (H[3] + d) | 0;
7638 },
7639
7640 _doFinalize: function () {
7641 // Shortcuts
7642 var data = this._data;
7643 var dataWords = data.words;
7644
7645 var nBitsTotal = this._nDataBytes * 8;
7646 var nBitsLeft = data.sigBytes * 8;
7647
7648 // Add padding
7649 dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
7650
7651 var nBitsTotalH = Math.floor(nBitsTotal / 0x100000000);
7652 var nBitsTotalL = nBitsTotal;
7653 dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 15] = (
7654 (((nBitsTotalH << 8) | (nBitsTotalH >>> 24)) & 0x00ff00ff) |
7655 (((nBitsTotalH << 24) | (nBitsTotalH >>> 8)) & 0xff00ff00)
7656 );
7657 dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 14] = (
7658 (((nBitsTotalL << 8) | (nBitsTotalL >>> 24)) & 0x00ff00ff) |
7659 (((nBitsTotalL << 24) | (nBitsTotalL >>> 8)) & 0xff00ff00)
7660 );
7661
7662 data.sigBytes = (dataWords.length + 1) * 4;
7663
7664 // Hash final blocks
7665 this._process();
7666
7667 // Shortcuts
7668 var hash = this._hash;
7669 var H = hash.words;
7670
7671 // Swap endian
7672 for (var i = 0; i < 4; i++) {
7673 // Shortcut
7674 var H_i = H[i];
7675
7676 H[i] = (((H_i << 8) | (H_i >>> 24)) & 0x00ff00ff) |
7677 (((H_i << 24) | (H_i >>> 8)) & 0xff00ff00);
7678 }
7679
7680 // Return final computed hash
7681 return hash;
7682 },
7683
7684 clone: function () {
7685 var clone = Hasher.clone.call(this);
7686 clone._hash = this._hash.clone();
7687
7688 return clone;
7689 }
7690 });
7691
7692 function FF(a, b, c, d, x, s, t) {
7693 var n = a + ((b & c) | (~b & d)) + x + t;
7694 return ((n << s) | (n >>> (32 - s))) + b;
7695 }
7696
7697 function GG(a, b, c, d, x, s, t) {
7698 var n = a + ((b & d) | (c & ~d)) + x + t;
7699 return ((n << s) | (n >>> (32 - s))) + b;
7700 }
7701
7702 function HH(a, b, c, d, x, s, t) {
7703 var n = a + (b ^ c ^ d) + x + t;
7704 return ((n << s) | (n >>> (32 - s))) + b;
7705 }
7706
7707 function II(a, b, c, d, x, s, t) {
7708 var n = a + (c ^ (b | ~d)) + x + t;
7709 return ((n << s) | (n >>> (32 - s))) + b;
7710 }
7711
7712 /**
7713 * Shortcut function to the hasher's object interface.
7714 *
7715 * @param {WordArray|string} message The message to hash.
7716 *
7717 * @return {WordArray} The hash.
7718 *
7719 * @static
7720 *
7721 * @example
7722 *
7723 * var hash = CryptoJS.MD5('message');
7724 * var hash = CryptoJS.MD5(wordArray);
7725 */
7726 C.MD5 = Hasher._createHelper(MD5);
7727
7728 /**
7729 * Shortcut function to the HMAC's object interface.
7730 *
7731 * @param {WordArray|string} message The message to hash.
7732 * @param {WordArray|string} key The secret key.
7733 *
7734 * @return {WordArray} The HMAC.
7735 *
7736 * @static
7737 *
7738 * @example
7739 *
7740 * var hmac = CryptoJS.HmacMD5(message, key);
7741 */
7742 C.HmacMD5 = Hasher._createHmacHelper(MD5);
7743 }(Math));
7744
7745
7746 return CryptoJS.MD5;
7747
7748}));
7749},{"./core":31}],40:[function(_dereq_,module,exports){
7750;(function (root, factory, undef) {
7751 if (typeof exports === "object") {
7752 // CommonJS
7753 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
7754 }
7755 else if (typeof define === "function" && define.amd) {
7756 // AMD
7757 define(["./core", "./cipher-core"], factory);
7758 }
7759 else {
7760 // Global (browser)
7761 factory(root.CryptoJS);
7762 }
7763}(this, function (CryptoJS) {
7764
7765 /**
7766 * Cipher Feedback block mode.
7767 */
7768 CryptoJS.mode.CFB = (function () {
7769 var CFB = CryptoJS.lib.BlockCipherMode.extend();
7770
7771 CFB.Encryptor = CFB.extend({
7772 processBlock: function (words, offset) {
7773 // Shortcuts
7774 var cipher = this._cipher;
7775 var blockSize = cipher.blockSize;
7776
7777 generateKeystreamAndEncrypt.call(this, words, offset, blockSize, cipher);
7778
7779 // Remember this block to use with next block
7780 this._prevBlock = words.slice(offset, offset + blockSize);
7781 }
7782 });
7783
7784 CFB.Decryptor = CFB.extend({
7785 processBlock: function (words, offset) {
7786 // Shortcuts
7787 var cipher = this._cipher;
7788 var blockSize = cipher.blockSize;
7789
7790 // Remember this block to use with next block
7791 var thisBlock = words.slice(offset, offset + blockSize);
7792
7793 generateKeystreamAndEncrypt.call(this, words, offset, blockSize, cipher);
7794
7795 // This block becomes the previous block
7796 this._prevBlock = thisBlock;
7797 }
7798 });
7799
7800 function generateKeystreamAndEncrypt(words, offset, blockSize, cipher) {
7801 // Shortcut
7802 var iv = this._iv;
7803
7804 // Generate keystream
7805 if (iv) {
7806 var keystream = iv.slice(0);
7807
7808 // Remove IV for subsequent blocks
7809 this._iv = undefined;
7810 } else {
7811 var keystream = this._prevBlock;
7812 }
7813 cipher.encryptBlock(keystream, 0);
7814
7815 // Encrypt
7816 for (var i = 0; i < blockSize; i++) {
7817 words[offset + i] ^= keystream[i];
7818 }
7819 }
7820
7821 return CFB;
7822 }());
7823
7824
7825 return CryptoJS.mode.CFB;
7826
7827}));
7828},{"./cipher-core":30,"./core":31}],41:[function(_dereq_,module,exports){
7829;(function (root, factory, undef) {
7830 if (typeof exports === "object") {
7831 // CommonJS
7832 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
7833 }
7834 else if (typeof define === "function" && define.amd) {
7835 // AMD
7836 define(["./core", "./cipher-core"], factory);
7837 }
7838 else {
7839 // Global (browser)
7840 factory(root.CryptoJS);
7841 }
7842}(this, function (CryptoJS) {
7843
7844 /** @preserve
7845 * Counter block mode compatible with Dr Brian Gladman fileenc.c
7846 * derived from CryptoJS.mode.CTR
7847 * Jan Hruby jhruby.web@gmail.com
7848 */
7849 CryptoJS.mode.CTRGladman = (function () {
7850 var CTRGladman = CryptoJS.lib.BlockCipherMode.extend();
7851
7852 function incWord(word)
7853 {
7854 if (((word >> 24) & 0xff) === 0xff) { //overflow
7855 var b1 = (word >> 16)&0xff;
7856 var b2 = (word >> 8)&0xff;
7857 var b3 = word & 0xff;
7858
7859 if (b1 === 0xff) // overflow b1
7860 {
7861 b1 = 0;
7862 if (b2 === 0xff)
7863 {
7864 b2 = 0;
7865 if (b3 === 0xff)
7866 {
7867 b3 = 0;
7868 }
7869 else
7870 {
7871 ++b3;
7872 }
7873 }
7874 else
7875 {
7876 ++b2;
7877 }
7878 }
7879 else
7880 {
7881 ++b1;
7882 }
7883
7884 word = 0;
7885 word += (b1 << 16);
7886 word += (b2 << 8);
7887 word += b3;
7888 }
7889 else
7890 {
7891 word += (0x01 << 24);
7892 }
7893 return word;
7894 }
7895
7896 function incCounter(counter)
7897 {
7898 if ((counter[0] = incWord(counter[0])) === 0)
7899 {
7900 // encr_data in fileenc.c from Dr Brian Gladman's counts only with DWORD j < 8
7901 counter[1] = incWord(counter[1]);
7902 }
7903 return counter;
7904 }
7905
7906 var Encryptor = CTRGladman.Encryptor = CTRGladman.extend({
7907 processBlock: function (words, offset) {
7908 // Shortcuts
7909 var cipher = this._cipher
7910 var blockSize = cipher.blockSize;
7911 var iv = this._iv;
7912 var counter = this._counter;
7913
7914 // Generate keystream
7915 if (iv) {
7916 counter = this._counter = iv.slice(0);
7917
7918 // Remove IV for subsequent blocks
7919 this._iv = undefined;
7920 }
7921
7922 incCounter(counter);
7923
7924 var keystream = counter.slice(0);
7925 cipher.encryptBlock(keystream, 0);
7926
7927 // Encrypt
7928 for (var i = 0; i < blockSize; i++) {
7929 words[offset + i] ^= keystream[i];
7930 }
7931 }
7932 });
7933
7934 CTRGladman.Decryptor = Encryptor;
7935
7936 return CTRGladman;
7937 }());
7938
7939
7940
7941
7942 return CryptoJS.mode.CTRGladman;
7943
7944}));
7945},{"./cipher-core":30,"./core":31}],42:[function(_dereq_,module,exports){
7946;(function (root, factory, undef) {
7947 if (typeof exports === "object") {
7948 // CommonJS
7949 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
7950 }
7951 else if (typeof define === "function" && define.amd) {
7952 // AMD
7953 define(["./core", "./cipher-core"], factory);
7954 }
7955 else {
7956 // Global (browser)
7957 factory(root.CryptoJS);
7958 }
7959}(this, function (CryptoJS) {
7960
7961 /**
7962 * Counter block mode.
7963 */
7964 CryptoJS.mode.CTR = (function () {
7965 var CTR = CryptoJS.lib.BlockCipherMode.extend();
7966
7967 var Encryptor = CTR.Encryptor = CTR.extend({
7968 processBlock: function (words, offset) {
7969 // Shortcuts
7970 var cipher = this._cipher
7971 var blockSize = cipher.blockSize;
7972 var iv = this._iv;
7973 var counter = this._counter;
7974
7975 // Generate keystream
7976 if (iv) {
7977 counter = this._counter = iv.slice(0);
7978
7979 // Remove IV for subsequent blocks
7980 this._iv = undefined;
7981 }
7982 var keystream = counter.slice(0);
7983 cipher.encryptBlock(keystream, 0);
7984
7985 // Increment counter
7986 counter[blockSize - 1] = (counter[blockSize - 1] + 1) | 0
7987
7988 // Encrypt
7989 for (var i = 0; i < blockSize; i++) {
7990 words[offset + i] ^= keystream[i];
7991 }
7992 }
7993 });
7994
7995 CTR.Decryptor = Encryptor;
7996
7997 return CTR;
7998 }());
7999
8000
8001 return CryptoJS.mode.CTR;
8002
8003}));
8004},{"./cipher-core":30,"./core":31}],43:[function(_dereq_,module,exports){
8005;(function (root, factory, undef) {
8006 if (typeof exports === "object") {
8007 // CommonJS
8008 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
8009 }
8010 else if (typeof define === "function" && define.amd) {
8011 // AMD
8012 define(["./core", "./cipher-core"], factory);
8013 }
8014 else {
8015 // Global (browser)
8016 factory(root.CryptoJS);
8017 }
8018}(this, function (CryptoJS) {
8019
8020 /**
8021 * Electronic Codebook block mode.
8022 */
8023 CryptoJS.mode.ECB = (function () {
8024 var ECB = CryptoJS.lib.BlockCipherMode.extend();
8025
8026 ECB.Encryptor = ECB.extend({
8027 processBlock: function (words, offset) {
8028 this._cipher.encryptBlock(words, offset);
8029 }
8030 });
8031
8032 ECB.Decryptor = ECB.extend({
8033 processBlock: function (words, offset) {
8034 this._cipher.decryptBlock(words, offset);
8035 }
8036 });
8037
8038 return ECB;
8039 }());
8040
8041
8042 return CryptoJS.mode.ECB;
8043
8044}));
8045},{"./cipher-core":30,"./core":31}],44:[function(_dereq_,module,exports){
8046;(function (root, factory, undef) {
8047 if (typeof exports === "object") {
8048 // CommonJS
8049 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
8050 }
8051 else if (typeof define === "function" && define.amd) {
8052 // AMD
8053 define(["./core", "./cipher-core"], factory);
8054 }
8055 else {
8056 // Global (browser)
8057 factory(root.CryptoJS);
8058 }
8059}(this, function (CryptoJS) {
8060
8061 /**
8062 * Output Feedback block mode.
8063 */
8064 CryptoJS.mode.OFB = (function () {
8065 var OFB = CryptoJS.lib.BlockCipherMode.extend();
8066
8067 var Encryptor = OFB.Encryptor = OFB.extend({
8068 processBlock: function (words, offset) {
8069 // Shortcuts
8070 var cipher = this._cipher
8071 var blockSize = cipher.blockSize;
8072 var iv = this._iv;
8073 var keystream = this._keystream;
8074
8075 // Generate keystream
8076 if (iv) {
8077 keystream = this._keystream = iv.slice(0);
8078
8079 // Remove IV for subsequent blocks
8080 this._iv = undefined;
8081 }
8082 cipher.encryptBlock(keystream, 0);
8083
8084 // Encrypt
8085 for (var i = 0; i < blockSize; i++) {
8086 words[offset + i] ^= keystream[i];
8087 }
8088 }
8089 });
8090
8091 OFB.Decryptor = Encryptor;
8092
8093 return OFB;
8094 }());
8095
8096
8097 return CryptoJS.mode.OFB;
8098
8099}));
8100},{"./cipher-core":30,"./core":31}],45:[function(_dereq_,module,exports){
8101;(function (root, factory, undef) {
8102 if (typeof exports === "object") {
8103 // CommonJS
8104 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
8105 }
8106 else if (typeof define === "function" && define.amd) {
8107 // AMD
8108 define(["./core", "./cipher-core"], factory);
8109 }
8110 else {
8111 // Global (browser)
8112 factory(root.CryptoJS);
8113 }
8114}(this, function (CryptoJS) {
8115
8116 /**
8117 * ANSI X.923 padding strategy.
8118 */
8119 CryptoJS.pad.AnsiX923 = {
8120 pad: function (data, blockSize) {
8121 // Shortcuts
8122 var dataSigBytes = data.sigBytes;
8123 var blockSizeBytes = blockSize * 4;
8124
8125 // Count padding bytes
8126 var nPaddingBytes = blockSizeBytes - dataSigBytes % blockSizeBytes;
8127
8128 // Compute last byte position
8129 var lastBytePos = dataSigBytes + nPaddingBytes - 1;
8130
8131 // Pad
8132 data.clamp();
8133 data.words[lastBytePos >>> 2] |= nPaddingBytes << (24 - (lastBytePos % 4) * 8);
8134 data.sigBytes += nPaddingBytes;
8135 },
8136
8137 unpad: function (data) {
8138 // Get number of padding bytes from last byte
8139 var nPaddingBytes = data.words[(data.sigBytes - 1) >>> 2] & 0xff;
8140
8141 // Remove padding
8142 data.sigBytes -= nPaddingBytes;
8143 }
8144 };
8145
8146
8147 return CryptoJS.pad.Ansix923;
8148
8149}));
8150},{"./cipher-core":30,"./core":31}],46:[function(_dereq_,module,exports){
8151;(function (root, factory, undef) {
8152 if (typeof exports === "object") {
8153 // CommonJS
8154 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
8155 }
8156 else if (typeof define === "function" && define.amd) {
8157 // AMD
8158 define(["./core", "./cipher-core"], factory);
8159 }
8160 else {
8161 // Global (browser)
8162 factory(root.CryptoJS);
8163 }
8164}(this, function (CryptoJS) {
8165
8166 /**
8167 * ISO 10126 padding strategy.
8168 */
8169 CryptoJS.pad.Iso10126 = {
8170 pad: function (data, blockSize) {
8171 // Shortcut
8172 var blockSizeBytes = blockSize * 4;
8173
8174 // Count padding bytes
8175 var nPaddingBytes = blockSizeBytes - data.sigBytes % blockSizeBytes;
8176
8177 // Pad
8178 data.concat(CryptoJS.lib.WordArray.random(nPaddingBytes - 1)).
8179 concat(CryptoJS.lib.WordArray.create([nPaddingBytes << 24], 1));
8180 },
8181
8182 unpad: function (data) {
8183 // Get number of padding bytes from last byte
8184 var nPaddingBytes = data.words[(data.sigBytes - 1) >>> 2] & 0xff;
8185
8186 // Remove padding
8187 data.sigBytes -= nPaddingBytes;
8188 }
8189 };
8190
8191
8192 return CryptoJS.pad.Iso10126;
8193
8194}));
8195},{"./cipher-core":30,"./core":31}],47:[function(_dereq_,module,exports){
8196;(function (root, factory, undef) {
8197 if (typeof exports === "object") {
8198 // CommonJS
8199 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
8200 }
8201 else if (typeof define === "function" && define.amd) {
8202 // AMD
8203 define(["./core", "./cipher-core"], factory);
8204 }
8205 else {
8206 // Global (browser)
8207 factory(root.CryptoJS);
8208 }
8209}(this, function (CryptoJS) {
8210
8211 /**
8212 * ISO/IEC 9797-1 Padding Method 2.
8213 */
8214 CryptoJS.pad.Iso97971 = {
8215 pad: function (data, blockSize) {
8216 // Add 0x80 byte
8217 data.concat(CryptoJS.lib.WordArray.create([0x80000000], 1));
8218
8219 // Zero pad the rest
8220 CryptoJS.pad.ZeroPadding.pad(data, blockSize);
8221 },
8222
8223 unpad: function (data) {
8224 // Remove zero padding
8225 CryptoJS.pad.ZeroPadding.unpad(data);
8226
8227 // Remove one more byte -- the 0x80 byte
8228 data.sigBytes--;
8229 }
8230 };
8231
8232
8233 return CryptoJS.pad.Iso97971;
8234
8235}));
8236},{"./cipher-core":30,"./core":31}],48:[function(_dereq_,module,exports){
8237;(function (root, factory, undef) {
8238 if (typeof exports === "object") {
8239 // CommonJS
8240 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
8241 }
8242 else if (typeof define === "function" && define.amd) {
8243 // AMD
8244 define(["./core", "./cipher-core"], factory);
8245 }
8246 else {
8247 // Global (browser)
8248 factory(root.CryptoJS);
8249 }
8250}(this, function (CryptoJS) {
8251
8252 /**
8253 * A noop padding strategy.
8254 */
8255 CryptoJS.pad.NoPadding = {
8256 pad: function () {
8257 },
8258
8259 unpad: function () {
8260 }
8261 };
8262
8263
8264 return CryptoJS.pad.NoPadding;
8265
8266}));
8267},{"./cipher-core":30,"./core":31}],49:[function(_dereq_,module,exports){
8268;(function (root, factory, undef) {
8269 if (typeof exports === "object") {
8270 // CommonJS
8271 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
8272 }
8273 else if (typeof define === "function" && define.amd) {
8274 // AMD
8275 define(["./core", "./cipher-core"], factory);
8276 }
8277 else {
8278 // Global (browser)
8279 factory(root.CryptoJS);
8280 }
8281}(this, function (CryptoJS) {
8282
8283 /**
8284 * Zero padding strategy.
8285 */
8286 CryptoJS.pad.ZeroPadding = {
8287 pad: function (data, blockSize) {
8288 // Shortcut
8289 var blockSizeBytes = blockSize * 4;
8290
8291 // Pad
8292 data.clamp();
8293 data.sigBytes += blockSizeBytes - ((data.sigBytes % blockSizeBytes) || blockSizeBytes);
8294 },
8295
8296 unpad: function (data) {
8297 // Shortcut
8298 var dataWords = data.words;
8299
8300 // Unpad
8301 var i = data.sigBytes - 1;
8302 while (!((dataWords[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff)) {
8303 i--;
8304 }
8305 data.sigBytes = i + 1;
8306 }
8307 };
8308
8309
8310 return CryptoJS.pad.ZeroPadding;
8311
8312}));
8313},{"./cipher-core":30,"./core":31}],50:[function(_dereq_,module,exports){
8314;(function (root, factory, undef) {
8315 if (typeof exports === "object") {
8316 // CommonJS
8317 module.exports = exports = factory(_dereq_("./core"), _dereq_("./sha1"), _dereq_("./hmac"));
8318 }
8319 else if (typeof define === "function" && define.amd) {
8320 // AMD
8321 define(["./core", "./sha1", "./hmac"], factory);
8322 }
8323 else {
8324 // Global (browser)
8325 factory(root.CryptoJS);
8326 }
8327}(this, function (CryptoJS) {
8328
8329 (function () {
8330 // Shortcuts
8331 var C = CryptoJS;
8332 var C_lib = C.lib;
8333 var Base = C_lib.Base;
8334 var WordArray = C_lib.WordArray;
8335 var C_algo = C.algo;
8336 var SHA1 = C_algo.SHA1;
8337 var HMAC = C_algo.HMAC;
8338
8339 /**
8340 * Password-Based Key Derivation Function 2 algorithm.
8341 */
8342 var PBKDF2 = C_algo.PBKDF2 = Base.extend({
8343 /**
8344 * Configuration options.
8345 *
8346 * @property {number} keySize The key size in words to generate. Default: 4 (128 bits)
8347 * @property {Hasher} hasher The hasher to use. Default: SHA1
8348 * @property {number} iterations The number of iterations to perform. Default: 1
8349 */
8350 cfg: Base.extend({
8351 keySize: 128/32,
8352 hasher: SHA1,
8353 iterations: 1
8354 }),
8355
8356 /**
8357 * Initializes a newly created key derivation function.
8358 *
8359 * @param {Object} cfg (Optional) The configuration options to use for the derivation.
8360 *
8361 * @example
8362 *
8363 * var kdf = CryptoJS.algo.PBKDF2.create();
8364 * var kdf = CryptoJS.algo.PBKDF2.create({ keySize: 8 });
8365 * var kdf = CryptoJS.algo.PBKDF2.create({ keySize: 8, iterations: 1000 });
8366 */
8367 init: function (cfg) {
8368 this.cfg = this.cfg.extend(cfg);
8369 },
8370
8371 /**
8372 * Computes the Password-Based Key Derivation Function 2.
8373 *
8374 * @param {WordArray|string} password The password.
8375 * @param {WordArray|string} salt A salt.
8376 *
8377 * @return {WordArray} The derived key.
8378 *
8379 * @example
8380 *
8381 * var key = kdf.compute(password, salt);
8382 */
8383 compute: function (password, salt) {
8384 // Shortcut
8385 var cfg = this.cfg;
8386
8387 // Init HMAC
8388 var hmac = HMAC.create(cfg.hasher, password);
8389
8390 // Initial values
8391 var derivedKey = WordArray.create();
8392 var blockIndex = WordArray.create([0x00000001]);
8393
8394 // Shortcuts
8395 var derivedKeyWords = derivedKey.words;
8396 var blockIndexWords = blockIndex.words;
8397 var keySize = cfg.keySize;
8398 var iterations = cfg.iterations;
8399
8400 // Generate key
8401 while (derivedKeyWords.length < keySize) {
8402 var block = hmac.update(salt).finalize(blockIndex);
8403 hmac.reset();
8404
8405 // Shortcuts
8406 var blockWords = block.words;
8407 var blockWordsLength = blockWords.length;
8408
8409 // Iterations
8410 var intermediate = block;
8411 for (var i = 1; i < iterations; i++) {
8412 intermediate = hmac.finalize(intermediate);
8413 hmac.reset();
8414
8415 // Shortcut
8416 var intermediateWords = intermediate.words;
8417
8418 // XOR intermediate with block
8419 for (var j = 0; j < blockWordsLength; j++) {
8420 blockWords[j] ^= intermediateWords[j];
8421 }
8422 }
8423
8424 derivedKey.concat(block);
8425 blockIndexWords[0]++;
8426 }
8427 derivedKey.sigBytes = keySize * 4;
8428
8429 return derivedKey;
8430 }
8431 });
8432
8433 /**
8434 * Computes the Password-Based Key Derivation Function 2.
8435 *
8436 * @param {WordArray|string} password The password.
8437 * @param {WordArray|string} salt A salt.
8438 * @param {Object} cfg (Optional) The configuration options to use for this computation.
8439 *
8440 * @return {WordArray} The derived key.
8441 *
8442 * @static
8443 *
8444 * @example
8445 *
8446 * var key = CryptoJS.PBKDF2(password, salt);
8447 * var key = CryptoJS.PBKDF2(password, salt, { keySize: 8 });
8448 * var key = CryptoJS.PBKDF2(password, salt, { keySize: 8, iterations: 1000 });
8449 */
8450 C.PBKDF2 = function (password, salt, cfg) {
8451 return PBKDF2.create(cfg).compute(password, salt);
8452 };
8453 }());
8454
8455
8456 return CryptoJS.PBKDF2;
8457
8458}));
8459},{"./core":31,"./hmac":36,"./sha1":55}],51:[function(_dereq_,module,exports){
8460;(function (root, factory, undef) {
8461 if (typeof exports === "object") {
8462 // CommonJS
8463 module.exports = exports = factory(_dereq_("./core"), _dereq_("./enc-base64"), _dereq_("./md5"), _dereq_("./evpkdf"), _dereq_("./cipher-core"));
8464 }
8465 else if (typeof define === "function" && define.amd) {
8466 // AMD
8467 define(["./core", "./enc-base64", "./md5", "./evpkdf", "./cipher-core"], factory);
8468 }
8469 else {
8470 // Global (browser)
8471 factory(root.CryptoJS);
8472 }
8473}(this, function (CryptoJS) {
8474
8475 (function () {
8476 // Shortcuts
8477 var C = CryptoJS;
8478 var C_lib = C.lib;
8479 var StreamCipher = C_lib.StreamCipher;
8480 var C_algo = C.algo;
8481
8482 // Reusable objects
8483 var S = [];
8484 var C_ = [];
8485 var G = [];
8486
8487 /**
8488 * Rabbit stream cipher algorithm.
8489 *
8490 * This is a legacy version that neglected to convert the key to little-endian.
8491 * This error doesn't affect the cipher's security,
8492 * but it does affect its compatibility with other implementations.
8493 */
8494 var RabbitLegacy = C_algo.RabbitLegacy = StreamCipher.extend({
8495 _doReset: function () {
8496 // Shortcuts
8497 var K = this._key.words;
8498 var iv = this.cfg.iv;
8499
8500 // Generate initial state values
8501 var X = this._X = [
8502 K[0], (K[3] << 16) | (K[2] >>> 16),
8503 K[1], (K[0] << 16) | (K[3] >>> 16),
8504 K[2], (K[1] << 16) | (K[0] >>> 16),
8505 K[3], (K[2] << 16) | (K[1] >>> 16)
8506 ];
8507
8508 // Generate initial counter values
8509 var C = this._C = [
8510 (K[2] << 16) | (K[2] >>> 16), (K[0] & 0xffff0000) | (K[1] & 0x0000ffff),
8511 (K[3] << 16) | (K[3] >>> 16), (K[1] & 0xffff0000) | (K[2] & 0x0000ffff),
8512 (K[0] << 16) | (K[0] >>> 16), (K[2] & 0xffff0000) | (K[3] & 0x0000ffff),
8513 (K[1] << 16) | (K[1] >>> 16), (K[3] & 0xffff0000) | (K[0] & 0x0000ffff)
8514 ];
8515
8516 // Carry bit
8517 this._b = 0;
8518
8519 // Iterate the system four times
8520 for (var i = 0; i < 4; i++) {
8521 nextState.call(this);
8522 }
8523
8524 // Modify the counters
8525 for (var i = 0; i < 8; i++) {
8526 C[i] ^= X[(i + 4) & 7];
8527 }
8528
8529 // IV setup
8530 if (iv) {
8531 // Shortcuts
8532 var IV = iv.words;
8533 var IV_0 = IV[0];
8534 var IV_1 = IV[1];
8535
8536 // Generate four subvectors
8537 var i0 = (((IV_0 << 8) | (IV_0 >>> 24)) & 0x00ff00ff) | (((IV_0 << 24) | (IV_0 >>> 8)) & 0xff00ff00);
8538 var i2 = (((IV_1 << 8) | (IV_1 >>> 24)) & 0x00ff00ff) | (((IV_1 << 24) | (IV_1 >>> 8)) & 0xff00ff00);
8539 var i1 = (i0 >>> 16) | (i2 & 0xffff0000);
8540 var i3 = (i2 << 16) | (i0 & 0x0000ffff);
8541
8542 // Modify counter values
8543 C[0] ^= i0;
8544 C[1] ^= i1;
8545 C[2] ^= i2;
8546 C[3] ^= i3;
8547 C[4] ^= i0;
8548 C[5] ^= i1;
8549 C[6] ^= i2;
8550 C[7] ^= i3;
8551
8552 // Iterate the system four times
8553 for (var i = 0; i < 4; i++) {
8554 nextState.call(this);
8555 }
8556 }
8557 },
8558
8559 _doProcessBlock: function (M, offset) {
8560 // Shortcut
8561 var X = this._X;
8562
8563 // Iterate the system
8564 nextState.call(this);
8565
8566 // Generate four keystream words
8567 S[0] = X[0] ^ (X[5] >>> 16) ^ (X[3] << 16);
8568 S[1] = X[2] ^ (X[7] >>> 16) ^ (X[5] << 16);
8569 S[2] = X[4] ^ (X[1] >>> 16) ^ (X[7] << 16);
8570 S[3] = X[6] ^ (X[3] >>> 16) ^ (X[1] << 16);
8571
8572 for (var i = 0; i < 4; i++) {
8573 // Swap endian
8574 S[i] = (((S[i] << 8) | (S[i] >>> 24)) & 0x00ff00ff) |
8575 (((S[i] << 24) | (S[i] >>> 8)) & 0xff00ff00);
8576
8577 // Encrypt
8578 M[offset + i] ^= S[i];
8579 }
8580 },
8581
8582 blockSize: 128/32,
8583
8584 ivSize: 64/32
8585 });
8586
8587 function nextState() {
8588 // Shortcuts
8589 var X = this._X;
8590 var C = this._C;
8591
8592 // Save old counter values
8593 for (var i = 0; i < 8; i++) {
8594 C_[i] = C[i];
8595 }
8596
8597 // Calculate new counter values
8598 C[0] = (C[0] + 0x4d34d34d + this._b) | 0;
8599 C[1] = (C[1] + 0xd34d34d3 + ((C[0] >>> 0) < (C_[0] >>> 0) ? 1 : 0)) | 0;
8600 C[2] = (C[2] + 0x34d34d34 + ((C[1] >>> 0) < (C_[1] >>> 0) ? 1 : 0)) | 0;
8601 C[3] = (C[3] + 0x4d34d34d + ((C[2] >>> 0) < (C_[2] >>> 0) ? 1 : 0)) | 0;
8602 C[4] = (C[4] + 0xd34d34d3 + ((C[3] >>> 0) < (C_[3] >>> 0) ? 1 : 0)) | 0;
8603 C[5] = (C[5] + 0x34d34d34 + ((C[4] >>> 0) < (C_[4] >>> 0) ? 1 : 0)) | 0;
8604 C[6] = (C[6] + 0x4d34d34d + ((C[5] >>> 0) < (C_[5] >>> 0) ? 1 : 0)) | 0;
8605 C[7] = (C[7] + 0xd34d34d3 + ((C[6] >>> 0) < (C_[6] >>> 0) ? 1 : 0)) | 0;
8606 this._b = (C[7] >>> 0) < (C_[7] >>> 0) ? 1 : 0;
8607
8608 // Calculate the g-values
8609 for (var i = 0; i < 8; i++) {
8610 var gx = X[i] + C[i];
8611
8612 // Construct high and low argument for squaring
8613 var ga = gx & 0xffff;
8614 var gb = gx >>> 16;
8615
8616 // Calculate high and low result of squaring
8617 var gh = ((((ga * ga) >>> 17) + ga * gb) >>> 15) + gb * gb;
8618 var gl = (((gx & 0xffff0000) * gx) | 0) + (((gx & 0x0000ffff) * gx) | 0);
8619
8620 // High XOR low
8621 G[i] = gh ^ gl;
8622 }
8623
8624 // Calculate new state values
8625 X[0] = (G[0] + ((G[7] << 16) | (G[7] >>> 16)) + ((G[6] << 16) | (G[6] >>> 16))) | 0;
8626 X[1] = (G[1] + ((G[0] << 8) | (G[0] >>> 24)) + G[7]) | 0;
8627 X[2] = (G[2] + ((G[1] << 16) | (G[1] >>> 16)) + ((G[0] << 16) | (G[0] >>> 16))) | 0;
8628 X[3] = (G[3] + ((G[2] << 8) | (G[2] >>> 24)) + G[1]) | 0;
8629 X[4] = (G[4] + ((G[3] << 16) | (G[3] >>> 16)) + ((G[2] << 16) | (G[2] >>> 16))) | 0;
8630 X[5] = (G[5] + ((G[4] << 8) | (G[4] >>> 24)) + G[3]) | 0;
8631 X[6] = (G[6] + ((G[5] << 16) | (G[5] >>> 16)) + ((G[4] << 16) | (G[4] >>> 16))) | 0;
8632 X[7] = (G[7] + ((G[6] << 8) | (G[6] >>> 24)) + G[5]) | 0;
8633 }
8634
8635 /**
8636 * Shortcut functions to the cipher's object interface.
8637 *
8638 * @example
8639 *
8640 * var ciphertext = CryptoJS.RabbitLegacy.encrypt(message, key, cfg);
8641 * var plaintext = CryptoJS.RabbitLegacy.decrypt(ciphertext, key, cfg);
8642 */
8643 C.RabbitLegacy = StreamCipher._createHelper(RabbitLegacy);
8644 }());
8645
8646
8647 return CryptoJS.RabbitLegacy;
8648
8649}));
8650},{"./cipher-core":30,"./core":31,"./enc-base64":32,"./evpkdf":34,"./md5":39}],52:[function(_dereq_,module,exports){
8651;(function (root, factory, undef) {
8652 if (typeof exports === "object") {
8653 // CommonJS
8654 module.exports = exports = factory(_dereq_("./core"), _dereq_("./enc-base64"), _dereq_("./md5"), _dereq_("./evpkdf"), _dereq_("./cipher-core"));
8655 }
8656 else if (typeof define === "function" && define.amd) {
8657 // AMD
8658 define(["./core", "./enc-base64", "./md5", "./evpkdf", "./cipher-core"], factory);
8659 }
8660 else {
8661 // Global (browser)
8662 factory(root.CryptoJS);
8663 }
8664}(this, function (CryptoJS) {
8665
8666 (function () {
8667 // Shortcuts
8668 var C = CryptoJS;
8669 var C_lib = C.lib;
8670 var StreamCipher = C_lib.StreamCipher;
8671 var C_algo = C.algo;
8672
8673 // Reusable objects
8674 var S = [];
8675 var C_ = [];
8676 var G = [];
8677
8678 /**
8679 * Rabbit stream cipher algorithm
8680 */
8681 var Rabbit = C_algo.Rabbit = StreamCipher.extend({
8682 _doReset: function () {
8683 // Shortcuts
8684 var K = this._key.words;
8685 var iv = this.cfg.iv;
8686
8687 // Swap endian
8688 for (var i = 0; i < 4; i++) {
8689 K[i] = (((K[i] << 8) | (K[i] >>> 24)) & 0x00ff00ff) |
8690 (((K[i] << 24) | (K[i] >>> 8)) & 0xff00ff00);
8691 }
8692
8693 // Generate initial state values
8694 var X = this._X = [
8695 K[0], (K[3] << 16) | (K[2] >>> 16),
8696 K[1], (K[0] << 16) | (K[3] >>> 16),
8697 K[2], (K[1] << 16) | (K[0] >>> 16),
8698 K[3], (K[2] << 16) | (K[1] >>> 16)
8699 ];
8700
8701 // Generate initial counter values
8702 var C = this._C = [
8703 (K[2] << 16) | (K[2] >>> 16), (K[0] & 0xffff0000) | (K[1] & 0x0000ffff),
8704 (K[3] << 16) | (K[3] >>> 16), (K[1] & 0xffff0000) | (K[2] & 0x0000ffff),
8705 (K[0] << 16) | (K[0] >>> 16), (K[2] & 0xffff0000) | (K[3] & 0x0000ffff),
8706 (K[1] << 16) | (K[1] >>> 16), (K[3] & 0xffff0000) | (K[0] & 0x0000ffff)
8707 ];
8708
8709 // Carry bit
8710 this._b = 0;
8711
8712 // Iterate the system four times
8713 for (var i = 0; i < 4; i++) {
8714 nextState.call(this);
8715 }
8716
8717 // Modify the counters
8718 for (var i = 0; i < 8; i++) {
8719 C[i] ^= X[(i + 4) & 7];
8720 }
8721
8722 // IV setup
8723 if (iv) {
8724 // Shortcuts
8725 var IV = iv.words;
8726 var IV_0 = IV[0];
8727 var IV_1 = IV[1];
8728
8729 // Generate four subvectors
8730 var i0 = (((IV_0 << 8) | (IV_0 >>> 24)) & 0x00ff00ff) | (((IV_0 << 24) | (IV_0 >>> 8)) & 0xff00ff00);
8731 var i2 = (((IV_1 << 8) | (IV_1 >>> 24)) & 0x00ff00ff) | (((IV_1 << 24) | (IV_1 >>> 8)) & 0xff00ff00);
8732 var i1 = (i0 >>> 16) | (i2 & 0xffff0000);
8733 var i3 = (i2 << 16) | (i0 & 0x0000ffff);
8734
8735 // Modify counter values
8736 C[0] ^= i0;
8737 C[1] ^= i1;
8738 C[2] ^= i2;
8739 C[3] ^= i3;
8740 C[4] ^= i0;
8741 C[5] ^= i1;
8742 C[6] ^= i2;
8743 C[7] ^= i3;
8744
8745 // Iterate the system four times
8746 for (var i = 0; i < 4; i++) {
8747 nextState.call(this);
8748 }
8749 }
8750 },
8751
8752 _doProcessBlock: function (M, offset) {
8753 // Shortcut
8754 var X = this._X;
8755
8756 // Iterate the system
8757 nextState.call(this);
8758
8759 // Generate four keystream words
8760 S[0] = X[0] ^ (X[5] >>> 16) ^ (X[3] << 16);
8761 S[1] = X[2] ^ (X[7] >>> 16) ^ (X[5] << 16);
8762 S[2] = X[4] ^ (X[1] >>> 16) ^ (X[7] << 16);
8763 S[3] = X[6] ^ (X[3] >>> 16) ^ (X[1] << 16);
8764
8765 for (var i = 0; i < 4; i++) {
8766 // Swap endian
8767 S[i] = (((S[i] << 8) | (S[i] >>> 24)) & 0x00ff00ff) |
8768 (((S[i] << 24) | (S[i] >>> 8)) & 0xff00ff00);
8769
8770 // Encrypt
8771 M[offset + i] ^= S[i];
8772 }
8773 },
8774
8775 blockSize: 128/32,
8776
8777 ivSize: 64/32
8778 });
8779
8780 function nextState() {
8781 // Shortcuts
8782 var X = this._X;
8783 var C = this._C;
8784
8785 // Save old counter values
8786 for (var i = 0; i < 8; i++) {
8787 C_[i] = C[i];
8788 }
8789
8790 // Calculate new counter values
8791 C[0] = (C[0] + 0x4d34d34d + this._b) | 0;
8792 C[1] = (C[1] + 0xd34d34d3 + ((C[0] >>> 0) < (C_[0] >>> 0) ? 1 : 0)) | 0;
8793 C[2] = (C[2] + 0x34d34d34 + ((C[1] >>> 0) < (C_[1] >>> 0) ? 1 : 0)) | 0;
8794 C[3] = (C[3] + 0x4d34d34d + ((C[2] >>> 0) < (C_[2] >>> 0) ? 1 : 0)) | 0;
8795 C[4] = (C[4] + 0xd34d34d3 + ((C[3] >>> 0) < (C_[3] >>> 0) ? 1 : 0)) | 0;
8796 C[5] = (C[5] + 0x34d34d34 + ((C[4] >>> 0) < (C_[4] >>> 0) ? 1 : 0)) | 0;
8797 C[6] = (C[6] + 0x4d34d34d + ((C[5] >>> 0) < (C_[5] >>> 0) ? 1 : 0)) | 0;
8798 C[7] = (C[7] + 0xd34d34d3 + ((C[6] >>> 0) < (C_[6] >>> 0) ? 1 : 0)) | 0;
8799 this._b = (C[7] >>> 0) < (C_[7] >>> 0) ? 1 : 0;
8800
8801 // Calculate the g-values
8802 for (var i = 0; i < 8; i++) {
8803 var gx = X[i] + C[i];
8804
8805 // Construct high and low argument for squaring
8806 var ga = gx & 0xffff;
8807 var gb = gx >>> 16;
8808
8809 // Calculate high and low result of squaring
8810 var gh = ((((ga * ga) >>> 17) + ga * gb) >>> 15) + gb * gb;
8811 var gl = (((gx & 0xffff0000) * gx) | 0) + (((gx & 0x0000ffff) * gx) | 0);
8812
8813 // High XOR low
8814 G[i] = gh ^ gl;
8815 }
8816
8817 // Calculate new state values
8818 X[0] = (G[0] + ((G[7] << 16) | (G[7] >>> 16)) + ((G[6] << 16) | (G[6] >>> 16))) | 0;
8819 X[1] = (G[1] + ((G[0] << 8) | (G[0] >>> 24)) + G[7]) | 0;
8820 X[2] = (G[2] + ((G[1] << 16) | (G[1] >>> 16)) + ((G[0] << 16) | (G[0] >>> 16))) | 0;
8821 X[3] = (G[3] + ((G[2] << 8) | (G[2] >>> 24)) + G[1]) | 0;
8822 X[4] = (G[4] + ((G[3] << 16) | (G[3] >>> 16)) + ((G[2] << 16) | (G[2] >>> 16))) | 0;
8823 X[5] = (G[5] + ((G[4] << 8) | (G[4] >>> 24)) + G[3]) | 0;
8824 X[6] = (G[6] + ((G[5] << 16) | (G[5] >>> 16)) + ((G[4] << 16) | (G[4] >>> 16))) | 0;
8825 X[7] = (G[7] + ((G[6] << 8) | (G[6] >>> 24)) + G[5]) | 0;
8826 }
8827
8828 /**
8829 * Shortcut functions to the cipher's object interface.
8830 *
8831 * @example
8832 *
8833 * var ciphertext = CryptoJS.Rabbit.encrypt(message, key, cfg);
8834 * var plaintext = CryptoJS.Rabbit.decrypt(ciphertext, key, cfg);
8835 */
8836 C.Rabbit = StreamCipher._createHelper(Rabbit);
8837 }());
8838
8839
8840 return CryptoJS.Rabbit;
8841
8842}));
8843},{"./cipher-core":30,"./core":31,"./enc-base64":32,"./evpkdf":34,"./md5":39}],53:[function(_dereq_,module,exports){
8844;(function (root, factory, undef) {
8845 if (typeof exports === "object") {
8846 // CommonJS
8847 module.exports = exports = factory(_dereq_("./core"), _dereq_("./enc-base64"), _dereq_("./md5"), _dereq_("./evpkdf"), _dereq_("./cipher-core"));
8848 }
8849 else if (typeof define === "function" && define.amd) {
8850 // AMD
8851 define(["./core", "./enc-base64", "./md5", "./evpkdf", "./cipher-core"], factory);
8852 }
8853 else {
8854 // Global (browser)
8855 factory(root.CryptoJS);
8856 }
8857}(this, function (CryptoJS) {
8858
8859 (function () {
8860 // Shortcuts
8861 var C = CryptoJS;
8862 var C_lib = C.lib;
8863 var StreamCipher = C_lib.StreamCipher;
8864 var C_algo = C.algo;
8865
8866 /**
8867 * RC4 stream cipher algorithm.
8868 */
8869 var RC4 = C_algo.RC4 = StreamCipher.extend({
8870 _doReset: function () {
8871 // Shortcuts
8872 var key = this._key;
8873 var keyWords = key.words;
8874 var keySigBytes = key.sigBytes;
8875
8876 // Init sbox
8877 var S = this._S = [];
8878 for (var i = 0; i < 256; i++) {
8879 S[i] = i;
8880 }
8881
8882 // Key setup
8883 for (var i = 0, j = 0; i < 256; i++) {
8884 var keyByteIndex = i % keySigBytes;
8885 var keyByte = (keyWords[keyByteIndex >>> 2] >>> (24 - (keyByteIndex % 4) * 8)) & 0xff;
8886
8887 j = (j + S[i] + keyByte) % 256;
8888
8889 // Swap
8890 var t = S[i];
8891 S[i] = S[j];
8892 S[j] = t;
8893 }
8894
8895 // Counters
8896 this._i = this._j = 0;
8897 },
8898
8899 _doProcessBlock: function (M, offset) {
8900 M[offset] ^= generateKeystreamWord.call(this);
8901 },
8902
8903 keySize: 256/32,
8904
8905 ivSize: 0
8906 });
8907
8908 function generateKeystreamWord() {
8909 // Shortcuts
8910 var S = this._S;
8911 var i = this._i;
8912 var j = this._j;
8913
8914 // Generate keystream word
8915 var keystreamWord = 0;
8916 for (var n = 0; n < 4; n++) {
8917 i = (i + 1) % 256;
8918 j = (j + S[i]) % 256;
8919
8920 // Swap
8921 var t = S[i];
8922 S[i] = S[j];
8923 S[j] = t;
8924
8925 keystreamWord |= S[(S[i] + S[j]) % 256] << (24 - n * 8);
8926 }
8927
8928 // Update counters
8929 this._i = i;
8930 this._j = j;
8931
8932 return keystreamWord;
8933 }
8934
8935 /**
8936 * Shortcut functions to the cipher's object interface.
8937 *
8938 * @example
8939 *
8940 * var ciphertext = CryptoJS.RC4.encrypt(message, key, cfg);
8941 * var plaintext = CryptoJS.RC4.decrypt(ciphertext, key, cfg);
8942 */
8943 C.RC4 = StreamCipher._createHelper(RC4);
8944
8945 /**
8946 * Modified RC4 stream cipher algorithm.
8947 */
8948 var RC4Drop = C_algo.RC4Drop = RC4.extend({
8949 /**
8950 * Configuration options.
8951 *
8952 * @property {number} drop The number of keystream words to drop. Default 192
8953 */
8954 cfg: RC4.cfg.extend({
8955 drop: 192
8956 }),
8957
8958 _doReset: function () {
8959 RC4._doReset.call(this);
8960
8961 // Drop
8962 for (var i = this.cfg.drop; i > 0; i--) {
8963 generateKeystreamWord.call(this);
8964 }
8965 }
8966 });
8967
8968 /**
8969 * Shortcut functions to the cipher's object interface.
8970 *
8971 * @example
8972 *
8973 * var ciphertext = CryptoJS.RC4Drop.encrypt(message, key, cfg);
8974 * var plaintext = CryptoJS.RC4Drop.decrypt(ciphertext, key, cfg);
8975 */
8976 C.RC4Drop = StreamCipher._createHelper(RC4Drop);
8977 }());
8978
8979
8980 return CryptoJS.RC4;
8981
8982}));
8983},{"./cipher-core":30,"./core":31,"./enc-base64":32,"./evpkdf":34,"./md5":39}],54:[function(_dereq_,module,exports){
8984;(function (root, factory) {
8985 if (typeof exports === "object") {
8986 // CommonJS
8987 module.exports = exports = factory(_dereq_("./core"));
8988 }
8989 else if (typeof define === "function" && define.amd) {
8990 // AMD
8991 define(["./core"], factory);
8992 }
8993 else {
8994 // Global (browser)
8995 factory(root.CryptoJS);
8996 }
8997}(this, function (CryptoJS) {
8998
8999 /** @preserve
9000 (c) 2012 by Cédric Mesnil. All rights reserved.
9001
9002 Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
9003
9004 - Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
9005 - Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
9006
9007 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
9008 */
9009
9010 (function (Math) {
9011 // Shortcuts
9012 var C = CryptoJS;
9013 var C_lib = C.lib;
9014 var WordArray = C_lib.WordArray;
9015 var Hasher = C_lib.Hasher;
9016 var C_algo = C.algo;
9017
9018 // Constants table
9019 var _zl = WordArray.create([
9020 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
9021 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8,
9022 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12,
9023 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2,
9024 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13]);
9025 var _zr = WordArray.create([
9026 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12,
9027 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2,
9028 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13,
9029 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14,
9030 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11]);
9031 var _sl = WordArray.create([
9032 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8,
9033 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12,
9034 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5,
9035 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12,
9036 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6 ]);
9037 var _sr = WordArray.create([
9038 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6,
9039 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11,
9040 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5,
9041 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8,
9042 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11 ]);
9043
9044 var _hl = WordArray.create([ 0x00000000, 0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xA953FD4E]);
9045 var _hr = WordArray.create([ 0x50A28BE6, 0x5C4DD124, 0x6D703EF3, 0x7A6D76E9, 0x00000000]);
9046
9047 /**
9048 * RIPEMD160 hash algorithm.
9049 */
9050 var RIPEMD160 = C_algo.RIPEMD160 = Hasher.extend({
9051 _doReset: function () {
9052 this._hash = WordArray.create([0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0]);
9053 },
9054
9055 _doProcessBlock: function (M, offset) {
9056
9057 // Swap endian
9058 for (var i = 0; i < 16; i++) {
9059 // Shortcuts
9060 var offset_i = offset + i;
9061 var M_offset_i = M[offset_i];
9062
9063 // Swap
9064 M[offset_i] = (
9065 (((M_offset_i << 8) | (M_offset_i >>> 24)) & 0x00ff00ff) |
9066 (((M_offset_i << 24) | (M_offset_i >>> 8)) & 0xff00ff00)
9067 );
9068 }
9069 // Shortcut
9070 var H = this._hash.words;
9071 var hl = _hl.words;
9072 var hr = _hr.words;
9073 var zl = _zl.words;
9074 var zr = _zr.words;
9075 var sl = _sl.words;
9076 var sr = _sr.words;
9077
9078 // Working variables
9079 var al, bl, cl, dl, el;
9080 var ar, br, cr, dr, er;
9081
9082 ar = al = H[0];
9083 br = bl = H[1];
9084 cr = cl = H[2];
9085 dr = dl = H[3];
9086 er = el = H[4];
9087 // Computation
9088 var t;
9089 for (var i = 0; i < 80; i += 1) {
9090 t = (al + M[offset+zl[i]])|0;
9091 if (i<16){
9092 t += f1(bl,cl,dl) + hl[0];
9093 } else if (i<32) {
9094 t += f2(bl,cl,dl) + hl[1];
9095 } else if (i<48) {
9096 t += f3(bl,cl,dl) + hl[2];
9097 } else if (i<64) {
9098 t += f4(bl,cl,dl) + hl[3];
9099 } else {// if (i<80) {
9100 t += f5(bl,cl,dl) + hl[4];
9101 }
9102 t = t|0;
9103 t = rotl(t,sl[i]);
9104 t = (t+el)|0;
9105 al = el;
9106 el = dl;
9107 dl = rotl(cl, 10);
9108 cl = bl;
9109 bl = t;
9110
9111 t = (ar + M[offset+zr[i]])|0;
9112 if (i<16){
9113 t += f5(br,cr,dr) + hr[0];
9114 } else if (i<32) {
9115 t += f4(br,cr,dr) + hr[1];
9116 } else if (i<48) {
9117 t += f3(br,cr,dr) + hr[2];
9118 } else if (i<64) {
9119 t += f2(br,cr,dr) + hr[3];
9120 } else {// if (i<80) {
9121 t += f1(br,cr,dr) + hr[4];
9122 }
9123 t = t|0;
9124 t = rotl(t,sr[i]) ;
9125 t = (t+er)|0;
9126 ar = er;
9127 er = dr;
9128 dr = rotl(cr, 10);
9129 cr = br;
9130 br = t;
9131 }
9132 // Intermediate hash value
9133 t = (H[1] + cl + dr)|0;
9134 H[1] = (H[2] + dl + er)|0;
9135 H[2] = (H[3] + el + ar)|0;
9136 H[3] = (H[4] + al + br)|0;
9137 H[4] = (H[0] + bl + cr)|0;
9138 H[0] = t;
9139 },
9140
9141 _doFinalize: function () {
9142 // Shortcuts
9143 var data = this._data;
9144 var dataWords = data.words;
9145
9146 var nBitsTotal = this._nDataBytes * 8;
9147 var nBitsLeft = data.sigBytes * 8;
9148
9149 // Add padding
9150 dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
9151 dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 14] = (
9152 (((nBitsTotal << 8) | (nBitsTotal >>> 24)) & 0x00ff00ff) |
9153 (((nBitsTotal << 24) | (nBitsTotal >>> 8)) & 0xff00ff00)
9154 );
9155 data.sigBytes = (dataWords.length + 1) * 4;
9156
9157 // Hash final blocks
9158 this._process();
9159
9160 // Shortcuts
9161 var hash = this._hash;
9162 var H = hash.words;
9163
9164 // Swap endian
9165 for (var i = 0; i < 5; i++) {
9166 // Shortcut
9167 var H_i = H[i];
9168
9169 // Swap
9170 H[i] = (((H_i << 8) | (H_i >>> 24)) & 0x00ff00ff) |
9171 (((H_i << 24) | (H_i >>> 8)) & 0xff00ff00);
9172 }
9173
9174 // Return final computed hash
9175 return hash;
9176 },
9177
9178 clone: function () {
9179 var clone = Hasher.clone.call(this);
9180 clone._hash = this._hash.clone();
9181
9182 return clone;
9183 }
9184 });
9185
9186
9187 function f1(x, y, z) {
9188 return ((x) ^ (y) ^ (z));
9189
9190 }
9191
9192 function f2(x, y, z) {
9193 return (((x)&(y)) | ((~x)&(z)));
9194 }
9195
9196 function f3(x, y, z) {
9197 return (((x) | (~(y))) ^ (z));
9198 }
9199
9200 function f4(x, y, z) {
9201 return (((x) & (z)) | ((y)&(~(z))));
9202 }
9203
9204 function f5(x, y, z) {
9205 return ((x) ^ ((y) |(~(z))));
9206
9207 }
9208
9209 function rotl(x,n) {
9210 return (x<<n) | (x>>>(32-n));
9211 }
9212
9213
9214 /**
9215 * Shortcut function to the hasher's object interface.
9216 *
9217 * @param {WordArray|string} message The message to hash.
9218 *
9219 * @return {WordArray} The hash.
9220 *
9221 * @static
9222 *
9223 * @example
9224 *
9225 * var hash = CryptoJS.RIPEMD160('message');
9226 * var hash = CryptoJS.RIPEMD160(wordArray);
9227 */
9228 C.RIPEMD160 = Hasher._createHelper(RIPEMD160);
9229
9230 /**
9231 * Shortcut function to the HMAC's object interface.
9232 *
9233 * @param {WordArray|string} message The message to hash.
9234 * @param {WordArray|string} key The secret key.
9235 *
9236 * @return {WordArray} The HMAC.
9237 *
9238 * @static
9239 *
9240 * @example
9241 *
9242 * var hmac = CryptoJS.HmacRIPEMD160(message, key);
9243 */
9244 C.HmacRIPEMD160 = Hasher._createHmacHelper(RIPEMD160);
9245 }(Math));
9246
9247
9248 return CryptoJS.RIPEMD160;
9249
9250}));
9251},{"./core":31}],55:[function(_dereq_,module,exports){
9252;(function (root, factory) {
9253 if (typeof exports === "object") {
9254 // CommonJS
9255 module.exports = exports = factory(_dereq_("./core"));
9256 }
9257 else if (typeof define === "function" && define.amd) {
9258 // AMD
9259 define(["./core"], factory);
9260 }
9261 else {
9262 // Global (browser)
9263 factory(root.CryptoJS);
9264 }
9265}(this, function (CryptoJS) {
9266
9267 (function () {
9268 // Shortcuts
9269 var C = CryptoJS;
9270 var C_lib = C.lib;
9271 var WordArray = C_lib.WordArray;
9272 var Hasher = C_lib.Hasher;
9273 var C_algo = C.algo;
9274
9275 // Reusable object
9276 var W = [];
9277
9278 /**
9279 * SHA-1 hash algorithm.
9280 */
9281 var SHA1 = C_algo.SHA1 = Hasher.extend({
9282 _doReset: function () {
9283 this._hash = new WordArray.init([
9284 0x67452301, 0xefcdab89,
9285 0x98badcfe, 0x10325476,
9286 0xc3d2e1f0
9287 ]);
9288 },
9289
9290 _doProcessBlock: function (M, offset) {
9291 // Shortcut
9292 var H = this._hash.words;
9293
9294 // Working variables
9295 var a = H[0];
9296 var b = H[1];
9297 var c = H[2];
9298 var d = H[3];
9299 var e = H[4];
9300
9301 // Computation
9302 for (var i = 0; i < 80; i++) {
9303 if (i < 16) {
9304 W[i] = M[offset + i] | 0;
9305 } else {
9306 var n = W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16];
9307 W[i] = (n << 1) | (n >>> 31);
9308 }
9309
9310 var t = ((a << 5) | (a >>> 27)) + e + W[i];
9311 if (i < 20) {
9312 t += ((b & c) | (~b & d)) + 0x5a827999;
9313 } else if (i < 40) {
9314 t += (b ^ c ^ d) + 0x6ed9eba1;
9315 } else if (i < 60) {
9316 t += ((b & c) | (b & d) | (c & d)) - 0x70e44324;
9317 } else /* if (i < 80) */ {
9318 t += (b ^ c ^ d) - 0x359d3e2a;
9319 }
9320
9321 e = d;
9322 d = c;
9323 c = (b << 30) | (b >>> 2);
9324 b = a;
9325 a = t;
9326 }
9327
9328 // Intermediate hash value
9329 H[0] = (H[0] + a) | 0;
9330 H[1] = (H[1] + b) | 0;
9331 H[2] = (H[2] + c) | 0;
9332 H[3] = (H[3] + d) | 0;
9333 H[4] = (H[4] + e) | 0;
9334 },
9335
9336 _doFinalize: function () {
9337 // Shortcuts
9338 var data = this._data;
9339 var dataWords = data.words;
9340
9341 var nBitsTotal = this._nDataBytes * 8;
9342 var nBitsLeft = data.sigBytes * 8;
9343
9344 // Add padding
9345 dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
9346 dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 14] = Math.floor(nBitsTotal / 0x100000000);
9347 dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 15] = nBitsTotal;
9348 data.sigBytes = dataWords.length * 4;
9349
9350 // Hash final blocks
9351 this._process();
9352
9353 // Return final computed hash
9354 return this._hash;
9355 },
9356
9357 clone: function () {
9358 var clone = Hasher.clone.call(this);
9359 clone._hash = this._hash.clone();
9360
9361 return clone;
9362 }
9363 });
9364
9365 /**
9366 * Shortcut function to the hasher's object interface.
9367 *
9368 * @param {WordArray|string} message The message to hash.
9369 *
9370 * @return {WordArray} The hash.
9371 *
9372 * @static
9373 *
9374 * @example
9375 *
9376 * var hash = CryptoJS.SHA1('message');
9377 * var hash = CryptoJS.SHA1(wordArray);
9378 */
9379 C.SHA1 = Hasher._createHelper(SHA1);
9380
9381 /**
9382 * Shortcut function to the HMAC's object interface.
9383 *
9384 * @param {WordArray|string} message The message to hash.
9385 * @param {WordArray|string} key The secret key.
9386 *
9387 * @return {WordArray} The HMAC.
9388 *
9389 * @static
9390 *
9391 * @example
9392 *
9393 * var hmac = CryptoJS.HmacSHA1(message, key);
9394 */
9395 C.HmacSHA1 = Hasher._createHmacHelper(SHA1);
9396 }());
9397
9398
9399 return CryptoJS.SHA1;
9400
9401}));
9402},{"./core":31}],56:[function(_dereq_,module,exports){
9403;(function (root, factory, undef) {
9404 if (typeof exports === "object") {
9405 // CommonJS
9406 module.exports = exports = factory(_dereq_("./core"), _dereq_("./sha256"));
9407 }
9408 else if (typeof define === "function" && define.amd) {
9409 // AMD
9410 define(["./core", "./sha256"], factory);
9411 }
9412 else {
9413 // Global (browser)
9414 factory(root.CryptoJS);
9415 }
9416}(this, function (CryptoJS) {
9417
9418 (function () {
9419 // Shortcuts
9420 var C = CryptoJS;
9421 var C_lib = C.lib;
9422 var WordArray = C_lib.WordArray;
9423 var C_algo = C.algo;
9424 var SHA256 = C_algo.SHA256;
9425
9426 /**
9427 * SHA-224 hash algorithm.
9428 */
9429 var SHA224 = C_algo.SHA224 = SHA256.extend({
9430 _doReset: function () {
9431 this._hash = new WordArray.init([
9432 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,
9433 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4
9434 ]);
9435 },
9436
9437 _doFinalize: function () {
9438 var hash = SHA256._doFinalize.call(this);
9439
9440 hash.sigBytes -= 4;
9441
9442 return hash;
9443 }
9444 });
9445
9446 /**
9447 * Shortcut function to the hasher's object interface.
9448 *
9449 * @param {WordArray|string} message The message to hash.
9450 *
9451 * @return {WordArray} The hash.
9452 *
9453 * @static
9454 *
9455 * @example
9456 *
9457 * var hash = CryptoJS.SHA224('message');
9458 * var hash = CryptoJS.SHA224(wordArray);
9459 */
9460 C.SHA224 = SHA256._createHelper(SHA224);
9461
9462 /**
9463 * Shortcut function to the HMAC's object interface.
9464 *
9465 * @param {WordArray|string} message The message to hash.
9466 * @param {WordArray|string} key The secret key.
9467 *
9468 * @return {WordArray} The HMAC.
9469 *
9470 * @static
9471 *
9472 * @example
9473 *
9474 * var hmac = CryptoJS.HmacSHA224(message, key);
9475 */
9476 C.HmacSHA224 = SHA256._createHmacHelper(SHA224);
9477 }());
9478
9479
9480 return CryptoJS.SHA224;
9481
9482}));
9483},{"./core":31,"./sha256":57}],57:[function(_dereq_,module,exports){
9484;(function (root, factory) {
9485 if (typeof exports === "object") {
9486 // CommonJS
9487 module.exports = exports = factory(_dereq_("./core"));
9488 }
9489 else if (typeof define === "function" && define.amd) {
9490 // AMD
9491 define(["./core"], factory);
9492 }
9493 else {
9494 // Global (browser)
9495 factory(root.CryptoJS);
9496 }
9497}(this, function (CryptoJS) {
9498
9499 (function (Math) {
9500 // Shortcuts
9501 var C = CryptoJS;
9502 var C_lib = C.lib;
9503 var WordArray = C_lib.WordArray;
9504 var Hasher = C_lib.Hasher;
9505 var C_algo = C.algo;
9506
9507 // Initialization and round constants tables
9508 var H = [];
9509 var K = [];
9510
9511 // Compute constants
9512 (function () {
9513 function isPrime(n) {
9514 var sqrtN = Math.sqrt(n);
9515 for (var factor = 2; factor <= sqrtN; factor++) {
9516 if (!(n % factor)) {
9517 return false;
9518 }
9519 }
9520
9521 return true;
9522 }
9523
9524 function getFractionalBits(n) {
9525 return ((n - (n | 0)) * 0x100000000) | 0;
9526 }
9527
9528 var n = 2;
9529 var nPrime = 0;
9530 while (nPrime < 64) {
9531 if (isPrime(n)) {
9532 if (nPrime < 8) {
9533 H[nPrime] = getFractionalBits(Math.pow(n, 1 / 2));
9534 }
9535 K[nPrime] = getFractionalBits(Math.pow(n, 1 / 3));
9536
9537 nPrime++;
9538 }
9539
9540 n++;
9541 }
9542 }());
9543
9544 // Reusable object
9545 var W = [];
9546
9547 /**
9548 * SHA-256 hash algorithm.
9549 */
9550 var SHA256 = C_algo.SHA256 = Hasher.extend({
9551 _doReset: function () {
9552 this._hash = new WordArray.init(H.slice(0));
9553 },
9554
9555 _doProcessBlock: function (M, offset) {
9556 // Shortcut
9557 var H = this._hash.words;
9558
9559 // Working variables
9560 var a = H[0];
9561 var b = H[1];
9562 var c = H[2];
9563 var d = H[3];
9564 var e = H[4];
9565 var f = H[5];
9566 var g = H[6];
9567 var h = H[7];
9568
9569 // Computation
9570 for (var i = 0; i < 64; i++) {
9571 if (i < 16) {
9572 W[i] = M[offset + i] | 0;
9573 } else {
9574 var gamma0x = W[i - 15];
9575 var gamma0 = ((gamma0x << 25) | (gamma0x >>> 7)) ^
9576 ((gamma0x << 14) | (gamma0x >>> 18)) ^
9577 (gamma0x >>> 3);
9578
9579 var gamma1x = W[i - 2];
9580 var gamma1 = ((gamma1x << 15) | (gamma1x >>> 17)) ^
9581 ((gamma1x << 13) | (gamma1x >>> 19)) ^
9582 (gamma1x >>> 10);
9583
9584 W[i] = gamma0 + W[i - 7] + gamma1 + W[i - 16];
9585 }
9586
9587 var ch = (e & f) ^ (~e & g);
9588 var maj = (a & b) ^ (a & c) ^ (b & c);
9589
9590 var sigma0 = ((a << 30) | (a >>> 2)) ^ ((a << 19) | (a >>> 13)) ^ ((a << 10) | (a >>> 22));
9591 var sigma1 = ((e << 26) | (e >>> 6)) ^ ((e << 21) | (e >>> 11)) ^ ((e << 7) | (e >>> 25));
9592
9593 var t1 = h + sigma1 + ch + K[i] + W[i];
9594 var t2 = sigma0 + maj;
9595
9596 h = g;
9597 g = f;
9598 f = e;
9599 e = (d + t1) | 0;
9600 d = c;
9601 c = b;
9602 b = a;
9603 a = (t1 + t2) | 0;
9604 }
9605
9606 // Intermediate hash value
9607 H[0] = (H[0] + a) | 0;
9608 H[1] = (H[1] + b) | 0;
9609 H[2] = (H[2] + c) | 0;
9610 H[3] = (H[3] + d) | 0;
9611 H[4] = (H[4] + e) | 0;
9612 H[5] = (H[5] + f) | 0;
9613 H[6] = (H[6] + g) | 0;
9614 H[7] = (H[7] + h) | 0;
9615 },
9616
9617 _doFinalize: function () {
9618 // Shortcuts
9619 var data = this._data;
9620 var dataWords = data.words;
9621
9622 var nBitsTotal = this._nDataBytes * 8;
9623 var nBitsLeft = data.sigBytes * 8;
9624
9625 // Add padding
9626 dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
9627 dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 14] = Math.floor(nBitsTotal / 0x100000000);
9628 dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 15] = nBitsTotal;
9629 data.sigBytes = dataWords.length * 4;
9630
9631 // Hash final blocks
9632 this._process();
9633
9634 // Return final computed hash
9635 return this._hash;
9636 },
9637
9638 clone: function () {
9639 var clone = Hasher.clone.call(this);
9640 clone._hash = this._hash.clone();
9641
9642 return clone;
9643 }
9644 });
9645
9646 /**
9647 * Shortcut function to the hasher's object interface.
9648 *
9649 * @param {WordArray|string} message The message to hash.
9650 *
9651 * @return {WordArray} The hash.
9652 *
9653 * @static
9654 *
9655 * @example
9656 *
9657 * var hash = CryptoJS.SHA256('message');
9658 * var hash = CryptoJS.SHA256(wordArray);
9659 */
9660 C.SHA256 = Hasher._createHelper(SHA256);
9661
9662 /**
9663 * Shortcut function to the HMAC's object interface.
9664 *
9665 * @param {WordArray|string} message The message to hash.
9666 * @param {WordArray|string} key The secret key.
9667 *
9668 * @return {WordArray} The HMAC.
9669 *
9670 * @static
9671 *
9672 * @example
9673 *
9674 * var hmac = CryptoJS.HmacSHA256(message, key);
9675 */
9676 C.HmacSHA256 = Hasher._createHmacHelper(SHA256);
9677 }(Math));
9678
9679
9680 return CryptoJS.SHA256;
9681
9682}));
9683},{"./core":31}],58:[function(_dereq_,module,exports){
9684;(function (root, factory, undef) {
9685 if (typeof exports === "object") {
9686 // CommonJS
9687 module.exports = exports = factory(_dereq_("./core"), _dereq_("./x64-core"));
9688 }
9689 else if (typeof define === "function" && define.amd) {
9690 // AMD
9691 define(["./core", "./x64-core"], factory);
9692 }
9693 else {
9694 // Global (browser)
9695 factory(root.CryptoJS);
9696 }
9697}(this, function (CryptoJS) {
9698
9699 (function (Math) {
9700 // Shortcuts
9701 var C = CryptoJS;
9702 var C_lib = C.lib;
9703 var WordArray = C_lib.WordArray;
9704 var Hasher = C_lib.Hasher;
9705 var C_x64 = C.x64;
9706 var X64Word = C_x64.Word;
9707 var C_algo = C.algo;
9708
9709 // Constants tables
9710 var RHO_OFFSETS = [];
9711 var PI_INDEXES = [];
9712 var ROUND_CONSTANTS = [];
9713
9714 // Compute Constants
9715 (function () {
9716 // Compute rho offset constants
9717 var x = 1, y = 0;
9718 for (var t = 0; t < 24; t++) {
9719 RHO_OFFSETS[x + 5 * y] = ((t + 1) * (t + 2) / 2) % 64;
9720
9721 var newX = y % 5;
9722 var newY = (2 * x + 3 * y) % 5;
9723 x = newX;
9724 y = newY;
9725 }
9726
9727 // Compute pi index constants
9728 for (var x = 0; x < 5; x++) {
9729 for (var y = 0; y < 5; y++) {
9730 PI_INDEXES[x + 5 * y] = y + ((2 * x + 3 * y) % 5) * 5;
9731 }
9732 }
9733
9734 // Compute round constants
9735 var LFSR = 0x01;
9736 for (var i = 0; i < 24; i++) {
9737 var roundConstantMsw = 0;
9738 var roundConstantLsw = 0;
9739
9740 for (var j = 0; j < 7; j++) {
9741 if (LFSR & 0x01) {
9742 var bitPosition = (1 << j) - 1;
9743 if (bitPosition < 32) {
9744 roundConstantLsw ^= 1 << bitPosition;
9745 } else /* if (bitPosition >= 32) */ {
9746 roundConstantMsw ^= 1 << (bitPosition - 32);
9747 }
9748 }
9749
9750 // Compute next LFSR
9751 if (LFSR & 0x80) {
9752 // Primitive polynomial over GF(2): x^8 + x^6 + x^5 + x^4 + 1
9753 LFSR = (LFSR << 1) ^ 0x71;
9754 } else {
9755 LFSR <<= 1;
9756 }
9757 }
9758
9759 ROUND_CONSTANTS[i] = X64Word.create(roundConstantMsw, roundConstantLsw);
9760 }
9761 }());
9762
9763 // Reusable objects for temporary values
9764 var T = [];
9765 (function () {
9766 for (var i = 0; i < 25; i++) {
9767 T[i] = X64Word.create();
9768 }
9769 }());
9770
9771 /**
9772 * SHA-3 hash algorithm.
9773 */
9774 var SHA3 = C_algo.SHA3 = Hasher.extend({
9775 /**
9776 * Configuration options.
9777 *
9778 * @property {number} outputLength
9779 * The desired number of bits in the output hash.
9780 * Only values permitted are: 224, 256, 384, 512.
9781 * Default: 512
9782 */
9783 cfg: Hasher.cfg.extend({
9784 outputLength: 512
9785 }),
9786
9787 _doReset: function () {
9788 var state = this._state = []
9789 for (var i = 0; i < 25; i++) {
9790 state[i] = new X64Word.init();
9791 }
9792
9793 this.blockSize = (1600 - 2 * this.cfg.outputLength) / 32;
9794 },
9795
9796 _doProcessBlock: function (M, offset) {
9797 // Shortcuts
9798 var state = this._state;
9799 var nBlockSizeLanes = this.blockSize / 2;
9800
9801 // Absorb
9802 for (var i = 0; i < nBlockSizeLanes; i++) {
9803 // Shortcuts
9804 var M2i = M[offset + 2 * i];
9805 var M2i1 = M[offset + 2 * i + 1];
9806
9807 // Swap endian
9808 M2i = (
9809 (((M2i << 8) | (M2i >>> 24)) & 0x00ff00ff) |
9810 (((M2i << 24) | (M2i >>> 8)) & 0xff00ff00)
9811 );
9812 M2i1 = (
9813 (((M2i1 << 8) | (M2i1 >>> 24)) & 0x00ff00ff) |
9814 (((M2i1 << 24) | (M2i1 >>> 8)) & 0xff00ff00)
9815 );
9816
9817 // Absorb message into state
9818 var lane = state[i];
9819 lane.high ^= M2i1;
9820 lane.low ^= M2i;
9821 }
9822
9823 // Rounds
9824 for (var round = 0; round < 24; round++) {
9825 // Theta
9826 for (var x = 0; x < 5; x++) {
9827 // Mix column lanes
9828 var tMsw = 0, tLsw = 0;
9829 for (var y = 0; y < 5; y++) {
9830 var lane = state[x + 5 * y];
9831 tMsw ^= lane.high;
9832 tLsw ^= lane.low;
9833 }
9834
9835 // Temporary values
9836 var Tx = T[x];
9837 Tx.high = tMsw;
9838 Tx.low = tLsw;
9839 }
9840 for (var x = 0; x < 5; x++) {
9841 // Shortcuts
9842 var Tx4 = T[(x + 4) % 5];
9843 var Tx1 = T[(x + 1) % 5];
9844 var Tx1Msw = Tx1.high;
9845 var Tx1Lsw = Tx1.low;
9846
9847 // Mix surrounding columns
9848 var tMsw = Tx4.high ^ ((Tx1Msw << 1) | (Tx1Lsw >>> 31));
9849 var tLsw = Tx4.low ^ ((Tx1Lsw << 1) | (Tx1Msw >>> 31));
9850 for (var y = 0; y < 5; y++) {
9851 var lane = state[x + 5 * y];
9852 lane.high ^= tMsw;
9853 lane.low ^= tLsw;
9854 }
9855 }
9856
9857 // Rho Pi
9858 for (var laneIndex = 1; laneIndex < 25; laneIndex++) {
9859 // Shortcuts
9860 var lane = state[laneIndex];
9861 var laneMsw = lane.high;
9862 var laneLsw = lane.low;
9863 var rhoOffset = RHO_OFFSETS[laneIndex];
9864
9865 // Rotate lanes
9866 if (rhoOffset < 32) {
9867 var tMsw = (laneMsw << rhoOffset) | (laneLsw >>> (32 - rhoOffset));
9868 var tLsw = (laneLsw << rhoOffset) | (laneMsw >>> (32 - rhoOffset));
9869 } else /* if (rhoOffset >= 32) */ {
9870 var tMsw = (laneLsw << (rhoOffset - 32)) | (laneMsw >>> (64 - rhoOffset));
9871 var tLsw = (laneMsw << (rhoOffset - 32)) | (laneLsw >>> (64 - rhoOffset));
9872 }
9873
9874 // Transpose lanes
9875 var TPiLane = T[PI_INDEXES[laneIndex]];
9876 TPiLane.high = tMsw;
9877 TPiLane.low = tLsw;
9878 }
9879
9880 // Rho pi at x = y = 0
9881 var T0 = T[0];
9882 var state0 = state[0];
9883 T0.high = state0.high;
9884 T0.low = state0.low;
9885
9886 // Chi
9887 for (var x = 0; x < 5; x++) {
9888 for (var y = 0; y < 5; y++) {
9889 // Shortcuts
9890 var laneIndex = x + 5 * y;
9891 var lane = state[laneIndex];
9892 var TLane = T[laneIndex];
9893 var Tx1Lane = T[((x + 1) % 5) + 5 * y];
9894 var Tx2Lane = T[((x + 2) % 5) + 5 * y];
9895
9896 // Mix rows
9897 lane.high = TLane.high ^ (~Tx1Lane.high & Tx2Lane.high);
9898 lane.low = TLane.low ^ (~Tx1Lane.low & Tx2Lane.low);
9899 }
9900 }
9901
9902 // Iota
9903 var lane = state[0];
9904 var roundConstant = ROUND_CONSTANTS[round];
9905 lane.high ^= roundConstant.high;
9906 lane.low ^= roundConstant.low;;
9907 }
9908 },
9909
9910 _doFinalize: function () {
9911 // Shortcuts
9912 var data = this._data;
9913 var dataWords = data.words;
9914 var nBitsTotal = this._nDataBytes * 8;
9915 var nBitsLeft = data.sigBytes * 8;
9916 var blockSizeBits = this.blockSize * 32;
9917
9918 // Add padding
9919 dataWords[nBitsLeft >>> 5] |= 0x1 << (24 - nBitsLeft % 32);
9920 dataWords[((Math.ceil((nBitsLeft + 1) / blockSizeBits) * blockSizeBits) >>> 5) - 1] |= 0x80;
9921 data.sigBytes = dataWords.length * 4;
9922
9923 // Hash final blocks
9924 this._process();
9925
9926 // Shortcuts
9927 var state = this._state;
9928 var outputLengthBytes = this.cfg.outputLength / 8;
9929 var outputLengthLanes = outputLengthBytes / 8;
9930
9931 // Squeeze
9932 var hashWords = [];
9933 for (var i = 0; i < outputLengthLanes; i++) {
9934 // Shortcuts
9935 var lane = state[i];
9936 var laneMsw = lane.high;
9937 var laneLsw = lane.low;
9938
9939 // Swap endian
9940 laneMsw = (
9941 (((laneMsw << 8) | (laneMsw >>> 24)) & 0x00ff00ff) |
9942 (((laneMsw << 24) | (laneMsw >>> 8)) & 0xff00ff00)
9943 );
9944 laneLsw = (
9945 (((laneLsw << 8) | (laneLsw >>> 24)) & 0x00ff00ff) |
9946 (((laneLsw << 24) | (laneLsw >>> 8)) & 0xff00ff00)
9947 );
9948
9949 // Squeeze state to retrieve hash
9950 hashWords.push(laneLsw);
9951 hashWords.push(laneMsw);
9952 }
9953
9954 // Return final computed hash
9955 return new WordArray.init(hashWords, outputLengthBytes);
9956 },
9957
9958 clone: function () {
9959 var clone = Hasher.clone.call(this);
9960
9961 var state = clone._state = this._state.slice(0);
9962 for (var i = 0; i < 25; i++) {
9963 state[i] = state[i].clone();
9964 }
9965
9966 return clone;
9967 }
9968 });
9969
9970 /**
9971 * Shortcut function to the hasher's object interface.
9972 *
9973 * @param {WordArray|string} message The message to hash.
9974 *
9975 * @return {WordArray} The hash.
9976 *
9977 * @static
9978 *
9979 * @example
9980 *
9981 * var hash = CryptoJS.SHA3('message');
9982 * var hash = CryptoJS.SHA3(wordArray);
9983 */
9984 C.SHA3 = Hasher._createHelper(SHA3);
9985
9986 /**
9987 * Shortcut function to the HMAC's object interface.
9988 *
9989 * @param {WordArray|string} message The message to hash.
9990 * @param {WordArray|string} key The secret key.
9991 *
9992 * @return {WordArray} The HMAC.
9993 *
9994 * @static
9995 *
9996 * @example
9997 *
9998 * var hmac = CryptoJS.HmacSHA3(message, key);
9999 */
10000 C.HmacSHA3 = Hasher._createHmacHelper(SHA3);
10001 }(Math));
10002
10003
10004 return CryptoJS.SHA3;
10005
10006}));
10007},{"./core":31,"./x64-core":62}],59:[function(_dereq_,module,exports){
10008;(function (root, factory, undef) {
10009 if (typeof exports === "object") {
10010 // CommonJS
10011 module.exports = exports = factory(_dereq_("./core"), _dereq_("./x64-core"), _dereq_("./sha512"));
10012 }
10013 else if (typeof define === "function" && define.amd) {
10014 // AMD
10015 define(["./core", "./x64-core", "./sha512"], factory);
10016 }
10017 else {
10018 // Global (browser)
10019 factory(root.CryptoJS);
10020 }
10021}(this, function (CryptoJS) {
10022
10023 (function () {
10024 // Shortcuts
10025 var C = CryptoJS;
10026 var C_x64 = C.x64;
10027 var X64Word = C_x64.Word;
10028 var X64WordArray = C_x64.WordArray;
10029 var C_algo = C.algo;
10030 var SHA512 = C_algo.SHA512;
10031
10032 /**
10033 * SHA-384 hash algorithm.
10034 */
10035 var SHA384 = C_algo.SHA384 = SHA512.extend({
10036 _doReset: function () {
10037 this._hash = new X64WordArray.init([
10038 new X64Word.init(0xcbbb9d5d, 0xc1059ed8), new X64Word.init(0x629a292a, 0x367cd507),
10039 new X64Word.init(0x9159015a, 0x3070dd17), new X64Word.init(0x152fecd8, 0xf70e5939),
10040 new X64Word.init(0x67332667, 0xffc00b31), new X64Word.init(0x8eb44a87, 0x68581511),
10041 new X64Word.init(0xdb0c2e0d, 0x64f98fa7), new X64Word.init(0x47b5481d, 0xbefa4fa4)
10042 ]);
10043 },
10044
10045 _doFinalize: function () {
10046 var hash = SHA512._doFinalize.call(this);
10047
10048 hash.sigBytes -= 16;
10049
10050 return hash;
10051 }
10052 });
10053
10054 /**
10055 * Shortcut function to the hasher's object interface.
10056 *
10057 * @param {WordArray|string} message The message to hash.
10058 *
10059 * @return {WordArray} The hash.
10060 *
10061 * @static
10062 *
10063 * @example
10064 *
10065 * var hash = CryptoJS.SHA384('message');
10066 * var hash = CryptoJS.SHA384(wordArray);
10067 */
10068 C.SHA384 = SHA512._createHelper(SHA384);
10069
10070 /**
10071 * Shortcut function to the HMAC's object interface.
10072 *
10073 * @param {WordArray|string} message The message to hash.
10074 * @param {WordArray|string} key The secret key.
10075 *
10076 * @return {WordArray} The HMAC.
10077 *
10078 * @static
10079 *
10080 * @example
10081 *
10082 * var hmac = CryptoJS.HmacSHA384(message, key);
10083 */
10084 C.HmacSHA384 = SHA512._createHmacHelper(SHA384);
10085 }());
10086
10087
10088 return CryptoJS.SHA384;
10089
10090}));
10091},{"./core":31,"./sha512":60,"./x64-core":62}],60:[function(_dereq_,module,exports){
10092;(function (root, factory, undef) {
10093 if (typeof exports === "object") {
10094 // CommonJS
10095 module.exports = exports = factory(_dereq_("./core"), _dereq_("./x64-core"));
10096 }
10097 else if (typeof define === "function" && define.amd) {
10098 // AMD
10099 define(["./core", "./x64-core"], factory);
10100 }
10101 else {
10102 // Global (browser)
10103 factory(root.CryptoJS);
10104 }
10105}(this, function (CryptoJS) {
10106
10107 (function () {
10108 // Shortcuts
10109 var C = CryptoJS;
10110 var C_lib = C.lib;
10111 var Hasher = C_lib.Hasher;
10112 var C_x64 = C.x64;
10113 var X64Word = C_x64.Word;
10114 var X64WordArray = C_x64.WordArray;
10115 var C_algo = C.algo;
10116
10117 function X64Word_create() {
10118 return X64Word.create.apply(X64Word, arguments);
10119 }
10120
10121 // Constants
10122 var K = [
10123 X64Word_create(0x428a2f98, 0xd728ae22), X64Word_create(0x71374491, 0x23ef65cd),
10124 X64Word_create(0xb5c0fbcf, 0xec4d3b2f), X64Word_create(0xe9b5dba5, 0x8189dbbc),
10125 X64Word_create(0x3956c25b, 0xf348b538), X64Word_create(0x59f111f1, 0xb605d019),
10126 X64Word_create(0x923f82a4, 0xaf194f9b), X64Word_create(0xab1c5ed5, 0xda6d8118),
10127 X64Word_create(0xd807aa98, 0xa3030242), X64Word_create(0x12835b01, 0x45706fbe),
10128 X64Word_create(0x243185be, 0x4ee4b28c), X64Word_create(0x550c7dc3, 0xd5ffb4e2),
10129 X64Word_create(0x72be5d74, 0xf27b896f), X64Word_create(0x80deb1fe, 0x3b1696b1),
10130 X64Word_create(0x9bdc06a7, 0x25c71235), X64Word_create(0xc19bf174, 0xcf692694),
10131 X64Word_create(0xe49b69c1, 0x9ef14ad2), X64Word_create(0xefbe4786, 0x384f25e3),
10132 X64Word_create(0x0fc19dc6, 0x8b8cd5b5), X64Word_create(0x240ca1cc, 0x77ac9c65),
10133 X64Word_create(0x2de92c6f, 0x592b0275), X64Word_create(0x4a7484aa, 0x6ea6e483),
10134 X64Word_create(0x5cb0a9dc, 0xbd41fbd4), X64Word_create(0x76f988da, 0x831153b5),
10135 X64Word_create(0x983e5152, 0xee66dfab), X64Word_create(0xa831c66d, 0x2db43210),
10136 X64Word_create(0xb00327c8, 0x98fb213f), X64Word_create(0xbf597fc7, 0xbeef0ee4),
10137 X64Word_create(0xc6e00bf3, 0x3da88fc2), X64Word_create(0xd5a79147, 0x930aa725),
10138 X64Word_create(0x06ca6351, 0xe003826f), X64Word_create(0x14292967, 0x0a0e6e70),
10139 X64Word_create(0x27b70a85, 0x46d22ffc), X64Word_create(0x2e1b2138, 0x5c26c926),
10140 X64Word_create(0x4d2c6dfc, 0x5ac42aed), X64Word_create(0x53380d13, 0x9d95b3df),
10141 X64Word_create(0x650a7354, 0x8baf63de), X64Word_create(0x766a0abb, 0x3c77b2a8),
10142 X64Word_create(0x81c2c92e, 0x47edaee6), X64Word_create(0x92722c85, 0x1482353b),
10143 X64Word_create(0xa2bfe8a1, 0x4cf10364), X64Word_create(0xa81a664b, 0xbc423001),
10144 X64Word_create(0xc24b8b70, 0xd0f89791), X64Word_create(0xc76c51a3, 0x0654be30),
10145 X64Word_create(0xd192e819, 0xd6ef5218), X64Word_create(0xd6990624, 0x5565a910),
10146 X64Word_create(0xf40e3585, 0x5771202a), X64Word_create(0x106aa070, 0x32bbd1b8),
10147 X64Word_create(0x19a4c116, 0xb8d2d0c8), X64Word_create(0x1e376c08, 0x5141ab53),
10148 X64Word_create(0x2748774c, 0xdf8eeb99), X64Word_create(0x34b0bcb5, 0xe19b48a8),
10149 X64Word_create(0x391c0cb3, 0xc5c95a63), X64Word_create(0x4ed8aa4a, 0xe3418acb),
10150 X64Word_create(0x5b9cca4f, 0x7763e373), X64Word_create(0x682e6ff3, 0xd6b2b8a3),
10151 X64Word_create(0x748f82ee, 0x5defb2fc), X64Word_create(0x78a5636f, 0x43172f60),
10152 X64Word_create(0x84c87814, 0xa1f0ab72), X64Word_create(0x8cc70208, 0x1a6439ec),
10153 X64Word_create(0x90befffa, 0x23631e28), X64Word_create(0xa4506ceb, 0xde82bde9),
10154 X64Word_create(0xbef9a3f7, 0xb2c67915), X64Word_create(0xc67178f2, 0xe372532b),
10155 X64Word_create(0xca273ece, 0xea26619c), X64Word_create(0xd186b8c7, 0x21c0c207),
10156 X64Word_create(0xeada7dd6, 0xcde0eb1e), X64Word_create(0xf57d4f7f, 0xee6ed178),
10157 X64Word_create(0x06f067aa, 0x72176fba), X64Word_create(0x0a637dc5, 0xa2c898a6),
10158 X64Word_create(0x113f9804, 0xbef90dae), X64Word_create(0x1b710b35, 0x131c471b),
10159 X64Word_create(0x28db77f5, 0x23047d84), X64Word_create(0x32caab7b, 0x40c72493),
10160 X64Word_create(0x3c9ebe0a, 0x15c9bebc), X64Word_create(0x431d67c4, 0x9c100d4c),
10161 X64Word_create(0x4cc5d4be, 0xcb3e42b6), X64Word_create(0x597f299c, 0xfc657e2a),
10162 X64Word_create(0x5fcb6fab, 0x3ad6faec), X64Word_create(0x6c44198c, 0x4a475817)
10163 ];
10164
10165 // Reusable objects
10166 var W = [];
10167 (function () {
10168 for (var i = 0; i < 80; i++) {
10169 W[i] = X64Word_create();
10170 }
10171 }());
10172
10173 /**
10174 * SHA-512 hash algorithm.
10175 */
10176 var SHA512 = C_algo.SHA512 = Hasher.extend({
10177 _doReset: function () {
10178 this._hash = new X64WordArray.init([
10179 new X64Word.init(0x6a09e667, 0xf3bcc908), new X64Word.init(0xbb67ae85, 0x84caa73b),
10180 new X64Word.init(0x3c6ef372, 0xfe94f82b), new X64Word.init(0xa54ff53a, 0x5f1d36f1),
10181 new X64Word.init(0x510e527f, 0xade682d1), new X64Word.init(0x9b05688c, 0x2b3e6c1f),
10182 new X64Word.init(0x1f83d9ab, 0xfb41bd6b), new X64Word.init(0x5be0cd19, 0x137e2179)
10183 ]);
10184 },
10185
10186 _doProcessBlock: function (M, offset) {
10187 // Shortcuts
10188 var H = this._hash.words;
10189
10190 var H0 = H[0];
10191 var H1 = H[1];
10192 var H2 = H[2];
10193 var H3 = H[3];
10194 var H4 = H[4];
10195 var H5 = H[5];
10196 var H6 = H[6];
10197 var H7 = H[7];
10198
10199 var H0h = H0.high;
10200 var H0l = H0.low;
10201 var H1h = H1.high;
10202 var H1l = H1.low;
10203 var H2h = H2.high;
10204 var H2l = H2.low;
10205 var H3h = H3.high;
10206 var H3l = H3.low;
10207 var H4h = H4.high;
10208 var H4l = H4.low;
10209 var H5h = H5.high;
10210 var H5l = H5.low;
10211 var H6h = H6.high;
10212 var H6l = H6.low;
10213 var H7h = H7.high;
10214 var H7l = H7.low;
10215
10216 // Working variables
10217 var ah = H0h;
10218 var al = H0l;
10219 var bh = H1h;
10220 var bl = H1l;
10221 var ch = H2h;
10222 var cl = H2l;
10223 var dh = H3h;
10224 var dl = H3l;
10225 var eh = H4h;
10226 var el = H4l;
10227 var fh = H5h;
10228 var fl = H5l;
10229 var gh = H6h;
10230 var gl = H6l;
10231 var hh = H7h;
10232 var hl = H7l;
10233
10234 // Rounds
10235 for (var i = 0; i < 80; i++) {
10236 // Shortcut
10237 var Wi = W[i];
10238
10239 // Extend message
10240 if (i < 16) {
10241 var Wih = Wi.high = M[offset + i * 2] | 0;
10242 var Wil = Wi.low = M[offset + i * 2 + 1] | 0;
10243 } else {
10244 // Gamma0
10245 var gamma0x = W[i - 15];
10246 var gamma0xh = gamma0x.high;
10247 var gamma0xl = gamma0x.low;
10248 var gamma0h = ((gamma0xh >>> 1) | (gamma0xl << 31)) ^ ((gamma0xh >>> 8) | (gamma0xl << 24)) ^ (gamma0xh >>> 7);
10249 var gamma0l = ((gamma0xl >>> 1) | (gamma0xh << 31)) ^ ((gamma0xl >>> 8) | (gamma0xh << 24)) ^ ((gamma0xl >>> 7) | (gamma0xh << 25));
10250
10251 // Gamma1
10252 var gamma1x = W[i - 2];
10253 var gamma1xh = gamma1x.high;
10254 var gamma1xl = gamma1x.low;
10255 var gamma1h = ((gamma1xh >>> 19) | (gamma1xl << 13)) ^ ((gamma1xh << 3) | (gamma1xl >>> 29)) ^ (gamma1xh >>> 6);
10256 var gamma1l = ((gamma1xl >>> 19) | (gamma1xh << 13)) ^ ((gamma1xl << 3) | (gamma1xh >>> 29)) ^ ((gamma1xl >>> 6) | (gamma1xh << 26));
10257
10258 // W[i] = gamma0 + W[i - 7] + gamma1 + W[i - 16]
10259 var Wi7 = W[i - 7];
10260 var Wi7h = Wi7.high;
10261 var Wi7l = Wi7.low;
10262
10263 var Wi16 = W[i - 16];
10264 var Wi16h = Wi16.high;
10265 var Wi16l = Wi16.low;
10266
10267 var Wil = gamma0l + Wi7l;
10268 var Wih = gamma0h + Wi7h + ((Wil >>> 0) < (gamma0l >>> 0) ? 1 : 0);
10269 var Wil = Wil + gamma1l;
10270 var Wih = Wih + gamma1h + ((Wil >>> 0) < (gamma1l >>> 0) ? 1 : 0);
10271 var Wil = Wil + Wi16l;
10272 var Wih = Wih + Wi16h + ((Wil >>> 0) < (Wi16l >>> 0) ? 1 : 0);
10273
10274 Wi.high = Wih;
10275 Wi.low = Wil;
10276 }
10277
10278 var chh = (eh & fh) ^ (~eh & gh);
10279 var chl = (el & fl) ^ (~el & gl);
10280 var majh = (ah & bh) ^ (ah & ch) ^ (bh & ch);
10281 var majl = (al & bl) ^ (al & cl) ^ (bl & cl);
10282
10283 var sigma0h = ((ah >>> 28) | (al << 4)) ^ ((ah << 30) | (al >>> 2)) ^ ((ah << 25) | (al >>> 7));
10284 var sigma0l = ((al >>> 28) | (ah << 4)) ^ ((al << 30) | (ah >>> 2)) ^ ((al << 25) | (ah >>> 7));
10285 var sigma1h = ((eh >>> 14) | (el << 18)) ^ ((eh >>> 18) | (el << 14)) ^ ((eh << 23) | (el >>> 9));
10286 var sigma1l = ((el >>> 14) | (eh << 18)) ^ ((el >>> 18) | (eh << 14)) ^ ((el << 23) | (eh >>> 9));
10287
10288 // t1 = h + sigma1 + ch + K[i] + W[i]
10289 var Ki = K[i];
10290 var Kih = Ki.high;
10291 var Kil = Ki.low;
10292
10293 var t1l = hl + sigma1l;
10294 var t1h = hh + sigma1h + ((t1l >>> 0) < (hl >>> 0) ? 1 : 0);
10295 var t1l = t1l + chl;
10296 var t1h = t1h + chh + ((t1l >>> 0) < (chl >>> 0) ? 1 : 0);
10297 var t1l = t1l + Kil;
10298 var t1h = t1h + Kih + ((t1l >>> 0) < (Kil >>> 0) ? 1 : 0);
10299 var t1l = t1l + Wil;
10300 var t1h = t1h + Wih + ((t1l >>> 0) < (Wil >>> 0) ? 1 : 0);
10301
10302 // t2 = sigma0 + maj
10303 var t2l = sigma0l + majl;
10304 var t2h = sigma0h + majh + ((t2l >>> 0) < (sigma0l >>> 0) ? 1 : 0);
10305
10306 // Update working variables
10307 hh = gh;
10308 hl = gl;
10309 gh = fh;
10310 gl = fl;
10311 fh = eh;
10312 fl = el;
10313 el = (dl + t1l) | 0;
10314 eh = (dh + t1h + ((el >>> 0) < (dl >>> 0) ? 1 : 0)) | 0;
10315 dh = ch;
10316 dl = cl;
10317 ch = bh;
10318 cl = bl;
10319 bh = ah;
10320 bl = al;
10321 al = (t1l + t2l) | 0;
10322 ah = (t1h + t2h + ((al >>> 0) < (t1l >>> 0) ? 1 : 0)) | 0;
10323 }
10324
10325 // Intermediate hash value
10326 H0l = H0.low = (H0l + al);
10327 H0.high = (H0h + ah + ((H0l >>> 0) < (al >>> 0) ? 1 : 0));
10328 H1l = H1.low = (H1l + bl);
10329 H1.high = (H1h + bh + ((H1l >>> 0) < (bl >>> 0) ? 1 : 0));
10330 H2l = H2.low = (H2l + cl);
10331 H2.high = (H2h + ch + ((H2l >>> 0) < (cl >>> 0) ? 1 : 0));
10332 H3l = H3.low = (H3l + dl);
10333 H3.high = (H3h + dh + ((H3l >>> 0) < (dl >>> 0) ? 1 : 0));
10334 H4l = H4.low = (H4l + el);
10335 H4.high = (H4h + eh + ((H4l >>> 0) < (el >>> 0) ? 1 : 0));
10336 H5l = H5.low = (H5l + fl);
10337 H5.high = (H5h + fh + ((H5l >>> 0) < (fl >>> 0) ? 1 : 0));
10338 H6l = H6.low = (H6l + gl);
10339 H6.high = (H6h + gh + ((H6l >>> 0) < (gl >>> 0) ? 1 : 0));
10340 H7l = H7.low = (H7l + hl);
10341 H7.high = (H7h + hh + ((H7l >>> 0) < (hl >>> 0) ? 1 : 0));
10342 },
10343
10344 _doFinalize: function () {
10345 // Shortcuts
10346 var data = this._data;
10347 var dataWords = data.words;
10348
10349 var nBitsTotal = this._nDataBytes * 8;
10350 var nBitsLeft = data.sigBytes * 8;
10351
10352 // Add padding
10353 dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
10354 dataWords[(((nBitsLeft + 128) >>> 10) << 5) + 30] = Math.floor(nBitsTotal / 0x100000000);
10355 dataWords[(((nBitsLeft + 128) >>> 10) << 5) + 31] = nBitsTotal;
10356 data.sigBytes = dataWords.length * 4;
10357
10358 // Hash final blocks
10359 this._process();
10360
10361 // Convert hash to 32-bit word array before returning
10362 var hash = this._hash.toX32();
10363
10364 // Return final computed hash
10365 return hash;
10366 },
10367
10368 clone: function () {
10369 var clone = Hasher.clone.call(this);
10370 clone._hash = this._hash.clone();
10371
10372 return clone;
10373 },
10374
10375 blockSize: 1024/32
10376 });
10377
10378 /**
10379 * Shortcut function to the hasher's object interface.
10380 *
10381 * @param {WordArray|string} message The message to hash.
10382 *
10383 * @return {WordArray} The hash.
10384 *
10385 * @static
10386 *
10387 * @example
10388 *
10389 * var hash = CryptoJS.SHA512('message');
10390 * var hash = CryptoJS.SHA512(wordArray);
10391 */
10392 C.SHA512 = Hasher._createHelper(SHA512);
10393
10394 /**
10395 * Shortcut function to the HMAC's object interface.
10396 *
10397 * @param {WordArray|string} message The message to hash.
10398 * @param {WordArray|string} key The secret key.
10399 *
10400 * @return {WordArray} The HMAC.
10401 *
10402 * @static
10403 *
10404 * @example
10405 *
10406 * var hmac = CryptoJS.HmacSHA512(message, key);
10407 */
10408 C.HmacSHA512 = Hasher._createHmacHelper(SHA512);
10409 }());
10410
10411
10412 return CryptoJS.SHA512;
10413
10414}));
10415},{"./core":31,"./x64-core":62}],61:[function(_dereq_,module,exports){
10416;(function (root, factory, undef) {
10417 if (typeof exports === "object") {
10418 // CommonJS
10419 module.exports = exports = factory(_dereq_("./core"), _dereq_("./enc-base64"), _dereq_("./md5"), _dereq_("./evpkdf"), _dereq_("./cipher-core"));
10420 }
10421 else if (typeof define === "function" && define.amd) {
10422 // AMD
10423 define(["./core", "./enc-base64", "./md5", "./evpkdf", "./cipher-core"], factory);
10424 }
10425 else {
10426 // Global (browser)
10427 factory(root.CryptoJS);
10428 }
10429}(this, function (CryptoJS) {
10430
10431 (function () {
10432 // Shortcuts
10433 var C = CryptoJS;
10434 var C_lib = C.lib;
10435 var WordArray = C_lib.WordArray;
10436 var BlockCipher = C_lib.BlockCipher;
10437 var C_algo = C.algo;
10438
10439 // Permuted Choice 1 constants
10440 var PC1 = [
10441 57, 49, 41, 33, 25, 17, 9, 1,
10442 58, 50, 42, 34, 26, 18, 10, 2,
10443 59, 51, 43, 35, 27, 19, 11, 3,
10444 60, 52, 44, 36, 63, 55, 47, 39,
10445 31, 23, 15, 7, 62, 54, 46, 38,
10446 30, 22, 14, 6, 61, 53, 45, 37,
10447 29, 21, 13, 5, 28, 20, 12, 4
10448 ];
10449
10450 // Permuted Choice 2 constants
10451 var PC2 = [
10452 14, 17, 11, 24, 1, 5,
10453 3, 28, 15, 6, 21, 10,
10454 23, 19, 12, 4, 26, 8,
10455 16, 7, 27, 20, 13, 2,
10456 41, 52, 31, 37, 47, 55,
10457 30, 40, 51, 45, 33, 48,
10458 44, 49, 39, 56, 34, 53,
10459 46, 42, 50, 36, 29, 32
10460 ];
10461
10462 // Cumulative bit shift constants
10463 var BIT_SHIFTS = [1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28];
10464
10465 // SBOXes and round permutation constants
10466 var SBOX_P = [
10467 {
10468 0x0: 0x808200,
10469 0x10000000: 0x8000,
10470 0x20000000: 0x808002,
10471 0x30000000: 0x2,
10472 0x40000000: 0x200,
10473 0x50000000: 0x808202,
10474 0x60000000: 0x800202,
10475 0x70000000: 0x800000,
10476 0x80000000: 0x202,
10477 0x90000000: 0x800200,
10478 0xa0000000: 0x8200,
10479 0xb0000000: 0x808000,
10480 0xc0000000: 0x8002,
10481 0xd0000000: 0x800002,
10482 0xe0000000: 0x0,
10483 0xf0000000: 0x8202,
10484 0x8000000: 0x0,
10485 0x18000000: 0x808202,
10486 0x28000000: 0x8202,
10487 0x38000000: 0x8000,
10488 0x48000000: 0x808200,
10489 0x58000000: 0x200,
10490 0x68000000: 0x808002,
10491 0x78000000: 0x2,
10492 0x88000000: 0x800200,
10493 0x98000000: 0x8200,
10494 0xa8000000: 0x808000,
10495 0xb8000000: 0x800202,
10496 0xc8000000: 0x800002,
10497 0xd8000000: 0x8002,
10498 0xe8000000: 0x202,
10499 0xf8000000: 0x800000,
10500 0x1: 0x8000,
10501 0x10000001: 0x2,
10502 0x20000001: 0x808200,
10503 0x30000001: 0x800000,
10504 0x40000001: 0x808002,
10505 0x50000001: 0x8200,
10506 0x60000001: 0x200,
10507 0x70000001: 0x800202,
10508 0x80000001: 0x808202,
10509 0x90000001: 0x808000,
10510 0xa0000001: 0x800002,
10511 0xb0000001: 0x8202,
10512 0xc0000001: 0x202,
10513 0xd0000001: 0x800200,
10514 0xe0000001: 0x8002,
10515 0xf0000001: 0x0,
10516 0x8000001: 0x808202,
10517 0x18000001: 0x808000,
10518 0x28000001: 0x800000,
10519 0x38000001: 0x200,
10520 0x48000001: 0x8000,
10521 0x58000001: 0x800002,
10522 0x68000001: 0x2,
10523 0x78000001: 0x8202,
10524 0x88000001: 0x8002,
10525 0x98000001: 0x800202,
10526 0xa8000001: 0x202,
10527 0xb8000001: 0x808200,
10528 0xc8000001: 0x800200,
10529 0xd8000001: 0x0,
10530 0xe8000001: 0x8200,
10531 0xf8000001: 0x808002
10532 },
10533 {
10534 0x0: 0x40084010,
10535 0x1000000: 0x4000,
10536 0x2000000: 0x80000,
10537 0x3000000: 0x40080010,
10538 0x4000000: 0x40000010,
10539 0x5000000: 0x40084000,
10540 0x6000000: 0x40004000,
10541 0x7000000: 0x10,
10542 0x8000000: 0x84000,
10543 0x9000000: 0x40004010,
10544 0xa000000: 0x40000000,
10545 0xb000000: 0x84010,
10546 0xc000000: 0x80010,
10547 0xd000000: 0x0,
10548 0xe000000: 0x4010,
10549 0xf000000: 0x40080000,
10550 0x800000: 0x40004000,
10551 0x1800000: 0x84010,
10552 0x2800000: 0x10,
10553 0x3800000: 0x40004010,
10554 0x4800000: 0x40084010,
10555 0x5800000: 0x40000000,
10556 0x6800000: 0x80000,
10557 0x7800000: 0x40080010,
10558 0x8800000: 0x80010,
10559 0x9800000: 0x0,
10560 0xa800000: 0x4000,
10561 0xb800000: 0x40080000,
10562 0xc800000: 0x40000010,
10563 0xd800000: 0x84000,
10564 0xe800000: 0x40084000,
10565 0xf800000: 0x4010,
10566 0x10000000: 0x0,
10567 0x11000000: 0x40080010,
10568 0x12000000: 0x40004010,
10569 0x13000000: 0x40084000,
10570 0x14000000: 0x40080000,
10571 0x15000000: 0x10,
10572 0x16000000: 0x84010,
10573 0x17000000: 0x4000,
10574 0x18000000: 0x4010,
10575 0x19000000: 0x80000,
10576 0x1a000000: 0x80010,
10577 0x1b000000: 0x40000010,
10578 0x1c000000: 0x84000,
10579 0x1d000000: 0x40004000,
10580 0x1e000000: 0x40000000,
10581 0x1f000000: 0x40084010,
10582 0x10800000: 0x84010,
10583 0x11800000: 0x80000,
10584 0x12800000: 0x40080000,
10585 0x13800000: 0x4000,
10586 0x14800000: 0x40004000,
10587 0x15800000: 0x40084010,
10588 0x16800000: 0x10,
10589 0x17800000: 0x40000000,
10590 0x18800000: 0x40084000,
10591 0x19800000: 0x40000010,
10592 0x1a800000: 0x40004010,
10593 0x1b800000: 0x80010,
10594 0x1c800000: 0x0,
10595 0x1d800000: 0x4010,
10596 0x1e800000: 0x40080010,
10597 0x1f800000: 0x84000
10598 },
10599 {
10600 0x0: 0x104,
10601 0x100000: 0x0,
10602 0x200000: 0x4000100,
10603 0x300000: 0x10104,
10604 0x400000: 0x10004,
10605 0x500000: 0x4000004,
10606 0x600000: 0x4010104,
10607 0x700000: 0x4010000,
10608 0x800000: 0x4000000,
10609 0x900000: 0x4010100,
10610 0xa00000: 0x10100,
10611 0xb00000: 0x4010004,
10612 0xc00000: 0x4000104,
10613 0xd00000: 0x10000,
10614 0xe00000: 0x4,
10615 0xf00000: 0x100,
10616 0x80000: 0x4010100,
10617 0x180000: 0x4010004,
10618 0x280000: 0x0,
10619 0x380000: 0x4000100,
10620 0x480000: 0x4000004,
10621 0x580000: 0x10000,
10622 0x680000: 0x10004,
10623 0x780000: 0x104,
10624 0x880000: 0x4,
10625 0x980000: 0x100,
10626 0xa80000: 0x4010000,
10627 0xb80000: 0x10104,
10628 0xc80000: 0x10100,
10629 0xd80000: 0x4000104,
10630 0xe80000: 0x4010104,
10631 0xf80000: 0x4000000,
10632 0x1000000: 0x4010100,
10633 0x1100000: 0x10004,
10634 0x1200000: 0x10000,
10635 0x1300000: 0x4000100,
10636 0x1400000: 0x100,
10637 0x1500000: 0x4010104,
10638 0x1600000: 0x4000004,
10639 0x1700000: 0x0,
10640 0x1800000: 0x4000104,
10641 0x1900000: 0x4000000,
10642 0x1a00000: 0x4,
10643 0x1b00000: 0x10100,
10644 0x1c00000: 0x4010000,
10645 0x1d00000: 0x104,
10646 0x1e00000: 0x10104,
10647 0x1f00000: 0x4010004,
10648 0x1080000: 0x4000000,
10649 0x1180000: 0x104,
10650 0x1280000: 0x4010100,
10651 0x1380000: 0x0,
10652 0x1480000: 0x10004,
10653 0x1580000: 0x4000100,
10654 0x1680000: 0x100,
10655 0x1780000: 0x4010004,
10656 0x1880000: 0x10000,
10657 0x1980000: 0x4010104,
10658 0x1a80000: 0x10104,
10659 0x1b80000: 0x4000004,
10660 0x1c80000: 0x4000104,
10661 0x1d80000: 0x4010000,
10662 0x1e80000: 0x4,
10663 0x1f80000: 0x10100
10664 },
10665 {
10666 0x0: 0x80401000,
10667 0x10000: 0x80001040,
10668 0x20000: 0x401040,
10669 0x30000: 0x80400000,
10670 0x40000: 0x0,
10671 0x50000: 0x401000,
10672 0x60000: 0x80000040,
10673 0x70000: 0x400040,
10674 0x80000: 0x80000000,
10675 0x90000: 0x400000,
10676 0xa0000: 0x40,
10677 0xb0000: 0x80001000,
10678 0xc0000: 0x80400040,
10679 0xd0000: 0x1040,
10680 0xe0000: 0x1000,
10681 0xf0000: 0x80401040,
10682 0x8000: 0x80001040,
10683 0x18000: 0x40,
10684 0x28000: 0x80400040,
10685 0x38000: 0x80001000,
10686 0x48000: 0x401000,
10687 0x58000: 0x80401040,
10688 0x68000: 0x0,
10689 0x78000: 0x80400000,
10690 0x88000: 0x1000,
10691 0x98000: 0x80401000,
10692 0xa8000: 0x400000,
10693 0xb8000: 0x1040,
10694 0xc8000: 0x80000000,
10695 0xd8000: 0x400040,
10696 0xe8000: 0x401040,
10697 0xf8000: 0x80000040,
10698 0x100000: 0x400040,
10699 0x110000: 0x401000,
10700 0x120000: 0x80000040,
10701 0x130000: 0x0,
10702 0x140000: 0x1040,
10703 0x150000: 0x80400040,
10704 0x160000: 0x80401000,
10705 0x170000: 0x80001040,
10706 0x180000: 0x80401040,
10707 0x190000: 0x80000000,
10708 0x1a0000: 0x80400000,
10709 0x1b0000: 0x401040,
10710 0x1c0000: 0x80001000,
10711 0x1d0000: 0x400000,
10712 0x1e0000: 0x40,
10713 0x1f0000: 0x1000,
10714 0x108000: 0x80400000,
10715 0x118000: 0x80401040,
10716 0x128000: 0x0,
10717 0x138000: 0x401000,
10718 0x148000: 0x400040,
10719 0x158000: 0x80000000,
10720 0x168000: 0x80001040,
10721 0x178000: 0x40,
10722 0x188000: 0x80000040,
10723 0x198000: 0x1000,
10724 0x1a8000: 0x80001000,
10725 0x1b8000: 0x80400040,
10726 0x1c8000: 0x1040,
10727 0x1d8000: 0x80401000,
10728 0x1e8000: 0x400000,
10729 0x1f8000: 0x401040
10730 },
10731 {
10732 0x0: 0x80,
10733 0x1000: 0x1040000,
10734 0x2000: 0x40000,
10735 0x3000: 0x20000000,
10736 0x4000: 0x20040080,
10737 0x5000: 0x1000080,
10738 0x6000: 0x21000080,
10739 0x7000: 0x40080,
10740 0x8000: 0x1000000,
10741 0x9000: 0x20040000,
10742 0xa000: 0x20000080,
10743 0xb000: 0x21040080,
10744 0xc000: 0x21040000,
10745 0xd000: 0x0,
10746 0xe000: 0x1040080,
10747 0xf000: 0x21000000,
10748 0x800: 0x1040080,
10749 0x1800: 0x21000080,
10750 0x2800: 0x80,
10751 0x3800: 0x1040000,
10752 0x4800: 0x40000,
10753 0x5800: 0x20040080,
10754 0x6800: 0x21040000,
10755 0x7800: 0x20000000,
10756 0x8800: 0x20040000,
10757 0x9800: 0x0,
10758 0xa800: 0x21040080,
10759 0xb800: 0x1000080,
10760 0xc800: 0x20000080,
10761 0xd800: 0x21000000,
10762 0xe800: 0x1000000,
10763 0xf800: 0x40080,
10764 0x10000: 0x40000,
10765 0x11000: 0x80,
10766 0x12000: 0x20000000,
10767 0x13000: 0x21000080,
10768 0x14000: 0x1000080,
10769 0x15000: 0x21040000,
10770 0x16000: 0x20040080,
10771 0x17000: 0x1000000,
10772 0x18000: 0x21040080,
10773 0x19000: 0x21000000,
10774 0x1a000: 0x1040000,
10775 0x1b000: 0x20040000,
10776 0x1c000: 0x40080,
10777 0x1d000: 0x20000080,
10778 0x1e000: 0x0,
10779 0x1f000: 0x1040080,
10780 0x10800: 0x21000080,
10781 0x11800: 0x1000000,
10782 0x12800: 0x1040000,
10783 0x13800: 0x20040080,
10784 0x14800: 0x20000000,
10785 0x15800: 0x1040080,
10786 0x16800: 0x80,
10787 0x17800: 0x21040000,
10788 0x18800: 0x40080,
10789 0x19800: 0x21040080,
10790 0x1a800: 0x0,
10791 0x1b800: 0x21000000,
10792 0x1c800: 0x1000080,
10793 0x1d800: 0x40000,
10794 0x1e800: 0x20040000,
10795 0x1f800: 0x20000080
10796 },
10797 {
10798 0x0: 0x10000008,
10799 0x100: 0x2000,
10800 0x200: 0x10200000,
10801 0x300: 0x10202008,
10802 0x400: 0x10002000,
10803 0x500: 0x200000,
10804 0x600: 0x200008,
10805 0x700: 0x10000000,
10806 0x800: 0x0,
10807 0x900: 0x10002008,
10808 0xa00: 0x202000,
10809 0xb00: 0x8,
10810 0xc00: 0x10200008,
10811 0xd00: 0x202008,
10812 0xe00: 0x2008,
10813 0xf00: 0x10202000,
10814 0x80: 0x10200000,
10815 0x180: 0x10202008,
10816 0x280: 0x8,
10817 0x380: 0x200000,
10818 0x480: 0x202008,
10819 0x580: 0x10000008,
10820 0x680: 0x10002000,
10821 0x780: 0x2008,
10822 0x880: 0x200008,
10823 0x980: 0x2000,
10824 0xa80: 0x10002008,
10825 0xb80: 0x10200008,
10826 0xc80: 0x0,
10827 0xd80: 0x10202000,
10828 0xe80: 0x202000,
10829 0xf80: 0x10000000,
10830 0x1000: 0x10002000,
10831 0x1100: 0x10200008,
10832 0x1200: 0x10202008,
10833 0x1300: 0x2008,
10834 0x1400: 0x200000,
10835 0x1500: 0x10000000,
10836 0x1600: 0x10000008,
10837 0x1700: 0x202000,
10838 0x1800: 0x202008,
10839 0x1900: 0x0,
10840 0x1a00: 0x8,
10841 0x1b00: 0x10200000,
10842 0x1c00: 0x2000,
10843 0x1d00: 0x10002008,
10844 0x1e00: 0x10202000,
10845 0x1f00: 0x200008,
10846 0x1080: 0x8,
10847 0x1180: 0x202000,
10848 0x1280: 0x200000,
10849 0x1380: 0x10000008,
10850 0x1480: 0x10002000,
10851 0x1580: 0x2008,
10852 0x1680: 0x10202008,
10853 0x1780: 0x10200000,
10854 0x1880: 0x10202000,
10855 0x1980: 0x10200008,
10856 0x1a80: 0x2000,
10857 0x1b80: 0x202008,
10858 0x1c80: 0x200008,
10859 0x1d80: 0x0,
10860 0x1e80: 0x10000000,
10861 0x1f80: 0x10002008
10862 },
10863 {
10864 0x0: 0x100000,
10865 0x10: 0x2000401,
10866 0x20: 0x400,
10867 0x30: 0x100401,
10868 0x40: 0x2100401,
10869 0x50: 0x0,
10870 0x60: 0x1,
10871 0x70: 0x2100001,
10872 0x80: 0x2000400,
10873 0x90: 0x100001,
10874 0xa0: 0x2000001,
10875 0xb0: 0x2100400,
10876 0xc0: 0x2100000,
10877 0xd0: 0x401,
10878 0xe0: 0x100400,
10879 0xf0: 0x2000000,
10880 0x8: 0x2100001,
10881 0x18: 0x0,
10882 0x28: 0x2000401,
10883 0x38: 0x2100400,
10884 0x48: 0x100000,
10885 0x58: 0x2000001,
10886 0x68: 0x2000000,
10887 0x78: 0x401,
10888 0x88: 0x100401,
10889 0x98: 0x2000400,
10890 0xa8: 0x2100000,
10891 0xb8: 0x100001,
10892 0xc8: 0x400,
10893 0xd8: 0x2100401,
10894 0xe8: 0x1,
10895 0xf8: 0x100400,
10896 0x100: 0x2000000,
10897 0x110: 0x100000,
10898 0x120: 0x2000401,
10899 0x130: 0x2100001,
10900 0x140: 0x100001,
10901 0x150: 0x2000400,
10902 0x160: 0x2100400,
10903 0x170: 0x100401,
10904 0x180: 0x401,
10905 0x190: 0x2100401,
10906 0x1a0: 0x100400,
10907 0x1b0: 0x1,
10908 0x1c0: 0x0,
10909 0x1d0: 0x2100000,
10910 0x1e0: 0x2000001,
10911 0x1f0: 0x400,
10912 0x108: 0x100400,
10913 0x118: 0x2000401,
10914 0x128: 0x2100001,
10915 0x138: 0x1,
10916 0x148: 0x2000000,
10917 0x158: 0x100000,
10918 0x168: 0x401,
10919 0x178: 0x2100400,
10920 0x188: 0x2000001,
10921 0x198: 0x2100000,
10922 0x1a8: 0x0,
10923 0x1b8: 0x2100401,
10924 0x1c8: 0x100401,
10925 0x1d8: 0x400,
10926 0x1e8: 0x2000400,
10927 0x1f8: 0x100001
10928 },
10929 {
10930 0x0: 0x8000820,
10931 0x1: 0x20000,
10932 0x2: 0x8000000,
10933 0x3: 0x20,
10934 0x4: 0x20020,
10935 0x5: 0x8020820,
10936 0x6: 0x8020800,
10937 0x7: 0x800,
10938 0x8: 0x8020000,
10939 0x9: 0x8000800,
10940 0xa: 0x20800,
10941 0xb: 0x8020020,
10942 0xc: 0x820,
10943 0xd: 0x0,
10944 0xe: 0x8000020,
10945 0xf: 0x20820,
10946 0x80000000: 0x800,
10947 0x80000001: 0x8020820,
10948 0x80000002: 0x8000820,
10949 0x80000003: 0x8000000,
10950 0x80000004: 0x8020000,
10951 0x80000005: 0x20800,
10952 0x80000006: 0x20820,
10953 0x80000007: 0x20,
10954 0x80000008: 0x8000020,
10955 0x80000009: 0x820,
10956 0x8000000a: 0x20020,
10957 0x8000000b: 0x8020800,
10958 0x8000000c: 0x0,
10959 0x8000000d: 0x8020020,
10960 0x8000000e: 0x8000800,
10961 0x8000000f: 0x20000,
10962 0x10: 0x20820,
10963 0x11: 0x8020800,
10964 0x12: 0x20,
10965 0x13: 0x800,
10966 0x14: 0x8000800,
10967 0x15: 0x8000020,
10968 0x16: 0x8020020,
10969 0x17: 0x20000,
10970 0x18: 0x0,
10971 0x19: 0x20020,
10972 0x1a: 0x8020000,
10973 0x1b: 0x8000820,
10974 0x1c: 0x8020820,
10975 0x1d: 0x20800,
10976 0x1e: 0x820,
10977 0x1f: 0x8000000,
10978 0x80000010: 0x20000,
10979 0x80000011: 0x800,
10980 0x80000012: 0x8020020,
10981 0x80000013: 0x20820,
10982 0x80000014: 0x20,
10983 0x80000015: 0x8020000,
10984 0x80000016: 0x8000000,
10985 0x80000017: 0x8000820,
10986 0x80000018: 0x8020820,
10987 0x80000019: 0x8000020,
10988 0x8000001a: 0x8000800,
10989 0x8000001b: 0x0,
10990 0x8000001c: 0x20800,
10991 0x8000001d: 0x820,
10992 0x8000001e: 0x20020,
10993 0x8000001f: 0x8020800
10994 }
10995 ];
10996
10997 // Masks that select the SBOX input
10998 var SBOX_MASK = [
10999 0xf8000001, 0x1f800000, 0x01f80000, 0x001f8000,
11000 0x0001f800, 0x00001f80, 0x000001f8, 0x8000001f
11001 ];
11002
11003 /**
11004 * DES block cipher algorithm.
11005 */
11006 var DES = C_algo.DES = BlockCipher.extend({
11007 _doReset: function () {
11008 // Shortcuts
11009 var key = this._key;
11010 var keyWords = key.words;
11011
11012 // Select 56 bits according to PC1
11013 var keyBits = [];
11014 for (var i = 0; i < 56; i++) {
11015 var keyBitPos = PC1[i] - 1;
11016 keyBits[i] = (keyWords[keyBitPos >>> 5] >>> (31 - keyBitPos % 32)) & 1;
11017 }
11018
11019 // Assemble 16 subkeys
11020 var subKeys = this._subKeys = [];
11021 for (var nSubKey = 0; nSubKey < 16; nSubKey++) {
11022 // Create subkey
11023 var subKey = subKeys[nSubKey] = [];
11024
11025 // Shortcut
11026 var bitShift = BIT_SHIFTS[nSubKey];
11027
11028 // Select 48 bits according to PC2
11029 for (var i = 0; i < 24; i++) {
11030 // Select from the left 28 key bits
11031 subKey[(i / 6) | 0] |= keyBits[((PC2[i] - 1) + bitShift) % 28] << (31 - i % 6);
11032
11033 // Select from the right 28 key bits
11034 subKey[4 + ((i / 6) | 0)] |= keyBits[28 + (((PC2[i + 24] - 1) + bitShift) % 28)] << (31 - i % 6);
11035 }
11036
11037 // Since each subkey is applied to an expanded 32-bit input,
11038 // the subkey can be broken into 8 values scaled to 32-bits,
11039 // which allows the key to be used without expansion
11040 subKey[0] = (subKey[0] << 1) | (subKey[0] >>> 31);
11041 for (var i = 1; i < 7; i++) {
11042 subKey[i] = subKey[i] >>> ((i - 1) * 4 + 3);
11043 }
11044 subKey[7] = (subKey[7] << 5) | (subKey[7] >>> 27);
11045 }
11046
11047 // Compute inverse subkeys
11048 var invSubKeys = this._invSubKeys = [];
11049 for (var i = 0; i < 16; i++) {
11050 invSubKeys[i] = subKeys[15 - i];
11051 }
11052 },
11053
11054 encryptBlock: function (M, offset) {
11055 this._doCryptBlock(M, offset, this._subKeys);
11056 },
11057
11058 decryptBlock: function (M, offset) {
11059 this._doCryptBlock(M, offset, this._invSubKeys);
11060 },
11061
11062 _doCryptBlock: function (M, offset, subKeys) {
11063 // Get input
11064 this._lBlock = M[offset];
11065 this._rBlock = M[offset + 1];
11066
11067 // Initial permutation
11068 exchangeLR.call(this, 4, 0x0f0f0f0f);
11069 exchangeLR.call(this, 16, 0x0000ffff);
11070 exchangeRL.call(this, 2, 0x33333333);
11071 exchangeRL.call(this, 8, 0x00ff00ff);
11072 exchangeLR.call(this, 1, 0x55555555);
11073
11074 // Rounds
11075 for (var round = 0; round < 16; round++) {
11076 // Shortcuts
11077 var subKey = subKeys[round];
11078 var lBlock = this._lBlock;
11079 var rBlock = this._rBlock;
11080
11081 // Feistel function
11082 var f = 0;
11083 for (var i = 0; i < 8; i++) {
11084 f |= SBOX_P[i][((rBlock ^ subKey[i]) & SBOX_MASK[i]) >>> 0];
11085 }
11086 this._lBlock = rBlock;
11087 this._rBlock = lBlock ^ f;
11088 }
11089
11090 // Undo swap from last round
11091 var t = this._lBlock;
11092 this._lBlock = this._rBlock;
11093 this._rBlock = t;
11094
11095 // Final permutation
11096 exchangeLR.call(this, 1, 0x55555555);
11097 exchangeRL.call(this, 8, 0x00ff00ff);
11098 exchangeRL.call(this, 2, 0x33333333);
11099 exchangeLR.call(this, 16, 0x0000ffff);
11100 exchangeLR.call(this, 4, 0x0f0f0f0f);
11101
11102 // Set output
11103 M[offset] = this._lBlock;
11104 M[offset + 1] = this._rBlock;
11105 },
11106
11107 keySize: 64/32,
11108
11109 ivSize: 64/32,
11110
11111 blockSize: 64/32
11112 });
11113
11114 // Swap bits across the left and right words
11115 function exchangeLR(offset, mask) {
11116 var t = ((this._lBlock >>> offset) ^ this._rBlock) & mask;
11117 this._rBlock ^= t;
11118 this._lBlock ^= t << offset;
11119 }
11120
11121 function exchangeRL(offset, mask) {
11122 var t = ((this._rBlock >>> offset) ^ this._lBlock) & mask;
11123 this._lBlock ^= t;
11124 this._rBlock ^= t << offset;
11125 }
11126
11127 /**
11128 * Shortcut functions to the cipher's object interface.
11129 *
11130 * @example
11131 *
11132 * var ciphertext = CryptoJS.DES.encrypt(message, key, cfg);
11133 * var plaintext = CryptoJS.DES.decrypt(ciphertext, key, cfg);
11134 */
11135 C.DES = BlockCipher._createHelper(DES);
11136
11137 /**
11138 * Triple-DES block cipher algorithm.
11139 */
11140 var TripleDES = C_algo.TripleDES = BlockCipher.extend({
11141 _doReset: function () {
11142 // Shortcuts
11143 var key = this._key;
11144 var keyWords = key.words;
11145
11146 // Create DES instances
11147 this._des1 = DES.createEncryptor(WordArray.create(keyWords.slice(0, 2)));
11148 this._des2 = DES.createEncryptor(WordArray.create(keyWords.slice(2, 4)));
11149 this._des3 = DES.createEncryptor(WordArray.create(keyWords.slice(4, 6)));
11150 },
11151
11152 encryptBlock: function (M, offset) {
11153 this._des1.encryptBlock(M, offset);
11154 this._des2.decryptBlock(M, offset);
11155 this._des3.encryptBlock(M, offset);
11156 },
11157
11158 decryptBlock: function (M, offset) {
11159 this._des3.decryptBlock(M, offset);
11160 this._des2.encryptBlock(M, offset);
11161 this._des1.decryptBlock(M, offset);
11162 },
11163
11164 keySize: 192/32,
11165
11166 ivSize: 64/32,
11167
11168 blockSize: 64/32
11169 });
11170
11171 /**
11172 * Shortcut functions to the cipher's object interface.
11173 *
11174 * @example
11175 *
11176 * var ciphertext = CryptoJS.TripleDES.encrypt(message, key, cfg);
11177 * var plaintext = CryptoJS.TripleDES.decrypt(ciphertext, key, cfg);
11178 */
11179 C.TripleDES = BlockCipher._createHelper(TripleDES);
11180 }());
11181
11182
11183 return CryptoJS.TripleDES;
11184
11185}));
11186},{"./cipher-core":30,"./core":31,"./enc-base64":32,"./evpkdf":34,"./md5":39}],62:[function(_dereq_,module,exports){
11187;(function (root, factory) {
11188 if (typeof exports === "object") {
11189 // CommonJS
11190 module.exports = exports = factory(_dereq_("./core"));
11191 }
11192 else if (typeof define === "function" && define.amd) {
11193 // AMD
11194 define(["./core"], factory);
11195 }
11196 else {
11197 // Global (browser)
11198 factory(root.CryptoJS);
11199 }
11200}(this, function (CryptoJS) {
11201
11202 (function (undefined) {
11203 // Shortcuts
11204 var C = CryptoJS;
11205 var C_lib = C.lib;
11206 var Base = C_lib.Base;
11207 var X32WordArray = C_lib.WordArray;
11208
11209 /**
11210 * x64 namespace.
11211 */
11212 var C_x64 = C.x64 = {};
11213
11214 /**
11215 * A 64-bit word.
11216 */
11217 var X64Word = C_x64.Word = Base.extend({
11218 /**
11219 * Initializes a newly created 64-bit word.
11220 *
11221 * @param {number} high The high 32 bits.
11222 * @param {number} low The low 32 bits.
11223 *
11224 * @example
11225 *
11226 * var x64Word = CryptoJS.x64.Word.create(0x00010203, 0x04050607);
11227 */
11228 init: function (high, low) {
11229 this.high = high;
11230 this.low = low;
11231 }
11232
11233 /**
11234 * Bitwise NOTs this word.
11235 *
11236 * @return {X64Word} A new x64-Word object after negating.
11237 *
11238 * @example
11239 *
11240 * var negated = x64Word.not();
11241 */
11242 // not: function () {
11243 // var high = ~this.high;
11244 // var low = ~this.low;
11245
11246 // return X64Word.create(high, low);
11247 // },
11248
11249 /**
11250 * Bitwise ANDs this word with the passed word.
11251 *
11252 * @param {X64Word} word The x64-Word to AND with this word.
11253 *
11254 * @return {X64Word} A new x64-Word object after ANDing.
11255 *
11256 * @example
11257 *
11258 * var anded = x64Word.and(anotherX64Word);
11259 */
11260 // and: function (word) {
11261 // var high = this.high & word.high;
11262 // var low = this.low & word.low;
11263
11264 // return X64Word.create(high, low);
11265 // },
11266
11267 /**
11268 * Bitwise ORs this word with the passed word.
11269 *
11270 * @param {X64Word} word The x64-Word to OR with this word.
11271 *
11272 * @return {X64Word} A new x64-Word object after ORing.
11273 *
11274 * @example
11275 *
11276 * var ored = x64Word.or(anotherX64Word);
11277 */
11278 // or: function (word) {
11279 // var high = this.high | word.high;
11280 // var low = this.low | word.low;
11281
11282 // return X64Word.create(high, low);
11283 // },
11284
11285 /**
11286 * Bitwise XORs this word with the passed word.
11287 *
11288 * @param {X64Word} word The x64-Word to XOR with this word.
11289 *
11290 * @return {X64Word} A new x64-Word object after XORing.
11291 *
11292 * @example
11293 *
11294 * var xored = x64Word.xor(anotherX64Word);
11295 */
11296 // xor: function (word) {
11297 // var high = this.high ^ word.high;
11298 // var low = this.low ^ word.low;
11299
11300 // return X64Word.create(high, low);
11301 // },
11302
11303 /**
11304 * Shifts this word n bits to the left.
11305 *
11306 * @param {number} n The number of bits to shift.
11307 *
11308 * @return {X64Word} A new x64-Word object after shifting.
11309 *
11310 * @example
11311 *
11312 * var shifted = x64Word.shiftL(25);
11313 */
11314 // shiftL: function (n) {
11315 // if (n < 32) {
11316 // var high = (this.high << n) | (this.low >>> (32 - n));
11317 // var low = this.low << n;
11318 // } else {
11319 // var high = this.low << (n - 32);
11320 // var low = 0;
11321 // }
11322
11323 // return X64Word.create(high, low);
11324 // },
11325
11326 /**
11327 * Shifts this word n bits to the right.
11328 *
11329 * @param {number} n The number of bits to shift.
11330 *
11331 * @return {X64Word} A new x64-Word object after shifting.
11332 *
11333 * @example
11334 *
11335 * var shifted = x64Word.shiftR(7);
11336 */
11337 // shiftR: function (n) {
11338 // if (n < 32) {
11339 // var low = (this.low >>> n) | (this.high << (32 - n));
11340 // var high = this.high >>> n;
11341 // } else {
11342 // var low = this.high >>> (n - 32);
11343 // var high = 0;
11344 // }
11345
11346 // return X64Word.create(high, low);
11347 // },
11348
11349 /**
11350 * Rotates this word n bits to the left.
11351 *
11352 * @param {number} n The number of bits to rotate.
11353 *
11354 * @return {X64Word} A new x64-Word object after rotating.
11355 *
11356 * @example
11357 *
11358 * var rotated = x64Word.rotL(25);
11359 */
11360 // rotL: function (n) {
11361 // return this.shiftL(n).or(this.shiftR(64 - n));
11362 // },
11363
11364 /**
11365 * Rotates this word n bits to the right.
11366 *
11367 * @param {number} n The number of bits to rotate.
11368 *
11369 * @return {X64Word} A new x64-Word object after rotating.
11370 *
11371 * @example
11372 *
11373 * var rotated = x64Word.rotR(7);
11374 */
11375 // rotR: function (n) {
11376 // return this.shiftR(n).or(this.shiftL(64 - n));
11377 // },
11378
11379 /**
11380 * Adds this word with the passed word.
11381 *
11382 * @param {X64Word} word The x64-Word to add with this word.
11383 *
11384 * @return {X64Word} A new x64-Word object after adding.
11385 *
11386 * @example
11387 *
11388 * var added = x64Word.add(anotherX64Word);
11389 */
11390 // add: function (word) {
11391 // var low = (this.low + word.low) | 0;
11392 // var carry = (low >>> 0) < (this.low >>> 0) ? 1 : 0;
11393 // var high = (this.high + word.high + carry) | 0;
11394
11395 // return X64Word.create(high, low);
11396 // }
11397 });
11398
11399 /**
11400 * An array of 64-bit words.
11401 *
11402 * @property {Array} words The array of CryptoJS.x64.Word objects.
11403 * @property {number} sigBytes The number of significant bytes in this word array.
11404 */
11405 var X64WordArray = C_x64.WordArray = Base.extend({
11406 /**
11407 * Initializes a newly created word array.
11408 *
11409 * @param {Array} words (Optional) An array of CryptoJS.x64.Word objects.
11410 * @param {number} sigBytes (Optional) The number of significant bytes in the words.
11411 *
11412 * @example
11413 *
11414 * var wordArray = CryptoJS.x64.WordArray.create();
11415 *
11416 * var wordArray = CryptoJS.x64.WordArray.create([
11417 * CryptoJS.x64.Word.create(0x00010203, 0x04050607),
11418 * CryptoJS.x64.Word.create(0x18191a1b, 0x1c1d1e1f)
11419 * ]);
11420 *
11421 * var wordArray = CryptoJS.x64.WordArray.create([
11422 * CryptoJS.x64.Word.create(0x00010203, 0x04050607),
11423 * CryptoJS.x64.Word.create(0x18191a1b, 0x1c1d1e1f)
11424 * ], 10);
11425 */
11426 init: function (words, sigBytes) {
11427 words = this.words = words || [];
11428
11429 if (sigBytes != undefined) {
11430 this.sigBytes = sigBytes;
11431 } else {
11432 this.sigBytes = words.length * 8;
11433 }
11434 },
11435
11436 /**
11437 * Converts this 64-bit word array to a 32-bit word array.
11438 *
11439 * @return {CryptoJS.lib.WordArray} This word array's data as a 32-bit word array.
11440 *
11441 * @example
11442 *
11443 * var x32WordArray = x64WordArray.toX32();
11444 */
11445 toX32: function () {
11446 // Shortcuts
11447 var x64Words = this.words;
11448 var x64WordsLength = x64Words.length;
11449
11450 // Convert
11451 var x32Words = [];
11452 for (var i = 0; i < x64WordsLength; i++) {
11453 var x64Word = x64Words[i];
11454 x32Words.push(x64Word.high);
11455 x32Words.push(x64Word.low);
11456 }
11457
11458 return X32WordArray.create(x32Words, this.sigBytes);
11459 },
11460
11461 /**
11462 * Creates a copy of this word array.
11463 *
11464 * @return {X64WordArray} The clone.
11465 *
11466 * @example
11467 *
11468 * var clone = x64WordArray.clone();
11469 */
11470 clone: function () {
11471 var clone = Base.clone.call(this);
11472
11473 // Clone "words" array
11474 var words = clone.words = this.words.slice(0);
11475
11476 // Clone each X64Word object
11477 var wordsLength = words.length;
11478 for (var i = 0; i < wordsLength; i++) {
11479 words[i] = words[i].clone();
11480 }
11481
11482 return clone;
11483 }
11484 });
11485 }());
11486
11487
11488 return CryptoJS;
11489
11490}));
11491},{"./core":31}],63:[function(_dereq_,module,exports){
11492var assert = _dereq_('assert')
11493var BigInteger = _dereq_('bigi')
11494
11495var Point = _dereq_('./point')
11496
11497function Curve(p, a, b, Gx, Gy, n, h) {
11498 this.p = p
11499 this.a = a
11500 this.b = b
11501 this.G = Point.fromAffine(this, Gx, Gy)
11502 this.n = n
11503 this.h = h
11504
11505 this.infinity = new Point(this, null, null, BigInteger.ZERO)
11506
11507 // result caching
11508 this.pOverFour = p.add(BigInteger.ONE).shiftRight(2)
11509}
11510
11511Curve.prototype.pointFromX = function(isOdd, x) {
11512 var alpha = x.pow(3).add(this.a.multiply(x)).add(this.b).mod(this.p)
11513 var beta = alpha.modPow(this.pOverFour, this.p)
11514
11515 var y = beta
11516 if (beta.isEven() ^ !isOdd) {
11517 y = this.p.subtract(y) // -y % p
11518 }
11519
11520 return Point.fromAffine(this, x, y)
11521}
11522
11523Curve.prototype.isInfinity = function(Q) {
11524 if (Q === this.infinity) return true
11525
11526 return Q.z.signum() === 0 && Q.y.signum() !== 0
11527}
11528
11529Curve.prototype.isOnCurve = function(Q) {
11530 if (this.isInfinity(Q)) return true
11531
11532 var x = Q.affineX
11533 var y = Q.affineY
11534 var a = this.a
11535 var b = this.b
11536 var p = this.p
11537
11538 // Check that xQ and yQ are integers in the interval [0, p - 1]
11539 if (x.signum() < 0 || x.compareTo(p) >= 0) return false
11540 if (y.signum() < 0 || y.compareTo(p) >= 0) return false
11541
11542 // and check that y^2 = x^3 + ax + b (mod p)
11543 var lhs = y.square().mod(p)
11544 var rhs = x.pow(3).add(a.multiply(x)).add(b).mod(p)
11545 return lhs.equals(rhs)
11546}
11547
11548/**
11549 * Validate an elliptic curve point.
11550 *
11551 * See SEC 1, section 3.2.2.1: Elliptic Curve Public Key Validation Primitive
11552 */
11553Curve.prototype.validate = function(Q) {
11554 // Check Q != O
11555 assert(!this.isInfinity(Q), 'Point is at infinity')
11556 assert(this.isOnCurve(Q), 'Point is not on the curve')
11557
11558 // Check nQ = O (where Q is a scalar multiple of G)
11559 var nQ = Q.multiply(this.n)
11560 assert(this.isInfinity(nQ), 'Point is not a scalar multiple of G')
11561
11562 return true
11563}
11564
11565module.exports = Curve
11566
11567},{"./point":67,"assert":4,"bigi":3}],64:[function(_dereq_,module,exports){
11568module.exports={
11569 "secp128r1": {
11570 "p": "fffffffdffffffffffffffffffffffff",
11571 "a": "fffffffdfffffffffffffffffffffffc",
11572 "b": "e87579c11079f43dd824993c2cee5ed3",
11573 "n": "fffffffe0000000075a30d1b9038a115",
11574 "h": "01",
11575 "Gx": "161ff7528b899b2d0c28607ca52c5b86",
11576 "Gy": "cf5ac8395bafeb13c02da292dded7a83"
11577 },
11578 "secp160k1": {
11579 "p": "fffffffffffffffffffffffffffffffeffffac73",
11580 "a": "00",
11581 "b": "07",
11582 "n": "0100000000000000000001b8fa16dfab9aca16b6b3",
11583 "h": "01",
11584 "Gx": "3b4c382ce37aa192a4019e763036f4f5dd4d7ebb",
11585 "Gy": "938cf935318fdced6bc28286531733c3f03c4fee"
11586 },
11587 "secp160r1": {
11588 "p": "ffffffffffffffffffffffffffffffff7fffffff",
11589 "a": "ffffffffffffffffffffffffffffffff7ffffffc",
11590 "b": "1c97befc54bd7a8b65acf89f81d4d4adc565fa45",
11591 "n": "0100000000000000000001f4c8f927aed3ca752257",
11592 "h": "01",
11593 "Gx": "4a96b5688ef573284664698968c38bb913cbfc82",
11594 "Gy": "23a628553168947d59dcc912042351377ac5fb32"
11595 },
11596 "secp192k1": {
11597 "p": "fffffffffffffffffffffffffffffffffffffffeffffee37",
11598 "a": "00",
11599 "b": "03",
11600 "n": "fffffffffffffffffffffffe26f2fc170f69466a74defd8d",
11601 "h": "01",
11602 "Gx": "db4ff10ec057e9ae26b07d0280b7f4341da5d1b1eae06c7d",
11603 "Gy": "9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d"
11604 },
11605 "secp192r1": {
11606 "p": "fffffffffffffffffffffffffffffffeffffffffffffffff",
11607 "a": "fffffffffffffffffffffffffffffffefffffffffffffffc",
11608 "b": "64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1",
11609 "n": "ffffffffffffffffffffffff99def836146bc9b1b4d22831",
11610 "h": "01",
11611 "Gx": "188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012",
11612 "Gy": "07192b95ffc8da78631011ed6b24cdd573f977a11e794811"
11613 },
11614 "secp224r1": {
11615 "p": "ffffffffffffffffffffffffffffffff000000000000000000000001",
11616 "a": "fffffffffffffffffffffffffffffffefffffffffffffffffffffffe",
11617 "b": "b4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4",
11618 "n": "ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d",
11619 "h": "01",
11620 "Gx": "b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21",
11621 "Gy": "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34"
11622 },
11623 "secp256k1": {
11624 "p": "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f",
11625 "a": "00",
11626 "b": "07",
11627 "n": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141",
11628 "h": "01",
11629 "Gx": "79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798",
11630 "Gy": "483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8"
11631 },
11632 "secp256r1": {
11633 "p": "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
11634 "a": "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc",
11635 "b": "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b",
11636 "n": "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
11637 "h": "01",
11638 "Gx": "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
11639 "Gy": "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5"
11640 }
11641}
11642
11643},{}],65:[function(_dereq_,module,exports){
11644var Point = _dereq_('./point')
11645var Curve = _dereq_('./curve')
11646
11647var getCurveByName = _dereq_('./names')
11648
11649module.exports = {
11650 Curve: Curve,
11651 Point: Point,
11652 getCurveByName: getCurveByName
11653}
11654
11655},{"./curve":63,"./names":66,"./point":67}],66:[function(_dereq_,module,exports){
11656var BigInteger = _dereq_('bigi')
11657
11658var curves = _dereq_('./curves')
11659var Curve = _dereq_('./curve')
11660
11661function getCurveByName(name) {
11662 var curve = curves[name]
11663 if (!curve) return null
11664
11665 var p = new BigInteger(curve.p, 16)
11666 var a = new BigInteger(curve.a, 16)
11667 var b = new BigInteger(curve.b, 16)
11668 var n = new BigInteger(curve.n, 16)
11669 var h = new BigInteger(curve.h, 16)
11670 var Gx = new BigInteger(curve.Gx, 16)
11671 var Gy = new BigInteger(curve.Gy, 16)
11672
11673 return new Curve(p, a, b, Gx, Gy, n, h)
11674}
11675
11676module.exports = getCurveByName
11677
11678},{"./curve":63,"./curves":64,"bigi":3}],67:[function(_dereq_,module,exports){
11679(function (Buffer){
11680var assert = _dereq_('assert')
11681var BigInteger = _dereq_('bigi')
11682
11683var THREE = BigInteger.valueOf(3)
11684
11685function Point(curve, x, y, z) {
11686 assert.notStrictEqual(z, undefined, 'Missing Z coordinate')
11687
11688 this.curve = curve
11689 this.x = x
11690 this.y = y
11691 this.z = z
11692 this._zInv = null
11693
11694 this.compressed = true
11695}
11696
11697Object.defineProperty(Point.prototype, 'zInv', {
11698 get: function() {
11699 if (this._zInv === null) {
11700 this._zInv = this.z.modInverse(this.curve.p)
11701 }
11702
11703 return this._zInv
11704 }
11705})
11706
11707Object.defineProperty(Point.prototype, 'affineX', {
11708 get: function() {
11709 return this.x.multiply(this.zInv).mod(this.curve.p)
11710 }
11711})
11712
11713Object.defineProperty(Point.prototype, 'affineY', {
11714 get: function() {
11715 return this.y.multiply(this.zInv).mod(this.curve.p)
11716 }
11717})
11718
11719Point.fromAffine = function(curve, x, y) {
11720 return new Point(curve, x, y, BigInteger.ONE)
11721}
11722
11723Point.prototype.equals = function(other) {
11724 if (other === this) return true
11725 if (this.curve.isInfinity(this)) return this.curve.isInfinity(other)
11726 if (this.curve.isInfinity(other)) return this.curve.isInfinity(this)
11727
11728 // u = Y2 * Z1 - Y1 * Z2
11729 var u = other.y.multiply(this.z).subtract(this.y.multiply(other.z)).mod(this.curve.p)
11730
11731 if (u.signum() !== 0) return false
11732
11733 // v = X2 * Z1 - X1 * Z2
11734 var v = other.x.multiply(this.z).subtract(this.x.multiply(other.z)).mod(this.curve.p)
11735
11736 return v.signum() === 0
11737}
11738
11739Point.prototype.negate = function() {
11740 var y = this.curve.p.subtract(this.y)
11741
11742 return new Point(this.curve, this.x, y, this.z)
11743}
11744
11745Point.prototype.add = function(b) {
11746 if (this.curve.isInfinity(this)) return b
11747 if (this.curve.isInfinity(b)) return this
11748
11749 var x1 = this.x
11750 var y1 = this.y
11751 var x2 = b.x
11752 var y2 = b.y
11753
11754 // u = Y2 * Z1 - Y1 * Z2
11755 var u = y2.multiply(this.z).subtract(y1.multiply(b.z)).mod(this.curve.p)
11756 // v = X2 * Z1 - X1 * Z2
11757 var v = x2.multiply(this.z).subtract(x1.multiply(b.z)).mod(this.curve.p)
11758
11759 if (v.signum() === 0) {
11760 if (u.signum() === 0) {
11761 return this.twice() // this == b, so double
11762 }
11763
11764 return this.curve.infinity // this = -b, so infinity
11765 }
11766
11767 var v2 = v.square()
11768 var v3 = v2.multiply(v)
11769 var x1v2 = x1.multiply(v2)
11770 var zu2 = u.square().multiply(this.z)
11771
11772 // x3 = v * (z2 * (z1 * u^2 - 2 * x1 * v^2) - v^3)
11773 var x3 = zu2.subtract(x1v2.shiftLeft(1)).multiply(b.z).subtract(v3).multiply(v).mod(this.curve.p)
11774 // y3 = z2 * (3 * x1 * u * v^2 - y1 * v^3 - z1 * u^3) + u * v^3
11775 var y3 = x1v2.multiply(THREE).multiply(u).subtract(y1.multiply(v3)).subtract(zu2.multiply(u)).multiply(b.z).add(u.multiply(v3)).mod(this.curve.p)
11776 // z3 = v^3 * z1 * z2
11777 var z3 = v3.multiply(this.z).multiply(b.z).mod(this.curve.p)
11778
11779 return new Point(this.curve, x3, y3, z3)
11780}
11781
11782Point.prototype.twice = function() {
11783 if (this.curve.isInfinity(this)) return this
11784 if (this.y.signum() === 0) return this.curve.infinity
11785
11786 var x1 = this.x
11787 var y1 = this.y
11788
11789 var y1z1 = y1.multiply(this.z)
11790 var y1sqz1 = y1z1.multiply(y1).mod(this.curve.p)
11791 var a = this.curve.a
11792
11793 // w = 3 * x1^2 + a * z1^2
11794 var w = x1.square().multiply(THREE)
11795
11796 if (a.signum() !== 0) {
11797 w = w.add(this.z.square().multiply(a))
11798 }
11799
11800 w = w.mod(this.curve.p)
11801 // x3 = 2 * y1 * z1 * (w^2 - 8 * x1 * y1^2 * z1)
11802 var x3 = w.square().subtract(x1.shiftLeft(3).multiply(y1sqz1)).shiftLeft(1).multiply(y1z1).mod(this.curve.p)
11803 // y3 = 4 * y1^2 * z1 * (3 * w * x1 - 2 * y1^2 * z1) - w^3
11804 var y3 = w.multiply(THREE).multiply(x1).subtract(y1sqz1.shiftLeft(1)).shiftLeft(2).multiply(y1sqz1).subtract(w.pow(3)).mod(this.curve.p)
11805 // z3 = 8 * (y1 * z1)^3
11806 var z3 = y1z1.pow(3).shiftLeft(3).mod(this.curve.p)
11807
11808 return new Point(this.curve, x3, y3, z3)
11809}
11810
11811// Simple NAF (Non-Adjacent Form) multiplication algorithm
11812// TODO: modularize the multiplication algorithm
11813Point.prototype.multiply = function(k) {
11814 if (this.curve.isInfinity(this)) return this
11815 if (k.signum() === 0) return this.curve.infinity
11816
11817 var e = k
11818 var h = e.multiply(THREE)
11819
11820 var neg = this.negate()
11821 var R = this
11822
11823 for (var i = h.bitLength() - 2; i > 0; --i) {
11824 R = R.twice()
11825
11826 var hBit = h.testBit(i)
11827 var eBit = e.testBit(i)
11828
11829 if (hBit != eBit) {
11830 R = R.add(hBit ? this : neg)
11831 }
11832 }
11833
11834 return R
11835}
11836
11837// Compute this*j + x*k (simultaneous multiplication)
11838Point.prototype.multiplyTwo = function(j, x, k) {
11839 var i
11840
11841 if (j.bitLength() > k.bitLength())
11842 i = j.bitLength() - 1
11843 else
11844 i = k.bitLength() - 1
11845
11846 var R = this.curve.infinity
11847 var both = this.add(x)
11848
11849 while (i >= 0) {
11850 R = R.twice()
11851
11852 var jBit = j.testBit(i)
11853 var kBit = k.testBit(i)
11854
11855 if (jBit) {
11856 if (kBit) {
11857 R = R.add(both)
11858
11859 } else {
11860 R = R.add(this)
11861 }
11862
11863 } else {
11864 if (kBit) {
11865 R = R.add(x)
11866 }
11867 }
11868 --i
11869 }
11870
11871 return R
11872}
11873
11874Point.prototype.getEncoded = function(compressed) {
11875 if (compressed == undefined) compressed = this.compressed
11876 if (this.curve.isInfinity(this)) return new Buffer('00', 'hex') // Infinity point encoded is simply '00'
11877
11878 var x = this.affineX
11879 var y = this.affineY
11880
11881 var buffer
11882
11883 // Determine size of q in bytes
11884 var byteLength = Math.floor((this.curve.p.bitLength() + 7) / 8)
11885
11886 // 0x02/0x03 | X
11887 if (compressed) {
11888 buffer = new Buffer(1 + byteLength)
11889 buffer.writeUInt8(y.isEven() ? 0x02 : 0x03, 0)
11890
11891 // 0x04 | X | Y
11892 } else {
11893 buffer = new Buffer(1 + byteLength + byteLength)
11894 buffer.writeUInt8(0x04, 0)
11895
11896 y.toBuffer(byteLength).copy(buffer, 1 + byteLength)
11897 }
11898
11899 x.toBuffer(byteLength).copy(buffer, 1)
11900
11901 return buffer
11902}
11903
11904Point.decodeFrom = function(curve, buffer) {
11905 var type = buffer.readUInt8(0)
11906 var compressed = (type !== 4)
11907
11908 var x = BigInteger.fromBuffer(buffer.slice(1, 33))
11909 var byteLength = Math.floor((curve.p.bitLength() + 7) / 8)
11910
11911 var Q
11912 if (compressed) {
11913 assert.equal(buffer.length, byteLength + 1, 'Invalid sequence length')
11914 assert(type === 0x02 || type === 0x03, 'Invalid sequence tag')
11915
11916 var isOdd = (type === 0x03)
11917 Q = curve.pointFromX(isOdd, x)
11918
11919 } else {
11920 assert.equal(buffer.length, 1 + byteLength + byteLength, 'Invalid sequence length')
11921
11922 var y = BigInteger.fromBuffer(buffer.slice(1 + byteLength))
11923 Q = Point.fromAffine(curve, x, y)
11924 }
11925
11926 Q.compressed = compressed
11927 return Q
11928}
11929
11930Point.prototype.toString = function () {
11931 if (this.curve.isInfinity(this)) return '(INFINITY)'
11932
11933 return '(' + this.affineX.toString() + ',' + this.affineY.toString() + ')'
11934}
11935
11936module.exports = Point
11937
11938}).call(this,_dereq_("buffer").Buffer)
11939},{"assert":4,"bigi":3,"buffer":8}],68:[function(_dereq_,module,exports){
11940(function (process,Buffer){
11941// Closure compiler error - result of 'not' operator not being used
11942//!function(globals){
11943(function(globals){
11944'use strict'
11945
11946//*** UMD BEGIN
11947if (typeof define !== 'undefined' && define.amd) { //require.js / AMD
11948 define([], function() {
11949 return secureRandom
11950 })
11951} else if (typeof module !== 'undefined' && module.exports) { //CommonJS
11952 module.exports = secureRandom
11953} else { //script / browser
11954 globals.secureRandom = secureRandom
11955}
11956//*** UMD END
11957
11958//options.type is the only valid option
11959function secureRandom(count, options) {
11960 options = options || {type: 'Array'}
11961 //we check for process.pid to prevent browserify from tricking us
11962 if (typeof process != 'undefined' && typeof process.pid == 'number') {
11963 return nodeRandom(count, options)
11964 } else {
11965 var crypto = window.crypto || window.msCrypto
11966 if (!crypto) throw new Error("Your browser does not support window.crypto.")
11967 return browserRandom(count, options)
11968 }
11969}
11970
11971function nodeRandom(count, options) {
11972 var crypto = _dereq_('crypto')
11973 var buf = crypto.randomBytes(count)
11974
11975 switch (options.type) {
11976 case 'Array':
11977 return [].slice.call(buf)
11978 case 'Buffer':
11979 return buf
11980 case 'Uint8Array':
11981 var arr = new Uint8Array(count)
11982 for (var i = 0; i < count; ++i) { arr[i] = buf.readUInt8(i) }
11983 return arr
11984 default:
11985 throw new Error(options.type + " is unsupported.")
11986 }
11987}
11988
11989function browserRandom(count, options) {
11990 var nativeArr = new Uint8Array(count)
11991 var crypto = window.crypto || window.msCrypto
11992 crypto.getRandomValues(nativeArr)
11993
11994 switch (options.type) {
11995 case 'Array':
11996 return [].slice.call(nativeArr)
11997 case 'Buffer':
11998 try { var b = new Buffer(1) } catch(e) { throw new Error('Buffer not supported in this environment. Use Node.js or Browserify for browser support.')}
11999 return new Buffer(nativeArr)
12000 case 'Uint8Array':
12001 return nativeArr
12002 default:
12003 throw new Error(options.type + " is unsupported.")
12004 }
12005}
12006
12007secureRandom.randomArray = function(byteCount) {
12008 return secureRandom(byteCount, {type: 'Array'})
12009}
12010
12011secureRandom.randomUint8Array = function(byteCount) {
12012 return secureRandom(byteCount, {type: 'Uint8Array'})
12013}
12014
12015secureRandom.randomBuffer = function(byteCount) {
12016 return secureRandom(byteCount, {type: 'Buffer'})
12017}
12018
12019
12020})(this);
12021
12022}).call(this,_dereq_("FWaASH"),_dereq_("buffer").Buffer)
12023},{"FWaASH":12,"buffer":8,"crypto":7}],69:[function(_dereq_,module,exports){
12024(function (Buffer){
12025var assert = _dereq_('assert')
12026var base58check = _dereq_('./base58check')
12027var networks = _dereq_('./networks')
12028var scripts = _dereq_('./scripts')
12029
12030function findScriptTypeByVersion(version) {
12031 for (var networkName in networks) {
12032 var network = networks[networkName]
12033
12034 if (version === network.pubKeyHash) return 'pubkeyhash'
12035 if (version === network.scriptHash) return 'scripthash'
12036 }
12037}
12038
12039function Address(hash, version) {
12040 assert(Buffer.isBuffer(hash), 'Expected Buffer, got ' + hash)
12041 assert.strictEqual(hash.length, 20, 'Invalid hash length')
12042 assert.strictEqual(version & 0xff, version, 'Invalid version byte')
12043
12044 this.hash = hash
12045 this.version = version
12046}
12047
12048// Import functions
12049Address.fromBase58Check = function(string) {
12050 var payload = base58check.decode(string)
12051 var version = payload.readUInt8(0)
12052 var hash = payload.slice(1)
12053
12054 return new Address(hash, version)
12055}
12056
12057Address.fromOutputScript = function(script, network) {
12058 network = network || networks.bitcoin
12059
12060 var type = scripts.classifyOutput(script)
12061
12062 if (type === 'pubkeyhash') return new Address(script.chunks[2], network.pubKeyHash)
12063 if (type === 'scripthash') return new Address(script.chunks[1], network.scriptHash)
12064
12065 assert(false, type + ' has no matching Address')
12066}
12067
12068// Export functions
12069Address.prototype.toBase58Check = function () {
12070 var payload = new Buffer(21)
12071 payload.writeUInt8(this.version, 0)
12072 this.hash.copy(payload, 1)
12073
12074 return base58check.encode(payload)
12075}
12076
12077Address.prototype.toOutputScript = function() {
12078 var scriptType = findScriptTypeByVersion(this.version)
12079
12080 if (scriptType === 'pubkeyhash') return scripts.pubKeyHashOutput(this.hash)
12081 if (scriptType === 'scripthash') return scripts.scriptHashOutput(this.hash)
12082
12083 assert(false, this.toString() + ' has no matching Script')
12084}
12085
12086Address.prototype.toString = Address.prototype.toBase58Check
12087
12088module.exports = Address
12089
12090}).call(this,_dereq_("buffer").Buffer)
12091},{"./base58check":70,"./networks":81,"./scripts":84,"assert":4,"buffer":8}],70:[function(_dereq_,module,exports){
12092(function (Buffer){
12093// https://en.bitcoin.it/wiki/Base58Check_encoding
12094var assert = _dereq_('assert')
12095var base58 = _dereq_('bs58')
12096var crypto = _dereq_('./crypto')
12097
12098// Encode a buffer as a base58-check-encoded string
12099function encode(payload) {
12100 var checksum = crypto.hash256(payload).slice(0, 4)
12101
12102 return base58.encode(Buffer.concat([
12103 payload,
12104 checksum
12105 ]))
12106}
12107
12108// Decode a base58-check-encoded string to a buffer
12109function decode(string) {
12110 var buffer = base58.decode(string)
12111
12112 var payload = buffer.slice(0, -4)
12113 var checksum = buffer.slice(-4)
12114 var newChecksum = crypto.hash256(payload).slice(0, 4)
12115
12116 assert.deepEqual(newChecksum, checksum, 'Invalid checksum')
12117
12118 return payload
12119}
12120
12121module.exports = {
12122 encode: encode,
12123 decode: decode
12124}
12125
12126}).call(this,_dereq_("buffer").Buffer)
12127},{"./crypto":73,"assert":4,"bs58":15,"buffer":8}],71:[function(_dereq_,module,exports){
12128var assert = _dereq_('assert')
12129var opcodes = _dereq_('./opcodes')
12130
12131// https://github.com/feross/buffer/blob/master/index.js#L1127
12132function verifuint(value, max) {
12133 assert(typeof value === 'number', 'cannot write a non-number as a number')
12134 assert(value >= 0, 'specified a negative value for writing an unsigned value')
12135 assert(value <= max, 'value is larger than maximum value for type')
12136 assert(Math.floor(value) === value, 'value has a fractional component')
12137}
12138
12139function pushDataSize(i) {
12140 return i < opcodes.OP_PUSHDATA1 ? 1
12141 : i < 0xff ? 2
12142 : i < 0xffff ? 3
12143 : 5
12144}
12145
12146function readPushDataInt(buffer, offset) {
12147 var opcode = buffer.readUInt8(offset)
12148 var number, size
12149
12150 // ~6 bit
12151 if (opcode < opcodes.OP_PUSHDATA1) {
12152 number = opcode
12153 size = 1
12154
12155 // 8 bit
12156 } else if (opcode === opcodes.OP_PUSHDATA1) {
12157 number = buffer.readUInt8(offset + 1)
12158 size = 2
12159
12160 // 16 bit
12161 } else if (opcode === opcodes.OP_PUSHDATA2) {
12162 number = buffer.readUInt16LE(offset + 1)
12163 size = 3
12164
12165 // 32 bit
12166 } else {
12167 assert.equal(opcode, opcodes.OP_PUSHDATA4, 'Unexpected opcode')
12168
12169 number = buffer.readUInt32LE(offset + 1)
12170 size = 5
12171
12172 }
12173
12174 return {
12175 opcode: opcode,
12176 number: number,
12177 size: size
12178 }
12179}
12180
12181function readUInt64LE(buffer, offset) {
12182 var a = buffer.readUInt32LE(offset)
12183 var b = buffer.readUInt32LE(offset + 4)
12184 b *= 0x100000000
12185
12186 verifuint(b + a, 0x001fffffffffffff)
12187
12188 return b + a
12189}
12190
12191function readVarInt(buffer, offset) {
12192 var t = buffer.readUInt8(offset)
12193 var number, size
12194
12195 // 8 bit
12196 if (t < 253) {
12197 number = t
12198 size = 1
12199
12200 // 16 bit
12201 } else if (t < 254) {
12202 number = buffer.readUInt16LE(offset + 1)
12203 size = 3
12204
12205 // 32 bit
12206 } else if (t < 255) {
12207 number = buffer.readUInt32LE(offset + 1)
12208 size = 5
12209
12210 // 64 bit
12211 } else {
12212 number = readUInt64LE(buffer, offset + 1)
12213 size = 9
12214 }
12215
12216 return {
12217 number: number,
12218 size: size
12219 }
12220}
12221
12222function writePushDataInt(buffer, number, offset) {
12223 var size = pushDataSize(number)
12224
12225 // ~6 bit
12226 if (size === 1) {
12227 buffer.writeUInt8(number, offset)
12228
12229 // 8 bit
12230 } else if (size === 2) {
12231 buffer.writeUInt8(opcodes.OP_PUSHDATA1, offset)
12232 buffer.writeUInt8(number, offset + 1)
12233
12234 // 16 bit
12235 } else if (size === 3) {
12236 buffer.writeUInt8(opcodes.OP_PUSHDATA2, offset)
12237 buffer.writeUInt16LE(number, offset + 1)
12238
12239 // 32 bit
12240 } else {
12241 buffer.writeUInt8(opcodes.OP_PUSHDATA4, offset)
12242 buffer.writeUInt32LE(number, offset + 1)
12243
12244 }
12245
12246 return size
12247}
12248
12249function writeUInt64LE(buffer, value, offset) {
12250 verifuint(value, 0x001fffffffffffff)
12251
12252 buffer.writeInt32LE(value & -1, offset)
12253 buffer.writeUInt32LE(Math.floor(value / 0x100000000), offset + 4)
12254}
12255
12256function varIntSize(i) {
12257 return i < 253 ? 1
12258 : i < 0x10000 ? 3
12259 : i < 0x100000000 ? 5
12260 : 9
12261}
12262
12263function writeVarInt(buffer, number, offset) {
12264 var size = varIntSize(number)
12265
12266 // 8 bit
12267 if (size === 1) {
12268 buffer.writeUInt8(number, offset)
12269
12270 // 16 bit
12271 } else if (size === 3) {
12272 buffer.writeUInt8(253, offset)
12273 buffer.writeUInt16LE(number, offset + 1)
12274
12275 // 32 bit
12276 } else if (size === 5) {
12277 buffer.writeUInt8(254, offset)
12278 buffer.writeUInt32LE(number, offset + 1)
12279
12280 // 64 bit
12281 } else {
12282 buffer.writeUInt8(255, offset)
12283 writeUInt64LE(buffer, number, offset + 1)
12284 }
12285
12286 return size
12287}
12288
12289module.exports = {
12290 pushDataSize: pushDataSize,
12291 readPushDataInt: readPushDataInt,
12292 readUInt64LE: readUInt64LE,
12293 readVarInt: readVarInt,
12294 varIntSize: varIntSize,
12295 writePushDataInt: writePushDataInt,
12296 writeUInt64LE: writeUInt64LE,
12297 writeVarInt: writeVarInt
12298}
12299
12300},{"./opcodes":82,"assert":4}],72:[function(_dereq_,module,exports){
12301(function (Buffer){
12302var assert = _dereq_('assert')
12303var Crypto = _dereq_('crypto-js')
12304var WordArray = Crypto.lib.WordArray
12305
12306function bufferToWordArray(buffer) {
12307 assert(Buffer.isBuffer(buffer), 'Expected Buffer, got', buffer)
12308
12309 var words = []
12310 for (var i = 0, b = 0; i < buffer.length; i++, b += 8) {
12311 words[b >>> 5] |= buffer[i] << (24 - b % 32)
12312 }
12313
12314 return new WordArray.init(words, buffer.length)
12315}
12316
12317function wordArrayToBuffer(wordArray) {
12318 assert(Array.isArray(wordArray.words), 'Expected WordArray, got' + wordArray)
12319
12320 var words = wordArray.words
12321 var buffer = new Buffer(words.length * 4)
12322
12323 words.forEach(function(value, i) {
12324 buffer.writeInt32BE(value & -1, i * 4)
12325 })
12326
12327 return buffer
12328}
12329
12330module.exports = {
12331 bufferToWordArray: bufferToWordArray,
12332 wordArrayToBuffer: wordArrayToBuffer
12333}
12334
12335}).call(this,_dereq_("buffer").Buffer)
12336},{"assert":4,"buffer":8,"crypto-js":37}],73:[function(_dereq_,module,exports){
12337(function (Buffer){
12338// Crypto, crypto, where art thou crypto
12339var assert = _dereq_('assert')
12340var CryptoJS = _dereq_('crypto-js')
12341var crypto = _dereq_('crypto')
12342var convert = _dereq_('./convert')
12343
12344function hash160(buffer) {
12345 return ripemd160(sha256(buffer))
12346}
12347
12348function hash256(buffer) {
12349 return sha256(sha256(buffer))
12350}
12351
12352function ripemd160(buffer) {
12353 return crypto.createHash('rmd160').update(buffer).digest()
12354}
12355
12356function sha1(buffer) {
12357 return crypto.createHash('sha1').update(buffer).digest()
12358}
12359
12360function sha256(buffer) {
12361 return crypto.createHash('sha256').update(buffer).digest()
12362}
12363
12364// FIXME: Name not consistent with others
12365function HmacSHA256(buffer, secret) {
12366 return crypto.createHmac('sha256', secret).update(buffer).digest()
12367}
12368
12369function HmacSHA512(data, secret) {
12370 assert(Buffer.isBuffer(data), 'Expected Buffer for data, got ' + data)
12371 assert(Buffer.isBuffer(secret), 'Expected Buffer for secret, got ' + secret)
12372
12373 var dataWords = convert.bufferToWordArray(data)
12374 var secretWords = convert.bufferToWordArray(secret)
12375
12376 var hash = CryptoJS.HmacSHA512(dataWords, secretWords)
12377
12378 return convert.wordArrayToBuffer(hash)
12379}
12380
12381module.exports = {
12382 ripemd160: ripemd160,
12383 sha1: sha1,
12384 sha256: sha256,
12385 hash160: hash160,
12386 hash256: hash256,
12387 HmacSHA256: HmacSHA256,
12388 HmacSHA512: HmacSHA512
12389}
12390
12391}).call(this,_dereq_("buffer").Buffer)
12392},{"./convert":72,"assert":4,"buffer":8,"crypto":19,"crypto-js":37}],74:[function(_dereq_,module,exports){
12393(function (Buffer){
12394var assert = _dereq_('assert')
12395var crypto = _dereq_('./crypto')
12396
12397var BigInteger = _dereq_('bigi')
12398var ECSignature = _dereq_('./ecsignature')
12399var Point = _dereq_('ecurve').Point
12400
12401// https://tools.ietf.org/html/rfc6979#section-3.2
12402function deterministicGenerateK(curve, hash, d) {
12403 assert(Buffer.isBuffer(hash), 'Hash must be a Buffer, not ' + hash)
12404 assert.equal(hash.length, 32, 'Hash must be 256 bit')
12405 assert(d instanceof BigInteger, 'Private key must be a BigInteger')
12406
12407 var x = d.toBuffer(32)
12408 var k = new Buffer(32)
12409 var v = new Buffer(32)
12410
12411 // Step B
12412 v.fill(1)
12413
12414 // Step C
12415 k.fill(0)
12416
12417 // Step D
12418 k = crypto.HmacSHA256(Buffer.concat([v, new Buffer([0]), x, hash]), k)
12419
12420 // Step E
12421 v = crypto.HmacSHA256(v, k)
12422
12423 // Step F
12424 k = crypto.HmacSHA256(Buffer.concat([v, new Buffer([1]), x, hash]), k)
12425
12426 // Step G
12427 v = crypto.HmacSHA256(v, k)
12428
12429 // Step H1/H2a, ignored as tlen === qlen (256 bit)
12430 // Step H2b
12431 v = crypto.HmacSHA256(v, k)
12432
12433 var T = BigInteger.fromBuffer(v)
12434
12435 // Step H3, repeat until T is within the interval [1, n - 1]
12436 while ((T.signum() <= 0) || (T.compareTo(curve.n) >= 0)) {
12437 k = crypto.HmacSHA256(Buffer.concat([v, new Buffer([0])]), k)
12438 v = crypto.HmacSHA256(v, k)
12439
12440 T = BigInteger.fromBuffer(v)
12441 }
12442
12443 return T
12444}
12445
12446function sign(curve, hash, d) {
12447 var k = deterministicGenerateK(curve, hash, d)
12448
12449 var n = curve.n
12450 var G = curve.G
12451 var Q = G.multiply(k)
12452 var e = BigInteger.fromBuffer(hash)
12453
12454 var r = Q.affineX.mod(n)
12455 assert.notEqual(r.signum(), 0, 'Invalid R value')
12456
12457 var s = k.modInverse(n).multiply(e.add(d.multiply(r))).mod(n)
12458 assert.notEqual(s.signum(), 0, 'Invalid S value')
12459
12460 var N_OVER_TWO = n.shiftRight(1)
12461
12462 // enforce low S values, see bip62: 'low s values in signatures'
12463 if (s.compareTo(N_OVER_TWO) > 0) {
12464 s = n.subtract(s)
12465 }
12466
12467 return new ECSignature(r, s)
12468}
12469
12470function verify(curve, hash, signature, Q) {
12471 var e = BigInteger.fromBuffer(hash)
12472
12473 return verifyRaw(curve, e, signature, Q)
12474}
12475
12476function verifyRaw(curve, e, signature, Q) {
12477 var n = curve.n
12478 var G = curve.G
12479
12480 var r = signature.r
12481 var s = signature.s
12482
12483 if (r.signum() === 0 || r.compareTo(n) >= 0) return false
12484 if (s.signum() === 0 || s.compareTo(n) >= 0) return false
12485
12486 var c = s.modInverse(n)
12487
12488 var u1 = e.multiply(c).mod(n)
12489 var u2 = r.multiply(c).mod(n)
12490
12491 var point = G.multiplyTwo(u1, Q, u2)
12492 var v = point.affineX.mod(n)
12493
12494 return v.equals(r)
12495}
12496
12497/**
12498 * Recover a public key from a signature.
12499 *
12500 * See SEC 1: Elliptic Curve Cryptography, section 4.1.6, "Public
12501 * Key Recovery Operation".
12502 *
12503 * http://www.secg.org/download/aid-780/sec1-v2.pdf
12504 */
12505function recoverPubKey(curve, e, signature, i) {
12506 assert.strictEqual(i & 3, i, 'Recovery param is more than two bits')
12507
12508 var r = signature.r
12509 var s = signature.s
12510
12511 // A set LSB signifies that the y-coordinate is odd
12512 var isYOdd = i & 1
12513
12514 // The more significant bit specifies whether we should use the
12515 // first or second candidate key.
12516 var isSecondKey = i >> 1
12517
12518 var n = curve.n
12519 var G = curve.G
12520
12521 // 1.1 Let x = r + jn
12522 var x = isSecondKey ? r.add(n) : r
12523 var R = curve.pointFromX(isYOdd, x)
12524
12525 // 1.4 Check that nR is at infinity
12526 var nR = R.multiply(n)
12527 assert(curve.isInfinity(nR), 'nR is not a valid curve point')
12528
12529 // Compute -e from e
12530 var eNeg = e.negate().mod(n)
12531
12532 // 1.6.1 Compute Q = r^-1 (sR - eG)
12533 // Q = r^-1 (sR + -eG)
12534 var rInv = r.modInverse(n)
12535
12536 var Q = R.multiplyTwo(s, G, eNeg).multiply(rInv)
12537 curve.validate(Q)
12538
12539 return Q
12540}
12541
12542/**
12543 * Calculate pubkey extraction parameter.
12544 *
12545 * When extracting a pubkey from a signature, we have to
12546 * distinguish four different cases. Rather than putting this
12547 * burden on the verifier, Bitcoin includes a 2-bit value with the
12548 * signature.
12549 *
12550 * This function simply tries all four cases and returns the value
12551 * that resulted in a successful pubkey recovery.
12552 */
12553function calcPubKeyRecoveryParam(curve, e, signature, Q) {
12554 for (var i = 0; i < 4; i++) {
12555 var Qprime = recoverPubKey(curve, e, signature, i)
12556
12557 // 1.6.2 Verify Q
12558 if (Qprime.equals(Q)) {
12559 return i
12560 }
12561 }
12562
12563 throw new Error('Unable to find valid recovery factor')
12564}
12565
12566module.exports = {
12567 calcPubKeyRecoveryParam: calcPubKeyRecoveryParam,
12568 deterministicGenerateK: deterministicGenerateK,
12569 recoverPubKey: recoverPubKey,
12570 sign: sign,
12571 verify: verify,
12572 verifyRaw: verifyRaw
12573}
12574
12575}).call(this,_dereq_("buffer").Buffer)
12576},{"./crypto":73,"./ecsignature":77,"assert":4,"bigi":3,"buffer":8,"ecurve":65}],75:[function(_dereq_,module,exports){
12577(function (Buffer){
12578var assert = _dereq_('assert')
12579var base58check = _dereq_('./base58check')
12580var ecdsa = _dereq_('./ecdsa')
12581var networks = _dereq_('./networks')
12582var secureRandom = _dereq_('secure-random')
12583
12584var BigInteger = _dereq_('bigi')
12585var ECPubKey = _dereq_('./ecpubkey')
12586
12587var ecurve = _dereq_('ecurve')
12588var curve = ecurve.getCurveByName('secp256k1')
12589
12590function ECKey(d, compressed) {
12591 assert(d.signum() > 0, 'Private key must be greater than 0')
12592 assert(d.compareTo(curve.n) < 0, 'Private key must be less than the curve order')
12593
12594 var Q = curve.G.multiply(d)
12595
12596 this.d = d
12597 this.pub = new ECPubKey(Q, compressed)
12598}
12599
12600// Static constructors
12601ECKey.fromWIF = function(string) {
12602 var payload = base58check.decode(string)
12603 var compressed = false
12604
12605 // Ignore the version byte
12606 payload = payload.slice(1)
12607
12608 if (payload.length === 33) {
12609 assert.strictEqual(payload[32], 0x01, 'Invalid compression flag')
12610
12611 // Truncate the compression flag
12612 payload = payload.slice(0, -1)
12613 compressed = true
12614 }
12615
12616 assert.equal(payload.length, 32, 'Invalid WIF payload length')
12617
12618 var d = BigInteger.fromBuffer(payload)
12619 return new ECKey(d, compressed)
12620}
12621
12622ECKey.makeRandom = function(compressed, rng) {
12623 rng = rng || secureRandom.randomBuffer
12624
12625 var buffer = rng(32)
12626 assert(Buffer.isBuffer(buffer), 'Expected Buffer, got ' + buffer)
12627
12628 var d = BigInteger.fromBuffer(buffer)
12629 d = d.mod(curve.n)
12630
12631 return new ECKey(d, compressed)
12632}
12633
12634// Export functions
12635ECKey.prototype.toWIF = function(network) {
12636 network = network || networks.bitcoin
12637
12638 var bufferLen = this.pub.compressed ? 34 : 33
12639 var buffer = new Buffer(bufferLen)
12640
12641 buffer.writeUInt8(network.wif, 0)
12642 this.d.toBuffer(32).copy(buffer, 1)
12643
12644 if (this.pub.compressed) {
12645 buffer.writeUInt8(0x01, 33)
12646 }
12647
12648 return base58check.encode(buffer)
12649}
12650
12651// Operations
12652ECKey.prototype.sign = function(hash) {
12653 return ecdsa.sign(curve, hash, this.d)
12654}
12655
12656module.exports = ECKey
12657
12658}).call(this,_dereq_("buffer").Buffer)
12659},{"./base58check":70,"./ecdsa":74,"./ecpubkey":76,"./networks":81,"assert":4,"bigi":3,"buffer":8,"ecurve":65,"secure-random":68}],76:[function(_dereq_,module,exports){
12660(function (Buffer){
12661var assert = _dereq_('assert')
12662var crypto = _dereq_('./crypto')
12663var ecdsa = _dereq_('./ecdsa')
12664var networks = _dereq_('./networks')
12665
12666var Address = _dereq_('./address')
12667
12668var ecurve = _dereq_('ecurve')
12669var curve = ecurve.getCurveByName('secp256k1')
12670
12671function ECPubKey(Q, compressed) {
12672 assert(Q instanceof ecurve.Point, 'Expected Point, got ' + Q)
12673
12674 if (compressed == undefined) compressed = true
12675 assert.strictEqual(typeof compressed, 'boolean', 'Expected boolean, got ' + compressed)
12676
12677 this.compressed = compressed
12678 this.Q = Q
12679}
12680
12681// Static constructors
12682ECPubKey.fromBuffer = function(buffer) {
12683 var Q = ecurve.Point.decodeFrom(curve, buffer)
12684 return new ECPubKey(Q, Q.compressed)
12685}
12686
12687ECPubKey.fromHex = function(hex) {
12688 return ECPubKey.fromBuffer(new Buffer(hex, 'hex'))
12689}
12690
12691// Operations
12692ECPubKey.prototype.getAddress = function(network) {
12693 network = network || networks.bitcoin
12694
12695 return new Address(crypto.hash160(this.toBuffer()), network.pubKeyHash)
12696}
12697
12698ECPubKey.prototype.verify = function(hash, signature) {
12699 return ecdsa.verify(curve, hash, signature, this.Q)
12700}
12701
12702// Export functions
12703ECPubKey.prototype.toBuffer = function() {
12704 return this.Q.getEncoded(this.compressed)
12705}
12706
12707ECPubKey.prototype.toHex = function() {
12708 return this.toBuffer().toString('hex')
12709}
12710
12711module.exports = ECPubKey
12712
12713}).call(this,_dereq_("buffer").Buffer)
12714},{"./address":69,"./crypto":73,"./ecdsa":74,"./networks":81,"assert":4,"buffer":8,"ecurve":65}],77:[function(_dereq_,module,exports){
12715(function (Buffer){
12716var assert = _dereq_('assert')
12717var BigInteger = _dereq_('bigi')
12718
12719function ECSignature(r, s) {
12720 assert(r instanceof BigInteger, 'Expected BigInteger, got ' + r)
12721 assert(s instanceof BigInteger, 'Expected BigInteger, got ' + s)
12722 this.r = r
12723 this.s = s
12724}
12725
12726// Import operations
12727ECSignature.parseCompact = function(buffer) {
12728 assert.equal(buffer.length, 65, 'Invalid signature length')
12729 var i = buffer.readUInt8(0) - 27
12730
12731 // At most 3 bits
12732 assert.equal(i, i & 7, 'Invalid signature parameter')
12733 var compressed = !!(i & 4)
12734
12735 // Recovery param only
12736 i = i & 3
12737
12738 var r = BigInteger.fromBuffer(buffer.slice(1, 33))
12739 var s = BigInteger.fromBuffer(buffer.slice(33))
12740
12741 return {
12742 compressed: compressed,
12743 i: i,
12744 signature: new ECSignature(r, s)
12745 }
12746}
12747
12748ECSignature.fromDER = function(buffer) {
12749 assert.equal(buffer.readUInt8(0), 0x30, 'Not a DER sequence')
12750 assert.equal(buffer.readUInt8(1), buffer.length - 2, 'Invalid sequence length')
12751 assert.equal(buffer.readUInt8(2), 0x02, 'Expected a DER integer')
12752
12753 var rLen = buffer.readUInt8(3)
12754 assert(rLen > 0, 'R length is zero')
12755
12756 var offset = 4 + rLen
12757 assert.equal(buffer.readUInt8(offset), 0x02, 'Expected a DER integer (2)')
12758
12759 var sLen = buffer.readUInt8(offset + 1)
12760 assert(sLen > 0, 'S length is zero')
12761
12762 var rB = buffer.slice(4, offset)
12763 var sB = buffer.slice(offset + 2)
12764 offset += 2 + sLen
12765
12766 if (rLen > 1 && rB.readUInt8(0) === 0x00) {
12767 assert(rB.readUInt8(1) & 0x80, 'R value excessively padded')
12768 }
12769
12770 if (sLen > 1 && sB.readUInt8(0) === 0x00) {
12771 assert(sB.readUInt8(1) & 0x80, 'S value excessively padded')
12772 }
12773
12774 assert.equal(offset, buffer.length, 'Invalid DER encoding')
12775 var r = BigInteger.fromDERInteger(rB)
12776 var s = BigInteger.fromDERInteger(sB)
12777
12778 assert(r.signum() >= 0, 'R value is negative')
12779 assert(s.signum() >= 0, 'S value is negative')
12780
12781 return new ECSignature(r, s)
12782}
12783
12784// FIXME: 0x00, 0x04, 0x80 are SIGHASH_* boundary constants, importing Transaction causes a circular dependency
12785ECSignature.parseScriptSignature = function(buffer) {
12786 var hashType = buffer.readUInt8(buffer.length - 1)
12787 var hashTypeMod = hashType & ~0x80
12788
12789 assert(hashTypeMod > 0x00 && hashTypeMod < 0x04, 'Invalid hashType')
12790
12791 return {
12792 signature: ECSignature.fromDER(buffer.slice(0, -1)),
12793 hashType: hashType
12794 }
12795}
12796
12797// Export operations
12798ECSignature.prototype.toCompact = function(i, compressed) {
12799 if (compressed) i += 4
12800 i += 27
12801
12802 var buffer = new Buffer(65)
12803 buffer.writeUInt8(i, 0)
12804
12805 this.r.toBuffer(32).copy(buffer, 1)
12806 this.s.toBuffer(32).copy(buffer, 33)
12807
12808 return buffer
12809}
12810
12811ECSignature.prototype.toDER = function() {
12812 var rBa = this.r.toDERInteger()
12813 var sBa = this.s.toDERInteger()
12814
12815 var sequence = []
12816 sequence.push(0x02) // INTEGER
12817 sequence.push(rBa.length)
12818 sequence = sequence.concat(rBa)
12819
12820 sequence.push(0x02) // INTEGER
12821 sequence.push(sBa.length)
12822 sequence = sequence.concat(sBa)
12823
12824 sequence.unshift(sequence.length)
12825 sequence.unshift(0x30) // SEQUENCE
12826
12827 return new Buffer(sequence)
12828}
12829
12830ECSignature.prototype.toScriptSignature = function(hashType) {
12831 var hashTypeBuffer = new Buffer(1)
12832 hashTypeBuffer.writeUInt8(hashType, 0)
12833
12834 return Buffer.concat([this.toDER(), hashTypeBuffer])
12835}
12836
12837module.exports = ECSignature
12838
12839}).call(this,_dereq_("buffer").Buffer)
12840},{"assert":4,"bigi":3,"buffer":8}],78:[function(_dereq_,module,exports){
12841(function (Buffer){
12842var assert = _dereq_('assert')
12843var base58check = _dereq_('./base58check')
12844var crypto = _dereq_('./crypto')
12845var networks = _dereq_('./networks')
12846
12847var BigInteger = _dereq_('bigi')
12848var ECKey = _dereq_('./eckey')
12849var ECPubKey = _dereq_('./ecpubkey')
12850
12851var ecurve = _dereq_('ecurve')
12852var curve = ecurve.getCurveByName('secp256k1')
12853
12854function findBIP32ParamsByVersion(version) {
12855 for (var name in networks) {
12856 var network = networks[name]
12857
12858 for (var type in network.bip32) {
12859 if (version != network.bip32[type]) continue
12860
12861 return {
12862 isPrivate: (type === 'private'),
12863 network: network
12864 }
12865 }
12866 }
12867
12868 assert(false, 'Could not find version ' + version.toString(16))
12869}
12870
12871function HDNode(K, chainCode, network) {
12872 network = network || networks.bitcoin
12873
12874 assert(Buffer.isBuffer(chainCode), 'Expected Buffer, got ' + chainCode)
12875 assert(network.bip32, 'Unknown BIP32 constants for network')
12876
12877 this.chainCode = chainCode
12878 this.depth = 0
12879 this.index = 0
12880 this.network = network
12881
12882 if (K instanceof BigInteger) {
12883 this.privKey = new ECKey(K, true)
12884 this.pubKey = this.privKey.pub
12885 } else {
12886 this.pubKey = new ECPubKey(K, true)
12887 }
12888}
12889
12890HDNode.MASTER_SECRET = new Buffer('Bitcoin seed')
12891HDNode.HIGHEST_BIT = 0x80000000
12892HDNode.LENGTH = 78
12893
12894HDNode.fromSeedBuffer = function(seed, network) {
12895 var I = crypto.HmacSHA512(seed, HDNode.MASTER_SECRET)
12896 var IL = I.slice(0, 32)
12897 var IR = I.slice(32)
12898
12899 // In case IL is 0 or >= n, the master key is invalid
12900 // This is handled by `new ECKey` in the HDNode constructor
12901 var pIL = BigInteger.fromBuffer(IL)
12902
12903 return new HDNode(pIL, IR, network)
12904}
12905
12906HDNode.fromSeedHex = function(hex, network) {
12907 return HDNode.fromSeedBuffer(new Buffer(hex, 'hex'), network)
12908}
12909
12910HDNode.fromBase58 = function(string) {
12911 return HDNode.fromBuffer(base58check.decode(string))
12912}
12913
12914HDNode.fromBuffer = function(buffer) {
12915 assert.strictEqual(buffer.length, HDNode.LENGTH, 'Invalid buffer length')
12916
12917 // 4 byte: version bytes
12918 var version = buffer.readUInt32BE(0)
12919 var params = findBIP32ParamsByVersion(version)
12920
12921 // 1 byte: depth: 0x00 for master nodes, 0x01 for level-1 descendants, ...
12922 var depth = buffer.readUInt8(4)
12923
12924 // 4 bytes: the fingerprint of the parent's key (0x00000000 if master key)
12925 var parentFingerprint = buffer.readUInt32BE(5)
12926 if (depth === 0) {
12927 assert.strictEqual(parentFingerprint, 0x00000000, 'Invalid parent fingerprint')
12928 }
12929
12930 // 4 bytes: child number. This is the number i in xi = xpar/i, with xi the key being serialized.
12931 // This is encoded in MSB order. (0x00000000 if master key)
12932 var index = buffer.readUInt32BE(9)
12933 assert(depth > 0 || index === 0, 'Invalid index')
12934
12935 // 32 bytes: the chain code
12936 var chainCode = buffer.slice(13, 45)
12937 var hd
12938
12939 // 33 bytes: private key data (0x00 + k)
12940 if (params.isPrivate) {
12941 assert.strictEqual(buffer.readUInt8(45), 0x00, 'Invalid private key')
12942 var data = buffer.slice(46, 78)
12943 var d = BigInteger.fromBuffer(data)
12944 hd = new HDNode(d, chainCode, params.network)
12945
12946 // 33 bytes: public key data (0x02 + X or 0x03 + X)
12947 } else {
12948 var data = buffer.slice(45, 78)
12949 var Q = ecurve.Point.decodeFrom(curve, data)
12950 assert.equal(Q.compressed, true, 'Invalid public key')
12951
12952 // Verify that the X coordinate in the public point corresponds to a point on the curve.
12953 // If not, the extended public key is invalid.
12954 curve.validate(Q)
12955
12956 hd = new HDNode(Q, chainCode, params.network)
12957 }
12958
12959 hd.depth = depth
12960 hd.index = index
12961 hd.parentFingerprint = parentFingerprint
12962
12963 return hd
12964}
12965
12966HDNode.fromHex = function(hex) {
12967 return HDNode.fromBuffer(new Buffer(hex, 'hex'))
12968}
12969
12970HDNode.prototype.getIdentifier = function() {
12971 return crypto.hash160(this.pubKey.toBuffer())
12972}
12973
12974HDNode.prototype.getFingerprint = function() {
12975 return this.getIdentifier().slice(0, 4)
12976}
12977
12978HDNode.prototype.getAddress = function() {
12979 return this.pubKey.getAddress(this.network)
12980}
12981
12982HDNode.prototype.toBase58 = function(isPrivate) {
12983 return base58check.encode(this.toBuffer(isPrivate))
12984}
12985
12986HDNode.prototype.toBuffer = function(isPrivate) {
12987 if (isPrivate == undefined) isPrivate = !!this.privKey
12988
12989 // Version
12990 var version = isPrivate ? this.network.bip32.private : this.network.bip32.public
12991 var buffer = new Buffer(HDNode.LENGTH)
12992
12993 // 4 bytes: version bytes
12994 buffer.writeUInt32BE(version, 0)
12995
12996 // Depth
12997 // 1 byte: depth: 0x00 for master nodes, 0x01 for level-1 descendants, ....
12998 buffer.writeUInt8(this.depth, 4)
12999
13000 // 4 bytes: the fingerprint of the parent's key (0x00000000 if master key)
13001 var fingerprint = (this.depth === 0) ? 0x00000000 : this.parentFingerprint
13002 buffer.writeUInt32BE(fingerprint, 5)
13003
13004 // 4 bytes: child number. This is the number i in xi = xpar/i, with xi the key being serialized.
13005 // This is encoded in Big endian. (0x00000000 if master key)
13006 buffer.writeUInt32BE(this.index, 9)
13007
13008 // 32 bytes: the chain code
13009 this.chainCode.copy(buffer, 13)
13010
13011 // 33 bytes: the public key or private key data
13012 if (isPrivate) {
13013 assert(this.privKey, 'Missing private key')
13014
13015 // 0x00 + k for private keys
13016 buffer.writeUInt8(0, 45)
13017 this.privKey.d.toBuffer(32).copy(buffer, 46)
13018 } else {
13019
13020 // X9.62 encoding for public keys
13021 this.pubKey.toBuffer().copy(buffer, 45)
13022 }
13023
13024 return buffer
13025}
13026
13027HDNode.prototype.toHex = function(isPrivate) {
13028 return this.toBuffer(isPrivate).toString('hex')
13029}
13030
13031// https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#child-key-derivation-ckd-functions
13032HDNode.prototype.derive = function(index) {
13033 var isHardened = index >= HDNode.HIGHEST_BIT
13034 var indexBuffer = new Buffer(4)
13035 indexBuffer.writeUInt32BE(index, 0)
13036
13037 var data
13038
13039 // Hardened child
13040 if (isHardened) {
13041 assert(this.privKey, 'Could not derive hardened child key')
13042
13043 // data = 0x00 || ser256(kpar) || ser32(index)
13044 data = Buffer.concat([
13045 this.privKey.d.toBuffer(33),
13046 indexBuffer
13047 ])
13048
13049 // Normal child
13050 } else {
13051 // data = serP(point(kpar)) || ser32(index)
13052 // = serP(Kpar) || ser32(index)
13053 data = Buffer.concat([
13054 this.pubKey.toBuffer(),
13055 indexBuffer
13056 ])
13057 }
13058
13059 var I = crypto.HmacSHA512(data, this.chainCode)
13060 var IL = I.slice(0, 32)
13061 var IR = I.slice(32)
13062
13063 var pIL = BigInteger.fromBuffer(IL)
13064
13065 // In case parse256(IL) >= n, proceed with the next value for i
13066 if (pIL.compareTo(curve.n) >= 0) {
13067 return this.derive(index + 1)
13068 }
13069
13070 // Private parent key -> private child key
13071 var hd
13072 if (this.privKey) {
13073 // ki = parse256(IL) + kpar (mod n)
13074 var ki = pIL.add(this.privKey.d).mod(curve.n)
13075
13076 // In case ki == 0, proceed with the next value for i
13077 if (ki.signum() === 0) {
13078 return this.derive(index + 1)
13079 }
13080
13081 hd = new HDNode(ki, IR, this.network)
13082
13083 // Public parent key -> public child key
13084 } else {
13085 // Ki = point(parse256(IL)) + Kpar
13086 // = G*IL + Kpar
13087 var Ki = curve.G.multiply(pIL).add(this.pubKey.Q)
13088
13089 // In case Ki is the point at infinity, proceed with the next value for i
13090 if (curve.isInfinity(Ki)) {
13091 return this.derive(index + 1)
13092 }
13093
13094 hd = new HDNode(Ki, IR, this.network)
13095 }
13096
13097 hd.depth = this.depth + 1
13098 hd.index = index
13099 hd.parentFingerprint = this.getFingerprint().readUInt32BE(0)
13100
13101 return hd
13102}
13103
13104HDNode.prototype.deriveHardened = function(index) {
13105 // Only derives hardened private keys by default
13106 return this.derive(index + HDNode.HIGHEST_BIT)
13107}
13108
13109HDNode.prototype.toString = HDNode.prototype.toBase58
13110
13111module.exports = HDNode
13112
13113}).call(this,_dereq_("buffer").Buffer)
13114},{"./base58check":70,"./crypto":73,"./eckey":75,"./ecpubkey":76,"./networks":81,"assert":4,"bigi":3,"buffer":8,"ecurve":65}],79:[function(_dereq_,module,exports){
13115module.exports = {
13116 Address: _dereq_('./address'),
13117 base58check: _dereq_('./base58check'),
13118 bufferutils: _dereq_('./bufferutils'),
13119 convert: _dereq_('./convert'),
13120 crypto: _dereq_('./crypto'),
13121 ecdsa: _dereq_('./ecdsa'),
13122 ECKey: _dereq_('./eckey'),
13123 ECPubKey: _dereq_('./ecpubkey'),
13124 ECSignature: _dereq_('./ecsignature'),
13125 Message: _dereq_('./message'),
13126 opcodes: _dereq_('./opcodes'),
13127 HDNode: _dereq_('./hdnode'),
13128 Script: _dereq_('./script'),
13129 scripts: _dereq_('./scripts'),
13130 Transaction: _dereq_('./transaction'),
13131 networks: _dereq_('./networks'),
13132 Wallet: _dereq_('./wallet')
13133}
13134
13135},{"./address":69,"./base58check":70,"./bufferutils":71,"./convert":72,"./crypto":73,"./ecdsa":74,"./eckey":75,"./ecpubkey":76,"./ecsignature":77,"./hdnode":78,"./message":80,"./networks":81,"./opcodes":82,"./script":83,"./scripts":84,"./transaction":85,"./wallet":86}],80:[function(_dereq_,module,exports){
13136(function (Buffer){
13137/// Implements Bitcoin's feature for signing arbitrary messages.
13138var Address = _dereq_('./address')
13139var BigInteger = _dereq_('bigi')
13140var bufferutils = _dereq_('./bufferutils')
13141var crypto = _dereq_('./crypto')
13142var ecdsa = _dereq_('./ecdsa')
13143var networks = _dereq_('./networks')
13144
13145var Address = _dereq_('./address')
13146var ECPubKey = _dereq_('./ecpubkey')
13147var ECSignature = _dereq_('./ecsignature')
13148
13149var ecurve = _dereq_('ecurve')
13150var ecparams = ecurve.getCurveByName('secp256k1')
13151
13152function magicHash(message, network) {
13153 var magicPrefix = new Buffer(network.magicPrefix)
13154 var messageBuffer = new Buffer(message)
13155 var lengthBuffer = new Buffer(bufferutils.varIntSize(messageBuffer.length))
13156 bufferutils.writeVarInt(lengthBuffer, messageBuffer.length, 0)
13157
13158 var buffer = Buffer.concat([magicPrefix, lengthBuffer, messageBuffer])
13159 return crypto.hash256(buffer)
13160}
13161
13162function sign(privKey, message, network) {
13163 network = network || networks.bitcoin
13164
13165 var hash = magicHash(message, network)
13166 var signature = privKey.sign(hash)
13167 var e = BigInteger.fromBuffer(hash)
13168 var i = ecdsa.calcPubKeyRecoveryParam(ecparams, e, signature, privKey.pub.Q)
13169
13170 return signature.toCompact(i, privKey.pub.compressed)
13171}
13172
13173// TODO: network could be implied from address
13174function verify(address, signatureBuffer, message, network) {
13175 if (address instanceof Address) {
13176 address = address.toString()
13177 }
13178 network = network || networks.bitcoin
13179
13180 var hash = magicHash(message, network)
13181 var parsed = ECSignature.parseCompact(signatureBuffer)
13182 var e = BigInteger.fromBuffer(hash)
13183 var Q = ecdsa.recoverPubKey(ecparams, e, parsed.signature, parsed.i)
13184
13185 var pubKey = new ECPubKey(Q, parsed.compressed)
13186 return pubKey.getAddress(network).toString() === address
13187}
13188
13189module.exports = {
13190 magicHash: magicHash,
13191 sign: sign,
13192 verify: verify
13193}
13194
13195}).call(this,_dereq_("buffer").Buffer)
13196},{"./address":69,"./bufferutils":71,"./crypto":73,"./ecdsa":74,"./ecpubkey":76,"./ecsignature":77,"./networks":81,"bigi":3,"buffer":8,"ecurve":65}],81:[function(_dereq_,module,exports){
13197// https://en.bitcoin.it/wiki/List_of_address_prefixes
13198// Dogecoin BIP32 is a proposed standard: https://bitcointalk.org/index.php?topic=409731
13199
13200var networks = {
13201 bitcoin: {
13202 magicPrefix: '\x18Bitcoin Signed Message:\n',
13203 bip32: {
13204 public: 0x0488b21e,
13205 private: 0x0488ade4
13206 },
13207 pubKeyHash: 0x00,
13208 scriptHash: 0x05,
13209 wif: 0x80,
13210 dustThreshold: 546, // https://github.com/bitcoin/bitcoin/blob/v0.9.2/src/core.h#L151-L162
13211 feePerKb: 10000, // https://github.com/bitcoin/bitcoin/blob/v0.9.2/src/main.cpp#L53
13212 estimateFee: estimateFee('bitcoin')
13213 },
13214 dogecoin: {
13215 magicPrefix: '\x19Dogecoin Signed Message:\n',
13216 bip32: {
13217 public: 0x02facafd,
13218 private: 0x02fac398
13219 },
13220 pubKeyHash: 0x1e,
13221 scriptHash: 0x16,
13222 wif: 0x9e,
13223 dustThreshold: 0, // https://github.com/dogecoin/dogecoin/blob/v1.7.1/src/core.h#L155-L160
13224 dustSoftThreshold: 100000000, // https://github.com/dogecoin/dogecoin/blob/v1.7.1/src/main.h#L62
13225 feePerKb: 100000000, // https://github.com/dogecoin/dogecoin/blob/v1.7.1/src/main.cpp#L58
13226 estimateFee: estimateFee('dogecoin')
13227 },
13228 litecoin: {
13229 magicPrefix: '\x19Litecoin Signed Message:\n',
13230 bip32: {
13231 public: 0x019da462,
13232 private: 0x019d9cfe
13233 },
13234 pubKeyHash: 0x30,
13235 scriptHash: 0x05,
13236 wif: 0xb0,
13237 dustThreshold: 0, // https://github.com/litecoin-project/litecoin/blob/v0.8.7.2/src/main.cpp#L360-L365
13238 dustSoftThreshold: 100000, // https://github.com/litecoin-project/litecoin/blob/v0.8.7.2/src/main.h#L53
13239 feePerKb: 100000, // https://github.com/litecoin-project/litecoin/blob/v0.8.7.2/src/main.cpp#L56
13240 estimateFee: estimateFee('litecoin')
13241 },
13242 testnet: {
13243 magicPrefix: '\x18Bitcoin Signed Message:\n',
13244 bip32: {
13245 public: 0x043587cf,
13246 private: 0x04358394
13247 },
13248 pubKeyHash: 0x6f,
13249 scriptHash: 0xc4,
13250 wif: 0xef,
13251 dustThreshold: 546,
13252 feePerKb: 10000,
13253 estimateFee: estimateFee('testnet')
13254 }
13255}
13256
13257function estimateFee(type) {
13258 return function(tx) {
13259 var network = networks[type]
13260 var baseFee = network.feePerKb
13261 var byteSize = tx.toBuffer().length
13262
13263 var fee = baseFee * Math.ceil(byteSize / 1000)
13264 if (network.dustSoftThreshold == undefined) return fee
13265
13266 tx.outs.forEach(function(e){
13267 if (e.value < network.dustSoftThreshold) {
13268 fee += baseFee
13269 }
13270 })
13271
13272 return fee
13273 }
13274}
13275
13276module.exports = networks
13277
13278},{}],82:[function(_dereq_,module,exports){
13279module.exports = {
13280 // push value
13281 OP_FALSE : 0,
13282 OP_0 : 0,
13283 OP_PUSHDATA1 : 76,
13284 OP_PUSHDATA2 : 77,
13285 OP_PUSHDATA4 : 78,
13286 OP_1NEGATE : 79,
13287 OP_RESERVED : 80,
13288 OP_1 : 81,
13289 OP_TRUE : 81,
13290 OP_2 : 82,
13291 OP_3 : 83,
13292 OP_4 : 84,
13293 OP_5 : 85,
13294 OP_6 : 86,
13295 OP_7 : 87,
13296 OP_8 : 88,
13297 OP_9 : 89,
13298 OP_10 : 90,
13299 OP_11 : 91,
13300 OP_12 : 92,
13301 OP_13 : 93,
13302 OP_14 : 94,
13303 OP_15 : 95,
13304 OP_16 : 96,
13305
13306 // control
13307 OP_NOP : 97,
13308 OP_VER : 98,
13309 OP_IF : 99,
13310 OP_NOTIF : 100,
13311 OP_VERIF : 101,
13312 OP_VERNOTIF : 102,
13313 OP_ELSE : 103,
13314 OP_ENDIF : 104,
13315 OP_VERIFY : 105,
13316 OP_RETURN : 106,
13317
13318 // stack ops
13319 OP_TOALTSTACK : 107,
13320 OP_FROMALTSTACK : 108,
13321 OP_2DROP : 109,
13322 OP_2DUP : 110,
13323 OP_3DUP : 111,
13324 OP_2OVER : 112,
13325 OP_2ROT : 113,
13326 OP_2SWAP : 114,
13327 OP_IFDUP : 115,
13328 OP_DEPTH : 116,
13329 OP_DROP : 117,
13330 OP_DUP : 118,
13331 OP_NIP : 119,
13332 OP_OVER : 120,
13333 OP_PICK : 121,
13334 OP_ROLL : 122,
13335 OP_ROT : 123,
13336 OP_SWAP : 124,
13337 OP_TUCK : 125,
13338
13339 // splice ops
13340 OP_CAT : 126,
13341 OP_SUBSTR : 127,
13342 OP_LEFT : 128,
13343 OP_RIGHT : 129,
13344 OP_SIZE : 130,
13345
13346 // bit logic
13347 OP_INVERT : 131,
13348 OP_AND : 132,
13349 OP_OR : 133,
13350 OP_XOR : 134,
13351 OP_EQUAL : 135,
13352 OP_EQUALVERIFY : 136,
13353 OP_RESERVED1 : 137,
13354 OP_RESERVED2 : 138,
13355
13356 // numeric
13357 OP_1ADD : 139,
13358 OP_1SUB : 140,
13359 OP_2MUL : 141,
13360 OP_2DIV : 142,
13361 OP_NEGATE : 143,
13362 OP_ABS : 144,
13363 OP_NOT : 145,
13364 OP_0NOTEQUAL : 146,
13365
13366 OP_ADD : 147,
13367 OP_SUB : 148,
13368 OP_MUL : 149,
13369 OP_DIV : 150,
13370 OP_MOD : 151,
13371 OP_LSHIFT : 152,
13372 OP_RSHIFT : 153,
13373
13374 OP_BOOLAND : 154,
13375 OP_BOOLOR : 155,
13376 OP_NUMEQUAL : 156,
13377 OP_NUMEQUALVERIFY : 157,
13378 OP_NUMNOTEQUAL : 158,
13379 OP_LESSTHAN : 159,
13380 OP_GREATERTHAN : 160,
13381 OP_LESSTHANOREQUAL : 161,
13382 OP_GREATERTHANOREQUAL : 162,
13383 OP_MIN : 163,
13384 OP_MAX : 164,
13385
13386 OP_WITHIN : 165,
13387
13388 // crypto
13389 OP_RIPEMD160 : 166,
13390 OP_SHA1 : 167,
13391 OP_SHA256 : 168,
13392 OP_HASH160 : 169,
13393 OP_HASH256 : 170,
13394 OP_CODESEPARATOR : 171,
13395 OP_CHECKSIG : 172,
13396 OP_CHECKSIGVERIFY : 173,
13397 OP_CHECKMULTISIG : 174,
13398 OP_CHECKMULTISIGVERIFY : 175,
13399
13400 // expansion
13401 OP_NOP1 : 176,
13402 OP_NOP2 : 177,
13403 OP_NOP3 : 178,
13404 OP_NOP4 : 179,
13405 OP_NOP5 : 180,
13406 OP_NOP6 : 181,
13407 OP_NOP7 : 182,
13408 OP_NOP8 : 183,
13409 OP_NOP9 : 184,
13410 OP_NOP10 : 185,
13411
13412 // template matching params
13413 OP_PUBKEYHASH : 253,
13414 OP_PUBKEY : 254,
13415 OP_INVALIDOPCODE : 255
13416}
13417
13418},{}],83:[function(_dereq_,module,exports){
13419(function (Buffer){
13420var assert = _dereq_('assert')
13421var bufferutils = _dereq_('./bufferutils')
13422var crypto = _dereq_('./crypto')
13423var opcodes = _dereq_('./opcodes')
13424
13425function Script(buffer, chunks) {
13426 assert(Buffer.isBuffer(buffer), 'Expected Buffer, got ' + buffer)
13427 assert(Array.isArray(chunks), 'Expected Array, got ' + chunks)
13428
13429 this.buffer = buffer
13430 this.chunks = chunks
13431}
13432
13433// Import operations
13434Script.fromASM = function(asm) {
13435 var strChunks = asm.split(' ')
13436
13437 var chunks = strChunks.map(function(strChunk) {
13438 if (strChunk in opcodes) {
13439 return opcodes[strChunk]
13440
13441 } else {
13442 return new Buffer(strChunk, 'hex')
13443 }
13444 })
13445
13446 return Script.fromChunks(chunks)
13447}
13448
13449Script.fromBuffer = function(buffer) {
13450 var chunks = []
13451
13452 var i = 0
13453
13454 while (i < buffer.length) {
13455 var opcode = buffer.readUInt8(i)
13456
13457 if ((opcode > opcodes.OP_0) && (opcode <= opcodes.OP_PUSHDATA4)) {
13458 var d = bufferutils.readPushDataInt(buffer, i)
13459 i += d.size
13460
13461 var data = buffer.slice(i, i + d.number)
13462 i += d.number
13463
13464 chunks.push(data)
13465
13466 } else {
13467 chunks.push(opcode)
13468
13469 i += 1
13470 }
13471 }
13472
13473 return new Script(buffer, chunks)
13474}
13475
13476Script.fromChunks = function(chunks) {
13477 assert(Array.isArray(chunks), 'Expected Array, got ' + chunks)
13478
13479 var bufferSize = chunks.reduce(function(accum, chunk) {
13480 if (Buffer.isBuffer(chunk)) {
13481 return accum + bufferutils.pushDataSize(chunk.length) + chunk.length
13482 }
13483
13484 return accum + 1
13485 }, 0.0)
13486
13487 var buffer = new Buffer(bufferSize)
13488 var offset = 0
13489
13490 chunks.forEach(function(chunk) {
13491 if (Buffer.isBuffer(chunk)) {
13492 offset += bufferutils.writePushDataInt(buffer, chunk.length, offset)
13493
13494 chunk.copy(buffer, offset)
13495 offset += chunk.length
13496
13497 } else {
13498 buffer.writeUInt8(chunk, offset)
13499 offset += 1
13500 }
13501 })
13502
13503 assert.equal(offset, buffer.length, 'Could not decode chunks')
13504 return new Script(buffer, chunks)
13505}
13506
13507Script.fromHex = function(hex) {
13508 return Script.fromBuffer(new Buffer(hex, 'hex'))
13509}
13510
13511// Constants
13512Script.EMPTY = Script.fromChunks([])
13513
13514// Operations
13515Script.prototype.getHash = function() {
13516 return crypto.hash160(this.buffer)
13517}
13518
13519// FIXME: doesn't work for data chunks, maybe time to use buffertools.compare...
13520Script.prototype.without = function(needle) {
13521 return Script.fromChunks(this.chunks.filter(function(op) {
13522 return op !== needle
13523 }))
13524}
13525
13526// Export operations
13527var reverseOps = []
13528for (var op in opcodes) {
13529 var code = opcodes[op]
13530 reverseOps[code] = op
13531}
13532
13533Script.prototype.toASM = function() {
13534 return this.chunks.map(function(chunk) {
13535 if (Buffer.isBuffer(chunk)) {
13536 return chunk.toString('hex')
13537
13538 } else {
13539 return reverseOps[chunk]
13540 }
13541 }).join(' ')
13542}
13543
13544Script.prototype.toBuffer = function() {
13545 return this.buffer
13546}
13547
13548Script.prototype.toHex = function() {
13549 return this.toBuffer().toString('hex')
13550}
13551
13552module.exports = Script
13553
13554}).call(this,_dereq_("buffer").Buffer)
13555},{"./bufferutils":71,"./crypto":73,"./opcodes":82,"assert":4,"buffer":8}],84:[function(_dereq_,module,exports){
13556(function (Buffer){
13557var assert = _dereq_('assert')
13558var opcodes = _dereq_('./opcodes')
13559
13560// FIXME: use ECPubKey, currently the circular dependency breaks everything.
13561//
13562// Solutions:
13563// * Remove ECPubKey.getAddress
13564// - Minimal change, but likely unpopular
13565// * Move all script related functionality out of Address
13566// - Means a lot of changes to Transaction/Wallet
13567// * Ignore it (existing solution)
13568// * Some form of hackery with commonjs
13569//
13570var ecurve = _dereq_('ecurve')
13571var curve = ecurve.getCurveByName('secp256k1')
13572
13573var ECSignature = _dereq_('./ecsignature')
13574var Script = _dereq_('./script')
13575
13576function classifyOutput(script) {
13577 assert(script instanceof Script, 'Expected Script, got ', script)
13578
13579 if (isPubKeyHashOutput.call(script)) {
13580 return 'pubkeyhash'
13581 } else if (isScriptHashOutput.call(script)) {
13582 return 'scripthash'
13583 } else if (isMultisigOutput.call(script)) {
13584 return 'multisig'
13585 } else if (isPubKeyOutput.call(script)) {
13586 return 'pubkey'
13587 } else if (isNulldataOutput.call(script)) {
13588 return 'nulldata'
13589 } else {
13590 return 'nonstandard'
13591 }
13592}
13593
13594function classifyInput(script) {
13595 assert(script instanceof Script, 'Expected Script, got ', script)
13596
13597 if (isPubKeyHashInput.call(script)) {
13598 return 'pubkeyhash'
13599 } else if (isScriptHashInput.call(script)) {
13600 return 'scripthash'
13601 } else if (isMultisigInput.call(script)) {
13602 return 'multisig'
13603 } else if (isPubKeyInput.call(script)) {
13604 return 'pubkey'
13605 } else {
13606 return 'nonstandard'
13607 }
13608}
13609
13610function isCanonicalPubKey(buffer) {
13611 if (!Buffer.isBuffer(buffer)) return false
13612
13613 try {
13614 // FIXME: boo
13615 ecurve.Point.decodeFrom(curve, buffer)
13616 } catch (e) {
13617 if (!(e.message.match(/Invalid sequence (length|tag)/))) throw e
13618
13619 return false
13620 }
13621
13622 return true
13623}
13624
13625function isCanonicalSignature(buffer) {
13626 if (!Buffer.isBuffer(buffer)) return false
13627
13628 try {
13629 ECSignature.parseScriptSignature(buffer)
13630 } catch(e) {
13631 if (!(e.message.match(/Not a DER sequence|Invalid sequence length|Expected a DER integer|R length is zero|S length is zero|R value excessively padded|S value excessively padded|R value is negative|S value is negative|Invalid hashType/))) throw e
13632
13633 return false
13634 }
13635
13636 return true
13637}
13638
13639function isPubKeyHashInput() {
13640 return this.chunks.length === 2 &&
13641 isCanonicalSignature(this.chunks[0]) &&
13642 isCanonicalPubKey(this.chunks[1])
13643}
13644
13645function isPubKeyHashOutput() {
13646 return this.chunks.length === 5 &&
13647 this.chunks[0] === opcodes.OP_DUP &&
13648 this.chunks[1] === opcodes.OP_HASH160 &&
13649 Buffer.isBuffer(this.chunks[2]) &&
13650 this.chunks[2].length === 20 &&
13651 this.chunks[3] === opcodes.OP_EQUALVERIFY &&
13652 this.chunks[4] === opcodes.OP_CHECKSIG
13653}
13654
13655function isPubKeyInput() {
13656 return this.chunks.length === 1 &&
13657 isCanonicalSignature(this.chunks[0])
13658}
13659
13660function isPubKeyOutput() {
13661 return this.chunks.length === 2 &&
13662 isCanonicalPubKey(this.chunks[0]) &&
13663 this.chunks[1] === opcodes.OP_CHECKSIG
13664}
13665
13666function isScriptHashInput() {
13667 if (this.chunks.length < 2) return false
13668 var lastChunk = this.chunks[this.chunks.length - 1]
13669
13670 if (!Buffer.isBuffer(lastChunk)) return false
13671
13672 var scriptSig = Script.fromChunks(this.chunks.slice(0, -1))
13673 var scriptPubKey = Script.fromBuffer(lastChunk)
13674
13675 return classifyInput(scriptSig) === classifyOutput(scriptPubKey)
13676}
13677
13678function isScriptHashOutput() {
13679 return this.chunks.length === 3 &&
13680 this.chunks[0] === opcodes.OP_HASH160 &&
13681 Buffer.isBuffer(this.chunks[1]) &&
13682 this.chunks[1].length === 20 &&
13683 this.chunks[2] === opcodes.OP_EQUAL
13684}
13685
13686function isMultisigInput() {
13687 return this.chunks[0] === opcodes.OP_0 &&
13688 this.chunks.slice(1).every(isCanonicalSignature)
13689}
13690
13691function isMultisigOutput() {
13692 if (this.chunks < 4) return false
13693 if (this.chunks[this.chunks.length - 1] !== opcodes.OP_CHECKMULTISIG) return false
13694
13695 var mOp = this.chunks[0]
13696 if (mOp === opcodes.OP_0) return false
13697 if (mOp < opcodes.OP_1) return false
13698 if (mOp > opcodes.OP_16) return false
13699
13700 var nOp = this.chunks[this.chunks.length - 2]
13701 if (nOp === opcodes.OP_0) return false
13702 if (nOp < opcodes.OP_1) return false
13703 if (nOp > opcodes.OP_16) return false
13704
13705 var m = mOp - (opcodes.OP_1 - 1)
13706 var n = nOp - (opcodes.OP_1 - 1)
13707 if (n < m) return false
13708
13709 var pubKeys = this.chunks.slice(1, -2)
13710 if (n < pubKeys.length) return false
13711
13712 return pubKeys.every(isCanonicalPubKey)
13713}
13714
13715function isNulldataOutput() {
13716 return this.chunks[0] === opcodes.OP_RETURN
13717}
13718
13719// Standard Script Templates
13720// {pubKey} OP_CHECKSIG
13721function pubKeyOutput(pubKey) {
13722 return Script.fromChunks([
13723 pubKey.toBuffer(),
13724 opcodes.OP_CHECKSIG
13725 ])
13726}
13727
13728// OP_DUP OP_HASH160 {pubKeyHash} OP_EQUALVERIFY OP_CHECKSIG
13729function pubKeyHashOutput(hash) {
13730 assert(Buffer.isBuffer(hash), 'Expected Buffer, got ' + hash)
13731
13732 return Script.fromChunks([
13733 opcodes.OP_DUP,
13734 opcodes.OP_HASH160,
13735 hash,
13736 opcodes.OP_EQUALVERIFY,
13737 opcodes.OP_CHECKSIG
13738 ])
13739}
13740
13741// OP_HASH160 {scriptHash} OP_EQUAL
13742function scriptHashOutput(hash) {
13743 assert(Buffer.isBuffer(hash), 'Expected Buffer, got ' + hash)
13744
13745 return Script.fromChunks([
13746 opcodes.OP_HASH160,
13747 hash,
13748 opcodes.OP_EQUAL
13749 ])
13750}
13751
13752// m [pubKeys ...] n OP_CHECKMULTISIG
13753function multisigOutput(m, pubKeys) {
13754 assert(Array.isArray(pubKeys), 'Expected Array, got ' + pubKeys)
13755 assert(pubKeys.length >= m, 'Not enough pubKeys provided')
13756
13757 var pubKeyBuffers = pubKeys.map(function(pubKey) {
13758 return pubKey.toBuffer()
13759 })
13760 var n = pubKeys.length
13761
13762 return Script.fromChunks([].concat(
13763 (opcodes.OP_1 - 1) + m,
13764 pubKeyBuffers,
13765 (opcodes.OP_1 - 1) + n,
13766 opcodes.OP_CHECKMULTISIG
13767 ))
13768}
13769
13770// {signature}
13771function pubKeyInput(signature) {
13772 assert(Buffer.isBuffer(signature), 'Expected Buffer, got ' + signature)
13773
13774 return Script.fromChunks([signature])
13775}
13776
13777// {signature} {pubKey}
13778function pubKeyHashInput(signature, pubKey) {
13779 assert(Buffer.isBuffer(signature), 'Expected Buffer, got ' + signature)
13780
13781 return Script.fromChunks([signature, pubKey.toBuffer()])
13782}
13783
13784// <scriptSig> {serialized scriptPubKey script}
13785function scriptHashInput(scriptSig, scriptPubKey) {
13786 return Script.fromChunks([].concat(
13787 scriptSig.chunks,
13788 scriptPubKey.toBuffer()
13789 ))
13790}
13791
13792// OP_0 [signatures ...]
13793function multisigInput(signatures, scriptPubKey) {
13794 if (scriptPubKey) {
13795 assert(isMultisigOutput.call(scriptPubKey))
13796
13797 var m = scriptPubKey.chunks[0]
13798 var k = m - (opcodes.OP_1 - 1)
13799 assert(k <= signatures.length, 'Not enough signatures provided')
13800 }
13801
13802 return Script.fromChunks([].concat(opcodes.OP_0, signatures))
13803}
13804
13805module.exports = {
13806 classifyInput: classifyInput,
13807 classifyOutput: classifyOutput,
13808 multisigInput: multisigInput,
13809 multisigOutput: multisigOutput,
13810 pubKeyHashInput: pubKeyHashInput,
13811 pubKeyHashOutput: pubKeyHashOutput,
13812 pubKeyInput: pubKeyInput,
13813 pubKeyOutput: pubKeyOutput,
13814 scriptHashInput: scriptHashInput,
13815 scriptHashOutput: scriptHashOutput
13816}
13817
13818}).call(this,_dereq_("buffer").Buffer)
13819},{"./ecsignature":77,"./opcodes":82,"./script":83,"assert":4,"buffer":8,"ecurve":65}],85:[function(_dereq_,module,exports){
13820(function (Buffer){
13821var assert = _dereq_('assert')
13822var bufferutils = _dereq_('./bufferutils')
13823var crypto = _dereq_('./crypto')
13824var opcodes = _dereq_('./opcodes')
13825var scripts = _dereq_('./scripts')
13826
13827var Address = _dereq_('./address')
13828var ECKey = _dereq_('./eckey')
13829var ECSignature = _dereq_('./ecsignature')
13830var Script = _dereq_('./script')
13831
13832Transaction.DEFAULT_SEQUENCE = 0xffffffff
13833Transaction.SIGHASH_ALL = 0x01
13834Transaction.SIGHASH_NONE = 0x02
13835Transaction.SIGHASH_SINGLE = 0x03
13836Transaction.SIGHASH_ANYONECANPAY = 0x80
13837
13838function Transaction() {
13839 this.version = 1
13840 this.locktime = 0
13841 this.ins = []
13842 this.outs = []
13843}
13844
13845/**
13846 * Create a new txin.
13847 *
13848 * Can be called with any of:
13849 *
13850 * - A transaction and an index
13851 * - A transaction hash and an index
13852 *
13853 * Note that this method does not sign the created input.
13854 */
13855Transaction.prototype.addInput = function(tx, index, sequence) {
13856 if (sequence == undefined) sequence = Transaction.DEFAULT_SEQUENCE
13857
13858 var hash
13859
13860 if (typeof tx === 'string') {
13861 hash = new Buffer(tx, 'hex')
13862
13863 // TxId hex is big-endian, we need little-endian
13864 Array.prototype.reverse.call(hash)
13865
13866 } else if (tx instanceof Transaction) {
13867 hash = tx.getHash()
13868
13869 } else {
13870 hash = tx
13871 }
13872
13873 assert(Buffer.isBuffer(hash), 'Expected Transaction, txId or txHash, got ' + tx)
13874 assert.equal(hash.length, 32, 'Expected hash length of 32, got ' + hash.length)
13875 assert.equal(typeof index, 'number', 'Expected number index, got ' + index)
13876
13877 return (this.ins.push({
13878 hash: hash,
13879 index: index,
13880 script: Script.EMPTY,
13881 sequence: sequence
13882 }) - 1)
13883}
13884
13885/**
13886 * Create a new txout.
13887 *
13888 * Can be called with:
13889 *
13890 * - A base58 address string and a value
13891 * - An Address object and a value
13892 * - A scriptPubKey Script and a value
13893 */
13894Transaction.prototype.addOutput = function(scriptPubKey, value) {
13895 // Attempt to get a valid address if it's a base58 address string
13896 if (typeof scriptPubKey === 'string') {
13897 scriptPubKey = Address.fromBase58Check(scriptPubKey)
13898 }
13899
13900 // Attempt to get a valid script if it's an Address object
13901 if (scriptPubKey instanceof Address) {
13902 var address = scriptPubKey
13903
13904 scriptPubKey = address.toOutputScript()
13905 }
13906
13907 return (this.outs.push({
13908 script: scriptPubKey,
13909 value: value,
13910 }) - 1)
13911}
13912
13913Transaction.prototype.toBuffer = function () {
13914 var txInSize = this.ins.reduce(function(a, x) {
13915 return a + (40 + bufferutils.varIntSize(x.script.buffer.length) + x.script.buffer.length)
13916 }, 0)
13917
13918 var txOutSize = this.outs.reduce(function(a, x) {
13919 return a + (8 + bufferutils.varIntSize(x.script.buffer.length) + x.script.buffer.length)
13920 }, 0)
13921
13922 var buffer = new Buffer(
13923 8 +
13924 bufferutils.varIntSize(this.ins.length) +
13925 bufferutils.varIntSize(this.outs.length) +
13926 txInSize +
13927 txOutSize
13928 )
13929
13930 var offset = 0
13931 function writeSlice(slice) {
13932 slice.copy(buffer, offset)
13933 offset += slice.length
13934 }
13935 function writeUInt32(i) {
13936 buffer.writeUInt32LE(i, offset)
13937 offset += 4
13938 }
13939 function writeUInt64(i) {
13940 bufferutils.writeUInt64LE(buffer, i, offset)
13941 offset += 8
13942 }
13943 function writeVarInt(i) {
13944 var n = bufferutils.writeVarInt(buffer, i, offset)
13945 offset += n
13946 }
13947
13948 writeUInt32(this.version)
13949 writeVarInt(this.ins.length)
13950
13951 this.ins.forEach(function(txin) {
13952 writeSlice(txin.hash)
13953 writeUInt32(txin.index)
13954 writeVarInt(txin.script.buffer.length)
13955 writeSlice(txin.script.buffer)
13956 writeUInt32(txin.sequence)
13957 })
13958
13959 writeVarInt(this.outs.length)
13960 this.outs.forEach(function(txout) {
13961 writeUInt64(txout.value)
13962 writeVarInt(txout.script.buffer.length)
13963 writeSlice(txout.script.buffer)
13964 })
13965
13966 writeUInt32(this.locktime)
13967
13968 return buffer
13969}
13970
13971Transaction.prototype.toHex = function() {
13972 return this.toBuffer().toString('hex')
13973}
13974
13975/**
13976 * Hash transaction for signing a specific input.
13977 *
13978 * Bitcoin uses a different hash for each signed transaction input. This
13979 * method copies the transaction, makes the necessary changes based on the
13980 * hashType, serializes and finally hashes the result. This hash can then be
13981 * used to sign the transaction input in question.
13982 */
13983Transaction.prototype.hashForSignature = function(prevOutScript, inIndex, hashType) {
13984 assert(inIndex >= 0, 'Invalid vin index')
13985 assert(inIndex < this.ins.length, 'Invalid vin index')
13986 assert(prevOutScript instanceof Script, 'Invalid Script object')
13987
13988 var txTmp = this.clone()
13989 var hashScript = prevOutScript.without(opcodes.OP_CODESEPARATOR)
13990
13991 // Blank out other inputs' signatures
13992 txTmp.ins.forEach(function(txin) {
13993 txin.script = Script.EMPTY
13994 })
13995 txTmp.ins[inIndex].script = hashScript
13996
13997 var hashTypeModifier = hashType & 0x1f
13998 if (hashTypeModifier === Transaction.SIGHASH_NONE) {
13999 assert(false, 'SIGHASH_NONE not yet supported')
14000
14001 } else if (hashTypeModifier === Transaction.SIGHASH_SINGLE) {
14002 assert(false, 'SIGHASH_SINGLE not yet supported')
14003
14004 }
14005
14006 if (hashType & Transaction.SIGHASH_ANYONECANPAY) {
14007 assert(false, 'SIGHASH_ANYONECANPAY not yet supported')
14008 }
14009
14010 var hashTypeBuffer = new Buffer(4)
14011 hashTypeBuffer.writeInt32LE(hashType, 0)
14012
14013 var buffer = Buffer.concat([txTmp.toBuffer(), hashTypeBuffer])
14014 return crypto.hash256(buffer)
14015}
14016
14017Transaction.prototype.getHash = function () {
14018 return crypto.hash256(this.toBuffer())
14019}
14020
14021Transaction.prototype.getId = function () {
14022 var buffer = this.getHash()
14023
14024 // Big-endian is used for TxHash
14025 Array.prototype.reverse.call(buffer)
14026
14027 return buffer.toString('hex')
14028}
14029
14030Transaction.prototype.clone = function () {
14031 var newTx = new Transaction()
14032 newTx.version = this.version
14033 newTx.locktime = this.locktime
14034
14035 newTx.ins = this.ins.map(function(txin) {
14036 return {
14037 hash: txin.hash,
14038 index: txin.index,
14039 script: txin.script,
14040 sequence: txin.sequence
14041 }
14042 })
14043
14044 newTx.outs = this.outs.map(function(txout) {
14045 return {
14046 script: txout.script,
14047 value: txout.value
14048 }
14049 })
14050
14051 return newTx
14052}
14053
14054Transaction.fromBuffer = function(buffer) {
14055 var offset = 0
14056 function readSlice(n) {
14057 offset += n
14058 return buffer.slice(offset - n, offset)
14059 }
14060 function readUInt32() {
14061 var i = buffer.readUInt32LE(offset)
14062 offset += 4
14063 return i
14064 }
14065 function readUInt64() {
14066 var i = bufferutils.readUInt64LE(buffer, offset)
14067 offset += 8
14068 return i
14069 }
14070 function readVarInt() {
14071 var vi = bufferutils.readVarInt(buffer, offset)
14072 offset += vi.size
14073 return vi.number
14074 }
14075
14076 var tx = new Transaction()
14077 tx.version = readUInt32()
14078
14079 var vinLen = readVarInt()
14080 for (var i = 0; i < vinLen; ++i) {
14081 var hash = readSlice(32)
14082 var vout = readUInt32()
14083 var scriptLen = readVarInt()
14084 var script = readSlice(scriptLen)
14085 var sequence = readUInt32()
14086
14087 tx.ins.push({
14088 hash: hash,
14089 index: vout,
14090 script: Script.fromBuffer(script),
14091 sequence: sequence
14092 })
14093 }
14094
14095 var voutLen = readVarInt()
14096 for (i = 0; i < voutLen; ++i) {
14097 var value = readUInt64()
14098 var scriptLen = readVarInt()
14099 var script = readSlice(scriptLen)
14100
14101 tx.outs.push({
14102 value: value,
14103 script: Script.fromBuffer(script)
14104 })
14105 }
14106
14107 tx.locktime = readUInt32()
14108 assert.equal(offset, buffer.length, 'Transaction has unexpected data')
14109
14110 return tx
14111}
14112
14113Transaction.fromHex = function(hex) {
14114 return Transaction.fromBuffer(new Buffer(hex, 'hex'))
14115}
14116
14117/**
14118 * Signs a pubKeyHash output at some index with the given key
14119 */
14120Transaction.prototype.sign = function(index, privKey, hashType) {
14121 var prevOutScript = privKey.pub.getAddress().toOutputScript()
14122 var signature = this.signInput(index, prevOutScript, privKey, hashType)
14123
14124 // FIXME: Assumed prior TX was pay-to-pubkey-hash
14125 var scriptSig = scripts.pubKeyHashInput(signature, privKey.pub)
14126 this.setInputScript(index, scriptSig)
14127}
14128
14129Transaction.prototype.signInput = function(index, prevOutScript, privKey, hashType) {
14130 hashType = hashType || Transaction.SIGHASH_ALL
14131
14132 var hash = this.hashForSignature(prevOutScript, index, hashType)
14133 var signature = privKey.sign(hash)
14134
14135 return signature.toScriptSignature(hashType)
14136}
14137
14138Transaction.prototype.setInputScript = function(index, script) {
14139 this.ins[index].script = script
14140}
14141
14142// FIXME: could be validateInput(index, prevTxOut, pub)
14143Transaction.prototype.validateInput = function(index, prevOutScript, pubKey, buffer) {
14144 var parsed = ECSignature.parseScriptSignature(buffer)
14145 var hash = this.hashForSignature(prevOutScript, index, parsed.hashType)
14146
14147 return pubKey.verify(hash, parsed.signature)
14148}
14149
14150module.exports = Transaction
14151
14152}).call(this,_dereq_("buffer").Buffer)
14153},{"./address":69,"./bufferutils":71,"./crypto":73,"./eckey":75,"./ecsignature":77,"./opcodes":82,"./script":83,"./scripts":84,"assert":4,"buffer":8}],86:[function(_dereq_,module,exports){
14154(function (Buffer){
14155var assert = _dereq_('assert')
14156var networks = _dereq_('./networks')
14157var rng = _dereq_('secure-random')
14158
14159var Address = _dereq_('./address')
14160var HDNode = _dereq_('./hdnode')
14161var Transaction = _dereq_('./transaction')
14162
14163function Wallet(seed, network) {
14164 network = network || networks.bitcoin
14165
14166 // Stored in a closure to make accidental serialization less likely
14167 var masterkey = null
14168 var me = this
14169 var accountZero = null
14170 var internalAccount = null
14171 var externalAccount = null
14172
14173 // Addresses
14174 this.addresses = []
14175 this.changeAddresses = []
14176
14177 // Transaction output data
14178 this.outputs = {}
14179
14180 // Make a new master key
14181 this.newMasterKey = function(seed) {
14182 seed = seed || new Buffer(rng(32))
14183 masterkey = HDNode.fromSeedBuffer(seed, network)
14184
14185 // HD first-level child derivation method should be hardened
14186 // See https://bitcointalk.org/index.php?topic=405179.msg4415254#msg4415254
14187 accountZero = masterkey.deriveHardened(0)
14188 externalAccount = accountZero.derive(0)
14189 internalAccount = accountZero.derive(1)
14190
14191 me.addresses = []
14192 me.changeAddresses = []
14193
14194 me.outputs = {}
14195 }
14196
14197 this.newMasterKey(seed)
14198
14199 this.generateAddress = function() {
14200 var key = externalAccount.derive(this.addresses.length)
14201 this.addresses.push(key.getAddress().toString())
14202 return this.addresses[this.addresses.length - 1]
14203 }
14204
14205 this.generateChangeAddress = function() {
14206 var key = internalAccount.derive(this.changeAddresses.length)
14207 this.changeAddresses.push(key.getAddress().toString())
14208 return this.changeAddresses[this.changeAddresses.length - 1]
14209 }
14210
14211 this.getBalance = function() {
14212 return this.getUnspentOutputs().reduce(function(memo, output){
14213 return memo + output.value
14214 }, 0)
14215 }
14216
14217 this.getUnspentOutputs = function() {
14218 var utxo = []
14219
14220 for(var key in this.outputs){
14221 var output = this.outputs[key]
14222 if(!output.to) utxo.push(outputToUnspentOutput(output))
14223 }
14224
14225 return utxo
14226 }
14227
14228 this.setUnspentOutputs = function(utxo) {
14229 var outputs = {}
14230
14231 utxo.forEach(function(uo){
14232 validateUnspentOutput(uo)
14233 var o = unspentOutputToOutput(uo)
14234 outputs[o.from] = o
14235 })
14236
14237 this.outputs = outputs
14238 }
14239
14240 function outputToUnspentOutput(output){
14241 var hashAndIndex = output.from.split(":")
14242
14243 return {
14244 hash: hashAndIndex[0],
14245 outputIndex: parseInt(hashAndIndex[1]),
14246 address: output.address,
14247 value: output.value,
14248 pending: output.pending
14249 }
14250 }
14251
14252 function unspentOutputToOutput(o) {
14253 var hash = o.hash
14254 var key = hash + ":" + o.outputIndex
14255 return {
14256 from: key,
14257 address: o.address,
14258 value: o.value,
14259 pending: o.pending
14260 }
14261 }
14262
14263 function validateUnspentOutput(uo) {
14264 var missingField
14265
14266 if (isNullOrUndefined(uo.hash)) {
14267 missingField = "hash"
14268 }
14269
14270 var requiredKeys = ['outputIndex', 'address', 'value']
14271 requiredKeys.forEach(function (key) {
14272 if (isNullOrUndefined(uo[key])){
14273 missingField = key
14274 }
14275 })
14276
14277 if (missingField) {
14278 var message = [
14279 'Invalid unspent output: key', missingField, 'is missing.',
14280 'A valid unspent output must contain'
14281 ]
14282 message.push(requiredKeys.join(', '))
14283 message.push("and hash")
14284 throw new Error(message.join(' '))
14285 }
14286 }
14287
14288 function isNullOrUndefined(value) {
14289 return value == undefined
14290 }
14291
14292 this.processPendingTx = function(tx){
14293 processTx(tx, true)
14294 }
14295
14296 this.processConfirmedTx = function(tx){
14297 processTx(tx, false)
14298 }
14299
14300 function processTx(tx, isPending) {
14301 var txid = tx.getId()
14302
14303 tx.outs.forEach(function(txOut, i) {
14304 var address
14305
14306 try {
14307 address = Address.fromOutputScript(txOut.script, network).toString()
14308 } catch(e) {
14309 if (!(e.message.match(/has no matching Address/))) throw e
14310 }
14311
14312 if (isMyAddress(address)) {
14313 var output = txid + ':' + i
14314
14315 me.outputs[output] = {
14316 from: output,
14317 value: txOut.value,
14318 address: address,
14319 pending: isPending
14320 }
14321 }
14322 })
14323
14324 tx.ins.forEach(function(txIn, i) {
14325 // copy and convert to big-endian hex
14326 var txinId = new Buffer(txIn.hash)
14327 Array.prototype.reverse.call(txinId)
14328 txinId = txinId.toString('hex')
14329
14330 var output = txinId + ':' + txIn.index
14331
14332 if (!(output in me.outputs)) return
14333
14334 if (isPending) {
14335 me.outputs[output].to = txid + ':' + i
14336 me.outputs[output].pending = true
14337 } else {
14338 delete me.outputs[output]
14339 }
14340 })
14341 }
14342
14343 this.createTx = function(to, value, fixedFee, changeAddress) {
14344 assert(value > network.dustThreshold, value + ' must be above dust threshold (' + network.dustThreshold + ' Satoshis)')
14345
14346 var utxos = getCandidateOutputs(value)
14347 var accum = 0
14348 var subTotal = value
14349 var addresses = []
14350
14351 var tx = new Transaction()
14352 tx.addOutput(to, value)
14353
14354 for (var i = 0; i < utxos.length; ++i) {
14355 var utxo = utxos[i]
14356 addresses.push(utxo.address)
14357
14358 var outpoint = utxo.from.split(':')
14359 tx.addInput(outpoint[0], parseInt(outpoint[1]))
14360
14361 var fee = fixedFee == undefined ? estimateFeePadChangeOutput(tx) : fixedFee
14362
14363 accum += utxo.value
14364 subTotal = value + fee
14365 if (accum >= subTotal) {
14366 var change = accum - subTotal
14367
14368 if (change > network.dustThreshold) {
14369 tx.addOutput(changeAddress || getChangeAddress(), change)
14370 }
14371
14372 break
14373 }
14374 }
14375
14376 assert(accum >= subTotal, 'Not enough funds (incl. fee): ' + accum + ' < ' + subTotal)
14377
14378 this.signWith(tx, addresses)
14379 return tx
14380 }
14381
14382 function getCandidateOutputs() {
14383 var unspent = []
14384
14385 for (var key in me.outputs) {
14386 var output = me.outputs[key]
14387 if (!output.pending) unspent.push(output)
14388 }
14389
14390 var sortByValueDesc = unspent.sort(function(o1, o2){
14391 return o2.value - o1.value
14392 })
14393
14394 return sortByValueDesc
14395 }
14396
14397 function estimateFeePadChangeOutput(tx) {
14398 var tmpTx = tx.clone()
14399 tmpTx.addOutput(getChangeAddress(), network.dustSoftThreshold || 0)
14400
14401 return network.estimateFee(tmpTx)
14402 }
14403
14404 function getChangeAddress() {
14405 if(me.changeAddresses.length === 0) me.generateChangeAddress();
14406 return me.changeAddresses[me.changeAddresses.length - 1]
14407 }
14408
14409 this.signWith = function(tx, addresses) {
14410 assert.equal(tx.ins.length, addresses.length, 'Number of addresses must match number of transaction inputs')
14411
14412 addresses.forEach(function(address, i) {
14413 var key = me.getPrivateKeyForAddress(address)
14414
14415 tx.sign(i, key)
14416 })
14417
14418 return tx
14419 }
14420
14421 this.getMasterKey = function() { return masterkey }
14422 this.getAccountZero = function() { return accountZero }
14423 this.getInternalAccount = function() { return internalAccount }
14424 this.getExternalAccount = function() { return externalAccount }
14425
14426 this.getPrivateKey = function(index) {
14427 return externalAccount.derive(index).privKey
14428 }
14429
14430 this.getInternalPrivateKey = function(index) {
14431 return internalAccount.derive(index).privKey
14432 }
14433
14434 this.getPrivateKeyForAddress = function(address) {
14435 var index
14436 if((index = this.addresses.indexOf(address)) > -1) {
14437 return this.getPrivateKey(index)
14438 } else if((index = this.changeAddresses.indexOf(address)) > -1) {
14439 return this.getInternalPrivateKey(index)
14440 } else {
14441 throw new Error('Unknown address. Make sure the address is from the keychain and has been generated.')
14442 }
14443 }
14444
14445 function isReceiveAddress(address){
14446 return me.addresses.indexOf(address) > -1
14447 }
14448
14449 function isChangeAddress(address){
14450 return me.changeAddresses.indexOf(address) > -1
14451 }
14452
14453 function isMyAddress(address) {
14454 return isReceiveAddress(address) || isChangeAddress(address)
14455 }
14456}
14457
14458module.exports = Wallet
14459
14460}).call(this,_dereq_("buffer").Buffer)
14461},{"./address":69,"./hdnode":78,"./networks":81,"./transaction":85,"assert":4,"buffer":8,"secure-random":68}]},{},[79])
14462(79)
14463});
diff --git a/src/js/index.js b/src/js/index.js
new file mode 100644
index 0000000..161f91f
--- /dev/null
+++ b/src/js/index.js
@@ -0,0 +1,337 @@
1(function() {
2
3 var mnemonic = new Mnemonic("english");
4 var bip32RootKey = null;
5 var bip32ExtendedKey = null;
6 var network = Bitcoin.networks.bitcoin;
7 var addressRowTemplate = $("#address-row-template");
8
9 var phraseChangeTimeoutEvent = null;
10
11 var DOM = {};
12 DOM.phrase = $(".phrase");
13 DOM.generate = $(".generate");
14 DOM.rootKey = $(".root-key");
15 DOM.extendedPrivKey = $(".extended-priv-key");
16 DOM.extendedPubKey = $(".extended-pub-key");
17 DOM.bip32path = $("#bip32-path");
18 DOM.bip44path = $("#bip44-path");
19 DOM.bip44purpose = $("#bip44 .purpose");
20 DOM.bip44coin = $("#bip44 .coin");
21 DOM.bip44account = $("#bip44 .account");
22 DOM.bip44change = $("#bip44 .change");
23 DOM.strength = $(".strength");
24 DOM.addresses = $(".addresses");
25 DOM.rowsToAdd = $(".rows-to-add");
26 DOM.more = $(".more");
27 DOM.feedback = $(".feedback");
28 DOM.tab = $(".derivation-type a");
29 DOM.indexToggle = $(".index-toggle");
30 DOM.addressToggle = $(".address-toggle");
31 DOM.privateKeyToggle = $(".private-key-toggle");
32
33 var derivationPath = DOM.bip44path.val();
34
35 function init() {
36 // Events
37 DOM.phrase.on("keyup", delayedPhraseChanged);
38 DOM.generate.on("click", generateClicked);
39 DOM.more.on("click", showMore);
40 DOM.bip32path.on("keyup", bip32Changed);
41 DOM.bip44purpose.on("keyup", bip44Changed);
42 DOM.bip44coin.on("keyup", bip44Changed);
43 DOM.bip44account.on("keyup", bip44Changed);
44 DOM.bip44change.on("keyup", bip44Changed);
45 DOM.tab.on("click", tabClicked);
46 DOM.indexToggle.on("click", toggleIndexes);
47 DOM.addressToggle.on("click", toggleAddresses);
48 DOM.privateKeyToggle.on("click", togglePrivateKeys);
49 disableForms();
50 hidePending();
51 hideValidationError();
52 }
53
54 // Event handlers
55
56 function delayedPhraseChanged() {
57 hideValidationError();
58 showPending();
59 if (phraseChangeTimeoutEvent != null) {
60 clearTimeout(phraseChangeTimeoutEvent);
61 }
62 phraseChangeTimeoutEvent = setTimeout(phraseChanged, 400);
63 }
64
65 function phraseChanged() {
66 showPending();
67 hideValidationError();
68 // Get the mnemonic phrase
69 var phrase = DOM.phrase.val();
70 var errorText = findPhraseErrors(phrase);
71 if (errorText) {
72 showValidationError(errorText);
73 return;
74 }
75 // Get the derivation path
76 var errorText = findDerivationPathErrors();
77 if (errorText) {
78 showValidationError(errorText);
79 return;
80 }
81 // Calculate and display
82 calcBip32Seed(phrase, derivationPath);
83 displayBip32Info();
84 hidePending();
85 }
86
87 function generateClicked() {
88 clearDisplay();
89 showPending();
90 setTimeout(function() {
91 var phrase = generateRandomPhrase();
92 if (!phrase) {
93 return;
94 }
95 phraseChanged();
96 }, 50);
97 }
98
99 function tabClicked(e) {
100 var activePath = $(e.target.getAttribute("href") + " .path");
101 derivationPath = activePath.val();
102 derivationChanged();
103 }
104
105 function derivationChanged() {
106 delayedPhraseChanged();
107 }
108
109 function bip32Changed() {
110 derivationPath = DOM.bip32path.val();
111 derivationChanged();
112 }
113
114 function bip44Changed() {
115 setBip44DerivationPath();
116 derivationPath = DOM.bip44path.val();
117 derivationChanged();
118 }
119
120 function toggleIndexes() {
121 $("td.index span").toggleClass("invisible");
122 }
123
124 function toggleAddresses() {
125 $("td.address span").toggleClass("invisible");
126 }
127
128 function togglePrivateKeys() {
129 $("td.privkey span").toggleClass("invisible");
130 }
131
132 // Private methods
133
134 function generateRandomPhrase() {
135 if (!hasStrongRandom()) {
136 var errorText = "This browser does not support strong randomness";
137 showValidationError(errorText);
138 return;
139 }
140 var numWords = parseInt(DOM.strength.val());
141 // Check strength is an integer
142 if (isNaN(numWords)) {
143 DOM.strength.val("12");
144 numWords = 12;
145 }
146 // Check strength is a multiple of 32, if not round it down
147 if (numWords % 3 != 0) {
148 numWords = Math.floor(numWords / 3) * 3;
149 DOM.strength.val(numWords);
150 }
151 // Check strength is at least 32
152 if (numWords == 0) {
153 numWords = 3;
154 DOM.strength.val(numWords);
155 }
156 var strength = numWords / 3 * 32;
157 var words = mnemonic.generate(strength);
158 DOM.phrase.val(words);
159 return words;
160 }
161
162 function calcBip32Seed(phrase, path) {
163 var seed = mnemonic.toSeed(phrase);
164 var seedHash = Bitcoin.crypto.sha256(seed).toString("hex");
165 bip32RootKey = Bitcoin.HDNode.fromSeedHex(seedHash, network);
166 bip32ExtendedKey = bip32RootKey;
167 // Derive the key from the path
168 var pathBits = path.split("/");
169 for (var i=0; i<pathBits.length; i++) {
170 var bit = pathBits[i];
171 var index = parseInt(bit);
172 if (isNaN(index)) {
173 continue;
174 }
175 var hardened = bit[bit.length-1] == "'";
176 if (hardened) {
177 bip32ExtendedKey = bip32ExtendedKey.deriveHardened(index);
178 }
179 else {
180 bip32ExtendedKey = bip32ExtendedKey.derive(index);
181 }
182 }
183 }
184
185 function showValidationError(errorText) {
186 DOM.feedback
187 .text(errorText)
188 .show();
189 }
190
191 function hideValidationError() {
192 DOM.feedback
193 .text("")
194 .hide();
195 }
196
197 function findPhraseErrors(phrase) {
198 // TODO make this right
199 // Preprocess the words
200 var parts = phrase.split(" ");
201 var proper = [];
202 for (var i=0; i<parts.length; i++) {
203 var part = parts[i];
204 if (part.length > 0) {
205 // TODO check that lowercasing is always valid to do
206 proper.push(part.toLowerCase());
207 }
208 }
209 // TODO some levenstein on the words
210 var properPhrase = proper.join(' ');
211 // Check the words are valid
212 var isValid = mnemonic.check(properPhrase);
213 if (!isValid) {
214 return "Invalid mnemonic";
215 }
216 return false;
217 }
218
219 function findDerivationPathErrors(path) {
220 // TODO
221 return false;
222 }
223
224 function displayBip32Info() {
225 // Display the key
226 var rootKey = bip32RootKey.toBase58();
227 DOM.rootKey.val(rootKey);
228 var extendedPrivKey = bip32ExtendedKey.toBase58();
229 DOM.extendedPrivKey.val(extendedPrivKey);
230 var extendedPubKey = bip32ExtendedKey.toBase58(false);
231 DOM.extendedPubKey.val(extendedPubKey);
232 // Display the addresses and privkeys
233 clearAddressesList();
234 displayAddresses(0, 20);
235 }
236
237 function displayAddresses(start, total) {
238 for (var i=0; i<total; i++) {
239 var index = i+ start;
240 var key = bip32ExtendedKey.derive(index);
241 var address = key.getAddress().toString();
242 var privkey = key.privKey.toWIF();
243 addAddressToList(index, address, privkey);
244 }
245 }
246
247 function showMore() {
248 var start = DOM.addresses.children().length;
249 var rowsToAdd = parseInt(DOM.rowsToAdd.val());
250 if (isNaN(rowsToAdd)) {
251 rowsToAdd = 20;
252 DOM.rowsToAdd.val("20");
253 }
254 if (rowsToAdd > 200) {
255 var msg = "Generating " + rowsToAdd + " rows could take a while. ";
256 msg += "Do you want to continue?";
257 if (!confirm(msg)) {
258 return;
259 }
260 }
261 showPending();
262 setTimeout(function() {
263 displayAddresses(start, rowsToAdd);
264 hidePending();
265 }, 50);
266 }
267
268 function clearDisplay() {
269 clearAddressesList();
270 clearKey();
271 hideValidationError();
272 }
273
274 function clearAddressesList() {
275 DOM.addresses.empty();
276 }
277
278 function clearKey() {
279 DOM.rootKey.val("");
280 DOM.extendedPrivKey.val("");
281 DOM.extendedPubKey.val("");
282 }
283
284 function addAddressToList(index, address, privkey) {
285 var row = $(addressRowTemplate.html());
286 row.find(".index span").text(index);
287 row.find(".address span").text(address);
288 row.find(".privkey span").text(privkey);
289 DOM.addresses.append(row);
290 }
291
292 function hasStrongRandom() {
293 return 'crypto' in window && window['crypto'] !== null;
294 }
295
296 function disableForms() {
297 $("form").on("submit", function(e) {
298 e.preventDefault();
299 });
300 }
301
302 function setBip44DerivationPath() {
303 var purpose = parseIntNoNaN(DOM.bip44purpose.val(), 44);
304 var coin = parseIntNoNaN(DOM.bip44coin.val(), 0);
305 var account = parseIntNoNaN(DOM.bip44account.val(), 0);
306 var change = parseIntNoNaN(DOM.bip44change.val(), 0);
307 var path = "m/";
308 path += purpose + "'/";
309 path += coin + "'/";
310 path += account + "'/";
311 path += change;
312 DOM.bip44path.val(path);
313 }
314
315 function parseIntNoNaN(val, defaultVal) {
316 var v = parseInt(val);
317 if (isNaN(v)) {
318 return defaultVal;
319 }
320 return v;
321 }
322
323 function showPending() {
324 DOM.feedback
325 .text("Calculating...")
326 .show();
327 }
328
329 function hidePending() {
330 DOM.feedback
331 .text("")
332 .hide();
333 }
334
335 init();
336
337})();
diff --git a/src/js/jsbip39.js b/src/js/jsbip39.js
new file mode 100644
index 0000000..d0ac3ae
--- /dev/null
+++ b/src/js/jsbip39.js
@@ -0,0 +1,386 @@
1/*
2 * Copyright (c) 2013 Pavol Rusnak
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining a copy of
5 * this software and associated documentation files (the "Software"), to deal in
6 * the Software without restriction, including without limitation the rights to
7 * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
8 * of the Software, and to permit persons to whom the Software is furnished to do
9 * so, subject to the following conditions:
10 *
11 * The above copyright notice and this permission notice shall be included in all
12 * copies or substantial portions of the Software.
13 *
14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
18 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
19 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20 */
21
22/*
23 * Javascript port from python by Ian Coleman
24 *
25 * Includes code from asmCrypto
26 * https://github.com/tresorit/asmcrypto.js
27 */
28
29var Mnemonic = function(language) {
30
31 var PBKDF2_ROUNDS = 2048;
32 var RADIX = 2048;
33
34 var self = this;
35 var wordlist = [];
36
37 function init() {
38 wordlist = WORDLISTS[language];
39 if (wordlist.length != RADIX) {
40 err = 'Wordlist should contain ' + RADIX + ' words, but it contains ' + wordlist.length + ' words.';
41 throw err;
42 }
43 }
44
45 self.generate = function(strength) {
46 strength = strength || 128;
47 var r = strength % 32;
48 if (r > 0) {
49 throw 'Strength should be divisible by 32, but it is not (' + r + ').';
50 }
51 var hasStrongCrypto = 'crypto' in window && window['crypto'] !== null;
52 if (!hasStrongCrypto) {
53 throw 'Mnemonic should be generated with strong randomness, but crypto.getRandomValues is unavailable';
54 }
55 var buffer = new Uint8Array(strength / 8);
56 var data = crypto.getRandomValues(buffer);
57 return self.toMnemonic(data);
58 }
59
60 self.toMnemonic = function(data) {
61 if (data.length % 4 > 0) {
62 throw 'Data length in bits should be divisible by 32, but it is not (' + data.length + ' bytes = ' + data.length*8 + ' bits).'
63 }
64
65 //h = hashlib.sha256(data).hexdigest()
66 var uintArray = new Uint8Array(data);
67 var h = asmCrypto.SHA256.bytes(uintArray);
68
69 // b is a binary string, eg '00111010101100...'
70 //b = bin(int(binascii.hexlify(data), 16))[2:].zfill(len(data) * 8) + \
71 // bin(int(h, 16))[2:].zfill(256)[:len(data) * 8 / 32]
72 //
73 // a = bin(int(binascii.hexlify(data), 16))[2:].zfill(len(data) * 8)
74 // c = bin(int(h, 16))[2:].zfill(256)
75 // d = c[:len(data) * 8 / 32]
76 var a = byteArrayToBinaryString(data);
77 var c = byteArrayToBinaryString(h);
78 var d = c.substring(0, data.length * 8 / 32);
79 // b = line1 + line2
80 var b = a + d;
81
82 var result = [];
83 var blen = b.length / 11;
84 for (var i=0; i<blen; i++) {
85 var idx = parseInt(b.substring(i * 11, (i + 1) * 11), 2);
86 result.push(wordlist[idx]);
87 }
88 return result.join(' ');
89 }
90
91 self.check = function(mnemonic) {
92 var mnemonic = mnemonic.split(' ')
93 if (mnemonic.length % 3 > 0) {
94 return false
95 }
96 // idx = map(lambda x: bin(self.wordlist.index(x))[2:].zfill(11), mnemonic)
97 var idx = [];
98 for (var i=0; i<mnemonic.length; i++) {
99 var word = mnemonic[i];
100 var wordIndex = wordlist.indexOf(word);
101 if (wordIndex == -1) {
102 return false;
103 }
104 var binaryIndex = zfill(wordIndex.toString(2), 11);
105 idx.push(binaryIndex);
106 }
107 var b = idx.join('');
108 var l = b.length;
109 //d = b[:l / 33 * 32]
110 //h = b[-l / 33:]
111 var d = b.substring(0, l / 33 * 32);
112 var h = b.substring(l - l / 33, l);
113 //nd = binascii.unhexlify(hex(int(d, 2))[2:].rstrip('L').zfill(l / 33 * 8))
114 //nh = bin(int(hashlib.sha256(nd).hexdigest(), 16))[2:].zfill(256)[:l / 33]
115 var nd = binaryStringToByteArray(d);
116 var ndHash = asmCrypto.SHA256.bytes(nd);
117 var ndBstr = zfill(byteArrayToBinaryString(ndHash), 256);
118 var nh = ndBstr.substring(0,l/33);
119 return h == nh;
120 }
121
122 self.toSeed = function(mnemonic, passphrase) {
123 passphrase = passphrase || '';
124 mnemonic = normalizeString(mnemonic)
125 passphrase = normalizeString(passphrase)
126 passphrase = "mnemonic" + passphrase;
127 //return PBKDF2(mnemonic, 'mnemonic' + passphrase, iterations=PBKDF2_ROUNDS, macmodule=hmac, digestmodule=hashlib.sha512).read(64)
128 return asmCrypto.PBKDF2_HMAC_SHA512.hex(mnemonic, passphrase, PBKDF2_ROUNDS, 512/8);
129 }
130
131 function normalizeString(str) {
132 if (typeof str.normalize == "function") {
133 return str.normalize("NFKD");
134 }
135 else {
136 // TODO find a library to do this
137 // Not supported on firefox mobile
138 console.warn("NFKD Normalization is unavailable");
139 return str;
140 }
141 }
142
143 function byteArrayToBinaryString(data) {
144 var bin = "";
145 for (var i=0; i<data.length; i++) {
146 bin += zfill(data[i].toString(2), 8);
147 }
148 return bin;
149 }
150
151 function binaryStringToByteArray(str) {
152 var arrayLen = str.length / 8;
153 var array = new Uint8Array(arrayLen);
154 for (var i=0; i<arrayLen; i++) {
155 var valueStr = str.substring(0,8);
156 var value = parseInt(valueStr, 2);
157 array[i] = value;
158 str = str.slice(8);
159 }
160 return array;
161 }
162
163 // Pad a numeric string on the left with zero digits until the given width
164 // is reached.
165 // Note this differs to the python implementation because it does not
166 // handle numbers starting with a sign.
167 function zfill(source, length) {
168 source = source.toString();
169 while (source.length < length) {
170 source = '0' + source;
171 }
172 return source;
173 }
174
175 init();
176
177}
178
179WORDLISTS = {
180"english": [
181"abandon","ability","able","about","above","absent","absorb","abstract","absurd","abuse",
182"access","accident","account","accuse","achieve","acid","acoustic","acquire","across","act",
183"action","actor","actress","actual","adapt","add","addict","address","adjust","admit",
184"adult","advance","advice","aerobic","affair","afford","afraid","again","age","agent",
185"agree","ahead","aim","air","airport","aisle","alarm","album","alcohol","alert",
186"alien","all","alley","allow","almost","alone","alpha","already","also","alter",
187"always","amateur","amazing","among","amount","amused","analyst","anchor","ancient","anger",
188"angle","angry","animal","ankle","announce","annual","another","answer","antenna","antique",
189"anxiety","any","apart","apology","appear","apple","approve","april","arch","arctic",
190"area","arena","argue","arm","armed","armor","army","around","arrange","arrest",
191"arrive","arrow","art","artefact","artist","artwork","ask","aspect","assault","asset",
192"assist","assume","asthma","athlete","atom","attack","attend","attitude","attract","auction",
193"audit","august","aunt","author","auto","autumn","average","avocado","avoid","awake",
194"aware","away","awesome","awful","awkward","axis","baby","bachelor","bacon","badge",
195"bag","balance","balcony","ball","bamboo","banana","banner","bar","barely","bargain",
196"barrel","base","basic","basket","battle","beach","bean","beauty","because","become",
197"beef","before","begin","behave","behind","believe","below","belt","bench","benefit",
198"best","betray","better","between","beyond","bicycle","bid","bike","bind","biology",
199"bird","birth","bitter","black","blade","blame","blanket","blast","bleak","bless",
200"blind","blood","blossom","blouse","blue","blur","blush","board","boat","body",
201"boil","bomb","bone","bonus","book","boost","border","boring","borrow","boss",
202"bottom","bounce","box","boy","bracket","brain","brand","brass","brave","bread",
203"breeze","brick","bridge","brief","bright","bring","brisk","broccoli","broken","bronze",
204"broom","brother","brown","brush","bubble","buddy","budget","buffalo","build","bulb",
205"bulk","bullet","bundle","bunker","burden","burger","burst","bus","business","busy",
206"butter","buyer","buzz","cabbage","cabin","cable","cactus","cage","cake","call",
207"calm","camera","camp","can","canal","cancel","candy","cannon","canoe","canvas",
208"canyon","capable","capital","captain","car","carbon","card","cargo","carpet","carry",
209"cart","case","cash","casino","castle","casual","cat","catalog","catch","category",
210"cattle","caught","cause","caution","cave","ceiling","celery","cement","census","century",
211"cereal","certain","chair","chalk","champion","change","chaos","chapter","charge","chase",
212"chat","cheap","check","cheese","chef","cherry","chest","chicken","chief","child",
213"chimney","choice","choose","chronic","chuckle","chunk","churn","cigar","cinnamon","circle",
214"citizen","city","civil","claim","clap","clarify","claw","clay","clean","clerk",
215"clever","click","client","cliff","climb","clinic","clip","clock","clog","close",
216"cloth","cloud","clown","club","clump","cluster","clutch","coach","coast","coconut",
217"code","coffee","coil","coin","collect","color","column","combine","come","comfort",
218"comic","common","company","concert","conduct","confirm","congress","connect","consider","control",
219"convince","cook","cool","copper","copy","coral","core","corn","correct","cost",
220"cotton","couch","country","couple","course","cousin","cover","coyote","crack","cradle",
221"craft","cram","crane","crash","crater","crawl","crazy","cream","credit","creek",
222"crew","cricket","crime","crisp","critic","crop","cross","crouch","crowd","crucial",
223"cruel","cruise","crumble","crunch","crush","cry","crystal","cube","culture","cup",
224"cupboard","curious","current","curtain","curve","cushion","custom","cute","cycle","dad",
225"damage","damp","dance","danger","daring","dash","daughter","dawn","day","deal",
226"debate","debris","decade","december","decide","decline","decorate","decrease","deer","defense",
227"define","defy","degree","delay","deliver","demand","demise","denial","dentist","deny",
228"depart","depend","deposit","depth","deputy","derive","describe","desert","design","desk",
229"despair","destroy","detail","detect","develop","device","devote","diagram","dial","diamond",
230"diary","dice","diesel","diet","differ","digital","dignity","dilemma","dinner","dinosaur",
231"direct","dirt","disagree","discover","disease","dish","dismiss","disorder","display","distance",
232"divert","divide","divorce","dizzy","doctor","document","dog","doll","dolphin","domain",
233"donate","donkey","donor","door","dose","double","dove","draft","dragon","drama",
234"drastic","draw","dream","dress","drift","drill","drink","drip","drive","drop",
235"drum","dry","duck","dumb","dune","during","dust","dutch","duty","dwarf",
236"dynamic","eager","eagle","early","earn","earth","easily","east","easy","echo",
237"ecology","economy","edge","edit","educate","effort","egg","eight","either","elbow",
238"elder","electric","elegant","element","elephant","elevator","elite","else","embark","embody",
239"embrace","emerge","emotion","employ","empower","empty","enable","enact","end","endless",
240"endorse","enemy","energy","enforce","engage","engine","enhance","enjoy","enlist","enough",
241"enrich","enroll","ensure","enter","entire","entry","envelope","episode","equal","equip",
242"era","erase","erode","erosion","error","erupt","escape","essay","essence","estate",
243"eternal","ethics","evidence","evil","evoke","evolve","exact","example","excess","exchange",
244"excite","exclude","excuse","execute","exercise","exhaust","exhibit","exile","exist","exit",
245"exotic","expand","expect","expire","explain","expose","express","extend","extra","eye",
246"eyebrow","fabric","face","faculty","fade","faint","faith","fall","false","fame",
247"family","famous","fan","fancy","fantasy","farm","fashion","fat","fatal","father",
248"fatigue","fault","favorite","feature","february","federal","fee","feed","feel","female",
249"fence","festival","fetch","fever","few","fiber","fiction","field","figure","file",
250"film","filter","final","find","fine","finger","finish","fire","firm","first",
251"fiscal","fish","fit","fitness","fix","flag","flame","flash","flat","flavor",
252"flee","flight","flip","float","flock","floor","flower","fluid","flush","fly",
253"foam","focus","fog","foil","fold","follow","food","foot","force","forest",
254"forget","fork","fortune","forum","forward","fossil","foster","found","fox","fragile",
255"frame","frequent","fresh","friend","fringe","frog","front","frost","frown","frozen",
256"fruit","fuel","fun","funny","furnace","fury","future","gadget","gain","galaxy",
257"gallery","game","gap","garage","garbage","garden","garlic","garment","gas","gasp",
258"gate","gather","gauge","gaze","general","genius","genre","gentle","genuine","gesture",
259"ghost","giant","gift","giggle","ginger","giraffe","girl","give","glad","glance",
260"glare","glass","glide","glimpse","globe","gloom","glory","glove","glow","glue",
261"goat","goddess","gold","good","goose","gorilla","gospel","gossip","govern","gown",
262"grab","grace","grain","grant","grape","grass","gravity","great","green","grid",
263"grief","grit","grocery","group","grow","grunt","guard","guess","guide","guilt",
264"guitar","gun","gym","habit","hair","half","hammer","hamster","hand","happy",
265"harbor","hard","harsh","harvest","hat","have","hawk","hazard","head","health",
266"heart","heavy","hedgehog","height","hello","helmet","help","hen","hero","hidden",
267"high","hill","hint","hip","hire","history","hobby","hockey","hold","hole",
268"holiday","hollow","home","honey","hood","hope","horn","horror","horse","hospital",
269"host","hotel","hour","hover","hub","huge","human","humble","humor","hundred",
270"hungry","hunt","hurdle","hurry","hurt","husband","hybrid","ice","icon","idea",
271"identify","idle","ignore","ill","illegal","illness","image","imitate","immense","immune",
272"impact","impose","improve","impulse","inch","include","income","increase","index","indicate",
273"indoor","industry","infant","inflict","inform","inhale","inherit","initial","inject","injury",
274"inmate","inner","innocent","input","inquiry","insane","insect","inside","inspire","install",
275"intact","interest","into","invest","invite","involve","iron","island","isolate","issue",
276"item","ivory","jacket","jaguar","jar","jazz","jealous","jeans","jelly","jewel",
277"job","join","joke","journey","joy","judge","juice","jump","jungle","junior",
278"junk","just","kangaroo","keen","keep","ketchup","key","kick","kid","kidney",
279"kind","kingdom","kiss","kit","kitchen","kite","kitten","kiwi","knee","knife",
280"knock","know","lab","label","labor","ladder","lady","lake","lamp","language",
281"laptop","large","later","latin","laugh","laundry","lava","law","lawn","lawsuit",
282"layer","lazy","leader","leaf","learn","leave","lecture","left","leg","legal",
283"legend","leisure","lemon","lend","length","lens","leopard","lesson","letter","level",
284"liar","liberty","library","license","life","lift","light","like","limb","limit",
285"link","lion","liquid","list","little","live","lizard","load","loan","lobster",
286"local","lock","logic","lonely","long","loop","lottery","loud","lounge","love",
287"loyal","lucky","luggage","lumber","lunar","lunch","luxury","lyrics","machine","mad",
288"magic","magnet","maid","mail","main","major","make","mammal","man","manage",
289"mandate","mango","mansion","manual","maple","marble","march","margin","marine","market",
290"marriage","mask","mass","master","match","material","math","matrix","matter","maximum",
291"maze","meadow","mean","measure","meat","mechanic","medal","media","melody","melt",
292"member","memory","mention","menu","mercy","merge","merit","merry","mesh","message",
293"metal","method","middle","midnight","milk","million","mimic","mind","minimum","minor",
294"minute","miracle","mirror","misery","miss","mistake","mix","mixed","mixture","mobile",
295"model","modify","mom","moment","monitor","monkey","monster","month","moon","moral",
296"more","morning","mosquito","mother","motion","motor","mountain","mouse","move","movie",
297"much","muffin","mule","multiply","muscle","museum","mushroom","music","must","mutual",
298"myself","mystery","myth","naive","name","napkin","narrow","nasty","nation","nature",
299"near","neck","need","negative","neglect","neither","nephew","nerve","nest","net",
300"network","neutral","never","news","next","nice","night","noble","noise","nominee",
301"noodle","normal","north","nose","notable","note","nothing","notice","novel","now",
302"nuclear","number","nurse","nut","oak","obey","object","oblige","obscure","observe",
303"obtain","obvious","occur","ocean","october","odor","off","offer","office","often",
304"oil","okay","old","olive","olympic","omit","once","one","onion","online",
305"only","open","opera","opinion","oppose","option","orange","orbit","orchard","order",
306"ordinary","organ","orient","original","orphan","ostrich","other","outdoor","outer","output",
307"outside","oval","oven","over","own","owner","oxygen","oyster","ozone","pact",
308"paddle","page","pair","palace","palm","panda","panel","panic","panther","paper",
309"parade","parent","park","parrot","party","pass","patch","path","patient","patrol",
310"pattern","pause","pave","payment","peace","peanut","pear","peasant","pelican","pen",
311"penalty","pencil","people","pepper","perfect","permit","person","pet","phone","photo",
312"phrase","physical","piano","picnic","picture","piece","pig","pigeon","pill","pilot",
313"pink","pioneer","pipe","pistol","pitch","pizza","place","planet","plastic","plate",
314"play","please","pledge","pluck","plug","plunge","poem","poet","point","polar",
315"pole","police","pond","pony","pool","popular","portion","position","possible","post",
316"potato","pottery","poverty","powder","power","practice","praise","predict","prefer","prepare",
317"present","pretty","prevent","price","pride","primary","print","priority","prison","private",
318"prize","problem","process","produce","profit","program","project","promote","proof","property",
319"prosper","protect","proud","provide","public","pudding","pull","pulp","pulse","pumpkin",
320"punch","pupil","puppy","purchase","purity","purpose","purse","push","put","puzzle",
321"pyramid","quality","quantum","quarter","question","quick","quit","quiz","quote","rabbit",
322"raccoon","race","rack","radar","radio","rail","rain","raise","rally","ramp",
323"ranch","random","range","rapid","rare","rate","rather","raven","raw","razor",
324"ready","real","reason","rebel","rebuild","recall","receive","recipe","record","recycle",
325"reduce","reflect","reform","refuse","region","regret","regular","reject","relax","release",
326"relief","rely","remain","remember","remind","remove","render","renew","rent","reopen",
327"repair","repeat","replace","report","require","rescue","resemble","resist","resource","response",
328"result","retire","retreat","return","reunion","reveal","review","reward","rhythm","rib",
329"ribbon","rice","rich","ride","ridge","rifle","right","rigid","ring","riot",
330"ripple","risk","ritual","rival","river","road","roast","robot","robust","rocket",
331"romance","roof","rookie","room","rose","rotate","rough","round","route","royal",
332"rubber","rude","rug","rule","run","runway","rural","sad","saddle","sadness",
333"safe","sail","salad","salmon","salon","salt","salute","same","sample","sand",
334"satisfy","satoshi","sauce","sausage","save","say","scale","scan","scare","scatter",
335"scene","scheme","school","science","scissors","scorpion","scout","scrap","screen","script",
336"scrub","sea","search","season","seat","second","secret","section","security","seed",
337"seek","segment","select","sell","seminar","senior","sense","sentence","series","service",
338"session","settle","setup","seven","shadow","shaft","shallow","share","shed","shell",
339"sheriff","shield","shift","shine","ship","shiver","shock","shoe","shoot","shop",
340"short","shoulder","shove","shrimp","shrug","shuffle","shy","sibling","sick","side",
341"siege","sight","sign","silent","silk","silly","silver","similar","simple","since",
342"sing","siren","sister","situate","six","size","skate","sketch","ski","skill",
343"skin","skirt","skull","slab","slam","sleep","slender","slice","slide","slight",
344"slim","slogan","slot","slow","slush","small","smart","smile","smoke","smooth",
345"snack","snake","snap","sniff","snow","soap","soccer","social","sock","soda",
346"soft","solar","soldier","solid","solution","solve","someone","song","soon","sorry",
347"sort","soul","sound","soup","source","south","space","spare","spatial","spawn",
348"speak","special","speed","spell","spend","sphere","spice","spider","spike","spin",
349"spirit","split","spoil","sponsor","spoon","sport","spot","spray","spread","spring",
350"spy","square","squeeze","squirrel","stable","stadium","staff","stage","stairs","stamp",
351"stand","start","state","stay","steak","steel","stem","step","stereo","stick",
352"still","sting","stock","stomach","stone","stool","story","stove","strategy","street",
353"strike","strong","struggle","student","stuff","stumble","style","subject","submit","subway",
354"success","such","sudden","suffer","sugar","suggest","suit","summer","sun","sunny",
355"sunset","super","supply","supreme","sure","surface","surge","surprise","surround","survey",
356"suspect","sustain","swallow","swamp","swap","swarm","swear","sweet","swift","swim",
357"swing","switch","sword","symbol","symptom","syrup","system","table","tackle","tag",
358"tail","talent","talk","tank","tape","target","task","taste","tattoo","taxi",
359"teach","team","tell","ten","tenant","tennis","tent","term","test","text",
360"thank","that","theme","then","theory","there","they","thing","this","thought",
361"three","thrive","throw","thumb","thunder","ticket","tide","tiger","tilt","timber",
362"time","tiny","tip","tired","tissue","title","toast","tobacco","today","toddler",
363"toe","together","toilet","token","tomato","tomorrow","tone","tongue","tonight","tool",
364"tooth","top","topic","topple","torch","tornado","tortoise","toss","total","tourist",
365"toward","tower","town","toy","track","trade","traffic","tragic","train","transfer",
366"trap","trash","travel","tray","treat","tree","trend","trial","tribe","trick",
367"trigger","trim","trip","trophy","trouble","truck","true","truly","trumpet","trust",
368"truth","try","tube","tuition","tumble","tuna","tunnel","turkey","turn","turtle",
369"twelve","twenty","twice","twin","twist","two","type","typical","ugly","umbrella",
370"unable","unaware","uncle","uncover","under","undo","unfair","unfold","unhappy","uniform",
371"unique","unit","universe","unknown","unlock","until","unusual","unveil","update","upgrade",
372"uphold","upon","upper","upset","urban","urge","usage","use","used","useful",
373"useless","usual","utility","vacant","vacuum","vague","valid","valley","valve","van",
374"vanish","vapor","various","vast","vault","vehicle","velvet","vendor","venture","venue",
375"verb","verify","version","very","vessel","veteran","viable","vibrant","vicious","victory",
376"video","view","village","vintage","violin","virtual","virus","visa","visit","visual",
377"vital","vivid","vocal","voice","void","volcano","volume","vote","voyage","wage",
378"wagon","wait","walk","wall","walnut","want","warfare","warm","warrior","wash",
379"wasp","waste","water","wave","way","wealth","weapon","wear","weasel","weather",
380"web","wedding","weekend","weird","welcome","west","wet","whale","what","wheat",
381"wheel","when","where","whip","whisper","wide","width","wife","wild","will",
382"win","window","wine","wing","wink","winner","winter","wire","wisdom","wise",
383"wish","witness","wolf","woman","wonder","wood","wool","word","work","world",
384"worry","worth","wrap","wreck","wrestle","wrist","write","wrong","yard","year",
385"yellow","you","young","youth","zebra","zero","zone","zoo"]
386};